Both sides previous revisionPrevious revisionNext revision | Previous revision |
79:configure_stages [2024/03/08 08:12] – [Use the system trust store] Weinlein, Thomas | 79:configure_stages [2024/03/08 10:32] (current) – Weinlein, Thomas |
---|
| ''$STAGES_ROOT/config.bat'' (Windows) \\ ''$STAGES_ROOT/bin/rc.conf'' (Linux) | [[#Configuration of Stages Service Parameters]] | **✔** | | | ''$STAGES_ROOT/config.bat'' (Windows) \\ ''$STAGES_ROOT/bin/rc.conf'' (Linux) | [[#Configuration of Stages Service Parameters]] | **✔** | |
| Basic configuration ||| | | Basic configuration ||| |
| ''$STAGES_CONF/server.xml'' | [[#Configuring the TCP Ports|Configuration of HTTP ports]] and [[#Configuring SSL Certificate|certificates]] | **✔**(( | | ''$STAGES_CONF/server.xml'' | [[#Configuring the TCP Ports|Configuration of HTTP ports]] and [[#configuring-tlsssl-certificate|certificates]] | **✔**(( |
by using variable replacement | by using variable replacement |
)) | | )) | |
| ''$STAGES_CONF/signature.xml'' | | **✘** | | | ''$STAGES_CONF/signature.xml'' | | **✘** | |
| ''$STAGES_CONF/licences'' | | **✘** | | | ''$STAGES_CONF/licences'' | | **✘** | |
| [[#Configuring SSL Certificate|Certificates]] ||| | | [[#configuring-tlsssl-certificate|Certificates]] ||| |
| ''$STAGES_CONF/*.crt'' \\ ''$STAGES_CONF/*.p12'' \\ ''$STAGES_CONF/*.jks'' | | **✘** | | | ''$STAGES_CONF/*.crt'' \\ ''$STAGES_CONF/*.p12'' \\ ''$STAGES_CONF/*.jks'' | | **✘** | |
| [[kerberos_autologin|Kerberos SSO]] ||| | | [[kerberos_autologin|Kerberos SSO]] ||| |
The server.xml for new installations looks as follows: [[server.xml]] | The server.xml for new installations looks as follows: [[server.xml]] |
| |
Stages is started on TCP/IP port 80, 443 and 8085 and enforces usage of HTTPS by default. Thus, it can be accessed via the URL [[https://<servername>|https://<servername>]]. To use a different port or delegate HTTPS termination to a reverse proxy like Apache HTTP server or Nginx, change the respective lines in the Tomcat configuration file named ''$STAGES_CONF/server.xml''. | Stages is started on TCP/IP port 80, 443 and 8085 and enforces usage of HTTPS by default. Thus, it can be accessed via the URL [[https://<servername>|https://<servername>]]. To use a different port or [[#configuration-for-usage-with-reverse-proxy|delegate HTTPS termination to a reverse proxy]] like Apache HTTP server or Nginx, change the respective lines in the Tomcat configuration file named ''$STAGES_CONF/server.xml''. |
| |
When you try to access Stages via HTTP the client will be redirect to HTTPS instead. | When you try to access Stages via HTTP the client will be redirect to HTTPS instead. |
| |
In case you use a IPv6 only configuration please replace ''address="127.0.0.1"'' by ''address="::1"'' | In case you use a IPv6 only configuration please replace ''address="127.0.0.1"'' by ''address="::1"'' |
| |
| Further explanations of the connector attributes are available at [[https://tomcat.apache.org/tomcat-9.0-doc/config/http.html]] |
| |
==== Configuring TLS/SSL Certificate ==== | ==== Configuring TLS/SSL Certificate ==== |
==== Configuration for usage with Reverse Proxy ==== | ==== Configuration for usage with Reverse Proxy ==== |
| |
in case you want to terminate the TSL connection on a reverse proxy ([[https://en.wikipedia.org/wiki/TLS_termination_proxy]]), you need to adapt the ''server.xml'' and remove the default connectors for port 80 and 443. Instead you need to add a connector for the reverse proxy connection, either an AJP connector or an HTTP connector. Please refer to [[https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html]] and [[https://tomcat.apache.org/tomcat-9.0-doc/proxy-howto.html]] and your proxy documentation for details. | in case you want to terminate the TSL connection on a reverse proxy ([[https://en.wikipedia.org/wiki/TLS_termination_proxy]]), you need to adapt the ''server.xml'' and remove the default connectors for port 80 and 443. Instead you need to add a connector for the reverse proxy connection, either an AJP connector or an HTTP connector. Please refer to [[https://tomcat.apache.org/tomcat-9.0-doc/config/ajp.html]] and [[https://tomcat.apache.org/tomcat-9.0-doc/proxy-howto.html]] and your proxy documentation for details. The connector on port 8085 is always needed for internal communication. |
| |
E.g. | E.g. |