I got VPS (Virtual Private Server). and I want to install apache-tomcat with this server. the server's OS is CentOS 64bit. I installed through beneath steps.
Step 1. Installing JDK
cd /usr/tmp
wget http://download.oracle.com/otn-pub/java/jdk/8u51-b16/jdk-8u51-linux-x64.rpm
rpm -Uvh jdk-8u51-linux-x64.rpm
Step 2. Installing Tomcat
wget http://apache.tt.co.kr/tomcat/tomcat-8/v8.0.24/bin/apache-tomcat-8.0.24.tar.gz
tar xvfpz apache-tomcat-8.0.24.tar.gz
mv apache-tomcat-8.0.24 /usr/local/tomcat
Step 3. Adding tomcat service
wrote beneath shell code and save into /etc/rc.d/init.d/
and change permission by 'chmod 755 /etc/rc.d/init.d/tomcat'
#!/bin/sh
# Startup script for Tomcat
#
# chkconfig: 35 85 15
# description: apache tomcat 6.x
#
# processname: tomcat
#
# Source function library.
export JAVA_HOME=/usr/java/default
export CATALINA_HOME=/usr/local/tomcat
export PATH=$PATH:$JAVA_HOME/bin:$CATALINA_HOME/bin
# See how we were called.
case "$1" in
start)
echo -n "Starting tomcat: "
$CATALINA_HOME/bin/catalina.sh start
echo
;;
stop)
echo -n "Shutting down tomcat: "
$CATALINA_HOME/bin/catalina.sh stop
echo
;;
restart)
$0 stop
sleep 2
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart}"
exit 1
esac
exit 0
Step 4. Run service
chkconfig –add tomcat
service tomcat start
But... I couldn't see cat on server:8080...
So I found some document saying open 8080 port on iptables.
so I adding this quote
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
But things not changed. still I can't access this server at externally.
Even if I stop iptables, iptables6, Can't acess.
Server IP : 168.92.122.39 Domain : 39.vs.woobi.co.kr
FTP 182.162.94.35:53921 -> 192.168.122.39:21
SSH 182.162.94.35:53922 -> 192.168.122.39:22
MYSQL 182.162.94.35:53906 -> 192.168.122.39:3306
I don't know what is problem. I spend so many time with this. please help me!
Instead of using the iptables command you specified, try the firewall-cmd command (CentOS 7) or lokkit (CentOS 6)
# CentOS 6
lokkit -p 8080:tcp
# CentOS 7
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload
Also check the documentation of your VPS provider. It may be that you must open/forward the port in their user interface as well. I know for example that Amazon requires this.
Related
I'm trying to launch an express app when my ec2 machine starts. I've a startup script that is:
#!/bin/bash
echo "will reroute traffic" >> /home/ubuntu/log.logs
sudo iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 80 -j REDIRECT --to-port 8080
sudo iptables -A INPUT -p tcp -m tcp --sport 80 -j ACCEPT
sudo iptables -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
echo "will kill node" >> /home/ubuntu/log.logs
if pgrep node &> /dev/null ; then killall -KILL node ; fi
if pgrep nodejs &> /dev/null ; then killall -KILL nodejs ; fi
echo "will run node server" >> /home/ubuntu/log.logs
cd server && npm install && npm run build && npm run start </dev/null &>/dev/null &
echo "has run node server" >> /home/ubuntu/log.logs
If I launch it from the console, it starts the server, exits and the server runs fine.
To launch it, I've added those lines to /etc/rc.local:
rm -f /home/ubuntu/log.logs
echo "will run" >> /home/ubuntu/log.logs
/bin/bash /home/ubuntu/startup.sh
echo "has run" >> /home/ubuntu/log.logs
After rebooting, the server is not responding and it looks like it has not started (the server logs ticks when running that are not there)
the output in log.logs looks fine:
will run
will will reroute traffic
will kill node
will run node server
has run node server
has run
so everything seems to have been executed, but the node app is not running, which I confirmed by running top | grep node that returns nothing.
I found that the cheap (or free) AWS VMs got CPU/network throttled causing npm installs etc. to fail. Maybe use a VPS that is a better value or try yarn. Also make it log the npm stuff to a file instead of dev/null.
It turned out that I installed npm and node through nvm, and that nvm adds a script to .bashrc that will load those libraries. To start my script on reboot, I was using cron that is not sourcing .bashrc. Additionally, the default .bashrc on AWS EC2 ubuntu instances starts with a check on wether it's been run from a terminal or not, and escape it it's not been run from a terminal. So sourcing it from cron has no effect.
