Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:server_preparation_tmp [2020/03/11 13:47] urbanl [Apache Tomcat configuration] |
tutorial:adm:server_preparation_tmp [2020/03/12 11:40] urbanl [INSTALACTNI NAVOD] |
||
---|---|---|---|
Line 541: | Line 541: | ||
</ | </ | ||
- | HTTPd basic configuration: | + | HTTPd basic configuration |
- | Change MPM to worker (lower system requirements) - in the file ''/ | + | Change MPM to worker (lower system requirements) - in the file ''/ |
<code bash> | <code bash> | ||
Line 804: | Line 804: | ||
If you want to enable SSO to CzechIdM, additional configuration must be done with mod\_auth\_kerb. See [[tutorial: | If you want to enable SSO to CzechIdM, additional configuration must be done with mod\_auth\_kerb. See [[tutorial: | ||
- | ====== | + | ====== |
- | In case that you want to use nginx instead of Apache httpd, the configuration is as follows. | + | <note important> |
+ | ==== 2. JDBC driver installation - CentOS8 ==== | ||
+ | **CentOS** | ||
- | <code ini> | + | Install the package with PostgreSQL JDBC driver: |
- | server { | + | |
- | listen | + | |
- | server_name | + | |
- | client_max_body_size 1G; | + | |
- | ssl on; | + | |
- | ssl_certificate | + | |
- | ssl_certificate_key | + | |
- | gzip on; | + | |
- | gzip_proxied any; | + | |
- | gzip_types | + | |
- | text/css | + | |
- | | + | |
- | text/xml | + | |
- | | + | |
- | application/ | + | |
- | | + | |
- | application/ | + | |
- | location / { | + | <code bash> |
- | proxy_hide_header X-Frame-Options; | + | yum install |
- | add_header X-Frame-Options SAMEORIGIN; | + | </code> |
- | proxy_pass http:// | + | |
- | proxy_set_header Host $host; | + | |
- | proxy_set_header X-Real-IP $remote_addr; | + | |
- | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | + | |
- | proxy_set_header X-Forwarded-Proto " | + | |
- | proxy_ssl_session_reuse off; | + | |
- | proxy_redirect off; | + | |
- | # WebSocket support | + | allow Tomcat to use the driver: |
- | proxy_http_version 1.1; | + | |
- | | + | <code bash> |
- | | + | ln -s / |
- | } | + | |
- | } | + | |
</ | </ | ||
+ | ==== Application properties ==== | ||
+ | |||
+ | * The most important file is **/ | ||
+ | |||
+ | <file properties application-production.properties> | ||
+ | # Doc: https:// | ||
+ | |||
+ | idm.pub.app.instanceId=idm-primary | ||
+ | idm.pub.app.stage=production | ||
+ | |||
+ | spring.datasource.url=jdbc: | ||
+ | spring.datasource.username=czechidm | ||
+ | spring.datasource.password=********** TODO ********* | ||
+ | spring.datasource.driver-class-name=org.postgresql.Driver | ||
+ | spring.datasource.validationQuery=SELECT 1 | ||
+ | spring.datasource.test-on-borrow=true | ||
+ | spring.jpa.generate-ddl=false | ||
+ | spring.jpa.hibernate.ddl-auto=none | ||
+ | flyway.enabled=true | ||
+ | |||
+ | |||
+ | scheduler.properties.location=quartz-production.properties | ||
+ | |||
+ | logging.config=/ | ||
+ | |||
+ | idm.sec.core.demo.data.enabled=false | ||
+ | |||
+ | # attachments will be stored under this path. | ||
+ | # new directories for attachment will be created in this folder (permissions has to be added) | ||
+ | # System.getProperty(" | ||
+ | idm.sec.core.attachment.storagePath=/ | ||
+ | # configuration property for default backup | ||
+ | idm.sec.core.backups.default.folder.path=/ | ||
+ | |||
+ | |||
+ | idm.pub.security.allowed-origins=http:// | ||
+ | # Generate JWT token security string as "cat / | ||
+ | # We recommend the VALUE to be at least 25. | ||
+ | idm.sec.security.jwt.secret.token=********** TODO ********* | ||
+ | idm.sec.security.jwt.expirationTimeout=36000000 | ||
+ | |||
+ | # Cipher secret key for crypt values in confidential storage | ||
+ | # for crypt values is used secretKey or secretKey defined by file - secretKeyPath | ||
+ | # | ||
+ | cipher.crypt.secret.keyPath=/ | ||
+ | |||
+ | # Defaults for: emailer.* | ||
+ | # test.enabled=true means mail WILL NOT be sent | ||
+ | idm.sec.core.emailer.test.enabled=true | ||
+ | # http:// | ||
+ | idm.sec.core.emailer.protocol=smtp | ||
+ | idm.sec.core.emailer.host=something.tld | ||
+ | idm.sec.core.emailer.port=25 | ||
+ | # idm.sec.core.emailer.username=czechidm@domain.tld | ||
+ | # idm.sec.core.emailer.password=password | ||
+ | idm.sec.core.emailer.from=czechidm@localhost | ||
+ | |||
+ | # Default user role will be added automatically, | ||
+ | # could contains default authorities and authority policies configuration | ||
+ | # for adding autocomplete or all record read permission etc. | ||
+ | idm.sec.core.role.default=userRole | ||
+ | # Admin user role | ||
+ | idm.sec.core.role.admin=superAdminRole | ||
+ | |||
+ | # Max file size of uploaded file. Values can use the suffixed " | ||
+ | spring.servlet.multipart.max-file-size=100MB | ||
+ | spring.servlet.multipart.max-request-size=100MB | ||
+ | </ | ||
+ | |||
+ | |||
+ | |||
+ |