PaaS Support Coverage

Barra de búsqueda

Configuring Remote Staging in Liferay PaaS

Note: please note that Liferay has renamed its Liferay Experience Could offerings to Liferay SaaS (formerly LXC) and Liferay PaaS (formerly LXC-SM).

Introduction

Remote staging in Liferay Cloud allows you to manage and preview content in a staging environment before publishing it to a live environment. This setup ensures content accuracy and security, particularly useful for organizations with complex content management needs.

Before enabling Remote Live staging, you must configure the Liferay servers you want to use for your staging and live environments. You must also create a new blank site or asset library on your remote server and use its ID during staging configuration.

Prerequisites

Before configuring remote staging, ensure the following:

  1. Both the staging and live environments must have an admin user with identical credentials.
  2. All servers must be updated to the same update and patching level to ensure remote staging works correctly.

Cluster Outbound IP

You can retrieve your Liferay PaaS outbound IP by accessing the Liferay Cloud console, going into the Liferay service's shell and running the following command:

curl https://ifconfig.me

Note: The outbound IP address will depend on the location of your Liferay PaaS environment.

Live Environment Ingress IP

You can retrieve your Liferay Live Environment Ingress IP by accessing the Liferay Cloud console on your network endpoints page:

https://console.liferay.cloud/projects/YOUR_PROJECT_ID/network/endpoints

Configuration Steps

1. Configure portal-ext.properties

Add the following properties to the portal-ext.properties file and deploy them in both the staging and live environments:

tunneling.servlet.shared.secret=[abcdefghijklmnop]
tunnel.servlet.hosts.allowed=127.0.0.1,SERVER_IP,[CLUSTER_OUTBOUND_IP]

Notes: Replace [abcdefghijklmnop] with your preferred secret value. Using environment variables and secrets is recommended for better security. Also replace [CLUSTER_OUTBOUND_IP] with the value you retrieved in previous steps.

2. System Settings Configuration

In both environments:

  1. Navigate to System Settings → Security → API Authentication → Tunnel Authentication.
  2. Click on /api/liferay/do.
  3. Under Hosts Allowed, add your Cluster Outboud IP in the end of the curent configuration: 127.0.0.1,SERVER_IP,[CLUSTER_OUTBOUND_IP]
  4. Click Save.

3. Enable Remote Staging

In the staging environment:

  1. Go to the site you want to enable remote staging for.
  2. Navigate to Publishing → Staging.
  3. Select Remote Live.
  4. Enter the Live Environment Ingress IP of your live instance:
    1. If you face javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address exception, use your live instance domain name instead, eg: webserver-[MY_INSTANCE].lfr.cloud
  5. Set Remote Port to 443.
  6. Retrieve the Remote Site ID from the live environment:
    • Go to Configuration → Site Settings → Site Configuration to find the Site ID.
    • Alternatively, look for the groupId in the Group_table.
  7. Ensure the Use a Secure Network Connection checkbox is checked.
  8. Select the content to be staged and click Save.

Licensing and Environments

Licensing

  • In a self-hosted environment, there is an added cost for additional production licenses to be used for remote staging environments. The same principle applies to Liferay Cloud.
  • This means that Liferay Cloud customers must purchase an additional production environment in order to use remote staging.

Environments

  • UAT environments can be used for staging, but DEV environments cannot.
  • If a customer uses DEV as a remote staging environment, Support will not be able to assist with issues relating to this setup.

Additional Considerations

Large LAR Files

  • The import/export process uses LAR files. Ensure the web server can handle the file size to prevent connection issues.
  • Test with smaller files to avoid potential timeouts and errors.

Secret Management

  • For Liferay PaaS customers, consider making the secret configurable through the Instance Settings.
  • Use tunneling.servlet.shared.secret.hex=true for added security.

Troubleshooting and Common Issues

Lock Wait Timeout

This issue may occur during publishing, especially with large files. Investigate the underlying infrastructure to ensure it can handle the load.

DuplicateFriendlyURLEntryException

Address any specific errors that may arise during staging.

Summary

Remote staging in Liferay Cloud involves configuring both staging and live environments with appropriate properties, system settings, and ensuring secure connections. Address infrastructure limitations and potential errors to ensure a smooth staging process.

Conclusion

By following these steps, you can successfully configure remote staging in Liferay Cloud. This setup allows for secure and efficient content management, ensuring that your live site reflects the latest approved content changes from the staging environment.

Reference

https://learn.liferay.com/w/dxp/site-building/publishing-tools/staging/configuring-remote-live-staging

On this page