\conf\server.xml
5. Restart the server
Problems with wrappers
The usage of wrappers can result in SSL warnings.
If your solution is depending on the use of Wrappers, please tjeck the following
All style, script and image references are made with HTTPS
No referenced stylesheets depends on images using HTTP
If the wrapper cannot be transformed from HTTP to HTTPS, referenced ressources should be copied to the server
Stylesheets copied to TS stylesheet
Images downloaded and copied to the media library
After changes are made remmeber to flush caches: Both Chrome and IE sometimes caches longer than expected.
Set up remote backup
Client server setup
Log into server via SSH
Ensure that the backup ssh-certificate is installed
On old servers running Legacy CLI
Run: tsrefreshscripts.sh
Run: tsbackupcertificates.sh
Check if cronjobs are missing: sudo crontab -l
Run: tsinstallcronjobs.sh
On newer servers running Current CLI
Run: ts update-script
Run: ts backup-database-rsync
Ensure that port 22 is open for TCP trafic from the backup server IP
Run the license report service manually, if it has never been executed
Backup server setup
Ensure that the server is present in the server-list on the support-server
Check the Backup option
Set a unique name for the backup
Only lowercase and a-z
Save
Validate backup
Wait to 24h passes
Check the server-record on the support-server
Ensure that a backup size is recorded and last-backup is within the last 24 hours
Set up monitoring
Log in to UptimeKuma
Clone an existing monitor group in the Customers group
Clone an existing not " - Healthy " monitor
Change Friendly Name
Change URL
Change Monitor Group
Clone an existing " - Healthy " monitor, if hosting is not shared
Change Friendly Name
Change URL
Change Monitor Group
Tjeck the monitor is working
Basic setup
All the following canges are carried out in the Tempus Serva designer
Company logo
Upload you logo file via Ressources > Media files
Show the logo after upload
Copy the URL of image
Add to stylesheet via Ressources > Stylesheet
.logo {
background: url(https://alpha.tempusserva.dk/TempusServa/media/logo.1.svg) no-repeat !important;
}
Company colors
Edit the stylesheet via Ressources > Stylesheet
themePrimary
themeSecondary
themeTeritary (optionally)
Next edit the graph colors in Modules > Configurations
diagramColor
diagramColorTextAxis (optionally)
Setting up outbound emails
In the designer edit the following Modules > Configurations
smtpServer
smtpUsername
smtpPassword
smtpTestEmail
Cloning an instance
Connecting to the server
First you must access the commandline on the system in question. This is done using a certificate and the Putty program.
Get a certificate private key from an existing admin user
Install Putty on your machine (alternative WinSCP)
Set up the profile in Putty
Set hostaname = {server IP or domain name}
Set Category > Connection > Data > Auto login username = ec2-user
Set Category > Connection > SSH > Auth > Credentials > Private key file authentication = {private file location}
Session > Save
Test you can connect to the server.
Note: Connection will fail if you try connecting from an IP that is not whitelisted by the TS server team
Cloning the system
Copy an instance
Run: ts clone-app
Define source name
Define name of new instance
Validate after 2 mins that the instance is running
Option: Change configurations
Some server settings are more appropriate for demo/test systems.
Consider setting
Backend > Modules > Configuration
smtpTestMode = false
serviceAutostart = false
EC2 server recovery
Recovery procedure without database backup
Changes in AWS
Make a snapshot of the running server
Make a volume from the snap shot
Name the volume: RESTORE COPY
Create a NEW server
Attatch the RESTORE COPY to NEW server on /dev/sdf
Connect to new server
Install TS client tools
ts quick-install
ts stop-webserver
ts stop-database
mkdir /mnt/oldroot
sudo mount /dev/nvme1n1p1 /mnt/oldroot
sudo rm -r /var/lib/mysql
sudo cp -r /mnt/oldroot/var/lib/mysql /var/lib
ts start-database
mysql -uroot -p -e "UPDATE applive.systempolicy SET PolicyValue='false' WHERE PolicyName LIKE 'securitySsl%'"
sudo rm -r /mnt/sda/*
sudo cp -r /mnt/oldroot/usr/tempusserva/sda/* /mnt/sda/
sudo chmod 777 -R /mnt/sda/files
sudo cp /mnt/oldroot/usr/share/tomcat8/conf/Catalina/localhost/* /usr/share/tomcat8/conf/Catalina/localhost
ts start-webserver
Ensure server is running
Changes in AWS
Stop NEW server
Detatch RESTORE COPY
Stop OLD server
Deassociate IP from OLD server
Associate IP to NEW server
Start NEW server
Connect to new server
ts install-ssl
mysql -uroot -p -e "UPDATE applive.systempolicy SET PolicyValue='true' WHERE PolicyName LIKE 'securitySsl%'"
ts restart-webserver
Steps is using S3 filesystem
Server_maintenence#Moving_files_to_S3_storage
Step: Add IAM role to server
Step: Install the mountpoint
Local development environment tutorial
This tutorial's goal is to explain how to set up the TS-nocode platform and database on a Windows PC.
