Blogs

Following up with Part 1 of the series here: Liferay best practices – Part 1 | LinkedIn – Here is part 2 of Liferay best practices:

• Look out for settings of ORA-1795 error and it’s required settings from Liferay Help Center articles if you are using Oracle
• If you have heavy usage of web articles, assets, documents and so on, consider switching off view / increment count via portal-ext.properties and user interface of control panel – it will prevent DB locks
• Consider JVM tuning for meta space, heap, young generation, type of garbage collection and so on regularly based on usage
• Review caching at fragment level, EHCache, do query analysis and GC analysis regularly
• Use CDN (Content delivery network) and web server caching for static assets – don’t cache cookies
• Use a good, standard WAF (Web application firewall) for public websites
• Review your cluster settings in JAVA_OPTS, tcp.xml and portal-ext.properties – Also, check adding / editing content on one node and checking on another – whether it reflects there or not for cluster health
• Use a monitoring tool (APM). If you use Glowroot, then install it in Central pattern
• Review your Elastic Search cluster in terms of heap, embedded JVM and performance tuning regularly
• Check the stale entries for ElasticSearch in background jobs table
• Regularly check your blocked / waiting / timed_waiting threads at peak load
• Take heap dumps to analyze the heap regularly at peak load
• Review Liferay deployment, compatibility, security and other checklists / matrix
• Vertically & horizontally scale, performance tune, change heap/GC and so on based on regular analysis of heap/thread dumps and load tests
• Check errors & warnings in logs regularly
• Set up filestore in advanced format right from the start
• If you are migrating from another technology or product, setup a migration checklist
• Routinely fine tune your tracing in logs from custom code and SERVER ADMINISTRATION section in control panel
• Fine tune your app server threads
• Setup error pages and redirects as needed
• Block rogue IPs via web server or servlet filters
• Map to security patches and quarterly releases
• Enable email based password reset and / or TFA / MFA
• Map SSO / LDAP / SAML based authentication as needed
• Check your control panel password is complex enough or not?
• Size your hardware and check your NAS/SAN/iNode limits in load test
• Check your Hikari pool / DB settings / connection pool timeout / server side timeout and fine tune it
• Check large web content / large documents and test them in terms of download / views and more
• Set up a backup / DevOps / DevSecOps strategy
• Set up automated heap dump and automated thread dumps
• Change JDK certificate store password from default
• ElasticSearch, DB should not be in side car pattern
• Use Expando, dynamic query and service builder for database and not direct JDBC calls
• Ownership and start / stop of app server, file store folders should be via the app server user not root
• There are various blogs on Liferay about to debug liferay, how to debug cluster, new features, Glowroot, performance tuning – kindly search and refer them
• Setup code quality scans via SONAR and similar
• Maintain a Non-Functional Requirements checklist
• Keep operational hygiene of DevOps, Automation, Delivery, Management, ITIL, Agile, Scrum, Secrets, Patterns, Architecture, Design, Debugging, Quality, Procedures, Documentation, Training, Knowledge Transfer, Access Control, Data & Process Governance, Monitoring, Reporting, Communication, Project and Product Management, Tools used, Ownership, Accountability, Collaboration, Security and more
• Analyze your future needs of traffic, usage, infra, load and so on regularly
• When you do a load test: refer average response time, response time, throughput, transactions per second/minute, cores, memory, heap, CPU, concurrent users, JMeter script, usage of pages, types of transactions and so on for a comprehensive answer instead of just concurrent users
• Refer official sources like: Liferay Dev forums & blogs, Liferay learn, Liferay YouTube, Liferay GitHub, Liferay Help Center – it has type ahead, Liferay Support ticketing system, Liferay Customer portal, Liferay.com for all your problems first