Differences

This shows you the differences between two versions of the page.

--- 79:configure_stages_new [2024/03/07 14:53] – [Configuration for usage with Reverse Proxy] Weinlein, Thomas
+++ 79:configure_stages_new [2024/03/12 10:16] – [Configure the Stages server **Currently under rework**] Weinlein, Thomas
@@ Line 1: / Line 1: @@
-====== Configure the Stages server  **Currently under rework** ======
+====== Configure the Stages server ======
 ===== Stages installation location =====
@@ Line 75: / Line 75: @@
 **Shareable** files can be shared between a test and a production server without modifications, as long as you stick to our [[#Best practice for managing configurations|configuration best practices]].
+===== Apply configuration changes =====
+For the configuration changes to take effect you need to run the following commands which will also restart Stages, so plan for a short downtime:
+**Windows:**
+In case of changes to the service configurations
+<code>
+$STAGES_ROOT\bin\reinstallService.bat
+</code>
+always
+<code>
+net stop stages
+$STAGES_ROOT\bin\update.bat
+net start stages
+</code>
+**Linux:**
+<code>
+stages reload
+</code>
 ===== Best practice for managing configurations =====
@@ Line 133: / Line 156: @@
   * Windows:
       * Open file "$STAGES_ROOT\config.bat"
-      * Modify the red colored setting: //set TOMCAT_OPTS=–JvmMx=<RAM in MB>//
+      * Modify the setting: //set TOMCAT_OPTS=–JvmMx=<RAM in MB>//
       * Open a cmd with administrative permissions and navigate to folder "$STAGES_ROOT\stages\bin"
       * Reinstall the Stages service: **reinstallService.bat**
@@ Line 139: / Line 162: @@
   * Linux:
       * Open file "$STAGES_ROOT/bin/rc.conf"
-      * Modify the red colored value: //CONF_TOMCAT_OPTS="-Xmx<RAM in MB>m -XX:+UseG1GC -XX_-OmitStackTraceInFastThrow"//
+      * Modify the value: //CONF_TOMCAT_OPTS="-Xmx<RAM in MB>m -XX:+UseG1GC -XX_-OmitStackTraceInFastThrow"//
       * Restart the Stages service:** stages restart**
@@ Line 272: / Line 295: @@
 </code>
 In case the reverse proxy runs on a separate machine replace the address attribute by ''address="0.0.0.0"'' or ''address="::"'' and additionally apply IP filters on operation system level to ensure the port is only reachable from the reverse proxy.
-Please also make sure websocket connections are forwarded by your reverse proxy.
+Please also make sure websocket connections (''ws:'') are forwarded by your reverse proxy.
+Here is an example for Apache HTTP server configuration using an HTTP connector for Stages on port 8081:
+<code>
+<VirtualHost *:443>
+ServerName {{ general_external_hostname }}
+Redirect permanent / https://{{ general_external_hostname }}/stages
+ProxyPass /stages/socket ws://{{ internal_hostname }}:8081/stages/socket
+ProxyPassReverse /stages/socket ws://{{ internal_hostname }}:8081/stages/socket
+ProxyPass /stages http://{{ internal_hostname }}:8081/stages
+ProxyPass /reporting http://{{ internal_hostname }}:8081/reporting
+ProxyPass /stages-processor http://{{ internal_hostname }}:8081/stages-processor
+SSLEngine on
+[...]
+</VirtualHost>
+<VirtualHost *:80>
+ServerName {{ general_external_hostname }}
+Redirect permanent / https://{{ general_external_hostname }}
+[...]
+</VirtualHost>
+</code>
+==== Use the system trust store ====
+Stages should trust the certificates and CAs in the systems trust store, to be able to access Cloud Services like Sharepoint Online and other systems in a secure manner.
+Windows:
+Please ensure the following properties are configured in ''$STAGES_ROOT\config.bat''
+<code>
+set JAVA_OPTS=[...] -Djavax.net.ssl.trustStoreType=Windows-ROOT -Djavax.net.ssl.trustStore=NUL
+</code>
+This is the default for new installations of 7.9.14.0 and newer.
+Linux:
+Please ensure to use the proper ''update-ca-trust'' or respective script of your distribution, that should ensure to copy the certificates to the system and the JAVA truststore.
 ===== Licenses =====