Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:server_preparation_tmp [2020/07/24 08:19] fiserp [Database server installation - CentOS8] |
tutorial:adm:server_preparation_tmp [2020/07/24 11:27] fiserp [HTTPd installation and configuration] |
||
---|---|---|---|
Line 47: | Line 47: | ||
===== PostgreSQL | ===== PostgreSQL | ||
<note tip>If you are installing CzechIdM on Microsoft SQL Server, please follow [[tutorial: | <note tip>If you are installing CzechIdM on Microsoft SQL Server, please follow [[tutorial: | ||
- | We install PostgreSQL 12 database binaries and set database data directory | + | We install PostgreSQL 12 database binaries and change |
==== Database server installation - CentOS8 ==== | ==== Database server installation - CentOS8 ==== | ||
* Software installation on CentOS8(versions can vary): | * Software installation on CentOS8(versions can vary): | ||
Line 142: | Line 142: | ||
- | ==== DB server configuration ==== | + | ==== Database |
- | First of all, enable | + | * Enable |
In the file ''/ | In the file ''/ | ||
Line 151: | Line 151: | ||
host all | host all | ||
</ | </ | ||
- | + | and change the value at the end of each line to '' | |
- | and change the value at the end of each line into md5 like this: | + | |
< | < | ||
host all | host all | ||
Line 158: | Line 157: | ||
</ | </ | ||
- | Now we can do DB sizing. | + | * Adjust |
- | In a file ''/ | + | * In following snippet, we presume the system has 3GB of memory |
+ | * We also log queries running longer than 200ms. | ||
+ | In a file ''/ | ||
< | < | ||
- | max_connections = 100 # (change requires restart) | + | # This is an EXAMPLE. Use the calculator to adjust for your deployment! |
- | shared_buffers = 768MB # min 128kB | + | # DB Version: 12 |
+ | # OS Type: linux | ||
+ | # DB Type: web | ||
+ | # Total Memory (RAM): 3 GB | ||
+ | # Connections num: 100 | ||
+ | # Data Storage: ssd | ||
+ | max_connections = 100 | ||
+ | shared_buffers = 768MB | ||
effective_cache_size = 2304MB | effective_cache_size = 2304MB | ||
- | work_mem = 7864kB | ||
maintenance_work_mem = 192MB | maintenance_work_mem = 192MB | ||
- | |||
- | min_wal_size = 1GB | ||
- | max_wal_size = 2GB | ||
checkpoint_completion_target = 0.7 | checkpoint_completion_target = 0.7 | ||
wal_buffers = 16MB | wal_buffers = 16MB | ||
- | |||
default_statistics_target = 100 | default_statistics_target = 100 | ||
+ | random_page_cost = 1.1 | ||
+ | effective_io_concurrency = 200 | ||
+ | work_mem = 3932kB | ||
+ | min_wal_size = 1GB | ||
+ | max_wal_size = 4GB | ||
log_min_duration_statement = 200 | log_min_duration_statement = 200 | ||
</ | </ | ||
- | Restart | + | * Restart |
- | < | + | < |
+ | systemctl restart | ||
+ | </ | ||
+ | |||
+ | < | ||
===== Java - CentOS8 ===== | ===== Java - CentOS8 ===== | ||
- | Java must be installed | + | Tomcat application server needs Java installed. |
Installation: | Installation: | ||
- | < | + | < |
- | yum install -y java-11-openjdk-headless java-11-openjdk-devel | + | dnf install -y java-11-openjdk-headless java-11-openjdk-devel |
</ | </ | ||
- | |||
- | Then create the file ''/ | ||
- | <file bash java.sh> | ||
- | [ -d / | ||
- | </ | ||
Line 203: | Line 211: | ||
< | < | ||
groupadd -r tomcat | groupadd -r tomcat | ||
- | useradd -r -s /bin/nologin -g tomcat -d /opt/tomcat tomcat | + | useradd -r -s /usr/sbin/nologin -g tomcat -d /opt/tomcat tomcat |
getent passwd tomcat | getent passwd tomcat | ||
- | # | + | # |
</ | </ | ||
Line 215: | Line 223: | ||
</ | </ | ||
- | * Download Apache Tomcat 8.5.x from the website [[https:// | + | * Download Apache Tomcat 8.5.x from the website [[https:// |
- | * In our exapmle the version is 8.5.8. | + | * In our exapmle the version is 8.5.57. |
- | * extract files from archive: | + | * extract files from the archive: |
<code bash> | <code bash> | ||
- | tar xzf apache-tomcat-8.5.8.tar.gz | + | tar xzf apache-tomcat-8.5.57.tar.gz |
</ | </ | ||
Line 228: | Line 236: | ||
<code bash> | <code bash> | ||
cd /opt/tomcat | cd /opt/tomcat | ||
- | ln -s apache-tomcat-8.5.8 current | + | ln -s apache-tomcat-8.5.57 current |
</ | </ | ||
Line 238: | Line 246: | ||
chmod 750 /opt/tomcat | chmod 750 /opt/tomcat | ||
cd / | cd / | ||
- | chmod o+rX -R ./ | + | chmod -R o+rX ./ |
chgrp -R tomcat conf/ bin/ lib/ | chgrp -R tomcat conf/ bin/ lib/ | ||
- | chmod g+rwx conf | + | chmod g+rx conf |
chmod g+r conf/* | chmod g+r conf/* | ||
chown -R tomcat webapps/ work/ temp/ logs/ | chown -R tomcat webapps/ work/ temp/ logs/ | ||
Line 260: | Line 268: | ||
[Unit] | [Unit] | ||
Description=Apache Tomcat Web Application Container | Description=Apache Tomcat Web Application Container | ||
- | After=syslog.target network.target | + | After=syslog.target network.target |
