Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
tutorial:adm:server_preparation_tmp [2020/07/24 09:01] fiserp [Start Tomcat automatically after system startup] |
tutorial:adm:server_preparation_tmp [2020/07/24 11:27] fiserp [HTTPd installation and configuration] |
||
---|---|---|---|
Line 203: | Line 203: | ||
dnf install -y java-11-openjdk-headless java-11-openjdk-devel | dnf install -y java-11-openjdk-headless java-11-openjdk-devel | ||
</ | </ | ||
- | |||
- | Then create the file ''/ | ||
- | <file bash java.sh> | ||
- | [ -d / | ||
- | </ | ||
Line 317: | Line 312: | ||
<code bash> | <code bash> | ||
- | [root@tomcat1 logs]# ps -u tomcat | + | [root@tomcat1 logs]# ps -ef | grep ^tomcat |
- | UID PID PPID C STIME TTY TIME CMD | + | tomcat |
- | tomcat | + | |
</ | </ | ||
Line 339: | Line 333: | ||
If you want to use them, it is necessary to do following steps. | If you want to use them, it is necessary to do following steps. | ||
- | First of all, create a database user that you will use for the access to those applications. If you plan to connect to the applications remotely (not only from localhost) you have to also allow communication from your IP. | + | First of all, create a Tomcat' |
- | Create user like this: | + | * Create |
+ | * Create the a new user in the file ''/ | ||
+ | * The documentation of available roles as well as overall configuration of the application is a part of application installation available at http:// | ||
- | Create the a new user in the file ''/ | + | The file ''/ |
- | The documentation of available roles as well as overall configuration of the application is a part of application installation available at http:// | + | |
- | + | ||
- | The file ''/ | + | |
<file xml tomcat-users.xml> | <file xml tomcat-users.xml> | ||
<?xml version=" | <?xml version=" | ||
Line 362: | Line 355: | ||
</ | </ | ||
- | If you plan to connect to the applications remotely (not only from localhost) you have to also allow communication from your IP. If you see '' | + | * If you plan to connect to the applications remotely (not only from localhost) you have to also allow communication from your IP. |
+ | * If you see '' | ||
- | Add your IP address into application configuration files. In files ''/ | + | Add your IP address into application configuration files. In files ''/ |
- | In my case, I want to access | + | For example, if you want to access Tomcat' |
<file xml context.xml> | <file xml context.xml> | ||
Line 376: | Line 370: | ||
</ | </ | ||
- | Again, restart the tomcat: | + | * Again, restart the tomcat |
<code bash> | <code bash> | ||
systemctl restart tomcat | systemctl restart tomcat | ||
</ | </ | ||
- | === Apache Tomcat configuration recommended for production | + | === Apache Tomcat configuration recommended for production |
- | It is advised | + | We advise |
- | * Remove unnecessary applications that comes with Tomcat: | + | * Remove unnecessary applications that come with Tomcat: |
<code bash> | <code bash> | ||
Line 404: | Line 398: | ||
* In the ''/ | * In the ''/ | ||
- | * In same file configure | + | * In same file configure |
< | < | ||
Line 416: | Line 410: | ||
* Do not show aplication server version: | * Do not show aplication server version: | ||
- | * In the file ''/ | + | * In the file ''/ |
<code xml> | <code xml> | ||
Line 486: | Line 480: | ||
HTTPd basic configuration: | HTTPd basic configuration: | ||
- | Change MPM to worker | + | Change MPM to worker - in the file ''/ |
<code bash> | <code bash> | ||
Line 516: | Line 510: | ||
</ | </ | ||
- | Virtualhost configuration to forward the communication from port 80 to 443. Add following section and change string 'server' to the real servername in the file ''/ | + | Virtualhost configuration to forward the communication from port 80 to 443. Add following section and change string 'SERVER' to the real servername in the file ''/ |
<code xml> | <code xml> | ||
< | < | ||
Line 550: | Line 544: | ||
</ | </ | ||
- | We also have to secure the communication. **Edit** corresponding lines in '' | + | Syntax check before httpd restart |
- | < | + | |
- | SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 | + | |
- | SSLCipherSuite ALL: | + | |
- | SSLHonorCipherOrder on | + | |
- | </ | + | |
- | < | + | |
- | + | ||
- | Syntax check before httpd restart: | + | |
< | < | ||
httpd -t -D DUMP_VHOST | httpd -t -D DUMP_VHOST | ||
+ | # or apachectl configtest | ||
</ | </ | ||