Tag Archives: Best Practices

Content Management, Liferay

Content Management System feature best practices in Liferay – Part 1

Leave a comment

Here are some best practices for content management system feature usage in Liferay – Part 1.

  • Separate the technical work of portlet creation, hooks, APIs, integration, themes, master templates and so on from content publishing work.
  • Once technical work is done, setup publications feature on your production environment and publish using it. Refer: Publications – Liferay Learn
  • Your workflow for publications should have content creators, reviewers, editors & publishers as bare minimum roles or you can adjust it as per your needs.
  • Preferably, keep Production, Pre-production (Copy of production after scrubbing any PII in terms of CMS / content and technical components both), UAT which is technical replica not CMS content replica, integration and dev environments.
  • Think of the content creation process this way: You don’t write a blog on one site and export from it and then import onto a new site which is your main blog, you write the draft on your own main site and put it through a workflow as required. Same applies to all largest publishers in the world, they don’t ask us to submit our journal papers, articles, conference proceedings, etc. to their UAT or pre-prod, we put content on their production systems and it goes through a workflow with right approvals, reviews and security permissions. Same applies to Wikipedia, we have a TALK/EDIT page for each of their topics right on the production system.
  • Flow of content: CREATE/REVIEW/PUBLISH on production using publications. Then copy content after scrubbing onto pre-prod only for load testing and other needs. UAT, Integration and Dev are technical systems where development happens.
  • Flow of environments for tech team: Copy of content after scrubbing PII (Personally Identifiable Information) onto Pre-Production, Technical components same as production on UAT but not content and then development servers with bleeding edge technical work.
  • Many get confused and mix the content publishing and technical work by exporting / importing content between system environments. We need technical component similarity between all environments not content. Content has to be same across only prod and pre-prod after necessary scrubbing of PII.
  • These practices will help you to smoothen & separate your technical and content management work properly.
  • Refer: Content Creation is Not a Development Activity! – Liferay
  • Email me: Neil@HarwaniSytems.in
  • Website: www.HarwaniSystems.in
  • Blog: www.TechAndTrain.com/blog
  • LinkedIn: Neil Harwani | LinkedIn
Liferay

Liferay best practices – Part 2

Leave a comment

Following up with Part 1 of the series here: Liferay best practices – Part 1 | LinkedIn – Here is part 2 of Liferay best practices:

  • Look out for settings of ORA-1795 error and it’s required settings from Liferay Help Center articles if you are using Oracle
  • If you have heavy usage of web articles, assets, documents and so on, consider switching off view / increment count via portal-ext.properties and user interface of control panel – it will prevent DB locks
  • Consider JVM tuning for meta space, heap, young generation, type of garbage collection and so on regularly based on usage
  • Review caching at fragment level, EHCache, do query analysis and GC analysis regularly
  • Use CDN (Content delivery network) and web server caching for static assets – don’t cache cookies
  • Use a good, standard WAF (Web application firewall) for public websites
  • Review your cluster settings in JAVA_OPTS, tcp.xml and portal-ext.properties – Also, check adding / editing content on one node and checking on another – whether it reflects there or not for cluster health
  • Use a monitoring tool (APM). If you use Glowroot, then install it in Central pattern
  • Review your Elastic Search cluster in terms of heap, embedded JVM and performance tuning regularly
  • Check the stale entries for ElasticSearch in background jobs table
  • Regularly check your blocked / waiting / timed_waiting threads at peak load
  • Take heap dumps to analyze the heap regularly at peak load
  • Review Liferay deployment, compatibility, security and other checklists / matrix
  • Vertically & horizontally scale, performance tune, change heap/GC and so on based on regular analysis of heap/thread dumps and load tests
  • Check errors & warnings in logs regularly
  • Set up filestore in advanced format right from the start
  • If you are migrating from another technology or product, setup a migration checklist
  • Routinely fine tune your tracing in logs from custom code and SERVER ADMINISTRATION section in control panel
  • Fine tune your app server threads
  • Setup error pages and redirects as needed
  • Block rogue IPs via web server or servlet filters
  • Map to security patches and quarterly releases
  • Enable email based password reset and / or TFA / MFA
  • Map SSO / LDAP / SAML based authentication as needed
  • Check your control panel password is complex enough or not?
  • Size your hardware and check your NAS/SAN/iNode limits in load test
  • Check your Hikari pool / DB settings / connection pool timeout / server side timeout and fine tune it
  • Check large web content / large documents and test them in terms of download / views and more
  • Set up a backup / DevOps / DevSecOps strategy
  • Set up automated heap dump and automated thread dumps
  • Change JDK certificate store password from default
  • ElasticSearch, DB should not be in side car pattern
  • Use Expando, dynamic query and service builder for database and not direct JDBC calls
  • Ownership and start / stop of app server, file store folders should be via the app server user not root
  • There are various blogs on Liferay about to debug liferay, how to debug cluster, new features, Glowroot, performance tuning – kindly search and refer them
  • Setup code quality scans via SONAR and similar
  • Maintain a Non-Functional Requirements checklist
  • Keep operational hygiene of DevOps, Automation, Delivery, Management, ITIL, Agile, Scrum, Secrets, Patterns, Architecture, Design, Debugging, Quality, Procedures, Documentation, Training, Knowledge Transfer, Access Control, Data & Process Governance, Monitoring, Reporting, Communication, Project and Product Management, Tools used, Ownership, Accountability, Collaboration, Security and more
  • Analyze your future needs of traffic, usage, infra, load and so on regularly
  • When you do a load test: refer average response time, response time, throughput, transactions per second/minute, cores, memory, heap, CPU, concurrent users, JMeter script, usage of pages, types of transactions and so on for a comprehensive answer instead of just concurrent users
  • Refer official sources like: Liferay Dev forums & blogs, Liferay learn, Liferay YouTube, Liferay GitHub, Liferay Help Center – it has type ahead, Liferay Support ticketing system, Liferay Customer portal, Liferay.com for all your problems first
  • Here are two GPTs that can assist you in your work with Liferay – please report it’s fine tuning / hallucinations to me at email below for me to fine tune them: https://lnkd.in/d2G8mPsA – Liferay Helper which works on open internet https://lnkd.in/dqVzNwCj – Liferay Guide which works on only official sources

Email me: Neil@HarwaniSystems.in