Thursday, 25 November 2021

Replacing many if statements

I recently was asked by a colleague how to get rid of a staggering amount of if statements.

They all seem to have remarkable similarities, as is obvious from the code below.

So I initially thought about changing it to:

Of course it is also possible to create a static Map, that contains Functions. That way, the ValidationMessage instances are only created once. It depends on your needs, really.

In the end, I don't know if the improvement is really that huge.

It's closer together at least, but I feel it could be improved.

Thursday, 18 November 2021

Running Mariadb on the Raspberry Pi

This is going to be a small blurb, on what I did to get this working.

Nothing out of the ordinary, really.

$ apt-get install mariadb-server
$ cd /etc/mysql/mariadb.conf.d
$ joe 50-server.cnf
# started vi and replaced 127.0.0.1 with 0.0.0.0
$ service mysql restart

And of course allow the user accounts to access mariadb remotely over the network.

Attention! I'm only doing this locally on a testing server! It's not a great idea to run mariadb connections remotely if you do not have to.

GRANT ALL PRIVILEGES ON *.* TO 'root'@'192.168.100.%' IDENTIFIED BY 'my-new-password' WITH GRANT OPTION;

Thursday, 11 November 2021

LetsEncrypt with Webroot

All righty then, time to get working with LetsEncrypt. Again.

So there are several different ways to have LetsEncrypt verify that the domain you wish to have a certificate for is actually yours.

I usually use the webroot version.

But in the past, I found it irksome that I had to let certbot spin up a http server to verify my domain.

What was easier was to have my application server have a part on the filesystem mapped to the Webpages1.

Then certbot could simply use that webroot directory. Which is option 2.

So let's try that.

~]# certbot certonly
Saving debug log to /var/log/letsencrypt/letsencrypt.log

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Spin up a temporary webserver (standalone)
2: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Plugins selected: Authenticator webroot, Installer None
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Please enter in your domain name(s) (comma and/or space separated) (Enter 'c'
to cancel): www.mrbear.org
Cert is due for renewal, auto-renewing...
Renewing an existing certificate for www.mrbear.org
Performing the following challenges:
http-01 challenge for www.mrbear.org
Input the webroot for www.mrbear.org: (Enter 'c' to cancel): /home/jelastic/media
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/www.mrbear.org/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/www.mrbear.org/privkey.pem
Your certificate will expire on 2021-11-10. To obtain a new or
tweaked version of this certificate in the future, simply run
certbot again. To non-interactively renew *all* of your
certificates, run "certbot renew"
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

It will put stuff in /home/jelastic/media/.well-known. Usually in the acme-challenge directory. It'll put some random file in there, for example 366_oWEFaizWeQqOts4KhuTBQcCsFH5dBgG7-jNX32k with a similar string inside, but usually a lot longer.

This file is accessed by the LetsEncrypt server, and if that works, the domain is yours and you get your certificate.

"certbot renew" is preferably easier, as it takes into account the previous configuration settings. Nice for cron jobs.

Also, I found this great script for importing the ssl certificates on the Forums of LetsEncrypt2 for my Java Application Server!

My Payara MicroProfile server uses the following commandline to access the new certificates:

java -server -XX:+UnlockExperimentalVMOptions -javaagent:/java_agent/jelastic-gc-agent.jar=period=300,debug=0 -XX:+UseStringDeduplication -XX:+UseG1GC -Xmaxf0.3 \
-Xminf0.1 -Xmx2048M -Xms32M \
-Djavax.net.ssl.trustStore="/home/jelastic/cacerts.jks" \
-Djavax.net.ssl.keyStore="/home/jelastic/keystore.jks" \
-Djavax.net.ssl.trustStorePassword="changeit" \
-Djavax.net.ssl.keyStorePassword="changeit" \
-jar ./payara-micro-5.2021.1.jar --postbootcommandfile ./postboot --addlibs ../libs/mariadb-java-client-2.5.2.jar --port 8080 --sslport 8743 \
--deploy ../release/mrbear.war \
--deploy ../release/mrbearportal-2.0.9.war \

Please pay special attention to the four "javax.net.ssl.*" properties that take care of the SSL properties.

And that's it!

References

[1] MyBlog - Alternate docroots
http://randomthoughtsonjavaprogramming.blogspot.com/search/label/alternate%20docroot
[2] LetsEncrypt Community Forum - Importing LetsEncrypt into Java and Glassfish
https://community.letsencrypt.org/t/importing-letsencrypt-into-java-and-glassfish/9711/11
Java Keytool Essentials: Working with Java Keystores - Mitchell Anicas
https://www.digitalocean.com/community/tutorials/java-keytool-essentials-working-with-java-keystores

Wednesday, 3 November 2021

JFall 2021

After all the stuff with Corona and everything, there's finally going to be a genuine JFall in Ede (again) at the Pathe on Thursday, the fourth of November.

It's the first conference where I can go to "in the flesh" so to speak.

The previous one was a virtual conference, which was fun, but I do look forward to having social interaction face-to-face.

References

NLJUG - JFall 2021
http://jfall.nl/