You will need
TortoiseSVN
Apache Tomcat 8.5 or 9
Netbeans 8.2 running JDK 1.8 or newest Netbeans and a supported JDK
MariaDB 11
Navicat for MariaDB
npm (NPM Package Manager)
TempusServa.war
mariadb-java-client-3.1.4
What to do
Create a working copy of the codebase via TortoiseSVN (see https://tortoisesvn.net/docs/release/TortoiseSVN_en/tsvn-quick-start.html )
Start MariaDB in Windows Services
Create a new connection in Navicat with the following parameters: host: localhost, port:3306, username:root. Connection name doesn't matter.
Create three new databases in Navicat; tsbase, tslive, and tstest. Configuration should be left as default.
Start Apache Tomcat in Windows Services.
Put TempusServa.war in Tomcat 8.5/webapps. A folder with the name TempusServa should be generated automatically after a couple of seconds.
In TempusServa/sql are some sql files which have to be run on each of the tree databases in navicat in the following order:
ts_base_restore -> appbase
ts_live_create -> applive
ts_test_create -> apptest
If the sql files fail to run properly you may have to add the following to my.ini in MariaDB 11.0/Data:
max_allowed_packet = 1G
innodb-default-row-format = dynamic
innodb-lock-wait-timeout = 1200
innodb_log_file_size = 2G
innodb_log_buffer_size = 1G
innodb_strict_mode = 0
(Restart MariaDB in Windows Services to activate the new settings)
Create a new file TempusServa.xml in Tomcat 8.5\conf\Catalina\localhost
Both context.xml in your working copy in sfwServlets\web\META-INF and TempusServa.xml should look like this:
Remember to add your own root password to the xml's.
Insert mariadb-java-client-3.1.4 in Tomcat 8.5\lib.
In Netbeans, open the following projects and build them afterwards: p2eShared, p2eSolution, p2eTemplate, sfwServlets.
In Netbeans Projects view, run debug file on sfwServlets\Source Packages\dk.p2e.blanket\live.java.
login/password is admin/TempusServa1234.
Login might not work due to being redirected to a https connection if securotyssllogin and -pages in the systempolicy table in tslive are not set to false.
If views are missing, go to the backend and then Modules -> Admin services -> Cache control -> Reload policies. Then Rebuild artifacts -> Rebuild views. This should create the missing views in the database.
Accessing the backend
If you start the server from Netbeans, you will not have access to the backend. To do this you will need to start the server by running Tomcat in Windows Services. A good idea is to have both servers running at the same time on two different ports.
To change the used port in Tomcat go to Apache Software Foundation\Tomcat 8.5\conf\Server.xml.
Set the port to for example 8081 at the following spots in the xml file:
(Tomcat will have to be restarted for the changes to take effect)
To access the server from Tomcat go to http://localhost:8081/TempusServa
Satellite servers
Setting up a satellite server
The following guide explains how a master / satelite server is set up.
It is assumed that you allready have the MASTER server running.
basic installation Linux
First do a normal TS installationon the SATELITE server
Add access to the MySQL database on the SATELITE server
iptables -A INPUT -i eth0 -p tcp -m tcp --dport 3306 -j ACCEPT
sudo /etc/init.d/networking restart
Test access from the MASTER server
telnet sateliteServer 3306
Synchronizing master and satellite
Initially the servers should look alike so it is much easier to stream all data across
On the SATELITE server dump configutations to a file
mysqldump -uLocalUser -pLocalPW --tables tslive.systempolicy > policy.sql
On the MASTER server stream all data
mysql -uLocalUser -pLocalPW > mysql -uRemoteUser -pRemotePW
On the SATELITE server reload configutations
mysql -uLocalUser -pLocalPW --tables tslive.systempolicy < policy.sql
Changes to master server
Changes to slave server
Testing the setup
Migrating an instance
How to migrate a running instance to a new server, with a message on the old server about the migration.
