I basically (re)wrote the instructions for SSL+nginx a couple of weeks ago.
See this instruction page: http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat#Hhttps28secure29 <http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat#Hhttps28secure29> Based on information gleaned from this bug: http://jira.xwiki.org/browse/XWIKI-13963 <http://jira.xwiki.org/browse/XWIKI-13963> Looks like you skipped this from your install: First, you will need to add the following config to tomcat's server.xml (located at /etc/tomcat8/server.xml on Ubuntu 16.04). The first line should already be in the file, I include it to give you something to search for (that line is located on line 108 in the Ubuntu 16.04 tomcat8 package). This will help tomcat find your proxy headers. <Engine name="Catalina" defaultHost="localhost"> <Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="127\.0\.[0-1]\.1" remoteIpHeader="x-forwarded-for" requestAttributesEnabled="true" protocolHeader="x-forwarded-proto" protocolHeaderHttpsValue="https"/> I hope this helps, Craig > On Apr 28, 2017, at 9:09 PM, Douglas Landau <dougl...@westmarine.com> wrote: > > John, > > As far as I know it might be my own instructions. :-) They will get you a > successful install/running MySQL+XWiki-8.4.4(WAR)+Tomcat+NGINX on CentOS-7. > But my own XWiki is still under construction and there are at least a few > loose ends left to be addressed before I can announce it. For example: > > - I got LDAP auth working and yesterday I got, at length, > XWiki-group-sync-from-AD working. So now when I log in using my AD > credentials, because I'm in the Admins AD group, I am a member of the > XWikiAdminGroup group. I don't know if there is anything special built-in to > that group, or if it's just a name chosen as an example. I see it has full > rights to some pages and not others and now don't remember if I granted the > ones that exist, or if it came that way. In any case I made a lot of groups > yesterday and now cannot remove some. Maybe all, not sure. I can add them > but if I remove them and then refresh they come back, and I get this in the > logs: > > 2017-04-28 12:31:41,492 > [http://dwswiki10.westmarine.net:8080/xwiki/bin/admin/XWiki/XWikiPreferences?xpage=deleteuorg&docname=XWiki.Application+Development&form_token=whLkhIQlmWnx4c7FHacGdA] > WARN o.x.c.i.DefaultCSRFToken - CSRFToken: Secret token verification > failed, token: "whLkhIQlmWnx4c7FHacGdA", stored token: > "mdkkxCCQAFB4fwoqoceMYw" > > - I don't have usable startup and shutdown scripts working. The files are > owned by the user xwiki and to run as the same user I've been starting and > stopping it with "cd /data/tomcat; sudo -u xwiki bin/startup.sh" and "sudo > -u xwiki bin/shutdown.sh". The Tomcat docs say to use jsvc but their > example doesn't pick up bin/setenv.sh, and blah blah blah. I guess I need to > merge that script into the suggested jsvc usage, and then use the option that > switches who it's running as, even tho I don't need to do this stuff to make > it run on port 80, I just want it to run as xwiki. I guess I'll just let > NGINX run as root, not sure yet. > > - The HTTP -> HTTPS redirection doesn't seem to work as I expected/would like > and I'm not sure I'm doing it right. I have this in my xwiki.cfg: > xwiki.url.protocol=https ...but I'm not sure that's the right way to go > about it. I see the bit on the XWiki InstallationTomcat page about Let's > Encrypt but glanced at that page and it seemed like it was about creating > certs and didn't understand how it relates. > Today my NGINX is not working; not sure why. It -was-. Last week I stuck > this in there: return 301 https://$host$request_uri; > ... but now it's commented out. Think I got it from > https://www.bjornjohansen.no/redirect-to-https-with-nginx which makes it > sound great but I then commented it out and don't remember why. > Seems to me that the best place for the redirection to happen would be at the > NGINX layer. > > - There is a "server" section for port 80 and another for 443 in > conf/nginx.conf. As per the InstallationTomcat page I added the dir conf.d > and inside it tomcat.conf, with similar sections. I dunno if I should go and > comment out the server sections in conf/nginx.conf. > > > - I get this error in catalina.out, and dunno why or what I'm going to do: > 27-Apr-2017 19:00:57.513 INFO [main] > org.apache.catalina.startup.VersionLoggerListener.log Command line argument: > -XX:MaxPermSize=192m > OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=192m; support > was removed in 8.0 > > ... if I remember correctly, wherever it