This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
documentation:server-install-components [2018/11/28 21:07] mpospisek [DB configuration] |
— (current) | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Software Components ====== | ||
- | ===== PostgreSQL ===== | ||
- | |||
- | ==== Software Installation ==== | ||
- | |||
- | Configure repository: On CentOS: / | ||
- | <sxh bash> | ||
- | exclude=postgresql* | ||
- | </ | ||
- | |||
- | <codedoc code: | ||
- | yum install ~~codedoc: | ||
- | |||
- | yum install postgresql96 postgresql96-server postgresql96-devel postgresql-jdbc | ||
- | # | ||
- | / | ||
- | systemctl enable postgresql-9.6.service | ||
- | systemctl start postgresql-9.6.service | ||
- | </ | ||
- | |||
- | ==== DB configuration ==== | ||
- | Roles after installation | ||
- | <codedoc code: | ||
- | su - postgres | ||
- | createuser -l -s root | ||
- | vi / | ||
- | </ | ||
- | |||
- | <sxh bash> | ||
- | # IPv4 local connections: | ||
- | host all | ||
- | host all | ||
- | </ | ||
- | |||
- | <codedoc code: | ||
- | logout | ||
- | </ | ||
- | |||
- | |||
- | ===== Java ===== | ||
- | ==== Software Installation ==== | ||
- | |||
- | Java 1.8.0_151 | ||
- | GET JAVA 1.8.0_151 JRE RPM from Oracle at \\ | ||
- | http:// | ||
- | or \\ | ||
- | http:// | ||
- | |||
- | Newer versions of 1.8 will probably work, too. | ||
- | |||
- | <sxh bash> | ||
- | yum localinstall jre-8u151-linux-x64.rpm | ||
- | |||
- | ==== Software Configuration ==== | ||
- | |||
- | alternatives --install / | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | |||
- | alternatives --config java | ||
- | # select / | ||
- | </ | ||
- | |||
- | ===== Tomcat ===== | ||
- | |||
- | Tomcat 9.0.6 installation bash commands: | ||
- | <sxh bash> | ||
- | # A | installation | ||
- | cd ~ | ||
- | mkdir development | ||
- | cd development | ||
- | wget https:// | ||
- | |||
- | # install tomcat to the /opt/tomcat directory | ||
- | mkdir / | ||
- | codedoc: | ||
- | # symlink /opt/tomcat to / | ||
- | ln -s / | ||
- | |||
- | # B | create tomcat user :: should be run as an unprivileged user | ||
- | # 1. create a new tomcat group | ||
- | groupadd tomcat | ||
- | |||
- | # 2. create a tomcat user :: | ||
- | # member of the tomcat group, home directory of /opt/tomcat (install), shell of /bin/false (nobody login) | ||
- | useradd -M -s / | ||
- | |||
- | # C | update permissions :: proper access to the tomcat installation | ||
- | cd /opt/tomcat | ||
- | |||
- | # tomcat group ownership over the entire installation directory | ||
- | chgrp -R tomcat /opt/tomcat | ||
- | |||
- | # tomcat group read access to the conf directory, and execute access to the directory | ||
- | chmod -R g+r conf | ||
- | chmod g+x conf | ||
- | |||
- | # make the tomcat user the owner of the directories | ||
- | chown -R tomcat webapps/ work/ temp/ logs/ | ||
- | chown -R tomcat /opt/tomcat | ||
- | chown -R tomcat / | ||
- | |||
- | # D | install systemd unit file | ||
- | # create and open unit file service | ||
- | vi / | ||
- | </ | ||
- | File contents: | ||
- | <sxh bash> | ||
- | [Unit] | ||
- | Description=Apache Tomcat 9.0.x Servlet Container | ||
- | After=syslog.target network.target | ||
- | |||
- | [Service] | ||
- | User=tomcat | ||
- | Group=tomcat | ||
- | Type=forking | ||
- | Environment=JAVA_HOME=/ | ||
- | Environment=CATALINA_PID=/ | ||
- | Environment=CATALINA_HOME=/ | ||
