Difference between revisions of "Canvas Deployment"
(29 intermediate revisions by the same user not shown) | |||
Line 14: | Line 14: | ||
canvas-lms<br> | canvas-lms<br> | ||
- server : ubuntu 16.04 cpu 8, ram 8<br> | - server : ubuntu 16.04 cpu 8, ram 8<br> | ||
− | - ip : 10.110.60.215 | + | - ip : 10.110.60.215<br> |
== nfs share file configuration == | == nfs share file configuration == | ||
Line 72: | Line 72: | ||
add line in docker-compose.yml like | add line in docker-compose.yml like | ||
<syntaxhighlight lang=bash> | <syntaxhighlight lang=bash> | ||
+ | version: '3' | ||
+ | services: | ||
+ | pg: | ||
+ | image: postgres:12.3 | ||
+ | container_name: postgres | ||
+ | restart: always | ||
+ | environment: | ||
+ | POSTGRES_PASSWORD: ${POSTGRES_PASSWORD} | ||
+ | POSTGRES_DB: ${POSTGRES_DB} | ||
+ | volumes: | ||
+ | - ./data:/var/lib/postgresql/data | ||
+ | ports: | ||
+ | - 5432:5432 | ||
+ | adminer: | ||
+ | image: adminer | ||
+ | restart: always | ||
+ | ports: | ||
+ | - 8080:8080 | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * create .env file for environment variables use in container | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ vim .env | ||
+ | </syntaxhighlight> | ||
+ | add line in .env file like | ||
+ | <syntaxhighlight lang=bash> | ||
+ | POSTGRES_PASSWORD=<your password> | ||
+ | POSTGRES_DB=canvas | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * deploy postgres | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ docker-compose up -d | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | == redis cache deployment == | ||
+ | === on file share server === | ||
+ | * create docker-compose.yml for deploy redis | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ mkdir redis | ||
+ | $ cd redis | ||
+ | $ vim docker-compose.yml | ||
+ | </syntaxhighlight> | ||
+ | add line in docker-compose.yml like | ||
+ | <syntaxhighlight lang=bash> | ||
+ | version: '3' | ||
+ | services: | ||
+ | redis: | ||
+ | container_name: redis | ||
+ | image: redis:6.0.4 | ||
+ | ports: | ||
+ | - 6379:6379 | ||
+ | restart: always | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * deploy redis | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ docker-compose up -d | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | == canvas rce api deployment == | ||
+ | === on file share server === | ||
+ | * create docker-compose.yml for deployment | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ mkdir canvas-rce-api | ||
+ | $ cd canvas-rce-api | ||
+ | $ vim docker-compose.yml | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | add line in docker-compose.yml like | ||
+ | <syntaxhighlight lang=bash> | ||
+ | version: '3' | ||
+ | services: | ||
+ | canvas-rce-api: | ||
+ | container_name: canvas-rce-api | ||
+ | image: instructure/canvas-rce-api | ||
+ | ports: | ||
+ | - 80:80 | ||
+ | environment: | ||
+ | ECOSYSTEM_KEY: ${ECOSYSTEM_KEY} | ||
+ | ECOSYSTEM_SECRET: ${ECOSYSTEM_SECRET} | ||
+ | NODE_ENV: production | ||
+ | STATSD_HOST: statsd | ||
+ | STATSD_PORT: 1825 | ||
+ | restart: always | ||
+ | extra_hosts: | ||
+ | - "canvas.cm.edu:10.110.60.55" | ||
+ | statsd: | ||
+ | container_name: statsd | ||
+ | image: statsd/statsd | ||
+ | restart: always | ||
+ | </syntaxhighlight> | ||
+ | * create .env file for environment variables use in container | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ vim .env | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | add line in .env like | ||
+ | <syntaxhighlight lang=bash> | ||
+ | ECOSYSTEM_KEY="astringthatisactually32byteslong" | ||
+ | ECOSYSTEM_SECRET="astringthatisactually32byteslong" | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * deploy canvas rce api | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ docker-compose up -d | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | == canvas lms build and deployment == | ||
+ | === on canvas lms server === | ||
