I am trying to install ODK Central, and would like to confirm the followings:
I appreciate your prompt reply,
I believe it can. You will want to run a Ubuntu VM and will need to sort out the DNS side (you'll need a hostname). Kindly report back to us how you go so others can learn from your experiences!
You mean inside a CentOS7 server, install a Ubuntu VM, and then install ODK Central in that VM ?
Hm. I was thinking cloud based, where you'd start from a plain Ubuntu server, and inside that server you follow the vanilla setup using docker-compose.
I have no experience with CentOS so can't really advise whether the docker-compose setup will work there. Are there any threads on this forum about ODK Central on CentOS?
Central can be installed on prem. As long as you have a public, fully qualified domain name, it should work great.
Ubuntu is the only officially supported OS, but Central can be installed on pretty much any Linux-based system. I've personally installed it on CentOS 8.
Could outline how the installation on CentOs varies from Ubuntu (available on the website). The last time tried, the commands seem to fail since they were customized for Debian linux and not Redhat.
Paul
It's been a while since I did this, so consider this untested, but here are the highlights.
Install prerequisites
yum -y install git;
Install Docker - https://docs.docker.com/engine/install/centos
yum install -y yum-utils;
yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo;
dnf install docker-ce --nobest -y;
systemctl start docker;
systemctl enable docker;
Install Docker Compose - https://docs.docker.com/compose/install
curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose;
chmod +x /usr/local/bin/docker-compose;
Allow Docker to access external network - https://serverfault.com/a/994704
firewall-cmd --zone=public --add-interface=docker0 --permanent;
firewall-cmd --zone=public --add-masquerade --permanent;
firewall-cmd --reload;
systemctl restart docker;
Disable the firewall - https://docs.getodk.org/central-upgrade/#upgrading-to-central-0-9
systemctl stop firewalld;
systemctl disable firewalld;
systemctl restart docker;
Download and configure Central - https://docs.getodk.org/central-install-digital-ocean
cd ~;
git clone https://github.com/getodk/central;
cd ~/central;
git submodule update -i;
nano .env;
Build and run Central
docker-compose build;
docker-compose up -d;
Hi Yaw,
Thank you so much for the detailed steps. Acually I successfully installed Central on CentOS, but met an issue when I check it, as shown below:
central_postgres_1 docker-entrypoint.sh postgres Up 5432/tcp
enketo docker-entrypoint.sh /bin/ ... Up 8005/tcp
enketo_redis_cache docker-entrypoint.sh redis ... Up 6379/tcp
enketo_redis_main docker-entrypoint.sh redis ... Up 6379/tcp
mail /bin/entrypoint.sh exim -b ... Up 25/tcp
nginx /bin/bash /scripts/odk-set ... Restarting
pyxform waitress-serve --port=80 - ... Up
secrets docker-entrypoint.sh ./gen ... Exit 0
service docker-entrypoint.sh ./wai ... Up 8383/tcp
[root]#
For this message:
nginx /bin/bash /scripts/odk-set ... Restarting
Any idea how to fix it ?
BTW, I also checked "docker-compose logs nginx" , and noticed the following outputs:
[root@]# docker-compose logs nginx | more
Attaching to nginx
nginx | diffie hellman private key does not exist; creating..
nginx | Generating DH parameters, 2048 bit long safe prime, generator 2
nginx | This is going to take a long time
nginx | writing a new nginx configuration file..
nginx | starting nginx without certbot..
nginx | 2021/04/12 02:15:36 [emerg] 11#11: BIO_new_file("/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem") failed (SSL: error:02001002:sys
tem library:fopen:No such file or directory:fopen('/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | nginx: [emerg] BIO_new_file("/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No
such file or directory:fopen('/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | writing a new nginx configuration file..
nginx | starting nginx without certbot..
====
Thanks in advance !
This error here
No such file or directory:fopen('/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem','r')
indicates that your .env has all three SSL options where you need to choose exactly one.