- | Environment=CATALINA_BASE=/ | ||
- | ExecStart=/ | ||
- | ExecStop=/ | ||
- | |||
- | [Install] | ||
- | WantedBy=multi-user.target | ||
- | </ | ||
- | |||
- | Prepare config files | ||
- | <codedoc code: | ||
- | vi / | ||
- | </ | ||
- | |||
- | <sxh bash> | ||
- | #!/bin/bash -x | ||
- | cd $CATALINA_BASE | ||
- | ./ | ||
- | </ | ||
- | |||
- | <codedoc code: | ||
- | vi / | ||
- | </ | ||
- | |||
- | <sxh bash> | ||
- | #!/bin/bash -x | ||
- | cd $CATALINA_BASE | ||
- | ./ | ||
- | </ | ||
- | |||
- | The Dcom.sun.management lines are just voluntarily, | ||
- | <codedoc code: | ||
- | vi / | ||
- | </ | ||
- | |||
- | <sxh bash> | ||
- | CATALINA_OPTS=" | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | | ||
- | " | ||
- | </ | ||
- | |||
- | <codedoc code: | ||
- | cd / | ||
- | chmod +x *.sh | ||
- | # | ||
- | vi / | ||
- | </ | ||
- | |||
- | <sxh bash> | ||
- | common.loader=" | ||
- | # ... | ||
- | tomcat.util.scan.StandardJarScanFilter.jarsToSkip=*.jar | ||
- | tomcat.util.scan.StandardJarScanFilter.jarsToScan=jstl-*.jar, | ||
- | </ | ||
- | |||
- | reload Systemd to load the tomcat9 unit file | ||
- | |||
- | <codedoc code: | ||
- | systemctl daemon-reload | ||
- | systemctl enable tomcat9.service | ||
- | </ | ||
- | Start tomcat9 service. This is only to check, if everything goes well | ||
- | <codedoc code: | ||
- | systemctl start tomcat9.service | ||
- | systemctl -l status tomcat9.service | ||
- | </ | ||
- | Delete all default webapps | ||
- | <codedoc code: | ||
- | systemctl stop tomcat9.service | ||
- | cd / | ||
- | rm -rf * | ||
- | </ | ||
- | |||
- | Optional: | ||
- | * change the port of tomcat webserver in case of conflicts | ||
- | * search for < | ||
- | |||
- | # NOT used in this release | ||
- | <codedoc code: | ||
- | vi / | ||
- | |||
- | <!-- ADUCID AJP options --> | ||
- | < | ||
- | acceptCount=" | ||
- | keepAliveTimeout=" | ||
- | | ||
- | </ | ||
- | |||
- | ===== Apache ===== | ||
- | ==== Software Installation ==== | ||
- | CodeIT Apache 2.4 and related modules | ||
- | |||
- | Download CodeIT Apache 2.4.25 (NOT NEWER) RPMs from %%https:// | ||
- | |||
- | Except for modules libnghttp2 and apr-util. They will be downloaded from the epel-release repository. | ||
- | |||
- | <codedoc code: | ||
- | cd ~ | ||
- | mkdir -p apache/ | ||
- | cd apache/ | ||
- | |||
- | wget ~~codedoc: | ||
- | wget ~~codedoc: | ||
- | wget ~~codedoc: | ||
- | wget ~~codedoc: | ||
- | wget ~~codedoc: | ||
- | |||
- | yum -y localinstall apr-1.5.2-1.el7.codeit.x86_64.rpm | ||
- | yum -y localinstall httpd-filesystem-2.4.25-3.el7.codeit.noarch.rpm | ||
- | yum -y localinstall httpd-tools-2.4.25-3.el7.codeit.x86_64.rpm | ||
- | yum -y localinstall httpd-2.4.25-3.el7.codeit.x86_64.rpm | ||
- | yum -y localinstall mod_ssl-2.4.25-3.el7.codeit.x86_64.rpm | ||
- | |||
- | rpm -qa | grep codeit | ||
- | # you should see this: | ||
- | httpd-tools-2.4.25-3.el7.codeit.x86_64 | ||
- | apr-1.5.2-1.el7.codeit.x86_64 | ||
- | mod_ssl-2.4.25-3.el7.codeit.x86_64 | ||
- | httpd-filesystem-2.4.25-3.el7.codeit.noarch | ||
- | httpd-2.4.25-3.el7.codeit.x86_64 | ||
- | |||
- | rpm -qa | grep http2 | ||
- | # you should see this: | ||
- | libnghttp2-1.31.1-1.el7.x86_64 | ||
- | </ | ||
- | |||
- | ==== System variables setting ==== | ||
- | |||
- | <codedoc code: | ||
- | vi / | ||
- | </ | ||
- | |||
- | Modify file commenting out the Environment line and add the next one: | ||
