Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
| Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung Letzte Überarbeitung Beide Seiten der Revision | ||
|
installation_dateien [2017/03/30 07:45] mike |
installation_dateien [2018/01/09 14:18] mike |
||
|---|---|---|---|
| Zeile 6: | Zeile 6: | ||
| <file> | <file> | ||
| - | drwxr-xr-x 3 ec2-user root 4096 Mar 30 07:55 . | + | drwxr-xr-x 4 ec2-user root 4096 Jul 25 16:54 . |
| - | drwxr-xr-x 4 root root 4096 Mar 3 14:30 .. | + | drwxr-xr-x 4 root root 4096 Mar 3 14:30 .. |
| - | -rw-r--r-- 1 root root 397 Mar 4 09:12 application.properties | + | -rw-r--r-- 1 root root 1344 Jul 25 16:38 application.properties |
| - | drwxr-xr-x 2 root root 4096 Mar 30 09:29 backup | + | drwxr-xr-x 2 root root 4096 May 4 17:00 backup |
| - | -rw-r--r-- 1 ec2-user ec2-user 68093104 Mar 29 15:28 datenschutz-server-1.0-SNAPSHOT.jar | + | -rw----r-- 1 root root 5257 Apr 25 10:34 datareporter.jks |
| - | -rwxr--r-- 1 root root 1021 Mar 10 15:30 service.sh | + | -rw-r--r-- 1 root root 69332573 Jul 1 12:08 datareporter-server-1.0-SNAPSHOT.jar |
| - | -rw------- 1 root root 5745 Mar 4 09:09 traunau.jks | + | -rwxr--r-- 1 root root 1451 May 4 16:59 service.sh |
| - | -rwxr--r-- 1 root root 285 Mar 3 14:35 webserver.sh | + | -rw----r-- 1 root root 5745 Mar 4 09:09 traunau.jks |
| + | drwxr-xr-x 2 root root 4096 Jul 25 08:30 update | ||
| + | -rwxr--r-- 1 root root 321 Jul 25 16:54 webserver.sh | ||
| </file> | </file> | ||
| - | |||
| ===== application.properties ===== | ===== application.properties ===== | ||
| Konfiguration des Systems, einen Beispielkonfiguration (inkl. SSL) wäre: | Konfiguration des Systems, einen Beispielkonfiguration (inkl. SSL) wäre: | ||
| <file> | <file> | ||
| + | |||
| logging.level.org.springframework.web: ERROR | logging.level.org.springframework.web: ERROR | ||
| logging.level.org.thymeleaf: ERROR | logging.level.org.thymeleaf: ERROR | ||
| Zeile 32: | Zeile 34: | ||
| server.port: 443 | server.port: 443 | ||
| - | server.ssl.key-store: traunau.jks | + | server.ssl.key-store: datareporter.jks |
| - | server.ssl.key-store-password: ***** | + | server.ssl.key-store-password: datareporter |
| server.ssl.keyStoreType: jks | server.ssl.keyStoreType: jks | ||
| - | server.ssl.keyAlias: traunau | + | server.ssl.keyAlias: datareporter |
| + | server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA | ||
| + | |||
| + | |||
| + | i# absolute URL of own application (without trailing /, including protocol) | ||
| + | application.url=https://dsdev.datareporter.eu | ||
| </file> | </file> | ||
| - | ===== datenschutz-server-1.0-SNAPSHOT.jar ===== | + | ===== datareporter-server-1.0-SNAPSHOT.jar ===== |
| - | Der aktuelle Build des Datenschutz Serversystems | + | Der aktuelle Build des DataReporter Serversystems |
| ===== service.sh ===== | ===== service.sh ===== | ||
| Zeile 46: | Zeile 54: | ||
| <code> | <code> | ||
| #!/bin/sh | #!/bin/sh | ||
| - | SERVICE_NAME=Datenschutz | + | SERVICE_NAME=Datareporter |
| PATH_TO_SH=/opt/webserver/webserver.sh | PATH_TO_SH=/opt/webserver/webserver.sh | ||
| - | PID_PATH_NAME=/tmp/datenschutz-pid | + | PID_PATH_NAME=/tmp/datareporter-pid |
| Zeile 87: | Zeile 95: | ||
| else | else | ||
| echo "$SERVICE_NAME is not running ..." | echo "$SERVICE_NAME is not running ..." | ||
| + | fi | ||
| + | ;; | ||
