04-07-2018, 09:29 AM
After the “Basic” configuration I got started with my webserver part,
1) First, I started installing Apache
You can check this is working by surfing in your web browser to the IP address of your rock.
2) Once this was working I installed Maria DB to have a database if needed
The database server needs to be secured, I have done this by following command
Then I got some question :
Set root password [Y/n] Answer yes and set password
Remove anonymous users? [Y/n] Answer yes
Disallow root login remotely? [Y/n] Answer yes
Remove test DB an access to it? [Y/n] Answer yes
Reload privilege tables now? [Y/n] Answer yes
You can check this is working with following commands
3) After that I installed PHP with following command
For this to take effect I restarted the apache server with following command
To check if PHP is working correctly I deleted the index.html file from the html folder and made a new index.php file with the phpinfo function
You can check this is working by surfing in your web browser to the IP address of your rock.
4) To add some extra security I installed a firewall to block all open ports on the rock
Of course not all our ports have to be blocked or the webserver cannot be accessed, I allowed next ports : 22 for SSH access, 80 for http access and 443 for https access.
After entering thes ports I started up UFW
To check the open ports
Used resource for 1 to 4 is https://www.cyberciti.biz/faq/how-to-ins...9-stretch/
5) To make access to the database easier I installed phpMyAdmin with following command
While installing I got some questions:
Web server to reconfigure? Chose apache2
Config DB for phpMyAdmin with dbconfig-common? Choose Yes
Password of the DB admin user Give the root password from MariaDB install
MySQL app password for phpMyAdmin Choose a password (this doesn’t need to be same as the root but it can)
This completes the installation, then I still had to configure phpMyAdmin to Apache
Next I granted full access to the user phpMyAdmin in MariaDB so that I could connect to the DB outside “localhost”
Then I restarted apache for the changes to take effect
You can check this is working by surfing in your web browser to the IP address of your rock and adding /phpmyadmin to the IP address (example : 192.168.178.250/phpmyadmin)
Used resource for 5 is https://pimylifeup.com/raspberry-pi-mysql-phpmyadmin/
6) Most of my projects I write are in Java so I needed to install Java and of course a tomcat server, first of all I started installing Oracle Java on my Rock (at the moment of installing 8u162 was the latest version, u will need to check http://www.oracle.com/technetwork/java/j...33151.html to see what is now the latest version and change the command accordingly )
To verify the installation I checked the Java version
At last I have set up the Environmental Variable’s in /etc/profile
7) After installing Java we need a server to run Java projects, I installed tomcat 8 (at the moment of installing v8.5.28 was the latest version, you will need to check http://www-us.apache.org/dist/tomcat/ to see what is now the latest version and change the command accordingly )
I started with making a low-privilege user to run the tomcat service
Then I downloaded and installed tomcat server
After installing I manual started tomcat with
Because it’s not user friendly to start tomcat on each reboot cycle I added a system service
For this system service file to work I needed to restart system daemon and then enable the service.
Now I can start tomcat with the following commands
To have access to the web GUI I needed to make an user in tomcat-user.xml
The Tomcat admin web GUI is standard made to only allow access from the local host, since I’m using a headless system I need add some extra code so I can access the admin web GUI, I needed to change 2 files
I added |192.168.178.* so I’m not able to enter the admin web GUI when I’m not home, to make It’s accessible from anywhere you can add only |*
Before the changes take effected I needed to restart my tomcat server
Because I’m using UFW firewall I first had to add port 8080 to UFW and reload UFW
You can check this is working by surfing in your web browser to the IP address of your rock and adding :8080 to the IP address (example : 192.168.178.250:8080)
Used resource for 6 and 7 is https://www.itzgeek.com/how-tos/linux/de...nt-18.html
8) Because I don’t want to let my user surf to mydomain.com:8080 I wanted to link a subdomain to the tomcat server(Java) and my main domain the apache server(html and php), this is done by adding a proxy to mine .conf file in apache
I also changed the ServerName and Alias from the original virtual host to
After adding this code I still needed to activate proxy in apache and restart the apache server
Of course I also made the corresponding DNS records.
