Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
79:install [2024/03/07 15:53] – [Configure SSL] Weinlein, Thomas79:install [2024/03/15 11:28] (current) – [Start without Root Privileges on Linux] Mrozek, Marek
Line 248: Line 248:
       * execute “stages start”       * execute “stages start”
  
 +==== (Optional) Start without Root Privileges on Linux ====
 +
 +Normally Stages is started by the "root" user and then drops its privileges to the "stages" user after successful startup. In high risk environments, Stages can now also be started with a user id other than root. It can be enabled via the ''STAGES_NONROOTSTART''  variable in ''…/bin/rc.conf''. If enabled, the same user id starting the service will also be used to run the service.
 +
 +Please note that privileged ports below 1024 cannot be opened in this configuration, so the normal HTTPS port 443 cannot be used. The non-root setting can only be used when the Tomcat connectors are configured to use ports higher than 1024 and e.g. a reverse proxy is being used to allow normal access via HTTPS.
 +
 +**How to configure the user that Stages service should run as?**
 + 
 +1. Edit stages.service file:
 +  * vi /etc/systemd/system/stages.service 
 +  * add the line User=<username> within the [Service] section (IMPORTANT: DO NOT ADD QUOTES AROUND THE USERNAME)
 +
 +2. Reload system manager configuration with systemctl command:
 +  * Unordered List Itemsystemctl daemon-reload
 +
 +3. Additionally change the user ownership for all files below stages installation folder with following command: 
 +  * chown -R <username> /opt/stages
  
 ===== (Optional) Secure MySQL connection with SSL ===== ===== (Optional) Secure MySQL connection with SSL =====
Line 342: Line 359:
 ===== Configure SSL ===== ===== Configure SSL =====
  
-Please refer to [[configure_stages#Configuring SSL Certificate|here]].+Please refer to [[configure_stages#configuring-tlsssl-certificate|here]].
  
 === Add CAs to your TrustStore === === Add CAs to your TrustStore ===
Line 349: Line 366:
 ===== Accessing Stages ===== ===== Accessing Stages =====
  
-''After successful installation process - Stages is accessible via web browser by URL [[https://localhost:8443|https://localhost:8443]] or [[http://localhost:8080|http://localhost:8080]] (depending on the SSL port) ''+After successful installation process - Stages is accessible via web browser by URL [[https://stages.localhost|https://stages.localhost]]. As Stages is delivered with a self signed certificate your browser will warn you that the certificate is not trustworthy. For a first test you can instruct the browser to direct you to the website anyhow. After that please [[configure_stages#Configuring SSL Certificate|configure a trusted certificate]].
  
 ===== Change password of "root" user ===== ===== Change password of "root" user =====
  
-''Log in with the "root" user and the provided password. Click on the "Superuser" link in the bottom left corner of the navigation and change the password to a secure and unique one. ''+Log in with the "root" user and the provided password. Click on the "Superuser" link in the bottom left corner of the navigation and change the password to a secure and unique one. 
  
 ===== Prepare Stages for productive usage ===== ===== Prepare Stages for productive usage =====