Unterschiede
Hier werden die Unterschiede zwischen zwei Versionen gezeigt.
Beide Seiten der vorigen Revision Vorhergehende Überarbeitung Nächste Überarbeitung | Vorhergehende Überarbeitung | ||
installation_dateien [2017/03/30 07:40] mike |
installation_dateien [2018/03/14 09:17] (aktuell) mike |
||
---|---|---|---|
Zeile 6: | Zeile 6: | ||
<file> | <file> | ||
- | drwxr-xr-x 3 ec2-user root 4096 Mar 30 07:55 . | + | drwxr-xr-x 4 ec2-user root 4096 Jul 25 16:54 . |
- | drwxr-xr-x 4 root root 4096 Mar 3 14:30 .. | + | drwxr-xr-x 4 root root 4096 Mar 3 14:30 .. |
- | -rw-r--r-- 1 root root 397 Mar 4 09:12 application.properties | + | -rw-r--r-- 1 root root 1344 Jul 25 16:38 application.properties |
- | drwxr-xr-x 2 root root 4096 Mar 30 09:29 backup | + | drwxr-xr-x 2 root root 4096 May 4 17:00 backup |
- | -rw-r--r-- 1 ec2-user ec2-user 68093104 Mar 29 15:28 datenschutz-server-1.0-SNAPSHOT.jar | + | -rw----r-- 1 root root 5257 Apr 25 10:34 datareporter.jks |
- | -rwxr--r-- 1 root root 1021 Mar 10 15:30 service.sh | + | -rw-r--r-- 1 root root 69332573 Jul 1 12:08 datareporter-server-1.0-SNAPSHOT.jar |
- | -rw------- 1 root root 5745 Mar 4 09:09 traunau.jks | + | -rwxr--r-- 1 root root 1451 May 4 16:59 service.sh |
- | -rwxr--r-- 1 root root 285 Mar 3 14:35 webserver.sh | + | -rw----r-- 1 root root 5745 Mar 4 09:09 traunau.jks |
+ | drwxr-xr-x 2 root root 4096 Jul 25 08:30 update | ||
+ | -rwxr--r-- 1 root root 321 Jul 25 16:54 webserver.sh | ||
</file> | </file> | ||
- | |||
===== application.properties ===== | ===== application.properties ===== | ||
Konfiguration des Systems, einen Beispielkonfiguration (inkl. SSL) wäre: | Konfiguration des Systems, einen Beispielkonfiguration (inkl. SSL) wäre: | ||
<file> | <file> | ||
+ | |||
logging.level.org.springframework.web: ERROR | logging.level.org.springframework.web: ERROR | ||
logging.level.org.thymeleaf: ERROR | logging.level.org.thymeleaf: ERROR | ||
Zeile 32: | Zeile 34: | ||
server.port: 443 | server.port: 443 | ||
- | server.ssl.key-store: traunau.jks | + | server.ssl.key-store: datareporter.jks |
- | server.ssl.key-store-password: ***** | + | server.ssl.key-store-password: datareporter |
server.ssl.keyStoreType: jks | server.ssl.keyStoreType: jks | ||
- | server.ssl.keyAlias: traunau | + | server.ssl.keyAlias: datareporter |
+ | server.ssl.ciphers=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_DSS_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_SHA256,TLS_ECDHE_RSA_WITH_AES_128_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_SHA,TLS_ECDHE_RSA_WITH_AES_256_SHA384,TLS_ECDHE_ECDSA_WITH_AES_256_SHA384,TLS_ECDHE_RSA_WITH_AES_256_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_128_SHA,TLS_DHE_DSS_WITH_AES_128_SHA256,TLS_DHE_RSA_WITH_AES_256_SHA256,TLS_DHE_DSS_WITH_AES_256_SHA,TLS_DHE_RSA_WITH_AES_256_SHA | ||
+ | |||
+ | |||
+ | i# absolute URL of own application (without trailing /, including protocol) | ||
+ | application.url=https://dsdev.datareporter.eu | ||
</file> | </file> | ||
+ | |||
+ | ===== datareporter-server-1.0-SNAPSHOT.jar ===== | ||
