Setting up javaweb and nodejs on centos

This post is an instruction about how to set up a vps for nodejs and j2ee production.

Initial Setting-Ups[1]

  1. Root Login

ssh root@dev.shalib.cc

It displays like:

1
2
3
4
5
6
7
8
The authenticity of host 'dev.shalib.cc (118.89.145.68)' can't be established.
ECDSA key fingerprint is SHA256:Hl/dKTFzL4lOlF8DIG5itaV4OAsZunC2AWlFGLjLfsg.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'dev.shalib.cc' (ECDSA) to the list of known hosts.
Last failed login: Sat Apr 1 13:32:00 CST 2017 from 49.76.187.166 on ssh:notty
There were 31 failed login attempts since the last successful login.
root@dev.shalib.cc's password:
Last login: Mon Dec 26 17:09:32 2016 from 180.160.117.91
  1. Change root password with passwd
  2. Add a new user and change its password

adduser d0zingcat

passwd d0zingcat

  1. Grant with root privilege[2]:

usermod -aG wheel d0zingcat

  1. Switch to the user

su - d0zingcat

  1. Update source

sudo yum update -y

It displays:

1
2
3
4
5
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.

This means The larger the capacity the greater the responsibility. So, just be careful and think twice before you act.

  1. Install epel-release package

sudo yum install epel-release -y

  1. Using SSH key to login into the server

On your local machine, use cat ~/.ssh/id_rsa.pub. This should print your public SSH key, which should look something like the following:

1
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC7UkpwY6UJf+KWyI4OnUwEGWbSFA34h+9YAuip5z4UO7orhidSS3FZJmAxIBHRxSBJ4gJDmsTWAhVlkEolDVzYrI+lmW5yeHjf/YdBk7PpdlyoZhukLlooPYxPm/esZaO79VrsGyR1YJrFmBtETa+TDkHEJ6ouqNbzC6h9mBgrkd79jX1GVP/L87CPsdfdsY7eYHvFIuvMAY4CZgYGuN+v9lW+E3CIepMkRsSWS/WVpoHhoP48Y9t8wr/dX0pOyR+kQkTybf33KOdIYmABdn2GsIXmnrayucrOSvmOrVD9T9GEkls505Piutn9FQjmI51VzUKGVyOLT9t0Lmr6gfnxl d0zingcat@macintosh.local

Copy the long string and return to the newly added user, here which is “d0zingcat”.

cd ~ && mkdir .ssh

chmod 700 .ssh

vi .ssh/authorized_keys

Then paste the ssh-rsa string into this file and save.

And change ther file’s permission by using chmod 600 .ssh/authorized_keys.

Then, next time you can easily use ssh d0zingcat@dev.shalib.cc to login this server without entering you password again and again.

  1. Disable the root remote login privilege

sudo vi /etc/ssh/sshd_config

Find #PermitRootLogin yes this line and uncomment(remove the sharp mark) and change “yes” to “no” and then save it. Then use sudo systemctl reload sshd to restart the ssh service. After this step, you will never use ssh command to log into root except log into the user you’ve added and switch to root user.

Software Installations[3]

Install JDK[4]

As many distributions(official distribution of CentOS) donot come along with built-in java environment, we have to install JDK first.

Download JDK(You can also replace the download link with the latest version as you wish):

wget --header "Cookie: oraclelicense=accept-securebackup-cookie" http://download.oracle.com/otn-pub/java/jdk/8u121-b13/e9e7ea248e2c4826b92b3f075a80e441/jdk-8u121-linux-x64.rpm

Install: sudo rpm -ivh jdk-8u121-linux-x64.rpm

Check with java -version or alternatives --config java to ensure jdk is installed well already. BTW, Also, if you want, you can install OpenJDK, but I’ve tried to install J2SE JDK[5].

Install Mariadb(MySQL)

sudo yum install mariadb-server mariadb -y toinstall mariadb

sudo systemctl start mariadb to start mariadb

sudo mysql_secure_installation to reset the root password of MySQL and mysql_secure_installation prompts:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n]
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n]
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n]
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n]
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

That is, only the on password step you need to enter you password to make it take effect and other options just press ‘enter’ to leave it default option. The last we need to do is enable MariaDB to start when the system boots. Use the following command to do so: sudo systemctl enable mariadb.

At this point, your database system is now set up and we can move on.

Install Nodejs

Install Node version management: curl -L https://git.io/n-install | bash

Install Nginx && Tomcat

Use sudo yum install nginx -y && sudo systemctl start nginx && sudo systemctl enable nginx to start nginx(Do not forget to add 80/443 port exception in your firewall settings usually with iptables or firewall-cmd, sometimes the vps provider will add another firewall in advance between your vps and public network by default, if you can not access your website with your server’s IP address, don’t forget to check up this situation). If you don’t know your server’s IP address, you can easily use curl http://icanhazip.com in the terminal to get your public IP address. Then you can visit the IP in your web browser, e.g. http://dev.shalib.cc (I’ve already set up the DNS record dev.shalib.cc to my server’s IP), you will find the Nginx welcome page.

