Canvas LMS/Installation/Ubuntu14 04

From r00tedvw.com wiki
Revision as of 16:43, 20 August 2015 by R00t (Talk | contribs)

Jump to: navigation, search

Installation Ubuntu 12.04 | Installation Ubuntu 14.04
Canvas - Learning Management Solution. Used by universities and schools.

Contents

 [hide

Ubuntu 14.04

Requirements

In the simplest configuration, everything will be running off a single server.

Recommended Hardware specifications
Dual Core+ 3.0ghz+ or Dual processors
4GB+ RAM
60GB HDD
64-bit capable system

Software Requirements

Minimum, Ubuntu 14.04 LTS+ server edition. Desktop will require more hardware than listed above.

Download Database software

Postgres (Database)

~$ sudo apt-get update && sudo apt-get -y upgrade && sudo apt-get -y autoremove
~$ sudo apt-get update && sudo apt-get install postgresql-9.3 -y 

Configure Database

~$ sudo -u postgres createuser canvas -D -S -R -P
~$ sudo -u postgres createdb canvas_production --owner=canvas
~$ sudo -u postgres createdb canvas_queue_production --owner=canvas

Create superuser (this one is named helpdesk)

sudo -u postgres createuser helpdesk
~$ sudo -u postgres psql -c "alter user helpdesk with superuser" postgres

Download Git & Canvas

~$ sudo apt-get -y install git-core
~$ cd /var
~$ sudo git clone https://github.com/instructure/canvas-lms.git canvas
~$ cd canvas
~/var/canvas$ sudo git branch --set-upstream-to origin/stable
~/var/canvas$ sudo chown -R helpdesk /var/canvas   --- helpdesk just happens to be the name of this user.  use your own 

Download Ruby 2.1.6

You're going to have to add a repository because the version available through Ubuntu's US or Main repos is not up to date (at the time of this writing.

~/var/canvas$ sudo apt-get -y install software-properties-common
~/var/canvas$ sudo apt-add-repository ppa:brightbox/ruby-ng
~/var/canvas$ sudo apt-get update
~/var/canvas$ sudo apt-get -y install ruby2.1 ruby2.1-dev zlib1g-dev libxml2-dev libsqlite3-dev postgresql libpq-dev libxmlsec1-dev curl make g++

Download Node.js

~/var/canvas$ $ curl -sL https://deb.nodesource.com/setup_0.12 | sudo bash -
~/var/canvas$ sudo apt-get install nodejs -y

Download Ruby Gems

If you are behind a firewall, you're going to need to open up the following routes to complete this sections' installation instructions:

192.30.252.128:9418
192.30.252.129:9418
192.30.252.130:9418
192.30.252.131:9418
~/var/canvas$ sudo gem install bundler --version 1.7.11
~/var/canvas$ bundle install --path vendor/bundle --without=sqlite mysql

Download default config files from Amazon instance

~/var/canvas$ for config in amazon_s3 database \
  delayed_jobs domain file_store outgoing_mail security external_migration
do cp config/$config.yml.example config/$config.yml; done

Configuration

database.yml

~/var/canvas$ cp ./config/database.yml.example ./config/database.yml
~/var/canvas$ vi config/database.yml

Under Production

  • edit the database name (if different from default)default=canvas_production & canvas_queue_production
  • host (if different from default) default=localhost
  • username for database user (if different from default) default=canvas
  • password for database user
In my instance, nothing was changed except the password.
production:
 adapter: postgresql
 encoding: utf8
 database: canvas_production
 host: localhost
 username: canvas
 password: password
 timeout: 5000
 queue:
   adapter: postgresql
   encoding: utf8
   database: canvas_queue_production
   host: localhost
   username: canvas
   password: password
   timeout: 5000

outgoing_mail.yml

~/var/canvas$ cp ./config/outgoing_mail.yml.example ./config/outgoing_mail.yml
~/var/canvas$ vi config/outgoing_mail.yml

