Canvas LMS/Installation
(→Final step: Restart Apache2) |
|||
(28 intermediate revisions by one user not shown) | |||
Line 1: | Line 1: | ||
+ | [[Canvas_LMS/Installation|Installation Ubuntu 12.04]] | [[Canvas_LMS/Installation/Ubuntu14_04|Installation Ubuntu 14.04]] | ||
+ | <br> | ||
Canvas - Learning Management Solution. Used by universities and schools. | Canvas - Learning Management Solution. Used by universities and schools. | ||
+ | =Ubuntu 12.04= | ||
==Requirements== | ==Requirements== | ||
In the simplest configuration, everything will be running off a single server. | In the simplest configuration, everything will be running off a single server. | ||
Line 9: | Line 12: | ||
:64-bit capable system | :64-bit capable system | ||
− | ==Software | + | ==Software Requirements== |
− | + | Minimum, Ubuntu 10.04 LTS+ server edition. Desktop will require more hardware than listed above.<br> | |
Preferably Ubuntu 12.04 LTS<br> | Preferably Ubuntu 12.04 LTS<br> | ||
If you are having trouble loading 12.04 LTS, try upgrading from 10.04. Instructions [[Ubuntu/Quick_Reference|here]] | If you are having trouble loading 12.04 LTS, try upgrading from 10.04. Instructions [[Ubuntu/Quick_Reference|here]] | ||
Line 37: | Line 40: | ||
~/var/canvas$ sudo apt-add-repository ppa:brightbox/ruby-ng | ~/var/canvas$ sudo apt-add-repository ppa:brightbox/ruby-ng | ||
~/var/canvas$ sudo apt-get update | ~/var/canvas$ sudo apt-get update | ||
− | ~/var/canvas$ sudo apt-get -y install ruby1.9.3 zlib1g-dev libxml2-dev libmysqlclient-dev libxslt1-dev imagemagick libpq-dev nodejs libxmlsec1-dev libcurl4-gnutls-dev libxmlsec1 build-essential openjdk-7-jre | + | ~/var/canvas$ sudo apt-get -y install ruby1.9.3 zlib1g-dev libxml2-dev libmysqlclient-dev libxslt1-dev imagemagick libpq-dev nodejs libxmlsec1-dev libcurl4-gnutls-dev libxmlsec1 build-essential openjdk-7-jre unzip |
==Download Ruby Gems== | ==Download Ruby Gems== | ||
Line 56: | Line 59: | ||
==Configuration== | ==Configuration== | ||
====database.yml==== | ====database.yml==== | ||
− | ~/var/canvas$ cp config/database.yml.example /config/database.yml | + | ~/var/canvas$ cp ./config/database.yml.example ./config/database.yml |
~/var/canvas$ vi config/database.yml | ~/var/canvas$ vi config/database.yml | ||
Under '''Production''' | Under '''Production''' | ||
Line 82: | Line 85: | ||
====outgoing_mail.yml==== | ====outgoing_mail.yml==== | ||
− | ~/var/canvas$ cp config/outgoing_mail.yml.example config/outgoing_mail.yml | + | ~/var/canvas$ cp ./config/outgoing_mail.yml.example ./config/outgoing_mail.yml |
~/var/canvas$ vi config/outgoing_mail.yml | ~/var/canvas$ vi config/outgoing_mail.yml | ||
Under '''Production''' | Under '''Production''' | ||
Line 104: | Line 107: | ||
====domain.yml==== | ====domain.yml==== | ||
− | ~/var/canvas$ cp config/domain.yml.example config/domain.yml | + | ~/var/canvas$ cp ./config/domain.yml.example ./config/domain.yml |
~/var/canvas$ vi config/domain.yml | ~/var/canvas$ vi config/domain.yml | ||
Under '''Production''' | Under '''Production''' | ||
Line 119: | Line 122: | ||
====security.yml==== | ====security.yml==== | ||
− | ~/var/canvas$ cp config/security.yml.example config/security.yml | + | ~/var/canvas$ cp ./config/security.yml.example ./config/security.yml |
~/var/cavnas$ vi config/security.yml | ~/var/cavnas$ vi config/security.yml | ||
Under '''Production''' | Under '''Production''' | ||
Line 139: | Line 142: | ||
