Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:server_preparation_tmp [2020/03/12 14:52]
urbanl [mod_security configuration - Debian] 		tutorial:adm:server_preparation_tmp [2020/03/12 14:55]
urbanl [Disabling mod_security rules]
Line 182: Line 182:
  
 Restart DB: ''systemctl restart  postgresql.service'' Restart DB: ''systemctl restart  postgresql.service''
- 
-For Debian installation, edit those configuration files instead: 
-<code> 
-/etc/postgresql/12/main/pg_hba.conf 
-/etc/postgresql/12/main/postgresql.conf 
-</code> 
  
 <note>If you install the database to a different server than the CzechIdM application itself (Tomcat etc.), don't forget to configure PostgreSQL to allow remote SSL connection from that server.</note> <note>If you install the database to a different server than the CzechIdM application itself (Tomcat etc.), don't forget to configure PostgreSQL to allow remote SSL connection from that server.</note>
Line 208: Line 202:
 ===== Tomcat ===== ===== Tomcat =====
  
-  * Create a new group and add user for the tomcat to run under (for Debian, use /usr/sbin/nologin in the useradd):+  * Create a new group and add user for the tomcat to run under:
  
 <code> <code>
Line 296: Line 290:
  
   * Tomcat will be started under user ''tomcat:tomcat'' a will use java installed in ''/usr/lib/jvm/java-1.8.0-openjdk''.   * Tomcat will be started under user ''tomcat:tomcat'' a will use java installed in ''/usr/lib/jvm/java-1.8.0-openjdk''.
-  * For Debian, change the JAVA\_HOME to ''JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64''. 
   * After every systemd configuration change it is necessary to reload:   * After every systemd configuration change it is necessary to reload:
  
Line 454: Line 447:
   * Adjust particular SELinux labels. Example ([[https://access.redhat.com/solutions/39006|here]]).   * Adjust particular SELinux labels. Example ([[https://access.redhat.com/solutions/39006|here]]).
 </note> </note>
- 
-Please note that on Debian, the log is not rotate during the first day, but after the second day. 
  
  
Line 506: Line 497:
 </code> </code>
  
-Virtualhost configuration to forward the communication from port 80 to 443. Add following section and change string 'server' to the real servername in the file ''/etc/httpd/conf.d/vhost-redirect.conf'' (or ''/etc/apache2/sites-available/vhost-redirect.conf'' for Debian):+Virtualhost configuration to forward the communication from port 80 to 443. Add following section and change string 'server' to the real servername in the file ''/etc/httpd/conf.d/vhost-redirect.conf'':
 <code xml> <code xml>
 <VirtualHost _default_:80> <VirtualHost _default_:80>
Line 514: Line 505:
 </code> </code>
  
-Set the  proxy in the virtualhost for https (443/tcp) - at the end of the file ''/etc/httpd/conf.d/ssl.conf'' (or ''/etc/apache2/sites-available/ssl.conf'' for Debian) add following before ending "tag" VirtualHost:+Set the  proxy in the virtualhost for https (443/tcp) - at the end of the file ''/etc/httpd/conf.d/ssl.conf'' add following before ending "tag" VirtualHost:
  
 <code> <code>
Line 587: Line 578:
 ==== Disabling mod_security rules ==== ==== Disabling mod_security rules ====
  
-In the file ''/etc/httpd/conf.d/ssl.conf'' (or ''/etc/apache2/sites-available/ssl.conf'' for Debian) deactivate following rules and set their logging:+In the file ''/etc/httpd/conf.d/ssl.conf'' deactivate following rules and set their logging:
 <code xml> <code xml>
 <IfModule mod_security2.c> <IfModule mod_security2.c>