Scribd
Upload
121 views6 pages

Server Setup

The document provides steps to set up an application server. It involves moving required files and directories to the server, configuring vault for security, installing Java, configuring WildFly, and installing packages. Key steps include: 1) Using scp and tar commands to copy files/directories like WildFly, projects, and libraries to the server tmp folder and extracting them. 2) Configuring vault to encrypt sensitive values by generating a keystore, initializing vault, and storing/verifying attributes. 3) Installing a Java version and setting environment variables. 4) Configuring WildFly by modifying configuration files for datasources, security, and logging and deploying WAR files.

Uploaded by

Sahil Thakur
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
121 views6 pages

Server Setup

The document provides steps to set up an application server. It involves moving required files and directories to the server, configuring vault for security, installing Java, configuring WildFly, and installing packages. Key steps include: 1) Using scp and tar commands to copy files/directories like WildFly, projects, and libraries to the server tmp folder and extracting them. 2) Configuring vault to encrypt sensitive values by generating a keystore, initializing vault, and storing/verifying attributes. 3) Installing a Java version and setting environment variables. 4) Configuring WildFly by modifying configuration files for datasources, security, and logging and deploying WAR files.

Uploaded by

Sahil Thakur
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 6

APPLICATION SERVER SETUP

STEP 1-> Moving the files


In Terminal go to the desired server.
login
ssh c*****@rn-satt-lapp23.rno.apple.com
$ sudo su - sdmat
sudo login password

Archive the required directories and exclude the logs using tar command :-
>> tar cvf file_name.tar file_name –exclude= *.log

List of required directories:


 wildfly-15.0.0.Final
 sprout_project
 redis-5.0.5
 cx_Oracle

List of required files:


 Anaconda3-2019.03-Linux-x86_64.sh
 django_sslserver-0.21-py3-none-any.whl
 django-globals-0.3.2.tar.gz
 cx_oracle-7.0.0-py37h7b6447c_0.tar.bz2
 redis-3.3.11.tar.gz
 gunicorn-19.9.0-py37_0.tar.bz2
 djangorestframework-3.9.4.tar
 Django-2.2.2.tar.gz
 dj-database-url-0.5.0.tar.gz
 sqlparse-0.3.0.tar.gz
 redis-3.3.11

Copy the files/modules from an existing server to local device.


First copy the files/module to the /tmp folder then use command:

scp c<batch number>@<server address>:/tmp/<file name> <local device path>

example :
>>scp c******@rn-satt-lapp23.rno.apple.com:/tmp/sprout_project.tar
~/Desktop/server_temp/

Then move the files to the new server’s /tmp folder using scp command.

example :
>>scp ~/Desktop/server_temp/ sprout_project.tar c******@rn-satt-
lapp23.rno.apple.com:/tmp/

In the new server create a new directory ‘GA using ‘mkdir’ command.
>> mkdir GA
copy the files to the ‘GA’ folder and extract all the files from archive.
>>cd GA
>>tar –xvf file_name.tar

STEP 2-> Configuring Vault

rn-gat-lapp01:/ngs/app/gat/GA/wildfly-15.0.0.Final/standalone/configuration->

/usr/java/jre64-1.8.0_111/bin/keytool -genseckey -alias vault -storetype jceks -keyalg AES -


keysize 256 -storepass gat2020 -keypass gat2020 -keystore vault.keystore

To configure vault follow the below example :-

rn-gat-lapp01:/ngs/app/gat/GA/wildfly-15.0.0.Final/bin ->./vault.sh
=========================================================================

