letsencrypt offers free HTTPS certificates with the limitation that you need to set them up to auto renew every ~3 months. Below are some example scripts that last of which should be called from cron.

Settings

DOMAIN=noodle.example.com
EMAIL=me@example.com
PASS=example
DIR=/opt/Noodle/ACME
JKS=/opt/Noodle/noodle.jks

Initialize

. /opt/Noodle/settings.sh
apt install -y certbot
systemctl disable certbot
mkdir $DIR
certbot register --agree-tos --no-eff-email -m "$EMAIL"
certbot certonly --webroot \
	--webroot-path $DIR \
	--cert-name "$DOMAIN" \
	-d "$DOMAIN"
/opt/Noodle/convert.sh

Convert

. /opt/Noodle/settings.sh
P12=$(mktemp)
rm -f "$JKS"
openssl pkcs12 -export \
	-in /etc/letsencrypt/live/"$DOMAIN"/cert.pem \
	-inkey /etc/letsencrypt/live/"$DOMAIN"/privkey.pem \
	-certfile /etc/letsencrypt/live/"$DOMAIN"/fullchain.pem \
	-name "$DOMAIN" \
	-out "$P12" \
	-password "pass:$PASS"
keytool -genkeypair \
	-alias temp \
	-storetype JKS \
	-keystore $JKS \
	-storepass "$PASS" \
	-keypass "$PASS" \
	-dname "CN=temp, OU=temp, O=temp, L=temp, S=temp, C=CA"
keytool -delete \
	-alias temp \
	-keystore $JKS \
	-storepass "$PASS"
keytool -importkeystore \
	-srckeystore "$P12" \
	-srcstoretype pkcs12 \
	-destkeystore $JKS \
	-deststoretype JKS \
	-srcstorepass "$PASS" \
	-deststorepass "$PASS"
rm "$P12"

Renew

. /opt/Noodle/settings.sh
certbot renew --webroot \
	--webroot-path $DIR \
	--cert-name "$DOMAIN" \
	--deploy-hook /opt/Noodle/convert.sh

Currently Noodle must be restarted to reload the keystore.

BranchVersionFirst buildLatest build
Long Term Support (LTS)7.08.132020-10-012021-05-04
Release7.08.182021-04-052021-05-04
Next7.08.192021-05-03Today

Long Term Support Versions

VersionReleaseRetirement
7.08.132020-11-032022-01-02
7.08.022019-10-022021-01-02
7.05.122019-02-192020-01-02

Release Versions

VersionReleaseRetirement
7.08.182021-05-022021-06-02
7.08.172021-04-022021-05-02
7.08.162021-03-022021-04-02
7.08.152021-02-022021-03-02
7.08.142021-01-022021-02-02
7.08.122020-10-022020-11-02
7.08.112020-09-022020-10-02
7.08.102020-08-022020-09-02
7.08.092020-07-022020-08-02
7.08.082020-06-022020-07-02
7.08.072020-05-022020-06-02
7.08.062020-04-022020-05-02
7.08.052020-03-022020-04-02
7.08.042020-02-022020-03-02
7.08.032019-12-022020-01-02
7.08.012019-09-022019-10-02
7.06.052019-08-022019-09-02
7.06.042019-07-022019-08-02
7.06.032019-06-022019-07-02
7.06.022019-05-022019-06-02
7.06.012019-04-022019-05-02
7.05.132019-03-022019-04-02
...
4.01.012001-06-082001-06-08

  • 1995; Sun Microsystems created Java
  • 2006; Sun released Java under the GPL
  • 2010; Oracle Corporation acquired Java with the purchase of Sun
  • 2019; Oracle stopped releasing security updates for LTS releases under a permissive license

OpenJDK is the upstream for all Java builds but does not release builds itself, so there are now many java distributions, some with additional patches. In addition to the Linux distributions (Debian/Ubuntu, Fedora/RedHat/CentOS, Arch/Manjaro, openSUSE, etc) building off OpenJDK for their package managers the following are available;

BuildPermissivePureCommercial Support
AdoptOpenJDK / IBMYesOptionalYes
Microsoft (JClarity)YesNoNo
Azul ZuluYesNoYes
Amazon CorrettoYesNoYes
SAPYesNoYes
LibericaYesNoYes
RedHat for WindowsYesNoYes
ojdkbuildYesYesNo
OracleNoNoYes

Windows users can subscribe to releases on github until the windows store catches up with Linux repositories since the year 1998

sudo -i
apt update
apt -y upgrade
apt -y dist-upgrade
apt install -y postgresql-contrib openjdk-11-jre

#optional
apt install -y p7zip-full sysstat catdoc antiword html2text unrtf libid3-tools ffmpeg

#Noodle
cd /opt
tar -xf Noodle.tar.gz
cd Noodle
su postgres -c 'cd;psql --file /opt/Noodle/init.sql'
./configure
mv noodle.daemon /etc/init.d/noodle
update-rc.d noodle defaults
service noodle start

Other Linux Installation examples available.

