SSL_TYPE=letsencrypt error ODK Central

Daniel_Alberto_Diaz · November 19, 2019, 8:28pm

1. What is the problem? Be very detailed.
The problem is with the certificates, I generated them manually but I don't know how to put them inside the docker. When I select the self option in SSL_TYPE, it allows me to execute odk central correctly but without https, what causes me to not be able to download the forms from the devices.

What application or server are you using and on which device and operating system? Include version numbers.
docker-compose version 1.23.2, build 1110ad01, ODK CENTRAL, linux server 16, google cloud
What have you tried to solve the problem?
Generate certificates manually. Modify and build ~ / central / files / nginx / odk.conf.template by adding the missing paths to the certificates. Without results
What steps can we take to reproduce the problem?
SSL_TYPES in the .env file I think this is the problem in the process of generating letsencrypt certificates.
Anything else we should know or have? If you have a test form or screenshots or records, attach below.

nginx11920×1080 704 KB

nginx21920×1080 661 KB

nginx31920×1080 677 KB

issa · November 19, 2019, 11:28pm

hey @Daniel_Alberto_Diaz:

please try this.. in the file nginx.dockerfile
replace the line:
FROM staticfloat/nginx-certbot@sha256:a3fff8a1d75ae2b28d8e77d71468bc51bf98588c4762c6c7d7c55e0e548e6976
with
FROM staticfloat/nginx-certbot@sha256:113300163d871119a261738964d7d8f24a478a605d56888a82e9f45fb353698d

Daniel_Alberto_Diaz · November 20, 2019, 1:35am

hi issa, Thank you for your time I appreciate it a lot, I compile with a newer version maybe of docker, now I will have to install a new version, when I do it I will tell you if it was solved. Thanks again for your support.

docker-compose.yml" is unsupported. You might be seeing this error because you're using the wrong Compose file version. Either specify a version of "2" (or "2.0")

Daniel_Alberto_Diaz · November 20, 2019, 2:28am

hi @issa , Now much better no longer throws any kind of error. I only see this that maybe this bad...

| /scripts/run_certbot.sh: 32: /scripts/run_certbot.sh: Bad substitution

Daniel_Alberto_Diaz · November 20, 2019, 2:44am

hi @issa It took a few minutes but it worked !!! He is a genius !!! Thank you so much for everything

dlederer · November 21, 2019, 9:22am

Hi @issa. I gave this a try but an error occurs. When I check the nginx logs, it says Error: urn:acme:error:unauthorized.

issa · November 21, 2019, 5:22pm

hi; did you run these after you edited the file?

docker-compose build
systemctl restart docker-compose@central

dlederer · November 21, 2019, 6:10pm

Hi @issa,
Yes. I changed the file and ran those commands.

It still says unhealthy. Any other ideas?

Daniel_Alberto_Diaz · November 21, 2019, 6:26pm

hi @dlederer after modifying nginx.dockerfile perform these three steps

cd central
docker-compose build nginx
systemctl stop docker-compose@central
systemctl start docker-compose@central
systemctl restart docker-compose@central
docker-compose up

it worked for me that way.

I modified the files before doing the docker-compose build but still I had to run those procedures that I detail below

issa · November 21, 2019, 6:26pm

i'm not sure. something isn't right with how you're applying the fix but i don't know how. the log output indicates that it's still using the old version rather than the new one that the changed line asks it to use.

Daniel_Alberto_Diaz · November 21, 2019, 7:25pm

Install a new one to see if I had problems, with the steps I detailed before I could do it perfectly.

dlederer · November 21, 2019, 7:36pm

I appreciate the help. It still says nginx is unhealthy. Any other places I should look to view potential errors? I followed instructions exactly.

issa · November 21, 2019, 7:49pm

i'm not sure. if you still see the text "Please upgrade your ACME client to a version that supports ACMEv2 / RFC 8555." in the error output, that means you're still running the old version, not the fixed version.

Daniel_Alberto_Diaz · November 22, 2019, 1:37am

hi @dlederer The first thing to do is link your server to the domain when your server's IP responds to the domain follow these steps.

1.- git clone https://github.com/opendatakit/central
2.- cd central
3.- git submodule update -i
4.- cd central nano .env
5.- SSL_TYPE=letsencrypt
DOMAIN=mydomain.com
SYSADMIN_EMAIL=administrator@gmail.com
6.- cd central nano nginx.dockerfile
replace the line:
FROM staticfloat/nginx-certbot@sha256:a3fff8a1d75ae2b28d8e77d71468bc51bf98588c4762c6c7d7c55e0e548e6976
with
FROM staticfloat/nginx-certbot@sha256:113300163d871119a261738964d7d8f24a478a605d56888a82e9f45fb353698d
7.- This is so you can upload and read large csv files without breaking them. This step is optional if you want to do it.
cd central nano files/nginx/inflate_body.lua
ngx.req.read_body()
local data = ngx.req.get_body_data()

  if data == nil or data == '' then
    local file = io.open(ngx.req.get_body_file(), "r")
    data = file:read("*a")
    file:close()
  end

  if data ~= nil and data ~= '' then
    local new_data = inflate_body(data)

is close to line 50 at the end of the file compare and add the line.
8.- docker-compose build
9.- docker-compose up --no-start
10.- cp files/docker-compose@.service /etc/systemd/system
11.- systemctl start docker-compose@central
12.- I WAIT A FEW MINUTES FOR SCRIPTS TO WORK, 5 TO 10 MIN IS OK
13.- systemctl status docker-compose@central
14.- docker-compose ps
15.- systemctl enable docker-compose@central
16.- restart your server, wait a few minutes again and rerun the docker-compose ps command
17.- cd central
docker-compose build nginx
systemctl stop docker-compose@central
systemctl start docker-compose@central
systemctl restart docker-compose@central
docker-compose up
docker-compose ps (healthy) it should be OK
18.- docker-compose exec service odk-cmd --email yourmail@gmail.com user-create
docker-compose exec service odk-cmd --email yourmail@gmail.com user-set-password
docker-compose exec service odk-cmd --email yourmail@gmail.com user-promote
19.- continue with the tutorial to configure smtp and so on if you wish. But with that it should be working odk central

In this way it worked for me and I already installed 3 test servers 2 for configurations and 1 for production. I hope you are lucky with the steps you indicate. Good luck!

dlederer · November 22, 2019, 2:11pm

Hi @Daniel_Alberto_Diaz,
Thank you for the step by step instructions. I followed them. When I got to step 14, the nginx was still unhealthy. I then restarted, as per your instructions, and when I ran the docker-compose build nginx command, I received this error. I think this is the root of the problem.

Thank you for the help @issa @Daniel_Alberto_Diaz!

Any ideas where to look from here?

nginx%20error|690x354

Daniel_Alberto_Diaz · November 22, 2019, 2:42pm

It is normal that you give that error in step 14 continue with the other steps and you can have your central healthy

dlederer · November 22, 2019, 3:14pm

Wow! Thank you - I appreciate the help @Daniel_Alberto_Diaz @issa !

Daniel_Alberto_Diaz · November 22, 2019, 3:39pm

hey @dlederer I solve? please check the post that served to have references that occur this error. Regards

DocC · August 28, 2020, 1:29pm

HI Daniel,

First let me say thank you for these wonderful instructions, the help me.
However I am having an issue with part of Step 17.

When I run docker-compose up
my docker keeps running. It never stops to allow me to be able to apply step 18.

Could you please help ?

I am a statistician, and this is my first go around with anything server/docker related.

Wanted to say that upfront in-case this question seem foolish.

Thank you in advance for any help