Vista combinada Visión Plana Vista de árbol
Discusiones [ Anterior | Siguiente ]
Thomas Krauß
Change default server-bundle way to installed tomcat way
19 de marzo de 2012 5:07
Respuesta

Thomas Krauß

Ranking: New Member

Mensajes: 22

Fecha de incorporación: 18 de agosto de 2011

Mensajes recientes

Hello People!

I use liferay CC a long time now and love liferay very much.

But there is one thing, I really can't understand:
The default way is a server-bundle installation.

Why is that a problem?
1) there is no easy way to update the server software if there a security updates
2) security update can not be done by the package manager from operation system

How much people run a productive liferay with outdated tomcat server software? I thing a lot,
just because of that installation routine.

All my security and administration views of this situation are one step before detonation ;)

Can someone please tell my something about that? Isn't that very nonprofessionel??
How to administrate this hole in design for a long time?
I did not found any thread in forum or blog entry about this, I'm the only one who has problems with that?

With greats
eichi
David H Nebinger
RE: Change default server-bundle way to installed tomcat way
19 de marzo de 2012 5:16
Respuesta

David H Nebinger

Ranking: Liferay Legend

Mensajes: 7851

Fecha de incorporación: 1 de septiembre de 2006

Mensajes recientes

For the most part Liferay in tomcat has just a few minor changes:

1. files in the conf/Catalina/localhost directory.
2. the lib/ext folder and files
3. the changes in conf so tomcat knows about the lib/ext directory.

Otherwise there are no real differences.

As long as you are aware of these, it is easy to update your bundle to the appropriate version.

Note that the bundle is just meant to jump-start you into Liferay. No where, absolutely no where, will you see any documentation saying "just drop the bundle into production and you're good to go."

In a production system you'd actually want to hand-deploy Liferay into a production-ready, security hardened application container that has been fully configured.
Hitoshi Ozawa
RE: Change default server-bundle way to installed tomcat way
19 de marzo de 2012 5:34
Respuesta

Hitoshi Ozawa

Ranking: Liferay Legend

Mensajes: 7952

Fecha de incorporación: 23 de marzo de 2010

Mensajes recientes

Application bundles are just for Liferay demo. I won't and don't recommend they be used in production servers because of the points you've cited.
There's, also, a security risk of using default server settings.

Besides security, it's difficult to monitor when there isn't an exact documentation on what has been changed. When the system is not acting properly, it's difficult to find the problem.

I personnally just use the Liferay server bundle for simple demo and in development. We have no production server using the bundled package so it's really not a problem.
Jorge Ferrer
RE: Change default server-bundle way to installed tomcat way
20 de marzo de 2012 3:37
Respuesta

Jorge Ferrer

LIFERAY STAFF

Ranking: Liferay Legend

Mensajes: 2764

Fecha de incorporación: 31 de agosto de 2006

Mensajes recientes

As has been hinted above, it is actually perfectly possible to install Liferay manually into Tomcat (and any other support app server). The user guide has detailed instructions.

I don't see any issue of using a bundle in production, since it doesn't have anything special, it's just a regular tomcat with Liferay installed using the publicly available instructions. Because of that, it should be perfectly possible to upgrade it to a new version when that's needed.

Other that I fully agree with what Hitoshi and David have said, just like with any other piece of software in your production server, you should properly configure and maintain your Tomcat (or any other app server) and make sure it is up to date and doesn't have known vulnerabilities. And that holds true regardless of whether your initial installation was done with a bundle or not.
David H Nebinger
RE: Change default server-bundle way to installed tomcat way
20 de marzo de 2012 5:56
Respuesta

David H Nebinger

Ranking: Liferay Legend

Mensajes: 7851

Fecha de incorporación: 1 de septiembre de 2006

Mensajes recientes

Jorge Ferrer:
I don't see any issue of using a bundle in production, since it doesn't have anything special, it's just a regular tomcat with Liferay installed using the publicly available instructions. Because of that, it should be perfectly possible to upgrade it to a new version when that's needed.


