tolexy
June 9, 2020, 10:19pm
1
TL:DR Looking for a good quick and dirty place to start and/or finsih when implementing manual custom certs from a CA other than letsencrypt. Forums mention setting up reverse proxy, and we have done this but are at a complete loss on how to connect this to the containers, container start order, settings etc. Nothing seems to work, and short of digging through the certbot container for configs etc, was hoping there was a good starting point someone has had from past experience. Rev proxies are not my strong suit, yet!
So I have had an instance (or three) of kobo running for over a year and done several upgrades. Love the tool! Sadly, my organization is now restricting LetsEncrypt as a CA for our domain. Essentially we were getting the certs from letsencrypt auto renewed and all was perfect. We had our IT add records such that our DNS provided would accept an external CA. Great.
We have tried install nginx and config (which is probably wrong)
kobo-install: HTTPS => yes Auto-get certs => no behind rev proxy=> yes on server=> yes and keep getting bad gateway. I just feel like we are missing one small key piece to get everything connected properly.
Ubuntu 18, kobo-install-2.020.23 install nginx on VM outside of all containers.
any help or guide in the right direction for this is supremely welcome!!
Hi @tolexy ,
You could have a look at the configuration (Apache) as outlined here:
opened 04:31AM - 30 Jan 19 UTC
closed 04:34AM - 06 Feb 19 UTC
Hi, I just tried to install this and it's not working.
Here is my config :
- A… lpine Linux 3.8.2 (last version, up to date) running on HyperV
- docker 18.09.1-r0
- docker-compose 1.23.2
Here the output :
```
kobo [/home/kobo-install]# python run.py
╔═══════════════════════════════════════════════════════════════╗
║ Welcome to `kobo-install`! ║
║ ║
║ You are going to be asked some questions that will ║
║ determine how to build the configuration of `KoBoToolBox`. ║
║ ║
║ Some questions already have default values (within brackets). ║
║ Just press `enter` to accept the default value or enter `-` ║
║ to remove previously entered value. ║
║ Otherwise choose between choices or type your answer. ║
╚═══════════════════════════════════════════════════════════════╝
Where do you want to install?
[/home/kobo-docker]:
Do you want to see advanced options?
1) Yes
2) No
[2]:
What kind of installation do you need?
1) On your workstation
2) On a server
[2]:
Public domain name [kobo.local]: mydomain.tld
KPI sub domain [kf]: koboform
KoBoCat sub domain [kc]: kobocat
Enketo Express sub domain name [ee]: enketo
Do you use a reverse proxy or a load balancer?
1) Yes
2) No
[1]:
Use HTTPS?
Please note that certificate has to be installed on the load balancer!
1) Yes
2) No
[1]:
Internal port used by reverse proxy?
[80]:
SMTP server: mail.mydomain.tld
SMTP port [25]: 587
SMTP user: robot@mydomain.tld
SMTP password: xxxx
Use TLS?
1) True
2) False
[1]:
From email address [support@mydomain.tld]: robot@mydomain.tld
Super user's username [super_admin]:
Super user's password [^H$kNO-Tdi1Aq%EB]: xxxx
Do you want to activate backups?
1) Yes
2) No
[2]:
Cloning into '/home/kobo-docker'...
remote: Enumerating objects: 2546, done.
remote: Total 2546 (delta 0), reused 0 (delta 0), pack-reused 2546
Receiving objects: 100% (2546/2546), 1.84 MiB | 1.04 MiB/s, done.
Resolving deltas: 100% (1580/1580), done.
Switched to a new branch 'kobo-install'
From https://github.com/kobotoolbox/kobo-docker
* branch kobo-install -> FETCH_HEAD
Removing network kobo-docker_default
WARNING: Network kobo-docker_default not found.
Removing network kobo-docker_kobo-fe-network
WARNING: Network kobo-docker_kobo-fe-network not found.
Launching environment
Creating network "kobo-docker_default" with the default driver
Pulling mongo (mongo:3.4)...
