Canvas LMS/Installation/Ubuntu14 04

From r00tedvw.com wiki
(Difference between revisions)
Jump to: navigation, search
(outgoing_mail.yml)
(Configure Canvas with Apache2)
 
(160 intermediate revisions by one user not shown)
Line 15: Line 15:
 
Minimum, Ubuntu 14.04 LTS+ server edition.  Desktop will require more hardware than listed above.<br>
 
Minimum, Ubuntu 14.04 LTS+ server edition.  Desktop will require more hardware than listed above.<br>
  
==Download Database software==
+
==Recommendations==
 +
I would recommend creating a user for installation of the Canvas rather than a unique personal or administrative account.  This is because certain files cannot be edited with sudo or it will break canvas.
 +
 
 +
==Installing PostgreSQL==
 
Postgres (Database)
 
Postgres (Database)
 
  <nowiki>~$ sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get -y autoremove
 
  <nowiki>~$ sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get -y autoremove
~$ sudo apt-get update && sudo apt-get install postgresql-9.3 -y </nowiki>
+
~$ sudo apt-get update && sudo apt-get install -y postgresql-9.3</nowiki>
  
==Configure Database==
+
==Configure PostgreSQL==
 
  <nowiki>~$ sudo -u postgres createuser canvas -D -S -R -P
 
  <nowiki>~$ sudo -u postgres createuser canvas -D -S -R -P
 
~$ sudo -u postgres createdb canvas_production --owner=canvas
 
~$ sudo -u postgres createdb canvas_production --owner=canvas
 
~$ sudo -u postgres createdb canvas_queue_production --owner=canvas</nowiki>
 
~$ sudo -u postgres createdb canvas_queue_production --owner=canvas</nowiki>
Create superuser (this one is named helpdesk)
 
<nowiki>sudo -u postgres createuser helpdesk
 
~$ sudo -u postgres psql -c "alter user helpdesk with superuser" postgres</nowiki>
 
  
==Download Git & Canvas==
+
==Verify Database Access==
 +
Its a good idea to make sure the new user can access the databases you just created.
 +
<nowiki>~$ psql -h localhost -U canvas canvas_production
 +
Password for user canvas:
 +
psql (9.3.9)
 +
SSL connection (cipher: DHE-RSA-AES256-GCM-SHA384, bits: 256)
 +
Type "help" for help.
 +
 
 +
canvas_production=> \q
 +
 
 +
~$ psql -h localhost -U canvas canvas_queue_production
 +
Password for user canvas:
 +
psql (9.3.9)
 +
SSL connection (cipher: DHE-RSA-AES256-GCM-SHA384, bits: 256)
 +
Type "help" for help.
 +
 
 +
canvas_queue_production=> \q</nowiki>
 +
 
 +
==Getting the Code & Installation==
 
  <nowiki>~$ sudo apt-get -y install git-core
 
  <nowiki>~$ sudo apt-get -y install git-core
~$ cd /var
+
~$ cd $HOME
~$ sudo git clone https://github.com/instructure/canvas-lms.git canvas
+
~/home/$USER$ git clone https://github.com/instructure/canvas-lms.git canvas
~$ cd canvas
+
~/home/$USER$ cd canvas
~/var/canvas$ sudo git branch --set-upstream-to origin/stable
+
~/home/$USER/canvas$ git branch --set-upstream-to origin/stable
~/var/canvas$ sudo chown -R helpdesk /var/canvas   --- helpdesk just happens to be the name of this useruse your own </nowiki>
+
~/home/$USER/canvas$ sudo mkdir -p /var/canvas
 +
~/home/$USER/canvas$ sudo chown -R $USER /var/canvas
 +
~/home/$USER/canvas$ cp -rav /home/$USER/canvas/. /var/canvas</nowiki>
 +
<!-- <br>
 +
''following steps no longer needed as the method for getting the files from git and moving them to /var/canvas/ has been done properly above''<br>
 +
Set helpdesk to owner on /var/canvas recursively.  helpdesk just happens to be the name of this user, use your own.  This is required so that bundle can be installed later on.
 +
<nowiki>~/var/canvas$ sudo chown -R helpdesk /var/canvas</nowiki> -->
  
==Download Ruby 2.1.6==
+
==Dependency Installation -Ruby 2.1.6==
You're going to have to add a repository because the version available through Ubuntu's US or Main repos is not up to date (at the time of this writing.<br>
+
You're going to have to add a repository because the version available through Ubuntu's US or Main repos is not up to date (at the time of this writing)<br>
  <nowiki>~/var/canvas$ sudo apt-get -y install software-properties-common
+
  <nowiki>~/var/canvas$ sudo apt-get install -y software-properties-common
 
~/var/canvas$ sudo apt-add-repository ppa:brightbox/ruby-ng
 
~/var/canvas$ sudo apt-add-repository ppa:brightbox/ruby-ng
 
~/var/canvas$ sudo apt-get update
 
~/var/canvas$ sudo apt-get update
~/var/canvas$ sudo apt-get -y install ruby2.1 ruby2.1-dev zlib1g-dev libxml2-dev libsqlite3-dev postgresql libpq-dev libxmlsec1-dev curl make g++</nowiki>
+
~/var/canvas$ sudo apt-get install -y ruby2.1 ruby2.1-dev zlib1g-dev libxml2-dev  
 +
~/var/canvas$ sudo apt-get install -y libsqlite3-dev postgresql libpq-dev  
 +
~/var/canvas$ sudo apt-get install -y libxmlsec1-dev curl make g++</nowiki>
 +
Its a good idea to verify you have Ruby 2.1 or higher after installation
 +
<nowiki>~/var/canvas$ ruby -v
 +
ruby 2.1.6p336 (2015-04-13 revision 50298) [x86_64-linux-gnu]</nowiki>
  
==Download Node.js==
+
==Dependency Installation -Node.js==
  <nowiki>~/var/canvas$ $ curl -sL https://deb.nodesource.com/setup_0.12 | sudo bash -
+
  <nowiki>~/var/canvas$ curl -sL https://deb.nodesource.com/setup_0.12 | sudo bash -
~/var/canvas$ sudo apt-get install nodejs -y</nowiki>
+
~/var/canvas$ sudo apt-get install -y nodejs</nowiki>
  
