-
Notifications
You must be signed in to change notification settings - Fork 18
Web Server
There are many possible choices of software for this section. We've always used Tomcat, at first with Apache web server, but we've switched to Nginx.
The Apache setup is bit more straight forward and Shibboleth integrates nicely with it. However, we've found Nginx to give better performance.
If you've decided to go with Tomcat, you might find psi-probe a nice addition, or a measure how to test your setup is working fine.
A common pitfall is a firewall blocking the communication between the web server and container.
You might need to tweak the memory parameters your tomcat is run with. We have a modified (debian) init.d script similar to this for tomcat8 and java8. It's not a production version, at least turn off the debug_opts. We used to run something similar for tomcat7 and java7. There were more memory options -XX:PermSize=512m -XX:MaxPermSize=512m -XX:+DisableExplicitGC
- Additional information: Connecting Tomcat with Apache, SUNScholar
There are several ways how to connect these two, see document above or google.
Look at Using-Nginx.
- Additional information: google
You'll need to acquire a certificate and set it up in your web server.
Apache mod_ssl provides a sample configuration in some distributions.
Nginx tips are in the Tomcat Nginx section above.
Should be fairly simple to obtain a certificate through Let's Encrypt.
Don't forget to include the whole certificate chain in your configs.
You'll need to set your web server with additional rewrites to by compliant with Centres' requirements. See them in the checklist