was I saw that, that place said it > was important! Oh yeah, it too was on this page: > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat > > > - I get this message in the logs and dunno what to do about it: > > 27-Apr-2017 14:56:48.633 SEVERE [localhost-startStop-2] > org.apache.catalina.loader.WebappClassLoaderBase.checkThreadLocalMapForLeaks > The web application [xwiki] created a ThreadLocal with key of type > [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@38058fb1]) and a value > of type [java.util.Stack] (value > [[org.xwiki.context.ExecutionContext@c0f4827]]) but failed to remove it when > the web application was stopped. Threads are going to be renewed over time to > try and avoid a probable memory leak. > > I get these in my logs and dunno what to do about it: > 27-Apr-2017 22:02:09.501 INFO [localhost-startStop-1] > org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned > for TLDs yet contained no TLDs. Enable debug logging for this logger for a > complete list of JARs that were scanned but no TLDs were found in them. > Skipping unneeded JARs during scanning can improve startup time and JSP > compilation time. > > > - I get this in my logs and don't understand it... I dunno what > java.library.path is, all I know is this: > > 27-Apr-2017 14:43:24.720 INFO [main] > org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based > Apache Tomcat Native library which allows optimal performance in production > environments was not found on the java.library.path: > /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib > > ... I don't understand it, all I know is: > > [root@dwswiki10 tomcat]# which java > /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64/jre/bin/java > > Setting JAVA_HOME in this way: > export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::") > ...yields this: > [root@dwswiki10 tomcat]# echo $JAVA_HOME > /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64/jre/ > > > I'm procrastinating dealing with these issues at the moment and starting to > try to push the UI into shape. I think our old wiki was using the spaces > extension, or is it a macro, and that's no longer the correct thing to do, > now that nested pages have replaced spaces, I guess... Vincent says, on the > spaces extension page, to use the Document Tree macro instead, so I guess > I'll install that now and try using it. > > Finally, looking at them today, I see a few places where the instructions > need minor editing: > - I say something about xwiki.preferences.redirect but am not sure if I > should have that in there or not, part of my http->https redirection confusion > - I set the "permanentDirectory" setting in xwiki.properties to get the > attachments out of the DB and out of the application tree. I don't see that > mentioned in the instructions. Before I set it, I did fire up the wiki, so > there was stuff that needed to be moved, and when I moved it, and restarted, > I had brought some problems down upon myself. I struggled with it for a > short while and then started over by removing the xwiki database, recreating > it, and repeating the setup I had done to that point. Anyway I have to get > that into the doc. > - I no longer think that the JAVA_HOME needs to be set in anyone's .bashrc; > that is now done in setenv.sh. > > > With that said, here are my own instructions: > -Doug > -------------------------------------- > There are five parts: > > Hardware/OS > MySQL > AppServer > XWiki > NGINX > > Hardware/OS > Start by deploying a VM from the CentOS-7.2 template on vcenter01 > Power on the new clone and log in as anchor > # sudo su - > # yum -y update > > Add the following lines to root's .bashrc, to anchor's .bashrc, and to the > .bashrc of the xwiki user: > export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::") > export PATH=$JAVA_HOME/bin:$PATH > > Prepare the Volume > Edit > I am installing everything on a new disk, which is mounted at /data. The > volume will be owned by anchor. This was necessary for some unknown reason > for the MySQL installation to work. I don't know why. It doesn't appear to > put anything outside of the install dir, /data/mysql. But I had to > nonetheless. > > # chown anchor:anchor /data > > > > Install MySQL > Edit > See https://dev.mysql.com/doc/refman/5.7/en/source-installation.html > > Create the user > > # groupadd mysql > # useradd -r -g mysql -s /bin/false mysql > > While we are at it we may as well go ahead and make the xwiki user at this > time: > > # groupadd -r xwiki > # useradd -r -g xwiki -s /bin/false xwiki > > Unpack MySQL source > > As anchor, cd to $HOME, and unpack the MySQL 5.7 source from /opt: > > anchor$ cd > anchor$ tar zxvf /opt/soft/mysql-5.7.17.tar.gz > anchor$ mkdir bld > anchor$ cd bld > > Install Boost Library > > Before you can configure and build MySQL you must install Boost in > /usr/local/boost_1_59_0. > > See https://dev.mysql.com/doc/refman/5.7/en/source-installation.html > > 1. Untar the boost 1.59_0 from /opt/soft: > > anchor$ pushd /usr/local > anchor$ tar zxvfp /opt/soft/boost_1_59_0.tar.gz > > 2. I don't remember how I figured this out, but I had to place the tarball > inside the unpacked directory: > > anchor$ cp !