Connect Mysql/Mariadb/Postgresql with Jboss 7 Application Server in Centos 7

Connect Mysql/Mariadb/Postgresql with Jboss 7 Application Server::
-------------------------------------------------------------------------------------------

Mysql and Mariadb datasource Connectivity with Jboss:

Please check the previous threads in the blog for Mysql/Mariadb/Postgres and Jboss Installations. Assuming  you have the above installations done, go ahead with the connectivity as follows::


Download the mysql-java connector "mysql-connector-java-5.1.30.zip"  from the url dev.mysql.com/downloads/connector/j/

# unzip mysql-connector-java-5.1.30.zip for the jar file
We will find "mysql-connector-java-5.1.30-bin.jar"

Create Jboss Module for mysql datasource directory as follows::

# mkdir /usr/share/jboss-as-7.1.1.Final/mysql/main/  -p

Copy jar file to the above directory

# cp /root/Downloads/mysql-connector-java-5.1.30/mysql-connector-java-5.1.30-bin.jar  /usr/share/jboss-as-7.1.1.Final/mysql/main/

will update shortly!!!!!!!!!!!

Install JBoss 7.* in Centos 7::

Install JBoss 7.* in Centos 7::
======================

Install java first
# yum install java

Check the version of java installed
# java -version
java version "1.7.0_111"
OpenJDK Runtime Environment (rhel-2.6.7.2.el7_2-x86_64 u111-b01)
OpenJDK 64-Bit Server VM (build 24.111-b01, mixed mode)

Download JBOSS AS 7
# screen  
# wget http://download.jboss.org/jbossas/7.1/jboss-as-7.1.1.Final/jboss-as-7.1.1.Final.zip

Unzip the zip file under /usr/share/
# unzip jboss-as-7.1.1.Final.zip -d /usr/share

Create a system user
# adduser jboss

Change ownership of the installation directory
# chown -fR jboss.jboss /usr/share/jboss-as-7.1.1.Final/

Switch user to the create user
# su jboss

Change to the bin directory
# cd /usr/share/jboss-as-7.1.1.Final/bin/

Create JBOSS Management users using the script (We can create as many users needed)
# ./add-user.sh

Start JBOSS server using the command
# ./standalone.sh -Djboss.bind.address=0.0.0.0 -Djboss.bind.address.management=0.0.0.0&

 Try accessing the JBOSS console in the browser::
http://localhost:9990/console/index.html

To stop the server  use the command::
./jboss-cli.sh --connect command=:shutdown

If you have issues in logging in with the user created. Follow the steps:

Open jboss-as-x.x.x.Final\standalone\configuration\mgmt-users.properties and delete the user ( delete the line which has the username you want to use, such as admin,etc)

Run jboss-as-x.x.x.Final\bin\add-user.sh to create new user as follows

    select user type a
    Realm (ManagementRealm) : ManagementRealm
    Username : linuxgeeknotes
    Password : password
    Re-enter Password : password

Postgres Installation in Centos 7 and configuration

Postgres Installation and Commands for system admins::

----------------------------------------------------------------------------------------------

 Postgressql installation is very easy and it completes in a single command

# yum install postgresql-server postgresql-contrib


Once the installtion is completed we can create a new PostgreSQL database cluster

# postgresql-setup initdb


Open the Host based authentication configuration file and edit the lines as follows::

# vi /var/lib/pgsql/data/pg_hba.conf

   
host all all 127.0.0.1/32 md5

host all all ::1/128 md5

# systemctl start postgresql

# systemctl enable postgresql

The installation procedure created a user account called postgres that is associated with the default Postgres role. In order to use Postgres, we'll need to log into that account as follows:

# sudo -i -u postgres 

You can get a Postgres prompt immediately by typing:

# psql

Exit out of the PostgreSQL prompt by typing:

    \q

Currently configured user roles can be seen using the command:

# \du

Version of PostgreSQL installed:

# SELECT version();
                                                   version                                                   
--------------------------------------------------------------------------------------------------------------
 PostgreSQL 9.2.15 on x86_64-redhat-linux-gnu, compiled by gcc (GCC) 4.8.5 20150623 (Red Hat 4.8.5-4), 64-bit
(1 row)



Command to see the  list of databases by running:

