Standard Bonsai approach with 0F...
Create Application Service Account
Code Block |
---|
|
sudo addgroup --gid 3000 aemadmin # Replace 3000 with what you choose for your organization
sudo useradd -d /home/aemadmin -m -g aemadmin -u 3000 -c "Admin for Adobe EM" -s /bin/bash aemadmin |
Ensure the Service Account cannot ssh in directly into the system. This is to ensure we know who logged in for what reason. Staff should log in with their id first and use sudo. Alternatively, in a large organization use a third party to facilitate the password with audit controls your Service Account.
Make the package directory,
Code Block |
---|
|
sudo mkdir /opt/aem
sudo chown aemadmin:aemadmin /opt/aem/ |
From this point on user aemadmin,
Code Block |
---|
|
sudo su - aemadmin |
Download the pre-configured package for not configured....
Code Block |
---|
|
# wget www.bonsaiframework.com/downloads/private/aem/
...
cd ~
mkdir author
cd author
wget www.bonsaiframework.com/downloads/private/aem/cq-quickstart-6.2.0.jar
mv cq-quickstart-6.2.0.jar
wget http://www.bonsaiframework.com/downloads/0fs-java/jre-8u74-linux-i586.tar.gz # Change link to an alias once I have time
tar -xvpf jre-8u74-linux-i586.tar.gz
rm jre-8u74-linux-i586.tar.gz
|
By default the package starts up running both the author and publish components as one service. Enterprise configurations will want to segregate and this occurs with a file rename using the following convention,
Code Block |
---|
|
<instance-type>-p<port-number>.jar |
Download and rename the jar file to run as author on Adobe recommended port of 4502,
Info |
---|
If the Jar is not renamed it will not be able to unpack completely even if it was previously renamed. It must be renamed again. |
Code Block |
---|
|
# wget www.bonsaiframework.com/downloads/private/aem/
...
cd ~
mkdir author
cd author
wget www.bonsaiframework.com/downloads/private/aem/cq-quickstart-6.2.0.jar
mv cq-quickstart-6.2.0.jar aem-author-4502.jar |
While in the same aem directory, setup Java,
Code Block |
---|
|
wget http://www.bonsaiframework.com/downloads/0fs-java/jre-8u74-linux-i586.tar.gz # Change link to an alias once I have time
tar -xvpf jre-8u74-linux-i586.tar.gz
rm jre-8u74-linux-i586.tar.gz
ln -s ./jre1.8.0_74 ./java
# Add Java to class path temporarily for your current command line session
export JRE_HOME=/opt/aem/author/java
export JAVA_HOME=/opt/aem/author/java
export PATH=${JAVA_HOME}/bin:${PATH}
# If you have other installations of Java installed you might want to reverse,
export PATH=/opt/aem/author/java/bin:$PATH
# Verify,
which java
/opt/aem/author/java/bin/java
# Generate the initial files ... not just starting for first time will do this too, but this allows us to see everything and make any modifications before first run,
java -jar aem-author-4502.jar -unpack
# while in LXD Host,
sudo iptables -t nat -A PREROUTING -p tcp -i ens33 --dport 4502 -j DNAT --to-destination 10.71.210.30:4502 |
Do some customization for Enterprise.
Modify start, status and stop to include Zero Footprint Java,
Code Block |
---|
# Bonsaiframework - Modification Start
# --------------------------------------
JRE_HOME=/opt/aem/author/java
JAVA_HOME=/opt/aem/author/java
PATH=${JAVA_HOME}/bin:${PATH}
# --------------------------------------
# Bonsaiframework - Modification End |
To do performance tuning on the jvm the configuration can be found in the start script
Code Block |
---|
|
CQ_JVM_OPTS='-server -Xmx1024m -XX:MaxPermSize=256M -Djava.awt.headless=true' |
Here are somethings we will add shortly,
- Change Log Location
- Only allows specific users to stop and start
- Set Maximum DAM uploads
- Closing off WebDAV ect.. initially
- Security
Follow Adobe's Security Checklist.
References
Most important - https://docs.adobe.com/docs/en/aem/6-2/deploy/custom-standalone-install.html