JBoss Vault

JBOSS_HOME: :/ngs/app/gat/GA/ wildfly-15.0.0.Final

JAVA: /usr/java/jre64-1.8.0_111/jre/bin/java

=========================================================================

**********************************
**** JBoss Vault ***************
**********************************
Please enter a Digit:: 0: Start Interactive Session 1: Remove Interactive Session 2: Exit
0
Starting an interactive session
Enter directory to store encrypted files: /ngs/app/gat/GA / wildfly-15.0.0.Final
/standalone/configuration
Enter Keystore URL: /ngs/app/gat/GA / wildfly-15.0.0.Final
/standalone/configuration/vault.keystore
Enter Keystore password:
Enter Keystore password again:
Values match
Enter 8 character salt: 13572468
Enter iteration count as a number (e.g.: 44): 50
Enter Keystore Alias: vault
WFLYSEC0056: Initializing Vault
Apr 06, 2019 5:12:09 PM org.picketbox.plugins.vault.PicketBoxSecurityVault init
INFO: PBOX00361: Default Security Vault Implementation Initialized and Ready
WFLYSEC0048: Vault Configuration commands in WildFly for CLI:
********************************************
For standalone mode:
/core-service=vault:add(vault-options=[("KEYSTORE_URL" => "/ngs/app/gat/GA/ wildfly-
15.0.0.Final /standalone/configuration/vault.keystore"),("KEYSTORE_PASSWORD" =>
"MASK-CmEwSSJI5hI"),("KEYSTORE_ALIAS" => "vault"),("SALT" => "13572468"),
("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "/ngs/app/gat/GA / wildfly-
15.0.0.Final /standalone/configuration/")])
********************************************
For domain mode:
/host=the_host/core-service=vault:add(vault-options=[("KEYSTORE_URL" =>
"/ngs/app/gat/GA/wildfly-13.0.0/standalone/configuration/vault.keystore"),
("KEYSTORE_PASSWORD" => "MASK-CmEwSSJI5hI"),("KEYSTORE_ALIAS" => "vault"),("SALT"
=> "13572468"),("ITERATION_COUNT" => "50"),("ENC_FILE_DIR" => "/ngs/app/gat/GA/
wildfly-15.0.0.Final /standalone/configuration/")])
********************************************
WFLYSEC0057: Vault is initialized and ready for use
WFLYSEC0058: Handshake with Vault complete
Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute
exists 2: Remove secured attribute 3: Exit
0
Task: Store a secured attribute
Please enter secured attribute value (such as password)
Please enter secured attribute value again
Values match
Enter Vault Block:CEP
Enter Attribute Name:complexpassword
WFLYSEC0047: Secured attribute value has been stored in Vault.
Please make note of the following:
********************************************
Vault Block:CEP
Attribute Name:complexpassword
Configuration should be done as follows:
VAULT::CEP::complexpassword::1
********************************************
Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute
exists 2: Remove secured attribute 3: Exit
1
Task: Verify whether a secured attribute exists
Enter Vault Block:CEP
Enter Attribute Name:complexpassword
A value exists for [CEP::complexpassword]
Please enter a Digit:: 0: Store a secured attribute 1: Check whether a secured attribute
exists 2: Remove secured attribute 3: Exit
3
rn-gat-lapp01:/ngs/app/gat/GA/ wildfly-15.0.0.Final /bin ->

# Add the below tags in standalone.xml

<vault>
<vault-option name="KEYSTORE_URL"
value="/ngs/app/gat/GA/wildfly-15.0.0.Final/standalone/configuration/vault.keystore"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-3QCEHsah7Md"/>
<vault-option name="KEYSTORE_ALIAS" value="vault"/>
<vault-option name="SALT" value="13572468"/>
<vault-option name="ITERATION_COUNT" value="50"/>
<vault-option name="ENC_FILE_DIR"
value="/ngs/app/gat/GA/wildfly-15.0.0.Final/standalone/configuration/"/>
</vault>

STEP 3-> Installing JAVA


1.List the currently installed and available jre64 packages
sudo pacman list jre64

2.Install a specific jre64 version


sudo /usr/local/bin/pacman install jre64-1.8.0_111-apple-0.x86_64

EDIT .bash_profile file. Provide JRE and Oracle Path.


command : vi .bash_profile
source .bash_profile (to compile)

CONFIGURE WILDFLY:
1. Copy upgraded version of wildfly.
2. Modify Configuration files. (Path : /wildfly-15.0.0.Final/standalone/configuration/ )
2.1 In standalone.xml file, Provide Datasources for DB connections. Provide the
Hostname, Port Number, SSId, Username and Password.
2.2 In standalone.xml file, Provide Path and Password for .jks file.
2.3 In logging.properties file, Provide the path for log file. (e.g :
handler.FILE.fileName=/ngs/app/gat/GA/wildfly-15.0.0.Final /standalone/log/server.log)
3. Deploy War file on the server. (Path : / wildfly-15.0.0.Final /standalone/deployments/ )
4. Copy Properties File. (Path : / wildfly-15.0.0.Final /bin/Sprout_resources/ )
Provide authentication related information in authConfig.properties file. (Group Id,
AppId, AppPassword, etc)

Commands for generating .jks and .pem files.