Under Production

  • Edit the address, this should be your email relay or SMTP server
  • Edit the port (if different from default) default=25
  • Edit the username for your relay/smtp
  • Edit the password for your relay/smtp
  • Edit the domain (if different from default) default=example.com
  • Edit the outgoing address (if different from default) default=canvas@example.com
In my instance, I only changed the address, username, password, domain, and outgoing_address
production:
 address: "smtp.example.com"
 port: "25"
 user_name: "user"
 password: "password"
 authentication: "plain" # plain, login, or cram_md5
 domain: "example.com"
 outgoing_address: "canvas@example.com"
 default_name: "Instructure Canvas"

domain.yml

~/var/canvas$ cp ./config/domain.yml.example ./config/domain.yml
 ~/var/canvas$ vi config/domain.yml

Under Production

  • Edit the domain
  • Uncomment the files domain and add your domain
In my instance, I only changed the domain and uncommented the files domain
production:
 domain: "canvas.example.com"
 # whether this instance of canvas is served over ssl (https) or not
 # defaults to true for production, false for test/development
 ssl: true
 files_domain: "canvasfiles.example.com"

security.yml

~/var/canvas$ cp ./config/security.yml.example ./config/security.yml
 ~/var/canvas$ vi config/security.yml

Under Production

  • Edit the encryption Key to a minimum of 20 characters. This can be random.
In my instance, I only changed the encryption key by pressing alot of buttons
production:
 # replace this with a random string of at least 20 characters
 encryption_key: hu9ehd92hdh2798ehdrd2hd37824   ---(no this is not really my encryption key)

Database Population

~/var/canvas$ RAILS_ENV=production bundle exec rake db:initial_setup

You will be asked the following questions:

What email address will the site administrator account use? > 
Please confirm > 
What password will the site administrator use? >
Please confirm >
What do you want users to see as the account name? This should probably be the name of your organization. >
To help our developers better serve you, Instructure would like to collect some usage data about your Canvas installation. You can  
change this setting at any time.:
1. Opt in
2. Only send anonymized data
3. Opt out completely 
>

File Generation

~/var/canvas$ sudo mkdir -p log tmp/pids public/assets public/stylesheets/compiled
~/var/canvas$ sudo touch Gemfile.lock
~/var/canvas$ npm install
~/var/canvas$ RAILS_ENV=production bundle exec rake canvas:compile_assets

STOPPED HERE 8/19

Ownership limitations

I did this with www-data as this user exists by default with Apache installtions on Ubuntu.
Verify www-data exists:

~/var/canvas$ awk -F':' '{ print$1}' /etc/passwd
...
www-data
...

Limit read access

 ~/var/canvas$ sudo chown -R www-data config/environment.rb log tmp public/assets public/stylesheets/compiled Gemfile.lock config.ru
 ~/var/canvas$ sudo chown www-data ./config/*.yml
 ~/var/canvas$ sudo chmod 400 ./config/*.yml

Apache2 install/config

Unfortunately we need to add a repo before we can install passenger-common1.9.1 as it is not found in the normal 14.04 repo:

E: Unable to locate package passenger-common1.9.1
E: Couldn't find any package by regex 'passenger-common1.9.1'

Add the new repo

~$ sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 561F9B9CAC40B2F7
~$ sudo apt-get install -y apt-transport-https ca-certificates
~$ sudo sh -c 'echo deb https://oss-binaries.phusionpassenger.com/apt/passenger trusty main > /etc/apt/sources.list.d/passenger.list'
~$ sudo apt-get update

Now you should be able to install the required dependencies. passenger replaces passenger-common1.9.1

~$ sudo apt-get install -y passenger libapache2-mod-passenger apache2

Begin Apache config

~$ sudo a2enmod rewrite
~$ sudo service apache2 restart

Passenger config

~$ sudo a2enmod passenger

Apache2 SSL config

~/var/canvas$ sudo a2enmod ssl
~/var/canvas$ sudo service apache2 restart
Generate a CSR for SSL provider

The following will generate a SSL Key w/o a passphrase. Keep in mind that if the key is compromised the SSL traffic is compromised.