To help our developers better serve you, Instructure would like to collect some usage data about your Canvas installation. You can | To help our developers better serve you, Instructure would like to collect some usage data about your Canvas installation. You can | ||
− | change this setting at any time.: | + | change this setting at any time.: |
1. Opt in | 1. Opt in | ||
2. Only send anonymized data | 2. Only send anonymized data | ||
Line 178: | Line 181: | ||
In my installation, I did not do the following:<br> | In my installation, I did not do the following:<br> | ||
'''Permission issues, see [https://github.com/instructure/canvas-lms/wiki/Production-Start#configure-passenger-with-apache Configure Passenger with Apache] on the Production start guide for Canvas''' | '''Permission issues, see [https://github.com/instructure/canvas-lms/wiki/Production-Start#configure-passenger-with-apache Configure Passenger with Apache] on the Production start guide for Canvas''' | ||
+ | ==Apache 2 SSL config== | ||
+ | ~/var/canvas$ sudo a2enmod ssl | ||
+ | ~/var/canvas$ sudo service apache2 restart | ||
+ | =====Generate a CSR for SSL provider===== | ||
+ | The following will generate a SSL Key w/o a passphrase. Keep in mind that if the key is compromised the SSL traffic is compromised. | ||
+ | openssl genrsa -out server.key 2048 | ||
+ | If you've already generated a key with a passphrase and want to remove it, run the following | ||
+ | openssl rsa -in server.key -out server.key.insecure | ||
+ | Now that you have the key you can generate the CSR. | ||
+ | openssl req -new -key server.key -out server.csr | ||
+ | Submit the CSR to your SSL provider and specify what type of system the website is hosted on (ie. apache2 on Linux). They will generally then provide you with the following: | ||
+ | *Root Certificate | ||
+ | *Chain Certificate | ||
+ | *SSL Certificate | ||
+ | I personally check my existing certificates located under <code>/etc/ssl/certs</code> to make sure that neither the Root Certificate or Chain Certificate is already there. If not, then create a new file for each and paste the Root and Chain into each, respectively.<br> | ||
+ | For the SSL certificate, I recommend that you create a sub folder either under <code>/etc/ssl/certs/</code> or <code>/etc/ssl/private/</code> and organize the cert, csr, and key under such. Make sure your permissions are set correctly, you do not want just anyone being able to view these files. | ||
+ | |||
+ | ==Canvas Apache2 config== | ||
+ | Disable the default site | ||
+ | ~/var/canvas$ sudo a2dissite 000-default | ||
+ | ~/var/canvas$ sudo service apache2 restart | ||
+ | Create the canvas apache config file | ||
+ | ~/var/canvas$ sudo nano /etc/apache2/sites-available/canvas | ||
+ | Paste the following into the new file: | ||
+ | <VirtualHost *:80> | ||
+ | ServerName canvas.example.com | ||
+ | ServerAlias files.canvas.example.com | ||
+ | ServerAdmin [email protected] | ||
+ | DocumentRoot /var/canvas/public | ||
+ | RewriteEngine On | ||
+ | RewriteCond %{HTTP:X-Forwarded-Proto} !=https | ||
+ | RewriteCond %{REQUEST_URI} !^/health_check | ||
+ | RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L] | ||
+ | ErrorLog /var/log/apache2/canvas_errors.log | ||
+ | LogLevel warn | ||
+ | CustomLog /var/log/apache2/canvas_access.log combined | ||
+ | SetEnv RAILS_ENV production | ||
+ | <Directory /var/canvas/public> | ||
+ | Allow from all | ||
+ | Options -MultiViews | ||
+ | </Directory> | ||
+ | </VirtualHost> | ||
+ | <VirtualHost *:443> | ||
+ | ServerName canvas.example.com | ||
+ | ServerAlias files.canvas.example.com | ||
