This user manual is to help you maintain, update and use the relevant application easily and quickly. You’ll find detailed screenshots, explanations and instructions on how to manage it.
Prerequisites
Depending on your runtime infrastructure, you may have to change the technologies below. We are going to follow them.
- Debian is a free operating system (OS) for your computer. Download Debian
- Java Platform is to develop and deploy Java applications on desktops and servers. Download Java SDK
- GlassFish is the Open Source Java EE Reference Implementation. Download GlassFish 5.0 - Full Platform and Download Administration Guide
- MySQL is the most popular open source database. Download MySQL
- MySQL Connector/J is the official JDBC driver for MySQL. Download MySQL Connector/J
- PostgreSQL is the world’s most advanced open source relational database. Download PostgreSQL
- PostgreSQL JDBC Driver is the official JDBC driver for PostgreSQL. Download PostgreSQL JDBC Driver
Connecting to the server
Digital Ocean
Create a droplet from Digital Ocean first.
Get the IP address of the droplet and create A record (subdomain.domain.com) from domain name registrar.
To connect the droplet, remove domain from ssh known hosts if you already have
|
|
Then connect to the server
|
|
AWS
Create a Lightsail Instance from Amazon Lightsail first.
Download your default private key from the Account page.
Change permission to 400
due to security.
|
|
Then connect to the server using private key
|
|
Installation
Debian operating system is pre-installed. To update and upgrade it
|
|
To Set server time, Check out World Clock / Converter
Current default time zone is ‘Etc/UTC’. Run dpkg-reconfigure tzdata
if you wish to change it.
To change time zone, run
|
|
To change locale
|
|
Uncomment tr_TR.UTF-8 UTF-8
line, and run below to activate locale
|
|
To install Java
|
|
To download and install Glassfish application server
|
|
For MySQL JDBC connection you need to install MySQL Connector/J. In order to download and install MySQL Connector/J to Glassfish external libraries directory.
|
|
For PostgreSQL JDBC connection you need to install PostgreSQL JDBC Driver. In order to download and install PostgreSQL JDBC Driver to Glassfish external libraries directory.
|
|
Edit domain.xml
to change ports from 8080 to 80 for HTTPS and 8181 to 443 for HTTPS and application context root
|
|
Find http-listener-1
and http-listener-2
|
|
Find context-root
and change the value to “/”
|
|
You can now start Glassfish
|
|
Creating SSL certificates
- How to install a SSL certificate on GlassFish
- How to install letsencrypt free ssl to glassfish 4.x server
- Importing LetsEncrypt into Java and Glassfish
- Debian Backports ›› Instructions
- Certbot
To enable the Stretch backports repo, create sources.list file if you have not already.
|
|
Add this line to your sources.list
|
|
exit from the file and run update.
|
|
You are now ready to download and install certbot. To install Certbot
|
|
Options to know
|
|
--webroot
: This tells Certbot to use the webroot plugin to place files in the webroot folder for authentication.--webroot-path
: This specifies the path of the webroot directory.--email
: Your preferred email for registration and recovery.--agree-tos
: This specifies that you agree to ACME’s Subscriber Agreement.--no-eff-email
: This tells Certbot that you do not wish to share your email with the Electronic Frontier Foundation (EFF). Feel free to omit this if you would prefer.--staging
: This tells Certbot that you would like to use Let’s Encrypt’s staging environment to obtain test certificates. Using this option allows you to test your configuration options and avoid possible domain request limits. For more information about these limits, please see Let’s Encrypt’s rate limits documentation.--force-renewal
: Replace the--staging
flag in the command option with the--force-renewal
flag, which will tell Certbot that you want to request a new certificate with the same domains as an existing certificate.-d
: This allows you to specify domain names you would like to apply to your request. In this case, we’ve included example.com and www.example.com. Be sure to replace these with your own domain preferences.
Using certbot webroot
If you already have a webserver running, we recommend choosing the “webroot” plugin. To obtain a cert using the “webroot” plugin, which can work with the webroot directory of any webserver software:
|
|
Using certbot manual
|
|
Using certbot standalone
|
|
Using certbot step by step
|
|
Backup certificates
|
|
And copy file from the remote host to local host using scp
|
|
The certificate you have contains two certificates, each certificate starts with -----BEGIN CERTIFICATE-----
and finish with -----END CERTIFICATE-----
. The first one is the certificate for your domain and the second one is the Let’s Encrypt Intermediate certificate.
- cert.pem is certificate for your domain, public key
- chain.pem is intermediate certificate
- fullchain.pem is the chain of trust, certificate chain. CA Bundle (Your Certificate + Intermediate Certificate) is to complete the chain of trust.
- privkey.pem is the private key
All files are PEM-encoded. If you need other format, such as DER or PFX, then you could convert using openssl. You can automate that with --deploy-hook
if you’re using automatic renewal.
Automating renewal SSL certificates
Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:
|
|
Creating keystore using certificates
Glassfish has a file called keystore.jks
, where you need to add the certificate and key which were previously created. The file should be located at <GLASSFISH_HOME>/domains/domain1/config/keystore.jks
and the default password for it is changeit
.
Adding the two files (fullchain.pem
and privkey.pem
) to the keystore.jks
is a 2-step process:
Change directory to glassfish config directory
|
|
Create a keystore from the two files
Create a .pkcs12 file containing full chain and private key
|
|
You will set a password for this file, which you will need to specify at the next step STORE_PASS
.
You may also see what is inside the new bundle, using keytool
:
|
|
Convert the PKCS12 bundle (pkcs.p12
) to the keystore (letsencrypt.jks
)
|
|
I would recommend setting all these passwords (PASSWORD_STORE
, PASSWORD_KEYPASS
and STORE_PASS
) the same as the original keystore.jks
password since, at the next point, the passwords of the source and destination keystores’ have to be the same.
Importing the created keystore into Glassfish’s keystore
|
|
Of course, make sure the paths to all the referenced files are correct, taking into account the current directory, when you are running all these commands.
To verify the contents of the JKS, you can use this command:
|
|
Configuring the Glassfish HTTPS listener
Set the port to 443 (HTTPS port)
In the SSL tab, enable SSL3 and TLS, set the Certificate NickName to letsencryptcrt
and the Key Store to keystore.jks
. This will change domain.xml
as below.
|
|
or
|
|
If configuration is correct, run below command in order to check ssl
|
|
Changing the keystore password
|
|
|
|
Installing MySQL
|
|
To create a database with the new privilege, run
|
|
then enter below lines respectively
|
|
To import a mysql database
|
|
To backup a mysql database
|
|
Setup
Define resources to Glassfish using asadmin
tool
-
Create a JDBC resource with the specified JNDI name
$ asadmin> help create-jdbc-resource
for help1 2
$ asadmin> create-jdbc-resource --connectionpoolid aripd_pool --enabled=true jdbc/aripd Command create-jdbc-resource executed successfully.
-
Register a JDBC connection pool
$ asadmin> help create-jdbc-connection-pool
for help1 2 3 4
$ asadmin> create-jdbc-connection-pool --datasourceclassname com.mysql.jdbc.jdbc2.optional.MysqlXADataSource --restype javax.sql.XADataSource --property portNumber=3306:password=P@ssword1:user=aripd:serverName=localhost:databaseName=aripd:connectionAttributes=\;create\\=true aripd_pool Command create-jdbc-connection-pool executed successfully.
Add the named authentication realm to Glassfish using asadmin
tool
$ asadmin> help create-auth-realm
for help
|
|