Using HTTPS with ODK Aggregate on a pre-configured VirtualBox VM

Hi all, thanks for any assistance in advance.

1. What is the problem? Be very detailed.

I have downloaded and imported the latest pre-configured VM, imported it into VirtualBox, changed passwords, network adapter mode and set fqdn - all by following the very good documentation.
However, my VM works fine on port 8080 but I don't get any response on port 8443. Potentially we hope to use Aggregate to collect patient data, so I would obviously like any communication to be done securely.

Has anyone got any documentation, instructions or even suggestions how to set up the Aggregate VM to use HTTPS?

I have trawled the forum and the internet but my Google-fu has failed me this time. From looking at some Tomcat documentation, I understand that I may need a certificate but that I may be able to get by with a self-cert.

2. What app or server are you using and on what device and operating system? Include version numbers.

I am using the latest VirtualBox VM downloaded from Github:
ODK-Aggregate-v2.0.3-VM.ova.zip

VirtualBox version:
Version 5.2.26 r128414

3. What you have you tried to fix the problem?

I don't really know where to start, I am no expert with Linux or Tomcat. I have looked to see if I could find the Aggregate config files (no luck), I have found an interesting Tomcat document about creating a self signed SSL certificate and found a Tomcat config file where I may be able to add another line to make port 8443 active

4. What steps can we take to reproduce the problem?

Download the VM image, set up using the instructions in the documentation, then try to access the server using port 8443. It only works on 8080 (after setting the fqdn)

5. Anything else we should know or have? If you have a test form or screenshots or logs, attach below.

Sorry nothing else to add, except my gratitude for anyone that takes the time to help.
Thank you.

If you need SSL, the VM is likely going to be a huge pain. I'd use the Digital Ocean install instead. Any reason why that won't work?

Hi, @CraigT!

I agree with @yanokwa: configuring SSL on Tomcat is going to be a pain.

If you're not ready to use a cloud-based server, the easiest way to add SSL to your VM is to put an nginx server in front of Tomcat, just like we do in the DigitalOcean install.

There is great documentation about it:

• This guide explains how to set up nginx as a reverse proxy: https://docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/
• This guide explains how to use LetsEncrypt to add auto-renewing SSL certificates to nginx: https://certbot.eff.org/lets-encrypt/debianstretch-nginx
  You will need to create and use a domain name, though, and your server will have to be accessible to the internet.

You can also get some inspiration from the Aggregate's CloudConfig scripts here: https://github.com/opendatakit/aggregate/blob/master/cloud-config/digital-ocean/cloud-config.yml

Thanks for the advice. We went for the VM ironically for the ease of configuring and setup. Using Digital Ocean would be incur costs and as this is initially a trial, we didn't want to go down this route. Plus we have our own VMWare infrastructure which we hope to use if the trial is a success. Paying for a Digital Ocean install is an option though if we can get some funding.

If you want to do a trial, then use the VM with no SSL.

If you want to store patient data, then use DigitalOcean (or AWS or Azure or Google Cloud). We recommend DigitalOcean because the easiest of the bunch. You can likely get by with the $5/month plan and DigitalOcean will give you $100 of credit to spend during the first 60 days.

Note that if you have your own VMWare infrastructure, you'll still need to find a way to get a reverse proxy setup so you can add SSL. I don't know your labor costs, but it'll likely be more than $5/month...

Looking likely we will use no SSL because of my time constraints. I appreciate it may be easier to go the DO route.
I also spotted this section in the Google instructions, could it apply to my VirtualBox VM too?
https://docs.opendatakit.org/aggregate-google-cloud/#enable-https

@CraigT No. The SSL instructions we provide for the cloud providers are for the cloud installs. I suppose we can consider what it'd take to add SSL to the VM, but it's not something that's turnkey at the moment.

I understand. It would be great if in the future there was simple(r) way to enable HTTPS/SSL - especially on the VM, as I choose the VM option because I felt it would require the least configuration.

Thanks again for the quick response.

I hear you. @ggalmazor and I are looking into how we can do that and we'll update this topic if we have a good way forward.