$ boost_1_59_0 > > 3. I also had to open up the permissions on the files and directories in the > boost installation, /usr/local/boost_1_59_0, which were owned by root, but > I'm building as anchor, and when unpacked, there were no read or search > permissions for group or others on the subdirectories. > > $ sudo su - > > # cd /usr/local > # chgrp -R anchor boost_1_59_0 > # chmod g+w /usr/local/boost_1_59_0 > # cd boost_1_59_0 > # find . -type d | xargs chmod g+rx > # find . -type f | xargs chmod g+rw > # find . -type d | xargs chmod o+rx > > Build MySQL > > Now we can get back to configuring and building MySQL: > $ cmake ../mysql-5.7.17 -DWITH_BOOST=/usr/local/boost_1_59_0 > -DCMAKE_INSTALL_PREFIX=/data/mysql > $ make > $ make test > > Install MySQL > > See > https://dev.mysql.com/doc/refman/5.7/en/installing-source-distribution.html > > As root: > > Place these lines in /etc/my.cnf: > basedir=/data/mysql > max_allowed_packet=32M > > Give these commands: > > # cd /data > # chown anchor:anchor . > # chmod 775 . > # cd /home/anchor/bld > # make install > # cd /data/mysql > # chown -R mysql . > > # bin/mysqld --user=mysql --initialize > > # bin/mysql_ssl_rsa_setup > > # chgrp -R mysql data > # bin/mysqld_safe --user=mysql & > # cp support-files/mysql.server /etc/init.d/mysql > # /etc/init.d/mysql start > > Set the password for root in MySQL > > # mysql -u -root -p > > Log in with the password for root that was given to you in the output of the > steps above. You will see the message: > > "You must reset your password using the ALTER USER statement before executing > this statement." > > mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'crappypass'; > > This completes the MySQL installation. > > Create the XWiki Database > > See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationMySQL > > Finally, create the xwiki database and grant permissions accordingly: > > # mysql -u root -p > > mysql> create database xwiki default character set utf8 collate utf8_bin; > mysql> grant all privileges on *.* to xwiki@localhost identified by 'badpass'; > > Should you make a mistake and not want to start completely over, you can drop > the XWiki database and recreate it: > > # mysql -uroot -p -e "drop database xwiki; CREATE DATABASE xwiki CHARACTER > SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON xwiki.* TO > 'xwiki'@'localhost' IDENTIFIED BY 'password'; > > Install Tomcat > Edit > # cd /data > # tar xvfp /opt/soft/apache-tomcat-9.0.0.M15.tar.gz > # mv apache-tomcat-9.0.0.M15.tar.gz tomcat > # chown -R xwiki:xwiki tomcat > > Configure Tomcat > See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat > > # cd /data/tomcat > # cp -rp conf conf.orig > # cd conf > > Edit server.xml and find these lines in the default connector, the only one > which is uncommented. Insert this line at line 71: > > URIEncoding="UTF-8" > > Install XWiki > Edit > See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat > > # cd tomcat > # cd webapps > # mkdir xwiki > # cd xwiki > # jar -xvf /opt/soft/xwiki-enterprise-web-8.4.4.war > # cd .. > # chown -R xwiki:xwiki xwiki > # cd xwiki/WEB_INF/lib > # cp /opt/soft/mysql-connector-java-5.1.40-bin.jar . > # chown xwiki:xwiki mysql-conn* > > Configure XWiki Attachment Storage > See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Attachments > > # cd ../webapps/xwiki > # cd WEB-INF > # cp -p xwiki.cfg xwiki.cfg.orig > > Edit xwiki.cfg and add this line at line 93: > xwiki.store.attachement.hint=file > > Add this line at line 100: > xwiki.store.attachment.versioning.hint=file > > And at 107: > xwiki.store.attachment.recyclebin.hint=file > > Configure XWiki to work with MySQL > See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationMySQL > > Modify hibernate.cfg by commenting out the default database settings and > uncommenting the MySQL section. Then modify the settings in theat section to > match those shown here: > > # cp -p hibernate.cfg.xml hibernate.cfg.xml.orig > > Edit hibernate.cfg and set