====== Installation ======
Voraussetzung ist ein installiertes Linux Basissystem, Java Server VM > 1.8.0 und MariaDB/MySQL.
Die Installation erfolgt im Ordner ''/opt/webserver''. Das Dateilayout sieht folgendermaßen aus:
drwxr-xr-x 4 ec2-user root 4096 Jul 25 16:54 .
drwxr-xr-x 4 root root 4096 Mar 3 14:30 ..
-rw-r--r-- 1 root root 1344 Jul 25 16:38 application.properties
drwxr-xr-x 2 root root 4096 May 4 17:00 backup
-rw----r-- 1 root root 5257 Apr 25 10:34 datareporter.jks
-rw-r--r-- 1 root root 69332573 Jul 1 12:08 datareporter-server-1.0-SNAPSHOT.jar
-rwxr--r-- 1 root root 1451 May 4 16:59 service.sh
-rw----r-- 1 root root 5745 Mar 4 09:09 traunau.jks
drwxr-xr-x 2 root root 4096 Jul 25 08:30 update
-rwxr--r-- 1 root root 321 Jul 25 16:54 webserver.sh
===== application.properties =====
Konfiguration des Systems, einen Beispielkonfiguration (inkl. SSL) wäre:
logging.level.org.springframework.web: ERROR
logging.level.org.thymeleaf: ERROR
logging.level.org.hibernate: ERROR
logging.level.org.reflections: ERROR
multipart.maxFileSize=10Mb
# Productive settings
application.debug=false
server.port: 443
server.ssl.key-store: datareporter.jks
server.ssl.key-store-password: datareporter
server.ssl.keyStoreType: jks
server.ssl.keyAlias: datareporter
server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA
i# absolute URL of own application (without trailing /, including protocol)
application.url=https://dsdev.datareporter.eu
===== datareporter-server-1.0-SNAPSHOT.jar =====
Der aktuelle Build des DataReporter Serversystems
===== service.sh =====
Dient zum Start des .jar files als Service. Prüft auch, ob der Webserver eventuell nicht mehr läuft obwohl er laufen sollte (PID file existiert, aber Prozess läuft nicht). Zum Start wird das Hilfsskript ''webserver.sh'' benötigt.
#!/bin/sh
SERVICE_NAME=Datareporter
PATH_TO_SH=/opt/webserver/webserver.sh
PID_PATH_NAME=/tmp/datareporter-pid
if [ -f $PID_PATH_NAME ]; then
PID=$(cat $PID_PATH_NAME);
if ps -p $PID > /dev/null
then
# runs and pid file there, all ok
echo "Running OK"
else
echo "PID file but no running process, starting.."
rm $PID_PATH_NAME
su root -c $PATH_TO_SH
echo "$SERVICE_NAME started ..."
fi
fi
case $1 in
start)
echo "Starting $SERVICE_NAME ..."
if [ ! -f $PID_PATH_NAME ]; then
su root -c $PATH_TO_SH
echo "$SERVICE_NAME started ..."
else
echo "$SERVICE_NAME is already running ..."
fi
;;
stop)
if [ -f $PID_PATH_NAME ]; then
PID=$(cat $PID_PATH_NAME);
echo "$SERVICE_NAME stoping ..."
kill $PID;
echo "$SERVICE_NAME stopped ..."
rm $PID_PATH_NAME
else
echo "$SERVICE_NAME is not running ..."
fi
;;
check)
if [ -f $PID_PATH_NAME ]; then
PID=$(cat $PID_PATH_NAME);
if ps -p $PID > /dev/null
then
# runs and pid file there, all ok
echo "Check result: running OK"
exit 0
else
echo "Check: PID file but no running process"
exit 1
fi
else
echo "Check: Not running"
exit 1
fi
;;
esac
===== traunau.jks =====
Der Java Keystore für das SSL Zertifikat.
===== webserver.sh =====
Hilfsskript für service.sh:
#!/bin/bash
JAR_NAME=datareporter-server-1.0-SNAPSHOT.jar
PATH_TO_JAR=/opt/webserver
PID_PATH_NAME=/tmp/datareporter-pid
PATH_TO_LOG=/var/log
cd $PATH_TO_JAR
nohup java -Xmx512m -Djdk.tls.ephemeralDHKeySize=2048 -jar $PATH_TO_JAR/$JAR_NAME 2>>$PATH_TO_LOG/ds_server.err >>$PATH_TO_LOG/ds_server.log &
echo $! > $PID_PATH_NAME
====== Installation des Services (initd) ======
Um den Webserver bei Systemstart zu starten, muss folgender symbolische Link in ''/etc/init.d'' gesetzt werden:
lrwxrwxrwx 1 root root 25 Mar 3 14:44 datenschutz -> /opt/webserver/service.sh
Um den Watchdog für den Service laufen zu lassen wird folgende Crontab (als root) benötigt:
* * * * * /opt/webserver/service.sh