Differences

This shows you the differences between two versions of the page.

--- tutorial:adm:server_preparation_tmp [2020/03/11 10:05]
urbanl [DB server configuration]
+++ tutorial:adm:server_preparation_tmp [2020/03/12 09:31]
urbanl [nginx as reverse proxy]
@@ Line 227: / Line 227: @@
 For Debian installation, edit those configuration files instead:
 <code>
-/etc/postgresql/9.6/main/pg_hba.conf
+/etc/postgresql/12/main/pg_hba.conf
-/etc/postgresql/9.6/main/postgresql.conf
+/etc/postgresql/12/main/postgresql.conf
 </code>
 <note>If you install the database to a different server than the CzechIdM application itself (Tomcat etc.), don't forget to configure PostgreSQL to allow remote SSL connection from that server.</note>
-===== Java - CentOS7 =====
+===== Java - CentOS8 -! CHANGED =====
-Java must be installed before Tomcat start. It is recommended to use OpenJDK (at least 1.8) from standard OS repository.
+Java must be installed before Tomcat start. It is recommended to use OpenJDK (at least 1.11) from standard OS repository.
 Installation:
 <code bash>
-yum install -y java-1.8.0-openjdk-headless java-1.8.0-openjdk-devel
+yum install -y java-11-openjdk-headless java-11-openjdk-devel
 </code>
@@ Line 445: / Line 445: @@
 <Server port="-1" shutdown="SHUTDOWN">
 </code>
+-! CHANGED
   * Make Tomcat listen only on localhost:
-    * In the ''/opt/tomcat/current/conf/server.xml'' add the ''address="127.0.0.1"'' property to configuration of ''8009'' and ''8080'' ports.
+    * In the ''/opt/tomcat/current/conf/server.xml'' add the ''address="127.0.0.1"'' property to configuration of ''8080'' port.
+    * In same file configure ajp port(''8009'') to look like this:
+    <Connector protocol="AJP/1.3"
+                address="127.0.0.1"
+                secretRequired="true"
+                secret="***password for ajp port***"
+                port="8009"
+                redirectPort="8443" />
   * Do not show aplication server version:
@@ Line 531: / Line 541: @@
 </code>
-HTTPd basic configuration:
+HTTPd basic configuration -!CHANGED:
-Change MPM to worker (lower system requirements) - in the file ''/etc/httpd/conf.modules.d/00-mpm.conf'' comment the lines with mod\_mpm\_prefork.so and uncomment mod\_mpm\_worker.so:
+Change MPM to worker (lower system requirements) - in the file ''/etc/httpd/conf.modules.d/00-mpm.conf'' comment all lines but mod\_mpm\_worker.so:
 <code bash>
@@ Line 794: / Line 804: @@
 If you want to enable SSO to CzechIdM, additional configuration must be done with mod\_auth\_kerb. See [[tutorial:adm:sso_ad_domain#configure_apache_httpd_-_linux|SSO installation guide]] for more details.
-====== nginx as reverse proxy ======
+====== INSTALACTNI NAVOD ======
-In case that you want to use nginx instead of Apache httpd, the configuration is as follows.
+==== 2. JDBC driver installation - CentOS8 ====
+**CentOS**
-<code ini>
+Install the package with PostgreSQL JDBC driver:
-server {
-	listen   *:443 ssl http2;
-	server_name  idm.domain.tld;
-	client_max_body_size 1G;
-	ssl on;
-	ssl_certificate      /path/to/fullchain.pem;
-	ssl_certificate_key  /path/to/privkey.pem;
-	gzip on;
-	gzip_proxied any;
-	gzip_types
-        	text/css
-       		text/javascript
-        	text/xml
-       		text/plain
-        	application/javascript
-       		application/x-javascript
-        	application/json;
-	location / {
+<code bash>
-		proxy_hide_header X-Frame-Options;
+yum install -y postgresql-jdbc
-		add_header X-Frame-Options SAMEORIGIN;
-		proxy_pass http://localhost:8080/;
-		proxy_set_header Host $host;
-		proxy_set_header X-Real-IP $remote_addr;
-		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-		proxy_set_header X-Forwarded-Proto "https";
-		proxy_ssl_session_reuse off;
-		proxy_redirect off;
-		# WebSocket support
-		proxy_http_version 1.1;
-    		proxy_set_header Upgrade $http_upgrade;
-    		proxy_set_header Connection "upgrade";
-	}
-}
 </code>
+allow Tomcat to use the driver:
+<code bash>
+ln -s /usr/share/java/postgresql-jdbc.jar /opt/tomcat/current/lib/
+</code>