the following settings > > <property name="connection.url">jdbc:mysql://localhost/xwiki</property> > <property name="connection.username">xwiki</property> > <property name="connection.password">badpass</property> > <property name="connection.driver_class">com.mysql.jdbc.Driver</property> > <property name="dialect">org.hibernate.dialect.MySQL5InnoDBDialect</property> > <property name="connection.useUnicode">true</property> > <property name="connection.characterEncoding">UTF-8</property> > > Configure XWiki Policy Configuration > See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat > > The Tomcat Security Manager is enabled to be by default. Add these lines to > the bottom of /data/tomcat/conf/catalina.policy: > > grant codeBase "file:${catalina.base}/webapps/xwiki/WEB-INF/lib/-" { > // for mySQL connection > permission java.net.SocketPermission "127.0.0.1:3306", "connect,resolve"; > > // XWiki must have access to all properties in read/write > permission java.util.PropertyPermission "*", "read, write"; > > // Generic detected permissions > permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; > permission java.lang.RuntimePermission "createClassLoader"; > permission java.lang.RuntimePermission "setContextClassLoader"; > permission java.lang.RuntimePermission > "accessClassInPackage.org.apache.catalina.loader"; > permission java.lang.RuntimePermission "accessDeclaredMembers"; > permission java.lang.RuntimePermission "getenv.ProgramFiles"; > permission java.lang.RuntimePermission "getenv.APPDATA"; > permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; > permission java.lang.RuntimePermission "getClassLoader"; > permission java.lang.RuntimePermission > "accessClassInPackage.org.apache.catalina.connector"; > permission java.lang.RuntimePermission > "accessClassInPackage.org.apache.tomcat.util.threads"; > permission java.lang.RuntimePermission "reflectionFactoryAccess"; > permission java.lang.RuntimePermission > "accessClassInPackage.com.sun.jmx.interceptor"; > permission java.lang.RuntimePermission > "accessClassInPackage.com.sun.jmx.mbeanserver"; > permission java.lang.RuntimePermission "modifyThread"; > permission java.lang.RuntimePermission "getProtectionDomain"; > > // JAXB permissions > permission javax.xml.bind.JAXBPermission "setDatatypeConverter"; > > // Serialization related permissions > permission java.io.SerializablePermission "allowSerializationReflection"; > permission java.io.SerializablePermission "creator"; > permission java.io.SerializablePermission "enableSubclassImplementation"; > > // Internal resources access permissions > permission java.io.FilePermission "synonyms.txt", "read"; > permission java.io.FilePermission "lang/synonyms_en.txt", "read"; > permission java.io.FilePermission "quartz.properties", "read"; > permission java.io.FilePermission "/templates/-", "read"; > permission java.io.FilePermission "/skins/-", "read"; > permission java.io.FilePermission "/resources/-", "read"; > > // MBean related permissions > permission javax.management.MBeanServerPermission "createMBeanServer"; > permission javax.management.MBeanPermission "*", "registerMBean"; > permission javax.management.MBeanPermission "*", "unregisterMBean"; > permission javax.management.MBeanTrustPermission "register"; > permission javax.management.MBeanPermission "-#-[-]", "queryNames"; > permission javax.management.MBeanServerPermission "findMBeanServer"; > > // LibreOffice/OpenOffice related permissions > permission java.io.FilePermission > "/opt/openoffice.org3/program/soffice.bin", "read"; > permission java.io.FilePermission "/opt/libreoffice/program/soffice.bin", > "read"; > permission java.io.FilePermission "/usr/lib/openoffice/program/soffice.bin", > "read"; > permission java.io.FilePermission > "/usr/lib/libreoffice/program/soffice.bin", "read"; > > // Allow file storage directory reading - for directory and everything > underneath > // This is dependent on the setting of environment.permanentDirectory in > xwiki.properties > permission java.io.FilePermission > "${catalina.base}${file.separator}xwikidata${file.separator}", > "read,write,delete"; > permission java.io.FilePermission > "${catalina.base}${file.separator}xwikidata${file.separator}-", > "read,write,delete"; > > // Allow file storage directory reading - temporary directory and everything > underneath > // This is dependent on the setting of environment.temporaryDirectory in > xwiki.properties. > permission java.io.FilePermission > "${catalina.base}${file.separator}temp${file.separator}", "read,write,delete"; > permission java.io.FilePermission > "${catalina.base}${file.separator}temp${file.separator}-", > "read,write,delete"; > }; > > Create Tomcat Environment Script > See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat > > Put these lines in /data/tomcat/bin/setenv.sh: > > #!