# psql -l

Some simple POSTGRESQL Commands

createuser --interactive --- to create user interactively
createuser test               --- creates user test
createdb test                  --- creates database test
      

-bash-4.2$ psql -d test  --- connects to database test
psql (9.2.15)
Type "help" for help.

test=# \conninfo           --- checks the database connection information
 
You are connected to database "test" as user "postgres" via socket in "/var/run/postgresql" at port "5432".
test=#

To connect to a Postgresql server remotely follow the steps. If you want to connect from a particular network, add the following entry in the postgresql.conf and pg_bha.conf(Host based authentication configuration file )

# vi  /var/lib/pgsql/data/pg_hba.conf
host    all         all         192.168.101.20/24    trust

# grep listen /var/lib/pgsql/data/postgresql.conf
listen_addresses = '*'


Once the entries are added and the service restarted, you should be able to connect to postgresql server remotely as follows::

# psql -U postgres -h 192.168.102.1
Welcome to psql 8.1.11 (server 8.4.18), the PostgreSQL interactive terminal.postgres=#

Default port of postgresql is 5432. If you want to change the port for postgresql edit the postgresql.conf file as follows::

# port = 5432  to port = 6969

Firewall entries to allow connections to the database 

# sudo firewall-cmd --permanent --zone=trusted --add-source=<Client IP address>/32

# sudo firewall-cmd --permanent --zone=trusted --add-port=5432/tcp

# sudo firewall-cmd --reload

Creating password for the postgres user

bash-4.2$ psql
psql (9.4.4)
Type "help" for help.

postgres=# \password
Enter new password:
Enter it again:
postgres=# \q

Command to login remotely to the database server as follows::

$ psql -h <Server IP Address> -p 5432 -U postgres -W
Password for user postgres:
psql (9.2.15)
Type "help" for help.

SSL Certificate installation in Apache and Nginx

SSL Certificate installation in Apache and Nginx::
=====================================

First step is to generate the CSR(Certificate Signing Request) for the domain

Apache Server SSL setup ::
------------------------------------

# openssl req -new -newkey rsa:2048 -nodes -keyout linuxgeeknotes_com.key -out linuxgeeknotes_com.csr

This will create two files

1. linuxgeeknotes_com.csr

2. linuxgeeknotes_com.key

Now contact the certificate provider with the csr file generated and they will verify the details provided and generate the cert file and CA bundle.

For apache webserver, we need to add the SSL certificate entries in the configuration files as follows::

<VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/html2
ServerName www.linuxgeeknotes.com
SSLEngine on
SSLCertificateFile /path/to/linuxgeeknotes.crt
SSLCertificateKeyFile /path/to/linuxgeeknotes.key
SSLCertificateChainFile /path/to/linuxgeeknotes.crt
</VirtualHost>

Restart the service.



Nginx Server SSL Setup::
----------------------------------

# openssl req -new -newkey rsa:2048 -nodes -keyout linuxgeeknotes_com.key -out linuxgeeknotes_com.csr

This will create two files

1. linuxgeeknotes_com.csr

2. linuxgeeknotes_com.key

Now contact the certificate provider with the csr file generated and purchase the cert files. Concatenate the files to a single file named ssl-bundle.crt using the command as follows::

# cat www_linuxgeeknotes_com.crt DomainValidationSecureServerCA.crt AddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt


Add the SSL entries in the  configuration file as follows and restart the service::

server
{
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/linuxgeeknotes_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/linuxgeeknotes_com/linuxgeeknotes_com.key;

# side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ...
}

Apache vs Nginx Webservers

Apache vs Nginx Webservers::
====================

>> If you need a high speed webserver to host a single website, NGINX is the best choice because it can handle much higher load of concurrent connections while using less resources. And if you are looking for a shared hosting, to host multiple websites on a shared web server, Apache webserver is more flexible.

>> Nginx is event driven and Apache is process driven

>> Nginx support newer frameworks, such as Node.js, Python/Django and also support  CGI/FastCGI  and alternative such as WSGI

>> Apache is best for traditional MySQL/PHP applications, such as WordPress or Drupal and in shared hosting to host many websites with different configurations per site through  .htaccess file

>> Apache has a variety of different modules, add-ons, and components and very well documented.

 As a server admin you can google and decide which one is best  for the client requirement. At the end of the day, the choice of the web server platform is entirely dependent on what you’re doing with the server.