Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:server_preparation_tmp [2020/03/10 10:00] urbanl [Instalation and software configuration] |
tutorial:adm:server_preparation_tmp [2020/03/12 09:31] urbanl [nginx as reverse proxy] |
||
---|---|---|---|
Line 45: | Line 45: | ||
</ | </ | ||
+ | -!CHANGED | ||
When installing to centos8, check and install these packages: | When installing to centos8, check and install these packages: | ||
< | < | ||
Line 50: | Line 51: | ||
yum list installed | yum list installed | ||
# other recommended packages installation | # other recommended packages installation | ||
- | yum install -y mc haveged nmap screen sysstat telnet | + | yum install -y mc haveged nmap screen sysstat telnet |
</ | </ | ||
Line 57: | Line 58: | ||
screen dnsutils sysstat lsof haveged nmap tcpdump traceroute tcptraceroute curl iptables-persistent | screen dnsutils sysstat lsof haveged nmap tcpdump traceroute tcptraceroute curl iptables-persistent | ||
</ | </ | ||
- | ===== PostgreSQL ===== | + | ===== PostgreSQL |
<note tip>If you are install CzechIdM on Sql server, please follow [[tutorial: | <note tip>If you are install CzechIdM on Sql server, please follow [[tutorial: | ||
- | CentOS7 | + | CentOS8 |
- | ==== Database server installation - CentOS7 | + | ==== Database server installation - CentOS8 -!CHANGED |
- | * Software installation (versions can vary): | + | * Software installation |
<code bash> | <code bash> | ||
- | yum install -y https:// | + | # enable module postgres 12 |
- | yum install -y postgresql96-server | + | yum module enable postgresql:12 |
+ | yum install -y postgresql-server | ||
</ | </ | ||
+ | |||
* create new system directory: | * create new system directory: | ||
- | < | + | |
- | mkdir -p / | + | < |
+ | mkdir -p / | ||
+ | mkdir -p / | ||
chown -R postgres: | chown -R postgres: | ||
chmod 700 /data/pgsql | chmod 700 /data/pgsql | ||
</ | </ | ||
+ | |||
* Copy of the configuration file for systemd, in which we will make change of directory for data: | * Copy of the configuration file for systemd, in which we will make change of directory for data: | ||
+ | |||
<code bash> | <code bash> | ||
- | cp / | + | cp / |
</ | </ | ||
- | In the file ''/ | + | |
+ | In the file ''/ | ||
< | < | ||
# Location of database directory | # Location of database directory | ||
- | Environment=PGDATA=/ | + | Environment=PGDATA=/ |
</ | </ | ||
Line 85: | Line 94: | ||
< | < | ||
- | PGDATA=/ | + | PGDATA=/ |
</ | </ | ||
Line 99: | Line 108: | ||
<code bash> | <code bash> | ||
- | /usr/pgsql-9.6/bin/postgresql96-setup initdb | + | /usr/bin/postgresql-setup |
</ | </ | ||
+ | Change SELINUX labels: | ||
+ | < | ||
+ | chcon -Rt postgresql_db_t pgsql/ | ||
+ | chcon -Rt postgresql_log_t / | ||
+ | </ | ||
* Enable and start database: | * Enable and start database: | ||
<code bash> | <code bash> | ||
- | systemctl start postgresql-9.6.service | + | systemctl start postgresql.service |
- | systemctl enable postgresql-9.6.service | + | systemctl enable postgresql.service |
</ | </ | ||
Line 114: | Line 127: | ||
<code bash> | <code bash> | ||
- | [root@tomcat1 system]# systemctl status postgresql-9.6.service -l | + | [root@HOSTNAME data]# systemctl status postgresql.service -l |
- | ● postgresql-9.6.service - PostgreSQL | + | ● postgresql.service - PostgreSQL database server |
- | | + | |
- | | + | |
- | Main PID: 2626 (postmaster) | + | Main PID: 25715 (postmaster) |
- | | + | Tasks: 8 (limit: 52428) |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | | + | |
- | └─2634 postgres: stats collector | + | |
+ | | ||
+ | ├─25722 postgres: stats collector | ||
+ | | ||
- | lis 18 23:50:06 tomcat1.localdomain | + | Mar 11 10:48:06 HOSTNAME |
- | lis 18 23:50:06 tomcat1.localdomain | + | Mar 11 10:48:06 HOSTNAME postmaster[25715]: |
- | lis 18 23:50:06 tomcat1.localdomain | + | Mar 11 10:48:06 HOSTNAME |
- | lis 18 23:50:06 tomcat1.localdomain | + | Mar 11 10:48:06 HOSTNAME postmaster[25715]: |
+ | Mar 11 10:48:06 HOSTNAME postmaster[25715]: | ||
+ | Mar 11 10:48:06 HOSTNAME postmaster[25715]: | ||
+ | Mar 11 10:48:06 HOSTNAME postmaster[25715]: | ||
+ | Mar 11 10:48:06 HOSTNAME | ||
