Steps I followed to deploy TightBlog on Linode:
Linode preparation:
Tomcat preparation:
sudo systemctl [start|stop|restart] tomcat8
command-line commands being available for starting and stopping Tomcat. After starting Tomcat, confirm you can access Tomcat's port 8080 from a browser using your linode's domain name or IP address.export CATALINA_HOME=/usr/share/tomcat8 export CATALINA_BASE=/var/lib/tomcat8
sudo systemctl stop tomcat8 For housekeeping on key updates, may wish to delete logs at /var/log/tomcat8 cd /opt/letsencrypt sudo -H ./letsencrypt-auto certonly --standalone -d glenmazza.net -d www.glenmazza.net (see "Congratulations!" feedback indicating Let's Encrypt worked. Any problem running? Try this) cd /etc/letsencrypt/live/glenmazza.net* sudo openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out cert_and_key.p12 -name tomcat -CAfile chain.pem -caname root -- The above command will prompt you for a password for the temporary cert_and_key.p12 file. -- Choose what you wish but remember for the next command ("abc" in the command below.) -- The next command has placeholders for the Java key and keystore password (both necessary). Choose what you wish but as I understand -- Tomcat expects the two to be the same (can see previous password via sudo more /var/lib/tomcat8/conf/server.xml) sudo keytool -importkeystore -destkeystore MyDSKeyStore.jks -srckeystore cert_and_key.p12 -srcstorepass abc -srcstoretype PKCS12 -alias tomcat -deststorepass <changeit> -destkeypass <changeit> sudo cp MyDSKeyStore.jks /var/lib/tomcat8 sudo systemctl start tomcat8 ...confirm website accessible again at https://..., if not working ensure tomcat dirs all owned by tomcat user & restart cd /etc/letsencrypt/live sudo rm -r glenmazza.net*
The Java keystore password you chose above will need to be placed in the tomcat/conf/server.xml file as shown in the next step.
Note: Ivan Tichy has a blog post on how to automate requesting new certificates from LE every three months and updating Tomcat's keystore with them.)
<Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" URIEncoding="UTF-8" redirectPort="443" /> <Connector port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="MyTomcatKeystore.jks" keystorePass="?????"/>
The keystore file referenced above would need to be placed in Tomcat's root directory, if you use another location be sure to update the keystoreFile value to include the path to the file.
/etc/default/tomcat8
file to activate it and then run a script similar to the following (replace "tomcat8" with the non-root user that is running Tomcat on your linode):
sudo touch /etc/authbind/byport/80 sudo chmod 500 /etc/authbind/byport/80 sudo chown tomcat8 /etc/authbind/byport/80 sudo touch /etc/authbind/byport/443 sudo chmod 500 /etc/authbind/byport/443 sudo chown tomcat8 /etc/authbind/byport/443
An alternative option is to have Tomcat continue to use its default (and non-privileged) 8080 and 8443 ports in its server.xml but use iptable rerouting to redirect those ports to 80 and 443. If you go this route, no authbind configuration is necessary.
/usr/share/doc/tomcat8-common/README.Debian
for more information, including running with a Java security manager if desired.MySQL preparation:
TightBlog deployment:
https://yourdomain.com/
instead of https://yourdomain.com/tightblog
). The WAR file will need to be placed in the Tomcat webapps folder as usual.tightblog-custom.properties
file. Create or download these as appropriate.scp ROOT.war myaccount@glenmazza.net:~/tbfiles
. However, I prefer "sftp glenmazza.net", navigating to desired folders, and using "put" or "get" to upload or download respectively.https://yourdomain.com[/tightblog]
.
Troubleshooting: if accessing https://yourdomain.com[/tightblog] from a browser returns 404's while you can still ping the domain, check to see if you can access that URL from a terminal window that is SSH'ed into your Linode using the command-line Lynx browser. If you can, that would mean Tomcat is running properly but there is most likely a problem with the authbind or iptable rerouting preventing external access. If you can't, Tomcat configuration should be looked at first.
Export to a file: mysqldump -u root -p tightblogdb > db_backup_YYYYMMDD.sql Import into the database to restore it: mysql -u root tightblogdb < db_backup_YYYYMMDD.sql
Best to save the backup copy outside of the linode (e.g., on your local machine) and create a regular backup routine.
Posted by Glen Mazza in Programming at 07:00AM Aug 20, 2017 | Comments[2]
Glad to see your personal domain name. Good decision to migrate from OpenShift to Linode.
Posted by Anant Jaynarayana at 08:14AM Nov 13, 2017
I follow Roller and I will follow Tightblog too. Lot of good changes and documentation about all changes you did. 1
Posted by Nitin Lokhande at 06:07PM Nov 02, 2019