Differences

This shows you the differences between two versions of the page.

--- documentation:server-install-components [2018/11/29 05:58]
mpospisek [Config files settings]
+++ — (current)
@@ Line 1: / Line 1: @@
-====== Software Components ======
-===== PostgreSQL =====
-==== Software Installation ====
-Configure repository: On CentOS: /etc/yum.repos.d/CentOS-Base.repo, [base] and [updates] sections
-<sxh bash>
-exclude=postgresql*
-</sxh>
-<codedoc code:bash>
-yum install ~~codedoc:clean:https://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-redhat96-9.6-3.noarch.rpm~~
-yum install postgresql96 postgresql96-server postgresql96-devel postgresql-jdbc
-#
-/usr/pgsql-9.6/bin/postgresql96-setup initdb
-systemctl enable postgresql-9.6.service
-systemctl start postgresql-9.6.service
-</codedoc>
-==== DB configuration ====
-Roles after installation
-<codedoc code:bash>
-su - postgres
-createuser -l -s root
-vi /var/lib/pgsql/9.6/data/pg_hba.conf
-</codedoc>
-<sxh bash>
-# IPv4 local connections:
-host    all             all             10.0.0.0/8              md5
-host    all             all             127.0.0.1/32            trust
-</sxh>
-<codedoc code:bash>
-logout
-</codedoc>
-===== Java =====
-==== Software Installation ====
-**Experimentally you can omit this part**
-//Oracle distribution policy has changed//
-Java 1.8.0_151
-GET JAVA 1.8.0_151 JRE RPM from Oracle at \\
-http://www.oracle.com/technetwork/java/javase/downloads/java-archive-javase8-2177648.html \\
-or \\
-http://download.oracle.com/otn/java/jdk/8u151-b12/e758a0de34e24606bca991d704f6dcbf/jre-8u151-linux-x64.rpm
-Newer versions of 1.8 will probably work, too.
-<sxh bash>
-yum localinstall jre-8u151-linux-x64.rpm
-==== Software Configuration ====
-alternatives --install /usr/bin/java java /usr/java/default/bin/java 180151 \
- --slave /usr/bin/keytool keytool /usr/java/default/bin/keytool             \
- --slave /usr/bin/orbd orbd /usr/java/default/bin/orbd                      \
- --slave /usr/bin/pack200 pack200 /usr/java/default/bin/pack200             \
- --slave /usr/bin/rmid rmid /usr/java/default/bin/rmid                      \
- --slave /usr/bin/rmiregistry rmiregistry /usr/java/default/bin/rmiregistry \
- --slave /usr/bin/servertool servertool /usr/java/default/bin/servertool    \
- --slave /usr/bin/tnameserv tnameserv /usr/java/default/bin/tnameserv       \
- --slave /usr/bin/unpack200 unpack200 /usr/java/default/bin/unpack200       \
- --slave /usr/lib/jvm/jre jre /usr/java/default
-alternatives --config java
-# select /usr/java/default/bin/java
-</sxh>
-===== Tomcat =====
-Tomcat 9.0.6 installation bash commands:
-<sxh bash>
-# A | installation
-cd ~
-mkdir development
-cd development
-wget https://archive.apache.org/dist/tomcat/tomcat-9/v9.0.6/bin/apache-tomcat-9.0.6.tar.gz
-# install tomcat to the /opt/tomcat directory
-mkdir /opt/apache-tomcat-9.0.6
-tar xvf apache-tomcat-9*tar.gz -C /opt/apache-tomcat-9.0.6 --strip-components=1
-# symlink /opt/tomcat to /opt/apache-tomcat-9.0.6
-ln -s /opt/apache-tomcat-9.0.6 /opt/tomcat
-# B | create tomcat user :: should be run as an unprivileged user
-# 1. create a new tomcat group
