Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:server_preparation_tmp [2020/03/12 14:51] urbanl [Database server installation - CentOS8 -!CHANGED] |
tutorial:adm:server_preparation_tmp [2020/03/18 13:44] urbanl [HTTPd installation and configuration] |
||
---|---|---|---|
Line 182: | Line 182: | ||
Restart DB: '' | Restart DB: '' | ||
- | |||
- | For Debian installation, | ||
- | < | ||
- | / | ||
- | / | ||
- | </ | ||
< | < | ||
Line 208: | Line 202: | ||
===== Tomcat ===== | ===== Tomcat ===== | ||
- | * Create a new group and add user for the tomcat to run under (for Debian, use / | + | * Create a new group and add user for the tomcat to run under: |
< | < | ||
Line 296: | Line 290: | ||
* Tomcat will be started under user '' | * Tomcat will be started under user '' | ||
- | * For Debian, change the JAVA\_HOME to '' | ||
* After every systemd configuration change it is necessary to reload: | * After every systemd configuration change it is necessary to reload: | ||
Line 390: | Line 383: | ||
<Server port=" | <Server port=" | ||
</ | </ | ||
- | -! CHANGED | + | |
* Make Tomcat listen only on localhost: | * Make Tomcat listen only on localhost: | ||
* In the ''/ | * In the ''/ | ||
* In same file configure ajp port('' | * In same file configure ajp port('' | ||
- | | + | < |
+ | < | ||
address=" | address=" | ||
secretRequired=" | secretRequired=" | ||
Line 401: | Line 395: | ||
port=" | port=" | ||
redirectPort=" | redirectPort=" | ||
+ | </ | ||
* Do not show aplication server version: | * Do not show aplication server version: | ||
Line 454: | Line 448: | ||
* Adjust particular SELinux labels. Example ([[https:// | * Adjust particular SELinux labels. Example ([[https:// | ||
</ | </ | ||
- | |||
- | Please note that on Debian, the log is not rotate during the first day, but after the second day. | ||
Line 506: | Line 498: | ||
</ | </ | ||
- | Virtualhost configuration to forward the communication from port 80 to 443. Add following section and change string ' | + | Virtualhost configuration to forward the communication from port 80 to 443. Add following section and change string ' |
<code xml> | <code xml> | ||
< | < | ||
Line 514: | Line 506: | ||
</ | </ | ||
- | Set the proxy in the virtualhost for https (443/tcp) - at the end of the file ''/ | + | Set the proxy in the virtualhost for https (443/tcp) - at the end of the file ''/ |
< | < | ||
+ | Protocols | ||
ProxyRequests | ProxyRequests | ||
ProxyPreserveHost on | ProxyPreserveHost on | ||
Line 587: | Line 580: | ||
==== Disabling mod_security rules ==== | ==== Disabling mod_security rules ==== | ||
- | In the file ''/ | + | In the file ''/ |
<code xml> | <code xml> | ||
< | < | ||
Line 646: | Line 639: | ||
nolog,\ | nolog,\ | ||
setvar:' | setvar:' | ||
- | </ | ||
- | |||
- | ==== mod_security configuration - Debian ==== | ||
- | Enable mod\_security configuration: | ||
- | < | ||
- | cd / | ||
- | cp modsecurity.conf-recommended modsecurity.conf | ||
- | </ | ||
- | |||
- | Uncomment following rules in the ''/ | ||
- | < | ||
- | SecAction \ | ||
- | " | ||
- | phase:1,\ | ||
- | nolog,\ | ||
- | pass,\ | ||
- | t:none,\ | ||
- | setvar:' | ||
- | |||
- | SecAction \ | ||
- | " | ||
- | phase:1,\ | ||
- | nolog,\ | ||
- | pass,\ | ||
- | t:none,\ | ||
- | setvar:' | ||
</ | </ | ||
Line 736: | Line 703: | ||
- | ====== INSTALACTNI NAVOD ====== | ||
- | <note important> | ||
- | ==== Application properties ==== | ||
- | |||
- | * The most important file is **/ | ||
- | |||
- | <file properties application-production.properties> | ||
- | # Doc: https:// | ||
- | |||
- | idm.pub.app.instanceId=idm-primary | ||
- | idm.pub.app.stage=production | ||
- | |||
- | spring.datasource.url=jdbc: | ||
- | spring.datasource.username=czechidm | ||
- | spring.datasource.password=********** TODO ********* | ||
- | spring.datasource.driver-class-name=org.postgresql.Driver | ||
- | spring.datasource.validationQuery=SELECT 1 | ||
- | spring.datasource.test-on-borrow=true | ||
- | spring.jpa.generate-ddl=false | ||
- | spring.jpa.hibernate.ddl-auto=none | ||
- | flyway.enabled=true | ||
- | |||
- | |||
- | scheduler.properties.location=quartz-production.properties | ||
- | |||
- | logging.config=/ | ||
- | |||
- | idm.sec.core.demo.data.enabled=false | ||
- | |||
- | # attachments will be stored under this path. | ||
- | # new directories for attachment will be created in this folder (permissions has to be added) | ||
- | # System.getProperty(" | ||
- | idm.sec.core.attachment.storagePath=/ | ||
- | # configuration property for default backup | ||
- | idm.sec.core.backups.default.folder.path=/ | ||
- | |||
- | |||
- | idm.pub.security.allowed-origins=http:// | ||
- | # Generate JWT token security string as "cat / | ||
- | # We recommend the VALUE to be at least 25. | ||
- | idm.sec.security.jwt.secret.token=********** TODO ********* | ||
- | idm.sec.security.jwt.expirationTimeout=36000000 | ||
- | |||
- | # Cipher secret key for crypt values in confidential storage | ||
- | # for crypt values is used secretKey or secretKey defined by file - secretKeyPath | ||
- | # | ||
- | cipher.crypt.secret.keyPath=/ | ||
- | |||
- | # Defaults for: emailer.* | ||
- | # test.enabled=true means mail WILL NOT be sent | ||
- | idm.sec.core.emailer.test.enabled=true | ||
- | # http:// | ||
- | idm.sec.core.emailer.protocol=smtp | ||
- | idm.sec.core.emailer.host=something.tld | ||
- | idm.sec.core.emailer.port=25 | ||
- | # idm.sec.core.emailer.username=czechidm@domain.tld | ||
- | # idm.sec.core.emailer.password=password | ||
- | idm.sec.core.emailer.from=czechidm@localhost | ||
- | |||
- | # Default user role will be added automatically, | ||
- | # could contains default authorities and authority policies configuration | ||
- | # for adding autocomplete or all record read permission etc. | ||
- | idm.sec.core.role.default=userRole | ||
- | # Admin user role | ||
- | idm.sec.core.role.admin=superAdminRole | ||
- | |||
- | # Max file size of uploaded file. Values can use the suffixed " | ||
- | spring.servlet.multipart.max-file-size=100MB | ||
- | spring.servlet.multipart.max-request-size=100MB | ||
- | </ | ||
- | |||
- | |||
- | |||
- |