Server4You: Difference between revisions

General Data[edit]

• http://euve33303.vserver.de
• Ubuntu 12.04.5 LTS (see file /etc/issue)
• root Halloo0@1
• architecture 64bit

lscpu | grep Architecture
Architecture:          x86_64

• connect with Ubuntu

ssh root@euve33303.vserver.de
Nautilus->File->Connect to Server->SSH 

• connect with Windows

WinSCP

Operation[edit]

• Login with C:\Uwes\Programme\WinSCP\WinSCP.exe or

ssh root@euve33303.vserver.de

• Reboot with

reboot

Installation[edit]

• apt-get install proftpd (but not used yet)

Monitor UweHeuer Website[edit]

• batch script CheckWebsites.bat in /myprogs/
• start script by

cd /myprogs
./CheckWebsites.bat & // return PID
disown -h PID // write down PID in UweHeuer Web-Application Notes

Dovecot[edit]

Dovecot was presumably pre-installed. Dovecot is an open-source IMAP and POP3 server for Linux/UNIX-like systems, written primarily with security in mind. Timo Sirainen originated Dovecot and first released it in July 2002. Dovecot developers primarily aim to produce a lightweight, fast and easy-to-set-up open-source mailserver.

Log-files are stored in /etc/mail.log and /etc/mail.err.

doveconf -n // show configuration
service dovecot restart

Because of error messages in mail.err changes added to 10-ssl.conf and saved the original version to 10-ssl.conf.mybackup.

Java[edit]

Original[edit]

• java /usr/lib/jvm/jdk1.7.0
• JAVA_HOME variable set to /usr/lib/jvm/jdk1.7.0 in /etc/environment
• apt-get install unzip

Upgrade to Java 8[edit]

• following advice from here:

sudo apt-get install python-software-properties
sudo add-apt-repository ppa:webupd8team/java
sudo apt-get update
sudo apt-get install oracle-java8-installer
java -version // delivers java version "1.8.0_45"

JBoss[edit]

Upgrade to JBoss 6.4[edit]

• copy locally de-zipped file to /usr/local/share/jboss/jboss-eap-6.4/
• rename old installation directory to /usr/local/share/jboss/jboss-eap-6.1_obsolete/
• adjust /etc/init.d/jbossas7 to new path
• do ajp configuration, mysql deployment, data source configuration, DB validation like below
• log in /usr/local/share/jboss/jboss-eap-6.4/standalone/log/

JBoss 6.1[edit]

• JBoss by copying local Zip-file of EAP 6.1 to server to /usr/local/share/jboss/jboss-eap-6.1/bin and install according chapter 3.2.2 in https://access.redhat.com/site/documentation/en-US/JBoss_Enterprise_Application_Platform/6.1/pdf/Installation_Guide/JBoss_Enterprise_Application_Platform-6.1-Installation_Guide-en-US.pdf
• add administration user by /usr/local/share/jboss/jboss-eap-6.1/bin/add-user.sh with user UweHeuer and password Halloo0@1 according https://www.digitalocean.com/community/articles/how-to-install-jboss-on-ubuntu-12-10-64bit, server can be started and stopped by

./standalone.sh -Djboss.bind.address=80.86.91.46 -Djboss.bind.address.management=80.86.91.46 &
./jboss-cli.sh --connect --controller=80.86.91.46:9999 command=:shutdown

• add ajp to connect to http proxy for uweheuer and jboss console to /usr/local/share/jboss/jboss-eap-6.4/standalone/configuration/standalone.xml

<connector name="ajp" protocol="AJP/1.3" socket-binding="ajp" enabled="true"/>

• create MyUbuntuService.sh in HP Laptop JBoss bin directory as Unix file, copy to /usr/local/share/jboss/jboss-eap-6.1/bin and copy it to /etc/init.d/jbossas7 and

update-rc.d jbossas7 defaults

• copy mysql-connector-java-5.1.27-bin.jar to <JBOSS_HOME>\standalone\deployments or using deployment via Web console and enable it (e.g. on HomePC New)
• use Web console -> Profile (not Runtime) and add datasource MySQLDS with JNDI name java:jboss/datasources/MySQLDS and UwesWikiDS with JNDI name java:jboss/datasources/UwesWikiDS, select the MySQL Driver above, enter connection info user 'root' and pwd 'Halloo0@1' => configuration is saved in standalone configuration file <JBOSS_HOME>\standalone\configuration\standalone.xml
• in order to avoid connection loss to MySQL DB validation enabled for MySQLDS by setting (configuration is stored in standalone.xml):

