Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:czechidm_installation_win [2020/10/21 08:55]
fiserp [Create CzechIdM configuration] 		tutorial:adm:czechidm_installation_win [2021/01/21 11:46]
kasalr [Configure environment properties. Select application profile]
Line 22: Line 22:
 Use the pgAdmin or PSQL to test the database connection under the ''czechidm'' user. Use the pgAdmin or PSQL to test the database connection under the ''czechidm'' user.
 ==== JDBC driver installation ==== ==== JDBC driver installation ====
-Download the PostgreSQL JDBC driver from the [[https://jdbc.postgresql.org/download.html|this URL]] and move it to the ''C:\Program Files\Apache Software Foundation\Tomcat 8.5\lib\'' directory.+Download the newest PostgreSQL JDBC driver( version 42.2.6 and newer) from the [[https://jdbc.postgresql.org/download.html|this URL]] and move it to the ''C:\Program Files\Apache Software Foundation\Tomcat 8.5\lib\'' directory.
 ==== Configure environment properties. Select application profile ==== ==== Configure environment properties. Select application profile ====
 Run the **Monitor Tomcat** application from the Start menu. Configure following settings: Run the **Monitor Tomcat** application from the Start menu. Configure following settings:
-  * Add ''C:\CzechIdM\etc;C:\CzechIdM\lib;C:\CzechIdM\lib\\*;'' to the **beginning of the** ''CLASSPATH''. If you followed the [[tutorial:adm:server_preparation_win|]] guide, this should already be in place.+  * Add ''C:\CzechIdM\etc;C:\CzechIdM\lib;C:\CzechIdM\lib<nowiki>\*</nowiki>;'' to the **beginning of the** ''CLASSPATH''. If you followed the [[tutorial:adm:server_preparation_win|]] guide, this should already be in place.
   * Add ''-Dspring.profiles.active=production'' to the ''Java options''.   * Add ''-Dspring.profiles.active=production'' to the ''Java options''.
- +  * Add ''-Djava.security.egd=file:/dev/urandom'' to the ''Java options''.
-=== Change Tomat logging properties === +
- +
-In order to set-up log rotation we need stop logging to stdout and start logging to catalina.log . +
- +
-Make these changes in file ''C:\Program Files\Apache Software Foundation\Tomcat 8.5\conf\logging.properties''+
-Comment out console handler. We don't want tomcat to log to stdout or stderr. +
-<code> +
-handlers = 1catalina.org.apache.juli.AsyncFileHandler, 2localhost.org.apache.juli.AsyncFileHandler, 3manager.org.apache.juli.AsyncFileHandler, 4host-manager.org.apache.juli.AsyncFileHandler +
-#handlers =  java.util.logging.ConsoleHandler +
- +
-.handlers = 1catalina.org.apache.juli.AsyncFileHandler +
-#.handlers = java.util.logging.ConsoleHandler, +
- +
-#java.util.logging.ConsoleHandler.level = FINE +
-#java.util.logging.ConsoleHandler.formatter = org.apache.juli.OneLineFormatter +
-</code> +
-In 1catalina file handler change log level to "INFO" and prefix from "catalina" to "tomcat". Also set property rotable to "false". Tomcat write to this file only when starting or shutting down. +
-<code> +
-#1catalina.org.apache.juli.AsyncFileHandler.level = FINE +
-#1catalina.org.apache.juli.AsyncFileHandler.prefix = catalina. +
-1catalina.org.apache.juli.AsyncFileHandler.level = INFO +
-1catalina.org.apache.juli.AsyncFileHandler.directory = ${catalina.base}/logs +
-1catalina.org.apache.juli.AsyncFileHandler.prefix = tomcat +
-1catalina.org.apache.juli.AsyncFileHandler.rotatable = false +
-1catalina.org.apache.juli.AsyncFileHandler.suffix = .log +
-</code> +
  
 ==== Create CzechIdM configuration folders ==== ==== Create CzechIdM configuration folders ====
Line 77: Line 50:
 openssl genrsa -out fakecert.key openssl genrsa -out fakecert.key
 # if the following command fails, remove the parameter -subj and supply the values interactively # if the following command fails, remove the parameter -subj and supply the values interactively
-openssl req -new -key fakecert.key -out fakecert.csr -subj "/C=CZ/ST=Czech Republic/L=Prague/O=BCV/CN=CzechIdM placeholder cert"+openssl req -new -key fakecert.key -out fakecert.csr -subj "//C=CZ\ST=Czech Republic\L=Prague\O=BCV\CN=CzechIdM placeholder cert"
 openssl x509 -req -in fakecert.csr -signkey fakecert.key -days 1 -sha256 -out fakecert.crt openssl x509 -req -in fakecert.csr -signkey fakecert.key -days 1 -sha256 -out fakecert.crt
 keytool -importcert -file fakecert.crt -alias placeholder-cert -keystore truststore.jks keytool -importcert -file fakecert.crt -alias placeholder-cert -keystore truststore.jks
Line 95: Line 68:
 Now we will create configuration files the CzechIdM will use. Now we will create configuration files the CzechIdM will use.
