Differences

This shows you the differences between two versions of the page.

--- 79:configure_stages [2024/03/08 08:07] – [Configuration for usage with Reverse Proxy] Weinlein, Thomas
+++ 79:configure_stages [2024/10/30 11:32] (current) – [Configuration for usage with Reverse Proxy] Weinlein, Thomas
@@ Line 42: / Line 42: @@
 | ''$STAGES_ROOT/config.bat'' (Windows) \\ ''$STAGES_ROOT/bin/rc.conf'' (Linux) | [[#Configuration of Stages Service Parameters]] |  **✔**  |
 | Basic configuration |||
-| ''$STAGES_CONF/server.xml'' | [[#Configuring the TCP Ports|Configuration of HTTP ports]] and [[#Configuring SSL Certificate|certificates]] |  **✔**((
+| ''$STAGES_CONF/server.xml'' | [[#Configuring the TCP Ports|Configuration of HTTP ports]] and [[#configuring-tlsssl-certificate|certificates]] |  **✔**((
 by using variable replacement
 ))  |
@@ Line 63: / Line 63: @@
 | ''$STAGES_CONF/signature.xml''  |  |  **✘**  |
 | ''$STAGES_CONF/licences'' |  |  **✘**  |
-| [[#Configuring SSL Certificate|Certificates]] |||
+| [[#configuring-tlsssl-certificate|Certificates]] |||
 | ''$STAGES_CONF/*.crt'' \\ ''$STAGES_CONF/*.p12'' \\ ''$STAGES_CONF/*.jks'' |  |  **✘**  |
 | [[kerberos_autologin|Kerberos SSO]] |||
@@ Line 174: / Line 174: @@
 The server.xml for new installations looks as follows: [[server.xml]]
-Stages is started on TCP/IP port 80, 443 and 8085 and enforces usage of HTTPS by default. Thus, it can be accessed via the URL [[https://<servername>|https://<servername>]]. To use a different port or delegate HTTPS termination to a reverse proxy like Apache HTTP server or Nginx, change the respective lines in the Tomcat configuration file named ''$STAGES_CONF/server.xml''.
+Stages is started on TCP/IP port 80, 443 and 8085 and enforces usage of HTTPS by default. Thus, it can be accessed via the URL [[https://<servername>|https://<servername>]]. To use a different port or [[#configuration-for-usage-with-reverse-proxy|delegate HTTPS termination to a reverse proxy]] like Apache HTTP server or Nginx, change the respective lines in the Tomcat configuration file named ''$STAGES_CONF/server.xml''.
 When you try to access Stages via HTTP the client will be redirect to HTTPS instead.
@@ Line 237: / Line 237: @@
 In case you use a IPv6 only configuration please replace ''address="127.0.0.1"'' by ''address="::1"''
-==== Configuring SSL Certificate ====
+Further explanations of the connector attributes are available at [[https://tomcat.apache.org/tomcat-9.0-doc/config/http.html]]
+==== Configuring TLS/SSL Certificate ====
 Stages comes with a self signed certificate for [[https://stages.localhost]]. Of course this needs to be replaced by your own certificate for production use.
   * Register a DNS alias for the server, e.g. “stages.company.com”
-  * Apply for a SSL certificate for the server which refers to the above alias. Depending on your local procedures, this might require creating a certificate request (see https://www.digicert.com/kb/csr-ssl-installation/tomcat-keytool.htm for more info).
+  * Apply for a TLS/SSL certificate for the server which refers to the above alias. Depending on your local procedures, this might require creating a certificate request (e.g. see https://www.digicert.com/kb/csr-ssl-installation/tomcat-keytool.htm for more info).
   * Store your PKCS#12 (requires JDK 8u301 or newer) or JKS keystore file in ''$STAGES_CONF'' directory and adapt the following configuration properties accordingly:
-''$STAGES_CONF/stages.properties''
+''$STAGES_CONF/config.properties''
 <code properties>
 general.external.hostname = stages.example.com
@@ Line 258: / Line 260: @@
 ==== Configuration for usage with Reverse Proxy ====
-in case you want to terminate the TSL connection on a reverse proxy ([[https://en.wikipedia.org/wiki/TLS_termination_proxy]]), you need to adapt the ''server.xml'' and remove the default connectors for port 80 and 443. Instead you need to add a connector for the reverse proxy connection, either an AJP connector or an HTTP connector. Please refer to [[https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html]] and [[https://tomcat.apache.org/tomcat-9.0-doc/proxy-howto.html]] and your proxy documentation for details.
+in case you want to terminate the TSL connection on a reverse proxy ([[https://en.wikipedia.org/wiki/TLS_termination_proxy]]), you need to adapt the ''server.xml'' and remove the default connectors for port 80 and 443. Instead you need to add a connector for the reverse proxy connection, either an AJP connector or an HTTP connector. Please refer to [[https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html]] and [[https://tomcat.apache.org/tomcat-9.0-doc/proxy-howto.html]] and your proxy documentation for details. The connector on port 8085 is always needed for internal communication.
 E.g.
@@ Line 303: / Line 305: @@
 ProxyPassReverse /stages/socket ws://{{ internal_hostname }}:8081/stages/socket
 ProxyPass /stages http://{{ internal_hostname }}:8081/stages
-ProxyPass /reporting http://{{ internal_hostname }}:8081/reporting
-ProxyPass /stages-processor http://{{ internal_hostname }}:8081/stages-processor
 SSLEngine on
@@ Line 329: / Line 329: @@
 set JAVA_OPTS=[...] -Djavax.net.ssl.trustStoreType=Windows-ROOT -Djavax.net.ssl.trustStore=NUL
 </code>
-This is the default for new installations of 7.9.14.0 and newer.
+This is the default for new installations of Stages 7.9.14.0 or newer.
 Linux: