Jump to content

Step by Step Tutorial for installing Eset Remote Administrator & Mobile device connector on a VPS (OpenVZ) with Ubuntu 16.04 64bit with letsencrypt

Recommended Posts


Some information has been copied from other forums

I have not tested that renewal of letsencrypt certificate using the bash file is accepted by era and mdc

Suggested configuration for solely running ESET ERA and MDC is 4 cores and 2 GB ram, anything lower runs abysmally slow.

I am currently using this configuration on woothosting (cheapest that I could find)

All commands are assuming clean vps instance as root user with no other applications to be running or to be run in future.

Some components installed may be of no use. I don't know enought to remove them.

Please substitute domain names and passwords with your own.

Please feel to post corrections or better methods of doing what I have already done.

Text in code boxes is to be added/edited in the file opened.

Text in Red are comments to be read carefully



sudo apt-get update && apt-get upgrade && apt-get install software-properties-common python-software-properties unixodbc xvfb cifs-utils libqtwebkit4 krb5-user winbind ldap-utils libsasl2-modules-gssapi-mit snmp samba mysql-server nano aptitude default-jdk tomcat7  tomcat7-docs tomcat7-admin
To Let Tomcat be the ONLY app on the server and use port 80 and 443
apt-get remove apache2  ((or any other web server like nginx))
nano /etc/default/tomcat7
sudo touch /etc/authbind/byport/80
sudo chmod 500 /etc/authbind/byport/80
sudo chown tomcat7 /etc/authbind/byport/80
sudo touch /etc/authbind/byport/443
sudo chmod 500 /etc/authbind/byport/443
sudo chown tomcat7 /etc/authbind/byport/443
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot
sudo service apache2 stop
sudo certbot certonly --text --agree-tos --email email@gmail.com --standalone --expand --renew-by-default --manual-public-ip-logging-ok --preferred-challenges http-01 -d domain.com
sudo service apache2 start
sudo mkdir /etc/tomcatcertificate
cd /etc/tomcatcertificate
((Bash script for automatic renewal of https certificate from letsencrypt -- untested))
nano letsencrypt.sh
cd /etc/tomcatcertificate
echo " -- Cleaning -- "
sudo rm request.csr
sudo rm *.pem
echo " -- Stop Services -- "
sudo iptables-save > /etc/iptables.backup
sudo iptables -F -t nat
sudo service tomcat7 stop
sudo service apache2 stop
echo " -- Delete Keystore -- "
sudo rm /usr/share/tomcat7/.keystore
echo " -- Recreate Keystore -- "
sudo keytool -genkey -noprompt -alias tomcat -dname "CN="domain.com", OU="", O="", L="", S="", C=""" -keystore /usr/share/tomcat7/.keystore -storepass "password" -KeySize 2048 -keypass "password" -keyalg RSA
sudo keytool -list -keystore /usr/share/tomcat7/.keystore -v -storepass "password" > key.check
echo " -- Build CSR -- "
sudo keytool -certreq -alias tomcat -file request.csr -keystore /usr/share/tomcat7/.keystore -storepass "password"
echo " -- Request Certificate -- "
sudo certbot certonly --csr ./request.csr --text --agree-tos --email name@gmail.com --standalone --expand --renew-by-default --manual-public-ip-logging-ok --preferred-challenges http-01 -d domain.com
certbot certonly --standalone -d domain.com -n
echo " -- import Certificate -- "
sudo keytool -import -trustcacerts -alias tomcat -file 0001_chain.pem -keystore /usr/share/tomcat7/.keystore -storepass "password"
sudo openssl pkcs12 -inkey /etc/letsencrypt/live/domain.com/privkey.pem -in /etc/letsencrypt/live/domain.com/fullchain.pem -export -out /etc/letsencrypt/live/domain.com/certificate.pfx -password pass:password
echo " -- Restart services -- "
sudo service tomcat7 start
sudo service apache2 start
sudo iptables-restore < /etc/iptables.backup
sudo rm /etc/iptables.backup
echo " -- Cleaning -- "
sudo rm request.csr
sudo rm *.pem
echo " -- Script Finish -- "
sudo chmod +x letsencrypt.sh
((as "root" run :))
crontab -e
0 2 */15 * * /etc/tomcatcertificate/letsencrypt.sh
sudo /etc/tomcatcertificate/letsencrypt.sh
sudo nano /etc/tomcat7/server.xml
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
  maxThreads="150" scheme="https" secure="true"
  clientAuth="false" sslProtocol="TLS" KeystoreFile="/usr/share/tomcat7/.keystore" KeystorePass="password" />
change port 8080 to 80 at <Connector port="80" protocol="HTTP/1.1"
change port 8443 to 443 at redirectPort="8443" />
Change port 8443 to 443 at <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
if required -- if server to be dedicated entirely to era and you don't want to deal with port nos. in URL))
Add Admin user to tomcat GUI (optional)
nano /etc/tomcat7/tomcat-users.xml
user username="admin" password="password" roles="manager-gui,admin-gui"/>
sudo service tomcat7 restart
cd /opt
tar xvzf mysql-connector-odbc-5.3.9-linux-ubuntu16.04-x86-64bit.tar.gz
cd mysql-connector-odbc-5.3.9-linux-ubuntu16.04-x86-64bit/lib
cp * /usr/lib/x86_64-linux-gnu/odbc/
nano /etc/odbcinst.ini
Description = ODBC for MySQL
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmyodbc5a.so
Setup = /usr/lib/x86_64-linux-gnu/odbc/libodbcmyS.so
FileUsage = 1
sudo odbcinst -i -d -f /etc/odbcinst.ini
Configuration of MySQL
sudo nano /etc/mysql/my.cnf
((if the file is not present, try /etc/my.cnf))
((Find the following configuration in the [mysqld] section of the my.cnf file and modify the values. (If the parameters are not present in the file, add them to the [mysqld] section ) after the last existing lines in the file:))
((Save and close the file and enter the following command to restart the MySQL server and apply the configuration (in some cases, the service name is mysqld):))
sudo service mysql restart
((Run the following command to set up MySQL including privileges and password (this is optional and may not work for some Linux distributions):))
((Enter the following command to check whether the MySQL server is running:))
sudo netstat -tap | grep mysql
((If the MySQL server is running, the following line will be displayed. Note that the process identifier - PID (7668 in the example below) will be different:
tcp 0 0 localhost:mysql *:* LISTEN 7668/mysqld))
Install ESET
cd /opt
chmod +x *.sh
sudo cp era.war /var/lib/tomcat7/webapps/
service tomcat7 restart
sudo ./server-linux-x86_64.sh \
--skip-license \
--db-driver=MySQL \
--db-hostname= \
--db-port=3306 \
--db-admin-username=root \
--db-admin-password=password \
--server-root-password=password \
--db-user-username=root \
--db-user-password=password \

