Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
79:configure_stages_new [2024/03/07 14:33] – [Configuring SSL Certificate] Weinlein, Thomas | 79:configure_stages_new [2024/03/12 10:16] – [Configure the Stages server **Currently under rework**] Weinlein, Thomas | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configure the Stages server | + | ====== Configure the Stages server ====== |
===== Stages installation location ===== | ===== Stages installation location ===== | ||
Line 75: | Line 75: | ||
**Shareable** files can be shared between a test and a production server without modifications, | **Shareable** files can be shared between a test and a production server without modifications, | ||
+ | |||
+ | ===== Apply configuration changes ===== | ||
+ | |||
+ | For the configuration changes to take effect you need to run the following commands which will also restart Stages, so plan for a short downtime: | ||
+ | |||
+ | **Windows: | ||
+ | |||
+ | In case of changes to the service configurations | ||
+ | < | ||
+ | $STAGES_ROOT\bin\reinstallService.bat | ||
+ | </ | ||
+ | always | ||
+ | < | ||
+ | net stop stages | ||
+ | $STAGES_ROOT\bin\update.bat | ||
+ | net start stages | ||
+ | </ | ||
+ | |||
+ | **Linux:** | ||
+ | < | ||
+ | stages reload | ||
+ | </ | ||
+ | |||
===== Best practice for managing configurations ===== | ===== Best practice for managing configurations ===== | ||
Line 133: | Line 156: | ||
* Windows: | * Windows: | ||
* Open file " | * Open file " | ||
- | * Modify the red colored | + | * Modify the setting: //set TOMCAT_OPTS=–JvmMx=< |
* Open a cmd with administrative permissions and navigate to folder " | * Open a cmd with administrative permissions and navigate to folder " | ||
* Reinstall the Stages service: **reinstallService.bat** | * Reinstall the Stages service: **reinstallService.bat** | ||
Line 139: | Line 162: | ||
* Linux: | * Linux: | ||
* Open file " | * Open file " | ||
- | * Modify the red colored | + | * Modify the value: // |
* Restart the Stages service:** stages restart** | * Restart the Stages service:** stages restart** | ||
Line 236: | Line 259: | ||
For more details on certificate generation please refer to [[certificate_generation]]. | For more details on certificate generation please refer to [[certificate_generation]]. | ||
+ | ==== Configuration for usage with Reverse Proxy ==== | ||
+ | in case you want to terminate the SSL connection on a reverse proxy, you need to adapt the '' | ||
+ | E.g. | ||
+ | <code xml> | ||
+ | < | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | > | ||
+ | </ | ||
+ | </ | ||
+ | or for AJP | ||
+ | <code xml> | ||
+ | < | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | /> | ||
+ | </ | ||
+ | In case the reverse proxy runs on a separate machine replace the address attribute by '' | ||
+ | Please also make sure websocket connections ('' | ||
+ | Here is an example for Apache HTTP server configuration using an HTTP connector for Stages on port 8081: | ||
+ | < | ||
+ | < | ||
+ | ServerName {{ general_external_hostname }} | ||
- | __TODO__ | + | Redirect permanent / https://{{ general_external_hostname }}/stages |
+ | ProxyPass / | ||
+ | ProxyPassReverse / | ||
+ | ProxyPass /stages http://{{ internal_hostname }}: | ||
+ | ProxyPass /reporting http://{{ internal_hostname }}: | ||
+ | ProxyPass / | ||
+ | SSLEngine on | ||
+ | [...] | ||
+ | </ | ||
- | Explain proxyname proxyport secure? | + | < |
+ | ServerName {{ general_external_hostname }} | ||
- | Configuration with reverse proxy | + | Redirect permanent / https://{{ general_external_hostname }} |
- | Stages | + | [...] |
+ | </ | ||
+ | </ | ||
+ | |||
+ | ==== Use the system trust store ==== | ||
+ | |||
+ | Stages | ||
+ | |||
+ | Windows: | ||
+ | |||
+ | Please ensure | ||
+ | < | ||
+ | set JAVA_OPTS=[...] -Djavax.net.ssl.trustStoreType=Windows-ROOT -Djavax.net.ssl.trustStore=NUL | ||
+ | </ | ||
+ | This is the default | ||
+ | |||
+ | Linux: | ||
- | Import certificate into system truststore | + | Please ensure to use the proper '' |