About

Tomcat and Maria DB on a Pair of Raspberry Pi's

Written by: Kimberlee Model, posted: 2018-05-22, last modified: 2019-09-30. Tags: How I configured, Home Server, Raspberry Pi.
Hello Blog,

I Have finally put the effort into fixing this blog after I upgraded from a single rasperry pi to a pair of them. So I'm going to briefly put out some notes on how I did this. This is a follow up to my previous post.


First and foremost is tomcat, which I downloaded, and untarred


  $> tar -xf apache-tomcat-8.5.31.tar.gz
  $> sudo cp apache-tomcat-8.5.31 /usr/bin/tomcat-8.5.31
  $> sudo ln -s /usr/bin/tomcat-8.5.32/ /usr/bin/tomcat

I'm not truncating the version yet, because it allows me to keep older versions and soft link the truncated name later. I need to make a user to run tomcat as, so that tomcat does not have access to root.


  $> adduser --system --home /home/tomcat --disabled-password tomcat

Next, I have two dependencies for this blog which come with neither the blog software nor with tomcat, so I'm going to download them from maven central. And they are mysql:mysql-connector-java which is the database connector for Java. the second is javax.mail:mail which is JavaMail, for sending emails from the blog (I didn't bother setting it up, but it did require the jar). I downloaded these and put them into /usr/share/tomcat/lib/. this way they are on my classpath, and I don't need to worry about them.

Next I need to download the war files I want. I am using this blog which is Apache Roller and GitBucket which is a git repository hosting application, which also runs in tomcat. I downloaded them and moved them into the webapps folder of tomcat


  $> sudo cp roller.war /usr/share/tomcat/webapps/
  $> sudo cp gitbucket.war /usr/share/tomcat/webapps/
next is the important step of putting together the roller custom settings. These are settings that override defaults in the roller settings such as where your database is and where to store media on the blog. this file is is placed in the lib directory of tomcat, again so it is on the classpath of Tomcat. Roller searches the classpath for this file on startup.


  $> sudo nano /usr/share/tomcat/lib/roller-custom.properties

the file contains the following


#Roller Custom Properties
#Installation Type can be manual if you will setup the tables yourself or auto, if you want roller to do it for you.
installation.type=manual
mediafiles.storage.dir=/home/tomcat/.roller/mediafiles
search.index.dir=/home/tomcat/.roller/searchindex
database.configurationType=jdbc
database.jdbc.driverClass=com.mysql.jdbc.Driver
database.jdbc.connectionURL=jdbc:mysql://red-radio2.redbow.kim:3306/rollerdb?autoReconnect=true&useUnicode=true&characterEncoding=utf-8&mysqlEncoding=utf-8
database.jdbc.username=REDACTED
database.jdbc.password=REDACTED

The database and directory parts here should be self-explanatory, however installation.type is more interesting. This one allows you to either setup your own database tables or have Roller do them for you. I used manual, since I already had restored the tables from my old blog.

Next I actually have to setup the database. I wanted to use MySQL, however, only MariaDB is in the raspbian clones. Maria is supposed to be "compatible" with My, however, as per usual, there are obnoxious little details which serve only to annoy me. (That's not true, they're for security purposes, which is important, but still mildly annoying.

The first thing is not obvious. MySQL during install used to prompt for root password, and during set up one could run mysql -uroot -p and enter the database root password. in MariaDB, one need only call sudo mysql to open a root SQL shell. It took me embarrassingly long to figure this one out. the next thing is that by default MariaDB only listens to the loopback interface. For those who do not know, computers have various networking devices or "interfaces", and one is labeled loopback or localhost or 127.0.0.1 which receives only and all the traffic from itself. this prevents other computers from connecting to MariaDB which may make sense to some folks, but since I have a web server on one Pi and a database server on the other, it does not make sense to me, so I changed it.

What you need to do is change the bind-address in the MariaDB configuration files. for me the correct configuration file was /etc/mysql/mariadb.conf.d/50-server.cnf. So I ran:


  sudo nano /etc/mysql/mariadb.conf.d/50-server.cnf

and I changed the following line:


# from
bind-address            = 127.0.0.1
# to
bind-address            = ::

Which now lets me connect from other computers. However now people I don't trust could connect to it. One way to mitigate this, for me is to use the UFW firewall in Raspbian:


  $> sudo ufw enable
  $> sudo ufw allow proto tcp from 192.168.2.0/24 to any port 3306
This is one way to protect me, at the operating system layer. Nobody from outside of my subnet can connect to it anymore. And similar commands can be used to allow other services such as ssh on both servers and http(s) on the web server. The second way to do this is using the grant permissions in the database, which also can block traffic from specific subnets. I will end up having two schemas:


  MariaDB> create schema rollerdb;
  MariaDB> create schema gitbucket;

And I will need two users with permissions to use these schemas


  MariaDB> GRANT usage, select, trigger, update, delete, insert, create view, alter, create, create routine, execute ON rollerdb.* TO 'REDACTED'@'192.168.2.0/255.255.255.0' IDENTIFIED BY 'REDACTED';
  MariaDB> GRANT usage, select, trigger, update, delete, insert, create view, alter, create, create routine, execute ON gitbucket.* TO 'REDACTED'@'192.168.2.0/255.255.255.0' IDENTIFIED BY 'REDACTED';

Now I'm almost ready to start the servers. On the database, the server is running already. But on the tomcat server I need to set it up to start on reboot. To do that, I will use systemd to start it. I can place the following text in the file /etc/systemd/system/tomcat.service


[Unit]
Description="Tomcat Java Web Servlet Container"
After=apache2.service

[Service]
Type=forking
ExecStartPre=/bin/sleep 32
ExecStart=/usr/share/tomcat/bin/startup.sh
ExecStop=/usr/share/tomcat/bin/shutdown.sh
Restart=always
RestartSec=8
PIDFile=/usr/share/tomcat/bin/catalina.pid
User=tomcat
Group=tomcat
WorkingDirectory=/usr/share/tomcat

[Install]
WantedBy=multi-user.target

Now I have to change the ownership of tomat to the tomcat user, instead of root. then I can run finally, using systemd.


  $> sudo chown -R tomcat:tomcat /usr/share/tomcat/*
  $> sudo systemctl start tomcat.service
  $> sudo systemctl enable tomcat.service

The End. For finishing the setup of GitBucket with MySQL/MariaDB, the instructions in their wiki may be followed.

EDIT: 2018-07-02. So, I noticed a few things going on after I initially set this up. First is that somebody started tomcat, but she forget to enable it in systemd.

Second is that it takes a while longer for MariaDB to startup than it does for tomcat to start. So I've modified the systemd script small little bit. The ExecStartPre will now wait some time before starting tomcat.