Pulling redis_main (redis:3.2)...
Pulling postgres (mdillon/postgis:9.5)...
Pulling rabbit (kobotoolbox/rabbit:latest)...
Creating kobo-docker_mongo_1 ... done
Creating kobo-docker_postgres_1 ... done
Creating kobo-docker_rabbit_1 ... done
Creating kobo-docker_redis_main_1 ... done
Creating kobo-docker_redis_cache_1 ... done
Creating network "kobo-docker_kobo-fe-network" with driver "bridge"
WARNING: Found orphan containers (kobo-docker_redis_cache_1, kobo-docker_rabbit_1, kobo-docker_redis_main_1, kobo-docker_postgres_1, kobo-docker_mongo_1) for this project. If you removed or renamed this service in your compose file, you
can run this command with the --remove-orphans flag to clean it up.
Pulling nginx (kobotoolbox/nginx:latest)...
Pulling kobocat (kobotoolbox/kobocat:2.018.48)...
Pulling enketo_express (kobotoolbox/enketo-express-extra-widgets:1.72.2)...
Pulling kpi (kobotoolbox/kpi:2.018.48)...
Creating kobo-docker_enketo_express_1 ... done
Creating kobo-docker_kpi_1 ... done
Creating kobo-docker_nginx_1 ... done
Creating kobo-docker_kobocat_1 ... done
Waiting for environment to be ready. It can take a few minutes.
............................................................
`KoBoToolbox` has not started yet, wait for another 600 minutes!
............................................................
`KoBoToolbox` has not started yet, sometimes frontend containers can not communicate with backend containers.
Let's restart frontend containers.
Stopping kobo-docker_nginx_1 ... done
Stopping kobo-docker_kpi_1 ... done
Stopping kobo-docker_kobocat_1 ... done
Stopping kobo-docker_enketo_express_1 ... done
WARNING: Found orphan containers (kobo-docker_redis_cache_1, kobo-docker_rabbit_1, kobo-docker_redis_main_1, kobo-docker_postgres_1, kobo-docker_mongo_1) for this project. If you removed or renamed this service in your compose file, you
can run this command with the --remove-orphans flag to clean it up.
Removing kobo-docker_nginx_1 ... done
Removing kobo-docker_kpi_1 ... done
Removing kobo-docker_kobocat_1 ... done
Removing kobo-docker_enketo_express_1 ... done
Removing network kobo-docker_kobo-fe-network
Launching frontend containers
Creating network "kobo-docker_kobo-fe-network" with driver "bridge"
WARNING: Found orphan containers (kobo-docker_redis_cache_1, kobo-docker_rabbit_1, kobo-docker_redis_main_1, kobo-docker_postgres_1, kobo-docker_mongo_1) for this project. If you removed or renamed this service in your compose file, you
can run this command with the --remove-orphans flag to clean it up.
Creating kobo-docker_enketo_express_1 ... done
Creating kobo-docker_kpi_1 ... done
Creating kobo-docker_nginx_1 ... done
Creating kobo-docker_kobocat_1 ... done
...........................................................
Something went wrong! Please look at docker logs
```
The docker logs can be accessed here : http://dl.pasteur.la/?t=8755da5a95e39d223a3109829c5ad5cd
The syslog output `/var/log/docker.log` is here : http://dl.pasteur.la/?t=f4e53dd70f9c1cf9e7f51b12ab89054f
Any help would be appreciated, thanks.
As a backup you could also have a look here:
Hello derricknyakiba,
From the readme.
HTTPS certificates must be installed on a Reverse Proxy. KoBoInstall can install one and use Let's Encrypt to generate certificates thanks to nginx-certbot project
So nginx-certbot containers should handle certificates for you. You don’t have to create them on your own. Be sure to have ports 80 and 443 opened. If it doesn’t work, there may be an issue with your settings.
If you do want to use your own certificates, you need to choose Advanced optio…
Have a great day!
1 Like