+ | |||
+ | * mount nfs file share edit file '''/etc/fstab''' | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo apt-get install -y nfs-common | ||
+ | $ sudo vim /etc/fstab | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | add line end of file like | ||
+ | <syntaxhighlight lang=bash> | ||
+ | 10.110.60.239:/export/cnoc /home/cnoc/share nfs auto,noatime,nolock,bg,nfsvers=4,intr,tcp,actimeo=1800 0 0 | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | create mount point | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ mkdir /home/cnoc/share | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | mount nfs file share | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo mount -a | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * clone canvas source code | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ git clone https://github.com/instructure/canvas-lms.git canvas | ||
+ | $ cd canvas | ||
+ | $ git checkout stable | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * install ruby | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo apt-get install software-properties-common | ||
+ | $ sudo add-apt-repository ppa:brightbox/ruby-ng | ||
+ | $ sudo apt-get update | ||
+ | $ sudo apt-get install ruby2.4 ruby2.4-dev zlib1g-dev libxml2-dev \ | ||
+ | libsqlite3-dev libpq-dev \ | ||
+ | libxmlsec1-dev curl make g++ | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * install node.js | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash - | ||
+ | $ sudo apt-get install nodejs | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * install Bundler | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo gem install bundler --version 1.13.6 | ||
+ | $ bundle _1.13.6_ install --path vendor/bundle | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * install Yarn | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - | ||
+ | $ echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list | ||
+ | $ sudo apt-get update && sudo apt-get install yarn=1.10.1-1 | ||
+ | |||
+ | $ yarn install | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * copy configuration file | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ for config in amazon_s3 database \ | ||
+ | delayed_jobs domain file_store outgoing_mail security external_migration; \ | ||
+ | do cp config/$config.yml.example config/$config.yml; done | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * Dynamic settings configuration | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ cp config/dynamic_settings.yml.example config/dynamic_settings.yml | ||
+ | $ vim config/dynamic_settings.yml | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | add configuration on top of file | ||
+ | <syntaxhighlight lang=bash> | ||
+ | production: | ||
+ | config: | ||
+ | canvas: | ||
+ | canvas: | ||
+ | encryption-secret: "your secret on rce .env file" | ||
+ | signing-secret: "your secret on rce .env file" | ||
+ | rich-content-service: | ||
+ | app-host: "rce-canvas.cm.edu" | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * Database configuration | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ cp config/database.yml.example config/database.yml | ||
+ | $ vim config/database.yml | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | edit production block reflect your Postgres server | ||
+ | <syntaxhighlight lang=bash> | ||
+ | production: | ||
+ | adapter: postgresql | ||
+ | encoding: utf8 | ||
+ | database: canvas | ||
+ | host: 10.110.60.209 | ||
+ | username: postgres | ||
+ | password: <youre password on postgres .env file> | ||
+ | timeout: 5000 | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * Outgoing mail configuration | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ cp config/outgoing_mail.yml.example config/outgoing_mail.yml | ||
+ | $ vim config/outgoing_mail.yml | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | edit production block, please tell your canvas-lms server's ip address to mail administrator to allow canvas-lms send mail | ||
