Versions Compared

Old Version 69

changes.mady.by.user Kiuwan Editor User

Saved on

compared with

New Version 70

changes.mady.by.user Kiuwan Editor User

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Component

PropertyName (=default value) 

Meaning

TimeZoneKIUWAN_TIMEZONE='UTC'Timezone to be used by Kiuwan application.
WildFly

APPS_JVMMINMEMORY=512M
APPS_JVMMAXMEMORY=3G

Max and Min ammount of heap memory to be used by WidlFly.
APPS_JVMMINMETASIZE=96M
APPS_JVMMAXMETASIZE=512M

Max and min ammount of perm gen memory to be used by WildFly

(see https://issues.jboss.org/browse/WFLY-5955)

MySQL

innodb_buffer_pool_size=2G
join_buffer_size=4M
query_cache_limit=16M
read_buffer_size=16M
read_rnd_buffer_size=4M
sort_buffer_size=4M
max_connections=1024
tmp_table_size=16M
max_allowed_packet=64M

Default MySQL parameters used to create database instance.

(see https://dev.mysql.com/doc/refman/5.6/en/ for reference) redis

Redis

KIUWAN_REDIS_MAXCLIENTS=100
KIUWAN_REDIS_MAXMEMORY=2gb

Maximum number of Redis clients that could be handled simultaneously (https://redis.io/topics/clients)

Max memory limit to be used by Redis server (https://redis.io/topics/config)

 

 

 

Appendix 1 - Configuring Apache as FrontEnd WebServer to KOP


 

If you choose Apache web server as the front-end for your Kiuwan on premise installation, you may follow the following configuration examples and/or check your  current configuration agrees with the suggested examples.

 


 

HTTP Protocol


 

For this kind of access you just need to add a virtual host and configure how Apache will talk to Kiuwan.


Before this make sure your Apache installation has these modules available:

 

  • mod_proxy

  • mod_proxy_ajp (if you want ajp communication between front and backend servers)

  • mod_proxy_http (if you want ajp communication between front and backend servers)

  • mod_proxy_wstunnel


To add a virtual host for Kiuwan on premise, you can add a file in your Apache installation folder (i.e. /etc/apache2/sites-available/kop.conf) with the following content. Make sure you replace the variables put inside brackets for those you previously configured when installing your Kiuwan on premise instance and a protocol is set (choose between ajp or http) in the ProxyPass directives:

 


Code Block
languagexml
<VirtualHost *:[KIUWAN_PORT]>
	ServerName [KIUWAN_HOST]
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	LogLevel debug
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	ProxyRequests Off
	ProxyPreserveHost On
	<Proxy *>
		Require all granted 
	</Proxy>
	 
	ProxyPass		/	[ajp|http]://[KIUWAN_HOST]:[KIUWAN_PORT]/
	ProxyPassReverse	/	[ajp|http]://[KIUWAN_HOST]:[KIUWAN_PORT]/
	 
	<Location />
		Require all granted
	</Location>
</VirtualHost>

 

 

HTTPS Protocol


 

For this kind of access you will need:

 

  • A virtual host configured in Apache will talk to Kiuwan (see below).

  • Open an https port in Apache (usually 443).

  • A certificate for the exposed host name (KIUWAN_WEBSERVER_HOST).


Before this make sure your Apache installation has these modules available:

 

  • mod_proxy

  • mod_proxy_ajp (if you want ajp communication between front and backend servers)

  • mod_proxy_http (if you want ajp communication between front and backend servers)

  • mod_proxy_wstunnel

  • mod_rewrite

  • mod_ssl


Please make sure you generate a certificate for your kiuwan host name and it is signed by a trusted CA inside your organization. At this point you need three files:

 

  • [KIUWAN_WEBSERVER_HOST].crt: the certificate for your kiuwan host.

  • [KIUWAN_WEBSERVER_HOST].key: the private key.

  • ca.crt: the trusted CA certificate.


 

Refer to Kiuwan On-Premises Installation Guide  for more information on how to create and install certificates.

Please note that you must install the CA certificate on the docker container before proceeding.


 

Place the previous files at this locations (we put here the default locations for these files, but it is up to you to change this paths):

 

  • /etc/ssl/certs/[KIUWAN_WEBSERVER_HOST].crt

  • /etc/ssl/private/[KIUWAN_WEBSERVER_HOST].key

  • /etc/apache2/ssl.crt/ca.crt


Now you should tell Apache to listen on the configured https port, editing the ports.conf file (i.e. /etc/apache2/ports.conf):

 

Listen [KIUWAN_WEBSERVER_PORT]

 

To add a virtual host for Kiuwan on premise, you can add a file in your Apache installation folder (i.e. /etc/apache2/sites-available/kop.conf) with the following content. Make sure you replace the variables put inside brackets for those you previously configured when installing your Kiuwan on premise instance and a protocol is set (choose between ajp or http) in the ProxyPass directives:

 

Code Block
languagexml
<VirtualHost *:[KIUWAN_WEBSERVER_PORT]>
	ServerName [KIUWAN_WEBSERVER_HOST]
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html

	SSLEngine on
	SSLCertificateFile /etc/ssl/certs/[KIUWAN_WEBSERVER_HOST].crt
	SSLCertificateKeyFile /etc/ssl/private/[KIUWAN_WEBSERVER_HOST].key
	SSLCertificateChainFile /etc/apache2/ssl.crt/ca.crt

	LogLevel debug
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined

	ProxyRequests Off
	ProxyPreserveHost On
	<Proxy *>
		Require all granted 
	</Proxy>
	 
	ProxyPass		/	[ajp|http]://[KIUWAN_HOST]:[KIUWAN_PORT]/
	ProxyPassReverse	/	[ajp|http]://[KIUWAN_HOST]:[KIUWAN_PORT]/
	 
	<Location />
		Require all granted
	</Location>
	
	# Redirect http traffic to https
	RewriteEngine On
	RewriteCond %{HTTPS} off
	RewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI} [R,L]

</VirtualHost>