Dropwizard
CloudCaptain supports Dropwizard 0.8.x and newer Apps packaged as a Dropwizard Executable Jar using OpenJDK 7, 8, 11, 17 or 21.
Note: Dropwizard 1.0 and newer only support OpenJDK 8.x and above.
Get Started
If you haven't already, start by following Dropwizard & CloudCaptain tutorial that will get you up and running in 5-10 minutes.
Also check out our 3 part blog post series on how to set up a CD pipeline from GitHub to AWS for Dropwizard apps using CloudCaptain.
Java Runtime Environment
By default CloudCaptain uses the latest OpenJDK 17 version (headless JRE).
OpenJDK version
If you want to switch to OpenJDK 7.x or simply an
older version, you can do so using the -components.openjdk configuration setting:
> boxfuse run my-app-1.0.jar -components.openjdk=7.80.32
To find out which OpenJDK versions are available from the CloudCaptain Inventory you can simply issue:
> boxfuse inventory openjdk
Custom JRE
If you prefer to use a different JRE, including the Oracle JRE, rather than the default OpenJDK one,
you can do so by including the Linux x64 JRE distribution of your choice in a /jre folder inside the Dropwizard jar file.
If you use Maven, this means the /jre folder should be put into the src/main/resources directory:
my-dropwizard-app
src
main
java
resources
jre
bin
java
...
lib
amd64
...
rt.jar
...
COPYRIGHT
LICENSE
...
Tip for Git users
To avoid file corruption due to Git line-ending normalization, add the following line to .gitattributes
src/main/resources/jre/* binary
Configuration
By default CloudCaptain looks for a /boxfuse.yml file inside the Dropwizard jar file and runs your app
with the arguments server boxfuse.yml.
If you use Maven, this means the boxfuse.yml file should be put into the src/main/resources directory.
When Maven packages the jar, it will include it in the root of your Dropwizard jar file, where CloudCaptain can see it.
my-dropwizard-app
src
main
java
resources
boxfuse.yml
CloudCaptain parses boxfuse.yml and automatically configures the ports and the healthcheck based on the
information it contains.
If no boxfuse.yml is found at the root of the jar file, CloudCaptain uses the following defaults:
server:
applicationConnectors:
- type: http
port: 80
requestLog:
appenders: []
logging:
appenders:
- type: console
threshold: WARN
To make it easy to use a different configuration file, CloudCaptain always extracts all .yml and .json files at the root of the jar file
to the same directory as the executable jar. You can then refer to the different yml config file or pass in a
different set of arguments by setting jvm.main.args to server myconfig.yml. However,
keep in mind that this will bypass CloudCaptain's auto-configuration mechanism and you will need to ensure that
your CloudCaptain configuration matches what you configured in the yaml file.
Healthchecks
Unless specified otherwise, CloudCaptain automatically configures healthcheck.port=admin-http (8081)
and healthcheck.path=/healthcheck to match Dropwizard's defaults.
Databases
Database auto-provisioning
When using the CloudCaptain database auto-provisioning support, CloudCaptain automatically configures Dropwizard's DataSource to use the correct driver class name, jdbc url, user and password.
If your app includes the PostgreSQL or MySQL JDBC driver, CloudCaptain will automatically provision the necessary PostgreSQL or MySQL database in each environment and auto-configure Dropwizard's DataSource.
Using an existing database
To disable database auto-provisioning and use an existing database set db.type to none when creating your app.
TLS (SSL) Certificates / HTTPS
Automatic TLS (SSL) Certificate management
To expose your app via HTTPS make sure you have a custom domain configured
for the environment where you want to run it. Also make sure that you have obtained
a valid TLS (SSL) certificate and that your app has been created
with app.type set to load-balanced and tls.type set to acm (AWS Certificate Manager).
With that in place your Dropwizard app will be automatically configured to run with HTTPS and a green lock will appear in the browser.
You can also manually force the correct configuration by adding these properties to your Dropwizard boxfuse.yml config file:
server:
applicationConnectors:
- type: https
port: 443
keyStorePath: /app-config/boxfuse-selfsigned.jks
keyStorePassword: boxfuse-selfsigned
validateCerts: false
validatePeers: false
adminConnectors:
- type: https
port: 8443
keyStorePath: /app-config/boxfuse-selfsigned.jks
keyStorePassword: boxfuse-selfsigned
validateCerts: false
validatePeers: false
requestLog:
appenders: []
logging:
appenders:
- type: console
threshold: WARN
This will ensure that all network traffic between the ELB and your instances will be encrypted as well.
Manual TLS (SSL) Certificate management
To use HTTPS with your own certificate, you first have to obtain a valid certificate from a Certificate Authority and
add a KeyStore containing your SSL certificate at the root of the classpath
inside the Dropwizard jar file. CloudCaptain will automatically extract all .jks and .keystore
files it finds to the same directory on the file system as your Dropwizard jar file.
If you use Maven, this means your .jks or .keystore KeyStore file should be put into the src/main/resources directory.
When Maven packages the jar, it will include it in the root of your Dropwizard jar file, where CloudCaptain can see it.
my-dropwizard-app
src
main
java
resources
example.jks
You can then configure the Dropwizard HTTPS connector to use it. So if for example
you have a KeyStore named /example.jks inside your Dropwizard jar file,
the connector configuration should look like this:
server:
applicationConnectors:
- type: https
port: 443
keyStorePath: example.jks
keyStorePassword: myS3cr3tPwd
Very often for newer certificates you'll find you also need to add enableCRLDP: true to make things work.
Root Certificates
By default, CloudCaptain uses the same root certificate bundle as the latest version of Firefox. Additionally CloudCaptain also includes the root certificates for Amazon RDS, so you can connect securely to RDS databases out of the box.
