Everytime my embedded virtual tomcat server is ran (spring boot) it creates a directory structure in /tmp/ that is named tomcat.##########################.8080 (I am guessing 8080 is for port or something but the 8080 is consistent). This structure does not take up much space alone but after running the tomcat server often over time this can fill up. Can I prevent this from happening as a configurable option?
An example of the path created can look something like:
/tmp/tomcat.1185139485157901.8080/work/Tomcat/localhost/_/
SESSIONS.ser
WEB-INF/ etc. etc. etc.
Unfortunately, both embedded and non-embedded Tomcat needs to have a directory to store temporary files. This is not configurable, however, you can specify the directory in which Tomcat stores these temporary files using setBaseDir.
This should be the first method called public void setBaseDir(String basedir) and if it is not specified in your code it will look for it in
system properties - catalina.base, catalina.home - $HOME/tomcat.$PORT
By knowing the location I recommend writing a simple scheduled script that checks every so often and removes the files under that directory.
Related
Good day!
There are PHP scripts, classes, configs. All this stuff is interconnected, I need to give a person access to the server so that he works (started under the root) with these scripts, while changing only the config files, and in order to not be able to view the source code.
I've researched various free obsfukators which converting code into something:
<?php include(base64_decode('Li4vY29uZmlnLnBocA=='));include(base64_decode('cHJpdmF0ZS92ZW5kb3IvYXV0b2xvYWQucGhw'));$krc_5bf7f45b=[];foreach($bhi_6f9322e1as $xol_e8b7be43){$xol_e8b7be43=explode(base64_decode('Og=='),$xol_e8b7be43);try{$uic_c59361f8=new \xee_d9cb1642\cko_659fc60();$uic_c59361f8->ldc_aa08cb10($xol_e8b7be43[0],$xol_e8b7be43[1]);$krc_5bf7f45b[]=$uic_c59361f8;}catch(Exception $wky_efda7a5a)
What if the files of configs have variable names and it turns out that when obfuscating the main working code, the variables have different names? Not to force the user to run through the obsfukation corrected config every time? So far, this option seems the only one.
Is it possible inside the server under Ubuntu to somehow limit the ability to copy or view or download certain files or make some other methods of protection-hiding, but at the same time with the ability to run this code. It was thought to hide the code somewhere in the depths of the file system folders, calling them random names, and run them somehow through the symlinks by the file name or something like that. Is it possible to?
Option not to provide root access to the server, but to launch via the browser, to give access only to FTP to upload the config to a separate folder. But there are a number of points - all scripts run up to a week, and must be executed as root. How to solve it?
I have a standard ubuntu 14.04 machine. I use it daily under the user mh00h. I'm interested in using this machine as a production server. How do I manage file permissions for Django and Nginx?
Nginx is currently configured to run under the www-data:www-data. This minimizes risk of the rest of a machine being compromised. Django/gunicorn likewise should run under a user other than mh00h. But under what user should gunicorn actually be run under? nobody, correct?
Next: I am storing all of my web development files under /home/mh00h/development. Owned by mh00h. /home/mh00h/development/project1 (plus all dir/files but /media and /static)? Owned by mh00h. I follow django two-scoops best practices to create a project directory with static files inside of it. Of course, Nginx is unable to access /home/mh00h/development/project1/project1/static now because all of those parent directories are owned by mh00h, not www-data (./static is owned by www-data).
To complicate the matter, virtualenvwrapper creates my virtual environments under /home/mh00h/.virtualenvs/.
I am hesitant to fraction away from two scoop's best practices and store /static separately in /var/www, because I want all of these directories to stay nicely packaged together for easy transport off to some other server later. Plus, it makes me messy if I compare myself against how two-scoops did it.
Where should my static files be stored?
Where should django specific files be stored?
What users/groups should be able to access which of 1 and 2?
Where should virtualenvwrapper environments be stored?
What permissions should these locations have?
Thank you.
All files and directories in our production environment are owned by root:root with 755/644 file permissions, unless otherwise required. Some private files (think private keys etc.) are only readable by the user/process that needs them, while still being writable only by root.
As for the project structure: all our projects have a dedicated directory under /srv/www/vhosts.d/. Virtual environments are stored under /srv/www/virtualenvs. It is perfectly possible to store them in your home folder, but I feel this central approach is more in line with the idea of a production server. With the right settings, all virtual envs are also accessible by all users.
Our main project directory contains several scripts (manage.py and several deployment/update scripts) and is further split out into subdirectores: i.e. web contains public files, src contains the source code, and frontend contains the template folder and sass folder. The whole project directory is contained in a git repository, but deployment-specific files (user uploaded files, search indexes, encryption keys) are all in .git-ignore.
Our nginx process runs as www-data. In general each Django project has its own user, and the gunicorn process runs as this user.
When I start the JBoss server to run my JSP page, it gives the error as:
Failed to create directory structure: C:\Program Files\jboss-4.2.2.GA\server\default\log
and then a pop-up appears saying
Starting JBoss v4.2 at localhost has encountered a problem.
