...
Step 1. Ensure Java 8 is installed on the server.
You can set Setting JAVA_HOME in the configuration will be done later. This Java will be used to run the tomcat server. A different Java version can be specified on the endpoint configuration in FlexDeploy and those will be used to actually execute plugins. This Java version can be Java
Step 2. Prepare software
The HTTP Agent can be downloaded from the Flexagon Support Site. You will download specific version of agent (This will correspond with FlexDeploy version), download file is named Tomcat_CompletenamedHttpsAgentTomcatComplete-X.X.X.X.zip, where X.X.X.X represents four digit version number.
Extract the zip file in the desired location (referred to as "HTTPS_AGENT_HOME" in this document). See example below, where zip was extracted in
| Code Block |
|---|
unzip /u01 |
...
/software/HttpsAgentTomcatComplete-X.X.X.X.zip . |
Step 3. Configure authentication
| Note |
|---|
You must configure the user to have the role ' |
Basic Auth
We are going to To configure basic auth, with use the username and password being stored in tomcat-users.xml.
For basic configuration you will only need to configure password password needs to be configured in the given HTTPS_AGENT_HOME/apache-tomcat-flexdeploy-https-agent/conf/tomcat-users.xml file. Here’s what that will look like:
...
For LDAP use we will need to change the HTTPS_AGENT_HOME/apache-tomcat-flexdeploy-https-agent/conf/server.xml file. By default it is configured to use a UserDatabase realm instead of the JNDI realm we are looking for.
...
| Code Block | ||
|---|---|---|
| ||
<Connector port="8444" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" SSLEnabled="true"
keystoreFile="../config/tomcat.jks" keystorePass="KEYSTORE PASSWORD HERE">
</Connector> |
Now let’s import the certificate into the java trust store on the FlexDeploy server.
First copy over the certificate we that was generated (with the .cer extension).
Next let’s determine the java Java install used by the FlexDeploy server.
If you set JAVA_HOME is set in your setenvoverride.sh file, use that directory.
If you didn’t it is not set it, but it is already set in your system use that value, . Run echo "$JAVA_HOME" to find that out.
If it’s not set in setenvoverride.sh or the environment run this command to find the path used dirname $(dirname $(readlink -f $(which javac)))
Then we can run the following command on the server.
| Code Block |
|---|
keytool -import -noprompt -trustcacerts -alias tomcat -file httpsagent.cer -keystore "JAVA_INSTALL_PATH/jre/lib/security/cacerts" -storepass <password> |
The default password for the java keystore is changeit.
Now your the server will be able to connect to the endpoint.
...