+ | <syntaxhighlight lang=bash> | ||
+ | production: | ||
+ | address: "202.28.249.12" | ||
+ | port: "25" | ||
+ | # user_name: "user" | ||
+ | # password: "password" | ||
+ | # authentication: "plain" # plain, login, or cram_md5 | ||
+ | domain: "cmu.ac.th" | ||
+ | outgoing_address: "no-reply-canvas-cm-edu@cmu.ac.th" | ||
+ | default_name: "CM EDU Canvas" | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | * URL configuration | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ cp config/domain.yml.example config/domain.yml | ||
+ | $ vim config/domain.yml | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | edit production block | ||
+ | <syntaxhighlight lang=bash> | ||
+ | production: | ||
+ | domain: "canvas.cm.edu" | ||
+ | # whether this instance of canvas is served over ssl (https) or not | ||
+ | # defaults to true for production, false for test/development | ||
+ | ssl: true | ||
+ | # files_domain: "canvasfiles.example.com" | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * Security configuration | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ cp config/security.yml.example config/security.yml | ||
+ | $ vim config/security.yml | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | edit production block | ||
+ | <syntaxhighlight lang=bash> | ||
+ | production: &default | ||
+ | # replace this with a random string of at least 20 characters | ||
+ | encryption_key: qwertyuiopasdfghjklzxcvbnm | ||
+ | lti_iss: 'https://canvas.instructure.com' | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * Generate Assets | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ mkdir /home/cnoc/share/tmp | ||
+ | $ ln -s /home/cnoc/share/tmp tmp | ||
+ | $ mkdir -p log tmp/pids public/assets app/stylesheets/brandable_css_brands | ||
+ | $ touch app/stylesheets/_brandable_variables_defaults_autogenerated.scss | ||
+ | $ touch Gemfile.lock | ||
+ | $ touch log/production.log | ||
+ | $ sudo chown -R cnoc config/environment.rb log tmp public/assets \ | ||
+ | app/stylesheets/_brandable_variables_defaults_autogenerated.scss \ | ||
+ | app/stylesheets/brandable_css_brands Gemfile.lock config.ru | ||
+ | |||
+ | $ yarn install | ||
+ | $ RAILS_ENV=production bundle exec rake canvas:compile_assets | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | * Database population | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ RAILS_ENV=production bundle exec rake db:initial_setup | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | |||
+ | * install apache | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo apt-get install passenger libapache2-mod-passenger apache2 | ||
+ | $ sudo a2enmod rewrite | ||
+ | |||
+ | </syntaxhighlight> | ||
+ | |||
+ | * Configure Passenger with Apache | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo a2enmod passenger | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * Configure SSL with Apache | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo a2enmod ssl | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * Configure Canvas with Apache | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo a2dissite 000-default.conf | ||
+ | $ sudo vim /etc/apache2/sites-available/canvas.conf | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | in canvas.conf add | ||
+ | <syntaxhighlight lang=bash> | ||
+ | <VirtualHost *:443> | ||
+ | ServerName canvas.cm.edu | ||
+ | ServerAdmin supawit.w@cmu.ac.th | ||
+ | DocumentRoot /home/cnoc/canvas/public | ||
+ | ErrorLog /var/log/apache2/canvas_errors.log | ||
+ | LogLevel warn | ||
+ | CustomLog /var/log/apache2/canvas_ssl_access.log combined | ||
+ | SSLEngine on | ||
+ | BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown | ||
+ | # the following ssl certificate files are generated for you from the ssl-cert package. | ||
+ | SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem | ||
+ | SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key | ||
+ | SetEnv RAILS_ENV production | ||
+ | <Directory /home/cnoc/canvas/public> | ||
+ | Options All | ||
+ | AllowOverride All | ||
+ | Require all granted | ||
+ | </Directory> | ||
+ | PassengerDefaultUser cnoc | ||
+ | XSendFile On | ||
+ | XSendFilePath /home/cnoc/canvas | ||
+ | </VirtualHost> | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | enable canvas site | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo a2ensite canvas | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * Optimizing File Downloads | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo apt-get install libapache2-mod-xsendfile | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * Cache configuration | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ cp config/cache_store.yml.example config/cache_store.yml | ||
+ | $ vim config/cache_store.yml | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | add end of file | ||
+ | <syntaxhighlight lang=bash> | ||
+ | production: | ||
+ | cache_store: redis_cache_store | ||
+ | </syntaxhighlight> | ||
+ | copy redis configuration file | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ cp config/redis.yml.example config/redis.yml | ||
+ | $ vim config/redis.yml | ||
+ | </syntaxhighlight> | ||
+ | edit production block | ||
+ | <syntaxhighlight lang=bash> | ||
+ | production: | ||
+ | servers: | ||
+ | # # list of redis servers to use in the ring | ||
+ | - redis://10.110.60.239 | ||
</syntaxhighlight> | </syntaxhighlight> | ||
+ | |||
+ | * restart apache | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo service apache2 restart | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | * Automated jobs | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo ln -s /home/cnoc/canvas/script/canvas_init /etc/init.d/canvas_init | ||
+ | $ sudo update-rc.d canvas_init defaults | ||
+ | $ sudo /etc/init.d/canvas_init start | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | == nginx configuration == | ||
+ | === on nginx server === | ||
+ | add file configuration for canvas.cm.edu site | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo vim /etc/nginx/sites-available/canvas.cm.edu.conf | ||
+ | </syntaxhighlight> | ||
+ | add configuration | ||
+ | <syntaxhighlight lang=bash> | ||
+ | upstream canvas.cm.edu { | ||
+ | server 10.110.60.215:443; | ||
+ | } | ||
+ | server { | ||
+ | listen 80; | ||
+ | server_name canvas.cm.edu; | ||
+ | client_max_body_size 1G; | ||
+ | fastcgi_buffers 16 16k; | ||
+ | fastcgi_buffer_size 64k; | ||
+ | proxy_buffer_size 128k; | ||
+ | proxy_buffers 4 256k; | ||
+ | proxy_busy_buffers_size 256k; | ||
+ | location / { | ||
+ | proxy_set_header Host $http_host; | ||
+ | proxy_set_header X-Real-IP $remote_addr; | ||
+ | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
+ | proxy_pass https://canvas.cm.edu; | ||
+ | } | ||
+ | } | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | enable site | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ cd /etc/nginx/sites-enabled/ && sudo ln -s ../sites-available/canvas.cm.edu.conf && cd | ||
+ | $ sudo nginx -t && sudo service nginx reload | ||
+ | </syntaxhighlight> | ||
+ | enable https for site | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo certbot --nginx | ||
+ | </syntaxhighlight> | ||
+ | then select canvas.cm.edu site | ||
+ | |||
+ | add file configuration for rce-canvas.cm.edu site | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo vim /etc/nginx/sites-available/rce-canvas.cm.edu.conf | ||
+ | </syntaxhighlight> | ||
+ | add configuration | ||
+ | <syntaxhighlight lang=bash> | ||
+ | upstream rce-canvas.cm.edu { | ||
+ | server 10.110.60.239:80; | ||
+ | } | ||
+ | server { | ||
+ | listen 80; | ||
+ | server_name rce-canvas.cm.edu; | ||
+ | client_max_body_size 1G; | ||
+ | location / { | ||
+ | proxy_set_header Host $http_host; | ||