+ | ServerAdmin [email protected] | ||
+ | DocumentRoot /var/canvas/public | ||
+ | ErrorLog /var/log/apache2/canvas_errors.log | ||
+ | LogLevel warn | ||
+ | CustomLog /var/log/apache2/canvas_ssl_access.log combined | ||
+ | SSLEngine on | ||
+ | BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 | ||
+ | BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown | ||
+ | # the following ssl certificate files are generated for you from the ssl-cert package. | ||
+ | SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem | ||
+ | SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key | ||
+ | SetEnv RAILS_ENV production | ||
+ | <Directory /var/canvas/public> | ||
+ | Allow from all | ||
+ | Options -MultiViews | ||
+ | </Directory> | ||
+ | </VirtualHost> | ||
+ | |||
+ | Modify the following values in the new canvas config file: | ||
+ | <VirtualHost *:80> | ||
+ | ServerName [value] -- changed from default | ||
+ | ServerAlias [value] -- changed from default | ||
+ | ServerAdmin [value] -- changed from default | ||
+ | DocumentRoot [value] -- default | ||
+ | ... | ||
+ | SetEnv [value] -- default | ||
+ | <Directory [value]> -- default | ||
+ | ... | ||
+ | </VirtualHost> | ||
+ | <VirtualHost *:443> | ||
+ | ServerName [value] -- changed from default | ||
+ | ServerAlias [value] -- changed from default | ||
+ | ServerAdmon [value] -- changed from default | ||
+ | DocumentRoot [value] -- default | ||
+ | ... | ||
+ | SSLCertificateFile [value] -- changed from default | ||
+ | SSLCertificateKeyFile [value] -- changed from default | ||
+ | SetEnv [value] -- default | ||
+ | <Directory [value]> -- default | ||
+ | ... | ||
+ | </VirtualHost> | ||
+ | Enable the new site | ||
+ | ~/var/canvas$ sudo a2ensite canvas | ||
+ | |||
+ | ==Redis Server install== | ||
+ | ~/var/canvas$ sudo apt-add-repository ppa:chris-lea/redis-server | ||
+ | ~/var/canvas$ sudo apt-get update | ||
+ | ~/var/canvas$ sudo apt-get -y install redis-server | ||
+ | verify that the redis version installed is 2.6x or above | ||
+ | ~/var/canvas$ redis-cli info | grep redis_version | ||
+ | The above should return a response like such: <code>redis_version: 2.8.4</code><br> | ||
+ | ==Redis Server config== | ||
+ | ~/var/canvas$ sudo cp config/cache_store.yml.example config/cache_store.yml | ||
+ | ~/var/canvas$ sudo vi config/cache_store.yml | ||
+ | Uncomment the <code>cache_store: redis_store</code> or add the following if there is no production section: | ||
+ | production: | ||
+ | cache_store: redis_store | ||
+ | ~/var/canvas$ sudo cp config/redis.yml.example config/redis.yml | ||
+ | ~/var/canvas$ vi config/redis.yml | ||
+ | Uncomment the section below and add <code>localhost</code> | ||
+ | production: | ||
+ | servers: | ||
+ | # list of redis servers to use in the ring | ||
+ | - localhost | ||
+ | # - redis://redis01 | ||
+ | ==Restart services== | ||
+ | ~/var/canvas$ sudo service postgresql restart | ||
+ | ~/var/canvas$ sudo service apache2 restart | ||
+ | ~/var/canvas$ sudo service redis-server restart | ||
+ | ==Automated jobs installation== | ||
+ | ~/var/canvas$ sudo ln -s /var/canvas/script/canvas_init /etc/init.d/canvas_init | ||
+ | ~/var/canvas$ sudo update-rc.d canvas_init defaults | ||
+ | ~/var/canvas$ sudo /etc/init.d/canvas_init start | ||
+ | ==Final step: Restart Apache2== | ||
+ | ~/var/canvas$ sudo service apache2 restart |
Latest revision as of 23:22, 27 January 2016
Installation Ubuntu 12.04 | Installation Ubuntu 14.04
Canvas - Learning Management Solution. Used by universities and schools.