I didn't see that since the failing line
cd server && npm install && npm run build && npm run start
was not logging anything
I ended up manually sourcing the path to npm and node
I'm using my apache server for running TCP and UDP traffic using iperf3.
I manually execute a command on my server to listen to a port.
~# iperf3 -i 5 -s -p 7759
-----------------------------------------------------------
Server listening on 7759
-----------------------------------------------------------
I'm wondering if there is a way to configure my apache server to have few ports (say 7760,7761,7762,...7770) permanently open on my apache server for iperf traffic so that I don't have to manually execute the aforementioned command to open the port for iperf traffic
The answer depends on the definition of permanently open.
If ports remaining open after you log out from your webserver is sufficiently good approximation of permanently open. Then all you need is start iperf with nohup command.
nohup iperf3 -s -p 7759 >/tmp/log 2>&1
See this question for more details on keeping backround processes after the shell that spawned them terminates. In particular, check out the answers that suggest using the screen command.
If you need iperf server to keep the ports open between reboots you need to configure the init process to spawn iperf3 at boot up time. For this you need root access to your webserver.
As root you could add the following lines to /etc/rc.local file
iperf3 -s -p 7759 > /tmp/iperf-7759.log 2>&1 &
iperf3 -s -p 7760 > /tmp/iperf-7760.log 2>&1 &
...
iperf3 -s -p 7760 > /tmp/iperf-7770.log 2>&1 &
See also this question on how to ensure a command is run every time the machine starts.
I am trying to run a process in the background as a deamon but it only works when I use root as user.
This is what I did.
Installed supervisor as told on their website
$ yum -y install python-setuptools
$ easy_install supervisor
created the config folders
$ mkdir -p /etc/supervisor/conf.d
populate with default settings
$ echo_supervisord_conf > /etc/supervisor/supervisord.conf
add a new user
$ useradd gogopher
on CentOS 7 to make it start automatically I had to do this
$ vim /usr/lib/systemd/system/supervisord.service
added the code below
[Unit]
Description=supervisord - Supervisor process control system for UNIX
Documentation=http://supervisord.org
After=network.target
[Service]
Type=forking
ExecStart=/usr/bin/supervisord -c /etc/supervisor/supervisord.conf
ExecReload=/usr/bin/supervisorctl reload
ExecStop=/usr/bin/supervisorctl shutdown
User=gogopher
[Install]
WantedBy=multi-user.target
now I can enable it so that it starts on reboot. this all works fine.
$ systemctl enable supervisord
$ systemctl start supervisord
$ systemctl status supervisord
OK
editing the config file to include files from conf.d folder
$ vim /etc/supervisor/supervisord.conf
adding at the end of file
[include]
files = /etc/supervisor/conf.d/*.conf
adding a simple program
$ vim /etc/supervisor/conf.d/goapp.conf
[program:main]
command=/srv/www/websiteurl.com/bin/main
autostart=true
autorestart=true
startretries=10
user=gogopher
$ systemctl restart supervisord
no error, but the process does not work
if I reboot nothing happens
$ systemctl status supervisord
shows that it supervisord is running but not the daemon program.
if I run
$ supervisorctl reload
I get the error
error: <class 'socket.error'>, [Errno 111] Connection refused: file: /usr/lib64/python2.7/socket.py line: 571
if I run
$ supervisorctl status main
I get the error
http://localhost:9001 refused connection
I have already disabled selinux.
but the weird part is that if I change both of them to root, it works.
The executable is able to be executed by user group and others.
So I have no idea what is going on. I have heard that I should not use
root as user that is running a webserver for security reasons.
For all the people out there having the same problem, this works for me.
cd
echo_supervisord_conf > /etc/supervisord.conf
# content of /etc/supervisord.conf ...
[supervisorctl]
serverurl=unix:///tmp/supervisor.sock ; use a unix:// URL for a unix socket
[inet_http_server] ; inet (TCP) server disabled by default
port=*:9001 ; (ip_address:port specifier, *:port for all iface) - I had all this wrong from my original config.