You can, however, ship your own set of root certificates, by placing them in a KeyStore inside the Jar file as /cacerts.
If you use Maven, this means your cacerts KeyStore file should be put into the src/main/resources directory.
CloudCaptain will then automatically configure the JRE to use these instead.
my-dropwizard-app
src
main
java
resources
cacerts
If you choose to secure your cacerts TrustStore with a password different than the default changeit,
you have to add the following to your Dropwizard connector configuration:
trustStorePath: /cacerts/cacerts trustStorePassword: my0th3rPwd
JCE unlimited strength cryptography
Using CloudCaptain's default JRE
This is already enabled by default (starting with OpenJDK 8.162.12) and no further action is required.
Using an older CloudCaptain JRE
To enable JCE unlimited cryptography (for AES-256, RSA-4096, ...), download the policy zip from the Oracle website for either Java 7 or Java 8.
Extract both local_policy.jar and US_export_policy.jar and place them at the root of your Jar file.
If you use Maven, this means both policy jar files should be put into the src/main/resources directory.
CloudCaptain will then automatically configure the JRE to use these instead.
my-dropwizard-app
src
main
java
resources
local_policy.jar
US_export_policy.jar
Using a custom JRE
If you use a custom JRE it is your responsibility to ensure it is configured for unlimited strength cryptography if you need it.
Java Agents
If you wish to launch the JRE with one or more Java Agents, simply place the Java Agent files inside the Jar file under
/javaagents/. In a Maven project this means you have to put your agent jar and whatever other files it requires under src/main/resources/javaagents:
my-dropwizard-app
src
main
java
resources
javaagents
myjavaagent.jar
myjavaagent.properties
CloudCaptain will then automatically configure the JRE to use these Java Agents.
JVM Memory
By default CloudCaptain will dynamically configure your JVM heap to use 85% of the available memory in the instance. All other settings
use the JVM defaults. You can override this by specifying the required JVM arguments like -Xmx via the
jvm.args configuration setting.
Temporary Files
CloudCaptain configures the JVM to use /tmp as the directory to store temporary files and provisions 1 GB of space by default.
To increase this (up to a maximum of 16 TB), simply set
the tmp configuration setting to the number of GB of temp space you need. To prevent CloudCaptain from
provisioning any temp space set tmp to 0.
Debugging
Remote debugging (including hot-code replace) with your favorite IDE is fully supported. Details and setup instructions on our debugging page.
Profiling
Profiling with tools like JVisualVM and Java Flight Recorder is fully supported. Details and setup instructions on our profiling page.
Live Reloading
CloudCaptain supports Live Reloading of exploded DropWizard jar files.
Time Zone
By default all CloudCaptain instance use the UTC time zone.
We don't recommend changing this as this greatly simplifies time zone issues in machine to machine communication and cleanly relegates all time zones related aspects to a pure presentation layer concern.
If however you still do want to change this, you can override the default time zone of the instance using the
TZ environment variable. For example to change the time zone of your instance to America/Los_Angeles
you would do so like this:
> boxfuse fuse -envvars.TZ=America/Los_Angeles
Native binaries and libs
Some JVM applications also depend on native Linux x64 binaries and libs to do their work. CloudCaptain makes it easy to integrate them into your image.
Simply place your binaries under /native/bin on the classpath and CloudCaptain
will automatically add them to the PATH at runtime in your instances.
If those binaries also depend on additional shared libraries beyond the C library, place the .so files of your libraries
under /native/lib on the classpath and CloudCaptain
will automatically add them to the LD_LIBRARY_PATH at runtime in your instances.
Tip
To list all the shared libraries your Linux x64 binary requires, you can use the following command on a Linux system:
$ ldd -v my-native-binary
If you use Maven or Gradle, the native directory should be put into the src/main/resources
directory. CloudCaptain will then automatically configure the PATH and LD_LIBRARY_PATH to use it.
my-dropwizard-app
src
main
java
resources
native
bin
my-native-binary
other-linux-x64-binary
lib
my-shared-lib.so
other-shared-lib.so
You can then simply invoke them in your code using
Runtime.getRuntime().exec("my-native-binary arg1 arg2 arg3");
New Relic support
To monitor your app using New Relic simply pass in your New Relic license key when fusing your image and CloudCaptain will automatically install and configure the New Relic Servers Linux x64 and New Relic Java agents for you.
> boxfuse fuse -newrelic.licensekey=0123456789abcdef0123456789abcdef01234567
Alternatively you can also supply a newrelic.yml configuration file for the Java agent and CloudCaptain will
automatically use that instead. CloudCaptain will then install the agent for you, but won't override any application name you may have configured.
If you haven't configured a New Relic license key as described above, CloudCaptain will use
the license key contained in your newrelic.yml configuration file instead.
If you use Maven or Gradle, the newrelic.yml file should be put into the src/main/resources directory.
CloudCaptain will then automatically configure the New Relic Java agent to use it.
my-dropwizard-app
src
main
java
resources
newrelic.yml
Linux Kernel Tuning (experts only)
Kernel arguments
To tune the arguments passed Linux kernel from the bootloader, simply pass them using the
-linux.args setting when fusing your image.
sysctl.conf
If you need to tune the Linux kernel running in your instance, simply place a sysctl.conf file at the root inside your jar file.
In a Maven project this means you have to put it under src/main/resources:
my-dropwizard-app
src
main
java
resources
sysctl.conf
You can then for example tune the maximum number of file descriptors by simply including the following in sysctl.conf:
fs.file-max = 131072
CloudCaptain will then automatically configure the Linux kernel to use these settings.