==Download Ruby Gems==
+
==Set systemuser as postgres superuser==
 +
<nowiki>~/var/canvas$ sudo -u postgres createuser $USER
 +
~/var/canvas$ sudo -u postgres psql -c "alter user $USER with superuser" postgres</nowiki>
 +
 
 +
==Ruby Gems -Bundler and Canvas dependencies==
 
If you are behind a firewall, you're going to need to open up the following routes to complete this sections' installation instructions:
 
If you are behind a firewall, you're going to need to open up the following routes to complete this sections' installation instructions:
 
:192.30.252.128:9418
 
:192.30.252.128:9418
Line 54: Line 87:
 
:192.30.252.131:9418
 
:192.30.252.131:9418
  
  <nowiki>~/var/canvas$ sudo gem install bundler --version 1.7.11
+
  <nowiki>~/var/canvas$ sudo gem install bundler --version 1.7.11</nowiki>
~/var/canvas$ bundle install --path vendor/bundle --without=sqlite mysql</nowiki>
+
Install bundle.  You '''CANNOT''' install this as Root, if you do, it will break the application.  If you are getting a permissions error, then you did not copy the files to /var/canvas properly as instructed earlier.
 +
<nowiki>~/var/canvas$ bundle install --path vendor/bundle --without=sqlite mysql</nowiki>
  
 
==Download default config files from Amazon instance==
 
==Download default config files from Amazon instance==
Line 62: Line 96:
 
do cp config/$config.yml.example config/$config.yml; done</nowiki>
 
do cp config/$config.yml.example config/$config.yml; done</nowiki>
  
==Configuration==
+
==Default Configuration==
 
====database.yml====
 
====database.yml====
 
  <nowiki>~/var/canvas$ cp ./config/database.yml.example ./config/database.yml
 
  <nowiki>~/var/canvas$ cp ./config/database.yml.example ./config/database.yml
~/var/canvas$ vi config/database.yml</nowiki>
+
~/var/canvas$ vi ./config/database.yml</nowiki>
 +
Comment everything except Production if that is all you want.<br>
 
Under '''Production'''
 
Under '''Production'''
 
*edit the database name (if different from default)''default=canvas_production & canvas_queue_production''
 
*edit the database name (if different from default)''default=canvas_production & canvas_queue_production''
Line 90: Line 125:
  
 
====outgoing_mail.yml====
 
====outgoing_mail.yml====
  ~/var/canvas$ cp ./config/outgoing_mail.yml.example ./config/outgoing_mail.yml
+
  <nowiki>~/var/canvas$ cp ./config/outgoing_mail.yml.example ./config/outgoing_mail.yml
~/var/canvas$ vi config/outgoing_mail.yml
+
~/var/canvas$ vi ./config/outgoing_mail.yml</nowiki>
 +
Comment everything except Production if that is all you want.<br>
 
Under '''Production'''
 
Under '''Production'''
 
*Edit the address, this should be your email relay or SMTP server
 
*Edit the address, this should be your email relay or SMTP server
Line 101: Line 137:
  
 
:In my instance, I only changed the address, username, password, domain, and outgoing_address
 
:In my instance, I only changed the address, username, password, domain, and outgoing_address
  production:
+
  <nowiki>production:
  address: "smtp.example.com"
+
address: "smtp.example.com"
  port: "25"
+
port: "25"
  user_name: "user"
+
user_name: "user"
  password: "password"
+
password: "password"
  authentication: "plain" # plain, login, or cram_md5
+
authentication: "plain" # plain, login, or cram_md5
  domain: "example.com"
+
domain: "example.com"
  outgoing_address: "[email protected]"
+
outgoing_address: "[email protected]"
  default_name: "Instructure Canvas"
+
default_name: "Instructure Canvas"</nowiki>
 +
 
 +
====domain.yml====
 +
<nowiki>~/var/canvas$ cp ./config/domain.yml.example ./config/domain.yml
 +
~/var/canvas$ vi ./config/domain.yml</nowiki>
 +
Comment everything except Production if that is all you want.<br>
 +
Under '''Production'''
 +
*Edit the domain
 +
*Uncomment the files domain and add your domain
 +
 
 +
:In my instance, I only changed the domain and uncommented the files domain
 +
<nowiki>production:
 +
domain: "canvas.example.com"
 +
# whether this instance of canvas is served over ssl (https) or not
 +
# defaults to true for production, false for test/development
 +
ssl: true
 +
files_domain: "canvasfiles.example.com"</nowiki>
 +
 
 +
====security.yml====
 +
 
 +
<nowiki>~/var/canvas$ cp ./config/security.yml.example ./config/security.yml
 +
~/var/canvas$ vi ./config/security.yml</nowiki>
 +
Comment everything except Production if that is all you want.<br>
 +
Under '''Production'''
 +
*Edit the encryption Key to a minimum of 20 characters.  This can be random.
 +
 
 +
:In my instance, I only changed the encryption key by pressing alot of buttons
 +
<nowiki>production:
 +
# replace this with a random string of at least 20 characters
 +
encryption_key: hu9ehd92hdh2798ehdrd2hd37824  ---(no this is not really my encryption key)</nowiki>
 +
 
 +
==Database Population==
 +
~/var/canvas$ RAILS_ENV=production bundle exec rake db:initial_setup
 +
You will be asked the following questions:
 +
<nowiki>What email address will the site administrator account use? >
 +
Please confirm >
 +
What password will the site administrator use? >
 +
Please confirm >
 +
What do you want users to see as the account name? This should probably be the name of your organization. ></nowiki>
 +
 
 +
<nowiki>To help our developers better serve you, Instructure would like to collect some usage data about your Canvas installation. You can 
 +
change this setting at any time.:
 +
1. Opt in
 +
2. Only send anonymized data
 +
3. Opt out completely </nowiki>
 +
>
 +
 
 +
==Canvas Ownership==
 +
I found this to be a required step so that pages would load properly.  I could not use www-data.
 +
<nowiki>~/var/canvas$ sudo adduser --disabled-password --gecos canvas canvasuser</nowiki>
 +
 
