Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:server_preparation [2019/02/19 12:43] urbanl Upraven tomcat.service - přidáno umístění PID file |
tutorial:adm:server_preparation [2020/03/10 10:14] fiserp [Apache Tomcat configuration] |
||
---|---|---|---|
Line 23: | Line 23: | ||
yum update -y | yum update -y | ||
# other recommended packages installation | # other recommended packages installation | ||
- | yum install -y net-tools nano wget mc vim-enhanced screen sysstat bzip2 ssmtp bash-completion lsof haveged nmap zip unzip psmisc telnet | + | yum install -y net-tools nano wget mc vim-enhanced screen sysstat bzip2 ssmtp bash-completion lsof haveged nmap zip unzip psmisc telnet |
# enable haveged after OS start | # enable haveged after OS start | ||
systemctl start haveged.service | systemctl start haveged.service | ||
Line 45: | Line 45: | ||
===== PostgreSQL ===== | ===== PostgreSQL ===== | ||
<note tip>If you are install CzechIdM on Sql server, please follow [[tutorial: | <note tip>If you are install CzechIdM on Sql server, please follow [[tutorial: | ||
- | CentOS7 default repository version of PostgreSQL is 9.2. In our tutorial, we will install newer version 9.6. Moreover, we install database data into /data not /var/lib which is the default option. | + | CentOS7 default repository version of PostgreSQL is 9.2 but IdM not support that version. In our tutorial, we will install newer version 9.6. Moreover, we install database data into /data not /var/lib which is the default option. |
==== Database server installation - CentOS7 ==== | ==== Database server installation - CentOS7 ==== | ||
* Software installation (versions can vary): | * Software installation (versions can vary): | ||
Line 197: | Line 197: | ||
< | < | ||
+ | |||
===== Java - CentOS7 ===== | ===== Java - CentOS7 ===== | ||
Line 436: | Line 437: | ||
=== Rotating Tomcat logs === | === Rotating Tomcat logs === | ||
- | Default Tomcat logger appneds to the logfile, it is therefore safe to use simple '' | + | Default Tomcat logger appneds to the logfile, it is therefore safe to use simple '' |
<file txt tomcat> | <file txt tomcat> | ||
/ | / | ||
- | rotate | + | rotate |
daily | daily | ||
dateext | dateext | ||
Line 465: | Line 466: | ||
Please note that on Debian, the log is not rotate during the first day, but after the second day. | Please note that on Debian, the log is not rotate during the first day, but after the second day. | ||
+ | |||
====== Apache httpd as a reverse proxy ====== | ====== Apache httpd as a reverse proxy ====== | ||
Line 530: | Line 532: | ||
< | < | ||
| | ||
- | | + | |
</ | </ | ||
</ | </ | ||
Line 555: | Line 557: | ||
To do so, add following lines to the virtualhost config file (ssl.conf): | To do so, add following lines to the virtualhost config file (ssl.conf): | ||
< | < | ||
- | | + | RewriteEngine On |
- | RewriteRule " | + | RewriteRule " |
</ | </ | ||
- | In the file ssl.conf we also have to disable SSLv3. Edit the line with SSLProtocol directive: | + | We also have to secure the communication. **Edit** corresponding lines in '' |
< | < | ||
- | SSLProtocol all -SSLv2 -SSLv3 | + | SSLProtocol all -SSLv2 -SSLv3 |
+ | SSLCipherSuite ALL: | ||
+ | SSLHonorCipherOrder on | ||
</ | </ | ||
+ | < | ||
On Debian, create symlinks to sites-enabled: | On Debian, create symlinks to sites-enabled: | ||
Line 629: | Line 634: | ||
# These break Certificate Authority module | # These break Certificate Authority module | ||
< | < | ||
+ | SecRuleRemoveById 960915 | ||
+ | SecRuleRemoveById 200003 | ||
+ | </ | ||
+ | |||
+ | # Modsec can throw false positives on some files due to multipart boundary check | ||
+ | < | ||
SecRuleRemoveById 960915 | SecRuleRemoveById 960915 | ||
SecRuleRemoveById 200003 | SecRuleRemoveById 200003 | ||
Line 711: | Line 722: | ||
AddOutputFilterByType DEFLATE text/plain | AddOutputFilterByType DEFLATE text/plain | ||
AddOutputFilterByType DEFLATE text/xml | AddOutputFilterByType DEFLATE text/xml | ||
+ | AddOutputFilterByType DEFLATE application/ | ||
+ | AddOutputFilterByType DEFLATE application/ | ||
# Remove browser bugs (only needed for really old browsers) | # Remove browser bugs (only needed for really old browsers) | ||
Line 787: | Line 800: | ||
} | } | ||
</ | </ | ||
+ |