Seriously? Once the bundles are created w/ a version of Liferay, they are not updated w/ new releases of Tomcat (which typically is updated to address new flaws), and I think saying it's okay to use a bundle in production is a disservice to the community.
Thomas Krauß
RE: Change default server-bundle way to installed tomcat way
20 de marzo de 2012 6:32
Respuesta

Thomas Krauß

Ranking: New Member

Mensajes: 22

Fecha de incorporación: 18 de agosto de 2011

Mensajes recientes

David H Nebinger:
Jorge Ferrer:
I don't see any issue of using a bundle in production, since it doesn't have anything special, it's just a regular tomcat with Liferay installed using the publicly available instructions. Because of that, it should be perfectly possible to upgrade it to a new version when that's needed.


Seriously? Once the bundles are created w/ a version of Liferay, they are not updated w/ new releases of Tomcat (which typically is updated to address new flaws), and I think saying it's okay to use a bundle in production is a disservice to the community.


You see emoticon That's the reason why I started this Topic. I think it's not common sence to not use the bundle in productive ;)
Hitoshi Ozawa
RE: Change default server-bundle way to installed tomcat way
20 de marzo de 2012 16:16
Respuesta

Hitoshi Ozawa

Ranking: Liferay Legend

Mensajes: 7952

Fecha de incorporación: 23 de marzo de 2010

Mensajes recientes

Well, bundled version also contains 7cogs portlets, which is actually for demo, as well as Chat portlet and other portlets.
7cogs portlet is a security hazard because it creates default users with login links.

If I had to delete these portlets, it seems it's faster to just install from the war file.

Another point is, most system house already have a standard procedure on how to set up an application server.
It's much easier for unexperienced people to just follow the written steps rather than try to figure out what needs to be done.
Thomas Krauß
RE: Change default server-bundle way to installed tomcat way
29 de marzo de 2012 15:30
Respuesta

Thomas Krauß

Ranking: New Member

Mensajes: 22

Fecha de incorporación: 18 de agosto de 2011

Mensajes recientes

Hitoshi Ozawa:
Well, bundled version also contains 7cogs portlets, which is actually for demo, as well as Chat portlet and other portlets.
7cogs portlet is a security hazard because it creates default users with login links.

If I had to delete these portlets, it seems it's faster to just install from the war file.

Another point is, most system house already have a standard procedure on how to set up an application server.
It's much easier for unexperienced people to just follow the written steps rather than try to figure out what needs to be done.



hm. I tried 3 days now to install liferay into an existing tomcat6 from ubuntu server. Tried some documentations, tipps from forum and other things. Can't get it working. Now I understand, why people use the bundle in productive emoticon
Hitoshi Ozawa
RE: Change default server-bundle way to installed tomcat way
29 de marzo de 2012 15:41
Respuesta

Hitoshi Ozawa

Ranking: Liferay Legend

Mensajes: 7952

Fecha de incorporación: 23 de marzo de 2010

Mensajes recientes

hm. I tried 3 days now to install liferay into an existing tomcat6 from ubuntu server. Tried some documentations, tipps from forum and other things. Can't get it working. Now I understand, why people use the bundle in productive


Yes, it's kind of difficult the first time. I think Liferay education walks you through it.
Thomas Krauß
RE: Change default server-bundle way to installed tomcat way
29 de marzo de 2012 16:09
Respuesta

Thomas Krauß

Ranking: New Member

Mensajes: 22

Fecha de incorporación: 18 de agosto de 2011

Mensajes recientes

Yeah, but as student its costs too much to do such a training. no way
Hitoshi Ozawa
RE: Change default server-bundle way to installed tomcat way
29 de marzo de 2012 17:47
Respuesta

Hitoshi Ozawa

Ranking: Liferay Legend

Mensajes: 7952

Fecha de incorporación: 23 de marzo de 2010

Mensajes recientes

Well, if there's a user group nearby you can try attending and ask questions there. May be, there's some other student at school who may be able to help you.