 +
==File Generation==
 +
<nowiki>~/var/canvas$ mkdir -p log tmp/pids public/assets public/stylesheets/compiled
 +
~/var/canvas$ touch Gemfile.lock
 +
~/var/canvas$ npm install
 +
~/var/canvas$ RAILS_ENV=production bundle exec rake canvas:compile_assets</nowiki>
 +
 
 +
====Troubleshooting====
 +
If the <code>npm install</code> command hangs (just shows |/-\| over and over), stop it and clear out the cache:
 +
<nowiki>~/var/canvas/$ cd ./gems/canvas_i18nliner/
 +
~/var/canvas/gems/canvas_i18nliner$ rm -r ./node_modules/
 +
~/var/canvas/gems/canvas_i18nliner$ npm cache clean</nowiki>
 +
This should clear it up for you and allow you to complete the <code>npm install</code> quickly.
 +
 
 +
==Private Canvas files Ownership==
 +
<!-- I did this with www-data as this user exists by default with Apache installtions on Ubuntu.<br>
 +
Verify www-data exists:
 +
<nowiki>~/var/canvas$ awk -F':' '{ print$1}' /etc/passwd
 +
...
 +
www-data
 +
...</nowiki>
 +
 
 +
Limit read access  -  skipped on 3rd install attempt
 +
<nowiki> ~/var/canvas$ sudo chown -R www-data ./config/environment.rb log tmp ./public/assets ./public/stylesheets/compiled Gemfile.lock config.ru
 +
~/var/canvas$ sudo chown www-data ./config/*.yml
 +
~/var/canvas$ sudo chmod 400 ./config/*.yml</nowiki> -->
 +
 
 +
Limit read access
 +
<nowiki>~/var/canvas$ sudo chown canvasuser ./config/*.yml
 +
~/var/canvas$ sudo chown canvasuser ./config/environment.rb
 +
~/var/canvas$ sudo chmod 400 ./config/*.yml
 +
~/var/canvas$ sudo chown -R canvasuser ./log/ ./tmp/ ./public/javascripts/ ./public/assets/ ./public/stylesheets/compiled/ ./Gemfile.lock ./config.ru
 +
</nowiki>
 +
 
 +
==Apache2 install/config==
 +
Unfortunately we need to add a repo before we can install passenger-common1.9.1 as it is not found in the normal 14.04 repo:
 +
<nowiki>E: Unable to locate package passenger-common1.9.1
 +
E: Couldn't find any package by regex 'passenger-common1.9.1'</nowiki>
 +
Add the new repo
 +
<nowiki>~$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
 +
~$ sudo apt-get install -y apt-transport-https ca-certificates
 +
~$ sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main > /etc/apt/sources.list.d/passenger.list'
 +
~$ sudo apt-get update</nowiki>
 +
Now you should be able to install the required dependencies.  <code>passenger</code> replaces <code>passenger-common1.9.1</code>
 +
<nowiki>~$ sudo apt-get install -y passenger libapache2-mod-passenger apache2</nowiki>
 +
Begin Apache config
 +
<nowiki>~$ sudo a2enmod rewrite
 +
~$ sudo service apache2 restart</nowiki>
 +
====Troubleshooting====
 +
If you get the error:<br>
 +
<code>AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message</code><br>
 +
Do the following and it should resolve the warning:
 +
<nowiki>~/var/canvas$ echo "ServerName localhost" | sudo tee /etc/apache2/conf-available/fqdn.conf
 +
~/var/canvas$ sudo a2enconf fqdn
 +
~/var/canvas$ sudo service apache2 reload
 +
* Reloading web server apache2
 +
* </nowiki>
 +
 
 +
==Configure Passenger==
 +
<nowiki>~$ sudo a2enmod passenger</nowiki>
 +
 
 +
==Configure SSL with Apache==
 +
<nowiki>~/var/canvas$ sudo a2enmod ssl
 +
~/var/canvas$ sudo service apache2 restart</nowiki>
 +
 
 +
=====Generate a CSR for SSL provider=====
 +
The following will generate a SSL Key w/o a passphrase.  Keep in mind that if the key is compromised the SSL traffic is compromised.
 +
openssl genrsa -out server.key 2048
 +
If you've already generated a key with a passphrase and want to remove it, run the following
 +
openssl rsa -in server.key -out server.key.insecure
 +
Now that you have the key you can generate the CSR.
 +
openssl req -new -key server.key -out server.csr
 +
Submit the CSR to your SSL provider and specify what type of system the website is hosted on (ie. apache2 on Linux).  They will generally then provide you with the following:
 +
*Root Certificate
 +
*Chain Certificate
 +
*SSL Certificate
 +
I personally check my existing certificates located under <code>/etc/ssl/certs</code> to make sure that neither the Root Certificate or Chain Certificate is already there. If not, then create a new file for each and paste the Root and Chain into each, respectively.<br>
 +
For the SSL certificate, I recommend that you create a sub folder either under <code>/etc/ssl/certs/</code> or <code>/etc/ssl/private/</code> and organize the cert, csr, and key under such.  Make sure your permissions are set correctly, you do not want just anyone being able to view these files.
 +
 
