View Source

📌 Overview

We are transitioning from a monolithic WildFly-based deployment to a lightweight, modular deployment architecture using Nginx as the reverse proxy and systemd for service management.
This improves maintainability, scalability, and deployment speed while reducing complexity.

✅ Key Changes

Old Setup (WildFly)	New Setup (Lightweight)
WAR files deployed to WildFly	JAR/WAR files run via `java -jar` and managed via `systemd`
Static content served via WAR files	UI bundles served via Nginx from local folders
Domain/SSL managed via WildFly	SSL and routing managed by Nginx
All services are tightly coupled in a single deployment	Independently deployed microservices
Slow deployment times (~10 mins for 20 WARs)	Fast and parallel deployments via pipelines

📦 API Services: New Approach

Each microservice will be packaged as an executable JAR/WAR.
Services are started using systemd.
Deployment/restarts handled by CI/CD pipeline (e.g., GitHub Actions or Jenkins).

Example systemd service unit:

[Unit]
Description=User Service
After=network.target

[Service]
User=ubuntu
ExecStart=/usr/bin/java -jar /opt/services/user-service.jar
SuccessExitStatus=143
Restart=always
RestartSec=10
StandardOutput=journal
StandardError=journal

[Install]
WantedBy=multi-user.target

🌐 Nginx: Reverse Proxy + Static UI Hosting

Acts as a reverse proxy to all API services:

location /admin-api/ {
    proxy_pass http://localhost:8081/;
}
location /common-api/ {
    proxy_pass http://localhost:8082/;
}

Hosts built UI files from the Angular/React apps:

server {
    listen 80;
    server_name project.piramalswasthya.org;

    root /var/www/html;
    index index.html;

    location / {
        try_files $uri $uri/ /index.html;
    }
}

SSL termination

🛠️ CI/CD Pipeline: Modified Workflow

Backend Services

Build Spring Boot JARs
Rsync to /opt/services/service-name.jar
Restart via:
```
sudo systemctl restart service-name
```

Frontend Apps

Build UI (ng build --prod)
Rsync dist/* to /var/www/html/

🎯 Benefits of the New Architecture

Category	Benefit
🧠 Simplicity	No application server; clean Nginx + systemd setup
⚡ Speed	Faster builds, deployment, and startup
🧩 Modularity	Each microservice deploys and logs independently
🪙 Cost-Effective	Lower resource usage without WildFly overhead
🔐 Security	Nginx SSL + better process isolation
📈 Observability	Easier monitoring via `systemctl` and `journalctl`

🔧 Additional Recommendations

Use log rotation or centralized logging with ELK
Secure systemd services with correct user permissions.
Automate deployment fully via CI/CD (e.g., GitHub Actions, GitLab, Jenkins).

📅 Migration Plan

Task	Deadline
Merge all Docker-related PRs
Update CI/CD pipeline for backend
Setup Linux server - Java 17LTS, Redis
Update CI-CD pipeline to deploy and rsync all UI repos
Setup nginx and SSL with domain routing https://amritdemo.piramalswasthya.org/
Deploy all API microservices
Create systemd units for all microservices
Configure Nginx reverse proxy and SSL
Update CI/CD pipeline for restarts
Documentation for replication of the setup
Ensure ELK stack has all the logs tracked

🔧 Server Setup

✅ 1. Initial Server Setup

Update & Upgrade

sudo apt update && sudo apt upgrade -y

Add Jenkins SSH public key for Jenkins to communicate with the server.

cat /var/lib/jenkins/.ssh/id_rsa.pub

✅ 2. Install Java (for Spring Boot)

sudo apt install openjdk-17-jdk -y
java -version  # confirm it's installed

Spring Boot 2.5+ works best with Java 17.

✅ 3. Create a Directory Structure

sudo mkdir -p /opt/services
sudo mkdir -p /var/www/html
sudo chown -R $USER:$USER /opt/services /var/www/html

✅ 4. Install Nginx

sudo apt install nginx -y
sudo systemctl enable nginx
sudo systemctl start nginx

✅ 5. Configure Nginx for API & UI

sudo nano /etc/nginx/sites-available/your-app

Example Config:

server {
    listen 80;
    server_name yourdomain.com;

    root /var/www/your-ui-app;
    index index.html;

    location / {
        try_files $uri $uri/ /index.html;
    }

    location /api/user/ {
        proxy_pass http://localhost:8081/;
    }

    location /api/order/ {
        proxy_pass http://localhost:8082/;
    }

    # Add more services as needed
}

Enable Site & Restart

sudo ln -s /etc/nginx/sites-available/your-app /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx

✅ 6. Install MySQL

Step 1: Install MySQL Server

sudo apt update
sudo apt install mysql-server -y

Step 2: Secure MySQL Installation

sudo mysql_secure_installation

Set root password
Remove anonymous users
Disallow remote root login (optional)
Remove test database
Reload privilege tables