[Service] | [Service] | ||
Line 283: | Line 291: | ||
WantedBy=multi-user.target | WantedBy=multi-user.target | ||
</ | </ | ||
+ | < | ||
+ | * Values of '' | ||
+ | * Tomcat will be started under user '' | ||
+ | </ | ||
- | * Values of Xms a Xmx se are closely dependent on server sizing. If you have enough memory it is strongly advised to use Xmx 6128M or more. | + | * Reload |
- | + | ||
- | * Tomcat will be started under user '' | + | |
- | * After every systemd configuration | + | |
< | < | ||
systemctl daemon-reload | systemctl daemon-reload | ||
</ | </ | ||
- | | + | |
+ | | ||
< | < | ||
systemctl start tomcat | systemctl start tomcat | ||
+ | systemctl enable tomcat | ||
</ | </ | ||
+ | |||
* Check that Tomcat runs with desirable parameters: | * Check that Tomcat runs with desirable parameters: | ||
+ | |||
<code bash> | <code bash> | ||
- | [root@tomcat1 logs]# ps -u tomcat | + | [root@tomcat1 logs]# ps -ef | grep ^tomcat |
- | UID PID PPID C STIME TTY TIME CMD | + | tomcat |
- | tomcat | + | |
</ | </ | ||
- | | + | |
+ | | ||
< | < | ||
systemctl stop tomcat | systemctl stop tomcat | ||
- | </ | ||
- | * Enable tomcat start after OS start: | ||
- | <code bash> | ||
- | systemctl enable tomcat | ||
</ | </ | ||
Line 322: | Line 333: | ||
If you want to use them, it is necessary to do following steps. | If you want to use them, it is necessary to do following steps. | ||
- | First of all, create a database user that you will use for the access to those applications. If you plan to connect to the applications remotely (not only from localhost) you have to also allow communication from your IP. | + | First of all, create a Tomcat' |
- | + | ||
- | Create user like this: | + | |
- | Create the a new user in the file ''/ | + | * Create administration user |
- | The documentation of available roles as well as overall configuration of the application is a part of application installation available at http:// | + | * Create the a new user in the file ''/ |
+ | | ||
- | The file ''/ | + | The file ''/ |
<file xml tomcat-users.xml> | <file xml tomcat-users.xml> | ||
<?xml version=" | <?xml version=" | ||
Line 345: | Line 355: | ||
</ | </ | ||
- | If you plan to connect to the applications remotely (not only from localhost) you have to also allow communication from your IP. If you see '' | + | * If you plan to connect to the applications remotely (not only from localhost) you have to also allow communication from your IP. |
+ | * If you see '' | ||
- | Add your IP address into application configuration files. In files ''/ | + | Add your IP address into application configuration files. In files ''/ |
- | In my case, I want to access | + | For example, if you want to access Tomcat' |
<file xml context.xml> | <file xml context.xml> | ||
Line 359: | Line 370: | ||
</ | </ | ||
- | Again, restart the tomcat: | + | * Again, restart the tomcat |
<code bash> | <code bash> | ||
systemctl restart tomcat | systemctl restart tomcat | ||
</ | </ | ||
- | === Apache Tomcat configuration recommended for production | + | === Apache Tomcat configuration recommended for production |
- | It is advised | + | We advise |
- | * Remove unnecessary applications that comes with Tomcat: | + | * Remove unnecessary applications that come with Tomcat: |
<code bash> | <code bash> | ||
Line 387: | Line 398: | ||
* In the ''/ | * In the ''/ | ||
- | * In same file configure | + | * In same file configure |
< | < | ||
Line 399: | Line 410: | ||
* Do not show aplication server version: | * Do not show aplication server version: | ||
- | * In the file ''/ | + | * In the file ''/ |
<code xml> | <code xml> | ||
Line 469: | Line 480: | ||
HTTPd basic configuration: | HTTPd basic configuration: | ||
- | Change MPM to worker | + | Change MPM to worker - in the file ''/ |
<code bash> | <code bash> | ||
Line 499: | Line 510: | ||
</ | </ | ||
- | Virtualhost configuration to forward the communication from port 80 to 443. Add following section and change string 'server' to the real servername in the file ''/ | + | Virtualhost configuration to forward the communication from port 80 to 443. Add following section and change string 'SERVER' to the real servername in the file ''/ |
<code xml> | <code xml> | ||
< | < | ||
Line 533: | Line 544: | ||
</ | </ | ||
- | We also have to secure the communication. **Edit** corresponding lines in '' | + | Syntax check before httpd restart |
- | < | + | |
- | SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 | + | |
- | SSLCipherSuite ALL: | + | |
- | SSLHonorCipherOrder on | + | |
- | </ | + | |
- | < | + | |
- | + | ||
- | Syntax check before httpd restart: | + | |
< | < | ||
httpd -t -D DUMP_VHOST | httpd -t -D DUMP_VHOST | ||
+ | # or apachectl configtest | ||
</ | </ | ||