Set up a new server ( Scaleway hosting )
Install the newest alpha release on the new server
On the old server, if a notice about migration is wanted/needed
Turn off tomcat
Move the webapps folder and war-file out of the webapps folder
Create a folder with content about the server meing migrated
Start tomcat
On the old server
Move to the ROOT webapp cd /usr/share/tomcat/webapps/ROOT
Export the database sudo mysqldump -p [LIVE-DB-NAME] > tslive.sql
On the new server
Download the sql file on the new server, to a folder with enough space
cd /mnt/sda
wget [OLD-SERVER]/tslive.sql
Fix naming in sql file, if the webapp changes name
sed -i 's/tslive/applive/g' tslive.sql
sed -i 's/tsbase/appbase/g' tslive.sql
sed -i 's/tstempusserva/tsapp/g' tslive.sql
Turn off tomcat
Import the sql file mysql -p applive < tslive.sql
Connect to the new database
Move sql functions if needed
Fix policies
applicationName
applicationBasePath
applicationServer
Maybe:
applicationIsBehindAReverseProxy
applicationlPort
applicationlPortSSL
smtpTestMode
securitySslPages
If an update of the webapp version is not desired:
On the old server
Move the webapps war-file to the ROOT webapp folder
On the new server
Download the war-file wget [OLD-SERVER]/TempusServa.war
Replace the war-file in the webapps folder mv TempusServa.war /usr/share/tomcat9/webapps/app.war
Start tomcat on the new server
Test the new server
Update DNS
If the domain is still the primary domain
Setup SSL
If the domain is no longer the primary domain
Update SSL cert with old domain
Expand nginx setup to include old domain
If the webapp changed name
Add a redirect app ts install-redirectapp
If the domain changed
Add a link to the new domain in the "migration webapp" on the old server
Sample migration webapp
index.jsp
Just a basic page telling the user that the server is unavailable.
Sorry, we are migrating the server
Sorry, the server is currently unavailable
The server is currently being migrated, please check back later
WEB-INF/web.xml
Remaps all requests to the server, to the index.jsp file.
Redirect TempusServa
index
/index.jsp
index
/*
Remote debugging in Netbeans
How to enable debuggning in netbeans on a remote server, to enable break points.
The server
Enable remote debugging in Tomcat. Edit the service file
sudo nano /etc/systemd/system/tomcat[VERSION].service
Copy the "CATALINA_OPTS" line and comment the old one out
Add the following add the end of the line (before the ending ping)
-XX:+UseParallelGC -Xdebug -Xrunjdwp:transport=dt_socket,address=*:9999,server=y,suspend=n
Save and exit nano
Reload the service
sudo systemctl daemon-reload
Restart tomcat
ts restart-webserver
Ensure that a process now is listening on port 9999
ss -lntu
Open port 9999 in the firewall using the IaaS providers interface
Netbeans
Ensure that you are running the same version of the software as the server, otherwise the break points wont make sense.
Attatch to the remote server
Select "Debug" and "Attach Debugger..."
Input the host and port 9999
Click OK
Find the "Debugger Console", normally in the bottom of the window, in the "Output" tab.
The console should read "User program running"
Try adding a break point and see if it works
Change login session duration
To increase the number of minutes a session lasts do the following.
Warning! This change affects all instances on a server!
First, update the tomcat configuraion
sudo nano /usr/share/tomcat/conf/web.xml
Second, find the following config and adjust acordingly The attribute is defined in minutes.
30
Third, restart tomcat
ts restart-webserver
Fourth, update the policies on the instance. Update sessionLifetimeMinutes and sessionLifetimeMaximum .
Disable ssh password login
Add a sshd config file with the following content
sudo nano /etc/ssh/sshd_config.d/99-ts.conf
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
Reload the SSH daemon
sudo systemctl reload sshd
WARNING! Now you are no longer able to create new session to that server! Remember to add your ssh certificate before closing the session!
Proxies and policies
This page tries to show how to configure a couple of central policies, based on how TS is hosted.
Tomcat on port 80/443
When running tomcat directly on port 80/443, the following policies should be set.
Policy
Value
applicationIsBehindAReverseProxy
false
applicationIsHiddenBehindAReverseProxy
false
applicationlPort
80
applicationlPortSSL
443
securitySslPages
Depends on if SSL is enabled (recommended)
applicationServer
A domain pointing at the server
This was the default setup up untill 2025-Q2. This illustration shows how the traffic is routed.
Behind a proxy (nginx)
When running tomcat behind a reverse proxy (eg. nginx), the following policies should be set.
Policy
Value
applicationIsBehindAReverseProxy
true
applicationIsHiddenBehindAReverseProxy
false
applicationlPort
80
applicationlPortSSL
443
securitySslPages
Depends on if SSL is enabled (recommended)
applicationServer
A domain pointing at the server
This is the default setup as of 2025-Q2. It helps when running SSL/TLS and multiple/changing domains. This illustration shows how the traffic is routed.
Hidden behind a proxy
When hiding the webapps hosted by tomcat behind a reverse proxy (eg. nginx), the following policies should be set.
Policy
Value
applicationIsBehindAReverseProxy
true
applicationIsHiddenBehindAReverseProxy
true
applicationlPort
80
applicationlPortSSL
443
securitySslPages
Depends on if SSL is enabled (recommended)
applicationServer
The domain pointing at the instance
This setup also requires that the context file for the given webapp is modified. The following attributes have to be added to the Context opening tag.
useRelativeRedirects="false" sessionCookiePath="/"
All of this is handled by the ts script.
This is used for shared hosting, where multiple domains are pointing to the same server, as to not expose other installations/customers. This illustration shows how the traffic is routed.