Can ODK Central be installed at "on-premises" server with CentOS 7?

I am trying to install ODK Central, and would like to confirm the followings:

  1. ODK Central could be installed at "On-premises" server, not necessarily go to cloud (google, amazon, etc.) ?
  2. ODK Central could be installed with CentOS 7 Linux, not necessarily Ubuntu ?

I appreciate your prompt reply,

I believe it can. You will want to run a Ubuntu VM and will need to sort out the DNS side (you'll need a hostname). Kindly report back to us how you go so others can learn from your experiences!

You mean inside a CentOS7 server, install a Ubuntu VM, and then install ODK Central in that VM ?

Hm. I was thinking cloud based, where you'd start from a plain Ubuntu server, and inside that server you follow the vanilla setup using docker-compose.
I have no experience with CentOS so can't really advise whether the docker-compose setup will work there. Are there any threads on this forum about ODK Central on CentOS?

Central can be installed on prem. As long as you have a public, fully qualified domain name, it should work great.

Ubuntu is the only officially supported OS, but Central can be installed on pretty much any Linux-based system. I've personally installed it on CentOS 8.

2 Likes

@yanokwa,

Could outline how the installation on CentOs varies from Ubuntu (available on the website). The last time tried, the commands seem to fail since they were customized for Debian linux and not Redhat.

Paul

It's been a while since I did this, so consider this untested, but here are the highlights.

Install prerequisites

yum -y install git;

Install Docker - https://docs.docker.com/engine/install/centos

yum install -y yum-utils;
yum-config-manager --add-repo  https://download.docker.com/linux/centos/docker-ce.repo;
dnf install docker-ce --nobest -y;
systemctl start docker;
systemctl enable docker;

Install Docker Compose - https://docs.docker.com/compose/install

curl -L "https://github.com/docker/compose/releases/download/1.25.4/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose;
chmod +x /usr/local/bin/docker-compose;

Allow Docker to access external network - https://serverfault.com/a/994704

firewall-cmd --zone=public --add-interface=docker0 --permanent;
firewall-cmd --zone=public --add-masquerade --permanent;
firewall-cmd --reload;
systemctl restart docker;

Disable the firewall - https://docs.getodk.org/central-upgrade/#upgrading-to-central-0-9

systemctl stop firewalld;
systemctl disable firewalld;
systemctl restart docker;

Download and configure Central - https://docs.getodk.org/central-install-digital-ocean

cd ~;
git clone https://github.com/getodk/central;
cd ~/central;
git submodule update -i;
nano .env;

Build and run Central

docker-compose build;
docker-compose up -d;
1 Like

Hi Yaw,

Thank you so much for the detailed steps. Acually I successfully installed Central on CentOS, but met an issue when I check it, as shown below:

[root]# docker-compose ps
Name Command State Ports

central_postgres_1 docker-entrypoint.sh postgres Up 5432/tcp
enketo docker-entrypoint.sh /bin/ ... Up 8005/tcp
enketo_redis_cache docker-entrypoint.sh redis ... Up 6379/tcp
enketo_redis_main docker-entrypoint.sh redis ... Up 6379/tcp
mail /bin/entrypoint.sh exim -b ... Up 25/tcp
nginx /bin/bash /scripts/odk-set ... Restarting
pyxform waitress-serve --port=80 - ... Up
secrets docker-entrypoint.sh ./gen ... Exit 0
service docker-entrypoint.sh ./wai ... Up 8383/tcp
[root]#

For this message:
nginx /bin/bash /scripts/odk-set ... Restarting

Any idea how to fix it ?

BTW, I also checked "docker-compose logs nginx" , and noticed the following outputs:

[root@]# docker-compose logs nginx | more
Attaching to nginx
nginx | diffie hellman private key does not exist; creating..
nginx | Generating DH parameters, 2048 bit long safe prime, generator 2
nginx | This is going to take a long time
nginx | writing a new nginx configuration file..
nginx | starting nginx without certbot..
nginx | 2021/04/12 02:15:36 [emerg] 11#11: BIO_new_file("/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem") failed (SSL: error:02001002:sys
tem library:fopen:No such file or directory:fopen('/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | nginx: [emerg] BIO_new_file("/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No
such file or directory:fopen('/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | writing a new nginx configuration file..
nginx | starting nginx without certbot..

====
Thanks in advance !

This error here
No such file or directory:fopen('/etc/selfsign|letsencrypt|customssl/live/local|your.domain.com/fullchain.pem','r')
indicates that your .env has all three SSL options where you need to choose exactly one.

