====== Install Ubuntu 20.04 LTS as Standalone Server ======
This will guide you through the installation of [[Ubuntu 20.04 LTS]] as a Standalone Server.
===== Do Not Forget To =====
  * backup webapps
  * backup mysql database
  * backup ./ssh/authorized_keys
  * backup minecraft worlds (if running on ubuntu)
  * move the AP to a new adoption (if running UniFi Controller on ubuntu)
  * backup /etc/fstab (if lots of drives mounted)
  * use lsblk to get list of current drives and mount points
===== Install Ubuntu Server 20.04 LTE from CD / USB =====

  * Custom storage layout
  * Partitions: (ext4)

^  Size  ^  Location  ^  Notes  ^
|  4 GB | swap (primary)     |  should be min sqrt(RAM) and max double RAM  |
|  6 GB | / (logical)        |  current install uses about 2.6 GB  |
|  5 GB | /home (logical)    |  current install uses about 45 MB  |
|  1 GB | /boot (logical)    |  current install uses about 145 MB  |
|  19.498 GB | /var (logical)   |  current install uses about 9.3 GB  |
|  4 GB | /tmp (logical)     |  current install uses about 21 MB  |

  * Full Name: Dirk Rockface
  * Server: brimble
  * User Name: dirk
  * Finish installing. I didn't install any "common packages" from the setup CD.

===== Setup =====
==== Update Packages ====
<code>sudo apt-get update
sudo apt-get dist-upgrade</code>

==== Install SSH Server ====
<code>sudo apt-get install openssh-server</code>
==== Mount other hard drives ====
<code>sudo mkdir /mnt/storage
sudo mkdir /mnt/minecraft
sudo mkdir /mnt/plex
sudo mkdir /mnt/timemachine</code>
<code>sudo blkid</code> and <code>sudo lsblk</code> to get info for fstab.
<code>sudo vim /etc/fstab</code>
==== Install ex-fat (for USB drives or FAT formats) ====
<code>sudo apt-get install exfat-fuse exfat-utils</code>
==== Reboot ====
<code>sudo reboot -h now</code>
==== Create ssh-rsa key auth ====
  * In home directory <code>mkdir .ssh</code>
  * authorized_keys file needs to have keys in them. Copy over from harddrive, external drive, or create them.
  * When making keys on clients <code>ssh-keygen -t rsa</code> 
  * New things for keys:
    * So, ssh-keygen no longer creates the keys with the headers on them.  Seems to be no big deal for ssh but Cyberduck borked.
    * To make private keys with headers for Cyberduck:<code>openssl genrsa -aes128 -out id_rsa 2048
openssl rsa -in id_rsa -pubout -out id_rsa.test
ssh-keygen -f id_rsa.test -i -mPKCS8</code>
    * Links:
      * https://rietta.com/blog/2012/01/27/openssl-generating-rsa-key-from-command/
      * https://stackoverflow.com/questions/1011572/convert-pem-key-to-ssh-rsa-format

