Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
79:configure_stages_new [2024/03/07 14:32] – [Variable replacement] Weinlein, Thomas | 79:configure_stages_new [2024/03/12 10:16] – [Configure the Stages server **Currently under rework**] Weinlein, Thomas | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configure the Stages server | + | ====== Configure the Stages server ====== |
===== Stages installation location ===== | ===== Stages installation location ===== | ||
Line 75: | Line 75: | ||
**Shareable** files can be shared between a test and a production server without modifications, | **Shareable** files can be shared between a test and a production server without modifications, | ||
+ | |||
+ | ===== Apply configuration changes ===== | ||
+ | |||
+ | For the configuration changes to take effect you need to run the following commands which will also restart Stages, so plan for a short downtime: | ||
+ | |||
+ | **Windows: | ||
+ | |||
+ | In case of changes to the service configurations | ||
+ | < | ||
+ | $STAGES_ROOT\bin\reinstallService.bat | ||
+ | </ | ||
+ | always | ||
+ | < | ||
+ | net stop stages | ||
+ | $STAGES_ROOT\bin\update.bat | ||
+ | net start stages | ||
+ | </ | ||
+ | |||
+ | **Linux:** | ||
+ | < | ||
+ | stages reload | ||
+ | </ | ||
+ | |||
===== Best practice for managing configurations ===== | ===== Best practice for managing configurations ===== | ||
Line 118: | Line 141: | ||
The following code configures a value of “value.of.property” for the configuration property “name.of.property”: | The following code configures a value of “value.of.property” for the configuration property “name.of.property”: | ||
- | < | + | < |
< | < | ||
< | < | ||
Line 133: | Line 156: | ||
* Windows: | * Windows: | ||
* Open file " | * Open file " | ||
- | * Modify the red colored | + | * Modify the setting: //set TOMCAT_OPTS=–JvmMx=< |
* Open a cmd with administrative permissions and navigate to folder " | * Open a cmd with administrative permissions and navigate to folder " | ||
* Reinstall the Stages service: **reinstallService.bat** | * Reinstall the Stages service: **reinstallService.bat** | ||
Line 139: | Line 162: | ||
* Linux: | * Linux: | ||
* Open file " | * Open file " | ||
- | * Modify the red colored | + | * Modify the value: // |
* Restart the Stages service:** stages restart** | * Restart the Stages service:** stages restart** | ||
Line 162: | Line 185: | ||
To change the HTTPS port, change the port number within the following statement: | To change the HTTPS port, change the port number within the following statement: | ||
- | < | + | < |
< | < | ||
| | ||
Line 176: | Line 199: | ||
For example, to use HTTPS on port 8443, comment out the statement above and enable the statement below: | For example, to use HTTPS on port 8443, comment out the statement above and enable the statement below: | ||
- | < | + | < |
< | < | ||
| | ||
Line 192: | Line 215: | ||
Please ensure the connector for port 8085 is always available, as it will be used for internal communication of Stages to deliver the reports and PDF print features. In the default configuration port 8085 is not reachable from other machines. | Please ensure the connector for port 8085 is always available, as it will be used for internal communication of Stages to deliver the reports and PDF print features. In the default configuration port 8085 is not reachable from other machines. | ||
- | < | + | < |
< | < | ||
| | ||
Line 212: | Line 235: | ||
Please configure the Stages hostname as it is used by the end users in '' | Please configure the Stages hostname as it is used by the end users in '' | ||
- | < | + | < |
general.external.hostname = stages.example.com | general.external.hostname = stages.example.com | ||
</ | </ | ||
Line 224: | Line 247: | ||
'' | '' | ||
- | < | + | < |
general.external.hostname = stages.example.com | general.external.hostname = stages.example.com | ||
general.keystore.path = conf/ | general.keystore.path = conf/ | ||
</ | </ | ||
'' | '' | ||
- | < | + | < |
general.keystore.keyAlias = stages | general.keystore.keyAlias = stages | ||
general.keystore.password = SECRET | general.keystore.password = SECRET | ||
Line 236: | Line 259: | ||
For more details on certificate generation please refer to [[certificate_generation]]. | For more details on certificate generation please refer to [[certificate_generation]]. | ||
+ | ==== Configuration for usage with Reverse Proxy ==== | ||
+ | in case you want to terminate the SSL connection on a reverse proxy, you need to adapt the '' | ||
+ | E.g. | ||
+ | <code xml> | ||
+ | < | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | > | ||
+ | </ | ||
+ | </ | ||
+ | or for AJP | ||
+ | <code xml> | ||
+ | < | ||
+ | | ||
+ | | ||
+ | | ||
+ | | ||
+ | /> | ||
+ | </ | ||
+ | In case the reverse proxy runs on a separate machine replace the address attribute by '' | ||
+ | Please also make sure websocket connections ('' | ||
+ | Here is an example for Apache HTTP server configuration using an HTTP connector for Stages on port 8081: | ||
+ | < | ||
+ | < | ||
+ | ServerName {{ general_external_hostname }} | ||
- | __TODO__ | + | Redirect permanent / https://{{ general_external_hostname }}/stages |
+ | ProxyPass / | ||
+ | ProxyPassReverse / | ||
+ | ProxyPass /stages http://{{ internal_hostname }}: | ||
+ | ProxyPass /reporting http://{{ internal_hostname }}: | ||
+ | ProxyPass / | ||
+ | SSLEngine on | ||
+ | [...] | ||
+ | </ | ||
- | Explain proxyname proxyport secure? | + | < |
+ | ServerName {{ general_external_hostname }} | ||
- | Configuration with reverse proxy | + | Redirect permanent / https://{{ general_external_hostname }} |
- | Stages | + | [...] |
+ | </ | ||
+ | </ | ||
+ | |||
+ | ==== Use the system trust store ==== | ||
+ | |||
+ | Stages | ||
+ | |||
+ | Windows: | ||
+ | |||
+ | Please ensure | ||
+ | < | ||
+ | set JAVA_OPTS=[...] -Djavax.net.ssl.trustStoreType=Windows-ROOT -Djavax.net.ssl.trustStore=NUL | ||
+ | </ | ||
+ | This is the default | ||
+ | |||
+ | Linux: | ||
- | Import certificate into system truststore | + | Please ensure to use the proper '' |