Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
710:install [2024/03/08 10:30] – [Change password of "root" user] Weinlein, Thomas710:install [2024/10/29 10:11] (current) Suess, Bernhard
Line 39: Line 39:
 <code> <code>
 create database stages; create database stages;
-create user 'stages' identified by 'pass'; +create user 'stages'@'localhost' identified by 'pass'; 
-grant all privileges on *.* to 'stages'@'%';+grant all privileges on *.* to 'stages'@'localhost';
 flush privileges; flush privileges;
 exit; exit;
Line 176: Line 176:
   * Start MySQL cli: mysql -uroot -p<root-pass>   * Start MySQL cli: mysql -uroot -p<root-pass>
   * Execute the following commands:   * Execute the following commands:
-<code> 
  
 +<code ->
 create database stages; create database stages;
 create user 'stages'@'localhost' identified by 'Pass.1234'; create user 'stages'@'localhost' identified by 'Pass.1234';
Line 183: Line 183:
 flush privileges; flush privileges;
 exit; exit;
- 
 </code> </code>
  
   * Import dump file into database “stages”   * Import dump file into database “stages”
-      * Unzip the file or customer specific dumpfile(*.sql) that has been sent to you +    * Unzip the file or customer specific dumpfile(*.sql) that has been sent to you 
-      * Execute to Import: mysql -uroot -p stages < /path/to/dumpfile/stages7_mysql_content.sql+    * Execute to Import: mysql -uroot -p stages < /path/to/dumpfile/stages7_mysql_content.sql 
  
 ==== Database installation with Oracle 11g, 12c or 19c ==== ==== Database installation with Oracle 11g, 12c or 19c ====
Line 236: Line 236:
   * Start Stages   * Start Stages
       * execute “stages start”       * execute “stages start”
 +
 +==== (Optional) Start without Root Privileges on Linux ====
 +
 +Normally Stages is started by the "root" user and then drops its privileges to the "stages" user after successful startup. In high risk environments, Stages can now also be started with a user id other than root. It can be enabled via the ''STAGES_NONROOTSTART''  variable in ''…/bin/rc.conf''. If enabled, the same user id starting the service will also be used to run the service.
 +
 +Please note that privileged ports below 1024 cannot be opened in this configuration, so the normal HTTPS port 443 cannot be used. The non-root setting can only be used when the Tomcat connectors are configured to use ports higher than 1024 and e.g. a reverse proxy is being used to allow normal access via HTTPS.
 +
 +**How to configure the user that Stages service should run as?**
 + 
 +1. Edit stages.service file:
 +  * vi /etc/systemd/system/stages.service 
 +  * add the line User=<username> within the [Service] section (IMPORTANT: DO NOT ADD QUOTES AROUND THE USERNAME)
 +
 +2. Reload system manager configuration with systemctl command:
 +  * systemctl daemon-reload
 +
 +3. Additionally change the user ownership for all files below stages installation folder with following command: 
 +  * chown -R <username> /opt/stages
  
 ===== (Optional) Secure MySQL connection with SSL ===== ===== (Optional) Secure MySQL connection with SSL =====