Bitnami Tomcat 8.5 on CentOS - cloud installation cheatsheet

Context

  • CentOS 7.4 default image on Digital Ocean, entry level plan, with 1 GB RAM
  • Bitnami Tomcat stack -- local/native installation mode

Prerequisites

local$ ssh root@SERVER_IP

swap

add swap if RAM+swap is less than 2 GB
this is a short version of these two guides: Bitnami low memory & Digital Ocean swap guide

# free -m | grep Swap
Swap: 0 0 0
# dd if=/dev/zero of=/myswap count=1024 bs=1MiB
# chmod 600 /swapfile
# ls -lh /swapfile
-rw-------. 1 root root 1.0G Jan 19 19:05 /swapfile
# mkswap /swapfile
Setting up swapspace version 1, size = 1048572 KiB
no label, UUID=ed94f556-38a2-43de-a64b-a3829e85dbd0
# swapon /swapfile
# free -m | grep Swap
Swap: 1023 0 1023
# sysctl vm.swappiness=10
vm.swappiness = 10
# echo "/mnt/swap.0 swap swap defaults 0 0" >> /etc/fstab
# reboot
...

# free -m | grep Swap
Swap: 1023 0 1023

perl

# yum install perl perl-Data-Dumper
# perl
Ctrl+D

EPEL repo

needed at least for haveged below

# yum install epel-release

haveged

Without this Tomcat may take forever to start (issue with SessionIdGeneratorBase - createSecureRandom). Details here.

# yum install -y haveged
# chkconfig haveged on
# reboot

Default install

# curl --remote-name --location  https://bitnami.com/redirect/to/168422/bitnami-tomcatstack-8.5.24-2-linux-x64-installer.run
# chmod +x bitnami-tomcatstack-8.5.24-2-linux-x64-installer.run
# ./bitnami-tomcatstack-8.5.24-2-linux-x64-installer.run
  • asks for passwords for MySQL root & Tomcat manager

Essential commands

  • Start servers (other options: restart, stop, status)
# /opt/tomcatstack-8.5.24-2/ctlscript.sh start
  • Uninstall:
    • # /opt/tomcatstack-8.5.24-2/uninstall
      # rm -rf /opt/tomcatstack-8.5.24-2/
    • you may need to do it if there was some problem with the installation, before trying to install again.

Verify it works

 http://SERVER_IP should show Bitnami's "welcome" page

Start on boot

# cp /opt/tomcatstack-8.5.24-2/ctlscript.sh /etc/init.d/bitnami-tomcat
# vi /etc/init.d/bitnami-tomcat

#!/bin/sh
#
# chkconfig: 2345 80 30
# description: Bitnami services

# chkconfig --add bitnami-tomcat
# reboot

...then verify servers have started and pre-packages apps work.

SFTP

Remote access with SFTP comes enabled. I used FileZilla for it. It needs the loca private key used for ssh, converted to PPK format. This can be done with the Linux utility "puttygen", In CentOS it can be installed with yum:

# yum install putty

Let's Encrypt

SSL comes enabled but we need a valid certificate to avoid browser errors. cheatsheet out of this guide.

install tool (once)
# mkdir /opt/letsencrypt
# cd /opt/letsencrypt
# curl -O https://dl.eff.org/certbot-auto
# ./certbot-auto

setup one domain
# /opt/tomcatstack-8.5.24-2/ctlscript.sh stop
# ./certbot-auto certonly --standalone -d www.example.com
# cd /opt/tomcatstack-8.5.24-2/apache2/conf/
# mkdir old
# mv server.??? old
# ln -s /etc/letsencrypt/live/www.example.com/fullchain.pem server.crt
# ln -s /etc/letsencrypt/live/www.example.com/privkey.pem server.key
# /opt/tomcatstack-8.5.24-2/ctlscript.sh start

autorenew (once)
# ./certbot-auto renew
# crontab -e
44 0,12 * * * /opt/letsencrypt/certbot-auto renew