>> /usr/java/jre64-1.8.0_111/bin/keytool -genkeypair -keystore keystore.jks -alias rn-gat-


lapp01.rno.apple.com -keyalg RSA -keysize 2048 -dname CN=rn-gat-lapp01.rno.apple.com

>>/usr/java/jre64-1.8.0_111/bin/keytool -certreq -keystore keystore.jks -alias rn-gat-


lapp01.rno.apple.com -sigalg SHA256withRSA

>>/usr/java/jre64-1.8.0_111/bin/keytool -import -keystore keystore.jks -alias rn-gat-


lapp01.rno.apple.com -trustcacerts -file rn-gat-lapp01.rno.apple.com.chain.pem

copy the RSA Key while generating the certificate to https://certificatemanager.apple.com.


Download the .pem file from certificate Manager and copy .pem and .jks file to
configuration directory on the server.

In the standalone.xml file:

update the DB details Inside the <datasource> tags


update the user_name and password in the tags:
<security-domain name="EncryptedRudyPassword">

STEP 4->Install the copied packages


 Anaconda3-2019.03-Linux-x86_64.sh:
Follow the on screen installation steps.
make sure that the path of Anaconda is : ~/anaconda3/

 Extract redis-5.0.5 inside GA/ then run this commands to install redis:
>>cd ~/GA/redis-5.0.5
>>make INSTALL
>>make test

 Extract these files in ~/anaconda3/pkgs/ and install using


“conda install <filename>” or “pip install <filename>”
o django_sslserver-0.21-py3-none-any.whl
o cx_Oracle-7.2.3-cp37-cp37m-manylinux1_x86_64.whl
o django-globals-0.3.2.tar.gz
o cx_oracle-7.0.0-py37h7b6447c_0.tar.bz2
o redis-3.3.11.tar.gz
o gunicorn-19.9.0-py37_0.tar.bz2
o djangorestframework-3.9.4.tar
o Django-2.2.2.tar.gz
o dj-database-url-0.5.0.tar.gz
o sqlparse-0.3.0.tar.gz
o redis-3.3.11

step 5->Configure https

 Generate the certficate and key file for gunicorn:

Go to the configuration folder of wildfly and run these commands for the cert and key file:

>>keytool -importkeystore -srckeystore


/ngs/app/gat/GA/wildfly-15.0.0.Final/standalone/configuration/keystore.jks -
destkeystore /ngs/app/gat/GA/wildfly-15.0.0.Final/standalone/configuration/gaitnew.p12 -
deststoretype PKCS12 -srcalias rn-gat-lapp01.rno.apple.com -deststorepass gat2020 -
destkeypass gat2020

>>openssl pkcs12 -in gaitnew.p12 -nokeys -out gaitnew.cert

>>openssl pkcs12 -in gaitnew.p12 -nodes -nocerts -out rn-gat-lapp01.rno.apple.com.key

 Add the files to the start gunicorn command:

In the GA/sprout_project folder add the cert and key file in the script to run gunicorn :

exec gunicorn -c sproutplus-gunicorn.conf.py config.wsgi:application -b rn-gat-


lapp01.rno.apple.com:51152
--certfile=/ngs/app/gat/GA/wildfly-15.0.0.Final/standalone/configuration/gaitnew.cert --
keyfile=/ngs/app/gat/GA/wildfly-15.0.0.Final/standalone/configuration/rn-gat-
lapp01.rno.apple.com.key --error-logfile ./server.log --access-logfile ./access.log --capture-
output --log-level debug &
 Change the shipConfig.properties file:

Go to the sprouts_resources folder:


>>cd /ngs/app/sdmat/GA/wildfly-15.0.0.Final/bin/Sprout_resources

update the ‘analytics_server’ url value to :


https://rn-gat-lapp01.rno.apple.com:51152

You might also like