USER appuser WORKDIR /app CMD ["java", "-XX:+UseContainerSupport", "-XX:MaxRAMPercentage=75.0", "-jar", "myapp.jar"]
:
# Disable SSLv3, TLSv1, TLSv1.1 jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, MD5withRSA package.access=sun.,com.sun.xml.,com.sun.jndi.,... 9.3 Running JRE with least privilege Create a dedicated system user: linux java runtime environment
| Distribution | Provider | Free | Long-Term Support (LTS) | Notes | |--------------|----------|------|------------------------|-------| | | Oracle / Community | Yes | Yes (8,11,17,21) | Default on RHEL, Debian, Ubuntu | | Eclipse Adoptium (formerly AdoptOpenJDK) | Eclipse Foundation | Yes | Yes | Reliable, pre-built binaries | | Amazon Corretto | AWS | Yes | Yes | Multi-platform, performance tweaks | | Azul Zulu | Azul | Yes | Yes | Broad platform support | | Oracle JDK | Oracle | No (commercial use) | Yes | Only for development/test |
# Reduce heap size java -Xmx256m -jar app.jar free -h 10.3 "No X11 DISPLAY variable" (headless GUI error) Fix : Run in headless mode: Installing JRE on Major Linux Distributions 3
: Use OpenJDK (distro package) or Adoptium for most Linux servers. 3. Installing JRE on Major Linux Distributions 3.1 Debian / Ubuntu / Linux Mint # Update package index sudo apt update Install JRE (OpenJDK 17 LTS) sudo apt install openjdk-17-jre Alternative: JRE 11 sudo apt install openjdk-11-jre Check installation java -version
sudo useradd -r -s /bin/false javauser sudo chown -R javauser:javauser /opt/myapp sudo -u javauser java -jar /opt/myapp/app.jar 10.1 "java: command not found" Cause : JRE not installed or PATH not set. USER appuser WORKDIR /app CMD ["java"
# Debian/Ubuntu sudo apt install openjdk-17-jre-headless sudo yum install java-17-openjdk-headless