-groupadd tomcat
-# 2. create a tomcat user ::
-# member of the tomcat group, home directory of /opt/tomcat (install), shell of /bin/false (nobody login)
-useradd -M -s /sbin/nologin -g tomcat -d /opt/tomcat tomcat
-# C | update permissions :: proper access to the tomcat installation
-cd /opt/tomcat
-# tomcat group ownership over the entire installation directory
-chgrp -R tomcat /opt/tomcat
-# tomcat group read access to the conf directory, and execute access to the directory
-chmod -R g+r conf
-chmod g+x conf
-# make the tomcat user the owner of the directories
-chown -R tomcat webapps/ work/ temp/ logs/
-chown -R tomcat /opt/tomcat
-chown -R tomcat /opt/apache-tomcat-9.0.6
-# D | install systemd unit file
-# create and open unit file service
-vi /usr/lib/systemd/system/tomcat9.service
-</sxh>
-File contents:
-<sxh bash>
-[Unit]
-Description=Apache Tomcat 9.0.x Servlet Container
-After=syslog.target network.target
-[Service]
-User=tomcat
-Group=tomcat
-Type=forking
-#Environment=JAVA_HOME=/usr/java/default
-Environment=JAVA_HOME=/usr/lib/jvm/jre
-Environment=CATALINA_PID=/opt/tomcat/tomcat.pid
-Environment=CATALINA_HOME=/opt/tomcat
-Environment=CATALINA_BASE=/opt/tomcat
-ExecStart=/opt/tomcat/bin/tomcat-startup.sh
-ExecStop=/opt/tomcat/bin/tomcat-shutdown.sh
-[Install]
-WantedBy=multi-user.target
-</sxh>
-Prepare config files
-<codedoc code:bash>
-vi /opt/tomcat/bin/tomcat-startup.sh
-</codedoc>
-<sxh bash>
-#!/bin/bash -x
-cd $CATALINA_BASE
-./bin/startup.sh
-</sxh>
-<codedoc code:bash>
-vi /opt/tomcat/bin/tomcat-shutdown.sh
-</codedoc>
-<sxh bash>
-#!/bin/bash -x
-cd $CATALINA_BASE
-./bin/shutdown.sh
-</sxh>
-The Dcom.sun.management lines are just voluntarily, in case you want monitor Tomcat
-<codedoc code:bash>
-vi /opt/tomcat/bin/setenv.sh
-</codedoc>
-<sxh bash>
-CATALINA_OPTS="-server \
- -Dcom.sun.management.jmxremote.port=8086 \
- -Dcom.sun.management.jmxremote.ssl=false \
- -Dcom.sun.management.jmxremote.authenticate=false \
- -Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true \
- -Xms2g -Xmx2g \
- -XX:+UseG1GC \
- -XX:+UseStringDeduplication \
- -XX:MaxGCPauseMillis=100 \
- "
-</sxh>
-<codedoc code:bash>
-cd /opt/tomcat/bin
-chmod +x *.sh
-#
-vi /opt/tomcat/conf/catalina.properties
-</codedoc>
-<sxh bash>
-common.loader="${catalina.base}/lib","${catalina.base}/lib/*.jar","${catalina.home}/lib","${catalina.home}/lib/*.jar","${catalina.home}/conf"
-# ...
-tomcat.util.scan.StandardJarScanFilter.jarsToSkip=*.jar
-tomcat.util.scan.StandardJarScanFilter.jarsToScan=jstl-*.jar,spring-webmvc-*.jar,web_platform-*.jar
-</sxh>
-reload Systemd to load the tomcat9 unit file
-<codedoc code:bash>
-systemctl daemon-reload
-systemctl enable tomcat9.service
-</codedoc>
-Start tomcat9 service. This is only to check, if everything goes well
-<codedoc code:bash>
-systemctl start tomcat9.service
-systemctl -l status tomcat9.service
-</codedoc>
-Delete all default webapps
-<codedoc code:bash>
-systemctl stop tomcat9.service
-cd /opt/tomcat/webapps
-rm -rf *
-</codedoc>
-Optional:
-  * change the port of tomcat webserver in case of conflicts
-  * search for <Connector port="8080" ...