/bin/sh > > export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::") > export PATH=$JAVA_HOME/bin:$PATH > > export JAVA_OPTS="${JAVA_OPTS} -Djava.awt.headless=true" > > export CATALINA_HOME=/data/tomcat > CATALINA_OPTS="-Xmx1024m -XX:MaxPermSize=192m" > > # Use the Java security manager? (yes/no) > #TOMCAT5_SECURITY= > > Make that file owned by xwiki, group xwiki. > > # chown xwiki:xwiki /data/tomcat/bin/setenv.sh > > Confirm File Ownership > Once again make sure that -all- files under /data/tomcat are owned by xwiki, > group xwiki: > > # cd /data/tomcat > # chown -R xwiki:xwiki . > > Start and Initialize > Edit > See http://platform.xwiki.org/xwiki/bin/view/Features/DistributionWizard > > At this point, we should be able to start XWiki. We have no SSL, and no > front-end yet, so we will have to hit it on port 8080. But now is the time > to test and initialize it. The first time we run it, it will run its > "Distribution Wizard", adding its default pages to the database, and setting > up an admin user. > > Start XWiki as the user xwiki: > > # cd /data/tomcat > # sudo -u xwiki bin/startup.sh > > Then surf to http://pwswiki10.westmarine.net:8080/xwiki. You will see a grey > background and soon a white bar with the words "Initializing" followed by a > quickly-changing percentage. When the percentage hits 100, the Distribution > wizard will start. Enter admin for the admin user's first name, user for the > last name, admin for the username, badpass for the password, which must be > six letters or we'd just leave it at admin for now. Change it later. Enter > your email for the email address. Click Continue. On the next screen > install the default theme and main pages by clicking Install and then > Continue to install the default theme/main pages. When the Distribution > Wizard completes, you will be logged in as admin. Click Next through the > guided tour. > > > Increase Maximum Attachment Size Limit > The maximum size of an attachment is limited by a configuration parameter in > the XWikiPreferences document. It is set to about 32MB by default. > To change it follow these steps: > > Go to http://<yourwiki>/xwiki/bin/edit/XWiki/XWikiPreferences?editor=object > Click on the line that says XWikiPreferences 0 (right below the line that > says Objects of type XWiki.XWikiPreferences (1)) and expand it > Scroll down to the field that says Maximum Upload Size and change the number > to whatever size you want (it is expressed in bytes) > Scroll to the bottom and click "Save" > Install PDF and LDAP Authentication Extensions > Click on More applications on the left side of the home page. Click Install > New Applications. > > Scroll down until you get to PDF Viewer Macro. Click Install and then > Continue. > > When the PDF Viewer install finishes, scroll up a bit to LDAP Authenticator, > and click on Install on Farm and then Continue to install it. When the LDAP > Authenticator extension is finished installing, exit XWiki, and shut down > tomcat > > # sudo -u xwiki bin/shutdown.sh > > Configure XWiki for LDAP > Add the following to the bottom of xwiki.cfg: > > #------------------------------ > # LDAP > # > xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl > xwiki.authentication.ldap=1 > xwiki.authentication.ldap.server=<server> > xwiki.authentication.ldap.port=389 > xwiki.authentication.ldap.bind_DN=westmarine\\{0} > xwiki.authentication.ldap.bind_pass={1} > xwiki.authentication.ldap.base_DN=dc=westmarine,dc=net > xwiki.authentication.ldap.UID_attr=sAMAccountName > xwiki.authentication.ldap.fields_mapping=last_name=name=sAMAccountName,last_name=sn,first_name=givenName,fullName=displayName,email=mail,ldap_dn=dn > xwiki.authentication.ldap.update_user=1 > xwiki.authentication.ldap.mode_group_sync=always > xwiki.authentication.ldap.trylocal=1 > > Confirm LDAP operation > Start tomcat and surf to xwiki. After it completes reloading > (re-initializing), try logging in with your LDAP credentials. > > # sudo -u xwiki bin/startup.sh > > With LDAP now working, what remains is to enable SSL in Tomcat and in XWiki, > and to install and configure NGINX as a front-end. > Edit > First, log out of XWiki and shut down Tomcat. > # sudo -u xwiki bin/shutdown.sh > > Configure Tomcat for SSL > # > > # Note: This part is commented out / not in use. > # We are not currently configuring Tomcat for SSL; we have NGINX listen on > 80 and 443 and talk to Tomcat on 8080 in both cases. > # > # # cd /data/tomcat > # # cd conf > # Edit server.xml and add these lines immediately below the line you already > added which reads URIEncoding="UTF-8" : > # secure="true" > # scheme="https" > # > > Configure XWiki for SSL > Add this to the bottom of xwiki.cfg: > # SSL > xwiki.preferences.redirect > > At line 236, under the section URLs, add the line: > xwiki.url.protocol=https > > Build and Install NGINX > Edit > NGINX requires the zlib-1.2.11 and pcre-8.40 sources. The digital signatures > have already been verified on the copies that exist in /opt/soft. It is not > necessary to build the packages. > > # su - anchor > anchor$ tar zxvf /opt/soft/zip-1.2.11.tar.gz > anchor$ tar zxvf /opt/soft/pcre-8.40.tar.gz > anchor$ tar zxvf /opt/soft/nginx-1.10.3.tar.gz > anchor$ cd nginx-1.10.3 > anchor$ ./configure --prefix=/data/nginx --user=xwiki --group=xwiki > --with-http_ssl_module --with-pcre=/home/anchor/pcre-8.40 --with-pcre-jit > --with-zlib=/home/anchor/zlib-1.2.11 > anchor$ make > anchor$ exit > > # cd /home/anchor/nginx-1.10.3 > # cd nginx-1.10.3 > # make install > # ls -l /data/nginx > # cd /data/nginx > > Configure NGINX > See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat > > # cd /data/nginx > # cd conf > # cp nginx.conf nginx.conf.orig > > Configure conf/nginx.conf > > Edit nginx.conf and add this line before the closing curly brace: > > include ../conf.d/*.conf; > > Just above that, uncomment the lines of the section titled # HTTPS server. > Inside that section: > > Place /data/nginx/keys/dwswiki10.westmarine.net.pem; as the value of > ssl_certificate > Place /data/nginx/keys/dwswiki10.westmarine.net.key; as the value of > ssl_certificate_key > > Place SSL Certificates in NGINX > > CD up one level and make the keys/ dir and populate it with your new > certificate and key for this host: > > # cd .. > # mkdir keys > # cp /tmp/pwswiki10.westmarine.net.pem keys > # cp /tmp/pwswiki10.westmarine.net.key keys > > Create the new directory conf.d and populate it with tomcat.conf: > > # cd .. > # mkdir conf.d > # cd conf.d > > Create the file tomcat.conf with the following content: > > server { > listen 80; > server_name pwswiki10.westmarine.net; > # Root to the XWiki application root /data/tomcat/webapps/xwiki; > > location / { > #All "root" requests will have /xwiki appended AND redirected to > mydomain.com again > rewrite ^ $scheme://$server_name/xwiki$request_uri? permanent; > } > > location ^~ /xwiki { > # If path starts with /xwiki - then redirect to backend: XWiki > application in Tomcat > # Read more about proxy_pass: > http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass > proxy_pass http://localhost:8080; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Host $http_host; > proxy_set_header X-Forwarded-Proto $scheme; } > } > > server { > listen 443; > server_name pwswiki10.westmarine.net; > # Root to the XWiki application > root /data/tomcat/webapps/xwiki; > > location / { > #All "root" requests will have /xwiki appended AND redirected to > mydomain.com again > rewrite ^ $scheme://$server_name/xwiki$request_uri? permanent; > } > location ^~ /xwiki { > # If path starts with /xwiki - then redirect to backend: XWiki > application in Tomcat > # Read more about proxy_pass: > http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass > proxy_pass http://localhost:8080; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Host $http_host; > proxy_set_header X-Forwarded-Proto $scheme; > } > } > > Finally, make sure that all the files under /data/nginx are owned by xwiki, > group xwiki: > > # chown -R xwiki:xwiki conf.d > > Start and stop NGINX: > > # cd /data/nginx; sbin/start > > # cd /data/nginx; sbin/nginx -s stop > > # > > Additional Documents > Edit > platform.xwiki.org/xwiki/bin/view/AdminGuide/Backup > https://dev.mysql.com/doc/refman/5.7/en/installing-source-distribution.html > http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationMySQL > > > The information contained in this transmission may contain West Marine > proprietary, confidential and/or privileged > information. It is intended only for the use of the person(s) named above. > If you are not the intended recipient, you are > hereby notified that any review, dissemination, distribution or duplication > of this communication is strictly prohibited. > If you are not the intended recipient, please contact the sender by reply > email and destroy all copies of the original > message. To reply to our email administrator directly, please send an email > to netad...@westmarine.com.