 +
==Configure Canvas with Apache2==
 +
You should be using Apache 2.4+, make sure you are:
 +
<nowiki>~$ apache2 -v
 +
Server version: Apache/2.4.7 (Ubuntu)
 +
Server built:  Jul 24 2015 17:25:11</nowiki>
 +
Disable default site
 +
<nowiki>~$ sudo a2dissite 000-default.conf
 +
~$ sudo service apache2 reload</nowiki>
 +
Create the canvas apache config file
 +
<nowiki>~/var/canvas$ sudo vi /etc/apache2/sites-available/canvas.conf</nowiki>
 +
Paste the following into the new file:
 +
<nowiki><VirtualHost *:80>
 +
  ServerName canvas.example.com
 +
  ServerAlias files.canvas.example.com
 +
  ServerAdmin [email protected]
 +
  DocumentRoot /var/canvas/public
 +
  RewriteEngine On
 +
  RewriteCond %{HTTP:X-Forwarded-Proto} !=https
 +
  RewriteCond %{REQUEST_URI} !^/health_check
 +
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L] 
 +
  ErrorLog /var/log/apache2/canvas_errors.log
 +
  LogLevel warn
 +
  CustomLog /var/log/apache2/canvas_access.log combined
 +
  SetEnv RAILS_ENV production
 +
  <Directory /var/canvas/public>
 +
    Allow from all
 +
    Options -MultiViews
 +
  </Directory>
 +
</VirtualHost>
 +
<VirtualHost *:443>
 +
  ServerName canvas.example.com
 +
  ServerAlias files.canvas.example.com
 +
  ServerAdmin [email protected]
 +
  DocumentRoot /var/canvas/public
 +
  ErrorLog /var/log/apache2/canvas_errors.log
 +
  LogLevel warn
 +
  CustomLog /var/log/apache2/canvas_ssl_access.log combined
 +
  SSLEngine on
 +
  BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
 +
  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 +
  # the following ssl certificate files are generated for you from the ssl-cert package.
 +
  SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
 +
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
 +
  SetEnv RAILS_ENV production
 +
  XSendFile On
 +
  XSendFilePath /var/canvas
 +
  PassengerDefaultUser canvasuser
 +
  # PassengerFriendlyErrorPages on
 +
  <Directory /var/canvas/public>
 +
    Options All
 +
    AllowOverride All
 +
    Require all granted
 +
  </Directory>
 +
</VirtualHost></nowiki>
 +
 
 +
Modify the following values in the new canvas config file:
 +
<nowiki><VirtualHost *:80>
 +
  ServerName [value]  -- changed from default
 +
  ServerAlias [value]  -- changed from default
 +
  ServerAdmin [value]  -- changed from default
 +
  DocumentRoot [value] -- default
 +
  ...
 +
  SetEnv [value]      -- default
 +
  <Directory [value]>  -- default
 +
  ...
 +
</VirtualHost>
 +
<VirtualHost *:443>
 +
  ServerName [value]  -- changed from default
 +
  ServerAlias [value]  -- changed from default
 +
  ServerAdmon [value]  -- changed from default
 +
  DocumentRoot [value] -- default
 +
  ...
 +
  SSLCertificateFile [value]    -- changed from default
 +
  SSLCertificateKeyFile [value] -- changed from default
 +
  SetEnv [value]      -- default
 +
  <Directory [value]>  -- default
 +
  ...
 +
</VirtualHost></nowiki>
 +
Enable the new site
 +
<nowiki>~/var/canvas$ sudo a2ensite canvas.conf
 +
~$ sudo service apache2 restart</nowiki>
 +
 
 +
<br>
 +
'''Note:''' Don't forget to publish A records for both canvas.example.com & files.canvas.example.com
 +
<br>
 +
 
 +
==Optimize File Downloads==
 +
Pertains to locally stored data
 +
<nowiki>~$ sudo apt-get update && sudo apt-get install -y libapache2-mod-xsendfile
 +
~$ sudo a2enmod xsendfile
 +
~$ sudo service apache2 restart</nowiki>
 +
create new config file to avoid future merge conflicts
 +
<nowiki>~/var/canvas$ cp ./config/environments/production.rb ./config/environments/production-local.rb</nowiki>
 +
Edit ./config/environments/production-local.rb and uncomment
 +
<nowiki>~/var/canvas$ vi ./config/environments/production-local.rb
 +
config.action_dispatch.x_sendfile_header = 'X-Sendfile'</nowiki>
 +
Add the following directives to your apache virtual host config (ie. /etc/apache2/sites-available/canvas)
 +
<nowiki>~$ sudo vi /etc/apache2/sites-available/canvas.conf
 +
XSendFile On
 +
XSendFilePath /var/canvas</nowiki>
 +
I added mine here:
 +
<nowiki>SetEnv RAILS_ENV production
 +
XSendFile On
 +
XSendFilePath /var/canvas
 +
<Directory /var/canvas/public></nowiki>
 +
restart apache2
 +
<nowiki>sudo service apache2 restart</nowiki>
 +
 
 +
==Redis Server install==
 +
<nowiki>~/var/canvas$ sudo apt-add-repository ppa:chris-lea/redis-server
 +
~/var/canvas$ sudo apt-get update
 +
~/var/canvas$ sudo apt-get -y install redis-server</nowiki>
 +
verify that the redis version installed is 2.6x or above
 +
<nowiki>~/var/canvas$ redis-cli info | grep redis_version
 +
OR
 +
redis-server --version</nowiki>
 +
The above should return a response like such:
 +
<nowiki>redis_version: 2.8.4
 +
OR
 +
Redis server v=3.0.3 sha=00000000:0 malloc=jemalloc-3.6.0 bits=64 build=4284de9902883ae9</nowiki>
 +
 
 +
==Redis Server config==
 +
<nowiki>~/var/canvas$ sudo cp ./config/cache_store.yml.example ./config/cache_store.yml
 +
~/var/canvas$ sudo vi ./config/cache_store.yml</nowiki>
 +
Uncomment the <code>cache_store: redis_store</code> or add the following if there is no production section:
 +
<nowiki>production:
 +
  cache_store: redis_store</nowiki>
 +
 
 +
<nowiki>~/var/canvas$ sudo cp ./config/redis.yml.example ./config/redis.yml
 +
~/var/canvas$ sudo vi ./config/redis.yml</nowiki>
 +
Uncomment the section below and add <code>localhost</code>
 +
<nowiki>production:
 +
  servers:
 +
  # list of redis servers to use in the ring
 +
  - redis://localhost
 +
#  - redis://redis01</nowiki>
 +
 
 +
==Secure Redis configs==
 +
<nowiki>~/var/canvas$ sudo chown canvasuser ./config/cache_store.yml
 +
~/var/canvas$ sudo chmod 400 ./config/cache_store.yml
 +
~/var/canvas$ sudo chown canvasuser ./config/redis.yml
 +
~/var/canvas$ sudo chmod 400 ./config/redis.yml </nowiki>
 +
 