- | <sxh bash; highlight: [7, | ||
- | [Unit] | ||
- | Description=The Apache HTTP Server | ||
- | After=network.target remote-fs.target nss-lookup.target | ||
- | |||
- | [Service] | ||
- | Type=notify | ||
- | # | ||
- | EnvironmentFile=/ | ||
- | |||
- | ExecStart=/ | ||
- | ExecReload=/ | ||
- | # Send SIGWINCH for graceful stop | ||
- | KillSignal=SIGWINCH | ||
- | KillMode=mixed | ||
- | PrivateTmp=true | ||
- | |||
- | [Install] | ||
- | WantedBy=multi-user.target | ||
- | </ | ||
- | | ||
- | <codedoc code: | ||
- | vi / | ||
- | </ | ||
- | |||
- | <sxh bash> | ||
- | # Add these lines ... | ||
- | LANG=C | ||
- | OPENAAA_PROTOCOL=" | ||
- | OPENAAA_HANDLER="/ | ||
- | OPENAAA_AUTHORITY=" | ||
- | </ | ||
- | |||
- | ==== Config files settings ==== | ||
- | |||
- | They are in /etc/httpd. | ||
- | |||
- | <codedoc code: | ||
- | vi / | ||
- | </ | ||
- | |||
- | <sxh bash; highlight: [4, | ||
- | ### Keep the Include conf.modules.d/ | ||
- | ### but append one line in front of it, so the result will be: | ||
- | # ... | ||
- | Loadfile "/ | ||
- | Include conf.modules.d/ | ||
- | # ... | ||
- | |||
- | ### Fill in your DNS server name | ||
- | ServerName your.server.dnsname: | ||
- | |||
- | ### Choose desired log level | ||
- | LogLevel info | ||
- | |||
- | # Supplemental configuration is commented out | ||
- | # | ||
- | # Load config files in the "/ | ||
- | # | ||
- | |||
- | # Place these three lines at the end of file | ||
- | EnableTrace Off | ||
- | Include / | ||
- | Include / | ||
- | Include / | ||
- | </ | ||
- | Modules from directory conf.d are **NOT USED**. | ||
- | |||
- | Modules from directory conf.modules.d: | ||
- | |||
- | <codedoc code: | ||
- | cd / | ||
- | mv 00-optional.conf 00-optional.conf.xxx | ||
- | mv 00-lua.conf 00-lua.conf.xxx | ||
- | mv 00-dav.conf 00-dav.conf.xxx | ||
- | </ | ||
- | |||
- | <codedoc code: | ||
- | vi 00-mpm.conf | ||
- | </ | ||
- | <sxh bash> | ||
- | LoadModule mpm_prefork_module modules/ | ||
- | </ | ||
- | |||
- | <codedoc code: | ||
- | vi 00-proxy.conf | ||
- | </ | ||
- | <sxh bash> | ||
- | # This file configures all the proxy modules: | ||
- | LoadModule proxy_module modules/ | ||
- | #LoadModule lbmethod_bybusyness_module modules/ | ||
- | #LoadModule lbmethod_byrequests_module modules/ | ||
- | #LoadModule lbmethod_bytraffic_module modules/ | ||
- | #LoadModule lbmethod_heartbeat_module modules/ | ||
- | LoadModule proxy_ajp_module modules/ | ||
- | #LoadModule proxy_balancer_module modules/ | ||
- | #LoadModule proxy_connect_module modules/ | ||
- | #LoadModule proxy_express_module modules/ | ||
- | #LoadModule proxy_fcgi_module modules/ | ||
- | #LoadModule proxy_fdpass_module modules/ | ||
- | #LoadModule proxy_ftp_module modules/ | ||
- | LoadModule proxy_http_module modules/ | ||
- | #LoadModule proxy_hcheck_module modules/ | ||
- | #LoadModule proxy_scgi_module modules/ | ||
- | #LoadModule proxy_wstunnel_module modules/ | ||
- | </ | ||
- | |||
- | <codedoc code: | ||
- | vi 00-base.conf | ||
- | </ | ||
- | |||
- | <sxh bash; highlight: [9]> | ||
- | # | ||
- | # This file loads most of the modules included with the Apache HTTP | ||
- | # Server itself. | ||
- | # | ||
- | |||
- | # This module is substantional | ||
- | # as it communicates with other ADUCID non-Apache components | ||
- | |||
- | LoadModule authnz_ssl_module / | ||
- | |||
- | # other modules as you like/need | ||