Server JBoss v4.2 at localhost failed to start.
Please tell me what to do?
When starting for the first time for a certain configuration (here being default, if they are not already present, JBoss creates the directories:
$JBOSS_HOME\server\default\data
$JBOSS_HOME\server\default\log
$JBOSS_HOME\server\default\tmp
$JBOSS_HOME\server\default\work
These are used to store and write logs, temporary files and other various files generated.
There is obviously an error when it tries to create the log folder and this is most likely because it does not have permissions to write and create folders. ( Though you would get this every time since JBoss likes to write a lot of logs all the time ).
In Windows Vista/7, the Program Files folder is not (usually) write-able, so an application started by the user cannot create or modify anything there. You could run JBoss as Administrator but DON'T, it's a bad idea. All files which need to be created/modified by an application should usually be stored in the user's folder, Application Data or somewhere else on the hard drive.
Possible solutions:
Either install your JBoss server somewhere else where you have write access. ( It needs this also when running normally like for storing logs )
Configure JBoss to store logs and other files in different directories, outside of your normal Program Files one. For example to specify a different directory for logs you can set the JVM startup property jboss.server.log.dir ( Specify it at startup by using java -Djboss.server.log.dir=C:/I_can_write_here/. You can find the properties for other directories (and a lot more) at http://community.jboss.org/wiki/JBossProperties
The obvious thing to check is which, if any, of the directories in the quoted path are missing:
C:\Program Files\jboss-4.2.2.GA\server\default\log
Obviously, you have bigger problems than just this if C:\Program Files\ is missing, but you may have other directories missing.
You may need to run an initialize step to validate your configuration and create the directories.
My project resides in a shared Linux hosting server. The hosting provider, of course, has already set up the necessary directory and file ownerships relative to other server users. My concern for now is how to setup permissions within my domain so my users can have read access to the files and folders they should have and still let my scripts retain read/write access to it.
Question: What would be the recommended permissions on:
Public files and folders (read only?)
Files where uploaded files from forms are stored
Files and folders where GD and cache files are being written into
Folders where my server-side scripts are stored (I used mainly PHP)
My WWW root folder (where index.php resides)
This is a perfect example of where you need the Principle of Least Privilege. Allow ReadOnly to the webserver's user for RO content, allow writing only to a directory/files that absolutely need to be written. Explicitly deny access to things you don't want people to read (config files, htaccess, anything with paths/ip addresses/passwords), don't allow any extra processing if you're not using it (CGI executables, Server Side Includes).
The best way to do it is to start with deny everything and slowly open thing up as you go. First try serving static content, see what is the minimal amount of Apache directives/modules and filesystem ownerships and permissions to get it working. Then try some RO PHP scripts. Then try some RW PHP scripts. Then DB connectivity, and so on, you get the idea... It's a very tedious processes, and you want to plan ahead the sort of things you want to test; I tend to write long scripts with wget commands trying to do both good and bad things to the server. Make one change, restart, rerun the script, see what changes from the last time. Observe-modify-analyze, until you cant stand looking at it anymore ;)
my shared hosting only allows me to create 2 virtual directories. and i want to host multiple webapps... say an asp.net mvc blog, a forum, a personal site etc...
isnt there any other way of doing this? cant i simply just ftp the blog folder to one of my virtual directories and then access it online??
For ASP.NET web applications, typically each would live in its own virtual directory which serves as the application starting point.
Technically you could "piggy-back" two applications on the same application starting point in one of two ways:
Put all the files for each application in the same directory (and appropriate sub directories)
If you don't have ANY files that overlap, you can get away with this. Of course, it's likely that you won't with such files as the default or index pages, etc. And this would be pretty messy anyway.
Put all the non-binary files for each app in an appropriate subdirectory and the binaries in the main virtual's \bin directory.
You'll be able to do this only if each application's binary files don't overlap by name AND there are no namespace ambiguity conflicts between assemblies (two different assemblies by file name, but with the same namespace). The latter is much less likely to happen if you are trying to piggy-back two different applications.
The big problem I see with the latter solution is that any parts of the application that make use of application root references will break. When some code tries to resolve a reference to some resource (like an image) based on an application root reference such as
~/images/logo.gif
the ~ will get resolved to the virtual directory, but will not include the additional (non-virtual and non-app starting point) subdirectory in which the application lives. So instead of this:
/vd1/app1/images/logo.gif
you'll end up with this:
/vd1/images/logo.gif
Obviously, that won't work.
So... you won't break either app if you can put them both in the same virtual directory, however, you'll have to check for file conflicts and such. Possible namespace conflicts will be unavoidable without separate application starting points.
Can't you just put each app in a separate subdirectory in either of the virtual directories. e.g. if you had http://server.com/vd1, you could partition it like http://server.com/vd1/app1, http://server.com/vd1/app2, etc.