====== Install www.brimble.com on Ubuntu 20.04 LTS as Unraid Virtual Machine ======
This will guide you through the setup of brimble.com on an installation of [[Ubuntu 20.04 LTS]] as an Unraid Virtual Machine.
===== VM Settings =====
  * Autostart: Yes
  * Name: brimble.com.20.04vX
  * Description: Brimblecom Webpage
  * CPU Mode: Host Passthrough
  * Logical CPUs: 2/10
  * Internal Memory: 4096
  * Max Memory: 4096
  * Machine: Q35-4.1
  * BIOS: OVMF
  * USB Controller: 2.0 (EHCI) (I don't have USB 3.0 on current hardware)
  * OS Install ISO: select the ubuntu - 20.04 iso
  * OS Install CDRom Bus: SATA
  * Primary vDisk Location: Auto if on the array, below options for ssd
    */mnt/disks/samsung_nvme/vms/brimble.com.20.04vX/vdisk1.img            --> This one is vDisk on SSD (Current setup uses this)
    */dev/disk/by-id/ata-"ID OF DRIVE" --> This one is passthrough
  * Primary vDisk Size: 40G
  * Primary vDisk Type: raw
  * Primary vDisk Bus: VirtIO if on the array, below options for ssd
    * VirtIO         --> This one is vDisk on SSD (Current setup uses this)
    * SATA           --> This one is passthrough
  * Unraid Share: /mnt/usr/backup
  * Unraid Mount tag: backup
    * Hit plus sign to add more shares (If after creation use XML mode (duplicate and increment function to 0x1))
  * Graphics Card: VNC
  * VNC Video Driver: QXL (best)
  * VNC Password: leave this blank (or set password if concerned folks will get access to unraid!)
  * VNC Keyboard: English-United States
  * Sound Card: none
  * Network MAC: whatever it is
  * Network Bridge: br0
  * USB Devices: none
  * Other PCI Devices: none

===== Install to Virtual Machine =====

  * Custom storage layout
  * Partitions: (ext4)

^  Size  ^  Location  ^  Notes  ^
|  4 GB | swap (primary)     |  should be min sqrt(RAM) and max double RAM  |
|  6 GB | / (logical)        |  current install uses about 2.6 GB  |
|  5 GB | /home (logical)    |  current install uses about 45 MB  |
|  1 GB | /boot (logical)    |  current install uses about 145 MB  |
|  19.498 GB | /var (logical)   |  current install uses about 9.3 GB  |
|  4 GB | /tmp (logical)     |  current install uses about 21 MB  |

  * Full Name: Dirk Rockface
  * Server: brimble
  * User Name: dirk
  * Finish installing. I didn't install any "common packages" from the setup CD.

===== Setup =====
==== Update Packages ====
<code>sudo apt-get update
sudo apt-get dist-upgrade</code>

==== Install SSH Server ====
<code>sudo apt-get install openssh-server</code>
==== Mount Unraid Shares ====
  * add the following to /etc/fstab where backup is whatever you called the Unraid Mount tag and /mnt/backup is whatever folder you made in ubuntu to mount to. <code>backup /mnt/backup 9p trans=virtio,version=9p2000.L,_netdev,rw 0 0</code>
    * Note: if you've already created the VM and THEN added the unraid tag, your NIC name was changed (probably from enp1s0 to enp3s0) run ifconfig -a to see new name then modify /etc/netplan/50-cloud-init.yaml
    * Note: also, to add more shares after initial creation, use XML mode, duplicate the section, and increment the function to 0x1

==== Install ex-fat (for USB drives or FAT formats) ====
<code>sudo apt-get install exfat-fuse exfat-utils</code>
==== Reboot ====
<code>sudo reboot -h now</code>
==== Create ssh-rsa key auth ====
  * In home directory <code>mkdir .ssh</code>
  * authorized_keys file needs to have keys in them. Copy over from harddrive, external drive, or create them.
  * When making keys on clients <code>ssh-keygen -t rsa</code> 
  * New things for keys:
    * So, ssh-keygen no longer creates the keys with the headers on them.  Seems to be no big deal for ssh but Cyberduck borked.
    * To make private keys with headers for Cyberduck:<code>openssl genrsa -aes128 -out id_rsa 2048
openssl rsa -in id_rsa -pubout -out id_rsa.test
ssh-keygen -f id_rsa.test -i -mPKCS8</code>
    * Links:
      * https://rietta.com/blog/2012/01/27/openssl-generating-rsa-key-from-command/
      * https://stackoverflow.com/questions/1011572/convert-pem-key-to-ssh-rsa-format

  * Turn off Password Auth<code>sudo vim /etc/ssh/sshd_config</code><code>UsePAM yes
PasswordAuthentication no</code>
==== Reboot ====
<code>sudo reboot -h now</code>
==== Install Tomcat ====
<code>sudo apt-get install tomcat9</code>