[edit] Ubuntu 12.04
[edit] Requirements
In the simplest configuration, everything will be running off a single server.
- Recommended Hardware specifications
- Dual Core+ 3.0ghz+ or Dual processors
- 4GB+ RAM
- 60GB HDD
- 64-bit capable system
[edit] Software Requirements
Minimum, Ubuntu 10.04 LTS+ server edition. Desktop will require more hardware than listed above.
Preferably Ubuntu 12.04 LTS
If you are having trouble loading 12.04 LTS, try upgrading from 10.04. Instructions here
[edit] Download Database software
Postgres (Database)
~$ sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get -y autoremove ~$ sudo apt-get -y install postgresql-9.1
[edit] Configure Database
~$ sudo -u postgres createuser canvas -D -S -R -P ~$ sudo -u postgres createdb canvas_production --owner=canvas ~$ sudo -u postgres createdb canvas_queue_production --owner=canvas
[edit] Download Git & Canvas
~$ sudo apt-get -y install git-core ~$ cd /var ~$ sudo git clone https://github.com/instructure/canvas-lms.git canvas ~$ cd canvas ~/var/canvas$ sudo git branch --set-upstream stable origin/stable ~/var/canvas$ sudo chown -R helpdesk /var/canvas --- helpdesk just happens to be the name of this user. use your own
[edit] Download Ruby 1.9.3
You're going to have to add a repository because the version available through Ubuntu's US or Main repos is not up to date (at the time of this writing.
~/var/canvas$ sudo apt-get -y install python-software-properties ~/var/canvas$ sudo apt-add-repository ppa:brightbox/ruby-ng ~/var/canvas$ sudo apt-get update ~/var/canvas$ sudo apt-get -y install ruby1.9.3 zlib1g-dev libxml2-dev libmysqlclient-dev libxslt1-dev imagemagick libpq-dev nodejs libxmlsec1-dev libcurl4-gnutls-dev libxmlsec1 build-essential openjdk-7-jre unzip
[edit] Download Ruby Gems
If you are behind a firewall, you're going to need to open up the following routes to complete this sections' installation instructions:
- 192.30.252.128:9418
- 192.30.252.129:9418
- 192.30.252.130:9418
- 192.30.252.131:9418
~/var/canvas$ sudo gem install bundler --version 1.3.5 ~/var/canvas$ bundle install --path vendor/bundle --without=sqlite
[edit] Download default config files from Amazon instance
~/var/canvas$ for config in amazon_s3 database \ delayed_jobs domain file_store outgoing_mail security external_migration do cp config/$config.yml.example config/$config.yml; done
[edit] Configuration
[edit] database.yml
~/var/canvas$ cp ./config/database.yml.example ./config/database.yml ~/var/canvas$ vi config/database.yml
Under Production
- edit the database name (if different from default)default=canvas_production & canvas_queue_production
- host (if different from default) default=localhost
- username for database user (if different from default) default=canvas
- password for database user
- In my instance, nothing was changed except the password.