openssl genrsa -out server.key 2048

If you've already generated a key with a passphrase and want to remove it, run the following

openssl rsa -in server.key -out server.key.insecure

Now that you have the key you can generate the CSR.

openssl req -new -key server.key -out server.csr

Submit the CSR to your SSL provider and specify what type of system the website is hosted on (ie. apache2 on Linux). They will generally then provide you with the following:

  • Root Certificate
  • Chain Certificate
  • SSL Certificate

I personally check my existing certificates located under /etc/ssl/certs to make sure that neither the Root Certificate or Chain Certificate is already there. If not, then create a new file for each and paste the Root and Chain into each, respectively.
For the SSL certificate, I recommend that you create a sub folder either under /etc/ssl/certs/ or /etc/ssl/private/ and organize the cert, csr, and key under such. Make sure your permissions are set correctly, you do not want just anyone being able to view these files.

Canvas Apache2 config

You should be using Apache 2.4+, make sure you are:

~$ apache2 -v
Server version: Apache/2.4.7 (Ubuntu)
Server built:   Jul 24 2015 17:25:11

Disable default site

~$ sudo a2dissite 000-default.conf
~$ sudo service apache2 restart

Create the canvas apache config file

~/var/canvas$ sudo vi /etc/apache2/sites-available/canvas

Paste the following into the new file:

<VirtualHost *:80>
  ServerName canvas.example.com
  ServerAlias files.canvas.example.com
  ServerAdmin youremail@example.com
  DocumentRoot /var/canvas/public
  RewriteEngine On
  RewriteCond %{HTTP:X-Forwarded-Proto} !=https
  RewriteCond %{REQUEST_URI} !^/health_check
  RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L]  
  ErrorLog /var/log/apache2/canvas_errors.log
  LogLevel warn
  CustomLog /var/log/apache2/canvas_access.log combined
  SetEnv RAILS_ENV production
  <Directory /var/canvas/public>
    Allow from all
    Options -MultiViews
  </Directory>
</VirtualHost>
<VirtualHost *:443>
  ServerName canvas.example.com
  ServerAlias files.canvas.example.com
  ServerAdmin youremail@example.com
  DocumentRoot /var/canvas/public
  ErrorLog /var/log/apache2/canvas_errors.log
  LogLevel warn
  CustomLog /var/log/apache2/canvas_ssl_access.log combined
  SSLEngine on
  BrowserMatch "MSIE [2-6]" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
  # the following ssl certificate files are generated for you from the ssl-cert package.
  SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
  SetEnv RAILS_ENV production
  <Directory /var/canvas/public>
    Options All
    AllowOverride All
    Require all granted
  </Directory>
</VirtualHost>

Modify the following values in the new canvas config file:

<VirtualHost *:80>
  ServerName [value]   -- changed from default
  ServerAlias [value]  -- changed from default
  ServerAdmin [value]  -- changed from default
  DocumentRoot [value] -- default
  ...
  SetEnv [value]       -- default
  <Directory [value]>  -- default
  ...
</VirtualHost>
<VirtualHost *:443>
  ServerName [value]   -- changed from default
  ServerAlias [value]  -- changed from default
  ServerAdmon [value]  -- changed from default
  DocumentRoot [value] -- default
  ...
  SSLCertificateFile [value]    -- changed from default
  SSLCertificateKeyFile [value] -- changed from default
  SetEnv [value]       -- default
  <Directory [value]>  -- default
  ...
</VirtualHost>

Enable the new site

~/var/canvas$ sudo a2ensite canvas
~$ sudo services apache2 restart

Optimize File Downloads

Pertains to locally stored data

~$ sudo apt-get update && sudo apt-get install -y libapache2-mod-xsendfile
~$ sudo a2enmod xsendfile
~$ sudo service apache2 restart

create new config file to avoid future merge conflicts

~/var/canvas$ cp ./config/environments/production.rb ./config/environments/production-local.rb

Edit ./config/environments/production-local.rb and uncomment

~/var/canvas$ vi ./config/environments/production-local.rb
config.action_dispatch.x_sendfile_header
Personal tools
Namespaces

Variants
Actions
Navigation
Mediawiki