This is an old revision of the document!

Software Components

Software Installation

Configure repository: On CentOS: /etc/yum.repos.d/CentOS-Base.repo, [base] and [updates] sections


yum install 
yum install postgresql96 postgresql96-server postgresql96-devel postgresql-jdbc
/usr/pgsql-9.6/bin/postgresql96-setup initdb
systemctl enable postgresql-9.6.service
systemctl start postgresql-9.6.service

DB configuration

Roles after installation

su - postgres
createuser -l -s root
vi /var/lib/pgsql/9.6/data/pg_hba.conf

# IPv4 local connections:
host    all             all                 md5
host    all             all               trust


Software Installation

Experimentally you can omit this part

Oracle distribution policy has changed

Java 1.8.0_151

GET JAVA 1.8.0_151 JRE RPM from Oracle at

Newer versions of 1.8 will probably work, too.

yum localinstall jre-8u151-linux-x64.rpm

==== Software Configuration ====
alternatives --install /usr/bin/java java /usr/java/default/bin/java 180151 \
 --slave /usr/bin/keytool keytool /usr/java/default/bin/keytool             \
 --slave /usr/bin/orbd orbd /usr/java/default/bin/orbd                      \
 --slave /usr/bin/pack200 pack200 /usr/java/default/bin/pack200             \
 --slave /usr/bin/rmid rmid /usr/java/default/bin/rmid                      \
 --slave /usr/bin/rmiregistry rmiregistry /usr/java/default/bin/rmiregistry \
 --slave /usr/bin/servertool servertool /usr/java/default/bin/servertool    \
 --slave /usr/bin/tnameserv tnameserv /usr/java/default/bin/tnameserv       \
 --slave /usr/bin/unpack200 unpack200 /usr/java/default/bin/unpack200       \
 --slave /usr/lib/jvm/jre jre /usr/java/default
alternatives --config java
# select /usr/java/default/bin/java

Tomcat 9.0.6 installation bash commands:

# A | installation
cd ~
mkdir development
cd development

# install tomcat to the /opt/tomcat directory
mkdir /opt/apache-tomcat-9.0.6
tar xvf apache-tomcat-9*tar.gz -C /opt/apache-tomcat-9.0.6 --strip-components=1
# symlink /opt/tomcat to /opt/apache-tomcat-9.0.6
ln -s /opt/apache-tomcat-9.0.6 /opt/tomcat
# B | create tomcat user :: should be run as an unprivileged user
# 1. create a new tomcat group
groupadd tomcat
# 2. create a tomcat user ::
# member of the tomcat group, home directory of /opt/tomcat (install), shell of /bin/false (nobody login)
useradd -M -s /sbin/nologin -g tomcat -d /opt/tomcat tomcat
# C | update permissions :: proper access to the tomcat installation
cd /opt/tomcat
# tomcat group ownership over the entire installation directory
chgrp -R tomcat /opt/tomcat
# tomcat group read access to the conf directory, and execute access to the directory
chmod -R g+r conf
chmod g+x conf
# make the tomcat user the owner of the directories
chown -R tomcat webapps/ work/ temp/ logs/
chown -R tomcat /opt/tomcat
chown -R tomcat /opt/apache-tomcat-9.0.6
# D | install systemd unit file
# create and open unit file service
#vi /usr/lib/systemd/system/tomcat9.service
echo \
Description=Apache Tomcat 9.0.x Servlet Container
[Install]" >/usr/lib/systemd/system/tomcat9.service

# Prepare config files
# /opt/tomcat/bin/
echo \
"#!/bin/bash -x
./bin/" >/opt/tomcat/bin/
# /opt/tomcat/bin/
echo \
"#!/bin/bash -x
./bin/" >/opt/tomcat/bin/
# /opt/tomcat/bin/
# The lines are just voluntarily, in case you want monitor Tomcat
echo \
"CATALINA_OPTS="-server \ \ \ \ -Djava.awt.headless=true \
 -Xms2g -Xmx2g \
 -XX:+UseG1GC \
 -XX:+UseStringDeduplication \
 -XX:MaxGCPauseMillis=100 \
 " >/opt/tomcat/bin/