+ | proxy_set_header X-Real-IP $remote_addr; | ||
+ | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
+ | proxy_pass http://rce-canvas.cm.edu; | ||
+ | } | ||
+ | } | ||
+ | </syntaxhighlight> | ||
+ | |||
+ | enable site | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ cd /etc/nginx/sites-enabled/ && sudo ln -s ../sites-available/rce-canvas.cm.edu.conf && cd | ||
+ | $ sudo nginx -t && sudo service nginx reload | ||
+ | </syntaxhighlight> | ||
+ | enable https for site | ||
+ | <syntaxhighlight lang=bash> | ||
+ | $ sudo certbot --nginx | ||
+ | </syntaxhighlight> | ||
+ | then select rce-canvas.cm.edu site | ||
+ | |||
+ | == Scale out == | ||
+ | * for scale out canvas-lms the fast way is clone built canvas-lms server and add it to ngnix upstream server. | ||
+ | * if you can not clone just build canvas-lms server with same first server's configuration then add it to ngnix upstream server. | ||
+ | * do not forget to add new server ip address to nfs file share server as well. | ||
+ | * if you edit configuration do it on all server in same way, then restart service on all server. follow this document for restart canvas [https://github.com/instructure/canvas-lms/wiki/Troubleshooting https://github.com/instructure/canvas-lms/wiki/Troubleshooting] | ||
+ | |||
+ | == Reference == | ||
+ | [https://github.com/instructure/canvas-lms/wiki/Production-Start https://github.com/instructure/canvas-lms/wiki/Production-Start] |
Latest revision as of 06:23, 24 July 2020
Diagram
domain : canvas.cm.edu
rce domain : rce-canvas.cm.edu
nginx load balancer
- ip : 10.110.60.55
share file ip : 10.110.60.239
- server ubuntu 18.04 with docker, cpu 4, ram 8
- ip : 10.110.60.239
postgres :
- server : ubuntu 18.04 with docker, cpu 4, ram 8
- ip :10.110.60.209
canvas-lms
- server : ubuntu 16.04 cpu 8, ram 8
- ip : 10.110.60.215
- install nfs
$ sudo apt-get install -y nfs-kernel-server
- create directory for file sharing
$ mkdir -p /home/cnoc/share
$ sudo mkdir -p /export/cnoc
$ sudo chown cnoc:cnoc /export/cnoc
- bind mount filesystem edit file /etc/fstab
$ sudo vim /etc/fstab
add line end of file like
UUID=702da501-ff9a-11e9-a6a6-506b8dc215cd / ext4 defaults 0 0
UUID=702da500-ff9a-11e9-a6a6-506b8dc215cd /boot ext4 defaults 0 0
/swap.img none swap sw 0 0
/home/cnoc/share /export/cnoc none bind 0 0
mount filesystem
$ sudo mount -a
- export fs configuration
$ sudo vim /etc/exports
add line end of file like this allow canvas lms use nfs exports if add canvas-lms server you have to add new server ip address here
/export/cnoc 10.110.60.215(rw,sync,no_root_squash,no_subtree_check)
/export/cnoc 10.110.60.144(rw,sync,no_root_squash,no_subtree_check)
restart nfs service
$ sudo service nfs-kernel-server restart
postgres database deployment
on postgres server
- create dokcer-compose.yml for deploy postgres database
$ mkdir postgres
$ cd postgres
$ vim docker-compose.yml
add line in docker-compose.yml like
version: '3'
services:
pg:
image: postgres:12.3
container_name: postgres
restart: always
environment:
POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
POSTGRES_DB: ${POSTGRES_DB}
volumes:
- ./data:/var/lib/postgresql/data
ports:
- 5432:5432
adminer:
image: adminer
restart: always
ports:
- 8080:8080
- create .env file for environment variables use in container
$ vim .env
add line in .env file like
POSTGRES_PASSWORD=<your password>
POSTGRES_DB=canvas
- deploy postgres
$ docker-compose up -d
redis cache deployment
- create docker-compose.yml for deploy redis
$ mkdir redis
$ cd redis
$ vim docker-compose.yml
add line in docker-compose.yml like
version: '3'
services:
redis:
container_name: redis
image: redis:6.0.4
ports:
- 6379:6379
restart: always
- deploy redis
$ docker-compose up -d
canvas rce api deployment
- create docker-compose.yml for deployment
$ mkdir canvas-rce-api
$ cd canvas-rce-api
$ vim docker-compose.yml
add line in docker-compose.yml like
version: '3'
services:
