dhis2-devs team mailing list archive

Thread
Date

[Branch ~dhis2-documenters/dhis2/dhis2-docbook-docs] Rev 802: Added note on tomcat config for ssl

To: DHIS 2 developers <dhis2-devs@xxxxxxxxxxxxxxxxxxx>
From: noreply@xxxxxxxxxxxxx
Date: Wed, 18 Sep 2013 10:05:09 -0000
Reply-to: noreply@xxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

------------------------------------------------------------
revno: 802
committer: Bob Jolliffe <bobjolliffe@xxxxxxxxx>
branch nick: dhis2-docbook-docs
timestamp: Wed 2013-09-18 10:19:23 +0100
message:
  Added note on tomcat config for ssl
modified:
  src/docbkx/en/dhis2_implementation_guide_installation.xml


--
lp:~dhis2-documenters/dhis2/dhis2-docbook-docs
https://code.launchpad.net/~dhis2-documenters/dhis2/dhis2-docbook-docs

Your team DHIS 2 developers is subscribed to branch lp:~dhis2-documenters/dhis2/dhis2-docbook-docs.
To unsubscribe from this branch go to https://code.launchpad.net/~dhis2-documenters/dhis2/dhis2-docbook-docs/+edit-subscription

=== modified file 'src/docbkx/en/dhis2_implementation_guide_installation.xml'
--- src/docbkx/en/dhis2_implementation_guide_installation.xml	2013-09-10 13:32:28 +0000
+++ src/docbkx/en/dhis2_implementation_guide_installation.xml	2013-09-18 09:19:23 +0000
@@ -53,9 +53,8 @@
     <para><emphasis role="bold">Create new user (optional)</emphasis></para>
     <para>You might want to create a dedicated user for running DHIS - it is not recommended to run
       as the root user. Create a new user called dhis by invoking <code>useradd -d /home/dhis -m
-        dhis -s /bin/bash</code> If there is no admin group already you must create it by invoking
-        <code>groupadd admin</code> Then make the user able to perform operations temporarily as
-      root by invoking <code>usermod -G admin dhis</code> Then invoke <code>passwd dhis</code> to
+        dhis -s /bin/bash</code> Then make the user able to perform operations temporarily as root
+      user by invoking <code>usermod -G sudo dhis</code>. Then invoke <code>passwd dhis</code> to
       set the password for your account. Make sure you set a strong password with at least 15 random
       characters. You might want to disable remote login for the root account for improved security
       by invoking <code>sudo passwd -l root</code></para>
@@ -276,6 +275,8 @@
     proxy_set_header  X-Forwarded-Proto  https;
  }
 }]]></screen>
+      <para>In order for tomcat to properly produce Location uris using https you also need to add two other parameters to the Connector in tomcat's server.xml file:</para>
+      <para><screen>&lt;Connector scheme=&quot;https&quot; proxyPort=&quot;443&quot; ... &gt;</screen></para>
     </section>
     <section>
       <title>Enabling caching, compression and SSL on nginx</title>