# make the scripts executable
chmod +x /opt/tomcat/bin/*.sh

Add ${catalina.home}/conf to the common.loader values in the file

vi /opt/tomcat/conf/

# ... 

reload Systemd to load the tomcat9 unit file

systemctl daemon-reload
systemctl enable tomcat9.service

Start tomcat9 service. This is only to check, if everything goes well

systemctl start tomcat9.service
systemctl -l status tomcat9.service

Delete all default webapps

systemctl stop tomcat9.service
cd /opt/tomcat/webapps
rm -rf *


  • change the port of tomcat webserver in case of conflicts
  • search for <Connector port=“8080” …

# NOT used in this release

vi /opt/tomcat/conf/server.xml
    <!– ADUCID AJP options –>
    <Connector port=“8009protocol=“AJP/1.3enableLookups=“falseacceptCount=“300redirectPort=“8443keepAliveTimeout=“7000connectionTimeout=“10000URIEncoding=“UTF-8/>

Software Installation

CodeIT Apache 2.4 and related modules

Download CodeIT Apache 2.4.25 (NOT NEWER) RPMs from Put them into selected directory (/root/apache/CodeIT) and from it yum localinstall one module after another, to prevent installation from external repositories.

Except for modules libnghttp2 and apr-util. They will be downloaded from the epel-release repository.

cd ~
mkdir -p apache/CodeIT
cd apache/CodeIT
yum -y localinstall apr-1.5.2-1.el7.codeit.x86_64.rpm
yum -y localinstall httpd-filesystem-2.4.25-3.el7.codeit.noarch.rpm
yum -y localinstall httpd-tools-2.4.25-3.el7.codeit.x86_64.rpm
yum -y localinstall httpd-2.4.25-3.el7.codeit.x86_64.rpm
yum -y localinstall mod_ssl-2.4.25-3.el7.codeit.x86_64.rpm
rpm -qa | grep codeit
# you should see this:
rpm -qa | grep http2
# you should see this:

System variables setting

vi /usr/lib/systemd/system/httpd.service

Modify file commenting out the Environment line and add the next one:

Description=The Apache HTTP Server


ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND
ExecReload=/usr/sbin/httpd $OPTIONS -k graceful
# Send SIGWINCH for graceful stop


Modify /etc/sysconfig/httpd

echo 'LANG=C' >>/etc/sysconfig/httpd
echo 'OPENAAA_PROTOCOL="aaa"' >>/etc/sysconfig/httpd
echo 'OPENAAA_HANDLER="/usr/local/bin/aducid"' >>/etc/sysconfig/httpd
echo OPENAAA_AUTHORITY=\"`hostname`\" >>/etc/sysconfig/httpd
tail -3 /etc/sysconfig/httpd 

Config files settings

They are in /etc/httpd.

vi /etc/httpd/conf/httpd.conf

### Keep the Include conf.modules.d/*.conf setting in the file,
### but append one line in front of it, so the result will be:
# ...
Loadfile "/usr/lib64/"
Include conf.modules.d/*.conf
# ...
### Fill in your DNS server name
ServerName your.server.dnsname:80
### Choose desired log level   
LogLevel info

# Supplemental configuration is commented out
# Load config files in the "/etc/httpd/conf.d" directory, if any.
#IncludeOptional conf.d/*.conf

# Place these three lines at the end of file
TraceEnable Off
Include /opt/aaa/conf/aducid-aaa.conf
Include /opt/aaa/conf/aducid-aim.conf
Include /opt/aaa/conf/aducid-error-pages.conf
Modules from directory conf.d are NOT USED.

