Category Archives: Linux

My Play Framework Upstart script

Recently I had to create a upstart script for a Play application and this was the result of that. I put it here so I don’t have to start from scratch next time 🙂

########################################################################################################
#
#                                       Upstart Script
#
# Upstart script for a play application. Put this into a file like /etc/init/tankmin.conf
#
# This could be the foundation for pushing play apps to the server using something like git-deploy
# By calling service play stop in the restart command and play-start in the restart command.
#
# Usage:
#   sudo start myapp
#   sudo stop myapp
#   sudo restart myapp
#   sudo status myapp
#
#########################################################################################################

description "Upstart script for MyApp"
author "Niklas Ottosson"
version "1.0"

# Set environment variables
env HOME=/my/app/dir/
env LANG=en_US.UTF-8

# Start and stop runlevels
start on runlevel [2345]
stop on runlevel [06]

# Respawn parameters with limit: dies 3 times within 60 seconds
respawn
respawn limit 3 60

# Change directory to current version of Tankmin
chdir /my/app/dir/

# Delete any stray PIDs
pre-start script
  rm -f ${HOME}/RUNNING_PID
end script

# Upstart logging (/var/log/upstart/myapp.log)
console none

# TEST ENVIRONMENT (arguments here are what I'm using for this particular app - you should use what works best for your app)
exec bin/myapp -J-Xms256M -J-Xmx768m -J-server -Dhttp.port=80 -Dconfig.file=conf/application.conf -Dlogger.file=conf/application-logger_PROD.xml

Tested in a production environment on Ubuntu 14.04 and Play Framework 2.3

Add SSL certificate to a JKS storage

I have started doing this quite a lot these days so I’d better put a post up here to get rid of all the Google searching 🙂 It’s not that complicated but I know I will forget if I don’t do it for a while.

Lets start with the .p12 file. This is the file that we are going to put into the jks container. For this we have a .crt and .key file from our CA.

First we need to remove any password from the key file

openssl rsa -in server.key -out server.key_nopasswd

You will be prompted for the password of your .key file

Once the key file is without a password we can create the .p12 file

openssl pkcs12 -export -name somename -in server.crt -inkey server.key_nopasswd -out keystore.p12

Now we have the .p12 file. Time to put it into the jks container

keytool -importkeystore -destkeystore mykeystore.jks -srckeystore keystore.p12 -srcstoretype pkcs12 -alias somealias

Lastly we need the CA certificate

keytool -import -keystore mykeystore.jks -file someca.crt -alias someotheralias

That is pretty much it!

Setup Trac project on Debian Wheezy with Apache using the mod_wsgi and Basic Authentication

I had a lot of trouble understanding the Trac install instruction on the Trac project homepage. Maybe I’m getting old 🙂 Anyhow, I decided to create this step by step tutorial so that I have something easy to return too the next time I need to setup a new Trac project. In this tutorial I assume that all the necessary programs (Apache (with mod_wsgi), Trac and SQlite) are already installed

So lets start off by creating a folder to put our project in:

mkdir /var/trac/my_project

I place my trac instances in /var/trac/ but you can use almost any location

Now lets use trac-admin to create the project

trac-admin /var/trac/my_project initenv
trac-admin /var/trac/my_project deploy /tmp/deploy

The project is now created and deployed, but I have deployed it to /tmp – strange? I certainly think so but it’s apparently the preferred way. Somehow trac-admin can not deploy the necessary script into you project folder. You have to copy them there yourself. Editors note: Why can’t this be done automatically in the creation of the project

mv /tmp/deploy/* /var/trac/my_project/

This now moves the created scripts in htdocs and cgi-bin folders to your project

Now we need to set the correct ownership (this is not my strong suite so please report any errors) of the project files:

chown -R www-data:www-data /var/trac/my_project

Now it’s time to create a password file for the project since I normally only use Basic Authentication for my Trac projects:

htpasswd -c /var/trac/my_project/.trac.htpasswd niklas

This creates the user niklas inside the password files (you will be promted for a password)

To add more users just drop the -c option like this

htpasswd /var/trac/my_project/.trac.htpasswd another_user

To tighten up the security somewhat we set owner and permission on the password file like this:

chmod 640 /var/trac/my_project/.trac.htpasswd
chown root:www-data /var/trac/my_project/.trac.htpasswd

Now lets add these users to the trac project also. First the admin, niklas

trac-admin /var/trac/my_project permission add niklas TRAC_ADMIN

and then a user with basic privileges (create tickets, read wiki, timeline, milestones and such):

trac-admin /var/trac/my_project permission add anotheruser authenticated

We are now finally done with the project files. Time to move on to the Apache configuration. For this I create a file in the conf.d folder of the Apache installation like this:

vim /etc/apache2/conf.d/my_project

In this file I put the following:

<Directory /var/trac/my_project/cgi-bin/trac.wsgi>
  WSGIApplicationGroup %{GLOBAL}
  Order deny,allow
  Allow from all
</Directory>

<VirtualHost *>
  WSGIScriptAlias /trac/my_project /var/trac/my_project/cgi-bin/trac.wsgi
  <Location '/trac/my_project'>
    AuthType Basic
    AuthName "Trac"
    AuthUserFile /var/trac/my_project/.trac.htpasswd
    Require valid-user
  </Location>
</VirtualHost>

Now its finally time to test the new project. Restart Apache

/etc/init.d/apache2 restart

If all goes well you should now be able to find your new Trac project at http://localhost/trac/my_project. You should also be promted for a login when you arrive there

Tested on Debian Wheezy v7.0 with Apache 2 v2.2.22-13 and Trac v0.12.3