canvas-rce-api:
container_name: canvas-rce-api
image: instructure/canvas-rce-api
ports:
- 80:80
environment:
ECOSYSTEM_KEY: ${ECOSYSTEM_KEY}
ECOSYSTEM_SECRET: ${ECOSYSTEM_SECRET}
NODE_ENV: production
STATSD_HOST: statsd
STATSD_PORT: 1825
restart: always
extra_hosts:
- "canvas.cm.edu:10.110.60.55"
statsd:
container_name: statsd
image: statsd/statsd
restart: always
- create .env file for environment variables use in container
$ vim .env
add line in .env like
ECOSYSTEM_KEY="astringthatisactually32byteslong"
ECOSYSTEM_SECRET="astringthatisactually32byteslong"
- deploy canvas rce api
$ docker-compose up -d
canvas lms build and deployment
on canvas lms server
- mount nfs file share edit file /etc/fstab
$ sudo apt-get install -y nfs-common
$ sudo vim /etc/fstab
add line end of file like
10.110.60.239:/export/cnoc /home/cnoc/share nfs auto,noatime,nolock,bg,nfsvers=4,intr,tcp,actimeo=1800 0 0
create mount point
$ mkdir /home/cnoc/share
mount nfs file share
$ sudo mount -a
- clone canvas source code
$ git clone https://github.com/instructure/canvas-lms.git canvas
$ cd canvas
$ git checkout stable
- install ruby
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:brightbox/ruby-ng
$ sudo apt-get update
$ sudo apt-get install ruby2.4 ruby2.4-dev zlib1g-dev libxml2-dev \
libsqlite3-dev libpq-dev \
libxmlsec1-dev curl make g++
- install node.js
$ curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
$ sudo apt-get install nodejs
- install Bundler
$ sudo gem install bundler --version 1.13.6
$ bundle _1.13.6_ install --path vendor/bundle
- install Yarn
$ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
$ echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
$ sudo apt-get update && sudo apt-get install yarn=1.10.1-1
$ yarn install
- copy configuration file
$ for config in amazon_s3 database \
delayed_jobs domain file_store outgoing_mail security external_migration; \
do cp config/$config.yml.example config/$config.yml; done
- Dynamic settings configuration
$ cp config/dynamic_settings.yml.example config/dynamic_settings.yml
$ vim config/dynamic_settings.yml
add configuration on top of file
production:
config:
canvas:
canvas:
encryption-secret: "your secret on rce .env file"
signing-secret: "your secret on rce .env file"
rich-content-service:
app-host: "rce-canvas.cm.edu"
- Database configuration
$ cp config/database.yml.example config/database.yml
$ vim config/database.yml
edit production block reflect your Postgres server
production:
adapter: postgresql
encoding: utf8
database: canvas
host: 10.110.60.209
username: postgres
password: <youre password on postgres .env file>
timeout: 5000
- Outgoing mail configuration
$ cp config/outgoing_mail.yml.example config/outgoing_mail.yml
$ vim config/outgoing_mail.yml
edit production block, please tell your canvas-lms server's ip address to mail administrator to allow canvas-lms send mail
production:
address: "202.28.249.12"
port: "25"
# user_name: "user"
# password: "password"
# authentication: "plain" # plain, login, or cram_md5
domain: "cmu.ac.th"
outgoing_address: "no-reply-canvas-cm-edu@cmu.ac.th"
default_name: "CM EDU Canvas"
- URL configuration
$ cp config/domain.yml.example config/domain.yml
$ vim config/domain.yml
edit production block
production:
domain: "canvas.cm.edu"
# whether this instance of canvas is served over ssl (https) or not
# defaults to true for production, false for test/development
ssl: true
# files_domain: "canvasfiles.example.com"
- Security configuration
$ cp config/security.yml.example config/security.yml
$ vim config/security.yml
edit production block
production: &default
# replace this with a random string of at least 20 characters
encryption_key: qwertyuiopasdfghjklzxcvbnm
lti_iss: 'https://canvas.instructure.com'
- Generate Assets
$ mkdir /home/cnoc/share/tmp
$ ln -s /home/cnoc/share/tmp tmp
$ mkdir -p log tmp/pids public/assets app/stylesheets/brandable_css_brands
$ touch app/stylesheets/_brandable_variables_defaults_autogenerated.scss