  • Upgrade
  • Drive Space low
    • Add more storage space (a SSD preferably) (can be done without service interruption if you are using a Logical Volume Manager)
  • Out of RAM
    • Add more Memory
    • This warning is not yet supported for MSSQL or remote databases.
  • Index Queue not empty
    • Can be ignored if intermittent small numbers
    • Contact support if large numbers persist
  • HTTP pool too full
    • in multiserver.conf increase HTTP pools like Connection.CM_0.NumThreads to at least double the number of active users. (you may also have a CM_1 if you are using HTTP and HTTPS)
  • DB pool full
    • The default setting of 30 in intranet.conf for DatabaseManager.DB.intranet.Connection.MaxPoolSize is already fairly high so normally this is an indication that the SQL server getting bogged down by slow spinning storage (LVMCache is recommended).
    • Increasing the number without ensuring the DB pool was filled because of volume (not latency) will likely cause out of memory or deadlock errors on the database instead of just slowness.
  • User limit
    • Remove users from the imported Active Directory security group or contact us for a larger License.
    • Additionally and optionally delete disabled users that will not be added back to the imported Active Directory security group.

#!/bin/bash

#
# noodle_datamanager_add.sh
#

set -e

U=$1
P=$2
F=$3
D=$4

SERVER="https://domain.tld"
COOKIE=noodle_cookie.tmp

if [ "$D" == "" ] ; then
	echo NO >&2
	exit 1
fi
if [ -f $COOKIE ] ; then
	echo "already running"
	exit 2;
fi
TMP=$(mktemp)
wget -q "$SERVER/HandleLogin.po" --post-data="user_name=$U&user_password=$P" --keep-session-cookies --save-cookies $COOKIE -O /dev/null
wget -q "$SERVER/datamanager/MainWindow.po"  --load-cookies $COOKIE -O "$TMP"
CSRF=$(< "$TMP" perl -pe 's/(<)/\n$1/g' | grep CSRF | perl -pe 's/^.*value="//g;s/".*$//g')
rm "$TMP"
wget -q "$SERVER/datamanager/HandleMainWindow.po" --post-data="CSRF=$CSRF&folder=$F&val5440=$D" --load-cookies $COOKIE -O /dev/null

#!/bin/bash

#
# noodle_datamanager_report_get.sh
#

set -e

U=$1
P=$2
F=$3
R=$4

SITE="https://domain.tld"
COOKIE=noodle_cookie.tmp

if [ "$R" == "" ] ; then
    echo NO >&2
    exit 1
fi
if [ -f $COOKIE ] ; then
    echo "already running"
    exit 2;
fi
wget -q "$SITE/HandleLogin.po" --post-data="user_name=$U&user_password=$P" --keep-session-cookies --save-cookies $COOKIE -O /dev/null
wget -q "$SITE/datamanager/ReportView.po?folder=$F&reportHandle=$R&itemsPerPage=99" --load-cookies $COOKIE -O -
rm $COOKIE

Microsoft checklist here.

The following information can be obtained with Wireshark;

 [truncated]Authorization: Negotiate YIG...NER
    GSS-API Generic Security Service Application Program Interface
        OID: 1.3.6.1.5.5.2 (SPNEGO - Simple Protected Negotiation)
        Simple Protected Negotiation
            negTokenInit
                mechTypes: 4 items
                    MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
                    MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
                    MechType: 1.3.6.1.4.1.311.2.2.30 (NEGOEX - SPNEGO Extended Negotiation Security Mechanism)
                    MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
                mechToken: 6092a864886...
                krb5_blob: 6092a864886...
                    KRB5 OID: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
                    krb5_tok_id: KRB5_AP_REQ (0x0001)
                    Kerberos
                        ap-req
                            pvno: 5
                            msg-type: krb-ap-req (14)
                            Padding: 0
                            ap-options: 20000000 (mutual-required)
                                0... .... = reserved: False
                                .0.. .... = use-session-key: False
                                ..1. .... = mutual-required: True
                            ticket
                                tkt-vno: 5
                                realm: INTRA.NET
                                sname
                                    name-type: kRB5-NT-SRV-INST (2)
                                    sname-string: 2 items
                                        SNameString: HTTP
                                        SNameString: intra.net
                                enc-part
                                    etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
                                    kvno: 2
                                    cipher: 678ed5435c9ec4d6...
                            authenticator
                                etype: eTYPE-ARCFOUR-HMAC-MD5 (23)
                                cipher: 62a133014138848d900d436...