Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
tutorial:adm:server_preparation_tmp [2020/07/24 08:35]
fiserp [DB server configuration] 		tutorial:adm:server_preparation_tmp [2020/07/24 09:01]
fiserp [Start Tomcat automatically after system startup]
Line 142: Line 142:
  
  
-==== DB server configuration ====+==== Database server configuration and sizing ====
  
   * Enable the password authentication.   * Enable the password authentication.
Line 187: Line 187:
 </code> </code>
  
-Restart DB: ''systemctl restart  postgresql.service''+  * Restart the database
  
-<note>If you install the database to a different server than the CzechIdM application itself (Tomcat etc.), don't forget to configure PostgreSQL to allow remote SSL connection from that server.</note>+<code> 
 +systemctl restart  postgresql.service 
 +</code> 
 + 
 +<note>If you install the database to a different server than the CzechIdM application itself, don't forget to configure PostgreSQL with SSL certificates and to enforce remote SSL connections.</note>
  
 ===== Java - CentOS8 ===== ===== Java - CentOS8 =====
  
-Java must be installed before Tomcat startIt is recommended to use OpenJDK (at least 1.11from standard OS repository.+Tomcat application server needs Java installed. We recommend to use OpenJDK 11 from standard OS repository. (OpenJDK 1.8 is also supported, check [[devel:documentation:compatibility|compatibility page]]).
  
 Installation: Installation:
-<code bash+<code> 
-yum install -y java-11-openjdk-headless java-11-openjdk-devel+dnf install -y java-11-openjdk-headless java-11-openjdk-devel
 </code> </code>
  
Line 212: Line 216:
 <code> <code>
 groupadd -r tomcat groupadd -r tomcat
-useradd -r -s /bin/nologin -g tomcat -d /opt/tomcat tomcat+useradd -r -s /usr/sbin/nologin -g tomcat -d /opt/tomcat tomcat
 getent passwd tomcat getent passwd tomcat
-#tomcat:x:995:993::/opt/tomcat:/bin/nologin+#tomcat:x:995:993::/opt/tomcat:/usr/sbin/nologin
 </code> </code>
  
Line 224: Line 228:
 </code> </code>
  
-  * Download Apache Tomcat 8.5.x from the website [[https://tomcat.apache.org/download-80.cgi]] to **/opt/tomcat/** +  * Download Apache Tomcat 8.5.x from the website [[https://tomcat.apache.org/download-80.cgi]] to ''/opt/tomcat/'' 
-    * In our exapmle the version is 8.5.8.+    * In our exapmle the version is 8.5.57.
  
-  * extract files from archive:+  * extract files from the archive:
  
 <code bash> <code bash>
-tar xzf apache-tomcat-8.5.8.tar.gz+tar xzf apache-tomcat-8.5.57.tar.gz
 </code> </code>
  
Line 237: Line 241:
 <code bash> <code bash>
 cd /opt/tomcat cd /opt/tomcat
-ln -s apache-tomcat-8.5.current+ln -s apache-tomcat-8.5.57 current
 </code> </code>
  
Line 247: Line 251:
 chmod 750 /opt/tomcat chmod 750 /opt/tomcat
 cd /opt/tomcat/current cd /opt/tomcat/current
-chmod o+rX -R ./+chmod -R o+rX ./
 chgrp -R tomcat conf/ bin/ lib/ chgrp -R tomcat conf/ bin/ lib/
-chmod g+rwx conf+chmod g+rx conf
 chmod g+r conf/* chmod g+r conf/*
 chown -R tomcat webapps/ work/ temp/ logs/ chown -R tomcat webapps/ work/ temp/ logs/
Line 269: Line 273:
 [Unit] [Unit]
 Description=Apache Tomcat Web Application Container Description=Apache Tomcat Web Application Container
-After=syslog.target network.target+After=syslog.target network.target postgresql.service
  
 [Service] [Service]
Line 292: Line 296:
 WantedBy=multi-user.target WantedBy=multi-user.target
 </file> </file>
 +<note>
 +  * Values of ''-Xms'' and ''-Xmx'' se are closely dependent on server sizing. If you have enough memory, we strongly recommend to use ''-Xmx 6128M'' or more.
 +  * Tomcat will be started under user ''tomcat:tomcat''.
 +</note>
  
-  * Values of Xms a Xmx se are closely dependent on server sizing. If you have enough memory it is strongly advised to use Xmx 6128M or more. +  * Reload systemd configuration:
- +
-  * Tomcat will be started under user ''tomcat:tomcat'' a will use java installed in ''/usr/lib/jvm/java-1.8.0-openjdk''+
-  * After every systemd configuration change it is necessary to reload:+
  
 <code> <code>
 systemctl daemon-reload systemctl daemon-reload
 </code> </code>
-  Test start:+ 
 +  Start the Tomcat to ensure it is configured properly. Enable its start on OS start. 
 <code> <code>
 systemctl start tomcat systemctl start tomcat
 +systemctl enable tomcat
 </code> </code>
 +
   * Check that Tomcat runs with desirable parameters:   * Check that Tomcat runs with desirable parameters:
 +
 <code bash> <code bash>
 [root@tomcat1 logs]# ps -u tomcat -fwww [root@tomcat1 logs]# ps -u tomcat -fwww
Line 311: Line 321:
 tomcat    1602      1 09:44 ?        00:00:02 /usr/lib/jvm/java-openjdk/bin/java -Djava.util.logging.config.file=/opt/tomcat/current/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8 -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Xms512M -Xmx1024M -server -XX:+UseParallelGC -classpath /opt/tomcat/current/bin/bootstrap.jar:/opt/tomcat/current/bin/tomcat-juli.jar -Dcatalina.base=/opt/tomcat/current -Dcatalina.home=/opt/tomcat/current -Djava.io.tmpdir=/opt/tomcat/current/temp org.apache.catalina.startup.Bootstrap start tomcat    1602      1 09:44 ?        00:00:02 /usr/lib/jvm/java-openjdk/bin/java -Djava.util.logging.config.file=/opt/tomcat/current/conf/logging.properties -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom -Dorg.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH=true -Djavax.servlet.request.encoding=UTF-8 -Djdk.tls.ephemeralDHKeySize=2048 -Djava.protocol.handler.pkgs=org.apache.catalina.webresources -Xms512M -Xmx1024M -server -XX:+UseParallelGC -classpath /opt/tomcat/current/bin/bootstrap.jar:/opt/tomcat/current/bin/tomcat-juli.jar -Dcatalina.base=/opt/tomcat/current -Dcatalina.home=/opt/tomcat/current -Djava.io.tmpdir=/opt/tomcat/current/temp org.apache.catalina.startup.Bootstrap start
 </code> </code>
-  * Stop Apache Tomcat:+ 
 +  * Stop the Tomcat
 <code> <code>
 systemctl stop tomcat systemctl stop tomcat
-</code> 
-  * Enable tomcat start after OS start: 
-<code bash> 
-systemctl enable tomcat 
 </code> </code>