As we installed JDK v1.8, this means we can only install tomcat v9.0. I prefre to use the pre-compiled binary program, which means we just need to download and extract, use following commands:

1
2
3
4
5
cd /usr/local/share/applications/
sudo wget http://mirrors.tuna.tsinghua.edu.cn/apache/tomcat/tomcat-9/v9.0.0.M19/bin/apache-tomcat-9.0.0.M19.tar.gz
sudo mkdir tomcat/
sudo tar zxvf apache-tomcat-9.0.0.M19.tar.gz -C ../applications/
sudo rm apache-tomcat-9.0.0.M19.tar.gz

Set Global Environment Variables

Before editing the files, we first have to get necessary info by using alternatives --config java can we get the java installation location, e.g.

1
2
3
4
5
There is 1 program that provides 'java'.
Selection Command
-----------------------------------------------
*+ 1 /usr/java/jdk1.8.0_121/jre/bin/java

Then, what we need is /usr/java/jdk1.8.0_121/.

Using vi ~/.bashrc open the bash initial file and add

export JAVA_HOME=/usr/java/jdk1.8.0_121/

export CATALINA_HOME=/usr/local/share/applications/apache-tomcat-9.0.0.M19

export PATH=$PATH:$JAVA_HOME

and Save it. Enter source ~/.bashrc to reload the bash.

Now, check for the environment variables with echo $JAVA_HOME or echo $PATH. If diplays nothing about java, check again if some commands are wrong.

Then, we can use sudo $CATALINA_HOME/bin/catalina.sh start to start tomcat and then you can visit http://{serverip}:8080 to test if tomcat is on. But don’t know why, the first time I start tomcat, it took me 15 minutes to wait for the browser’s “loading” in which I thought something must went wrong! After I checked out all the settings and resetup the server again and again, finally I found that I just need to WAIT. However, nobody wants to wait for such a slow server in this way, that’s why I searched again for some solutions to this problem and finally found an approach to solve it. All you have to do is use sudo yum install -y haveged && sudo systemctl enable haveged && sudo systemctl start haveged to install the haveged. And the cause of this phenomena was not wasy for me to understand, but I prefer to give a introduction to you:

As the description of Haveged is:

The haveged project is an attempt to provide an easy-to-use, unpredictable random number generator based upon an adaptation of the HAVEGE algorithm. Haveged was created to remedy low-entropy conditions in the Linux random device that can occur under some workloads, especially on headless servers. Current development of haveged is directed towards improving overall reliability and adaptability while minimizing the barriers to using haveged for other tasks.

It seems that the haveged is created to increase the entropy in the Linux random device to avoid some problems, e.g. servers related. When the entropy pool is empty, reads from /dev/random will block until additional environmental noise is gathered. The random number generator gathers environmental noise from device drivers and other sources into an entropy pool. The generator also keeps an estimate of the number of bits of noise in the entropy pool. From this entropy pool random numbers are created. So this means that it is possible to block tomcat for an unknown amount of time in practice[6].

Also, replacing securerandom.source=file:/dev/urandom with securerandom.source=file:/dev/./urandom in $JAVA_PATH/jre/lib/security/java.security has solved my problem.

Besides, you can specify this setting in JAVA_OPTS option.

Actually, by setting the following in /etc/default/tomcat7, I was fine: JAVA_OPTS="-Djava.security.egd=file:/dev/./urandom -Djava.awt.headless=true -Xmx1024m -XX:MaxPermSize=512m -XX:+UseConcMarkSweepGC"

-----------------------------For those who prefer openjdk----------------------------------------

In fact, I’ve restore my server for several times and the last time I’ve succeeded to set up tomcat, the server was powered by OpenJDK, in this case I suppose it is also necessary to introduce how to set OpenJDK && Tomcat.


  1. Initial Server Setup with CentOS 7

  2. How To Create a Sudo User on CentOS

  3. How To Install Linux, Nginx, MySQL, PHP (LEMP) stack On CentOS 7

  4. wget-jdk-oracle-install-example.txt Install Oracle Java JDK 8 On CentOS 7/6.5/6.4 How to install Oracle JDK 8 on CentOS Download Oracle Java JRE & JDK using a script How to Install JAVA 8 (JDK/JRE 8u121) on CentOS/RHEL and Fedora

  5. How To Install Java on CentOS and Fedora

  6. Tomcat7 starts too late on Ubuntu 14.04 x64