[xxx kobo-install]$ python3 run.py --setup
║ Welcome to KoBoInstall! ║
║ You are going to be asked some questions that will ║
║ determine how to build the configuration of `KoBoToolBox`. ║
║ Some questions already have default values (within brackets). ║
║ Just press `enter` to accept the default value or enter `-` ║
║ to remove previously entered value. ║
║ Otherwise choose between choices or type your answer. ║
Where do you want to install?
Please confirm path [/apps/kobo-docker]
Do you want to see advanced options?
What kind of installation do you need?
1) On your workstation
2) On a server
Please choose which network interface you want to use?
Do you want to use separate servers for frontend and backend?
Public domain name [xxx.com]:
KPI sub domain [kf]:
KoBoCat sub domain [kc]:
Enketo Express sub domain name [ee]:
Do you want to use HTTPS?
║ Please note that certificates must be installed on a reverse-proxy ║
║ or a load balancer. ║
║ KoBoInstall can install one, if needed. ║
Auto-install HTTPS certificates with Let's Encrypt?
2) No - Use my own reserve-proxy/load-balancer
Is your reverse-proxy/load-balancer installed on this server?
Internal port used by reverse proxy?
SMTP server [xxx]:
SMTP port :
SMTP user [xxx]:
SMTP password [BE/xxx]:
From email address [xxx]:
Super user's username [xxx]:
Super user's password [xxx]:
Docker Compose prefix? (leave empty for default):
KoBoCat PostgreSQL database name?
KPI PostgreSQL database name?
PostgreSQL user's username?
PostgreSQL user's password?
Do you want to tweak PostgreSQL settings?
MongoDB root's username?
[xxx]: MongoDB root's password?
MongoDB user's username?
MongoDB user's password?
Do you want to expose backend container ports (`PostgreSQL`, `MongoDB`, `redis`) ?
║ WARNING! When exposing backend container ports, ║
║ it's STRONGLY recommended to use a firewall to ║
║ grant access to frontend containers only. ║
Do you want to customize service ports?
Do you want to use AWS S3 storage?
Google Analytics Identifier:
Google API Key:
Do you want to use Sentry?
Do you want to tweak uWSGI settings?
Do you want to activate backups?
Steps to Reproduce
I listed the example I have above. Not sure if this exact scenario is easily reproducible or if its something I can easily fix.
Can you tell why you are using another NGINX proxy between the ELB and the Kobo Toolbox?
Do you have others app running on the same server? If you are using only KoBo Toolbox, you could get rid of it.
Can you try to force the X-Forwarded-Proto and X-Forwarded-Scheme to https ?
On your NGINX proxy, I would think that $scheme equals http which causes your endless loop within kobo-docker NGINX configuration.
The reason is that we have one elb to perform https offloading in our environment (its easy to manage certs in aws cert manager that way). And to avoid having to pay for multiple ELB load balancers for every app we run. This load balancer just forwards traffic to our nginx proxy where we can easily reverse proxy traffic within our network.
There may have been a better way to set this up but it seems to work for most apps so far and has saved a lot of money in ELB costs.
HTTPSConnectionPool(host=‘kc.wsbeng.com’, port=443): Max retries exceeded with url: /api/v1/user (Caused by NewConnectionError(’<urllib3.connection.VerifiedHTTPSConnection object at 0x7f0d30d12e20>: Failed to establish a new connection: [Errno -2] Name or service not known’))
@roemhildtg. Oh it looks like a bug we fixed.
Please pull the latest version of kobo-install and run ./run.py --update. We’ve just released a new version (2.2.1) that fixes a sessions issue on KC. (When the session is invalid, it redirects to KPI).
Hmm -okay yep that did fix that issue. Now I’m back to solving the /me/ endpoint not working. Maybe it has something to do with me commenting out the stuff in nginx so I am troubleshooting the header issue.
Looks like the app I’m using to manage nginx had an override that was setting:
proxy_set_header X-Forwarded-Proto $scheme;
I’m not entirely sure why EC2 ELB was setting the scheme to http but I changed this to https in the config and kobo tools immediately started working correctly.
If anyone has a suggestion on getting ELB to pass the correct scheme, I’d love to hear it. My setup looks like this in ELB:
ELB HTTPS (443) -> NGINX Proxy (80)
I haven’t been able to get it working with port 443 on nginx.
I know it won’t help you but, as I said, we don’t use an intermediate NGINX between our ELB and kobo-docker NGINX. We leave the HTTPS configuration on the ELB and use the same setup e.g.: ELB HTTPS (443) -> NGINX Proxy (80)
We don’t have to install (maintain) certificates on the front-end containers. It’s easier for use auto-scale group too.
I have it working with the reverse proxy by manually forcing that property in my reverse proxy intermediary.
The one issue I’m running into - is probably user error, but I’m not seeing anything obvious. I uploaded a form (Excel spreadsheet) and when I click “Open”, it doesn’t do anything. Preview works fine, form editing works fine, just the “Open” button isn’t working:
Mongo: OK in 0.026 seconds
Postgres: OK in 0.0134 seconds
Enketo [http://ee.wsbeng.internal]: OK in 1.15 seconds
KoBoCAT [http://kc.wsbeng.internal]: OK in 1.52 seconds
----BEGIN KOBOCAT RESPONSE----
Mongo: OK in 0.0165 seconds
Postgres: OK in 0.0111 seconds
---- END KOBOCAT RESPONSE ----
Everything appears okay, no? I still have no action when clicking the open button though. There aren’t any errors in the console, and I haven’t seen any network errors.