-
Notifications
You must be signed in to change notification settings - Fork 53
Acrarium on small servers
It may be that you want to run Acrarium, while keeping hosting costs to a minimum. Several providers offer small cloud instances which can work but they share a few things in common - low RAM (1GB, typically), and no nested virtualization (so Docker is not possible).
You should follow the guide for standalone installation first.
In a typical case you may want to start with an Ubuntu 22 base image then you configure the server components
I chose MySQL and will demonstrate how to configure it. Others should be similar
- Install mysql with
sudo apt install mysql-server
- Configure a user according to Configure existing database documentation
- Configure your
~/.config/acrarium/application.properties
to use the correct dialect (search for "Hibernate dialect>" if you use something different than MySQL) and user/pass
Example application.properties
for MySQL:
# spring.datasource.url=jdbc:mysql://<sql host>:<sql port>/<database name>?useSSL=false, e.g.
spring.datasource.url=jdbc:mysql://localhost:3306/acrarium?useSSL=false&allowPublicKeyRetrieval=true&useLegacyDatetimeCode=false&serverTimezone=UTC
# spring.datasource.username=<sql user name>, e.g.
spring.datasource.username=<USERNAME FROM DATABASE CONFIG STEP>
# spring.datasource.password=<sql user password>, e.g.
spring.datasource.password=<PASSWORD FROM DATABASE CONFIG STEP>
# spring.jpa.database-platform=<sql dialect>, available dialects https://docs.jboss.org/hibernate/orm/5.2/javadocs/org/hibernate/dialect/package-summary.html, e.g.
spring.jpa.database-platform=org.hibernate.dialect.MySQL8Dialect
You must have a JDK, I chose adoptium's temurin JDK. You should install a repository entry for them, then you may install the JDK
echo "deb https://packages.adoptium.net/artifactory/deb $(awk -F= '/^VERSION_CODENAME/{print$2}' /etc/os-release) main" | sudo tee /etc/apt/sources.list.d/adoptium.list
sudo apt update
sudo apt install temurin-11-jdk
In order to fit on to a 1GB RAM machine you must constrain the RAM used by both MySQL and the JDK.
The biggest trick for MySQL is to disable the performance schema
Edit /etc/mysql/mysql.conf.d/mysql/mysql.cnf
by adding this at the bottom
performance_schema = off
Then issue service mysqld restart
to immediately shrink RAM consumption.
You will want Acrarium to start any time the server restarts, so you should create a service definition for it. On a systemd system (such as is used by Ubuntu 22) the file /etc/systemd/system/acrarium.service
will defined the service and should create this:
[Unit]
Description=Acrarium server
Wants=network.target
After=local-fs.target network.target
[Service]
User=<YOUR ACRARIUM USER>
Group=<YOUR ACRARIUM GROUP>
WorkingDirectory=~
ExecStart=/usr/bin/java -Xshare:off -XX:+UseSerialGC -XX:-TieredCompilation -Xint -Xmx250m -verbose:gc -jar acrarium/acrarium-1.7.0.jar
[Install]
WantedBy=multi-user.target
The maximum heap for the JDK is constrained in this instance to 250m, and the other tuning parameters constrain other parts of JDK memory use such that it will still fit in 1GB of RAM side-by-side with the MySQL server.
Now you may use standard systemd settings (in this example), such as systemctl enable acrarium
and systemctl start acrarium
. When you reboot test your new server, acrarium should be started (after approximately 250 seconds anyway - startup is slow with this tuning, on these machines)
In my install base of clients from an Acralyzer instance, we were using PUT instead of POST, and that caused many authentication problems with Acrarium as I switched from Acralyzer to Acrarium on the server side. Acrarium only supports POST and it will only authorize use of /report
as a URL, there must be nothing after it.
This is all possible to manage with an nginx proxy_pass and appropriate rewrite / proxy_method configuration rules, but the important part for an Acrarium admin is knowing how to turn on logging so you may diagnose the problem.
The easiest way is to add a --trace
flag to the end of the java startup line, like so:
ExecStart=/usr/bin/java -Xshare:off -XX:+UseSerialGC -XX:-TieredCompilation -Xint -Xmx250m -verbose:gc -jar acrarium/acrarium-1.7.0.jar --trace
The logging will of course be quite verbose, but you will be able to see security rules matching URLs and failure reasons (if any).