+ | Der aktuelle Build des DataReporter Serversystems | ||
+ | |||
+ | ===== service.sh ===== | ||
+ | Dient zum Start des .jar files als Service. Prüft auch, ob der Webserver eventuell nicht mehr läuft obwohl er laufen sollte (PID file existiert, aber Prozess läuft nicht). Zum Start wird das Hilfsskript ''webserver.sh'' benötigt. | ||
+ | |||
+ | <code> | ||
+ | #!/bin/sh | ||
+ | SERVICE_NAME=Datareporter | ||
+ | PATH_TO_SH=/opt/webserver/webserver.sh | ||
+ | PID_PATH_NAME=/tmp/datareporter-pid | ||
+ | |||
+ | |||
+ | if [ -f $PID_PATH_NAME ]; then | ||
+ | PID=$(cat $PID_PATH_NAME); | ||
+ | if ps -p $PID > /dev/null | ||
+ | then | ||
+ | # runs and pid file there, all ok | ||
+ | echo "Running OK" | ||
+ | else | ||
+ | echo "PID file but no running process, starting.." | ||
+ | rm $PID_PATH_NAME | ||
+ | su root -c $PATH_TO_SH | ||
+ | echo "$SERVICE_NAME started ..." | ||
+ | fi | ||
+ | |||
+ | fi | ||
+ | |||
+ | |||
+ | |||
+ | case $1 in | ||
+ | start) | ||
+ | echo "Starting $SERVICE_NAME ..." | ||
+ | if [ ! -f $PID_PATH_NAME ]; then | ||
+ | su root -c $PATH_TO_SH | ||
+ | echo "$SERVICE_NAME started ..." | ||
+ | else | ||
+ | echo "$SERVICE_NAME is already running ..." | ||
+ | fi | ||
+ | ;; | ||
+ | stop) | ||
+ | if [ -f $PID_PATH_NAME ]; then | ||
+ | PID=$(cat $PID_PATH_NAME); | ||
+ | echo "$SERVICE_NAME stoping ..." | ||
+ | kill $PID; | ||
+ | echo "$SERVICE_NAME stopped ..." | ||
+ | rm $PID_PATH_NAME | ||
+ | else | ||
+ | echo "$SERVICE_NAME is not running ..." | ||
+ | fi | ||
+ | ;; | ||
+ | check) | ||
+ | if [ -f $PID_PATH_NAME ]; then | ||
+ | PID=$(cat $PID_PATH_NAME); | ||
+ | if ps -p $PID > /dev/null | ||
+ | then | ||
+ | # runs and pid file there, all ok | ||
+ | echo "Check result: running OK" | ||
+ | exit 0 | ||
+ | else | ||
+ | echo "Check: PID file but no running process" | ||
+ | exit 1 | ||
+ | fi | ||
+ | else | ||
+ | echo "Check: Not running" | ||
+ | exit 1 | ||
+ | fi | ||
+ | ;; | ||
+ | esac | ||
+ | |||
+ | </code> | ||
+ | ===== traunau.jks ===== | ||
+ | Der Java Keystore für das SSL Zertifikat. | ||
+ | |||
+ | ===== webserver.sh ===== | ||
+ | Hilfsskript für service.sh: | ||
+ | <code> | ||
+ | #!/bin/bash | ||
+ | |||
+ | JAR_NAME=datareporter-server-1.0-SNAPSHOT.jar | ||
+ | PATH_TO_JAR=/opt/webserver | ||
+ | PID_PATH_NAME=/tmp/datareporter-pid | ||
+ | PATH_TO_LOG=/var/log | ||
+ | |||
+ | |||
+ | cd $PATH_TO_JAR | ||
+ | nohup java -Xmx512m -Djdk.tls.ephemeralDHKeySize=2048 -jar $PATH_TO_JAR/$JAR_NAME 2>>$PATH_TO_LOG/ds_server.err >>$PATH_TO_LOG/ds_server.log & | ||
+ | echo $! > $PID_PATH_NAME | ||
+ | </code> | ||
+ | ====== Installation des Services (initd) ====== | ||
+ | Um den Webserver bei Systemstart zu starten, muss folgender symbolische Link in ''/etc/init.d'' gesetzt werden: | ||
+ | <code> | ||
+ | lrwxrwxrwx 1 root root 25 Mar 3 14:44 datenschutz -> /opt/webserver/service.sh | ||
+ | </code> | ||
+ | |||
+ | Um den Watchdog für den Service laufen zu lassen wird folgende Crontab (als root) benötigt: | ||
+ | <code> | ||
+ | * * * * * /opt/webserver/service.sh | ||
+ | </code> | ||
+ | |||