System Prep
Alpine Linux 3.21. Tier 2 in this site because Alpine deviates from the source guide’s assumptions in three meaningful ways: it uses OpenRC instead of systemd, musl libc instead of glibc, and BusyBox utilities by default instead of the GNU coreutils. Several mo-installer and moctl paths assume systemd unit files; you may need to author OpenRC service files for the IDP microservices.
Tier 2 caveat. Postgres and MySQL work on Alpine in practice. MSSQL and Oracle are flat-out unsupported because both require glibc.
1.1 Update the system
sudo apk update && sudo apk upgrade
sudo reboot
1.2 Install bash and GNU coreutils
mo-installer.sh and moctl expect GNU sed, grep, bash, and a few other utilities. BusyBox alternatives have subtle differences.
sudo apk add bash bash-completion coreutils sed grep findutils \
curl wget unzip jq net-tools vim tar lsof
1.3 Install firewall tooling
Alpine does not include a firewall manager by default.
sudo apk add iptables ip6tables
sudo rc-update add iptables default
For UFW-like ergonomics, install awall (the official Alpine firewall manager) or nftables.
1.4 Open IDP ports (iptables)
for PORT in 8080 8070 8071 8072 6379 5672 15672; do
sudo iptables -A INPUT -p tcp --dport $PORT -j ACCEPT
done
sudo /etc/init.d/iptables save
1.5 Service management — OpenRC primer
| systemd command | OpenRC equivalent |
|---|---|
systemctl start <svc> | rc-service <svc> start |
systemctl stop <svc> | rc-service <svc> stop |
systemctl restart <svc> | rc-service <svc> restart |
systemctl enable <svc> | rc-update add <svc> default |
systemctl status <svc> | rc-service <svc> status |
systemctl daemon-reload | (not needed; OpenRC re-reads on start) |
1.6 No SELinux, no AppArmor
Alpine ships neither by default. No relaxation required.
Database
PostgreSQL 16 on Alpine 3.18. Alpine’s main repository ships postgresql16 natively.
2.1 Install PostgreSQL 16
sudo apk add postgresql16 postgresql16-contrib postgresql16-client
2.2 Initialise the cluster
Alpine’s PG package does not auto-init.
sudo mkdir -p /var/lib/postgresql/data
sudo chown postgres:postgres /var/lib/postgresql/data
sudo -u postgres initdb -D /var/lib/postgresql/data
2.3 Configure the OpenRC service
sudo rc-update add postgresql default
sudo rc-service postgresql start
sudo rc-service postgresql status
2.4 Create the miniOrange database and user
sudo -u postgres psql <<'SQL'
CREATE USER moadmin WITH PASSWORD 'Password123';
CREATE DATABASE miniorangedb OWNER moadmin;
ALTER USER moadmin WITH SUPERUSER;
SQL
2.5 Switch authentication to md5
sudo sed -i -E 's/^(host\s+all\s+all\s+(127\.0\.0\.1\/32|::1\/128)\s+)(ident|trust)/\1md5/' \
/var/lib/postgresql/data/pg_hba.conf
sudo rc-service postgresql restart
2.6 Verify
PGPASSWORD=Password123 psql -h 127.0.0.1 -U moadmin -d miniorangedb -c '\l'
Values for the /initialize wizard
| Field | Value |
|---|---|
| Database Type | PostgreSQL |
| Host | 127.0.0.1 |
| Port | 5432 |
| Database name | miniorangedb |
| Username | moadmin |
| Password | Password123 |
MySQL 8.4 LTS on Alpine 3.18. Derived and partial. Alpine’s official package is MariaDB, not MySQL. Two options:
- Use MariaDB as a wire-compatible replacement. The IDP officially supports MySQL 5.7+/8.x; MariaDB 10.11 is mostly compatible but is not on the support matrix.
- Run MySQL on a separate host (Ubuntu, RHEL, SLES) and connect from this Alpine IDP host using only the JDBC driver.
This page covers option 1 (MariaDB) plus the JDBC driver placement.
