Differences

This shows you the differences between two versions of the page.

--- tutorial:adm:server_preparation_win [2019/03/22 15:02]
kotisovam [Basic system setup]
+++ tutorial:adm:server_preparation_win [2019/03/22 15:10]
kotisovam editing
@@ Line 32: / Line 32: @@
 pgc install pgadmin3
 </code>
-If your server does not have an Internet access, you can download and install pgAdmin from [[https://www.pgadmin.org/|here]].
+If your server does not have Internet access, you can download and install pgAdmin from [[https://www.pgadmin.org/|here]].
-Edit the PostgreSQL configuration file ''C:\PostgreSQL\data\pg96\postgresql.conf'' to make it listen on 127.0.0.1 only. Adjust database sizing as necessary. Following example is for about 6GB RAM. Do not blindly overwrite your PgSQL configuration! When in doubt, use a [[https://pgtune.leopard.in.ua/|calculator]].
+Edit the PostgreSQL configuration file ''C:\PostgreSQL\data\pg96\postgresql.conf'' to make it listen on 127.0.0.1 only. Adjust the database sizing as necessary. The following example is for 6GB RAM. Do not hasten to overwrite your PgSQL configuration out of hand! When in doubt, use a [[https://pgtune.leopard.in.ua/|calculator]].
 <code>
-listen_addresses = '127.0.0.1'			# what IP address(es) to listen on;
+listen_addresses = '127.0.0.1'		# what IP address(es) to listen on;
 port = 5432				# (change requires restart)
 max_connections = 150			# (change requires restart)
 superuser_reserved_connections = 3	# (change requires restart)
 shared_buffers = 512MB			# min 128kB
-work_mem = 12815kB				# min 64kB
+work_mem = 12815kB			# min 64kB
 maintenance_work_mem = 384MB
 dynamic_shared_memory_type = windows	# the default is the first option
@@ Line 75: / Line 75: @@
 </code>
-Configure the authentication in the ''C:\PostgreSQL\data\pg96\pg_hba.conf'' to accept passwords. The basic configuration file should then look like this.
+Configure the authentication in the ''C:\PostgreSQL\data\pg96\pg_hba.conf'' to accept passwords. The basic configuration file should then look like this:
 <code>
 # TYPE  DATABASE        USER            CIDR-ADDRESS            METHOD
@@ Line 88: / Line 88: @@
 Open Windows services' dialogue (Win+r and type **services.msc** therein). Look for the "PostgreSQL 9.6 Server" service and set its ''StartupType'' to ''Automatic''. Then start the service.
-<note>If you install the database to a different server than the CzechIdM application itself (Tomcat etc.), don't forget to configure PostgreSQL to allow remote SSL connection from that server.</note>
+<note>If you install the database onto a server distinct from the one on which the CzechIdM application itself (Tomcat etc.) is mounted, don't forget to configure PostgreSQL to allow remote SSL connection from that server.</note>
 ===== Java =====
-Install the Oracle JDK (minimal version is 1.8). You can download it from [[http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html|here]]. Be sure to download the **JDK** and not only **JRE**.
+Install the Oracle JDK (minimal version is 1.8). You can download it from [[http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html|here]]. Be sure to download the **JDK**, and not only **JRE**.
-Install the Java into standard directory in Program Files. After the installation, it is necessary to set up ''JAVA\_HOME'' and ''PATH'' variables. Open the **sysdm.cpl** (Win+r ant type sysdm.cpl) dialogue and navigate to ''> Advanced > Environment Variables''. Add system-wide variable ''JAVA\_HOME=C:\Program Files\Java\jdk1.8.0\_152'' (**adjust the path accordingly to the Java version you just installed**). Add the ''%JAVA_HOME%\bin'' to the ''PATH''. Then run ''java -version'' from the windows cmd to check if it is working properly.
+Install the Java into a standard directory in Program Files. Having finished the installation, it is necessary to set up ''JAVA\_HOME'' and ''PATH'' variables. Open the **sysdm.cpl** (Win+r ant type sysdm.cpl) dialogue and navigate to ''> Advanced > Environment Variables''. Add system-wide variable ''JAVA\_HOME=C:\Program Files\Java\jdk1.8.0\_152'' (**adjust the path accordingly to the Java version you just installed**). Add the ''%JAVA_HOME%\bin'' to the ''PATH''. Then run ''java -version'' from the windows cmd to check if it is working properly.
 ===== Tomcat =====
@@ Line 107: / Line 107: @@
   * Add ''C:\CzechIdM\etc;C:\CzechIdM\lib;C:\CzechIdM\lib\\*;'' to the **beginning of the** ''CLASSPATH''.
-Configure adresses the server will listen on. Open the ''server.xml'' configuration file in the Tomcat installation. Make these changes:
+Configure addresses the server will listen on. Open the ''server.xml'' configuration file in the Tomcat installation. Make these changes:
   * Add ''address="127.0.0.1"'' to the **8080/tcp** and **8009/tcp** connectors. This will make Tomcat listen only on localhost.
   * Change port number ''8005'' to ''-1'' at the Shutdown Port setting. This will effectively turn off the shutdown port.
-Use the **services.msc** dialgoue to set the Apache Tomcat ''StartupType'' to ''Automatic (Delayed Start)''. This will make the application container start after the PostgreSQL database.
+Use the **services.msc** dialogue to set the Apache Tomcat ''StartupType'' to ''Automatic (Delayed Start)''. This will make the application container start after the PostgreSQL database.
 <note important>For production use, we strongly advise to remove all Tomcat's management applications from the container.
   * Locate the ''webapps'' folder in the Tomcat installation and delete everything that is inside.
 </note>
-For roles and advanced management configuration, please see relevant chapters in the [[tutorial:adm:server_preparation|Server Preparation - Linux]] tutorial.
+For roles and advanced management configuration, please see the relevant chapters in the [[tutorial:adm:server_preparation|Server Preparation - Linux]] tutorial.
 ====== Apache httpd as a reverse proxy ======
-It is possible to open Apache Tomcat to the network directly, but little inconvenient. You want the users to access the CzechIdM on user-friendly ports 80/tcp or 443/tcp. So we use Apache httpd as a reverse proxy and add a few security features along the way.
+It is possible to open Apache Tomcat to the network directly, but somewhat inconvenient. You want the users to access CzechIdM on user-friendly ports 80/tcp or 443/tcp. So we use Apache httpd as a reverse proxy and add a few security features along the way.
-Apache httpd will allow access to data via https on port 443/tcp and http on port 80/tcp. Communication via http protocol will be enabled, but we will redirect all communication to https.
+Apache httpd will allow access to data via https on port 443/tcp and http on port 80/tcp. Communication via http protocol is enabled, but we redirect all communication to https.
-Communication between Apache httpd and Tomcat will take place on local machine via AJP protocol. In httpd, there will be mod_security installed (optional but recommended), which serves as an application firewall.
+Communication between Apache httpd and Tomcat takes place on local machine via AJP protocol. In httpd, there will be mod_security installed (optional but recommended), which serves as an application firewall.
 The configuration example is written for the server which allows access to its services under the name "demo.czechidm.com".