Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Last revisionBoth sides next revision
79:install [2024/03/08 10:29] – [Configure SSL] Weinlein, Thomas79:install [2024/03/15 11:27] – [Stages Installation on Linux] Mrozek, Marek
Line 248: Line 248:
       * execute “stages start”       * execute “stages start”
  
 +==== Start without Root Privileges on Linux ====
 +
 +Normally Stages is started by the "root" user and then drops its privileges to the "stages" user after successful startup. In high risk environments, Stages can now also be started with a user id other than root. It can be enabled via the ''STAGES_NONROOTSTART''  variable in ''…/bin/rc.conf''. If enabled, the same user id starting the service will also be used to run the service.
 +
 +Please note that privileged ports below 1024 cannot be opened in this configuration, so the normal HTTPS port 443 cannot be used. The non-root setting can only be used when the Tomcat connectors are configured to use ports higher than 1024 and e.g. a reverse proxy is being used to allow normal access via HTTPS.
 +
 +**How to configure the user that Stages service should run as?**
 + 
 +1. Edit stages.service file:
 +  * vi /etc/systemd/system/stages.service 
 +  * add the line User=<username> within the [Service] section (IMPORTANT: DO NOT ADD QUOTES AROUND THE USERNAME)
 +
 +2. Reload system manager configuration with systemctl command:
 +  * Unordered List Itemsystemctl daemon-reload
 +
 +3. Additionally change the user ownership for all files below stages installation folder with following command: 
 +  * chown -R <username> /opt/stages
  
 ===== (Optional) Secure MySQL connection with SSL ===== ===== (Optional) Secure MySQL connection with SSL =====