-# NOT used in this release
-<codedoc code:bash>
-vi /opt/tomcat/conf/server.xml
-    <!-- ADUCID AJP options -->
-    <Connector port="8009" protocol="AJP/1.3" enableLookups="false"
-      acceptCount="300" redirectPort="8443"
-      keepAliveTimeout="7000" connectionTimeout="10000" URIEncoding="UTF-8" />
-</codedoc>
-===== Apache =====
-==== Software Installation ====
-CodeIT Apache 2.4 and related modules
-Download CodeIT Apache 2.4.25 (NOT NEWER) RPMs from %%https://repo.codeit.guru/packages/centos/7/x86_64/%%. Put them into selected directory (/root/apache/CodeIT) and from it yum localinstall one module after another, to prevent installation from external repositories.
-Except for modules libnghttp2 and apr-util. They will be downloaded from the epel-release repository.
-<codedoc code:bash>
-cd ~
-mkdir -p apache/CodeIT
-cd apache/CodeIT
-wget ~~codedoc:clean:https:~~//repo.codeit.guru/packages/centos/7/x86_64/apr-1.5.2-1.el7.codeit.x86_64.rpm
-wget ~~codedoc:clean:https:~~//repo.codeit.guru/packages/centos/7/x86_64/httpd-2.4.25-3.el7.codeit.x86_64.rpm
-wget ~~codedoc:clean:https:~~//repo.codeit.guru/packages/centos/7/x86_64/httpd-filesystem-2.4.25-3.el7.codeit.noarch.rpm
-wget ~~codedoc:clean:https:~~//repo.codeit.guru/packages/centos/7/x86_64/httpd-tools-2.4.25-3.el7.codeit.x86_64.rpm
-wget ~~codedoc:clean:https:~~//repo.codeit.guru/packages/centos/7/x86_64/mod_ssl-2.4.25-3.el7.codeit.x86_64.rpm
-yum -y localinstall apr-1.5.2-1.el7.codeit.x86_64.rpm
-yum -y localinstall httpd-filesystem-2.4.25-3.el7.codeit.noarch.rpm
-yum -y localinstall httpd-tools-2.4.25-3.el7.codeit.x86_64.rpm
-yum -y localinstall httpd-2.4.25-3.el7.codeit.x86_64.rpm
-yum -y localinstall mod_ssl-2.4.25-3.el7.codeit.x86_64.rpm
-rpm -qa | grep codeit
-# you should see this:
-httpd-tools-2.4.25-3.el7.codeit.x86_64
-apr-1.5.2-1.el7.codeit.x86_64
-mod_ssl-2.4.25-3.el7.codeit.x86_64
-httpd-filesystem-2.4.25-3.el7.codeit.noarch
-httpd-2.4.25-3.el7.codeit.x86_64
-rpm -qa | grep http2
-# you should see this:
-libnghttp2-1.31.1-1.el7.x86_64
-</codedoc>
-==== System variables setting ====
-<codedoc code:bash>
-vi /usr/lib/systemd/system/httpd.service
-</codedoc>
-Modify file commenting out the Environment line and add the next one:
-<sxh bash; highlight: [7,8]>
-[Unit]
-Description=The Apache HTTP Server
-After=network.target remote-fs.target nss-lookup.target
-[Service]
-Type=notify
-#Environment=LANG=C
-EnvironmentFile=/etc/sysconfig/httpd
-ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
-ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
-# Send SIGWINCH for graceful stop
-KillSignal=SIGWINCH
-KillMode=mixed
-PrivateTmp=true
-[Install]
-WantedBy=multi-user.target
-</sxh>
-<codedoc code:bash>
-vi /etc/sysconfig/httpd
-</codedoc>
-<sxh bash>
-# Add these lines ...
-LANG=C
-OPENAAA_PROTOCOL="aaa"
-OPENAAA_HANDLER="/usr/local/bin/aducid"
-OPENAAA_AUTHORITY="your.server.dnsname"
-</sxh>
-==== Config files settings ====
-They are in /etc/httpd.
