Differences between revisions 39 and 40
Revision 39 as of 2021-10-19 16:13:46
Size: 5984
Editor: Praveen A
Comment: document ssl cert generation using certbot
Revision 40 as of 2021-10-19 16:21:28
Size: 6111
Editor: Praveen A
Comment: nginx failure may be scaleway specific
Deletions are marked like this. Additions are marked like this.
Line 90: Line 90:
 1. Figure out how to install nginx configuration before nginx is installed (currently nginx fails to start) - not started  1. Figure out how to install nginx configuration before nginx is installed (currently nginx fails to start) - not started (this is possibly a scaleway specific issue as the default DNS entry is too big and nginx.conf needs an update to handle this)

Pupilfirst (https://www.pupilfirst.com/) is a Free Software Learning Management system written in Ruby on Rails. Currently they only support deploying to heroku. This page will be used to keep track of packaging pupilfirst for Debian.

Experimental

You will need a DebianUnstable machine with experimental repo enabled in sources.list. If you have to used Experimental before, see DebianExperimental

Add personal repo of pupilfirst maintainer following https://people.debian.org/~praveen/pupilfirst/README

$ sudo apt install nginx # need to figure out a way to avoid this

Note: If you choose to enabled ssl during installation, you need to get the certificates before you start installation and add these to /etc/pupilfirst/ssl as <your fqdn>-bundle.pem and <your fqdn>.key.

To generate ssl certificates with certbot run,

# apt install certbot
# certbot certonly --standalone  -d <your fqdn> --agree-tos -m <your email> -n

This will generate the ssl certificates in /etc/letsencrypt/live/<your fqdn>. fullchain.pem and privkey.pem from this directory should be copied to /etc/pupilfirst/ssl and renamed as indicated above.

$ sudo apt install ruby-rails/experimental ruby-actioncable/experimental \
ruby-actionmailbox/experimental ruby-actionmailer/experimental \
ruby-actionpack/experimental ruby-actiontext/experimental \
ruby-actionview/experimental ruby-activejob/experimental ruby-activemodel/experimental \
ruby-activerecord/experimental ruby-activestorage/experimental \
ruby-activesupport/experimental ruby-railties/experimental \
ruby-tzinfo/experimental pupilfirst

Visit http://<your fqdn> on your browser to see the default page.

Further configurations

Start rails console,

$ set -a && . /etc/pupilfirst/pupilfirst.env && set +a
$ cd /usr/share/pupilfirst/
$ sudo -u pupilfirst -EH bundle exec rails console

If you don'tuse sudo, use su pupilfirst -s /bin/sh -c 'bundle exec rails console'

and follow upstream documentation to configure your instance

  1. Setup password for admin user

  2. Set a primary domain

  3. Configure recaptcha keys - add these (or any other variable you like to set) to /etc/pupilfirst/pupilfirst.env

Adding new users

This needs a working mail server properly configured to send mails via sendmail command (or you can change config.action_mailer.delivery_method in /usr/share/pupilfirst/config/environments/production.rb to use postmark or another external smtp server). See https://github.com/diaspora/diaspora/blob/d4f92a8fae2bcc0eb716622cb471276d38e8e305/config/initializers/mailer_config.rb#L12 for example configuration.

Alternatively, you can add users using the admin login and then set passwords using rails console (same commands as setting admin password, juts replace admin email address with the users email address)

Upstream issues

Packaging status

Completed Tasks

  1. Basic package template - done
  2. Install rubygems dependencies (pull only unpackaged gems from rubygems.org) - done
  3. Configure database - done (need to provide a working config/database.yml)
  4. Run database migrations - done
  5. Install node dependencies - done
  6. Precompile assets (includes webpacker) - done (needed to copy source tree to /var as symlinking some directories don't work)
  7. Start rails app - done (use local storage over amazon s3, create tmpfiles.d config for pids and sockets, need to disable https)
  8. Configure puma - done
  9. Configure systemd units - done
  10. Configure nginx - done
  11. Properly generate keys and remove hard coding - done (vapid keys and secret_key_base are now generated during installation)
  12. Setup debconf for choosing hostname - done (hostname is handled via debconf now)
  13. Remove hard coding of GEM_PATH (for other archs) - done

In progress or not started tasks

  1. Set admin password and add school - in progress (done manually, need upstream help to enable login via username/disable recaptcha)
  2. Use runuser instead of su in scripts - not started
  3. Switch nginx to use unix socket - not started
  4. Setup debconf for choosing https/lets encrypt - not started
  5. Figure out how to install nginx configuration before nginx is installed (currently nginx fails to start) - not started (this is possibly a scaleway specific issue as the default DNS entry is too big and nginx.conf needs an update to handle this)
  6. Install config directory in /etc - not started
  7. Allow choosing sendmail vs postmark via environment variables and send upstream pull request - not started (https://github.com/pupilfirst/pupilfirst/issues/826)

Testing the package

You can setup lxc, system nspawn or a virtual machine to install the package. Use /etc/hosts file of the host machine to map the container or virtual machine ip to a hostname and use this hostname for the pupilfirst service. You can visit the service using a browser on the host machine.