 +
==Automated jobs installation==
 +
<nowiki>~/var/canvas$ sudo ln -s /var/canvas/script/canvas_init /etc/init.d/canvas_init
 +
~/var/canvas$ sudo update-rc.d canvas_init defaults
 +
~/var/canvas$ sudo /etc/init.d/canvas_init start</nowiki>
 +
 
 +
==Finish==
 +
<nowiki>~$ sudo service apache2 restart</nowiki>
 +
<br>
 +
<br>
 +
<br>
 +
<br>
 +
 
 +
=Troubleshooting=
 +
==syntax error on line 13, col 0: `test:'==
 +
Found this was because I had an extra line in my redis.yml file that was uncommented. This came directly from the Amazon examples.
 +
<nowiki>~/var/canvas$ sudo vi ./config/redis.yml
 +
Comment:
 +
database: 1</nowiki>
 +
 
 +
==Permission denied @ unlink_internal - public/javascripts/client_apps/canvas_quizzes.js (Errno::EACCES)==
 +
<nowiki>~/var/canvas$ sudo chown -R www-data ./public/javascripts/</nowiki>
 +
 
 +
==Login with local account after LDAP setup==
 +
Use URL:
 +
<nowiki>https://<hostname>/login/canvas</nowiki>
 +
 
 +
==Jobs are not running==
 +
'''error:''' <code>/var/canvas/vendor/bundle/ruby/2.1.0/gems/canvas-jobs-0.9.13/lib/delayed/settings.rb:34:in `read': Permission denied @ rb_sysopen - /var/canvas/config/delayed_jobs.yml (Errno::EACCES)</code><br>
 +
: This is generally due to permissions not being set correctly on the config files and environment.rb file.  Passenger will choose the user to run the application based on the ownership settings of ./config/environment.rb.<br>
 +
First Try:
 +
<nowiki>~/var/canvas/$ sudo chown canvasuser ./config/environment.rb</nowiki>
 +
Also make sure the following is in place as well:
 +
<nowiki>~/var/canvas$ sudo chown canvasuser ./config/*.yml
 +
~/var/canvas$ sudo chown canvasuser ./config/cache_store.yml
 +
~/var/canvas$ sudo chown canvasuser ./config/redis.yml </nowiki>
 +
 
 +
==Passenger not running as correct user==
 +
'''1)''' make sure that you have the following in your apache config:
 +
:<code>PassengerDefaultUser canvasuser</code>
 +
'''2)''' make sure that you have made <code>canvasuser</code> owner of /var/canvas/config.ru
 +
<nowiki>~/var/canvas$ sudo chown canvasuser ./config.ru</nowiki>
 +
 
 +
==We're sorry, but something went wrong.==
 +
When trying to go to the site, generally for the first time, if you encounter this error you can add a line to your apache config in order to get more error data to troubleshoot the (generally) passenger error.
 +
<nowiki>~$ sudo vi /etc/apache2/sites-available/canvas.conf</nowiki>
 +
Add the following in your virtual host config.  I've already included it in my virtual site conf example, but its commented out so simply uncomment it.
 +
<nowiki>PassengerFriendlyErrorPages on</nowiki>
 +
Restart and take a look at the error details
 +
<nowiki>~$ sudo service apache2 restart</nowiki>
 +
 
 +
==Permission denied @ rb_sysopen - /var/canvas/config/cache_store.yml (Errno::EACCES)==
 +
Assuming that you've turned on friendly error pages for passenger, look to see if passenger is running as the correct user:
 +
<nowiki>HOME = /home/helpdesk
 +
LOGNAME = helpdesk</nowiki>
 +
If it does not say the canvas user you decided to use (generally www-data or canvasuser), like the above does not, then passenger will not run properly.<br>
 +
This can generally be due to a couple of things:
 +
#You do not have the right file/folder ownership in place
 +
#You do not have PassengerDefaultUser configured in apache
 +
Go back over and make sure that <code>/var/canvas/config.ru</code> has ownership to the passenger user (in my case it was canvasuser)<br>
 +
Go back over and make sure that your Apache2 config contains <code>PassengerDefaultUser canvasuser</code> (in my case it was canvasuser)

Latest revision as of 08:22, 18 January 2016

Installation Ubuntu 12.04 | Installation Ubuntu 14.04
Canvas - Learning Management Solution. Used by universities and schools.

Contents

[edit] Ubuntu 14.04

[edit] Requirements

In the simplest configuration, everything will be running off a single server.

Recommended Hardware specifications
Dual Core+ 3.0ghz+ or Dual processors
4GB+ RAM
60GB HDD
64-bit capable system

[edit] Software Requirements

Minimum, Ubuntu 14.04 LTS+ server edition. Desktop will require more hardware than listed above.

[edit] Recommendations

I would recommend creating a user for installation of the Canvas rather than a unique personal or administrative account. This is because certain files cannot be edited with sudo or it will break canvas.

[edit] Installing PostgreSQL

Postgres (Database)

~$ sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get -y autoremove
~$ sudo apt-get update && sudo apt-get install -y postgresql-9.3

[edit] Configure PostgreSQL

~$ sudo -u postgres createuser canvas -D -S -R -P
~$ sudo -u postgres createdb canvas_production --owner=canvas
~$ sudo -u postgres createdb canvas_queue_production --owner=canvas

[edit] Verify Database Access

Its a good idea to make sure the new user can access the databases you just created.