Used resource for 8 https://serverfault.com/questions/195611...ame-server
So now I have a working apache server that can run HTML and PHP on my main domain and a tomcat server that can run Java on a subdomain, both can access my database and I can easy access my database in a web GUI.
At last I also will implement HTTPS access, but I’m waiting for CertBot to implement wildcards in Apache.
1) First, I started installing Apache
Code:
$ sudo apt install apache22) Once this was working I installed Maria DB to have a database if needed
Code:
$ sudo apt install mariadb-serverCode:
$ sudo mysql_secure_installationSet root password [Y/n] Answer yes and set password
Remove anonymous users? [Y/n] Answer yes
Disallow root login remotely? [Y/n] Answer yes
Remove test DB an access to it? [Y/n] Answer yes
Reload privilege tables now? [Y/n] Answer yes
You can check this is working with following commands
Code:
$ sudo mysql – u root -p
MariaDB [(none)]> show database;
MariaDB [(none)]> exit 3) After that I installed PHP with following command
Code:
$ sudo apt install php7.0 libapache2-mod-php7.0 php7.0-mysql php7.0-gd php7.0-opcacheCode:
$ sudo systemctl restart apache2Code:
$ sudo rm /var/www/html/index.html
$ sudo nano /var/www/html/index.php
//Add following code in the index.php
<?php phpinfo(); ?> 4) To add some extra security I installed a firewall to block all open ports on the rock
Code:
$ sudo apt install ufwCode:
$ sudo ufw allow 22
$ sudo ufw allow 80
$ sudo ufw allow 443 Code:
$ sudo ufw enableCode:
$ sudo ufw status verboseUsed resource for 1 to 4 is https://www.cyberciti.biz/faq/how-to-ins...9-stretch/
5) To make access to the database easier I installed phpMyAdmin with following command
Code:
$ sudo apt install phpMyAdminWeb server to reconfigure? Chose apache2
Config DB for phpMyAdmin with dbconfig-common? Choose Yes
Password of the DB admin user Give the root password from MariaDB install
MySQL app password for phpMyAdmin Choose a password (this doesn’t need to be same as the root but it can)
This completes the installation, then I still had to configure phpMyAdmin to Apache
Code:
$ sudo nano /etc/apache2/apache2.conf
//Add following code to the bottom of apache2.conf
Include /etc/phpmyadmin/apache.conf Code:
$ sudo mysql – u root -p
MariaDB [(none)]> GRANT ALL PRIVILEGES ON *.* TO 'phpmyadmin'@'localhost' WITH GRANT OPTION;
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> exit Code:
$ sudo /etc/init.d/apache2 restartUsed resource for 5 is https://pimylifeup.com/raspberry-pi-mysql-phpmyadmin/
6) Most of my projects I write are in Java so I needed to install Java and of course a tomcat server, first of all I started installing Oracle Java on my Rock (at the moment of installing 8u162 was the latest version, u will need to check http://www.oracle.com/technetwork/java/j...33151.html to see what is now the latest version and change the command accordingly )
Code:
$ sudo wget --no-check-certificate --no-cookies --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u162-b12/0da788060d494f5095bf8624735fa2f1/jdk-8u162-linux-arm64-vfp-hflt.tar.gz
$ sudo tar -zxvf jdk-8u162-linux-arm64-vfp-hflt.tar.gz
$ sudo mv jdk1.8.0_162/ /usr/
$ sudo rm jdk-8u162-linux-arm64-vfp-hflt.tar.gz
$ sudo update-alternatives --install /usr/bin/java java /usr/jdk1.8.0_162/bin/java 2
$ sudo update-alternatives --config java Code:
$ java -versionCode:
$ sudo nano /etc/profile
//Added following code to the bottom of /etc/profile
export JAVA_HOME=/usr/jdk1.8.0_162/
export JRE_HOME=/usr/jdk1.8.0_162/jre/
