I believe it can. You will want to run a Ubuntu VM and will need to sort out the DNS side (you'll need a hostname). Kindly report back to us how you go so others can learn from your experiences!
Hm. I was thinking cloud based, where you'd start from a plain Ubuntu server, and inside that server you follow the vanilla setup using docker-compose.
I have no experience with CentOS so can't really advise whether the docker-compose setup will work there. Are there any threads on this forum about ODK Central on CentOS?
Central can be installed on prem. As long as you have a public, fully qualified domain name, it should work great.
Ubuntu is the only officially supported OS, but Central can be installed on pretty much any Linux-based system. I've personally installed it on CentOS 8.
Could outline how the installation on CentOs varies from Ubuntu (available on the website). The last time tried, the commands seem to fail since they were customized for Debian linux and not Redhat.
Thank you so much for the detailed steps. Acually I successfully installed Central on CentOS, but met an issue when I check it, as shown below:
[root]# docker-compose ps
Name Command State Ports
central_postgres_1 docker-entrypoint.sh postgres Up 5432/tcp
enketo docker-entrypoint.sh /bin/ ... Up 8005/tcp
enketo_redis_cache docker-entrypoint.sh redis ... Up 6379/tcp
enketo_redis_main docker-entrypoint.sh redis ... Up 6379/tcp
mail /bin/entrypoint.sh exim -b ... Up 25/tcp
nginx /bin/bash /scripts/odk-set ... Restarting
pyxform waitress-serve --port=80 - ... Up
secrets docker-entrypoint.sh ./gen ... Exit 0
service docker-entrypoint.sh ./wai ... Up 8383/tcp
[root]#
For this message:
nginx /bin/bash /scripts/odk-set ... Restarting
Any idea how to fix it ?
BTW, I also checked "docker-compose logs nginx" , and noticed the following outputs:
[root@]# docker-compose logs nginx | more
Attaching to nginx
nginx | diffie hellman private key does not exist; creating..
nginx | Generating DH parameters, 2048 bit long safe prime, generator 2
nginx | This is going to take a long time
nginx | writing a new nginx configuration file..
nginx | starting nginx without certbot..
nginx | 2021/04/12 02:15:36 [emerg] 11#11: BIO_new_file("/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem") failed (SSL: error:02001002:sys
tem library:fopen:No such file or directory:fopen('/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | nginx: [emerg] BIO_new_file("/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No
such file or directory:fopen('/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | writing a new nginx configuration file..
nginx | starting nginx without certbot..
This error here
No such file or directory:fopen('/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem','r')
indicates that your .env has all three SSL options where you need to choose exactly one.
Thanks for the insight. I did a modification in .env, which has this contents:
[root@central]# cat .env
SSL_TYPE=customssl DOMAIN=odk.mycompany.com (for privacy purpose I put mycompany.com to replace the real name here in the post)
SYSADMIN_EMAIL=myemailaddress (for privacy purpose I put mycompany.com to replace the real name here in the post)
But after I restarted nginx, I got this error message:
[root@central]# docker-compose logs nginx | more
Attaching to nginx
nginx | diffie hellman private key does not exist; creating..
nginx | Generating DH parameters, 2048 bit long safe prime, generator 2
nginx | This is going to take a long time
nginx | .........................................++++++++
nginx | writing a new nginx configuration file..
nginx | starting nginx without certbot..
nginx | 2021/04/12 10:21:42 [emerg] 12#12: BIO_new_file("/etc/customssl/live/local/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or dir
ectory:fopen('/etc/customssl/live/local/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | nginx: [emerg] BIO_new_file("/etc/customssl/live/local/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/c
ustomssl/live/local/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
But I did have file /etc/customssl/live/local/fullchain.pem, as shown here:
[root@]# ls -l /etc/customssl/live/local/fullchain.pem
-rwxr-xr-x 1 root root 7723 Mar 11 2020 /etc/customssl/live/local/fullchain.pem
Anything wrong there ?
I appreciate everyone's help !
Which specific directory should I save the certs files, currently I saved chain certs chain and private key files under:
/etc/customssl/live/local/fullchain.pem
/etc/customssl/live/local/privkey.pem
Is that correct location and naming ?
I met error below:
[root@central]# docker-compose logs nginx |more
Attaching to nginx
nginx | diffie hellman private key does not exist; creating..
nginx | Generating DH parameters, 2048 bit long safe prime, generator 2
nginx | This is going to take a long time
nginx | .........................................++++++++
nginx | writing a new nginx configuration file..
nginx | starting nginx without certbot..
nginx | 2021/04/12 10:21:42 [emerg] 12#12: BIO_new_file("/etc/customssl/live/local/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file
or directory:fopen('/etc/customssl/live/local/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | nginx: [emerg] BIO_new_file("/etc/customssl/live/local/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(
'/etc/customssl/live/local/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | writing a new nginx configuration file..
Thanks Yaw. It's all up now:
[root@central]# docker-compose ps
Name Command State Ports
central_postgres_1 docker-entrypoint.sh postgres Up 5432/tcp
enketo docker-entrypoint.sh /bin/ ... Up 8005/tcp
enketo_redis_cache docker-entrypoint.sh redis ... Up 6379/tcp
enketo_redis_main docker-entrypoint.sh redis ... Up 6379/tcp
mail /bin/entrypoint.sh exim -b ... Up 25/tcp
nginx /bin/bash /scripts/odk-set ... Up (healthy) 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
pyxform waitress-serve --port=80 - ... Up
secrets docker-entrypoint.sh ./gen ... Exit 0
service docker-entrypoint.sh ./wai ... Up 8383/tcp
[root@central]#
However, from external when I access the site https://odk.mycompanyname.com, odk website has no any response. Since this site is in DMZ , so there are a lot of firewall settings by my company (not just this server itself), I doubt if there should be any special ports by need to be opened by DMZ ?
ODK CentralWe're sorry but ODK Central doesn't work properly without JavaScript enabled. Please enable it to continue.
[root@ central]#
From the above observations, do I need to open any special ports from DMZ firewall (I have already requested to open 80, 8080, 443, 8443, etc, and they are open), but anything else ?
The only ports that are needed are 80 and 443. If it's not working externally, it's most likely because your firewall is doing something to the traffic or your DNS records are not properly configured. There is also a chance that CentOS's firewall or internal DNS are also preventing traffic from flowing.
These problems are outside the scope of what we can help with on the forum. Talk to your IT team.
Wish I could help more, but I don't know enough about CentOS firewall or how Docker on interacts with it to make a recommendation. Try things and report back what you learn.
Thanks Yaw. On server, which log file should I check to find the web access, activities, error messages, etc.? Could you tell me the log file name, and which command (if use docker command) to view the log ?