~$ psql -h localhost -U canvas canvas_production
Password for user canvas: 
psql (9.3.9)
SSL connection (cipher: DHE-RSA-AES256-GCM-SHA384, bits: 256)
Type "help" for help.

canvas_production=> \q

~$ psql -h localhost -U canvas canvas_queue_production
Password for user canvas: 
psql (9.3.9)
SSL connection (cipher: DHE-RSA-AES256-GCM-SHA384, bits: 256)
Type "help" for help.

canvas_queue_production=> \q

[edit] Getting the Code & Installation

~$ sudo apt-get -y install git-core
~$ cd $HOME
~/home/$USER$ git clone https://github.com/instructure/canvas-lms.git canvas
~/home/$USER$ cd canvas
~/home/$USER/canvas$ git branch --set-upstream-to origin/stable
~/home/$USER/canvas$ sudo mkdir -p /var/canvas
~/home/$USER/canvas$ sudo chown -R $USER /var/canvas
~/home/$USER/canvas$ cp -rav /home/$USER/canvas/. /var/canvas

[edit] Dependency Installation -Ruby 2.1.6

You're going to have to add a repository because the version available through Ubuntu's US or Main repos is not up to date (at the time of this writing)

~/var/canvas$ sudo apt-get install -y software-properties-common
~/var/canvas$ sudo apt-add-repository ppa:brightbox/ruby-ng
~/var/canvas$ sudo apt-get update
~/var/canvas$ sudo apt-get install -y ruby2.1 ruby2.1-dev zlib1g-dev libxml2-dev 
~/var/canvas$ sudo apt-get install -y libsqlite3-dev postgresql libpq-dev 
~/var/canvas$ sudo apt-get install -y libxmlsec1-dev curl make g++

Its a good idea to verify you have Ruby 2.1 or higher after installation

~/var/canvas$ ruby -v
ruby 2.1.6p336 (2015-04-13 revision 50298) [x86_64-linux-gnu]

[edit] Dependency Installation -Node.js

~/var/canvas$ curl -sL https://deb.nodesource.com/setup_0.12 | sudo bash -
~/var/canvas$ sudo apt-get install -y nodejs

[edit] Set systemuser as postgres superuser

~/var/canvas$ sudo -u postgres createuser $USER
~/var/canvas$ sudo -u postgres psql -c "alter user $USER with superuser" postgres

[edit] Ruby Gems -Bundler and Canvas dependencies

If you are behind a firewall, you're going to need to open up the following routes to complete this sections' installation instructions:

192.30.252.128:9418
192.30.252.129:9418
192.30.252.130:9418
192.30.252.131:9418
~/var/canvas$ sudo gem install bundler --version 1.7.11

Install bundle. You CANNOT install this as Root, if you do, it will break the application. If you are getting a permissions error, then you did not copy the files to /var/canvas properly as instructed earlier.

~/var/canvas$ bundle install --path vendor/bundle --without=sqlite mysql

[edit] Download default config files from Amazon instance

~/var/canvas$ for config in amazon_s3 database \
  delayed_jobs domain file_store outgoing_mail security external_migration
do cp config/$config.yml.example config/$config.yml; done

[edit] Default Configuration

[edit] database.yml

~/var/canvas$ cp ./config/database.yml.example ./config/database.yml
~/var/canvas$ vi ./config/database.yml

Comment everything except Production if that is all you want.
Under Production

  • edit the database name (if different from default)default=canvas_production & canvas_queue_production
  • host (if different from default) default=localhost
  • username for database user (if different from default) default=canvas
  • password for database user
In my instance, nothing was changed except the password.
production:
 adapter: postgresql
 encoding: utf8
 database: canvas_production
 host: localhost
 username: canvas
 password: password
 timeout: 5000
 queue:
   adapter: postgresql
   encoding: utf8
   database: canvas_queue_production
   host: localhost
   username: canvas
   password: password
   timeout: 5000

[edit] outgoing_mail.yml

~/var/canvas$ cp ./config/outgoing_mail.yml.example ./config/outgoing_mail.yml
~/var/canvas$ vi ./config/outgoing_mail.yml

Comment everything except Production if that is all you want.
Under Production

  • Edit the address, this should be your email relay or SMTP server
  • Edit the port (if different from default) default=25
  • Edit the username for your relay/smtp
  • Edit the password for your relay/smtp
  • Edit the domain (if different from default) default=example.com
  • Edit the outgoing address (if different from default) [email protected]
In my instance, I only changed the address, username, password, domain, and outgoing_address
production:
 address: "smtp.example.com"
 port: "25"
 user_name: "user"
 password: "password"
 authentication: "plain" # plain, login, or cram_md5
 domain: "example.com"
 outgoing_address: "[email protected]"
 default_name: "Instructure Canvas"

[edit] domain.yml

~/var/canvas$ cp ./config/domain.yml.example ./config/domain.yml
~/var/canvas$ vi ./config/domain.yml

Comment everything except Production if that is all you want.
Under Production

  • Edit the domain
  • Uncomment the files domain and add your domain
In my instance, I only changed the domain and uncommented the files domain
production:
 domain: "canvas.example.com"
 # whether this instance of canvas is served over ssl (https) or not
 # defaults to true for production, false for test/development
 ssl: true
 files_domain: "canvasfiles.example.com"

[edit] security.yml

~/var/canvas$ cp ./config/security.yml.example ./config/security.yml
~/var/canvas$ vi ./config/security.yml

Comment everything except Production if that is all you want.
Under Production

  • Edit the encryption Key to a minimum of 20 characters. This can be random.
In my instance, I only changed the encryption key by pressing alot of buttons
production:
 # replace this with a random string of at least 20 characters
 encryption_key: hu9ehd92hdh2798ehdrd2hd37824   ---(no this is not really my encryption key)

[edit] Database Population

~/var/canvas$ RAILS_ENV=production bundle exec rake db:initial_setup

You will be asked the following questions:

What email address will the site administrator account use? > 
Please confirm > 
What password will the site administrator use? >
Please confirm >
What do you want users to see as the account name? This should probably be the name of your organization. >
To help our developers better serve you, Instructure would like to collect some usage data about your Canvas installation. You can  
change this setting at any time.:
1. Opt in
2. Only send anonymized data
3. Opt out completely 
>

[edit] Canvas Ownership

I found this to be a required step so that pages would load properly. I could not use www-data.

~/var/canvas$ sudo adduser --disabled-password --gecos canvas canvasuser

[edit] File Generation

~/var/canvas$ mkdir -p log tmp/pids public/assets public/stylesheets/compiled
~/var/canvas$ touch Gemfile.lock
~/var/canvas$ npm install
~/var/canvas$ RAILS_ENV=production bundle exec rake canvas:compile_assets

[edit] Troubleshooting

If the npm install command hangs (just shows |/-\| over and over), stop it and clear out the cache:

~/var/canvas/$ cd ./gems/canvas_i18nliner/
~/var/canvas/gems/canvas_i18nliner$ rm -r ./node_modules/
~/var/canvas/gems/canvas_i18nliner$ npm cache clean

This should clear it up for you and allow you to complete the npm install quickly.

