Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
710:install [2024/03/08 10:29] – [Configure TLS/SSL] Weinlein, Thomas710:install [2024/03/15 14:50] (current) – [(Optional) Start without Root Privileges on Linux] Weinlein, Thomas
Line 236: Line 236:
   * Start Stages   * Start Stages
       * execute “stages start”       * execute “stages start”
 +
 +==== (Optional) Start without Root Privileges on Linux ====
 +
 +Normally Stages is started by the "root" user and then drops its privileges to the "stages" user after successful startup. In high risk environments, Stages can now also be started with a user id other than root. It can be enabled via the ''STAGES_NONROOTSTART''  variable in ''…/bin/rc.conf''. If enabled, the same user id starting the service will also be used to run the service.
 +
 +Please note that privileged ports below 1024 cannot be opened in this configuration, so the normal HTTPS port 443 cannot be used. The non-root setting can only be used when the Tomcat connectors are configured to use ports higher than 1024 and e.g. a reverse proxy is being used to allow normal access via HTTPS.
 +
 +**How to configure the user that Stages service should run as?**
 + 
 +1. Edit stages.service file:
 +  * vi /etc/systemd/system/stages.service 
 +  * add the line User=<username> within the [Service] section (IMPORTANT: DO NOT ADD QUOTES AROUND THE USERNAME)
 +
 +2. Reload system manager configuration with systemctl command:
 +  * systemctl daemon-reload
 +
 +3. Additionally change the user ownership for all files below stages installation folder with following command: 
 +  * chown -R <username> /opt/stages
  
 ===== (Optional) Secure MySQL connection with SSL ===== ===== (Optional) Secure MySQL connection with SSL =====
Line 355: Line 373:
 ===== Accessing Stages ===== ===== Accessing Stages =====
  
-''After successful installation process - Stages is accessible via web browser by URL [[https://localhost:8443|https://localhost:8443]] or [[http://localhost:8080|http://localhost:8080]] (depending on the SSL port) ''+After successful installation process - Stages is accessible via web browser by URL [[https://stages.localhost|https://stages.localhost]]. As Stages is delivered with a self signed certificate your browser will warn you that the certificate is not trustworthy. For a first test you can instruct the browser to direct you to the website anyhow. After that please [[configure_stages#configuring-tlsssl-certificate|configure a trusted certificate]].
  
 ===== Change password of "root" user ===== ===== Change password of "root" user =====
  
-''Log in with the "root" user and the provided password. Click on the "Superuser" link in the bottom left corner of the navigation and change the password to a secure and unique one. ''+Log in with the "root" user and the provided password. Click on the "Superuser" link in the bottom left corner of the navigation and change the password to a secure and unique one.
  
 ===== Prepare Stages for productive usage ===== ===== Prepare Stages for productive usage =====