Odk central self hosting

Support
1

Has anyone ever tried to self-host ODK Central? how did you do this?

I'm on ubuntu 20.04

1. What is the issue? Please be detailed.
I've successfuly installed ODK central server through instructions from https://docs.getodk.org/central-install-digital-ocean/#getting-and-setting-up-central

I also successfully installed CA server to manage SSL locally, I'm able to deploy and/or sign certificates instructions from https://linuxopsys.com/topics/create-certificate-authority-on-ubuntu-linux

When I set central's .env file to SSL_TYPE=selfsign I'm able to login but cant get forms on tablet.

When I set .env file to SSL_TYPE=letsencrypt I'm getting error "xx.xx.xx.xx refused to connect."
Mind you I've my CA server managing CSR locally. my firewall is turned off.

What else do I need?. does Central really really provide self-hosting service?

2. What steps can we take to reproduce this issue?

3. What have you tried to fix the issue?
have tried to use my FQDN instead of local IP address still doesnt work.

4. Upload any forms or screenshots you can share publicly below.

# Use fully qualified domain names. Set to DOMAIN=local if SSL_TYPE=selfsign.
DOMAIN=196.xx.xx.xx
# Used for Let's Encrypt expiration emails and Enketo technical support emails
SYSADMIN_EMAIL=rkanduna@gmail.com

# Options: letsencrypt, customssl, upstream, selfsign
SSL_TYPE=letsencrypt

# Do not change if using SSL_TYPE=letsencrypt
HTTP_PORT=8081
HTTPS_PORT=9443

# Optional: configure Node
# SERVICE_NODE_OPTIONS=

# Optional: connect to a custom database server
# DB_HOST=
# DB_USER=
# DB_PASSWORD=
# DB_NAME=

# Optional: configure a custom mail server
# EMAIL_FROM=
# EMAIL_HOST=
# EMAIL_PORT=
# EMAIL_SECURE=
# EMAIL_IGNORE_TLS=
# EMAIL_USER=
# EMAIL_PASSWORD=

# Optional: configure error reporting
# SENTRY_ORG_SUBDOMAIN=
# SENTRY_KEY=
# SENTRY_PROJECT=
~
~
~
~
~
~
~
~
~
2

Hi @ronex_kanduna

A warm welcome to the ODK community! When you get a chance please take a moment to introduce yourself

Is your Central server available to the general public (accessible via a public IP address) or open on your local network only (that is using a private IP address)?

Are you able to access the forms in the browser on your phone/tablet?

3

Well! I will very soon.

Yes my server is accessible publicly when using SSL_TYPE=selfsign. once I change to SSL_TYPE=letsencrypt connection goes off. I've also tried to configure using local address

4

Hi @ronex_kanduna

Self-sign and letencrypt are two different methods and you don't have to mix them.

Do you have a valid domain name registered and set up? Here are a couple of things to check:

  1. Make sure your intermediate/chain certificates are properly set.
  2. Make sure your self generated certificates are valid
5

You must use a fully qualified domain (e.g., mycentralserver.com). An IP (e.g., 196.1.2.3) will not work.

6

can you check my .env file. I'm still not able to connect

# Use fully qualified domain names. Set to DOMAIN=local if SSL_TYPE=selfsign.
DOMAIN=mysite.mydomain.ac.uk/
# Used for Let's Encrypt expiration emails and Enketo technical support emails
SYSADMIN_EMAIL=rkanduna@gmail.com

# Options: letsencrypt, customssl, upstream, selfsign
SSL_TYPE=letsencrypt

# Do not change if using SSL_TYPE=letsencrypt
HTTP_PORT=8081
HTTPS_PORT=9443

# Optional: configure Node
# SERVICE_NODE_OPTIONS=

# Optional: connect to a custom database server
# DB_HOST=
# DB_USER=
# DB_PASSWORD=
# DB_NAME=

# Optional: configure a custom mail server
# EMAIL_FROM=
# EMAIL_HOST=
# EMAIL_PORT=
# EMAIL_SECURE=
# EMAIL_IGNORE_TLS=
# EMAIL_USER=
# EMAIL_PASSWORD=

# Optional: configure error reporting
# SENTRY_ORG_SUBDOMAIN=
# SENTRY_KEY=
# SENTRY_PROJECT=
7

If you are using letsencrypt, your ports have to be 80 and 443. Your env should look like this.

# Options: letsencrypt, customssl, upstream, selfsign
SSL_TYPE=letsencrypt

# Do not change if using SSL_TYPE=letsencrypt
HTTP_PORT=80
HTTPS_PORT=443
8

2 posts were split to a new topic: Error occured during the loading of this form