More Related Content
Similar to Setting Up a Cloud Server - Part 2 - Transcript.pdf (20)
More from ShaiAlmog1 (20)
Setting Up a Cloud Server - Part 2 - Transcript.pdf
- 1. Setting up a Cloud Server - Part II
We continue with installations of many packages we need to run everything
- 2. #yum install xorg-x11-server-Xvfb
Commands
✦ This allows some GUI related code to work on the
server, although it’s still “flaky”
© Codename One 2017 all rights reserved
Our server is headless, that means it has no monitor or video display. So if we try to use an API like Swing or JavaFX the app will fail as it won’t be able to display
anything. Normally that’s not a problem but since we might want to run the CSS compiler it would need access to graphics. It’s also useful for other features so if you
want to generate images on the server the ability to use Java2D would be useful.
That’s where XVFB comes in handy. X11 is the windowing system for Linux and other unix flavors. XVFB uses X on frame buffer and effectively allows us to draw even
without a display. That’s useful if we need to run GUI code that doesn’t actually need the screen.
- 3. #yum install unzip
Commands
✦ Unzip allows us to copy/download tools like Ant
© Codename One 2017 all rights reserved
We will next install unzip we’ll need it later on to install ant
- 4. #yum install mariadb-server
Commands
✦ We can install mysql but maria is standard on
centos so I went with that
© Codename One 2017 all rights reserved
The next step is the installation of Maria DB which I mentioned earlier. It’s a fork of MySQL that is supported by Centos. This installs the server itself but we need a few
additional steps.
- 5. #systemctl start mariadb
Commands
✦ We add maria to the startup script of the VPS
© Codename One 2017 all rights reserved
This adds mariadb to the startup script so it loads on system boot
- 6. #systemctl enable mariadb
Commands
✦ We verify that mariadb is enabled in the startup
process
© Codename One 2017 all rights reserved
This step verifies that the previous step succeeded and maria db is running. I would go into more details on this but boot process in Linux is a bit different between
distributions so I’d rather not dig in too much
- 7. #mysql_secure_installation
Commands
✦ This script secures the mysql install by removing
common security pitfalls
✦ Follow the scripts advice and restrict everything
✦ Ideally pick the same password you have in the
desktop version of mysql otherwise deployment
might be error prone
© Codename One 2017 all rights reserved
MySQL and MariaDB ship with a great script to harden security. I followed the advice and restricted as much as possible although you might want to allow your IP to
have remote access to the server. This might make it easier to administer the server remotely.
This is an important step, having a server discoverable on the internet is pretty dangerous.
One thing I did which is important was setting the database password to the same value as the one I have in the development server. That means the code is exactly the
same albeit slightly less secure. To be fair that’s not a problem if the database can’t be accessed remotely.
- 8. #iptables -t nat -A PREROUTING -p tcp --
dport 80 -j REDIRECT --to-port 8080
Commands
✦ Setting tomcat to work on port 80 is problematic,
this makes all port 80 traffic to to port 8080
© Codename One 2017 all rights reserved
The next step is exposing the right port. Unix based systems block TCP ports below 1024. You can’t listen on that port without root privileges. This is generally a security
measure so a random user who logs into a system won’t start a server on the machine.
There are many ways around it but the one I use most often is iptables which you need to run as root and effectively redirect traffic in the kernel level. So traffic on port 80
gets redirected to 8080 in this command line.
In case you don’t know port 80 is the default port for the HTTP protocol
- 9. #iptables -t nat -A PREROUTING -p tcp --
dport 443 -j REDIRECT --to-port 8443
Commands
✦ This is the exact same command for 443 which is
the port for HTTPS
© Codename One 2017 all rights reserved
Port 443 isn’t as known as port 80, it’s the default port of the https protocol so we are doing here the exact same thing for that and port 8443
- 10. #su builder
Commands
✦ We now become the builder user so we can
setup the server tasks here
© Codename One 2017 all rights reserved
Finally it’s time to become the builder. Notice we don’t need a password to do this as we are assuming the builder user from the root user
- 11. $cd ~
Commands
✦ ~ represents the home directory in this case it’s a
shorthand for /home/builder
✦ Since we are currently in /root it’s problematic as
we don’t have permissions here
© Codename One 2017 all rights reserved
Tilde is a special character in unix. It represents the home directory of the user so when we are root tilde is /root and when we are builder it’s /home/builder.
Currently we are at /root because that’s where we logged in so we need to go to the home directory of builder and that’s what this command does.
Notice that the sign next to the command is a dollar sign and not a pound sign (or hash sign). That’s because we are now using the user account and not the root
account