If you're in Japan, you can drop me a line (I'm usually busy doing this and that though). emoticon
Jorge Ferrer
RE: Change default server-bundle way to installed tomcat way
10 de abril de 2012 10:12
Respuesta

Jorge Ferrer

LIFERAY STAFF

Ranking: Liferay Legend

Mensajes: 2764

Fecha de incorporación: 31 de agosto de 2006

Mensajes recientes

Hey Thomas,

The installation in an app server from scratch should work following the instructions of the User Guide (previously known as the Administration Guide). In fact the documentation team follows all of the steps manually before every release to make sure that's the case. Of course there might be specific aspects that vary in each environment but the general instructions should be fine.

If you find anything important missing or wrong in the User Guide, please report it as a bug.
Szymon Gołębiewski
RE: Change default server-bundle way to installed tomcat way
19 de abril de 2012 8:04
Respuesta

Szymon Gołębiewski

Ranking: Regular Member

Mensajes: 247

Fecha de incorporación: 8 de junio de 2009

Mensajes recientes

Jorge Ferrer:
I don't see any issue of using a bundle in production, since it doesn't have anything special, it's just a regular tomcat with Liferay installed using the publicly available instructions. Because of that, it should be perfectly possible to upgrade it to a new version when that's needed.


Just make sure that the Liferay version that you're using is compatible with Tomcat server that you're upgrading to.
Thomas Krauß
RE: Change default server-bundle way to installed tomcat way
19 de abril de 2012 8:11
Respuesta

Thomas Krauß

Ranking: New Member

Mensajes: 22

Fecha de incorporación: 18 de agosto de 2011

Mensajes recientes

Szymon Gołębiewski:
Jorge Ferrer:
I don't see any issue of using a bundle in production, since it doesn't have anything special, it's just a regular tomcat with Liferay installed using the publicly available instructions. Because of that, it should be perfectly possible to upgrade it to a new version when that's needed.


Just make sure that the Liferay version that you're using is compatible with Tomcat server that you're upgrading to.



I dont think so. The bundle has a lot of unsecure example and beta stuff in it. What about the proxy tool, that let you download all files from server with just the proxy=file:///etc/passwd parameter? No issue of using in production? I don't think so! It should be downloadable as "development and beta" package only.
Jorge Ferrer
RE: Change default server-bundle way to installed tomcat way
23 de abril de 2012 1:11
Respuesta

Jorge Ferrer

LIFERAY STAFF

Ranking: Liferay Legend

Mensajes: 2764

Fecha de incorporación: 31 de agosto de 2006

Mensajes recientes

Hey Thomas,

Please, note that I'm not saying that you should unzip the bundle and then you are ready to go live. I'm just saying that it's perfectly fine to start with it and then prepare it for production. Considering this, some people will prefer to start from scratch. To me it's a matter of taste.

Regarding the issues you have had to install from scratch, did you follow the steps in the User Guide? What issues did you find?
David H Nebinger
RE: Change default server-bundle way to installed tomcat way
23 de abril de 2012 5:38
Respuesta

David H Nebinger

Ranking: Liferay Legend

Mensajes: 7851

Fecha de incorporación: 1 de septiembre de 2006

Mensajes recientes

The issue here is there's a lot of properties that you really have to know something about in order to determine whether they need to be set in the local environment or not.

Even though Liferay does a great job in documenting them (just pull up the file and the comments are there), I don't believe everyone does this the first go round.

The bundle is a great place to get Liferay in front of people. I think we're just saying as a community that users downloading the Liferay bundle should understand it is not something they should be dropping into their production systems and exposing to the world.

Those of us who have been around for awhile know that there are settings that need to be tweaked, updates applied to the Liferay core, to the application container, to the 3rd party jars, etc., that we prefer to have in place before labelling something "production-ready".

I don't think any of us are saying this to slight Liferay in any way, it's really to guide the newbies so they don't end up in a bad situation over things they were not necessarily aware of...