=== Copy webpage files ===
<code>sudo rm -rf /var/lib/tomcat9/webapps/ROOT
sudo cp -a /mnt/backup/webpage/webapps/. /var/lib/tomcat9/webapps/</code>
  * Note: You might have to set ownership and permissions back to normal for those folders<code>sudo chown tomcat:tomcat webapps
sudo chmod 755 webapps</code>
=== Allow Directory Browsing ===
<code>sudo vim /etc/tomcat9/web.xml</code>
<code><init-param>
  <param-name>listings</param-name>
  <param-value>true</param-value>
</init-param></code>
==== Install MySql (if not using a docker)====
<code>sudo apt-get install mysql-server</code>
=== Import database dump ===
<code>sudo mysql -u root -p < dumpfile.sql</code>
=== Create mysql user ===
<code>sudo mysql -u root -p
CREATE USER 'dirk'@'localhost' IDENTIFIED BY 'password';
show databases;
GRANT ALL PRIVILEGES ON *.* TO 'dirk'@'localhost';
exit</code>
=== Allow write access for user ===
<code>GRANT FILE ON *.* TO 'dirk'@'localhost';
exit</code>
=== Allow mysql to write to files ===
<code>sudo aa-status</code>
  * This should show mysqld in enforce mode
<code>sudo vim /etc/apparmor.d/usr.sbin.mysqld</code>
  * add folders near the bottom like this:<code>/var/lib/tomcat9/webapps/ r,
/var/lib/tomcat9/webapps/** rwk,</code>
<code>sudo vim /etc/mysql/mysql.conf.d/mysqld.cnf</code>
  * add at bottom:<code>secure_file_priv=""</code>
  * while in this file, decrease sleep time to avoid max connections (default is 8 hrs)<code>wait_timeout = 20</code>
  * Note: In order to get sql to write, I had to make everything in the webapps folder root:dirk (which it probably was) and the export folder 777. Not sure which of those did the trick (or both)
  * Note: New in mysqlserver v8: files writen from mysql are only readable by root and the mysql group so you have to add the use tomcat (the one reading the files in the march madness bracket) to the mysql group (the one creating the files)<code>sudo usermod -a -G mysql tomcat</code>
  * Changes will take effect after restart<code>sudo reboot -h now</code>
==== Tomcat - Mysql linking / JDK / JAVA cleanup / Activate error page ====
  * Install Java Development Kit<code> sudo apt-get install default-jdk</code>
  * Install Java / Mysql connector<code> sudo apt-get install libmysql-java</code>
  * Note: This was not supported in 20.04 at the time and must be installed manually.
    * Download JDBC Driver for Mysql (Connector/J) from https://www.mysql.com/products/connector/
    * Install the debfile:<code>sudo apt install thatdebfile.deb</code>
  * Create symlink for connector<code>sudo ln -sf /usr/share/java/mysql-connector-java.8.0.20.jar /usr/share/tomcat9/lib/mysql-connector-java.jar</code>
  * Faster tomcat startup
    * Note: This is due to using random vs urandom
    * edit java.security
      * at last check, this was located here: <code>sudo vim /usr/lib/jvm/java-11-openjdk-amd64/conf/security/java.security</code>
      * change<code>securerandom.source=file:/dev/random</code> to <code>securerandom.source=file:dev/urandom</code>
      * Link: https://docs.oracle.com/cd/E13209_01/wlcp/wlss30/configwlss/jvmrand.html
  * New change for 20.04: had to add <code>&serverTimezone=UTC</code> to the end of the SQL_PARAMS section in all of the config.jsp files.  They should be all converted for the next install and no action required. (hopefully)
  * If webinf files need to be compiled:<code>sudo javac -cp /usr/share/java/servlet-api-3.0.jar:/usr/share/java/jsp-api-2.2.jar util/*.java</code>
  * reboot<code>sudo reboot -h now</code>
  * To activate Error Pages (instead of actual code showing)
    * At bottom of /var/lib/tomcat9/conf/web.xml page before </web-app> put: <code>
    <error-page>
        <error-code>404</error-code>
        <location>/error.jsp</location>
    </error-page>
    <error-page>
        <error-code>403</error-code>
        <location>/error.jsp</location>
    </error-page>
    <error-page>
        <error-code>500</error-code>
        <location>/error.jsp</location>
    </error-page></code>
    * At bottom of /var/lib/tomcat9/conf/server.xml page before </Host> put: <code>
    <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" /></code>
    * make an error.jsp file and put it in each webapps folder you would like it to show up
    * Link: https://ravisankar1.wordpress.com/2020/05/21/tomcat-9-customize-default-404-error-page/
    * Link: https://www.javatpoint.com/exception-handling-in-jsp
==== Install Samba ====
<code>sudo apt-get install samba
sudo smbpasswd -a dirk
sudo vim /etc/samba/smb.conf</code>
<code>[webapps]
  comment = Webpage Files
    path = /var/lib/tomcat9/webapps
    available = yes
    browsable = yes
    guest ok = yes
    read only = no
    writable = yes
    admin users = dirk</code>
  * you may have to chmod correct permissions for webapps folder (775)

==== Add football season ====
<code>LOAD DATA LOCAL INFILE "/home/dirk/2019o.csv" INTO TABLE games COLUMNS TERMINATED BY ',';
UPDATE games SET vscore = NULL where year = 2019;
UPDATE games SET hscore = NULL where year = 2019;</code>

==== Allow rsync to run on own ====
<code>sudo visudo -f /etc/sudoers.d/nopass
dirk ALL=(ALL:ALL) NOPASSWD:/usr/bin/rsync</code>

==== Add cron job for backup ====
<code>crontab -e</code>
<code>0 3 * * * /home/dirk/scripts/backup</code>

==== Change timezone ====
<code>sudo dpkg-reconfigure tzdata</code>