B4J Question ABM, APACHE2, SSL, UBUNTU! -- I Did It My Way

mmieher · Apr 25, 2023

In the interest of saving humanity from what I have been through for the past few days, here is a guide to what worked for me. I am a Linux Nothing-burger so this is certainly not the correct method, but it works (right this second).

GOAL: Make ABM/B4J site that runs good-enough in Debug mode on a Windows desktop, also run on an Ubuntu! 22.04 box running Apache. Also required is that the web app survive countless unattended reboots by restarting without any future human interaction whatsoever.

I only need one web site for now. I am sure this link works, bit I had a more fundamental problem.
https://www.b4x.com/android/forum/threads/server-run-a-server-on-a-vps.60378/#content

Site is https:/www.pearlnecklacemedia.com. Ports are 51068 and ssl 51069. The root directory (on Ubuntu!) is /var/www/pearl.

The following is what I think [danger] was important in a number of files.

/etc/apache2.conf

B4X:

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted
</Directory>

AccessFileName .htaccess

<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>

Do not change this in any way. I do not care where your copyneeds.must is.

/var/www/pearl/.htaccess

B4X:

root@pearlnecklacemedia:/var/www/pearl# cat .htaccess
Redirect permanent / https://www.pearlnecklacemedia.com:51069

Rename and .htaccess in /var/www to .htaccess-hate so that it is ignored.

/etc/apache2/sites-available/000-default.conf

B4X:

<VirtualHost *:80>
        DocumentRoot /var/www/pearl

        <Directory /var/www/pearl>
#               Options Indexes FollowSymLinks
                AllowOverride All
#               Require all granted
        </Directory>
</VirtualHost>

Make sure this enabled with sudo a2ensite 000-default.

/etc/apache2/sites-available/default-ssl.conf

B4X:

<VirtualHost _default_:443>
                DocumentRoot /var/www/pearl
                SSLEngine on

                ##SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
                SSLCertificateFile /etc/letsencrypt/live/www.pearlnecklacemedia.com/fullchain.pem
                ##SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
                SSLCertificateKeyFile /etc/letsencrypt/live/www.pearlnecklacemedia.com/privkey.pem
</VirtualHost>

Make sure this enabled with sudo a2ensite default-ssl. You are on your own with the marriage certificate thing.

/etc/apache2/sites-available/www.pearlnecklacemedia.conf

B4X:

<VirtualHost *:80>
        RewriteEngine On
        DocumentRoot /var/www/pearl
        ServerName pearlnecklacemedia.com
        ServerAlias www.pearlnecklacemedia.com
</VirtualHost>

Make sure this enabled with sudo a2ensite www.pearlnecklacemedia.com.

/etc/apache2/sites-available/www.pearlnecklacemedia.com-le-ssl.conf

B4X:

<IfModule mod_ssl.c>
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
<VirtualHost *:443>
        DocumentRoot /var/www/pearl
        ServerName pearlnecklacemedia.com
        ServerAlias www.pearlnecklacemedia.com

       Include /etc/letsencrypt/options-ssl-apache.conf

       SSLCertificateFile /etc/letsencrypt/live/www.pearlnecklacemedia.com/fullchain.pem
       SSLCertificateKeyFile /etc/letsencrypt/live/www.pearlnecklacemedia.com/privkey.pem

       SSLUseStapling On

</VirtualHost>
</IfModule>

Make sure this enabled with sudo a2ensite www.pearlnecklacemedia.com-le-ssl.

OPEN THE FIREWALL! ufw allow 51068, 51069 and since I jRDC also 17178 and 17179.

Compulsively reload/restart Apache server with sudo systemctl reload apache2.

ACTIVATE THE ABM SYSTEM

I made a script in /var/www/pearl. This might be some huge security risk, but I would like nothing more than to have my site be the target of a successful data breach that is covered by every media outlet on the planet.
/var/www/pearl/runresult.sh

B4X:

#!/bin/bash
#PATH=/var/www/pearl:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

##export JAVA_HOME=/path/to/java
export JAVA_HOME=/usr/lib/jvm/java-1.11.0-openjdk-amd64

##java /path/to/my.jar
##java -jar /var/www/pearl/Pearl.jar > /var/www/pearl/pearlweb.log

#rm /var/www/pearl/nohup.out
cd /var/www/pearl
#java -jar /var/www/pearl/Pearl.jar
nohup java -jar /var/www/pearl/Pearl.jar > /var/www/pearl/nohup.out &

# This will delete this cronjob. Don't add this part if you want this every reboot.
#/bin/cat /etc/crontab | /bin/grep -v firstboot > /etc/crontab.tmp
#/bin/rm -f /etc/crontab
#/bin/mv /etc/crontab.tmp /etc/crontab
#rm -f $0

Make sure chmod 777 /var/www/pearl/runresult.sh

THE EVIL DR. CRON
This simple little line had me stuck for over a day:

B4X:

# bless @aeric for sudo - may he live forever and ever
@reboot sudo /var/www/pearl/runresult.sh

CONCLUSION

I am going to stop while I am ahead. Leave the front page just like it is. Anybody that wants to get past the "YOU ARE DARN CLOSE!" page is going to have to continue by "clicking here!"

Thank you to all involved in helping me through this -- @aeric, @MichalK73, @alwaysbusy, Erels and the all-powerful Linuxbabe.

MichalK73 · Apr 26, 2023

mmieher said:
I am going to stop while I am ahead. Leave the front page just like it is. Anybody that wants to get past the "YOU ARE DARN CLOSE!" page is going to have to continue by "clicking here!"

You don't necessarily have to click.
In the ABM error handling module, add that if this error is to be redirected to any page, e.g. your project start page.

MichalK73 · Apr 26, 2023

mmieher said:
/etc/apache2/sites-available/default-ssl.conf

SSL is also not necessary to set up in Apache. ABM has support for generating 'letsencrypt' certificate from jetty server. In Apache you will have to ensure that the certificate refreshes itself automatically or do it manually. In ABM it does this automatically. Just redirect http to https (SSL ABM port).
This is just my tip.

aeric · Apr 26, 2023

mmieher said:
cd /var/www/pearl

nohup java -jar /var/www/pearl/Pearl.jar > /var/www/pearl/nohup.out &

After you have cd (change directory), you don't need to specify the current path explicitly, since you are on the same directory. But doing so has no harm.

Just:

Bash:

nohup java -jar Pearl.jar > nohup.out &

mmieher · Apr 26, 2023

MichalK73 said:
SSL is also not necessary to set up in Apache. ABM has support for generating 'letsencrypt' certificate from jetty server. In Apache you will have to ensure that the certificate refreshes itself automatically or do it manually. In ABM it does this automatically. Just redirect http to https (SSL ABM port).
This is just my tip.

MichalK73 said:
You don't necessarily have to click.
In the ABM error handling module, add that if this error is to be redirected to any page, e.g. your project start page.

Ty. I think I know how to do that. For now, I just really like the "Everything's Alright" page.

B4J Question ABM, APACHE2, SSL, UBUNTU! -- I Did It My Way

mmieher

Active Member

MichalK73

Well-Known Member

MichalK73

Well-Known Member

aeric

Expert

mmieher

Active Member

Similar Threads