[edit] Private Canvas files Ownership

Limit read access

~/var/canvas$ sudo chown canvasuser ./config/*.yml
~/var/canvas$ sudo chown canvasuser ./config/environment.rb
~/var/canvas$ sudo chmod 400 ./config/*.yml
~/var/canvas$ sudo chown -R canvasuser ./log/ ./tmp/ ./public/javascripts/ ./public/assets/ ./public/stylesheets/compiled/ ./Gemfile.lock ./config.ru

[edit] Apache2 install/config

Unfortunately we need to add a repo before we can install passenger-common1.9.1 as it is not found in the normal 14.04 repo:

E: Unable to locate package passenger-common1.9.1
E: Couldn't find any package by regex 'passenger-common1.9.1'

Add the new repo

~$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
~$ sudo apt-get install -y apt-transport-https ca-certificates
~$ sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main > /etc/apt/sources.list.d/passenger.list'
~$ sudo apt-get update

Now you should be able to install the required dependencies. passenger replaces passenger-common1.9.1

~$ sudo apt-get install -y passenger libapache2-mod-passenger apache2

Begin Apache config

~$ sudo a2enmod rewrite
~$ sudo service apache2 restart

[edit] Troubleshooting

If you get the error:
AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Do the following and it should resolve the warning:

~/var/canvas$ echo "ServerName localhost" | sudo tee /etc/apache2/conf-available/fqdn.conf
~/var/canvas$ sudo a2enconf fqdn
~/var/canvas$ sudo service apache2 reload
 * Reloading web server apache2
 * 

[edit] Configure Passenger

~$ sudo a2enmod passenger

[edit] Configure SSL with Apache

~/var/canvas$ sudo a2enmod ssl
~/var/canvas$ sudo service apache2 restart
[edit] Generate a CSR for SSL provider

The following will generate a SSL Key w/o a passphrase. Keep in mind that if the key is compromised the SSL traffic is compromised.

openssl genrsa -out server.key 2048

If you've already generated a key with a passphrase and want to remove it, run the following

openssl rsa -in server.key -out server.key.insecure

Now that you have the key you can generate the CSR.

openssl req -new -key server.key -out server.csr

Submit the CSR to your SSL provider and specify what type of system the website is hosted on (ie. apache2 on Linux). They will generally then provide you with the following:

  • Root Certificate
  • Chain Certificate
  • SSL Certificate

I personally check my existing certificates located under /etc/ssl/certs to make sure that neither the Root Certificate or Chain Certificate is already there. If not, then create a new file for each and paste the Root and Chain into each, respectively.
For the SSL certificate, I recommend that you create a sub folder either under /etc/ssl/certs/ or /etc/ssl/private/ and organize the cert, csr, and key under such. Make sure your permissions are set correctly, you do not want just anyone being able to view these files.

[edit] Configure Canvas with Apache2

You should be using Apache 2.4+, make sure you are:

~$ apache2 -v
Server version: Apache/2.4.7 (Ubuntu)
Server built:   Jul 24 2015 17:25:11

Disable default site

~$ sudo a2dissite 000-default.conf
~$ sudo service apache2 reload

Create the canvas apache config file

~/var/canvas$ sudo vi /etc/apache2/sites-available/canvas.conf

Paste the following into the new file:

<VirtualHost *:80>
  ServerName canvas.example.com
  ServerAlias files.canvas.example.com
  ServerAdmin [email protected]
  DocumentRoot /var/canvas/public
  RewriteEngine On
  RewriteCond %{HTTP:X-Forwarded-Proto} !=https
  RewriteCond %{REQUEST_URI} !^/health_check
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]  
  ErrorLog /var/log/apache2/canvas_errors.log
  LogLevel warn
  CustomLog /var/log/apache2/canvas_access.log combined
  SetEnv RAILS_ENV production
  <Directory /var/canvas/public>
    Allow from all
    Options -MultiViews
  </Directory>
</VirtualHost>
<VirtualHost *:443>
  ServerName canvas.example.com
  ServerAlias files.canvas.example.com
  ServerAdmin [email protected]
  DocumentRoot /var/canvas/public
  ErrorLog /var/log/apache2/canvas_errors.log
  LogLevel warn
  CustomLog /var/log/apache2/canvas_ssl_access.log combined
  SSLEngine on
  BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
  # the following ssl certificate files are generated for you from the ssl-cert package.
  SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
  SetEnv RAILS_ENV production
  XSendFile On
  XSendFilePath /var/canvas
  PassengerDefaultUser canvasuser
  # PassengerFriendlyErrorPages on
  <Directory /var/canvas/public>
    Options All
    AllowOverride All
    Require all granted
  </Directory>
</VirtualHost>

Modify the following values in the new canvas config file:

<VirtualHost *:80>
  ServerName [value]   -- changed from default
  ServerAlias [value]  -- changed from default
  ServerAdmin [value]  -- changed from default
  DocumentRoot [value] -- default
  ...
  SetEnv [value]       -- default
  <Directory [value]>  -- default
  ...
</VirtualHost>
<VirtualHost *:443>
  ServerName [value]   -- changed from default
  ServerAlias [value]  -- changed from default
  ServerAdmon [value]  -- changed from default
  DocumentRoot [value] -- default
  ...
  SSLCertificateFile [value]    -- changed from default
  SSLCertificateKeyFile [value] -- changed from default
  SetEnv [value]       -- default
  <Directory [value]>  -- default
  ...
</VirtualHost>

Enable the new site

~/var/canvas$ sudo a2ensite canvas.conf
~$ sudo service apache2 restart


Note: Don't forget to publish A records for both canvas.example.com & files.canvas.example.com

[edit] Optimize File Downloads

Pertains to locally stored data

~$ sudo apt-get update && sudo apt-get install -y libapache2-mod-xsendfile
~$ sudo a2enmod xsendfile
~$ sudo service apache2 restart

create new config file to avoid future merge conflicts

~/var/canvas$ cp ./config/environments/production.rb ./config/environments/production-local.rb