Modules from directory conf.modules.d: some were left intact, some put away, some changed.

cd /etc/httpd/conf.modules.d/
mv 00-optional.conf
mv 00-lua.conf
mv 00-dav.conf

cat 00-mpm.conf | grep prefork
LoadModule mpm_prefork_module modules/

echo \
"# This file configures all the proxy modules:
LoadModule proxy_module modules/
#LoadModule lbmethod_bybusyness_module modules/
#LoadModule lbmethod_byrequests_module modules/
#LoadModule lbmethod_bytraffic_module modules/
#LoadModule lbmethod_heartbeat_module modules/
LoadModule proxy_ajp_module modules/
#LoadModule proxy_balancer_module modules/
#LoadModule proxy_connect_module modules/
#LoadModule proxy_express_module modules/
#LoadModule proxy_fcgi_module modules/
#LoadModule proxy_fdpass_module modules/
#LoadModule proxy_ftp_module modules/
LoadModule proxy_http_module modules/
#LoadModule proxy_hcheck_module modules/
#LoadModule proxy_scgi_module modules/
#LoadModule proxy_wstunnel_module modules/" > 00-proxy.conf 

vi 00-base.conf

echo \
# This file loads most of the modules included with the Apache HTTP
# Server itself.
# This module is substantional
# as it communicates with other ADUCID non-Apache components
LoadModule authnz_ssl_module /usr/lib64/openaaa/modules/
# other modules as you like/need
LoadModule access_compat_module modules/
#LoadModule actions_module modules/
LoadModule alias_module modules/
#LoadModule allowmethods_module modules/
#LoadModule auth_basic_module modules/
#LoadModule auth_digest_module modules/
#LoadModule authn_anon_module modules/
LoadModule authn_core_module modules/
#LoadModule authn_dbd_module modules/
#LoadModule authn_dbm_module modules/
#LoadModule authn_file_module modules/
LoadModule authn_socache_module modules/
LoadModule authz_core_module modules/
#LoadModule authz_dbd_module modules/
#LoadModule authz_dbm_module modules/
LoadModule authz_groupfile_module modules/
LoadModule authz_host_module modules/
#LoadModule authz_owner_module modules/
LoadModule authz_user_module modules/
LoadModule autoindex_module modules/
LoadModule cache_module modules/
#LoadModule cache_disk_module modules/
LoadModule cache_socache_module modules/
LoadModule data_module modules/
#LoadModule dbd_module modules/
#LoadModule deflate_module modules/
LoadModule dir_module modules/
#LoadModule dumpio_module modules/
#LoadModule echo_module modules/
LoadModule env_module modules/
#LoadModule expires_module modules/
#LoadModule ext_filter_module modules/
LoadModule filter_module modules/
LoadModule headers_module modules/
LoadModule http2_module modules/
LoadModule include_module modules/
LoadModule info_module modules/
LoadModule log_config_module modules/
LoadModule logio_module modules/
#LoadModule macro_module modules/
#LoadModule mime_magic_module modules/
LoadModule mime_module modules/
LoadModule negotiation_module modules/
#LoadModule remoteip_module modules/
LoadModule reqtimeout_module modules/
LoadModule request_module modules/
LoadModule rewrite_module modules/
LoadModule setenvif_module modules/
#LoadModule slotmem_plain_module modules/
#LoadModule slotmem_shm_module modules/
#LoadModule socache_dbm_module modules/
LoadModule socache_memcache_module modules/
LoadModule socache_shmcb_module modules/
LoadModule status_module modules/
LoadModule substitute_module modules/
#LoadModule suexec_module modules/
#LoadModule unique_id_module modules/
LoadModule unixd_module modules/
#LoadModule userdir_module modules/
LoadModule version_module modules/
#LoadModule vhost_alias_module modules/
#LoadModule watchdog_module modules/" > 00-base.conf

Further steps

Prepare SSL certificates

Certificates for SSL communication (like other parameters of SSL/TLS communication) need to be set in the file /opt/aaa/conf/aducid-aaa.conf, that will be installed during ADUCID software install phase. At this point, just make sure, that you have these certificates ready.

Example files:

SSLCertificateFile      /opt/aaa/certs/
SSLCertificateKeyFile   /opt/aaa/certs/
SSLCertificateChainFile /opt/aaa/certs/Thawte.CA.Intermediate.SHA256.crt
SSLCACertificateFile    /opt/aaa/certs/Thawte.CA.Primary.Root.G3.crt

Enable on system startup

systemctl daemon-reload
systemctl enable httpd.service
  • documentation/server-install-components.1548575971.txt.gz
  • Last modified: 2019/01/27 07:59
  • by mpospisek