$ touch Gemfile.lock
$ touch log/production.log
$ sudo chown -R cnoc config/environment.rb log tmp public/assets \
app/stylesheets/_brandable_variables_defaults_autogenerated.scss \
app/stylesheets/brandable_css_brands Gemfile.lock config.ru
$ yarn install
$ RAILS_ENV=production bundle exec rake canvas:compile_assets
- Database population
$ RAILS_ENV=production bundle exec rake db:initial_setup
- install apache
$ sudo apt-get install passenger libapache2-mod-passenger apache2
$ sudo a2enmod rewrite
- Configure Passenger with Apache
$ sudo a2enmod passenger
- Configure SSL with Apache
$ sudo a2enmod ssl
- Configure Canvas with Apache
$ sudo a2dissite 000-default.conf
$ sudo vim /etc/apache2/sites-available/canvas.conf
in canvas.conf add
<VirtualHost *:443>
ServerName canvas.cm.edu
ServerAdmin supawit.w@cmu.ac.th
DocumentRoot /home/cnoc/canvas/public
ErrorLog /var/log/apache2/canvas_errors.log
LogLevel warn
CustomLog /var/log/apache2/canvas_ssl_access.log combined
SSLEngine on
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
# the following ssl certificate files are generated for you from the ssl-cert package.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
SetEnv RAILS_ENV production
<Directory /home/cnoc/canvas/public>
Options All
AllowOverride All
Require all granted
</Directory>
PassengerDefaultUser cnoc
XSendFile On
XSendFilePath /home/cnoc/canvas
</VirtualHost>
enable canvas site
$ sudo a2ensite canvas
- Optimizing File Downloads
$ sudo apt-get install libapache2-mod-xsendfile
- Cache configuration
$ cp config/cache_store.yml.example config/cache_store.yml
$ vim config/cache_store.yml
add end of file
production:
cache_store: redis_cache_store
copy redis configuration file
$ cp config/redis.yml.example config/redis.yml
$ vim config/redis.yml
edit production block
production:
servers:
# # list of redis servers to use in the ring
- redis://10.110.60.239
- restart apache
$ sudo service apache2 restart
- Automated jobs
$ sudo ln -s /home/cnoc/canvas/script/canvas_init /etc/init.d/canvas_init
$ sudo update-rc.d canvas_init defaults
$ sudo /etc/init.d/canvas_init start
nginx configuration
on nginx server
add file configuration for canvas.cm.edu site
$ sudo vim /etc/nginx/sites-available/canvas.cm.edu.conf
add configuration
upstream canvas.cm.edu {
server 10.110.60.215:443;
}
server {
listen 80;
server_name canvas.cm.edu;
client_max_body_size 1G;
fastcgi_buffers 16 16k;
fastcgi_buffer_size 64k;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://canvas.cm.edu;
}
}
enable site
$ cd /etc/nginx/sites-enabled/ && sudo ln -s ../sites-available/canvas.cm.edu.conf && cd
$ sudo nginx -t && sudo service nginx reload
enable https for site
$ sudo certbot --nginx
then select canvas.cm.edu site
add file configuration for rce-canvas.cm.edu site
$ sudo vim /etc/nginx/sites-available/rce-canvas.cm.edu.conf
add configuration
upstream rce-canvas.cm.edu {
server 10.110.60.239:80;
}
server {
listen 80;
server_name rce-canvas.cm.edu;
client_max_body_size 1G;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://rce-canvas.cm.edu;
}
}
enable site
$ cd /etc/nginx/sites-enabled/ && sudo ln -s ../sites-available/rce-canvas.cm.edu.conf && cd
$ sudo nginx -t && sudo service nginx reload
enable https for site
$ sudo certbot --nginx
then select rce-canvas.cm.edu site
Scale out
- for scale out canvas-lms the fast way is clone built canvas-lms server and add it to ngnix upstream server.
- if you can not clone just build canvas-lms server with same first server's configuration then add it to ngnix upstream server.
- do not forget to add new server ip address to nfs file share server as well.
- if you edit configuration do it on all server in same way, then restart service on all server. follow this document for restart canvas https://github.com/instructure/canvas-lms/wiki/Troubleshooting
Reference
https://github.com/instructure/canvas-lms/wiki/Production-Start