Standard Bonsai approach with 0F.
Create Application Service Account
sudo addgroup --gid 3000 aemadmin # Replace 3000 with what you choose for your organization sudo useradd -d /home/aemadmin -m -g aemadmin -u 3000 -c "Admin for Adobe EM" -s /bin/bash aemadmin
Ensure the Service Account cannot ssh in directly into the system. This is to ensure we know who logged in for what reason. Staff should log in with their id first and use sudo. Alternatively, in a large organization use a third party to facilitate the password with audit controls your Service Account.
# To put here.
Make the package directory,
sudo mkdir /opt/aem sudo chown aemadmin:aemadmin /opt/aem/
From this point on user aemadmin,
sudo su - aemadmin
Download the pre-configured package for not configured....
# wget www.bonsaiframework.com/downloads/private/aem/ ... cd ~ mkdir author cd author wget www.bonsaiframework.com/downloads/private/aem/cq-quickstart-6.2.0.jar mv cq-quickstart-6.2.0.jar wget http://www.bonsaiframework.com/downloads/0fs-java/jre-8u74-linux-i586.tar.gz # Change link to an alias once I have time tar -xvpf jre-8u74-linux-i586.tar.gz rm jre-8u74-linux-i586.tar.gz
By default the package starts up running both the author and publish components as one service. Enterprise configurations will want to segregate and this occurs with a file rename using the following convention,
<instance-type>-p<port-number>.jar
Download and rename the jar file to run as author on Adobe recommended port of 4502,
If the Jar is not renamed it will not be able to unpack completely even if it was previously renamed. It must be renamed again.
# wget www.bonsaiframework.com/downloads/private/aem/ ... cd ~ mkdir author cd author wget www.bonsaiframework.com/downloads/private/aem/cq-quickstart-6.2.0.jar mv cq-quickstart-6.2.0.jar aem-author-4502.jar
While in the same aem directory, setup Java,
wget http://www.bonsaiframework.com/downloads/0fs-java/jre-8u74-linux-i586.tar.gz # Change link to an alias once I have time
tar -xvpf jre-8u74-linux-i586.tar.gz
rm jre-8u74-linux-i586.tar.gz
ln -s ./jre1.8.0_74 ./java
# Add Java to class path temporarily for your current command line session
export JRE_HOME=/opt/aem/author/java
export JAVA_HOME=/opt/aem/author/java
export PATH=${JAVA_HOME}/bin:${PATH}
# If you have other installations of Java installed you might want to reverse,
export PATH=/opt/aem/author/java/bin:$PATH
# Verify,
which java
/opt/aem/author/java/bin/java
# Generate the initial files ... not just starting for first time will do this too, but this allows us to see everything and make any modifications before first run,
java -jar aem-author-4502.jar -unpack
# while in LXD Host,
sudo iptables -t nat -A PREROUTING -p tcp -i ens33 --dport 4502 -j DNAT --to-destination 10.71.210.30:4502
Do some customization for Enterprise.
Modify start, status and stop to include Zero Footprint Java,
# Bonsaiframework - Modification Start
# --------------------------------------
JRE_HOME=/opt/aem/author/java
JAVA_HOME=/opt/aem/author/java
PATH=${JAVA_HOME}/bin:${PATH}
# --------------------------------------
# Bonsaiframework - Modification End
To do performance tuning on the jvm the configuration can be found in the start script
CQ_JVM_OPTS='-server -Xmx1024m -XX:MaxPermSize=256M -Djava.awt.headless=true'
Here are somethings we will add shortly,
- Change Log Location
- Only allows specific users to stop and start
- Set Maximum DAM uploads
- Closing off WebDAV ect.. initially
- Security
Follow Adobe's Security Checklist.
References
Most important - https://docs.adobe.com/docs/en/aem/6-2/deploy/custom-standalone-install.html