-<codedoc code:bash>
-vi /etc/httpd/conf/httpd.conf
-</codedoc>
-<sxh bash; highlight: [4,9,20,21,22,23]>
-### Keep the Include conf.modules.d/*.conf setting in the file,
-### but append one line in front of it, so the result will be:
-# ...
-Loadfile "/usr/lib64/libssl.so.10"
-Include conf.modules.d/*.conf
-# ...
-### Fill in your DNS server name
-ServerName your.server.dnsname:80
-### Choose desired log level
-LogLevel info
-# Supplemental configuration is commented out
-#
-# Load config files in the "/etc/httpd/conf.d" directory, if any.
-#IncludeOptional conf.d/*.conf
-# Place these three lines at the end of file
-EnableTrace Off
-Include /opt/aaa/conf/aducid-aaa.conf
-Include /opt/aaa/conf/aducid-aim.conf
-Include /opt/aaa/conf/aducid-error-pages.conf
-</sxh>
-Modules from directory conf.d are **NOT USED**.
-Modules from directory conf.modules.d: some were left intact, some put away, some changed.
-<codedoc code:bash>
-cd /etc/httpd/conf.modules.d/
-mv 00-optional.conf 00-optional.conf.xxx
-mv 00-lua.conf 00-lua.conf.xxx
-mv 00-dav.conf 00-dav.conf.xxx
-</codedoc>
-<codedoc code:bash>
-vi 00-mpm.conf
-</codedoc>
-<sxh bash>
-LoadModule mpm_prefork_module modules/mod_mpm_prefork.so
-</sxh>
-<codedoc code:bash>
-vi 00-proxy.conf
-</codedoc>
-<sxh bash>
-# This file configures all the proxy modules:
-LoadModule proxy_module modules/mod_proxy.so
-#LoadModule lbmethod_bybusyness_module modules/mod_lbmethod_bybusyness.so
-#LoadModule lbmethod_byrequests_module modules/mod_lbmethod_byrequests.so
-#LoadModule lbmethod_bytraffic_module modules/mod_lbmethod_bytraffic.so
-#LoadModule lbmethod_heartbeat_module modules/mod_lbmethod_heartbeat.so
-LoadModule proxy_ajp_module modules/mod_proxy_ajp.so
-#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
-#LoadModule proxy_connect_module modules/mod_proxy_connect.so
-#LoadModule proxy_express_module modules/mod_proxy_express.so
-#LoadModule proxy_fcgi_module modules/mod_proxy_fcgi.so
-#LoadModule proxy_fdpass_module modules/mod_proxy_fdpass.so
-#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
-LoadModule proxy_http_module modules/mod_proxy_http.so
-#LoadModule proxy_hcheck_module modules/mod_proxy_hcheck.so
-#LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
-#LoadModule proxy_wstunnel_module modules/mod_proxy_wstunnel.so
-</sxh>
-<codedoc code:bash>
-vi 00-base.conf
-</codedoc>
-<sxh bash; highlight: [9]>
-#
-# This file loads most of the modules included with the Apache HTTP
-# Server itself.