- | LoadModule access_compat_module modules/ | ||
- | #LoadModule actions_module modules/ | ||
- | LoadModule alias_module modules/ | ||
- | #LoadModule allowmethods_module modules/ | ||
- | #LoadModule auth_basic_module modules/ | ||
- | #LoadModule auth_digest_module modules/ | ||
- | #LoadModule authn_anon_module modules/ | ||
- | LoadModule authn_core_module modules/ | ||
- | #LoadModule authn_dbd_module modules/ | ||
- | #LoadModule authn_dbm_module modules/ | ||
- | #LoadModule authn_file_module modules/ | ||
- | LoadModule authn_socache_module modules/ | ||
- | LoadModule authz_core_module modules/ | ||
- | #LoadModule authz_dbd_module modules/ | ||
- | #LoadModule authz_dbm_module modules/ | ||
- | LoadModule authz_groupfile_module modules/ | ||
- | LoadModule authz_host_module modules/ | ||
- | #LoadModule authz_owner_module modules/ | ||
- | LoadModule authz_user_module modules/ | ||
- | LoadModule autoindex_module modules/ | ||
- | LoadModule cache_module modules/ | ||
- | #LoadModule cache_disk_module modules/ | ||
- | LoadModule cache_socache_module modules/ | ||
- | LoadModule data_module modules/ | ||
- | #LoadModule dbd_module modules/ | ||
- | #LoadModule deflate_module modules/ | ||
- | LoadModule dir_module modules/ | ||
- | #LoadModule dumpio_module modules/ | ||
- | #LoadModule echo_module modules/ | ||
- | LoadModule env_module modules/ | ||
- | #LoadModule expires_module modules/ | ||
- | #LoadModule ext_filter_module modules/ | ||
- | LoadModule filter_module modules/ | ||
- | LoadModule headers_module modules/ | ||
- | LoadModule http2_module modules/ | ||
- | LoadModule include_module modules/ | ||
- | LoadModule info_module modules/ | ||
- | LoadModule log_config_module modules/ | ||
- | LoadModule logio_module modules/ | ||
- | #LoadModule macro_module modules/ | ||
- | #LoadModule mime_magic_module modules/ | ||
- | LoadModule mime_module modules/ | ||
- | LoadModule negotiation_module modules/ | ||
- | #LoadModule remoteip_module modules/ | ||
- | LoadModule reqtimeout_module modules/ | ||
- | LoadModule request_module modules/ | ||
- | LoadModule rewrite_module modules/ | ||
- | LoadModule setenvif_module modules/ | ||
- | #LoadModule slotmem_plain_module modules/ | ||
- | #LoadModule slotmem_shm_module modules/ | ||
- | #LoadModule socache_dbm_module modules/ | ||
- | LoadModule socache_memcache_module modules/ | ||
- | LoadModule socache_shmcb_module modules/ | ||
- | LoadModule status_module modules/ | ||
- | LoadModule substitute_module modules/ | ||
- | #LoadModule suexec_module modules/ | ||
- | #LoadModule unique_id_module modules/ | ||
- | LoadModule unixd_module modules/ | ||
- | #LoadModule userdir_module modules/ | ||
- | LoadModule version_module modules/ | ||
- | #LoadModule vhost_alias_module modules/ | ||
- | #LoadModule watchdog_module modules/ | ||
- | </ | ||
- | |||
- | ==== Further steps ==== | ||
- | **Prepare SSL certificates** | ||
- | |||
- | Certificates for SSL communication (like other parameters of SSL/TLS communication) need to be set in the file / | ||
- | |||
- | Example files: | ||
- | |||
- | <sxh bash> | ||
- | SSLCertificateFile | ||
- | SSLCertificateKeyFile | ||
- | SSLCertificateChainFile / | ||
- | SSLCACertificateFile | ||
- | </ | ||
- | |||
- | **Enable on system startup** | ||
- | <codedoc code: | ||
- | systemctl daemon-reload | ||
- | systemctl enable httpd.service | ||
- | </ |