Recommended
More Related Content
Similar to Setting Up a Cloud Server - Part 2 - Transcript.pdf
Similar to Setting Up a Cloud Server - Part 2 - Transcript.pdf (20)
More from ShaiAlmog1
More from ShaiAlmog1 (20)
Recently uploaded
Recently uploaded (20)
Setting Up a Cloud Server - Part 2 - Transcript.pdf
- 1. Setting up a Cloud Server - Part II We continue with installations of many packages we need to run everything
- 2. #yum install xorg-x11-server-Xvfb Commands ✦ This allows some GUI related code to work on the server, although it’s still “flaky” © Codename One 2017 all rights reserved Our server is headless, that means it has no monitor or video display. So if we try to use an API like Swing or JavaFX the app will fail as it won’t be able to display anything. Normally that’s not a problem but since we might want to run the CSS compiler it would need access to graphics. It’s also useful for other features so if you want to generate images on the server the ability to use Java2D would be useful. That’s where XVFB comes in handy. X11 is the windowing system for Linux and other unix flavors. XVFB uses X on frame buffer and effectively allows us to draw even without a display. That’s useful if we need to run GUI code that doesn’t actually need the screen.
- 3. #yum install unzip Commands ✦ Unzip allows us to copy/download tools like Ant © Codename One 2017 all rights reserved We will next install unzip we’ll need it later on to install ant
- 4. #yum install mariadb-server Commands ✦ We can install mysql but maria is standard on centos so I went with that © Codename One 2017 all rights reserved The next step is the installation of Maria DB which I mentioned earlier. It’s a fork of MySQL that is supported by Centos. This installs the server itself but we need a few additional steps.
- 5. #systemctl start mariadb Commands ✦ We add maria to the startup script of the VPS © Codename One 2017 all rights reserved This adds mariadb to the startup script so it loads on system boot
- 6. #systemctl enable mariadb Commands ✦ We verify that mariadb is enabled in the startup process © Codename One 2017 all rights reserved This step verifies that the previous step succeeded and maria db is running. I would go into more details on this but boot process in Linux is a bit different between distributions so I’d rather not dig in too much
- 7. #mysql_secure_installation Commands ✦ This script secures the mysql install by removing common security pitfalls ✦ Follow the scripts advice and restrict everything ✦ Ideally pick the same password you have in the desktop version of mysql otherwise deployment might be error prone © Codename One 2017 all rights reserved MySQL and MariaDB ship with a great script to harden security. I followed the advice and restricted as much as possible although you might want to allow your IP to have remote access to the server. This might make it easier to administer the server remotely. This is an important step, having a server discoverable on the internet is pretty dangerous. One thing I did which is important was setting the database password to the same value as the one I have in the development server. That means the code is exactly the same albeit slightly less secure. To be fair that’s not a problem if the database can’t be accessed remotely.
- 8. #iptables -t nat -A PREROUTING -p tcp -- dport 80 -j REDIRECT --to-port 8080 Commands ✦ Setting tomcat to work on port 80 is problematic, this makes all port 80 traffic to to port 8080 © Codename One 2017 all rights reserved The next step is exposing the right port. Unix based systems block TCP ports below 1024. You can’t listen on that port without root privileges. This is generally a security measure so a random user who logs into a system won’t start a server on the machine. There are many ways around it but the one I use most often is iptables which you need to run as root and effectively redirect traffic in the kernel level. So traffic on port 80 gets redirected to 8080 in this command line. In case you don’t know port 80 is the default port for the HTTP protocol
- 9. #iptables -t nat -A PREROUTING -p tcp -- dport 443 -j REDIRECT --to-port 8443 Commands ✦ This is the exact same command for 443 which is the port for HTTPS © Codename One 2017 all rights reserved Port 443 isn’t as known as port 80, it’s the default port of the https protocol so we are doing here the exact same thing for that and port 8443
- 10. #su builder Commands ✦ We now become the builder user so we can setup the server tasks here © Codename One 2017 all rights reserved Finally it’s time to become the builder. Notice we don’t need a password to do this as we are assuming the builder user from the root user
- 11. $cd ~ Commands ✦ ~ represents the home directory in this case it’s a shorthand for /home/builder ✦ Since we are currently in /root it’s problematic as we don’t have permissions here © Codename One 2017 all rights reserved Tilde is a special character in unix. It represents the home directory of the user so when we are root tilde is /root and when we are builder it’s /home/builder. Currently we are at /root because that’s where we logged in so we need to go to the home directory of builder and that’s what this command does. Notice that the sign next to the command is a dollar sign and not a pound sign (or hash sign). That’s because we are now using the user account and not the root account