I've updated the software running this blog to a new version of TightBlog, running on a standalone Tomcat on Ubuntu running on Linode. It's still a SNAPSHOT version with some things to fix. Below are my installation notes. Note many of these instructions hold for deploying any WAR-file in such an environment, so what I've written below may be useful for other apps.
Linode preparation:
glenmazza.net
and then configured it for my linode following these instructions.Tomcat preparation:
I installed OpenJDK 17 and then manually Tomcat on my image, using a non-root account. Another option, which I had problems getting to work before switching to the above (probably due to since-learned firewall configuration omissions on my part), is using sudo apt-get install, which if you use requires some extra configuration for it to work with JDK 17.
Either Tomcat install method above should result in sudo systemctl [start|stop|restart] tomcat
(or ...tomcat9
) command-line instructions being available for starting and stopping Tomcat. After starting Tomcat, confirm you can access Tomcat's port 8080 from a browser using your linode's IP address.
sudo systemctl stop tomcat For housekeeping on key updates, may wish to delete logs at /opt/tomcat/latest/logs sudo -H certbot certonly --standalone -d glenmazza.net -d www.glenmazza.net (see "Successfully received certificate" feedback indicating Certbot worked.) sudo -s cd /etc/letsencrypt/live/glenmazza.net* sudo cp {cert,chain,privkey}.pem /opt/tomcat/latest/conf chown tomcat:tomcat /opt/tomcat/latest/conf/*.pem sudo systemctl start tomcat ...confirm website accessible again at https://..., if not working ensure tomcat dirs all owned by tomcat user & restart cd /etc/letsencrypt/live sudo rm -r glenmazza.net*
<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="443" /> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true"> <SSLHostConfig> <Certificate certificateFile="conf/cert.pem" certificateKeyFile="conf/privkey.pem" certificateChainFile="conf/chain.pem"/> </SSLHostConfig> </Connector>
/etc/default/tomcat8
file to activate it and then run a script similar to the following (replace "tomcat8" with the non-root user that is running Tomcat on your linode):
sudo touch /etc/authbind/byport/80 sudo chmod 500 /etc/authbind/byport/80 sudo chown tomcat8 /etc/authbind/byport/80 sudo touch /etc/authbind/byport/443 sudo chmod 500 /etc/authbind/byport/443 sudo chown tomcat8 /etc/authbind/byport/443
Because the Ubuntu Linode I was using was running the UFW firewall by default, I needed further commands to be able to expose 80 and 443 to external browsers:
sudo ufw allow 80/tcp sudo ufw allow 443/tcp
Use sudo ufw status
to confirm the ports are available, for IPv4 you should see:
Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere 3306 ALLOW Anywhere 8080/tcp ALLOW Anywhere 80/tcp ALLOW Anywhere 443/tcp ALLOW Anywhere
MySQL preparation:
TightBlog deployment:
https://yourdomain.com/
instead of https://yourdomain.com/tightblog
). The WAR file will need to be placed in the Tomcat webapps folder as usual.application-tbcustom.properties
file (sample). Create or download these as appropriate./home/gmazza/tbfiles/mediafiles
. Note for Tomcat to be able to read and write from these folders, the leaf folder (here, mediafiles
should have the ownership of the user account running Tomcat (e.g. tomcat:tomcat
), and that user must have execute permissions for every parent folder.scp ROOT.war myaccount@glenmazza.net:~/tbfiles
. However, I prefer "sftp glenmazza.net", navigating to desired folders, and using "put" or "get" to upload or download respectively.https://yourdomain.com[/tightblog]
.
Troubleshooting: if accessing https://yourdomain.com[/tightblog] from a browser returns 404's while you can still ping the domain, check to see if you can access that URL from a terminal window that is SSH'ed into your Linode using the command-line Lynx browser. If you can, that would mean Tomcat is running properly but there is most likely a problem with the authbind or iptable rerouting preventing external access. If you can't, Tomcat configuration should be looked at first.
Export to a file: sudo mysqldump tightblogdb > db_backup_YYYYMMDD.sql Import into the database to restore it: mysql -u root tightblogdb < db_backup_YYYYMMDD.sql
Best to save the backup copy outside of the linode (e.g., on your local machine) and create a regular backup routine.
Posted by Glen Mazza in Programming at 07:00AM Dec 08, 2023 | Comments[2]