I tried to install Kobotoolbox and kobo need to run on public address like this kobo.xxxx.org (domain used for some other tool, so just subdomain with wildcard certificate are available).
In install process, I can seen kf, kc, ee subdomain name but I donât understand if it is public or private subdomain.
I want tu use apache reverse proxy with specific ssl certificate. if I tried to open https://kobo.xxxx.org I can seen log in apache reverse proxy, in nginx proxy in container kobofe_nginx_1 but installation process stay on this all the time:
root@client-02:/data/kobotoolbox/kobo-install# python3 run.py
Removing network kobomaintenance_kobo-maintenance-network
WARNING: Network kobomaintenance_kobo-maintenance-network not found.
Network kobofe_kobo-fe-network is external, skipping
Stopping kobofe_kobocat_1 ... done
Stopping kobofe_nginx_1 ... done
Stopping kobofe_kpi_1 ... done
Stopping kobofe_enketo_express_1 ... done
Removing kobofe_kobocat_1 ... done
Removing kobofe_nginx_1 ... done
Removing kobofe_kpi_1 ... done
Removing kobofe_enketo_express_1 ... done
Removing network kobofe_kobo-fe-network
Network kobobe_kobo-be-network is external, skipping
Stopping kobobe_redis_main_1 ... done
Stopping kobobe_postgres_1 ... done
Stopping kobobe_mongo_1 ... done
Stopping kobobe_redis_cache_1 ... done
Removing kobobe_redis_main_1 ... done
Removing kobobe_postgres_1 ... done
Removing kobobe_mongo_1 ... done
Removing kobobe_redis_cache_1 ... done
Removing network kobobe_kobo-be-network
Launching environment
Creating network "kobobe_kobo-be-network" with driver "bridge"
Creating kobobe_mongo_1 ... done
Creating kobobe_redis_cache_1 ... done
Creating kobobe_redis_main_1 ... done
Creating kobobe_postgres_1 ... done
Waiting for PostgreSQL database to be up & running...
Creating network "kobofe_kobo-fe-network" with driver "bridge"
Creating kobofe_kpi_run ... done
The PostgreSQL database is running!
Creating kobofe_kpi_run ... done
Creating kobofe_enketo_express_1 ... done
Creating kobofe_kpi_1 ... done
Creating kobofe_kobocat_1 ... done
Creating kobofe_nginx_1 ... done
Waiting for environment to be ready. It can take a few minutes.
............................................................
`KoBoToolbox` has not started yet. This is can be normal with low CPU/RAM computers.
Wait for another 600 seconds?
1) Yes
2) No
Serveur config:
Debian10
32Go ram
8 thread (Xeon(R) CPU E3-1240 v6 @ 3.70GHz)
enough space disk.
I have check all logs with âpython3 run.py --logsâ and logs of apache and nginx proxy, logs of some container but not find problem.
What can I do or check ?
Thanks for any idea (I have seen some old other post here with same problem, but user not give solution).
So, I have find all error (in reverse proxy and config when run âpython3 run.pyâ).
Apache configuration not done correctly (some mistake). I have create configuration with some part come from some issues in this forum and issue in github repository. I think it can be a good idea to add docuentation about what we need to to to use own reverse proxy (I can do this documentation but I donât know where.)
Now kobo seems to work correctly (run.py finish quickly and web page respond). This is all configuration I used:
I add 3 apache2 configuration, one for each domaine like this (replace {subdomain} by subdomain you choose):
<VirtualHost *:80>
ServerName {subdomain}.mydomain.org
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/\.well\-known
RewriteRule . - [L]
RewriteCond %{HTTPS} !=on
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
<VirtualHost *:443>
ServerName {subdomain}.mydomain.org
# SSL configuration
SSLEngine on
SSLCertificateFile "/etc/ssl/wildcard.mydomain.org.crt"
SSLCertificateKeyFile "/etc/ssl/private/wildcard.mydomain.org.key"
SSLCACertificateFile "/etc/ssl/GandiStandardSSLCA2.wildcard.mydomain.org.crt"
#SSLUseStapling on
SSLCipherSuite !EDH:!RC4:!ADH:!DSS:HIGH:+AES128:+AES256-SHA256:+AES128-SHA256:+SHA:!3DES:!NULL:!aNULL:!eNULL
SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder on
SSLOpenSSLConfCmd ECDHParameters secp384r1
Header always set Strict-Transport-Security "max-age=31536000; preload"
CustomLog /var/log/apache2/{subdomain}.mydomain.org-access.log combined
ErrorLog /var/log/apache2/{subdomain}.mydomain.org-error.log
RequestHeader set X-Forwarded-Proto https
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://127.0.0.1:8080/
ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>
Like that, installation finish correctly. After that:
I stop with ./run --stop
vim /path-of-installation/kobo-docker/docker-compose.frontend.override.yml to change - 0.0.0.0:8080:80 by - 127.0.0.1:8080:80 (to make sure nginx just accessible by the local reverse proxy)
I have just a doubt about if it is necessary to have 3 apache config or if I can just have ServerName kobo.mydomain.org, kc.mydomain.org, ee.mydomain.org.