This document provides general information about our Liferay servers.
Our setup is Docker based and both Liferay and MariaDB database run as Docker images. This makes upgrade simpler and you can also copy the setup to your own computer and run it there. The server has two volumes one mounted to root / and another one mounted to /var/lib/docker. The root volume is 40GB and the docker volume is starting at 20GB.
The home for portal user is in /opt/portal but most of the data are stored in docker volumes. By default there are two volumes mariadb_data for database files and liferay_data for Liferay data directory.
bin liferay liferay/deploy liferay/home liferay/scripts mariadb mariadb/conf.d/ nginx nginx/conf.d/
Contains some helper scripts for interacting with the database and backing it up.
- mysql – opens an interactive client to database
- backup_database.sh – create a backup of the database
- cleanup_database_backups.sh – removes old database backups and keeps only desired count of backups
Contains liferay files.
- liferay.env – You can override Liferay docker image environment variables by specifying them here
- deploy – Files copied to Liferay deploy folder on liferay docker image startup
- home – Files copied to Liferay home on docker image startup. Contains portal-ext.properties used to define database connection settings.
- scripts – Scripts that will be executed before the portal is started.
MariaDB specific files. conf.d/default.cnf contains MariaDB settings.
Contains nginx specific files. Files in conf.d will be placed in nginx conf.d directory. default.conf contains server with proxy rules for Liferay.
The whole stack is started with docker compose. One started they will be restarted automatically on reboot or if container crashes. Few useful commands:
- docker-compose up -d – Starts the stack defined on docker-compose.yml in background.
- docker-compose logs -f – Tail logs for all containers
Managing firewall rules
Each virtual server comes with preinstalled and configured Shorewall firewall. The server is configured with both IPv4 and IPv6 address so when you modify the rules you need to do it for both. Shorewall configuration can be found in /etc/shorewall for IPv4 and /etc/shorewall6 for IPv6. You normally need to edit only the rules file. The default configuration blocks access to all ports and only ports individually opened in the rules file are accessible.
By default we’ve opened public access to following ports:
- 22 – SSH
- 80 – HTTP
- 443 – HTTPS
We’ve also opened few monitoring related ports to our monitoring server but these are not accessible by any other host.
- 1 – ICMP (Ping)
- 161, 162 – SNMP
- 5666 – NAGIOS NRPE (nagios agent)
- 3306 – MySQL
Normally you shouldn’t need to open any additional ports for better security but if you do then edit the /etc/shorewall/rules for opening a port for your IPv4 address and /etc/shorewall6/rules files and then run following commands to reload the new rules. Be very careful as incorrect rules may completely prevent access to your server. If you are uncertain what you are doing then please contact support as we provide server maintenance at hourly rate and can do the changes for you.
shorewall restart shorewall6 restart
Daily backups are made totally transparently of the whole server image. It’s recommended that you also take a separate backup of database as the daily backup of running database may not be consistent. There’s 7 backup slots that are rotated so you have a one weeks worth of backups.