export PATH=$JAVA_HOME/bin:$PATH 7) After installing Java we need a server to run Java projects, I installed tomcat 8 (at the moment of installing v8.5.28 was the latest version, you will need to check http://www-us.apache.org/dist/tomcat/ to see what is now the latest version and change the command accordingly )
I started with making a low-privilege user to run the tomcat service
Code:
$ sudo groupadd tomcat
$ sudo mkdir /opt/tomcat
$ sudo useradd -g tomcat -d /opt/tomcat -s /bin/nologin tomcat Code:
$ sudo wget http://www-us.apache.org/dist/tomcat/tomcat-8/v8.5.28/bin/apache-tomcat-8.5.28.tar.gz
$ sudo tar -zxvf apache-tomcat-*.tar.gz
$ sudo mv apache-tomcat-8.5.28/* /opt/tomcat/
$ sudo rm apache-tomcat-8.5.28.tar.gz
$ sudo chown -R tomcat:tomcat /opt/tomcat/ Code:
$ sudo sh /opt/tomcat/bin/startup.sh
//To stop tomcat manual use
$ sudo $ sudo sh /opt/tomcat/bin/shutdown.sh Code:
$ sudo nano /etc/systemd/system/tomcat.service
//I added following code to the new file tomcat.service
[Unit]
Description=Apache Tomcat 8.x Web Application Container
Wants=network.target
After=network.target
[Service]
Type=forking
Environment=JAVA_HOME=/usr/jdk1.8.0_162/
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1G -Djava.net.preferIPv4Stack=true'
Environment='JAVA_OPTS=-Djava.awt.headless=true'
ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/opt/tomcat/bin/shutdown.sh
SuccessExitStatus=143
User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always
[Install]
WantedBy=multi-user.target Code:
$ sudo systemctl daemon-reload
$ sudo systemctl enable tomcat Code:
$ sudo systemctl start tomcat
//To see the status of the service I can run the command
$ sudo systemctl status tomcat Code:
$ sudo nano /opt/tomcat/conf/tomcat-users.xml
// Add following code just above </tomcat-users>
<role rolename="admin-gui,manager-gui"/>
<user username="admin" password="XXX" roles="manager-gui,admin-gui"/> Code:
$ sudo nano /opt/tomcat/webapps/manager/META-INF/context.xml
//Change allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> To
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.178.*" />
$ sudo nano /opt/tomcat/webapps/host-manager/META-INF/context.xml
//Change allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" /> To
allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1|192.168.178.*" /> Before the changes take effected I needed to restart my tomcat server
Code:
$ sudo systemctl restart tomcatCode:
$ sudo ufw allow 8080
$ sudo ufw reload Used resource for 6 and 7 is https://www.itzgeek.com/how-tos/linux/de...nt-18.html
8) Because I don’t want to let my user surf to mydomain.com:8080 I wanted to link a subdomain to the tomcat server(Java) and my main domain the apache server(html and php), this is done by adding a proxy to mine .conf file in apache
Code:
$ sudo nano /etc/apache2/sites-available/000-default.conf
//Add following code the bottom of the file
<VirtualHost *:80>
ServerAdmin mike@mikedhoore.be
ServerName java.mikedhoore.be
ServerAlias www.java.mikedhoore.be
ProxyPreserveHost On
# setup the proxy
<Proxy *>
Order allow,deny
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
</VirtualHost> Code:
ServerName mikedhoore.be
ServerAlias www.mikedhoore.be Code:
$ sudo a2enmod proxy
$ sudo a2enmod proxy_http
$ sudo service apache2 restart Used resource for 8 https://serverfault.com/questions/195611...ame-server
So now I have a working apache server that can run HTML and PHP on my main domain and a tomcat server that can run Java on a subdomain, both can access my database and I can easy access my database in a web GUI.
At last I also will implement HTTPS access, but I’m waiting for CertBot to implement wildcards in Apache.
