Differences

This shows you the differences between two versions of the page.

--- 79:configure_stages [2024/03/08 08:12] – [Use the system trust store] Weinlein, Thomas
+++ 79:configure_stages [2024/03/08 10:32] (current) – Weinlein, Thomas
@@ Line 42: / Line 42: @@
 | ''$STAGES_ROOT/config.bat'' (Windows) \\ ''$STAGES_ROOT/bin/rc.conf'' (Linux) | [[#Configuration of Stages Service Parameters]] |  **✔**  |
 | Basic configuration |||
-| ''$STAGES_CONF/server.xml'' | [[#Configuring the TCP Ports|Configuration of HTTP ports]] and [[#Configuring SSL Certificate|certificates]] |  **✔**((
+| ''$STAGES_CONF/server.xml'' | [[#Configuring the TCP Ports|Configuration of HTTP ports]] and [[#configuring-tlsssl-certificate|certificates]] |  **✔**((
 by using variable replacement
 ))  |
@@ Line 63: / Line 63: @@
 | ''$STAGES_CONF/signature.xml''  |  |  **✘**  |
 | ''$STAGES_CONF/licences'' |  |  **✘**  |
-| [[#Configuring SSL Certificate|Certificates]] |||
+| [[#configuring-tlsssl-certificate|Certificates]] |||
 | ''$STAGES_CONF/*.crt'' \\ ''$STAGES_CONF/*.p12'' \\ ''$STAGES_CONF/*.jks'' |  |  **✘**  |
 | [[kerberos_autologin|Kerberos SSO]] |||
@@ Line 174: / Line 174: @@
 The server.xml for new installations looks as follows: [[server.xml]]
-Stages is started on TCP/IP port 80, 443 and 8085 and enforces usage of HTTPS by default. Thus, it can be accessed via the URL [[https://<servername>|https://<servername>]]. To use a different port or delegate HTTPS termination to a reverse proxy like Apache HTTP server or Nginx, change the respective lines in the Tomcat configuration file named ''$STAGES_CONF/server.xml''.
+Stages is started on TCP/IP port 80, 443 and 8085 and enforces usage of HTTPS by default. Thus, it can be accessed via the URL [[https://<servername>|https://<servername>]]. To use a different port or [[#configuration-for-usage-with-reverse-proxy|delegate HTTPS termination to a reverse proxy]] like Apache HTTP server or Nginx, change the respective lines in the Tomcat configuration file named ''$STAGES_CONF/server.xml''.
 When you try to access Stages via HTTP the client will be redirect to HTTPS instead.
@@ Line 236: / Line 236: @@
 In case you use a IPv6 only configuration please replace ''address="127.0.0.1"'' by ''address="::1"''
+Further explanations of the connector attributes are available at [[https://tomcat.apache.org/tomcat-9.0-doc/config/http.html]]
 ==== Configuring TLS/SSL Certificate ====
@@ Line 258: / Line 260: @@
 ==== Configuration for usage with Reverse Proxy ====
-in case you want to terminate the TSL connection on a reverse proxy ([[https://en.wikipedia.org/wiki/TLS_termination_proxy]]), you need to adapt the ''server.xml'' and remove the default connectors for port 80 and 443. Instead you need to add a connector for the reverse proxy connection, either an AJP connector or an HTTP connector. Please refer to [[https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html]] and [[https://tomcat.apache.org/tomcat-9.0-doc/proxy-howto.html]] and your proxy documentation for details.
+in case you want to terminate the TSL connection on a reverse proxy ([[https://en.wikipedia.org/wiki/TLS_termination_proxy]]), you need to adapt the ''server.xml'' and remove the default connectors for port 80 and 443. Instead you need to add a connector for the reverse proxy connection, either an AJP connector or an HTTP connector. Please refer to [[https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html]] and [[https://tomcat.apache.org/tomcat-9.0-doc/proxy-howto.html]] and your proxy documentation for details. The connector on port 8085 is always needed for internal communication.
 E.g.