2.1 Install MariaDB 10.11
sudo apk add mariadb mariadb-client mariadb-common
2.2 Initialise the system tables
sudo /etc/init.d/mariadb setup
2.3 Start and enable the service
sudo rc-update add mariadb default
sudo rc-service mariadb start
2.4 Secure the installation
sudo /usr/bin/mysql_secure_installation
2.5 Create the miniOrange database and user
mysql -u root -p <<'SQL'
CREATE DATABASE miniorangedb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'moadmin'@'localhost' IDENTIFIED BY 'Password123';
CREATE USER 'moadmin'@'%' IDENTIFIED BY 'Password123';
GRANT ALL PRIVILEGES ON miniorangedb.* TO 'moadmin'@'localhost';
GRANT ALL PRIVILEGES ON miniorangedb.* TO 'moadmin'@'%';
FLUSH PRIVILEGES;
SQL
2.6 Place the MySQL JDBC driver (derived)
The MySQL JDBC driver is built against generic Java and works against MariaDB 10.5+ for typical CRUD operations the IDP performs.
sudo mkdir -p /opt/miniorange/drivers
cd /tmp
sudo wget https://repo1.maven.org/maven2/com/mysql/mysql-connector-j/8.4.0/mysql-connector-j-8.4.0.jar
sudo cp mysql-connector-j-8.4.0.jar /opt/miniorange/drivers/
sudo chmod 644 /opt/miniorange/drivers/mysql-connector-j-8.4.0.jar
Values for the /initialize wizard
| Field | Value |
|---|---|
| Database Type | MySQL |
| Host | 127.0.0.1 |
| Port | 3306 |
| Database name | miniorangedb |
| Username | moadmin |
| Password | Password123 |
Microsoft SQL Server is not supported on Alpine Linux. MSSQL on Linux requires glibc; Alpine ships musl. Microsoft has never supported MSSQL on musl libc and is unlikely to in the foreseeable future.
What to do instead
Run MSSQL on any of the supported OSes (RHEL 8/9, SLES 15, Ubuntu 20.04/22.04). On this Alpine IDP host, install only the JDBC driver and point the wizard at the remote DB.
JDBC-driver-only path
sudo mkdir -p /opt/miniorange/drivers
cd /tmp
sudo curl -L -o mssql-jdbc.tar.gz \
https://download.microsoft.com/download/8/c/d/8cdfd87a-1684-4731-91a9-2ba182c8b0ad/sqljdbc_12.6.4.0_enu.tar.gz
sudo tar -xzf mssql-jdbc.tar.gz
sudo cp sqljdbc_12.6/enu/jars/mssql-jdbc-12.6.4.jre11.jar /opt/miniorange/drivers/
sudo chmod 644 /opt/miniorange/drivers/mssql-jdbc-12.6.4.jre11.jar
The JDBC driver is pure Java and runs fine on Alpine; only the MSSQL server itself is incompatible.
Values for the /initialize wizard (remote MSSQL host)
| Field | Value |
|---|---|
| Database Type | MSSQL |
| Host | <remote-mssql-host> |
| Port | 1433 |
| Database name | miniorangedb |
| Username | moadmin |
| Password | Password123! |
Oracle Database is not supported on Alpine Linux. Oracle DB requires glibc; Alpine ships musl. Oracle has never supported its database on musl libc.
What to do instead
Run Oracle on any of the supported OSes (Oracle Linux 8/9, RHEL 8/9, SLES 15). On this Alpine IDP host, install the Oracle Instant Client + JDBC driver and point the wizard at the remote Oracle host.
Note. The Instant Client itself is also a glibc binary and will fail to load on Alpine. The IDP only needs the JDBC driver (pure Java), which works fine. You do not need the Instant Client on Alpine.
JDBC-driver-only path
Download ojdbc8.jar (version 19.x) from Oracle’s site (login required) and place it directly:
sudo mkdir -p /opt/miniorange/drivers
sudo cp /tmp/ojdbc8.jar /opt/miniorange/drivers/
sudo chmod 644 /opt/miniorange/drivers/ojdbc8.jar
Values for the /initialize wizard (remote Oracle host)
| Field | Value |
|---|---|
| Database Type | Oracle |
| Host | <remote-oracle-host> |
| Port | 1521 |
| SID / Service | Service |
| Service Name | ORCLPDB1 |
| Username | moadmin |
| Password | Password123 |
Erlang + RabbitMQ
RabbitMQ and Erlang on Alpine 3.18. Both are in the community repository.
3.1 Enable the community repository
It’s usually enabled by default but verify:
grep '^http' /etc/apk/repositories
You should see a line like http://dl-cdn.alpinelinux.org/alpine/v3.18/community. If not, add it and apk update.