Edit ./config/environments/production-local.rb and uncomment

~/var/canvas$ vi ./config/environments/production-local.rb
config.action_dispatch.x_sendfile_header = 'X-Sendfile'

Add the following directives to your apache virtual host config (ie. /etc/apache2/sites-available/canvas)

~$ sudo vi /etc/apache2/sites-available/canvas.conf
XSendFile On
XSendFilePath /var/canvas

I added mine here:

SetEnv RAILS_ENV production
XSendFile On
XSendFilePath /var/canvas
<Directory /var/canvas/public>

restart apache2

sudo service apache2 restart

[edit] Redis Server install

~/var/canvas$ sudo apt-add-repository ppa:chris-lea/redis-server
~/var/canvas$ sudo apt-get update
~/var/canvas$ sudo apt-get -y install redis-server

verify that the redis version installed is 2.6x or above

~/var/canvas$ redis-cli info | grep redis_version
OR
redis-server --version

The above should return a response like such:

redis_version: 2.8.4
OR
Redis server v=3.0.3 sha=00000000:0 malloc=jemalloc-3.6.0 bits=64 build=4284de9902883ae9

[edit] Redis Server config

~/var/canvas$ sudo cp ./config/cache_store.yml.example ./config/cache_store.yml
~/var/canvas$ sudo vi ./config/cache_store.yml

Uncomment the cache_store: redis_store or add the following if there is no production section:

production:
  cache_store: redis_store
~/var/canvas$ sudo cp ./config/redis.yml.example ./config/redis.yml
~/var/canvas$ sudo vi ./config/redis.yml

Uncomment the section below and add localhost

production:
  servers:
   # list of redis servers to use in the ring
  - redis://localhost
#  - redis://redis01

[edit] Secure Redis configs

~/var/canvas$ sudo chown canvasuser ./config/cache_store.yml
~/var/canvas$ sudo chmod 400 ./config/cache_store.yml
~/var/canvas$ sudo chown canvasuser ./config/redis.yml
~/var/canvas$ sudo chmod 400 ./config/redis.yml 

[edit] Automated jobs installation

~/var/canvas$ sudo ln -s /var/canvas/script/canvas_init /etc/init.d/canvas_init
~/var/canvas$ sudo update-rc.d canvas_init defaults
~/var/canvas$ sudo /etc/init.d/canvas_init start

[edit] Finish

~$ sudo service apache2 restart





[edit] Troubleshooting

[edit] syntax error on line 13, col 0: `test:'

Found this was because I had an extra line in my redis.yml file that was uncommented. This came directly from the Amazon examples.

~/var/canvas$ sudo vi ./config/redis.yml
 Comment:
 database: 1

[edit] Permission denied @ unlink_internal - public/javascripts/client_apps/canvas_quizzes.js (Errno::EACCES)

~/var/canvas$ sudo chown -R www-data ./public/javascripts/

[edit] Login with local account after LDAP setup

Use URL:

https://<hostname>/login/canvas

[edit] Jobs are not running

error: /var/canvas/vendor/bundle/ruby/2.1.0/gems/canvas-jobs-0.9.13/lib/delayed/settings.rb:34:in `read': Permission denied @ rb_sysopen - /var/canvas/config/delayed_jobs.yml (Errno::EACCES)

This is generally due to permissions not being set correctly on the config files and environment.rb file. Passenger will choose the user to run the application based on the ownership settings of ./config/environment.rb.

First Try:

~/var/canvas/$ sudo chown canvasuser ./config/environment.rb

Also make sure the following is in place as well:

~/var/canvas$ sudo chown canvasuser ./config/*.yml
~/var/canvas$ sudo chown canvasuser ./config/cache_store.yml
~/var/canvas$ sudo chown canvasuser ./config/redis.yml 

[edit] Passenger not running as correct user

1) make sure that you have the following in your apache config:

PassengerDefaultUser canvasuser

2) make sure that you have made canvasuser owner of /var/canvas/config.ru

~/var/canvas$ sudo chown canvasuser ./config.ru

[edit] We're sorry, but something went wrong.

When trying to go to the site, generally for the first time, if you encounter this error you can add a line to your apache config in order to get more error data to troubleshoot the (generally) passenger error.

~$ sudo vi /etc/apache2/sites-available/canvas.conf

Add the following in your virtual host config. I've already included it in my virtual site conf example, but its commented out so simply uncomment it.

PassengerFriendlyErrorPages on

Restart and take a look at the error details

~$ sudo service apache2 restart

[edit] Permission denied @ rb_sysopen - /var/canvas/config/cache_store.yml (Errno::EACCES)

Assuming that you've turned on friendly error pages for passenger, look to see if passenger is running as the correct user:

HOME = /home/helpdesk
LOGNAME = helpdesk

If it does not say the canvas user you decided to use (generally www-data or canvasuser), like the above does not, then passenger will not run properly.
This can generally be due to a couple of things:

  1. You do not have the right file/folder ownership in place
  2. You do not have PassengerDefaultUser configured in apache

Go back over and make sure that /var/canvas/config.ru has ownership to the passenger user (in my case it was canvasuser)
Go back over and make sure that your Apache2 config contains PassengerDefaultUser canvasuser (in my case it was canvasuser)

Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki
Confluence
DevOps Tools
Open Source Products
Ubuntu
Ubuntu 22
Mac OSX
Oracle Linux
AWS
Windows
OpenVPN
Grafana
InfluxDB2
TrueNas
MagicMirror
OwnCloud
Pivotal
osTicket
OTRS
phpBB
WordPress
VmWare ESXI 5.1
Crypto currencies
HTML
CSS
Python
Java Script
PHP
Raspberry Pi
Canvas LMS
Kaltura Media Server
Plex Media Server
MetaSploit
Zoneminder
ShinobiCE
Photoshop CS2
Fortinet
Uploaded
Certifications
General Info
Games
Meal Plans
NC Statutes
Politics
Volkswagen
Covid
NCDMV
Toolbox