Hi Florian,
Thanks for the insight. I did a modification in .env, which has this contents:
[root@central]# cat .env
SSL_TYPE=customssl
DOMAIN=odk.mycompany.com (for privacy purpose I put mycompany.com to replace the real name here in the post)
SYSADMIN_EMAIL=myemailaddress (for privacy purpose I put mycompany.com to replace the real name here in the post)
But after I restarted nginx, I got this error message:
[root@central]# docker-compose logs nginx | more
Attaching to nginx
nginx | diffie hellman private key does not exist; creating..
nginx | Generating DH parameters, 2048 bit long safe prime, generator 2
nginx | This is going to take a long time
nginx | .........................................++++++++
nginx | writing a new nginx configuration file..
nginx | starting nginx without certbot..
nginx | 2021/04/12 10:21:42 [emerg] 12#12: BIO_new_file("/etc/customssl/live/local/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or dir
ectory:fopen('/etc/customssl/live/local/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | nginx: [emerg] BIO_new_file("/etc/customssl/live/local/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/c
ustomssl/live/local/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
But I did have file /etc/customssl/live/local/fullchain.pem, as shown here:
[root@]# ls -l /etc/customssl/live/local/fullchain.pem
-rwxr-xr-x 1 root root 7723 Mar 11 2020 /etc/customssl/live/local/fullchain.pem
Anything wrong there ?
I appreciate everyone's help !
Hi Yaw, Florian and experts ,
I have a few questions for .env file for Central. Here is the contents of the file:
[root@central]# cat .env
SSL_TYPE=customssl
DOMAIN=odk.mycompanyname.com (for privacy reasons I put mycompanyname to replace real name)
SYSADMIN_EMAIL=myemail@mycompanyname.com
[root@central]#
My questions are:
Since the website is "https://odk.mycompanyname.com", for DOMAIN= value, should I put "odk.mycompanyname.com", or just "mycompanyname.com" ?
Which specific directory should I save the certs files, currently I saved chain certs chain and private key files under:
/etc/customssl/live/local/fullchain.pem
/etc/customssl/live/local/privkey.pem
Is that correct location and naming ?
I appreciate your help
You must use the fully qualified domain name that points to your server's IP address. In this case, it's odk.mycompanyname.com
If you are using the custom certs follow the instructions at https://docs.getodk.org/central-install-digital-ocean/#using-a-custom-ssl-certificate. Step 3 describes where to put the files.
central_postgres_1 docker-entrypoint.sh postgres Up 5432/tcp
enketo docker-entrypoint.sh /bin/ ... Up 8005/tcp
enketo_redis_cache docker-entrypoint.sh redis ... Up 6379/tcp
enketo_redis_main docker-entrypoint.sh redis ... Up 6379/tcp
mail /bin/entrypoint.sh exim -b ... Up 25/tcp
nginx /bin/bash /scripts/odk-set ... Up (healthy) 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
pyxform waitress-serve --port=80 - ... Up
secrets docker-entrypoint.sh ./gen ... Exit 0
service docker-entrypoint.sh ./wai ... Up 8383/tcp
[root@central]#
However, from external when I access the site https://odk.mycompanyname.com, odk website has no any response. Since this site is in DMZ , so there are a lot of firewall settings by my company (not just this server itself), I doubt if there should be any special ports by need to be opened by DMZ ?
But if from within the container itself and curl https://odk.mycompanyname.com , it reports:
[root@central]# curl https://odk.mycompanyname.com
ODK CentralWe're sorry but ODK Central doesn't work properly without JavaScript enabled. Please enable it to continue.[root@ central]#
From the above observations, do I need to open any special ports from DMZ firewall (I have already requested to open 80, 8080, 443, 8443, etc, and they are open), but anything else ?
Thanks for your help,
The only ports that are needed are 80 and 443. If it's not working externally, it's most likely because your firewall is doing something to the traffic or your DNS records are not properly configured. There is also a chance that CentOS's firewall or internal DNS are also preventing traffic from flowing.
These problems are outside the scope of what we can help with on the forum. Talk to your IT team.
Hi Yaw, thanks for the reply.
I have two questions:
Thanks,
Lei
Wish I could help more, but I don't know enough about CentOS firewall or how Docker on interacts with it to make a recommendation. Try things and report back what you learn.
Thanks Yaw. On server, which log file should I check to find the web access, activities, error messages, etc.? Could you tell me the log file name, and which command (if use docker command) to view the log ?
Thanks everyone,
Now I have enough resources to continue with my project of building ODK Central on CentOs.
Paul