Back to the beginning of this guide
Note |
---|
icon | false |
---|
title | This Guide assumes |
---|
|
- A fresh, minimal (e.g. netinst.iso) install of Debian 10 ("Buster") with no "tasks" except
openssh-server - Ubuntu 18.04 LTS ("xenial") Server works the same as Debian 10 for the purpose of this guide
- Accessed via SSH or the console (no X11 required nor recommended),
- Correct server time configuration using NTP (e.g. using
systemd-timesyncd or ntpd ) - Packet filters or firewall rules in place, e.g.:
- With outgoing (ports TCP/80 and TCP/443) network access:
- Port 80 for Debian APT updates, i.e., for downloading signed software packages
- Port 80 and 443 for downloading signed eduID.at Metadata
- Port 443 is also needed for downloads of the Shibboleth IDP software (you can copy that to the server yourself, of course)
- The IDP will also need to connect to your LDAP Directory Servers for authentication and attribute lookup,
- either on the standard port TCP/389 for LDAP(+STARTTLS),
- or on port TCP/636 for LDAPS (which which no formal specification exists),
- or maybe on the "global catalog" port of your Microsoft Active Directory (only if you need to access that).
- For NTP you also need outgoing connectivity to the configured NTP servers (e.g. ACOnet's)
- And incoming HTTPS access (port TCP/443 only, no port 80 necessary nor recommended),
- also incoming port 22 for access only from a management network, if the server is managed via SSH,
- All commands in this guide are to be issued by user
root (uid=0), and will make of setuidgid as needed to change to other accounts. - The shell to use is
/bin/bash (you can get fancy with fish/zsh/etc. after finishing the install/configuration) - Use of systemd for service management using the amended service unit as described in this documentation
|
...
No Format |
---|
apt install --no-install-recommends default-jdk-headless tomcat9 libservlet3.1-java \
vim less openssl unzip curl expat multitail gnupg net-tools
systemctl stop tomcat9 |
...
No Format |
---|
rm /var/lib/tomcat9/webapps/ROOT/index.html
echo '<% response.sendRedirect("httphttps://www.example.edu"); %>' > /var/lib/tomcat9/webapps/ROOT/index.jsp
echo -e "User-agent: *\nDisallow: /" > /var/lib/tomcat9/webapps/ROOT/robots.txt |
...