3.2 Install Erlang
sudo apk add erlang erlang-dev
3.3 Install RabbitMQ
sudo apk add rabbitmq-server
Version note. Alpine 3.18’s
rabbitmq-serverpackage is version 3.13.x as of this writing. The major version (3.13) matches what the source guide specifies; patch versions may differ.
3.4 Enable and start the service
sudo rc-update add rabbitmq-server default
sudo rc-service rabbitmq-server start
3.5 Enable the management plugin
sudo rabbitmq-plugins enable rabbitmq_management
sudo rc-service rabbitmq-server restart
3.6 Verify
sudo rabbitmqctl status
sudo ss -tulnp | grep 5672
Values for the /initialize wizard
| Field | Value |
|---|---|
| RabbitMQ Host | 127.0.0.1 |
| AMQP Port | 5672 |
| Mgmt UI Port | 15672 |
| Default Login | guest / guest |
mo-installer
The miniOrange installer bundles Java 17 and Redis. On Alpine, mo-installer.sh requires bash and several GNU coreutils, which you installed in Section 1.
4.1 Download the installer
cd /opt
sudo wget https://miniorange.s3.us-east-1.amazonaws.com/public/installers/mo-installer-5.0.0.zip
sudo unzip mo-installer-5.0.0.zip -d mo-installer-5.0.0
cd /opt/mo-installer-5.0.0
ls -la
4.2 Source the environment file
less .env.sh
source .env.sh
4.3 Set execute permissions
sudo chmod +x mo-installer.sh moctl/*.sh
4.4 Run the installer
sudo bash mo-installer.sh
Alpine note. The installer may attempt to register systemd unit files. On Alpine those calls will fail silently and you’ll need to write OpenRC init scripts for each microservice manually. Stub OpenRC files for
configserver,eurekaserver,gatekeeper, andminiorangelook like:
sudo tee /etc/init.d/mo-miniorange > /dev/null <<'OPENRC'
#!/sbin/openrc-run
name="miniorange"
description="miniOrange IDP main service"
command="/opt/tomcat/latest/bin/catalina.sh"
command_args="run"
command_user="root"
pidfile="/var/run/${RC_SVCNAME}.pid"
command_background=true
depend() {
need net
after rabbitmq-server redis
}
OPENRC
sudo chmod +x /etc/init.d/mo-miniorange
sudo rc-update add mo-miniorange default
Repeat for the other three microservices, adjusting paths and dependencies.
4.5 Start the four core services
If you authored OpenRC init scripts:
sudo rc-service mo-configserver start
sudo rc-service mo-eurekaserver start
sudo rc-service mo-gatekeeper start
sudo rc-service mo-miniorange start
moctl service start may also work if it’s bash-portable; the source guide does not document Alpine specifically.
4.6 Open /initialize in a browser
https://<SERVER_IP>/initialize
Past the certificate warning, enter the values from the Database section above plus Redis (127.0.0.1:6379) and RabbitMQ.
4.7 Restart all services
sudo rc-service mo-miniorange restart
# (or the equivalent moctl call if it works on Alpine)
Verify & Service Enablement
5.1 Service status (OpenRC)
sudo rc-status default
All mo-* services should be started. Also check Redis and RabbitMQ:
sudo rc-service redis status
sudo rc-service rabbitmq-server status
5.2 moctl diagnostics
If moctl runs on Alpine (depends on whether its bash compatibility holds):
moctl diagnose
moctl service status
If moctl errors with BusyBox-vs-GNU coreutil differences, check which sed, which grep, and ensure GNU versions from Section 1.2 are first in $PATH.
5.3 Port checks
sudo ss -tulnp | egrep '8080|8070|8071|8072|6379|5672'
5.4 Tier 2 limitations to expect
| Limitation | Workaround |
|---|---|
| MSSQL server cannot run on Alpine | Run MSSQL on a remote host (see DB section) |
| Oracle DB cannot run on Alpine | Run Oracle on a remote host |
mo-installer writes systemd units | Author OpenRC init scripts manually |
moctl may rely on GNU tools | Install coreutils, bash, sed, grep |
5.5 When to abandon Alpine and pick a Tier 1 OS
Alpine is appropriate for containerised IDP-on-IDP deployments where you control the image build and accept the operational overhead of OpenRC init scripting. For VM-based or bare-metal production, a Tier 1 distribution (RHEL 9, Ubuntu 22.04, Oracle Linux 8) avoids the workarounds above.