production: adapter: postgresql encoding: utf8 database: canvas_production host: localhost username: canvas password: password timeout: 5000 queue: adapter: postgresql encoding: utf8 database: canvas_queue_production host: localhost username: canvas password: password timeout: 5000
[edit] outgoing_mail.yml
~/var/canvas$ cp ./config/outgoing_mail.yml.example ./config/outgoing_mail.yml ~/var/canvas$ vi config/outgoing_mail.yml
Under Production
- Edit the address, this should be your email relay or SMTP server
- Edit the port (if different from default) default=25
- Edit the username for your relay/smtp
- Edit the password for your relay/smtp
- Edit the domain (if different from default) default=example.com
- Edit the outgoing address (if different from default) [email protected]
- In my instance, I only changed the address, username, password, domain, and outgoing_address
production: address: "smtp.example.com" port: "25" user_name: "user" password: "password" authentication: "plain" # plain, login, or cram_md5 domain: "example.com" outgoing_address: "[email protected]" default_name: "Instructure Canvas"
[edit] domain.yml
~/var/canvas$ cp ./config/domain.yml.example ./config/domain.yml ~/var/canvas$ vi config/domain.yml
Under Production
- Edit the domain
- Uncomment the files domain and add your domain
- In my instance, I only changed the domain and uncommented the files domain
production: domain: "canvas.example.com" # whether this instance of canvas is served over ssl (https) or not # defaults to true for production, false for test/development ssl: true files_domain: "canvasfiles.example.com"
[edit] security.yml
~/var/canvas$ cp ./config/security.yml.example ./config/security.yml ~/var/cavnas$ vi config/security.yml
Under Production
- Edit the encryption Key to a minimum of 20 characters. This can be random.
- In my instance, I only changed the encryption key by pressing alot of buttons
production: # replace this with a random string of at least 20 characters encryption_key: hu9ehd92hdh2798ehdrd2hd37824 ---(no this is not really my encryption key)
[edit] Database Population
~/var/canvas$ RAILS_ENV=production bundle exec rake db:initial_setup
You will be asked the following questions:
What email address will the site administrator account use? > Please confirm > What password will the site administrator use? > Please confirm > What do you want users to see as the account name? This should probably be the name of your organization. >
To help our developers better serve you, Instructure would like to collect some usage data about your Canvas installation. You can change this setting at any time.: 1. Opt in 2. Only send anonymized data 3. Opt out completely >
[edit] File Generation
~/var/canvas$ bundle exec rake canvas:compile_assets
[edit] Ownership limitations
I did this with www-data as this user exists by default with Apache installtions on Ubuntu.
Verify www-data exists:
~/var/canvas$ awk -F':' '{ print$1}' /etc/passwd ... www-data ...
Create directories and set permissions.
~/var/canvas$ sudo mkdir -p log tmp/pids public/assets public/stylesheets/compiled ~/var/canvas$ sudo touch Gemfile.lock ~/var/canvas$ sudo chown -R www-data config/environment.rb log tmp public/assets public/stylesheets/compiled Gemfile.lock config.ru
Limit read access
~/var/canvas$ sudo chown www-data config/*.yml ~/var/canvas$ sudo chmod 400 config/*.yml
[edit] Apache2 install/config
~/var/canvas$ sudo apt-get -y install passenger-common1.9.1 libapache2-mod-passenger apache2 ~/var/canvas$ sudo a2enmod rewrite ~/var/canvas$ sudo service apache2 restart
Verify that symlinks exist for the passenger mods:
~/var/canvas$ cd /etc/apache2/mods-enabled/ ~/etc/apache2/mods-enabled$ ls ... passenger.conf passenger.load ....
In my installation, I did not do the following:
Permission issues, see Configure Passenger with Apache on the Production start guide for Canvas
[edit] Apache 2 SSL config
~/var/canvas$ sudo a2enmod ssl ~/var/canvas$ sudo service apache2 restart
[edit] Generate a CSR for SSL provider
The following will generate a SSL Key w/o a passphrase. Keep in mind that if the key is compromised the SSL traffic is compromised.
openssl genrsa -out server.key 2048
If you've already generated a key with a passphrase and want to remove it, run the following
openssl rsa -in server.key -out server.key.insecure
Now that you have the key you can generate the CSR.
openssl req -new -key server.key -out server.csr
Submit the CSR to your SSL provider and specify what type of system the website is hosted on (ie. apache2 on Linux). They will generally then provide you with the following:
- Root Certificate
- Chain Certificate
- SSL Certificate
I personally check my existing certificates located under /etc/ssl/certs
to make sure that neither the Root Certificate or Chain Certificate is already there. If not, then create a new file for each and paste the Root and Chain into each, respectively.
