This shows you the differences between two versions of the page.
Both sides previous revision
Previous revision
Next revision
|
Previous revision
Next revision
Both sides next revision
|
tutorial:adm:server_preparation_tmp [2020/03/12 14:51] urbanl [INSTALACTNI NAVOD] |
tutorial:adm:server_preparation_tmp [2020/03/12 14:53] urbanl [DB server configuration] |
| |
Restart DB: ''systemctl restart postgresql.service'' | Restart DB: ''systemctl restart postgresql.service'' |
| |
For Debian installation, edit those configuration files instead: | |
<code> | |
/etc/postgresql/12/main/pg_hba.conf | |
/etc/postgresql/12/main/postgresql.conf | |
</code> | |
| |
<note>If you install the database to a different server than the CzechIdM application itself (Tomcat etc.), don't forget to configure PostgreSQL to allow remote SSL connection from that server.</note> | <note>If you install the database to a different server than the CzechIdM application itself (Tomcat etc.), don't forget to configure PostgreSQL to allow remote SSL connection from that server.</note> |
nolog,\ | nolog,\ |
setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain|application/hal+json'" | setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain|application/hal+json'" |
</code> | |
| |
==== mod_security configuration - Debian ==== | |
Enable mod\_security configuration: | |
<code> | |
cd /etc/modsecurity | |
cp modsecurity.conf-recommended modsecurity.conf | |
</code> | |
| |
Uncomment following rules in the ''/etc/modsecurity/crs/crs-setup.conf'' and change them accordingly (add allowed content types and allowed HTTP methods): | |
<code> | |
SecAction \ | |
"id:900200,\ | |
phase:1,\ | |
nolog,\ | |
pass,\ | |
t:none,\ | |
setvar:'tx.allowed_methods=GET HEAD POST OPTIONS PUT PATCH DELETE'" | |
| |
SecAction \ | |
"id:900220,\ | |
phase:1,\ | |
nolog,\ | |
pass,\ | |
t:none,\ | |
setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded|multipart/form-data|text/xml|application/xml|application/x-amf|application/json|text/plain|application/hal+json'" | |
</code> | </code> |
| |