📌 Overview
We are transitioning from a monolithic WildFly-based deployment to a lightweight, modular deployment architecture using Nginx as the reverse proxy and systemd for service management.
This improves maintainability, scalability, and deployment speed while reducing complexity.
✅ Key Changes
| Old Setup (WildFly) | New Setup (Lightweight) |
|---|---|
| WAR files deployed to WildFly | JAR/WAR files run via java -jar and managed via systemd |
| Static content served via WAR files | UI bundles served via Nginx from local folders |
| Domain/SSL managed via WildFly | SSL and routing managed by Nginx |
| All services are tightly coupled in a single deployment | Independently deployed microservices |
| Slow deployment times (~10 mins for 20 WARs) | Fast and parallel deployments via pipelines |
📦 API Services: New Approach
Each microservice will be packaged as an executable JAR/WAR.
Services are started using
systemd.Deployment/restarts handled by CI/CD pipeline (e.g., GitHub Actions or Jenkins).
Example
systemdservice unit:[Unit] Description=User Service After=network.target [Service] User=ubuntu ExecStart=/usr/bin/java -jar /opt/services/user-service.jar SuccessExitStatus=143 Restart=always RestartSec=10 StandardOutput=journal StandardError=journal [Install] WantedBy=multi-user.target
🌐 Nginx: Reverse Proxy + Static UI Hosting
Acts as a reverse proxy to all API services:
location /admin-api/ { proxy_pass http://localhost:8081/; } location /common-api/ { proxy_pass http://localhost:8082/; }Hosts built UI files from the Angular/React apps:
server { listen 80; server_name project.piramalswasthya.org; root /var/www/html; index index.html; location / { try_files $uri $uri/ /index.html; } }SSL termination
🛠️ CI/CD Pipeline: Modified Workflow
Backend Services
Build Spring Boot JARs
Rsync to
/opt/services/service-name.jarRestart via:
sudo systemctl restart service-name
Frontend Apps
Build UI (
ng build --prod)Rsync
dist/*to/var/www/html/
🎯 Benefits of the New Architecture
| Category | Benefit |
|---|---|
| 🧠 Simplicity | No application server; clean Nginx + systemd setup |
| ⚡ Speed | Faster builds, deployment, and startup |
| 🧩 Modularity | Each microservice deploys and logs independently |
| 🪙 Cost-Effective | Lower resource usage without WildFly overhead |
| 🔐 Security | Nginx SSL + better process isolation |
| 📈 Observability | Easier monitoring via systemctl and journalctl |
🔧 Additional Recommendations
Use log rotation or centralized logging with ELK
Secure systemd services with correct user permissions.
Automate deployment fully via CI/CD (e.g., GitHub Actions, GitLab, Jenkins).
📅 Migration Plan
| Task | Deadline |
|---|---|
| Merge all Docker-related PRs | |
| Update CI/CD pipeline for backend | |
| Setup Linux server - Java 17LTS, Redis | |
| Update CI-CD pipeline to deploy and rsync all UI repos | |
| Setup nginx and SSL with domain routing https://amritdemo.piramalswasthya.org/ | |
| Deploy all API microservices | |
| Create systemd units for all microservices | |
| Configure Nginx reverse proxy and SSL | |
| Update CI/CD pipeline for restarts | |
| Documentation for replication of the setup | |
| Ensure ELK stack has all the logs tracked | |
🔧 Server Setup
✅ 1. Initial Server Setup
Update & Upgrade
sudo apt update && sudo apt upgrade -y
Add Jenkins SSH public key for Jenkins to communicate with the server.cat /var/lib/jenkins/.ssh/id_rsa.pub
✅ 2. Install Java (for Spring Boot)
sudo apt install openjdk-17-jdk -y
java -version # confirm it's installed
Spring Boot 2.5+ works best with Java 17.