+ | Mar 11 10:48:06 HOSTNAME | ||
</ | </ | ||
Line 166: | Line 187: | ||
systemctl enable postgresql | systemctl enable postgresql | ||
</ | </ | ||
- | ==== DB server configuration ==== | + | ==== DB server configuration |
First of all, enable the password authentication. | First of all, enable the password authentication. | ||
- | In the file ''/ | + | In the file ''/ |
< | < | ||
host all | host all | ||
Line 183: | Line 204: | ||
Now we can do DB sizing. We presume the system has 3GB dedicated for the db. We can also log the queries logging (those over 200ms). **For particular sizing, use a [[https:// | Now we can do DB sizing. We presume the system has 3GB dedicated for the db. We can also log the queries logging (those over 200ms). **For particular sizing, use a [[https:// | ||
- | In a file ''/ | + | In a file ''/ |
< | < | ||
max_connections = 100 # (change requires restart) | max_connections = 100 # (change requires restart) | ||
Line 202: | Line 223: | ||
</ | </ | ||
- | Restart DB: '' | + | Restart DB: '' |
For Debian installation, | For Debian installation, | ||
< | < | ||
- | / | + | / |
- | / | + | / |
</ | </ | ||
< | < | ||
- | ===== Java - CentOS7 | + | ===== Java - CentOS8 -! CHANGED |
- | Java must be installed before Tomcat start. It is recommended to use OpenJDK (at least 1.8) from standard OS repository. | + | Java must be installed before Tomcat start. It is recommended to use OpenJDK (at least 1.11) from standard OS repository. |
Installation: | Installation: | ||
<code bash> | <code bash> | ||
- | yum install -y java-1.8.0-openjdk-headless java-1.8.0-openjdk-devel | + | yum install -y java-11-openjdk-headless java-11-openjdk-devel |
</ | </ | ||
Line 424: | Line 445: | ||
<Server port=" | <Server port=" | ||
</ | </ | ||
+ | -! CHANGED | ||
* Make Tomcat listen only on localhost: | * Make Tomcat listen only on localhost: | ||
- | * In the ''/ | + | * In the ''/ |
+ | * In same file configure ajp port('' | ||
+ | |||
+ | < | ||
+ | address=" | ||
+ | secretRequired=" | ||
+ | secret=" | ||
+ | port=" | ||
+ | redirectPort=" | ||
* Do not show aplication server version: | * Do not show aplication server version: | ||
Line 510: | Line 541: | ||
</ | </ | ||
- | HTTPd basic configuration: | + | HTTPd basic configuration |
- | Change MPM to worker (lower system requirements) - in the file ''/ | + | Change MPM to worker (lower system requirements) - in the file ''/ |
<code bash> | <code bash> | ||
Line 773: | Line 804: | ||
If you want to enable SSO to CzechIdM, additional configuration must be done with mod\_auth\_kerb. See [[tutorial: | If you want to enable SSO to CzechIdM, additional configuration must be done with mod\_auth\_kerb. See [[tutorial: | ||
- | ====== | + | ====== |
- | In case that you want to use nginx instead of Apache httpd, the configuration is as follows. | + | ==== 2. JDBC driver installation - CentOS8 ==== |
+ | **CentOS** | ||
- | <code ini> | + | Install the package with PostgreSQL JDBC driver: |
- | server { | + | |
- | listen | + | |
- | server_name | + | |
- | client_max_body_size 1G; | + | |
- | ssl on; | + | |
- | ssl_certificate | + | |
- | ssl_certificate_key | + | |
- | gzip on; | + | |
- | gzip_proxied any; | + | |
- | gzip_types | + | |
- | text/css | + | |
- | | + | |
- | text/xml | + | |
- | | + | |
- | application/ | + | |
- | | + | |
- | application/ | + | |
- | location / { | + | <code bash> |
- | proxy_hide_header X-Frame-Options; | + | yum install |
- | add_header X-Frame-Options SAMEORIGIN; | + | |
- | proxy_pass http:// | + | |
- | proxy_set_header Host $host; | + | |
- | proxy_set_header X-Real-IP $remote_addr; | + | |
- | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | + | |
- | proxy_set_header X-Forwarded-Proto " | + | |
- | proxy_ssl_session_reuse off; | + | |
- | proxy_redirect off; | + | |
- | + | ||
- | # WebSocket support | + | |
- | proxy_http_version 1.1; | + | |
- | proxy_set_header Upgrade $http_upgrade; | + | |
- | proxy_set_header Connection " | + | |
- | } | + | |
- | } | + | |
</ | </ | ||
+ | allow Tomcat to use the driver: | ||
+ | |||
+ | <code bash> | ||
+ | ln -s / | ||
+ | </ |