This recipe is a script to install an Ubuntu 16.04 server ready for you to install your CUBA app. There is a companion recipe here for deploying to your new server using Gradle + SSH.
Yes, the cool kids use Docker or Kubernetes but my requirement is for a plain old server that can run on a Cloud service (AWS, Azure, Google, Digital Ocean etc) or locally on a virtual machine (VMWare, Hyper-V, VirtualBox etc).
Install Ubuntu Server 16.04 LTS with OpenSSH, login and upload the attached script install.sh.
Modify the script configuration settings:
export DNS_HOSTNAME=subdomain.mydomain.com # DNS CNAME or A record
export EMAILemail@example.com # The email address used for Lets Encrypt
export SSHD_PORT=9922 # SSH Port for admin
export TOMCAT_VERSION=8.5.28 # Version of Tomcat to install
The script will install:
- Tomcat with a version of your choosing. I find the version packaged with Ubuntu is old and has issues when automating an install.
- Lets Encypt. Free https certs that renew automatically out of the box with http to https redirect.
- libapache2-mod-jk to hook the Apache web server to Tomcat for SSL. No need for Tomcat to know about the certs!
- Libre Office for PDF conversion.
- A bunch of must have performance monitoring utilities.
- I use MS SQL Server so I install the MS SQL Server tools. Replace with your database tools as required.
- Fail2Ban. A firewall that will block various SSH and Apache hacking attempts to harden the server.
Once you have your script configured, execute “chmod +x install.sh && ./install.sh”.
- This script has only been tested with Ubuntu 16.04 and will not work with other distributions or versions.
- In order for Lets Encrypt to acquire a cert, you need to have a DNS CNAME or A record configured and resolving to you new server from the internet. Make sure you test from the internet before running the script.
- I move the SSH port from 22 to another port as the minute you start your server, bots will be hacking port 22. When using Fail2Ban, you end up with a long list of banned IP’s blocked by iptables.
- Do not use Fail2Ban behind a NAT router!
- The Fail2Ban limits in the script are very aggressive and punitive. Be careful not to lock yourself out!
- Do not run this script without understanding of what it’s going to do!
- This script was developed using the “Google Programming” methodology. Attribution goes to a bunch of people on the Internet. Thanks people!
Install.sh (3.9 KB)