Step 3: Create a Database and User (Example)

sudo mysql -u root -p

-- Create Databases
CREATE DATABASE db_iemr;
CREATE DATABASE db_identity;
CREATE DATABASE db_1097_identity;
CREATE DATABASE db_reporting;

-- Create User
CREATE USER 'app_user'@'localhost' IDENTIFIED BY 'NewSecureP@ss123!';

-- Grant Privileges
GRANT ALL PRIVILEGES ON db_iemr.* TO 'app_user'@'localhost';
GRANT ALL PRIVILEGES ON db_identity.* TO 'app_user'@'localhost';
GRANT ALL PRIVILEGES ON db_1097_identity.* TO 'app_user'@'localhost';
GRANT ALL PRIVILEGES ON db_reporting.* TO 'app_user'@'localhost';
GRANT SUPER ON *.* TO 'app_user'@'localhost';

-- Apply Changes
FLUSH PRIVILEGES;
EXIT;

sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf

At the bottom (or under [mysqld]), add:

[mysqld]

sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION

lower_case_table_names=1

character-set-server=utf8mb4

collation-server=utf8mb4_unicode_ci

sudo nano /etc/mysql/my.cnf

If these sections aren’t already there, add:

[client]
default-character-set=utf8mb4

[mysql]
default-character-set=utf8mb4

Ref:

https://askubuntu.com/questions/1261422/how-to-install-mysql-8-0-with-lower-case-table-names-1-on-ubuntu-server-20-04-lt

✅ 7. Install Redis

sudo apt-get install lsb-release curl gpg
curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
sudo chmod 644 /usr/share/keyrings/redis-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list
sudo apt-get update
sudo apt-get install redis

Ref: https://redis.io/docs/latest/operate/oss_and_stack/install/archive/install-redis/install-redis-on-linux/


sudo systemctl enable redis-server
sudo systemctl start redis-server

✅ 8. Setup MySQL tables

Install maven

sudo apt install maven

git clone https://github.com/PSMRI/AMRIT-DB.git
cd AMRIT-DB

mvn clean install -DENV_VAR=local

mvn spring-boot:run -DENV_VAR=local

Restore DB.

✅ 9. Deploy Spring Boot Services

Allow sudo

sudo visudo

Add this line at the end of the file:

dev_user ALL=NOPASSWD: /bin/systemctl

Example: User Service

cp user-service.jar /opt/services/

Create systemd service file

sudo nano /etc/systemd/system/user-service.service

[Unit]
Description=User Service
After=network.target

[Service]
User=ubuntu
ExecStart=/usr/bin/java -jar /opt/services/user-service.jar
SuccessExitStatus=143
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target

sudo systemctl daemon-reload
sudo systemctl start user-service
sudo systemctl enable user-service

Repeat for other services.

✅ 10.Setting up ELK

Add Elastic repo:

curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elastic-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
sudo apt update

wget https://search.maven.org/remotecontent?filepath=co/elastic/apm/elastic-apm-agent/1.48.0/elastic-apm-agent-1.48.0.jar -O elastic-apm-agent.jar
sudo mv elastic-apm-agent.jar /opt/amrit/services/

This assumes that the APM server is already running on http://192.168.45.179:8200

Use Filebeat to Ship Logs from systemd Services

sudo apt update
sudo apt install filebeat

Edit the config file:

sudo nano /etc/filebeat/filebeat.yml

Edit it as per ELK configuration.

Step 3: Enable and Start Filebeat

📊 Verify in Kibana

Go to Kibana → Stack Management → Index Patterns
Add springboot-logs-*
Start visualizing logs from your services

✅ 11. Setting up OpenKM

Step 1: Install Docker on Ubuntu

🔹 1. Update your system:

sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common

🔹 2. Add Docker’s official GPG key:

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg

🔹 3. Add the Docker repo:

echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
  https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null

🔹 4. Install Docker:

sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io

🔹 5. Add your user to the `docker` group (optional):

sudo usermod -aG docker $USER
# Log out and back in for this to take effect

✅ Step 2: Run OpenKM via Docker

🔹 1. Pull the Docker image:

docker pull openkm/openkm-ce

🔹 2. Run OpenKM container:

docker run -d \
  --name openkm \
  -p 8080:8080 \
  -v openkm_data:/opt/openkm/repository \
  -v openkm_index:/opt/openkm/index \
  openkm/openkm-ce

This will:
Run OpenKM CE
Expose it on port 8080
Persist data and indexes to Docker volumes

✅ Step 3: Access OpenKM

Open your browser and go to:

http://localhost:8080/OpenKM

Default login: okmAdmin
Default password: admin