-#
-# This module is substantional
-# as it communicates with other ADUCID non-Apache components
-LoadModule authnz_ssl_module /usr/lib64/openaaa/modules/mod_authnz_ssl.so
-# other modules as you like/need
-LoadModule access_compat_module modules/mod_access_compat.so
-#LoadModule actions_module modules/mod_actions.so
-LoadModule alias_module modules/mod_alias.so
-#LoadModule allowmethods_module modules/mod_allowmethods.so
-#LoadModule auth_basic_module modules/mod_auth_basic.so
-#LoadModule auth_digest_module modules/mod_auth_digest.so
-#LoadModule authn_anon_module modules/mod_authn_anon.so
-LoadModule authn_core_module modules/mod_authn_core.so
-#LoadModule authn_dbd_module modules/mod_authn_dbd.so
-#LoadModule authn_dbm_module modules/mod_authn_dbm.so
-#LoadModule authn_file_module modules/mod_authn_file.so
-LoadModule authn_socache_module modules/mod_authn_socache.so
-LoadModule authz_core_module modules/mod_authz_core.so
-#LoadModule authz_dbd_module modules/mod_authz_dbd.so
-#LoadModule authz_dbm_module modules/mod_authz_dbm.so
-LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
-LoadModule authz_host_module modules/mod_authz_host.so
-#LoadModule authz_owner_module modules/mod_authz_owner.so
-LoadModule authz_user_module modules/mod_authz_user.so
-LoadModule autoindex_module modules/mod_autoindex.so
-LoadModule cache_module modules/mod_cache.so
-#LoadModule cache_disk_module modules/mod_cache_disk.so
-LoadModule cache_socache_module modules/mod_cache_socache.so
-LoadModule data_module modules/mod_data.so
-#LoadModule dbd_module modules/mod_dbd.so
-#LoadModule deflate_module modules/mod_deflate.so
-LoadModule dir_module modules/mod_dir.so
-#LoadModule dumpio_module modules/mod_dumpio.so
-#LoadModule echo_module modules/mod_echo.so
-LoadModule env_module modules/mod_env.so
-#LoadModule expires_module modules/mod_expires.so
-#LoadModule ext_filter_module modules/mod_ext_filter.so
-LoadModule filter_module modules/mod_filter.so
-LoadModule headers_module modules/mod_headers.so
-LoadModule http2_module modules/mod_http2.so
-LoadModule include_module modules/mod_include.so
-LoadModule info_module modules/mod_info.so
-LoadModule log_config_module modules/mod_log_config.so
-LoadModule logio_module modules/mod_logio.so
-#LoadModule macro_module modules/mod_macro.so
-#LoadModule mime_magic_module modules/mod_mime_magic.so
-LoadModule mime_module modules/mod_mime.so
-LoadModule negotiation_module modules/mod_negotiation.so
-#LoadModule remoteip_module modules/mod_remoteip.so
-LoadModule reqtimeout_module modules/mod_reqtimeout.so
-LoadModule request_module modules/mod_request.so
-LoadModule rewrite_module modules/mod_rewrite.so
-LoadModule setenvif_module modules/mod_setenvif.so
-#LoadModule slotmem_plain_module modules/mod_slotmem_plain.so
-#LoadModule slotmem_shm_module modules/mod_slotmem_shm.so
-#LoadModule socache_dbm_module modules/mod_socache_dbm.so
-LoadModule socache_memcache_module modules/mod_socache_memcache.so
-LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
-LoadModule status_module modules/mod_status.so
-LoadModule substitute_module modules/mod_substitute.so
-#LoadModule suexec_module modules/mod_suexec.so
-#LoadModule unique_id_module modules/mod_unique_id.so
-LoadModule unixd_module modules/mod_unixd.so
-#LoadModule userdir_module modules/mod_userdir.so
-LoadModule version_module modules/mod_version.so
-#LoadModule vhost_alias_module modules/mod_vhost_alias.so
-#LoadModule watchdog_module modules/mod_watchdog.so
-</sxh>
-==== Further steps ====
-**Prepare SSL certificates**
-Certificates for SSL communication (like other parameters of SSL/TLS communication) need to be set in the file /opt/aaa/conf/aducid-aaa.conf, that will be installed during ADUCID software install phase. At this point, just make sure, that you have these certificates ready.
-Example files:
-<sxh bash>
-SSLCertificateFile      /opt/aaa/certs/wild.aducid.com.crt
-SSLCertificateKeyFile   /opt/aaa/certs/wild.aducid.com.key
-SSLCertificateChainFile /opt/aaa/certs/Thawte.CA.Intermediate.SHA256.crt
-SSLCACertificateFile    /opt/aaa/certs/Thawte.CA.Primary.Root.G3.crt
-</sxh>
-**Enable on system startup**
-<codedoc code:bash>
-systemctl daemon-reload
-systemctl enable httpd.service
-</codedoc>

ADUCID 4.x

User Tools

Site Tools

Differences

Page Tools