Versions Compared

Old Version 2

changes.mady.by.user Ian Crawford (Unlicensed)

Saved on

compared with

New Version 3

changes.mady.by.user Chris Welford

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Download and install Java from java.com. Java JDK 1.8 is required (and version 1.8.0_74 or greater is recommended). The following JVM (Java Virtual Machine) options should be set to control (amongst other things) the amount of memory reserved for Tomcat and therefore made available for PhixFlow. The options are:

Option

Recommended Setting

Syntax

Initial Memory Pool

1024Mb on 32bit architecture. 40% of physical memory on x64 architecture. Consult your sys admin for recommended settings on virtual servers.

-Xms1024m

Max Memory Pool

As much as possible. 1024Mb on 32bit architecture. 75% of physical memory on x64 architecture. Consult your sys admin for recommended settings on virtual servers.

-Xmx1024m

Max PermGen Memory Pool

150Mb on 32bit. 1024Mb on x64.

-XX:MaxPermSize=150m

Garbage Collector Diagnostics

Enabled

-verbose:gc

 

To set JVM options:

Windows

Run the Tomcat Monitor

Open the Tomcat Monitor system tray Configure … menu

Select the Java tab

Set the Initial memory Pool (see table above)

Set the Max Memory Pool (see table above)

Add the following lines to the Java Options scrollable field:

-XX:MaxPermSize=150m

-verbose:gc

-Djava.awt.headless=true

Unix/Linux

If you have installed the scripts in Appendix A, these option will already be set however for clarity, these options are defined in the JAVA_OPTS environment variable set in the tomcat user’s shell startup file (e.g. .profile / .bash_profile / .cshrc in the user’s home directory – the actual startup file is determined by the user’s default shell settings).

JAVA_OPTS=’-Xms1024m -Xmx1024m -XX:MaxPermSize=150m -verbose:gc -Djava.awt.headless=true’

Database JDBC Drivers

The drivers needed to connect to PhixFlow’s own database are now included in the release and do not have to be downloaded separately.

...

Start Tomcat

To start Tomcat:

Windows

Run the Tomcat Monitor.

Click on Right mouse menu -> Start Service

Unix

Login to the unix server as user tomcat.

unix> cd  $TOMCAT
unix> startup.sh

 

To make Tomcat start automatically when the server boots:

Windows

Run the Tomcat Monitor.

Right click on the Apache Tomcat icon in the system tray and select Configure …

On the ‘General’ tab:

Set Startup Type to Automatic.

Unix

As the root user, install the “tomcat” script listed in in Appendix A and create a softlink to it from the appropriate run-level directory. The actual run-level directories are specific to the particular unix variant.

Anchor
tomcatViaSSL
tomcatViaSSL
Configure tomcat for SSL access

You may wish to install tomcat to support secure connections over SSL.

This is described in the standard tomcat documentation - for example https://tomcat.apache.org/tomcat-8.0-doc/ssl-howto.html - but some notes are given here to get you started.

Obtain a certificate

If access to PhixFlow is only intended for people in your organisation, you may wish to create a self-signed certificate. This still provides a secure connection, but this will generate security warnings when users first connect, and they will not see a padlock in the address bar of their browser. If this is not acceptable to your users or by your company policy, or if you are going to provide access to people outside your organisation, you should obtain your certificate from a certificate authority.

Both approaches are well documented on the web. For example:

Generate a self-signed certificate on ubuntu: https://help.ubuntu.com/14.04/serverguide/certificates-and-security.html.

From the website of a certificate authority: a list of these is given on https://en.wikipedia.org/wiki/Certificate_authority.

Install certificate

The rest of these instructions assume that:

  • you have a certificate file and private key - either a self-signed certificate you have generated, or obtained from a certificate authority
  • the private key password, if you specified one
  • if you obtained your certificate from a certificate authority, any intermediate certificates representing the chain of authenticating certificates up to a root certificate; your certificate authority should provide instructions for obtaining these

Linux

  • Copy the private key to /etc/ssl/private, e.g.
Code Block
sudo cp server.crt /etc/ssl/certs
  • Copy the certificate to /etc/ssl/certs
Code Block
sudo cp server.key /etc/ssl/private
 

Windows