Valid Connection Checker = org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker
background validation = true
time intervall = 360000
SQL statement = SELECT 1

• chmod +x /etc/rc.d/init.d/jbossas7

PHPMyAdmin[edit]

• set password for mysql user root@localhost according to http://www.unixmen.com/howto-install-amp-and-phpmyadmin-on-ubuntu/

SET PASSWORD FOR 'root@localhost' = PASSWORD('Halloo0@1');

• install phpmyadmin according http://www.unixmen.com/howto-install-amp-and-phpmyadmin-on-ubuntu/

Postfix[edit]

Postfix was pre-installed but mails from the command line were rejected e.g. by Google because of invalid sender adress. Therefore the following actions were taken in line with HomePCNew configuration:

postconf -e 'sender_canonical_maps = hash:/etc/postfix/sender_canonical'
// upload corresponding file with map of user 'root' to 'root@euve33303.vserver.de'
cd /etc/postfix
postmap sender_canonical
postfix reload

Apache[edit]

• sudo a2enmod proxy_ajp (creates /etc/apache2/mods-enabled/proxy.conf und proxy_ajp.conf)
• edit proxy.conf (Deny from all to Allow from all)
• add proxy configuration to JBoss for uweheuer application also in /etc/apache2/sites-enabled/default-ssl (decommented in 000-default, because of redirect to https)
• add to /etc/apache2/sites-enabled/000-default for redirect to https

Redirect permanent /uweheuer https://www.uweheuer.de/uweheuer

• restart apache with

sudo /etc/init.d/apache2 restart

SSL Configuration with LetsEncrypt[edit]

• Installation according to https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-14-04
• all config files from /etc/apache2/sites-enabled/ saved to /backup
• lets encrypt installed to /opt/letsencrypt/
• letsencrypt presumably change /etc/apache2/sites-enabled/000-default.BeforeLetsEncrypt-le-ssl.conf with

SSLCertificateFile /etc/letsencrypt/live/www.uweheuer.de/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.uweheuer.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateChainFile /etc/letsencrypt/live/www.uweheuer.de/chain.pem

• cron job implemented to check and the expiration date of the cerfiticate because it is only valid 90 days and to update it if neccessary. Manual update can be done by:

ssh root@euve33303.vserver.de
/opt/letsencrypt# ./certbot-auto renew

• test of the certificate can be done by https://www.ssllabs.com/ssltest/analyze.html?d=www.uweheuer.de&latest
• update certificate on laptop to synchronize uweheuer application data here

Configuration[edit]

• /etc/apache2/apache2.conf
• /etc/apache2/http.conf
• /etc/apache2/sites-enabled/*

MySQL[edit]

• change /etc/mysql/my.conf bind-address to 0.0.0.0 to make mysql listen on all available IPs to enable remote access
• add user 'root' with host '%' and password 'Halloo0@1' to enable remote access
• /etc/init.d/mysql restart

UweHeuer[edit]

• edit /etc/mediawiki/apache.conf
• restart apache with sudo /etc/init.d/apache2 restart
• set in /etc/php5/apache2/php.ini and restart apache

safe_mode = Off

• copy content of mediawiki-1.25.1.tar.gz to /var/lib/mediawiki
• installation via first call http://localhost/mediawiki
  • Admin username: WikiSysop halloo
  • Database name: mediawiki
  • DB user: root
  • DB password: Halloo0@1
• all settings are stored in \var\lib\mediawiki\LocalSettings.php
• copy from Laptop to New Home PC via CopyUwesWikiToVServer.bat
• prevent not logged-in users from reading by adding to LocalSettings.php

$wgGroupPermissions['*']['read']    = false;
$wgGroupPermissions['*']['createaccount'] = false;

• data files in /usr/local/share/jboss/jboss-eap-6.4/standalone/data/uweheuer
  • abc.tmp
  • Configuration.properties
• * copy C:\Uwes\Batches\DisAndEnableUweHeuerVServer.bat to /myprogs which is called from the management service