username=user
password=passwd
Paste this content into /etc/rc.d/init.d/supervisord ( I´m not the owner of this script, by now i don´t remember where i got it from )
#!/bin/sh
#
# /etc/rc.d/init.d/supervisord
#
# Supervisor is a client/server system that
# allows its users to monitor and control a
# number of processes on UNIX-like operating
# systems.
#
# chkconfig: - 64 36
# description: Supervisor Server
# processname: supervisord
# Source init functions
. /etc/rc.d/init.d/functions
prog="supervisord"
prefix="/usr/local/"
exec_prefix="${prefix}"
prog_bin="${exec_prefix}/bin/supervisord -c /etc/supervisord.conf"
PIDFILE="/var/run/$prog.pid"
start()
{
echo -n $"Starting $prog: "
daemon $prog_bin --pidfile $PIDFILE
sleep 1
[ -f $PIDFILE ] && success $"$prog startup" || failure $"$prog startup"
echo
}
stop()
{
echo -n $"Shutting down $prog: "
[ -f $PIDFILE ] && sleep 1 && killproc $prog || success $"$prog shutdown"
echo
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $prog
;;
restart)
stop
start
;;
*)
echo "Usage: $0 {start|stop|restart|status}"
;;
esac
Make the script executable and register it as a service
sudo chmod +x /etc/rc.d/init.d/supervisord
sudo chkconfig --add supervisord
sudo chkconfig supervisord on
# Start the service
sudo service supervisord start
# Stop the service
sudo service supervisord stop
# Restart the service
sudo service supervisord restart
I am currently evaluating some of the WSO2 servers, one of them is the BAM 2.0 (on the carbon 4.0.1).
So far, in the packages was always a daemon.sh file included, which could be installed with chkconfig as a Linux daemon.
Sadly in the latest version of carbon, the daemon.sh is missing.
The startup script wso2server.sh can be used for starting the service, but it can not be installed as a linux daemon.
chkconfig returns:
[xxx#Server ~]$ sudo chkconfig --add wso2
service wso2 does not support chkconfig
I am trying this on a CentOS release 6.2 - 64 Bit.
Tried to find a description of how to install carbon as a linux daemon in the docs and in the forums - without success.
Thanks.
I rolled my own basic init script for BAM 2.0.0. (The following are parts from a file named 'bam'.)
#!/bin/sh
#
# chkconfig: 2345 80 80
#
BAM_HOME=/home/bam/current_bam
BAM_DAEMON=bin/wso2server.sh
START_OPTIONS=start
STOP_OPTIONS=stop
start() {
echo "Starting BAM... (it will take approx 2 mins.)"
su bam -c "cd $BAM_HOME && $BAM_DAEMON $START_OPTIONS > /dev/null 2>&1"
return 0
}
stop() {
echo "Stopping BAM... (it will take approx 10 secs.)"
su bam -c "cd $BAM_HOME && $BAM_DAEMON $STOP_OPTIONS > /dev/null 2>&1"
return 0
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
*)
echo $"Usage: $0 {start|stop|restart}"
exit 1
esac
exit $?
Then I copied it to /etc/init.d/ and made it executable. Lastly, I chkconfig'd it.
Now I can start the service with:
sudo service bam start
I would like to run node with a low privileges user, is it possible? I need to use the framework Express.js
Yes. There are many solutions available to do this, depending on your exact needs.
If you want to run node on port 80, you can use nginx (doesn't work with WebSockets yet) or haproxy. But perhaps the quickest and dirtiest is to use iptables to redirect port 80 to the port of your choice:
sudo iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8003
sudo iptables -t nat -L
When you’re happy, then save the config and make sure iptables comes on at boot
sudo service iptables save
sudo chkconfig iptables on
To automatically start your nodejs service as non-root, and restart it if it fails, you can utilize upstart with a script like this:
#!upstart
description "nodeapp"
author "you"
start on started mountall
stop on shutdown
# Automatically Respawn:
respawn
respawn limit 99 5
script
export HOME="/home/user/"
exec sudo -u user /usr/local/bin/node /home/user/app.js 2>&1 >> /home/user/app.log
end script
If you're on an Amazon EC2 installation, or you get an error that says sudo: sorry, you must have a tty to run sudo, then you can replace your exec command with this:
#!upstart
description "nodeapp"
author "you"
start on started mountall
stop on shutdown
# Automatically Respawn:
respawn
respawn limit 99 5
script
export HOME="/home/user/"
#amazon EC2 doesn’t allow sudo from script! so use su --session-command
exec su --session-command="/usr/local/bin/node /home/user/app.js 2>&1 >> /home/user/app.log" user &
end script
And, you didn't ask this question, but to keep it running forever, check out monit! Here is a useful guide to setting up node.js with upstart and monit.