Basic hosting of a Java 8 / MySQL application on Digital Ocean

Here is how I set up Java 8 hosting on Digital Ocean. Digital Ocean is an American hosting company that offers solid virtual servers starting at the rock bottom price of 5 USD pr. month.

This setup is somewhat lacking security; in particular in that it is a single user setup (only root), does not use SSH keys and let’s Tomcat listen directly to port 80. Also it is running http rather than https so deployments with the manager application sends your password in cleartext.

So use this setup at your own peril.

  1. Signup for Digital Ocean. Type in your credit card and use the coupon: DROPLET10.

  2. Pick droplet Ubunto 14.04 for 5 USD (512 MB, one core). Get the password via email. Notice the IP-address.

  3. Shell into the droplet and change the password to something secure.

ssh root@xxx.xxx.xxx.xxx
  1. Add the repository for Oracle Java and upgrade the OS:
add-apt-repository ppa:webupd8team/java
apt update
apt upgrade
  1. Setup a firewall allowing only port 80 for http and 22 for ssh:
apt-get install ufw
ufw default deny incoming
ufw default allow outgoing
ufw allow ssh
ufw allow http
ufw enable
  1. Setup a swap-file. This is a minimum memory system so it needs a swap-file:
dd if=/dev/zero of=/swapfile bs=256M count=4
chmod 600 /swapfile
mkswap /swapfile
swapon /swapfile
swapon -s
echo "/swapfile   none    swap    sw    0   0" >> /etc/fstab
  1. Install some software:

6.1. Emacs:

apt-get install emacs24

6.2. Configure emacs not to make those silly tilde-files:

echo \(setq\ backup-directory-alist\ \'\(\(\".\"\ .\ \"\~/.emacs.d/backup\"\)\)\) > /root/.emacs

6.3. Install MySQL – leave the root password blank – the firewall prevents access from outside this machine:

apt-get install mysql-server

6.4. Install zip and unzip:

apt-get install zip
apt-get install unzip

6.5. Install haveged – a random number generator – otherwise Tomcat startup will slow to a crawl:

apt-get install haveged

6.6. Install Java 8:

apt-get install oracle-java8-installer
apt-get install oracle-java8-set-default

6.7. Install Apache Tomcat 8:

curl "http://mirrors.rackhosting.com/apache/tomcat/tomcat-8/v8.0.32/bin/apache-tomcat-8.0.32.zip" > apache-tomcat-8.0.32.zip
unzip apache-tomcat-8.0.32.zip
mv apache-tomcat-8.0.32 /usr/local/
  1. Configure Tomcat via files in /usr/local/apache-tomcat-8.0.32/conf:

7.1. In server.xml: Setup Tomcat to serve applications at port 80

<?xml version='1.0' encoding='utf-8'?>
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />
  
  <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>
  
  <Service name="Catalina">
    
    <Connector port="80" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="8443" />
    
    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

    <Engine name="Catalina" defaultHost="localhost">

      <Realm className="org.apache.catalina.realm.LockOutRealm">
        <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
               resourceName="UserDatabase"/>
      </Realm>
      
      <Host name="localhost"  appBase="webapps"
            unpackWARs="true" autoDeploy="true">
        
        <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
               prefix="localhost_access_log" suffix=".txt"
               pattern="%h %l %u %t &quot;%r&quot; %s %b" />
        
      </Host>
    </Engine>
  </Service>
</Server>

7.2. In users.xml: Create a user for Tomcat Manager – change the password to something secure.

<?xml version='1.0' encoding='utf-8'?>
<tomcat-users xmlns="http://tomcat.apache.org/xml"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
              xsi:schemaLocation="http://tomcat.apache.org/xml tomcat-users.xsd"
              version="1.0">

  <role rolename="manager-gui"/>
  <role rolename="manager-script"/>

  <user username="manager" password="********" roles="manager-gui,manager-script"/>

</tomcat-users>
  1. Make Tomcat run at startup:
cd /etc/init.d
ln -s /usr/local/apache-tomcat-8.0.32/bin/catalina.sh catalina
chmod 755 catalina
update-rc.d catalina defaults
  1. Restart your machine:
shutdown -r now
  1. Login again, tail your log and point your webbrowser to http://xxx.xxx.xxx.xxx:80 :
ssh root@xxx.xxx.xxx.xxx
tail -f /usr/local/apache-tomcat-8.0.32/logs/catalina.out