Cloud server fun

Here are some field notes on setting up a couple of cloud servers with the wonderful Digital Ocean for the purposes of running a small web application.

I’m using their 64 bit Ubuntu 14.04. You attach to this using putty.

On first login to the server I changed the password for root using the passwd command.

To install mysql, I ran

  • sudo apt-get update   to ensure the latest packages were available
  • sudo apt-get install mysql-server   to install mysql server

I was following the notes here which led me to look in /etc/mysql/my.cnf

For some security I changed the port and then changed the bind-address to the public IP of the server doing a sudo service mysql restart to make those take effect.

  • You can test that the port’s open using this portscanner – not a bad idea 

To connect to this DB from the command line, I used the mysql command:

  • mysql –user=root –password==mypassword
  • create database test;   to make me a test db
  • use test;     to go into the test db
  • create table currency ( code_iso varchar(2));  give myself a test table
  • insert into currency (code_iso) values (‘GB’);  insert a value
  • select * from currency;   test that this works

We need to enable this server to serve requests from another box – this is done from the mysql command line

  • GRANT ALL PRIVILEGES ON *.* TO ‘someuser’@’%’ IDENTIFIED BY ‘somepassword’ WITH GRANT OPTION;

Next step was to build the app server and be sure that this would connect to the db server.

App server was Ubuntu 14.04 and I installed mysql client:

  • Changed root password first
  • Updated apt-get
  • sudo apt-get mysql-client
  • To access the database across the network – mysql -h1.2.3.4 -user==someuser -password==somepassword if everything’s right, this lets you in and you can then use the same query as above to test that the db is working

Next it’s time to install apache

  • sudo apt-get install apache2
  • Then test with a port scan, or just your browser – the “it works” page comes up unless you’ve done something silly

Then it’s time to install tomcat

  • sudo apt-get install tomcat7
  • This can also be tested with a browser – just point the browser at port 8080

Now we need tomcat not to serve port 8080 to the internet. Comment out the <connector port=”8080″ segment in server.xml and restart the server

  • server.xml is in /etc/tomcat7
  • The connector needs commenting – beware you have to add comment out at start and end of it, don’t allow it to run into the next commented out bit
  • The AJP connector needs uncommenting
  • Save server.xml and then restart tomcat – sudo service tomcat7 restart
  • The port scan should reveal that 8080 is closed

Finally we need to configure apache to forward to our application via ajp/jkmount etc

Instructions here say that we should

  • sudo apt-get install libapache2-mod-jk     – get the jkmount module
  • Add the line JkMountCopy   On   under DocumentRoot  /var/www   in /etc/apache2/sites-available/000-default.conf
  • Edit /etc/libapache2-mod-jk/workers.properties and set the tomcat home and jvm home
  • workers.tomcat_home=/usr/share/tomcat7
  • java home – /usr/lib/jvm/default-java
  • Edit /etc/apache2/mods-enabled/jk.conf adding
  • JkMount /YouApplicationName/* ajp13_worker
  • JkMount /YouApplicationName ajp13_worker

Restart apache and test the ip address /YouApplicationName via the browser. The YouApplicationName should really be set to the name of the war application you’re deploying.

To have a chance of transferring files in and out of these servers, they need an ftp set up. The instructions here are pretty good. Field notes from me:

  • sudo useradd –home /home/ftp –gid nogroup -m –shell /bin/false ftp – create a non-logging in user called ftp
  • sudo passwd ftp  to set the password for the user
  • sudo chown -R ftp:root /home/ftp  set the ftp user’s root to the new ftp dir
  • sudo chmod +rw /home/ftp ensure the user can access the ftp dir
  • sudo apt-get install vsftpd  – install vsftpd
  • edit the file /etc/vsftpd.conf – change the following settings from their default:
  • write-enable – uncomment it
  • local-umask – uncomment to allow it to be 022
  • chroot_local_user – uncomment
  • #chroot_list_enable – leave this commented
  • pam_service_name=ftp – ensure this is done
  • check_shell=NO  –  add
  • allow_writeable_chroot=YES  – add
  • seccomp_sandbox=NO  – add
  • sudo service vsftpd restart –  restart the ftpd

Test the ftp service by attempting to connect to it with your ftp user.

To deploy the war files go to /var/lib/tomcat7/webapps and stick the war file in there – it will be expanded on server startup. sudo service tomcat7 restart  is your friend.

And that’s all. In this there’s been the configuration of:

  • Apache http – a reverse proxy using Ajp to connect to…
  • Tomcat7 – an application server which is using a database of…
  • MySql5 – opened up on a separate server, with…
  • FTP for getting files on and off the servers

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s