Standard Bonsai approach with 0F...
Create Application Service Account
| Code Block | ||
|---|---|---|
| ||
sudo addgroup --gid 3000 aemadmin # Replace 3000 with what you choose for your organization sudo useradd -d /home/aemadmin -m -g aemadmin -u 3000 -c "Admin for Adobe EM" -s /bin/bash aemadmin |
Ensure the Service Account cannot ssh in directly into the system. This is to ensure we know who logged in for what reason. Staff should log in with their id first and use sudo. Alternatively, in a large organization use a third party to facilitate the password with audit controls your Service Account.
| Code Block |
|---|
# To put here. |
Make the package directory,
...
| Code Block | ||
|---|---|---|
| ||
# wget www.bonsaiframework.com/downloads/private/aem/ ... cd ~ mkdir author cd author wget www.bonsaiframework.com/downloads/private/aem/cq-quickstart-6.2.0.jar mv cq-quickstart-6.2.0.jar wget http://www.bonsaiframework.com/downloads/0fs-java/jre-8u74-linux-i586.tar.gz # Change link to an alias once I have time tar -xvpf jre-8u74-linux-i586.tar.gz rm jre-8u74-linux-i586.tar.gz |
...
| Code Block |
|---|
# Bonsaiframework - Modification Start
# --------------------------------------
JRE_HOME=/opt/aem/author/java
JAVA_HOME=/opt/aem/author/java
PATH=${JAVA_HOME}/bin:${PATH}
# --------------------------------------
# Bonsaiframework - Modification End |
To do performance tuning on the jvm the configuration can be found in the start script
| Code Block | ||
|---|---|---|
| ||
CQ_JVM_OPTS='-server -Xmx1024m -XX:MaxPermSize=256M -Djava.awt.headless=true' |
Here are somethings we will add shortly,
- Change Log Location
- Only allows specific users to stop and start
- Set Maximum DAM uploads
- Closing off WebDAV ect.. initially
- Security
Follow Adobe's Security Checklist.
References
Most important - https://docs.adobe.com/docs/en/aem/6-2/deploy/custom-standalone-install.html