Hi Florian,

Thanks for the insight. I did a modification in .env, which has this contents:
[root@central]# cat .env
SSL_TYPE=customssl
DOMAIN=odk.mycompany.com (for privacy purpose I put mycompany.com to replace the real name here in the post)
SYSADMIN_EMAIL=myemailaddress (for privacy purpose I put mycompany.com to replace the real name here in the post)

But after I restarted nginx, I got this error message:
[root@central]# docker-compose logs nginx | more
Attaching to nginx
nginx | diffie hellman private key does not exist; creating..
nginx | Generating DH parameters, 2048 bit long safe prime, generator 2
nginx | This is going to take a long time
nginx | .........................................++++++++
nginx | writing a new nginx configuration file..
nginx | starting nginx without certbot..
nginx | 2021/04/12 10:21:42 [emerg] 12#12: BIO_new_file("/etc/customssl/live/local/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or dir
ectory:fopen('/etc/customssl/live/local/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
nginx | nginx: [emerg] BIO_new_file("/etc/customssl/live/local/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen('/etc/c
ustomssl/live/local/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)

But I did have file /etc/customssl/live/local/fullchain.pem, as shown here:

[root@]# ls -l /etc/customssl/live/local/fullchain.pem
-rwxr-xr-x 1 root root 7723 Mar 11 2020 /etc/customssl/live/local/fullchain.pem

Anything wrong there ?
I appreciate everyone's help !

Hi Yaw, Florian and experts ,

I have a few questions for .env file for Central. Here is the contents of the file:

[root@central]# cat .env
SSL_TYPE=customssl
DOMAIN=odk.mycompanyname.com (for privacy reasons I put mycompanyname to replace real name)
SYSADMIN_EMAIL=myemail@mycompanyname.com
[root@central]#

My questions are:

  1. Since the website is "https://odk.mycompanyname.com", for DOMAIN= value, should I put "odk.mycompanyname.com", or just "mycompanyname.com" ?

  2. Which specific directory should I save the certs files, currently I saved chain certs chain and private key files under:
    /etc/customssl/live/local/fullchain.pem
    /etc/customssl/live/local/privkey.pem

Is that correct location and naming ?

  1. I met error below:
    [root@central]# docker-compose logs nginx |more
    Attaching to nginx
    nginx | diffie hellman private key does not exist; creating..
    nginx | Generating DH parameters, 2048 bit long safe prime, generator 2
    nginx | This is going to take a long time
    nginx | .........................................++++++++
    nginx | writing a new nginx configuration file..
    nginx | starting nginx without certbot..
    nginx | 2021/04/12 10:21:42 [emerg] 12#12: BIO_new_file("/etc/customssl/live/local/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file
    or directory:fopen('/etc/customssl/live/local/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
    nginx | nginx: [emerg] BIO_new_file("/etc/customssl/live/local/fullchain.pem") failed (SSL: error:02001002:system library:fopen:No such file or directory:fopen(
    '/etc/customssl/live/local/fullchain.pem','r') error:2006D080:BIO routines:BIO_new_file:no such file)
    nginx | writing a new nginx configuration file..

I appreciate your help

You must use the fully qualified domain name that points to your server's IP address. In this case, it's odk.mycompanyname.com

If you are using the custom certs follow the instructions at https://docs.getodk.org/central-install-digital-ocean/#using-a-custom-ssl-certificate. Step 3 describes where to put the files.

(post withdrawn by author, will be automatically deleted in 24 hours unless flagged)

Thanks Yaw. It's all up now:
[root@central]# docker-compose ps
Name Command State Ports

central_postgres_1 docker-entrypoint.sh postgres Up 5432/tcp
enketo docker-entrypoint.sh /bin/ ... Up 8005/tcp
enketo_redis_cache docker-entrypoint.sh redis ... Up 6379/tcp
enketo_redis_main docker-entrypoint.sh redis ... Up 6379/tcp
mail /bin/entrypoint.sh exim -b ... Up 25/tcp
nginx /bin/bash /scripts/odk-set ... Up (healthy) 0.0.0.0:443->443/tcp, 0.0.0.0:80->80/tcp
pyxform waitress-serve --port=80 - ... Up
secrets docker-entrypoint.sh ./gen ... Exit 0
service docker-entrypoint.sh ./wai ... Up 8383/tcp
[root@central]#

However, from external when I access the site https://odk.mycompanyname.com, odk website has no any response. Since this site is in DMZ , so there are a lot of firewall settings by my company (not just this server itself), I doubt if there should be any special ports by need to be opened by DMZ ?

But if from within the container itself and curl https://odk.mycompanyname.com , it reports:

[root@central]# curl https://odk.mycompanyname.com

ODK CentralWe're sorry but ODK Central doesn't work properly without JavaScript enabled. Please enable it to continue.

[root@ central]#

From the above observations, do I need to open any special ports from DMZ firewall (I have already requested to open 80, 8080, 443, 8443, etc, and they are open), but anything else ?

Thanks for your help,