Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:server_preparation_tmp [2020/03/11 13:40]
urbanl [Apache Tomcat configuration] 		tutorial:adm:server_preparation_tmp [2020/03/12 09:31]
urbanl [nginx as reverse proxy]
Line 445: Line 445:
 <Server port="-1" shutdown="SHUTDOWN"> <Server port="-1" shutdown="SHUTDOWN">
 </code> </code>
 +-! CHANGED
   * Make Tomcat listen only on localhost:   * Make Tomcat listen only on localhost:
     * In the ''/opt/tomcat/current/conf/server.xml'' add the ''address="127.0.0.1"'' property to configuration of ''8080'' port.     * In the ''/opt/tomcat/current/conf/server.xml'' add the ''address="127.0.0.1"'' property to configuration of ''8080'' port.
Line 540: Line 541:
 </code> </code>
  
-HTTPd basic configuration:+HTTPd basic configuration -!CHANGED:
  
-Change MPM to worker (lower system requirements) - in the file ''/etc/httpd/conf.modules.d/00-mpm.conf'' comment the lines with mod\_mpm\_prefork.so and uncomment mod\_mpm\_worker.so:+Change MPM to worker (lower system requirements) - in the file ''/etc/httpd/conf.modules.d/00-mpm.conf'' comment all lines but mod\_mpm\_worker.so:
  
 <code bash> <code bash>
Line 803: Line 804:
 If you want to enable SSO to CzechIdM, additional configuration must be done with mod\_auth\_kerb. See [[tutorial:adm:sso_ad_domain#configure_apache_httpd_-_linux|SSO installation guide]] for more details. If you want to enable SSO to CzechIdM, additional configuration must be done with mod\_auth\_kerb. See [[tutorial:adm:sso_ad_domain#configure_apache_httpd_-_linux|SSO installation guide]] for more details.
  
-====== nginx as reverse proxy ======+====== INSTALACTNI NAVOD ======
  
-In case that you want to use nginx instead of Apache httpd, the configuration is as follows+==== 2JDBC driver installation ​- CentOS8 ​====  
 +**CentOS**
  
-<code ini> +Install the package with PostgreSQL JDBC driver:
-server { +
- listen   *:443 ssl http2; +
- server_name  idm.domain.tld; +
- client_max_body_size 1G; +
- ssl on; +
- ssl_certificate      /path/to/fullchain.pem; +
- ssl_certificate_key  /path/to/privkey.pem; +
- gzip on; +
- gzip_proxied any; +
- gzip_types +
-        text/css +
-        text/javascript +
-        text/xml +
-        text/plain +
-        application/javascript +
-        application/x-javascript +
-        application/json;+
  
- location / { +<code bash> 
- proxy_hide_header X-Frame-Options; +yum install -y postgresql-jdbc
- add_header X-Frame-Options SAMEORIGIN; +
- proxy_pass http://localhost:8080/; +
- proxy_set_header Host $host; +
- proxy_set_header X-Real-IP $remote_addr; +
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +
- proxy_set_header X-Forwarded-Proto "https"; +
- proxy_ssl_session_reuse off; +
- proxy_redirect off; +
- +
- # WebSocket support +
- proxy_http_version 1.1; +
-    proxy_set_header Upgrade $http_upgrade; +
-    proxy_set_header Connection "upgrade"; +
-+
-}+
 </code> </code>
  
 +allow Tomcat to use the driver:
 +
 +<code bash>
 +ln -s /usr/share/java/postgresql-jdbc.jar /opt/tomcat/current/lib/
 +</code>