For the SSL certificate, I recommend that you create a sub folder either under /etc/ssl/certs/
or /etc/ssl/private/
and organize the cert, csr, and key under such. Make sure your permissions are set correctly, you do not want just anyone being able to view these files.
[edit] Canvas Apache2 config
Disable the default site
~/var/canvas$ sudo a2dissite 000-default ~/var/canvas$ sudo service apache2 restart
Create the canvas apache config file
~/var/canvas$ sudo nano /etc/apache2/sites-available/canvas
Paste the following into the new file:
<VirtualHost *:80> ServerName canvas.example.com ServerAlias files.canvas.example.com ServerAdmin [email protected] DocumentRoot /var/canvas/public RewriteEngine On RewriteCond %{HTTP:X-Forwarded-Proto} !=https RewriteCond %{REQUEST_URI} !^/health_check RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L] ErrorLog /var/log/apache2/canvas_errors.log LogLevel warn CustomLog /var/log/apache2/canvas_access.log combined SetEnv RAILS_ENV production <Directory /var/canvas/public> Allow from all Options -MultiViews </Directory> </VirtualHost> <VirtualHost *:443> ServerName canvas.example.com ServerAlias files.canvas.example.com ServerAdmin [email protected] DocumentRoot /var/canvas/public ErrorLog /var/log/apache2/canvas_errors.log LogLevel warn CustomLog /var/log/apache2/canvas_ssl_access.log combined SSLEngine on BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown # the following ssl certificate files are generated for you from the ssl-cert package. SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key SetEnv RAILS_ENV production <Directory /var/canvas/public> Allow from all Options -MultiViews </Directory> </VirtualHost>
Modify the following values in the new canvas config file:
<VirtualHost *:80> ServerName [value] -- changed from default ServerAlias [value] -- changed from default ServerAdmin [value] -- changed from default DocumentRoot [value] -- default ... SetEnv [value] -- default <Directory [value]> -- default ... </VirtualHost> <VirtualHost *:443> ServerName [value] -- changed from default ServerAlias [value] -- changed from default ServerAdmon [value] -- changed from default DocumentRoot [value] -- default ... SSLCertificateFile [value] -- changed from default SSLCertificateKeyFile [value] -- changed from default SetEnv [value] -- default <Directory [value]> -- default ... </VirtualHost>
Enable the new site
~/var/canvas$ sudo a2ensite canvas
[edit] Redis Server install
~/var/canvas$ sudo apt-add-repository ppa:chris-lea/redis-server ~/var/canvas$ sudo apt-get update ~/var/canvas$ sudo apt-get -y install redis-server
verify that the redis version installed is 2.6x or above
~/var/canvas$ redis-cli info | grep redis_version
The above should return a response like such: redis_version: 2.8.4
[edit] Redis Server config
~/var/canvas$ sudo cp config/cache_store.yml.example config/cache_store.yml ~/var/canvas$ sudo vi config/cache_store.yml
Uncomment the cache_store: redis_store
or add the following if there is no production section:
production: cache_store: redis_store ~/var/canvas$ sudo cp config/redis.yml.example config/redis.yml ~/var/canvas$ vi config/redis.yml
Uncomment the section below and add localhost
production: servers: # list of redis servers to use in the ring - localhost # - redis://redis01
[edit] Restart services
~/var/canvas$ sudo service postgresql restart ~/var/canvas$ sudo service apache2 restart ~/var/canvas$ sudo service redis-server restart
[edit] Automated jobs installation
~/var/canvas$ sudo ln -s /var/canvas/script/canvas_init /etc/init.d/canvas_init ~/var/canvas$ sudo update-rc.d canvas_init defaults ~/var/canvas$ sudo /etc/init.d/canvas_init start
[edit] Final step: Restart Apache2
~/var/canvas$ sudo service apache2 restart