Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:server_preparation_tmp [2020/03/12 14:53]
urbanl [DB server configuration] 		tutorial:adm:server_preparation_tmp [2020/03/12 14:58]
urbanl [Apache Tomcat configuration]
Line 202: Line 202:
 ===== Tomcat ===== ===== Tomcat =====
  
-  * Create a new group and add user for the tomcat to run under (for Debian, use /usr/sbin/nologin in the useradd):+  * Create a new group and add user for the tomcat to run under:
  
 <code> <code>
Line 290: Line 290:
  
   * Tomcat will be started under user ''tomcat:tomcat'' a will use java installed in ''/usr/lib/jvm/java-1.8.0-openjdk''.   * Tomcat will be started under user ''tomcat:tomcat'' a will use java installed in ''/usr/lib/jvm/java-1.8.0-openjdk''.
-  * For Debian, change the JAVA\_HOME to ''JAVA_HOME=/usr/lib/jvm/java-1.8.0-openjdk-amd64''. 
   * After every systemd configuration change it is necessary to reload:   * After every systemd configuration change it is necessary to reload:
  
Line 384: Line 383:
 <Server port="-1" shutdown="SHUTDOWN"> <Server port="-1" shutdown="SHUTDOWN">
 </code> </code>
--! CHANGED+
   * Make Tomcat listen only on localhost:   * Make Tomcat listen only on localhost:
     * In the ''/opt/tomcat/current/conf/server.xml'' add the ''address="127.0.0.1"'' property to configuration of ''8080'' port.     * In the ''/opt/tomcat/current/conf/server.xml'' add the ''address="127.0.0.1"'' property to configuration of ''8080'' port.
     * In same file configure ajp port(''8009'') to look like this:     * In same file configure ajp port(''8009'') to look like this:
  
-    <Connector protocol="AJP/1.3"+<code> 
 +<Connector protocol="AJP/1.3"
                 address="127.0.0.1"                 address="127.0.0.1"
                 secretRequired="true"                 secretRequired="true"
Line 395: Line 395:
                 port="8009"                 port="8009"
                 redirectPort="8443" />                 redirectPort="8443" />
 +</code>
  
   * Do not show aplication server version:   * Do not show aplication server version:
Line 448: Line 448:
   * Adjust particular SELinux labels. Example ([[https://access.redhat.com/solutions/39006|here]]).   * Adjust particular SELinux labels. Example ([[https://access.redhat.com/solutions/39006|here]]).
 </note> </note>
- 
-Please note that on Debian, the log is not rotate during the first day, but after the second day. 
  
  
Line 500: Line 498:
 </code> </code>
  
-Virtualhost configuration to forward the communication from port 80 to 443. Add following section and change string 'server' to the real servername in the file ''/etc/httpd/conf.d/vhost-redirect.conf'' (or ''/etc/apache2/sites-available/vhost-redirect.conf'' for Debian):+Virtualhost configuration to forward the communication from port 80 to 443. Add following section and change string 'server' to the real servername in the file ''/etc/httpd/conf.d/vhost-redirect.conf'':
 <code xml> <code xml>
 <VirtualHost _default_:80> <VirtualHost _default_:80>
Line 508: Line 506:
 </code> </code>
  
-Set the  proxy in the virtualhost for https (443/tcp) - at the end of the file ''/etc/httpd/conf.d/ssl.conf'' (or ''/etc/apache2/sites-available/ssl.conf'' for Debian) add following before ending "tag" VirtualHost:+Set the  proxy in the virtualhost for https (443/tcp) - at the end of the file ''/etc/httpd/conf.d/ssl.conf'' add following before ending "tag" VirtualHost:
  
 <code> <code>
Line 581: Line 579:
 ==== Disabling mod_security rules ==== ==== Disabling mod_security rules ====
  
-In the file ''/etc/httpd/conf.d/ssl.conf'' (or ''/etc/apache2/sites-available/ssl.conf'' for Debian) deactivate following rules and set their logging:+In the file ''/etc/httpd/conf.d/ssl.conf'' deactivate following rules and set their logging:
 <code xml> <code xml>
 <IfModule mod_security2.c> <IfModule mod_security2.c>