| + | check) | ||
| + | if [ -f $PID_PATH_NAME ]; then | ||
| + | PID=$(cat $PID_PATH_NAME); | ||
| + | if ps -p $PID > /dev/null | ||
| + | then | ||
| + | # runs and pid file there, all ok | ||
| + | echo "Check result: running OK" | ||
| + | exit 0 | ||
| + | else | ||
| + | echo "Check: PID file but no running process" | ||
| + | exit 1 | ||
| + | fi | ||
| + | else | ||
| + | echo "Check: Not running" | ||
| + | exit 1 | ||
| fi | fi | ||
| ;; | ;; | ||
| esac | esac | ||
| - | </code> | ||
| + | </code> | ||
| ===== traunau.jks ===== | ===== traunau.jks ===== | ||
| Der Java Keystore für das SSL Zertifikat. | Der Java Keystore für das SSL Zertifikat. | ||
| Zeile 100: | Zeile 125: | ||
| #!/bin/bash | #!/bin/bash | ||
| - | JAR_NAME=datenschutz-server-1.0-SNAPSHOT.jar | + | JAR_NAME=datareporter-server-1.0-SNAPSHOT.jar |
| PATH_TO_JAR=/opt/webserver | PATH_TO_JAR=/opt/webserver | ||
| - | PID_PATH_NAME=/tmp/datenschutz-pid | + | PID_PATH_NAME=/tmp/datareporter-pid |
| PATH_TO_LOG=/var/log | PATH_TO_LOG=/var/log | ||
| cd $PATH_TO_JAR | cd $PATH_TO_JAR | ||
| - | nohup java -jar $PATH_TO_JAR/$JAR_NAME 2>>$PATH_TO_LOG/ds_server.err >>$PATH_TO_LOG/ds_server.log & | + | nohup java -Xmx512m -Djdk.tls.ephemeralDHKeySize=2048 -jar $PATH_TO_JAR/$JAR_NAME 2>>$PATH_TO_LOG/ds_server.err >>$PATH_TO_LOG/ds_server.log & |
| echo $! > $PID_PATH_NAME | echo $! > $PID_PATH_NAME | ||
| + | </code> | ||
| + | ====== Installation des Services (initd) ====== | ||
| + | Um den Webserver bei Systemstart zu starten, muss folgender symbolische Link in ''/etc/init.d'' gesetzt werden: | ||
| + | <code> | ||
| + | lrwxrwxrwx 1 root root 25 Mar 3 14:44 datenschutz -> /opt/webserver/service.sh | ||
| </code> | </code> | ||
| + | Um den Watchdog für den Service laufen zu lassen wird folgende Crontab (als root) benötigt: | ||
| + | <code> | ||
| + | * * * * * /opt/webserver/service.sh | ||
| + | </code> | ||
| + | |||
| + | ====== Installation des Services (systemd) ====== | ||
| + | Um den Webserver zu starten muss folgendes Script erstellt werden (in /opt/webserver): | ||
| + | |||
| + | ===== sysctl.sh ===== | ||
| + | <code> | ||
| + | #!/bin/bash | ||
| + | |||
| + | JAR_NAME=datareporter-server-1.0-SNAPSHOT.jar | ||
| + | PATH_TO_JAR=/opt/webserver | ||
| + | PATH_TO_LOG=/var/log | ||
| + | |||
| + | cd $PATH_TO_JAR | ||
| + | java -Xmx512m -Djdk.tls.ephemeralDHKeySize=2048 -jar $PATH_TO_JAR/$JAR_NAME 2>>$PATH_TO_LOG/ds_server.err >>$PATH_TO_LOG/ds_server.log | ||
| + | </code> | ||
| + | |||
| + | Um den Service zu installieren wird in /etc/systemd/system folgende Datei angelegt: | ||
| + | |||
| + | ===== datareporter.service ===== | ||
| + | <code> | ||
| + | [Unit] | ||
| + | Description=datareporter | ||
| + | After=syslog.target | ||
| + | |||
| + | [Service] | ||
| + | User=root | ||
| + | ExecStart=/opt/webserver/sysctl.sh | ||
| + | SuccessExitStatus=143 | ||
| + | |||
| + | [Install] | ||
| + | WantedBy=multi-user.target | ||
| + | </code> | ||
| + | |||
| + | Der Service kann nun folgendermassen gestartet und gestoppt werden: | ||
| + | |||
| + | <code> | ||
| + | # systemctl start datareporter | ||
| + | # systemctl stop datareporter | ||
| + | </code> | ||
| + | |||
| + | Installiert wird der Service mit: | ||
| + | |||
| + | <code> | ||
| + | # systemctl enable datareporter | ||
| + | </code> | ||