  * Turn off Password Auth<code>sudo vim /etc/ssh/sshd_config</code><code>UsePAM yes
PasswordAuthentication no</code>
==== Reboot ====
<code>sudo reboot -h now</code>
==== Install Tomcat ====
<code>sudo apt-get install tomcat9</code>
=== Change to port 80 ===
<code>sudo vim /etc/tomcat9/server.xml</code><code><Connector port="80" protocol="HTTP/1.1"
       	connectionTimeout="20000"
       	URIEncoding="UTF-8"
       	redirectPort="8443" /></code>
=== Copy webpage files ===
<code>sudo rm -rf /var/lib/tomcat9/webapps/ROOT
sudo cp -a /mnt/backup/webpage/webapps/. /var/lib/tomcat9/webapps/
sudo cp -a /mnt/backup/webpage/plex /var/lib/tomcat9/</code>
  * <html><span style="color:red;font-size:100%;">Note:</span> You might have to set ownership and permissions back to normal for those folders</html><code>sudo chown tomcat:tomcat webapps
sudo chmod 755 webapps</code>
=== Allow Directory Browsing ===
<code>sudo vim /etc/tomcat9/web.xml</code>
<code><init-param>
  <param-name>listings</param-name>
  <param-value>true</param-value>
</init-param></code>
=== Faster Tomcat Startup ===
  * <html><span style="color:red;font-size:100%;">Note:</span> This is due to using random vs urandom</html>
  * edit java.security
    * at last check, this was located here: <code>sudo vim /usr/lib/jvm/java-11-openjdk-amd64/conf/security/java.security</code>
    * change<code>securerandom.source=file:/dev/random</code> to <code>securerandom.source=file:dev/urandom</code>
    * Link: https://docs.oracle.com/cd/E13209_01/wlcp/wlss30/configwlss/jvmrand.html
==== Install MySql ====
<code>sudo apt-get install mysql-server</code>
=== Import database dump ===
<code>sudo mysql -u root -p < dumpfile.sql</code>
=== Create mysql user ===
<code>sudo mysql -u root -p
CREATE USER 'dirk'@'localhost' IDENTIFIED BY 'password';
show databases;
GRANT ALL PRIVILEGES ON *.* TO 'dirk'@'localhost';
exit</code>
=== Allow write access for user ===
<code>GRANT FILE ON *.* TO 'dirk'@'localhost';
exit</code>
=== Allow mysql to write to files ===
<code>sudo aa-status</code>
  * This should show mysqld in enforce mode
<code>sudo vim /etc/apparmor.d/usr.sbin.mysqld</code>
  * add folders near the bottom like this:<code>/var/lib/tomcat9/webapps/ r,
/var/lib/tomcat9/webapps/** rwk,</code>
<code>sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf</code>
  * add at bottom:<code>secure_file_priv=""</code>
  * while in this file, decrease sleep time to avoid max connections (default is 8 hrs)<code>wait_timeout = 20</code>
  * <html><span style="color:red;font-size:100%;">Note:</span> In order to get sql to write, I had to make everything in the webapps folder root:dirk (which it probably was) and the export folder 777. Not sure which of those did the trick (or both)</html>
  * <html><span style="color:red;font-size:100%;">Note:</span> New in mysqlserver v8: files writen from mysql are only readable by root and the mysql group so you have to add the use tomcat (the one reading the files in the march madness bracket) to the mysql group (the one creating the files)</html><code>sudo usermod -a -G mysql tomcat</code>
  * Changes will take effect after restart<code>sudo reboot -h now</code>
=== Tomcat - Mysql linking / JDK / JAVA cleanup ===
  * Install Java Development Kit<code> sudo apt-get install default-jdk</code>
  * Install Java / Mysql connector<code> sudo apt-get install libmysql-java</code>
  * <html><span style="color:red;font-size:100%;">Note:</span> This was not supported in 20.04 at the time and must be installed manually.</html>
    * Download JDBC Driver for Mysql (Connector/J) from https://www.mysql.com/products/connector/
    * Install the debfile:<code>sudo apt install thatdebfile.deb</code>
  * Create symlink for connector<code>sudo ln -sf /usr/share/java/mysql-connector-java.8.0.20.jar /usr/share/tomcat9/lib/mysql-connector-java.jar</code>
  * New change for 20.04: had to add <code>&serverTimezone=UTC</code> to the end of the SQL_PARAMS section in all of the config.jsp files.  They should be all converted for the next install and no action required. (hopefully)
  * If webinf files need to be compiled:<code>sudo javac -cp /usr/share/java/servlet-api-3.0.jar:/usr/share/java/jsp-api-2.2.jar util/*.java</code>
  * reboot<code>sudo reboot -h now</code>
==== Install Samba ====
<code>sudo apt-get install samba
sudo smbpasswd -a dirk
sudo vim /etc/samba/smb.conf</code>
<code>[webapps]
  comment = Webpage Files
    path = /var/lib/tomcat9/webapps
    available = yes
    browsable = yes
    guest ok = yes
    read only = no
    writable = yes
    admin users = dirk</code>
<code>[storage]</code>
<code>[plex]</code>
  * you may have to chmod correct permissions for webapps folder (775)

==== Add football season ====
<code>LOAD DATA LOCAL INFILE "/home/dirk/2019o.csv" INTO TABLE games COLUMNS TERMINATED BY ',';</code>

==== Allow rsync to run on own ====
<code>sudo visudo -f /etc/sudoers.d/nopass
dirk ALL=(ALL:ALL) NOPASSWD:/usr/bin/rsync</code>

==== Add cron job for backup ====
<code>crontab -e</code>
<code>0 3 * * * /home/dirk/scripts/backup</code>

==== Change timezone ====
<code>sudo dpkg-reconfigure tzdata</code>