((wait 2 minutes to let the server start, repeat commands if cannot connect to db or other errors after 2 mins break or reboot the vps and check whether era server is running by entering : service era* status )) 

sudo ./agent-linux-x86_64.sh \
--skip-license \
--webconsole-port=2223 \
--webconsole-user=Administrator \
--webconsole-password=password \
--hostname=domain.com \
sudo ./mdmcore-linux-x86_64.sh \
--https-cert-path="/etc/letsencrypt/live/domain.com/certificate.pfx" \
--https-cert-password="password" \
--port=2222 \
--db-type="MySQL" \
--db-driver="MySQL" \
--db-admin-username="root" \
--db-admin-password=password \
--db-user-username="root" \
--db-user-password=password \
--db-hostname="" \
--webconsole-password=password \
--hostname=domain.com \
To Make ERA the default app in Tomcat so that directly typing the domain will launch ERA and you will not have to enter /era at the end of the domain to access era
cd /var/lib/tomcat7/webapps/
rm -r ROOT
rm -r era
mv era.war ROOT.war
service tomcat7 restart
To redirect all http traffic from tomcat to https
nano  /etc/tomcat7/web.xml
((Add below configuration but make sure to add it after all the servlet mapping tags.))
<web-resource-name>Entire Application</web-resource-name>
service tomcat7 restart
enter https://domain.com:9980 in your web browser to check MDM server is up
enter domain.com in your web browser and login using the webconsole password that you have set earlier.
Link to comment
Share on other sites

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...