✅ 3. Create a Directory Structure
sudo mkdir -p /opt/services
sudo mkdir -p /var/www/html
sudo chown -R $USER:$USER /opt/services /var/www/html✅ 4. Install Nginx
sudo apt install nginx -y sudo systemctl enable nginx sudo systemctl start nginx
✅ 5. Configure Nginx for API & UI
sudo nano /etc/nginx/sites-available/your-app
Example Config:
server {
listen 80;
server_name yourdomain.com;
root /var/www/your-ui-app;
index index.html;
location / {
try_files $uri $uri/ /index.html;
}
location /api/user/ {
proxy_pass http://localhost:8081/;
}
location /api/order/ {
proxy_pass http://localhost:8082/;
}
# Add more services as needed
}
Enable Site & Restart
sudo ln -s /etc/nginx/sites-available/your-app /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl restart nginx
✅ 6. Install MySQL
Step 1: Install MySQL Server
sudo apt update
sudo apt install mysql-server -y
Step 2: Secure MySQL Installation
sudo mysql_secure_installation
Set root password
Remove anonymous users
Disallow remote root login (optional)
Remove test database
Reload privilege tables
Step 3: Create a Database and User (Example)
sudo mysql -u root -p
-- Create Databases
CREATE DATABASE db_iemr;
CREATE DATABASE db_identity;
CREATE DATABASE db_1097_identity;
CREATE DATABASE db_reporting;
-- Create User
CREATE USER 'app_user'@'localhost' IDENTIFIED BY 'NewSecureP@ss123!';
-- Grant Privileges
GRANT ALL PRIVILEGES ON db_iemr.* TO 'app_user'@'localhost';
GRANT ALL PRIVILEGES ON db_identity.* TO 'app_user'@'localhost';
GRANT ALL PRIVILEGES ON db_1097_identity.* TO 'app_user'@'localhost';
GRANT ALL PRIVILEGES ON db_reporting.* TO 'app_user'@'localhost';
GRANT SUPER ON *.* TO 'app_user'@'localhost';
-- Apply Changes
FLUSH PRIVILEGES;
EXIT;
sudo nano /etc/mysql/mysql.conf.d/mysqld.cnf
At the bottom (or under [mysqld]), add:
[mysqld]
sql_mode=STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_ENGINE_SUBSTITUTION
lower_case_table_names=1
character-set-server=utf8mb4
collation-server=utf8mb4_unicode_ci
sudo nano /etc/mysql/my.cnf
If these sections aren’t already there, add:
[client]
default-character-set=utf8mb4
[mysql]
default-character-set=utf8mb4
Ref:
✅ 7. Install Redis
sudo apt-get install lsb-release curl gpg
curl -fsSL https://packages.redis.io/gpg | sudo gpg --dearmor -o /usr/share/keyrings/redis-archive-keyring.gpg
sudo chmod 644 /usr/share/keyrings/redis-archive-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/redis.list
sudo apt-get update
sudo apt-get install redis
Ref: https://redis.io/docs/latest/operate/oss_and_stack/install/archive/install-redis/install-redis-on-linux/
sudo systemctl enable redis-server
sudo systemctl start redis-server✅ 8. Setup MySQL tables
Install maven
sudo apt install maven
git clone https://github.com/PSMRI/AMRIT-DB.git
cd AMRIT-DB
mvn clean install -DENV_VAR=local
mvn spring-boot:run -DENV_VAR=local
Restore DB.
✅ 9. Deploy Spring Boot Services
Allow sudo
sudo visudo
Add this line at the end of the file:
dev_user ALL=NOPASSWD: /bin/systemctl
Example: User Service
cp user-service.jar /opt/services/
Create systemd service file
sudo nano /etc/systemd/system/user-service.service
[Unit]
Description=User Service
After=network.target
[Service]
User=ubuntu
ExecStart=/usr/bin/java -jar /opt/services/user-service.jar
SuccessExitStatus=143
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
sudo systemctl daemon-reload
sudo systemctl start user-service
sudo systemctl enable user-service
Repeat for other services.
✅ 10.Setting up ELK
Add Elastic repo:
curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elastic-keyring.gpg
echo "deb [signed-by=/usr/share/keyrings/elastic-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list
sudo apt update
wget https://search.maven.org/remotecontent?filepath=co/elastic/apm/elastic-apm-agent/1.48.0/elastic-apm-agent-1.48.0.jar -O elastic-apm-agent.jar
sudo mv elastic-apm-agent.jar /opt/amrit/services/
This assumes that the APM server is already running on http://192.168.45.179:8200
Use Filebeat to Ship Logs from systemd Services
sudo apt update
sudo apt install filebeat
Edit the config file:
sudo nano /etc/filebeat/filebeat.yml
Edit it as per ELK configuration.
Step 3: Enable and Start Filebeat
📊 Verify in Kibana
Go to Kibana → Stack Management → Index Patterns
Add
springboot-logs-*Start visualizing logs from your services
✅ 11. Setting up OpenKM
Step 1: Install Docker on Ubuntu
🔹 1. Update your system:
sudo apt update
sudo apt install -y apt-transport-https ca-certificates curl software-properties-common
🔹 2. Add Docker’s official GPG key:
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
🔹 3. Add the Docker repo:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] \
https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
🔹 4. Install Docker:
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io
🔹 5. Add your user to the docker group (optional):
sudo usermod -aG docker $USER
# Log out and back in for this to take effect
✅ Step 2: Run OpenKM via Docker
🔹 1. Pull the Docker image:
docker pull openkm/openkm-ce
🔹 2. Run OpenKM container:
docker run -d \
--name openkm \
-p 8080:8080 \
-v openkm_data:/opt/openkm/repository \
-v openkm_index:/opt/openkm/index \
openkm/openkm-ce
This will:
Run OpenKM CE
Expose it on port
8080Persist data and indexes to Docker volumes
✅ Step 3: Access OpenKM
Open your browser and go to:
http://localhost:8080/OpenKM
Default login:
okmAdminDefault password:
admin