For some reason, I’ve been entrusted to manage some linux servers running software.
I’m not a Linux administrator, and have never really had the desire to be one. In a previous life, I supported 2000 Macs at a big printing company, where I wrote a bunch of BASH to automate my tasks. I’m thankful for that BASH as I dive into the Linux server world (of course with the caveat that the binary app functions differ because of the variance between BSD and GNU command line applications).
Minecraft
Recently, I set up a Minecraft server on a SSDNodes VPS. Check out SSDNodes if you want a crazy amount of RAM and storage for a tiny amount of money.
I wanted that server to run on the server itself, and not in a container, because I’m not the most comfortable when I’m in a docker container (though they are compelling).
To automate my tasks on that server, I created a service, and stood on the shoulders of the developers over at https://papermc.io/
This all literally couldn’t have been easier.
[Unit] Description=Minecraft Server After=network.target [Service] User=privved Nice=1 KillMode=none SuccessExitStatus=0 1 ProtectHome=true ProtectSystem=full PrivateDevices=true NoNewPrivileges=true WorkingDirectory=/opt/minecraft ExecStart=java -Xms10G -Xmx10G -jar /usr/local/minecraft/paper-1.20.1-18.jar --nogui [Install] WantedBy=multi-user.target
Certs and Services
More recently (aka Today), I took a whack back at the RStudioConnect (AKA Posit Connect) Server I administer for my place of work. This Linux server is running up in AWS (EC2).
I auto-renew certificates with certbot, for convenience. But I think it’ll only auto-renew certs for apache or nginx webservers. This presented a small challenge, because rstudio-connect doesn’t use the system’s apache server for its web app.
Here’s the way I mitigated the issue, and still have certbot auto-renew certs for me.
- Installed and configured certbot to install certs properly. Configured rstudio connect to look for the cert/key in the place where I told certbot to place the certs.
- Wrote a script to auto-renew the cert with certbot. This runs once a week on Sunday mornings to ensure we always will have a valid cert.
- Fun fact, when run in cron, I needed to type in explicit path to “service”. I was super surprised by this. Found in syslog that “service” was an unknown command.
#!/bin/bash # omitted comment header, that no one needs to see /usr/sbin/service rstudio-connect stop /usr/sbin/service apache2 start sleep 10 certbot renew --force-renewal /usr/sbin/service apache2 stop sleep 10 /usr/sbin/service rstudio-connect start
- Wrote a script that watches to see if apache is running. It kills apache if running, and restarts rstudio-connect. It also checks to make sure rstudio-connect is running afterward. (I should probably have it send me an email if it hasn’t been able to start the service properly. Maybe in my next iteration.)
#!/bin/bash # omitted comment header, that no one needs to see snclogdir=/var/log/snc logFile=/var/log/snc/conflict.log if [[ ! -d $snclogdir ]]; then mkdir $snclogdir fi ## check apache status apache_act=$(/usr/sbin/service apache2 status | grep "Active" | awk '{print $2}' ) if [[ "$apache_act" == "active" ]]; then touch $logFile echo "$(date)" >> $logFile echo "apache2 running. Going to kill apache2 and start rstudio-connect." >> $logFile /usr/sbin/service apache2 stop sleep 10 /usr/sbin/service rstudio-connect restart sleep 10 fi ## ensure rstudio-connect service is running rstudio_act=$(/usr/sbin/service rstudio-connect status | grep "Active" | awk '{print $2}' ) if [[ "$rstudio_act" != "active" ]]; then touch $logFile echo "$(date)" >> $logFile echo "rstudio-connect service not running. Attempting to restart, now" >> $logFile /usr/sbin/service rstudio-connect start fi
We’ll see if everything is still happy in a few weeks. I think this will all work much better now.