The following information was supplied by a user and reviewed by our security expert on the PT team. This is for linux VPS deployment. It includes some notes and systemd service files to integrate. This also includes a section for security settings when configuring your VPS.

These are just notes, and are not complete, You should not rely on these to ensure your security or proper setup.

Use at your own risk.


##################################################################
# Notes to set up Linux VPS, these are from a Fedora 27 server
# but should be applicable to most systemd distributions
##################################################################

###############################################
# SET UP VPS, AS USER ROOT
###############################################

#################################a
# Set up user/pass/sudo/system requirements
#################################
dnf -y update; reboot
useradd profit; echo "PICKAPASSWORD" | passwd profit --stdin
usermod -a -G wheel profit
dnf -y install java nano policycoreutils-python-utils

#################################
# Disable root login w/ ssh
#################################
sed -i 's/PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config
systemctl restart sshd.service

#################################
# If running VPS on public cloud, change SSH listening ports from default 22
# in this example we use port 22222, however this can be changed to any open port
#################################
sed -i 's/#Port 22/Port 22222/g' /etc/ssh/sshd_config
semanage port -a -t ssh_port_t -p tcp 22222
systemctl restart sshd.service
firewall-cmd --add-port=22222/tcp --permanent
firewall-cmd --reload

#################################
# If running VPS local, NOT in cloud, open firewall ports so you don't need to port forward webui over ssh. Uncomment and adjust port numbers only if those ports are blocked initially
#################################
# firewall-cmd --add-port=8081/tcp --permanent
# firewall-cmd --reload

# Only run if setting up second instance
# firewall-cmd --add-port=8082/tcp --permanent
# firewall-cmd --reload
#################################

#################################
# Set up PT destination directory/perms
# If running second instance, make sure you change the port in /opt/ProfitTrailer1 in application.properties
# in this example we set up the second instance to use port 8082
#################################
mkdir -p /opt/ProfitTrailer;chown -R profit:profit /opt/ProfitTrailer

# Only run if setting up second instance
mkdir -p /opt/ProfitTrailer1;chown -R profit:profit /opt/ProfitTrailer1

#################################
# Create systemd service file in /etc/systemd/system
#################################
cat >> /etc/systemd/system/profit.service << EOF 
[Unit]
Description=profit
After=network-online.target

[Service]
Type=simple
WorkingDirectory=/opt/ProfitTrailer
ExecStart=/usr/bin/java -jar /opt/ProfitTrailer/ProfitTrailer.jar -XX:+UseConcMarkSweepGC -Xmx256m -Xms256m
TimeoutSec=300

[Install]
WantedBy=multi-user.target
EOF


# Only run if setting up second instance
cat >> /etc/systemd/system/profit1.service << EOF
[Unit]
Description=profit1
After=network-online.target

[Service]
Type=simple
WorkingDirectory=/opt/ProfitTrailer1
ExecStart=/usr/bin/java -jar /opt/ProfitTrailer1/ProfitTrailer.jar -XX:+UseConcMarkSweepGC -Xmx256m -Xms256m
TimeoutSec=300

[Install]
WantedBy=multi-user.target
EOF


#################################
# Set up systemd service to run as profit user
#################################
mkdir -p /etc/systemd/system/profit.service.d
cat >> /etc/systemd/system/profit.service.d/profit.conf << EOF
[Service]
User=profit
Group=profit
EOF

# Only run if setting up second instance
mkdir -p /etc/systemd/system/profit1.service.d
cat >> /etc/systemd/system/profit1.service.d/profit1.conf << EOF
[Service]
User=profit
Group=profit
EOF

#################################
# Reload systemd to reflect changes / persist service
#################################
systemctl daemon-reload; systemctl enable profit.service

# Only run if setting up second instance
systemctl daemon-reload; systemctl enable profit1.service


###############################################
# SET UP PROFIT TRAILER, AS USER “PROFIT”
###############################################

#################################
# Unzip profit trailer to destination directory
# Grab the latest version from https://github.com/taniman/profit-trailer/releases and unzip to /opt/ProfitTrailer
cd ~profit;wget https://github.com/taniman/profit-trailer/releases/download/v1.2.6.11/ProfitTrailer.zip
unzip ProfitTrailer.zip -d /opt
#################################


#################################
# Service manipulation / log files
#################################
sudo systemctl status profit.service
sudo systemctl start profit.service
sudo systemctl stop profit.service

tail -f /opt/ProfitTrailer/logs/*






#################################
# ssh to host to set up port forwarding; 
# browse to http://localhost:8081/monitoring
# or http://localhost:8082/monitoring
#################################
# Connect to VPS
ssh -L 8081:localhost:8081 -L 8082:localhost:8082 profit@VPSIPADDRESS -p 22222

#################################
# Mount from OSX, will show up on desktop, install
# https://osxfuse.github.io/
#################################
# Connect to VPS
mkdir -p /Volumes/PT/; sshfs -p 22222 profit@VPSIPADDRESS:/opt/ProfitTrailer /Volumes/PT/ -o noapplexattr



#################################
# Backup Profit Trailer settings from VPS
# rsync -n is a preview, remove -n to run
#################################
# If Local VPS
rsync -n -av --delete profit@VPSIPADDRESS:/opt/ProfitTrailer/ /DESTINATIONDIR/Profit_Trailer/VPS_ProfitTrailer_backup


# If Cloud VPS and ssh runs on a different port
rsync -n -av -e "ssh -p 22222" --delete profit@VPSIPADDRESS:/opt/ProfitTrailer/ /DESTINATIONDIR/Profit_Trailer/cloudVPS_ProfitTrailer_backup
  • pt/vps_setup_commands_to_use.txt
  • Last modified: 10 months ago
  • by t1m3c