How install kobo on server where public address is a subdomain

PhilippeAccorsi · September 20, 2022, 2:57pm

Hi all

I tried to install Kobotoolbox and kobo need to run on public address like this kobo.xxxx.org (domain used for some other tool, so just subdomain with wildcard certificate are available).

In install process, I can seen kf, kc, ee subdomain name but I don’t understand if it is public or private subdomain.

I want tu use apache reverse proxy with specific ssl certificate. if I tried to open https://kobo.xxxx.org I can seen log in apache reverse proxy, in nginx proxy in container kobofe_nginx_1 but installation process stay on this all the time:

root@client-02:/data/kobotoolbox/kobo-install# python3 run.py
Removing network kobomaintenance_kobo-maintenance-network
WARNING: Network kobomaintenance_kobo-maintenance-network not found.
Network kobofe_kobo-fe-network is external, skipping
Stopping kobofe_kobocat_1        ... done
Stopping kobofe_nginx_1          ... done
Stopping kobofe_kpi_1            ... done
Stopping kobofe_enketo_express_1 ... done
Removing kobofe_kobocat_1        ... done
Removing kobofe_nginx_1          ... done
Removing kobofe_kpi_1            ... done
Removing kobofe_enketo_express_1 ... done
Removing network kobofe_kobo-fe-network
Network kobobe_kobo-be-network is external, skipping
Stopping kobobe_redis_main_1  ... done
Stopping kobobe_postgres_1    ... done
Stopping kobobe_mongo_1       ... done
Stopping kobobe_redis_cache_1 ... done
Removing kobobe_redis_main_1  ... done
Removing kobobe_postgres_1    ... done
Removing kobobe_mongo_1       ... done
Removing kobobe_redis_cache_1 ... done
Removing network kobobe_kobo-be-network
Launching environment
Creating network "kobobe_kobo-be-network" with driver "bridge"
Creating kobobe_mongo_1       ... done
Creating kobobe_redis_cache_1 ... done
Creating kobobe_redis_main_1  ... done
Creating kobobe_postgres_1    ... done
Waiting for PostgreSQL database to be up & running...
Creating network "kobofe_kobo-fe-network" with driver "bridge"
Creating kobofe_kpi_run ... done
The PostgreSQL database is running!
Creating kobofe_kpi_run ... done
Creating kobofe_enketo_express_1 ... done
Creating kobofe_kpi_1            ... done
Creating kobofe_kobocat_1        ... done
Creating kobofe_nginx_1          ... done
Waiting for environment to be ready. It can take a few minutes.
............................................................
`KoBoToolbox` has not started yet. This is can be normal with low CPU/RAM computers.

Wait for another 600 seconds?
	1) Yes
	2) No

Serveur config:

Debian10
32Go ram
8 thread (Xeon(R) CPU E3-1240 v6 @ 3.70GHz)
enough space disk.

I have check all logs with “python3 run.py --logs” and logs of apache and nginx proxy, logs of some container but not find problem.

What can I do or check ?

Thanks for any idea (I have seen some old other post here with same problem, but user not give solution).

regards,
Philippe

PhilippeAccorsi · September 20, 2022, 3:07pm

In config I have choose:

https
Use my own reverse-proxy/load-balancer
specific port (set in apache virtualhost)
smtp config (with custom value)

PhilippeAccorsi · September 21, 2022, 12:49pm

I have tested from scratch today (clean all folder, container and volume) and now I can see this logs

nginx: [emerg] could not build server_names_hash, you should increase server_names_hash_bucket_size: 64

But I don’t have access to the nginx container file, so I not understand what is going on.

kh1 · September 21, 2022, 1:40pm

kf, kc and ee subdomains are public from my own build

ee is for enketo express
kf is where forms are accessed
kc is the legacy interface

my working public subdomain looks like

https://kf.kobo.xxx.co.uk/#/forms (xxx being the domain)

PhilippeAccorsi · September 21, 2022, 1:52pm

Ok. And what value do you set when running run.py ? (for public domain and subdomain ?

PhilippeAccorsi · September 21, 2022, 1:54pm

you have certificate for subdomain kobo.xxx.co.uk ? or it is just configured in DNS of the domain.

kh1 · September 21, 2022, 1:56pm

mine was set up via dns

but the steps i took can be found here Setup on ubuntu 18.04 vm

PhilippeAccorsi · September 21, 2022, 2:56pm

But I don’t have access to the nginx container file, so I not understand what is going on.

I have find nginx config “kobo-docker/nginx/kobo-docker-scripts/nginx.conf” so I have changed value 64 by 128 (like visible here and here).

But it is not better. (start not finish and nothing open on url (just http code 204 visible in log)

PhilippeAccorsi · September 22, 2022, 2:36pm

So, I have find all error (in reverse proxy and config when run “python3 run.py”).

Apache configuration not done correctly (some mistake). I have create configuration with some part come from some issues in this forum and issue in github repository. I think it can be a good idea to add docuentation about what we need to to to use own reverse proxy (I can do this documentation but I don’t know where.)

Now kobo seems to work correctly (run.py finish quickly and web page respond). This is all configuration I used:

I add 3 DNS entry: kobo.mydomain.org, kc.mydomain.org, ee.mydomain.org
I add 3 apache2 configuration, one for each domaine like this (replace {subdomain} by subdomain you choose):

<VirtualHost *:80>
    ServerName {subdomain}.mydomain.org
    RewriteEngine On
    RewriteCond %{REQUEST_URI} ^/\.well\-known
    RewriteRule . - [L]
    RewriteCond %{HTTPS} !=on
    RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName {subdomain}.mydomain.org

    # SSL configuration
    SSLEngine on
    SSLCertificateFile "/etc/ssl/wildcard.mydomain.org.crt"
    SSLCertificateKeyFile "/etc/ssl/private/wildcard.mydomain.org.key"
    SSLCACertificateFile "/etc/ssl/GandiStandardSSLCA2.wildcard.mydomain.org.crt"

    #SSLUseStapling on
    SSLCipherSuite !EDH:!RC4:!ADH:!DSS:HIGH:+AES128:+AES256-SHA256:+AES128-SHA256:+SHA:!3DES:!NULL:!aNULL:!eNULL
    SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
    SSLHonorCipherOrder on
    SSLOpenSSLConfCmd ECDHParameters secp384r1
    Header always set Strict-Transport-Security "max-age=31536000; preload"

    CustomLog /var/log/apache2/{subdomain}.mydomain.org-access.log combined
    ErrorLog /var/log/apache2/{subdomain}.mydomain.org-error.log

    RequestHeader set X-Forwarded-Proto https

    ProxyPreserveHost On
    ProxyRequests Off
    ProxyPass / http://127.0.0.1:8080/
    ProxyPassReverse /  http://127.0.0.1:8080/
</VirtualHost>

Like that, installation finish correctly. After that:

I stop with ./run --stop
vim /path-of-installation/kobo-docker/docker-compose.frontend.override.yml to change - 0.0.0.0:8080:80 by - 127.0.0.1:8080:80 (to make sure nginx just accessible by the local reverse proxy)
python3 run.py

After that, all seems work correctly.

PhilippeAccorsi · September 22, 2022, 2:39pm

I have just a doubt about if it is necessary to have 3 apache config or if I can just have ServerName kobo.mydomain.org, kc.mydomain.org, ee.mydomain.org.