Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:server_preparation_tmp [2020/03/11 14:14]
urbanl [HTTPd installation and configuration] 		tutorial:adm:server_preparation_tmp [2020/03/12 09:53]
urbanl [2. JDBC driver installation ​- CentOS8 ​]
Line 804: Line 804:
 If you want to enable SSO to CzechIdM, additional configuration must be done with mod\_auth\_kerb. See [[tutorial:adm:sso_ad_domain#configure_apache_httpd_-_linux|SSO installation guide]] for more details. If you want to enable SSO to CzechIdM, additional configuration must be done with mod\_auth\_kerb. See [[tutorial:adm:sso_ad_domain#configure_apache_httpd_-_linux|SSO installation guide]] for more details.
  
-====== nginx as reverse proxy ======+====== INSTALACTNI NAVOD ======
  
-In case that you want to use nginx instead of Apache httpd, the configuration is as follows+==== 2JDBC driver installation ​- CentOS8 ​====  
 +**CentOS**
  
-<code ini> +Install the package with PostgreSQL JDBC driver:
-server { +
- listen   *:443 ssl http2; +
- server_name  idm.domain.tld; +
- client_max_body_size 1G; +
- ssl on; +
- ssl_certificate      /path/to/fullchain.pem; +
- ssl_certificate_key  /path/to/privkey.pem; +
- gzip on; +
- gzip_proxied any; +
- gzip_types +
-        text/css +
-        text/javascript +
-        text/xml +
-        text/plain +
-        application/javascript +
-        application/x-javascript +
-        application/json;+
  
- location / { +<code bash> 
- proxy_hide_header X-Frame-Options; +yum install -y postgresql-jdbc 
- add_header X-Frame-Options SAMEORIGIN; +</code>
- proxy_pass http://localhost:8080/; +
- proxy_set_header Host $host; +
- proxy_set_header X-Real-IP $remote_addr; +
- proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; +
- proxy_set_header X-Forwarded-Proto "https"; +
- proxy_ssl_session_reuse off; +
- proxy_redirect off;+
  
- # WebSocket support +allow Tomcat to use the driver: 
- proxy_http_version 1.1; + 
-     proxy_set_header Upgrade $http_upgrade; +<code bash> 
-     proxy_set_header Connection "upgrade"; +ln -s /usr/share/java/postgresql-jdbc.jar /opt/tomcat/current/lib/
-+
-}+
 </code> </code>
  
 +==== Application properties ​==== 
 +
 +  * The most important file is **/opt/czechidm/etc/application-production.properties** (application-PROFILE.properties, where the PROFILE is the profile you run the IdM under). You can use most of the file as-is, there is a bit of configuration needed though. This is a template file:
 +
 +<file properties application-production.properties>
 +# Doc: https://wiki.czechidm.com/devel/dev/configuration/backend
 + 
 +idm.pub.app.instanceId=idm-primary
 +idm.pub.app.stage=production
 + 
 +spring.datasource.url=jdbc:postgresql://localhost:5432/czechidm
 +spring.datasource.username=czechidm
 +spring.datasource.password=********** TODO *********
 +spring.datasource.driver-class-name=org.postgresql.Driver
 +spring.datasource.validationQuery=SELECT 1
 +spring.datasource.test-on-borrow=true
 +spring.jpa.generate-ddl=false
 +spring.jpa.hibernate.ddl-auto=none
 +flyway.enabled=true
 + 
 +
 +scheduler.properties.location=quartz-production.properties
 +
 +logging.config=/opt/czechidm/etc/logback-spring.xml
 +
 +idm.sec.core.demo.data.enabled=false
 +
 +# attachments will be stored under this path.
 +# new directories for attachment will be created in this folder (permissions has to be added)
 +# System.getProperty("user.home")/idm_data will be used if no path is given
 +idm.sec.core.attachment.storagePath=/opt/czechidm/data
 +# configuration property for default backup 
 +idm.sec.core.backups.default.folder.path=/opt/czechidm/backup
 +
 + 
 +idm.pub.security.allowed-origins=http://localhost
 +# Generate JWT token security string as "cat /dev/urandom | tr -dc 'a-z0-9' | head -c VALUE" where VALUE can be from 1 to 255.
 +# We recommend the VALUE to be at least 25.
 +idm.sec.security.jwt.secret.token=********** TODO *********
 +idm.sec.security.jwt.expirationTimeout=36000000
 +
 +# Cipher secret key for crypt values in confidential storage
 +# for crypt values is used secretKey or secretKey defined by file - secretKeyPath
 +#cipher.crypt.secret.key=XXXXXXXXXXXXXXXX
 +cipher.crypt.secret.keyPath=/opt/czechidm/etc/secret.key
 +
 +# Defaults for: emailer.*
 +# test.enabled=true means mail WILL NOT be sent
 +idm.sec.core.emailer.test.enabled=true
 +# http://camel.apache.org/mail.html
 +idm.sec.core.emailer.protocol=smtp
 +idm.sec.core.emailer.host=something.tld
 +idm.sec.core.emailer.port=25
 +# idm.sec.core.emailer.username=czechidm@domain.tld
 +# idm.sec.core.emailer.password=password
 +idm.sec.core.emailer.from=czechidm@localhost
 + 
 +# Default user role will be added automatically, after an identity is logged in
 +# could contains default authorities and authority policies configuration
 +# for adding autocomplete or all record read permission etc.
 +idm.sec.core.role.default=userRole
 +# Admin user role
 +idm.sec.core.role.admin=superAdminRole
 +
 +# Max file size of uploaded file. Values can use the suffixed "MB" or "KB" to indicate a Megabyte or Kilobyte size.
 +spring.servlet.multipart.max-file-size=100MB
 +spring.servlet.multipart.max-request-size=100MB
 +</file>
 +
 +
 +
 +