Hồ Quốc Trí

How to installing Hudson on GlassFish server?

We can deploy Hudson on GlassFish, TomCat or JBoss server. This article, I only show install on GlassFish server run on Window.
Prepares:
1. GlassFish. download glassfish
2. Hudson. download hudson

I. GlassFish server

Ref:
1. http://teckchillies.com/install-remove-java-glassfish-as-a-windows-service/
2. https://javaee.github.io/glassfish/doc/5.0/quick-start-guide.pdf

1. Extract glassfish-x.x.zip
2. Go to \glassfish5\bin and open terminal.

start domain
#asadmin start-domain
#asadmin stop-domain

start/stop database
#asadmin start-database
#adadmin stop-database

4. Open web browsers
5. Access to URL to open Glassfish console.
URL localhost:4848

 Make GlasshFish as window service

#create windows service
asadmin create-service --name domain1

#Change service display name
sc config domain1 DisplayName= "GlassFish 4" 

II. TOMCAT server

1. Config access tomcat home page from local network

Open apache-tomcat-8.5.61/conf/server.xml and add 'address' attribute as below:

<Connector port="8080" protocol="HTTP/1.1"
  connectionTimeout="20000"
  redirectPort="8443"
  address="0.0.0.0"
/> 

Note: Remember to check firewall on server and client.

2. Config Tomat as service in Centos

Ref:

1. https://linuxize.com/post/how-to-install-tomcat-9-on-centos-7/
2. 

Step 1: Install OpenJDK

$ sudo yum install java-1.8.0-openjdk

$ ll /usr/lib/jvm/jre   (check jre)

Step 2: Create tomcat user
$ groupadd tomcat

$ useradd -M -s /bin/nologin -g tomcat -d /opt/tomcat tomcat

Step 3: Install Tomcat

- Download tomcat.tar.gz for linux.  (http://tomcat.apache.org/download-80.cgi)

- Upload to /tmp

- Unzip tomcat:

$mkdir /opt/tomcat

$tar xvf apache-tomcat-8*.tar.gz -C /opt/tomcat --strip-components=1

Step 4: Update permission for /opt/tomcat

$cd /opt/tomat

$chgrp -R tomcat /opt/tomcat

$chmod -R g+r conf

$chmod g+x conf

$ chown -R tomcat webapps/ work/ temp/ logs/

Step 5: Make Systemd Unit File

#!/bin/bash
# chkconfig: 345 80 20

[Unit]
Description=Apache Tomcat Web Application Container
After=syslog.target network.target

[Service]
Type=forking

Environment=JAVA_HOME=/usr/lib/jvm/jre
Environment=CATALINA_PID=/opt/tomcat/temp/tomcat.pid
Environment=CATALINA_HOME=/opt/tomcat
Environment=CATALINA_BASE=/opt/tomcat
Environment='CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC'
Environment='JAVA_OPTS=-Djava.awt.headless=true -Djava.security.egd=file:/dev/./urandom'

ExecStart=/opt/tomcat/bin/startup.sh
ExecStop=/bin/kill -15 $MAINPID

User=tomcat
Group=tomcat
UMask=0007
RestartSec=10
Restart=always

[Install]
WantedBy=multi-user.target

$ systemctl daemon-reload

$ systemctl status tomcat

$systemctl enable tomcat

Step 6: Open browser and try to access: localhost:8080

3. Config Tomat as service in Centos

Step 1: Config tomat user

$ vi /opt/tomcat/conf/tomcat-users.xml

<tomcat-users>
<role rolename="manager-gui"/>
<role rolename="manager-script"/>
<role rolename="manager-jmx"/>
<role rolename="manager-status"/>
<user username="admin" password="your password" roles="manager-gui,manager-script,manager-jmx,manager-status"/>
</tomcat-users>

Step 2: Config Manager App, Host Manager App

$vi /opt/tomcat/webapps/manager/META-INF/context.xml

$vi /opt/tomcat/webapps/host-manager/META-INF/context.xml

 Change as below:

- Comment to allow all public IP can access tomcat interface

OR

- Enter allow="your ip"

<Context antiResourceLocking="false" privileged="true" >
  <!--<Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />-->
</Context>

Step 3: Restart Tomcat

$ systemctl restart tomcat

How to Enable SSL tomcat?

$ keytool -genkey -keyalg RSA -noprompt -alias tomcat -dname "CN=localhost, OU=NA, O=NA, L=NA, S=NA, C=NA" -keystore keystore.jks -validity 9999 -storepass changeme -keypass changeme

Config in conf/server.xml, find <Connector port=8443>

certificateKeyAlias="tomcat"
certificateKeystoreFile="/path/to/my/keystore.jks"
certificateKeystorePassword="changeme"

How to redirect HTTP to HTTPS

Edit server.xml

Edit web.xml

====

<security-constraint>

    <web-resource-collection>

        <web-resource-name>vcare-service</web-resource-name>

        <url-pattern>/*</url-pattern>

        <http-method>GET</http-method>

        <http-method>POST</http-method>

    </web-resource-collection>

    <user-data-constraint>

        <transport-guarantee>CONFIDENTIAL</transport-guarantee>

    </user-data-constraint>

</security-constraint>

===

=================================================================

How to restrict access, Tomcat Manager 

#1: Server status  : webapps/manager

#2: Manager App : webapps/manager

#3: Host Manager: /webapps/host-manager

If you want to restrict ip access for each apps:

$ vi /host-manager/META-INFO/context.xml

<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="x.x.x.x,y.y.y.y,z.z.z.*" />

Allow localhost to access via default port while other addresses are accessible via 1234:

<Valve className="org.apache.catalina.valves.RemoteAddrValve"

   addConnectorPort="true"

   allow="127\.\d+\.\d+\.\d+;\d*|::1;\d*|0:0:0:0:0:0:0:1;\d*|.*;1234"/>

is updating...

Read more…