=== modified file 'src/docbkx/en/dhis2_implementation_guide_installation.xml'
--- src/docbkx/en/dhis2_implementation_guide_installation.xml 2012-03-13 12:38:06 +0000
+++ src/docbkx/en/dhis2_implementation_guide_installation.xml 2012-03-13 14:32:47 +0000
@@ -48,7 +48,7 @@
Clear the pre-installed web applications by invoking rm -rf webapps/*
Download the latest DHIS 2 WAR file from http://dhis2.org/download and move it to the webapps directory.
Open file bin/setclasspath.sh and add the lines below. The first will set the location of your Java Runtime Environment, the second will dedicate memory to Tomcat and the third will set the location for where DHIS 2 will search for the hibernate.properties configuration file, note that you should adjust this to your environment:
JAVA_HOME='/usr/lib/jvm/java-7-openjdk'
-JAVA_OPTS='-Xmx6000m -XX:MaxPermSize=1000m'
+JAVA_OPTS='-Xmx6000m -Xms3000m -XX:MaxPermSize=800m -XX:PermSize=400m'
DHIS2_HOME='/home/dhis/config'
To do basic performance tuning (optional) you can install the native APR library by invoking sudo apt-get install libtcnative-1
Then open file bin/setclasspath.sh and add this line at the end of the file: LD_LIBRARY_PATH=/usr/lib:$LD_LIBRARY_PATH
If you need to change the port of which Tomcat listens for requests you can open the Tomcat configuration file /conf/server.xml, locate the <Connector> element which is not commented out and change the port attribute value to the desired port number.
@@ -103,7 +103,7 @@
In order to improve security it is recommended to configure the server running DHIS to communicate with clients over an encrypted connection and to identify itself to clients using a trusted certificate. This can be achieved through SSL which is an cryptographic communication protocol running on top of TCP/IP.
To configure nginx to use SSL you will need a proper SSL certificate from an SSL provider. The cost of a certificate varies a lot depending on encryption strength. An affordable certificate from https://www.rapidsslonline.com should serve most purposes.
When you have your certificate files (.pem and .key) you will need to place them in a location which is reachable by nginx. A good location for this can be the same directory as where your nginx.conf file is located.
- Below is an nginx server block where the certificate files are named server.pem and server.key. Since SSL connections usually occur on port 443 (HTTPS) we pass requests on that port (443) on to the DHIS instance running on http://localhost:8080/dhis. The first server block will rewrite all requests connecting to port 80 and force the use of HTTPS/SSL. This is also necessary because DHIS is using a lot of redirects internally which must be passed on to use HTTPS.
+ Below is an nginx server block where the certificate files are named server.pem and server.key. Since SSL connections usually occur on port 443 (HTTPS) we pass requests on that port (443) on to the DHIS instance running on http://localhost:8080/dhis. The first server block will rewrite all requests connecting to port 80 and force the use of HTTPS/SSL. This is also necessary because DHIS is using a lot of redirects internally which must be passed on to use HTTPS. Remember to replace <server-ip> with the IP of your server. These blocks should replace the one from the previous section.