 <note>Code snippets in this chapter can be **mostly** copy-pasted or (but please read through whole chapter to be aware of setting you have to adjust). Configuring the CzechIdM is about altering four or five lines altogether.</note> <note>Code snippets in this chapter can be **mostly** copy-pasted or (but please read through whole chapter to be aware of setting you have to adjust). Configuring the CzechIdM is about altering four or five lines altogether.</note>
-  * The **C:\CzechIdM\etc\secret.key** is a file with confidential storage secret key. This key has to have 128 bit (= 16 bytes) or 256 bit (= 32 bytes), length of the key determines the cipher which will be used: AES-128, or AES-256 respectively. Creation of the **secret.key** is a bit tricky (because Windows). Open the Git Bash, run the **vim** editor and type the key into the file. Then check its format.<code>+  * The **C:\CzechIdM\etc\secret.key** is a file with confidential storage secret key. This key has to have 128 bit (= 16 bytes). Creation of the **secret.key** is a bit tricky (because Windows). Open the Git Bash, run the **vim** editor and type the key into the file. Then check its format.<code>
 cd /c/czechidm/etc cd /c/czechidm/etc
 # start the vim editor # start the vim editor
 vim secret.key vim secret.key
 # press "i" to switch to input mode # press "i" to switch to input mode
-# type the 16 or 32 characters of the secret key+# type the 16 characters of the secret key
 # press ESC to switch to command mode # press ESC to switch to command mode
 # type :wq # type :wq
 # press ENTER # press ENTER
 # now you should see that secret.key file has been created, check its contents # now you should see that secret.key file has been created, check its contents
-# the file should be EXACTLY 17 or 33 BYTES LONG, 16 or 32 bytes for your key and the last byte "0a"+# the file should be EXACTLY 17 BYTES LONG, 16 bytes for your key and the last byte "0a"
 xxd -p secret.key xxd -p secret.key
 ... hex dump here ... text dump here ... ... hex dump here ... text dump here ...
Line 131: Line 104:
         <include resource="org/springframework/boot/logging/logback/defaults.xml"/>         <include resource="org/springframework/boot/logging/logback/defaults.xml"/>
         <springProfile name="production">         <springProfile name="production">
-                <logger name="eu.bcvsolutions" level="INFO"/>+         
 +                <springProperty name="spring.datasource.driver-class-name" source="spring.datasource.driver-class-name"/> 
 +                <springProperty name="spring.datasource.url" source="spring.datasource.url"/> 
 +                <springProperty name="spring.datasource.username" source="spring.datasource.username"/> 
 +                <springProperty name="spring.datasource.password" source="spring.datasource.password"/> 
 +  
 +                <appender name="DB" class="ch.qos.logback.classic.db.DBAppender"> 
 +                    <connectionSource class="ch.qos.logback.core.db.DriverManagerConnectionSource"> 
 +                      <driverClass>${spring.datasource.driver-class-name}</driverClass> 
 +                      <url>${spring.datasource.url}</url> 
 +                      <user>${spring.datasource.username}</user> 
 +                      <password>${spring.datasource.password}</password> 
 +                    </connectionSource> 
 +                </appender> 
 +  
 +                <appender name="DB_ASYNC" class="ch.qos.logback.classic.AsyncAppender"> 
 +                <appender-ref ref="DB" /> 
 +                     <includeCallerData>true</includeCallerData> 
 +                </appender> 
 +  
 +                <logger name="eu.bcvsolutions" level="INFO"> 
 +                     <appender-ref ref="DB_ASYNC" /> 
 +                </logger> 
 +        
                 <logger name="org.springframework" level="INFO"/>                 <logger name="org.springframework" level="INFO"/>
                 <logger name="org.springframework.web" level="INFO"/>                 <logger name="org.springframework.web" level="INFO"/>
                 <logger name="org.hibernate.SQL" level="INFO"/>                 <logger name="org.hibernate.SQL" level="INFO"/>
                 <logger name="org.hibernate.type.descriptor.sql.BasicBinder" level="INFO"/>                 <logger name="org.hibernate.type.descriptor.sql.BasicBinder" level="INFO"/>
-                <appender name="idm" class="ch.qos.logback.core.rolling.RollingFileAppender"> +
-                        <encoder> +
-                                <pattern> +
-                                         %d{yyyy-MM-dd HH:mm:ss.SSS} %5level %relative --- [%thread] %logger{36}.%M : %msg%n +
-                                </pattern> +
-                        </encoder> +
-                        <file>logs/catalina.log</file> +
-                        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> +
-                                <fileNamePattern>logs/catalina.%d{yyyy-MM-dd}.log</fileNamePattern> +
-                                <maxHistory>90</maxHistory> +
-                        </rollingPolicy> +
-                </appender>      +
-                <root level="INFO"> +
-                        <appender-ref ref="idm"/> +
-                </root>+
         </springProfile>         </springProfile>
 </configuration> </configuration>
  • by fiserp