Difference between revisions of "Canvas Deployment"

From CMU ITSC Network
 
(30 intermediate revisions by the same user not shown)
Line 14: Line 14:
 
canvas-lms<br>
 
canvas-lms<br>
 
- server : ubuntu 16.04 cpu 8, ram 8<br>
 
- server : ubuntu 16.04 cpu 8, ram 8<br>
- ip : 10.110.60.215, 10.110.60.144<br>
+
- ip : 10.110.60.215<br>
  
 
== nfs share file configuration ==
 
== nfs share file configuration ==
Line 76: Line 76:
 
         pg:
 
         pg:
 
                 image: postgres:12.3
 
                 image: postgres:12.3
        container_name: postgres
+
                container_name: postgres
 
                 restart: always
 
                 restart: always
 
                 environment:
 
                 environment:
 
                         POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
 
                         POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
                POSTGRES_DB: ${POSTGRES_DB}
+
                        POSTGRES_DB: ${POSTGRES_DB}
 
                 volumes:
 
                 volumes:
 
                         - ./data:/var/lib/postgresql/data
 
                         - ./data:/var/lib/postgresql/data
Line 90: Line 90:
 
                 ports:
 
                 ports:
 
                         - 8080:8080
 
                         - 8080:8080
 +
</syntaxhighlight>
 +
 +
* create .env file for environment variables use in container
 +
<syntaxhighlight lang=bash>
 +
$ vim .env
 +
</syntaxhighlight>
 +
add line in .env file like
 +
<syntaxhighlight lang=bash>
 +
POSTGRES_PASSWORD=<your password>
 +
POSTGRES_DB=canvas
 +
</syntaxhighlight>
 +
 +
* deploy postgres
 +
<syntaxhighlight lang=bash>
 +
$ docker-compose up -d
 +
</syntaxhighlight>
 +
 +
 +
== redis cache deployment ==
 +
=== on file share server ===
 +
* create docker-compose.yml for deploy redis
 +
<syntaxhighlight lang=bash>
 +
$ mkdir redis
 +
$ cd redis
 +
$ vim docker-compose.yml
 +
</syntaxhighlight>
 +
add line in docker-compose.yml like
 +
<syntaxhighlight lang=bash>
 +
version: '3'
 +
services:
 +
        redis:
 +
                container_name: redis
 +
                image: redis:6.0.4
 +
                ports:
 +
                        - 6379:6379
 +
                restart: always
 +
</syntaxhighlight>
 +
 +
* deploy redis
 +
<syntaxhighlight lang=bash>
 +
$ docker-compose up -d
 +
</syntaxhighlight>
 +
 +
== canvas rce api deployment ==
 +
=== on file share server ===
 +
* create docker-compose.yml for deployment
 +
<syntaxhighlight lang=bash>
 +
$ mkdir canvas-rce-api
 +
$ cd canvas-rce-api
 +
$ vim docker-compose.yml
 +
</syntaxhighlight>
 +
 +
add line in docker-compose.yml like
 +
<syntaxhighlight lang=bash>
 +
version: '3'
 +
services:
 +
        canvas-rce-api:
 +
                container_name: canvas-rce-api
 +
                image: instructure/canvas-rce-api
 +
                ports:
 +
                        - 80:80
 +
                environment:
 +
                        ECOSYSTEM_KEY: ${ECOSYSTEM_KEY}
 +
                        ECOSYSTEM_SECRET: ${ECOSYSTEM_SECRET}
 +
                        NODE_ENV: production
 +
                        STATSD_HOST: statsd
 +
                        STATSD_PORT: 1825
 +
                restart: always
 +
                extra_hosts:
 +
                        - "canvas.cm.edu:10.110.60.55"
 +
        statsd:
 +
                container_name: statsd
 +
                image: statsd/statsd
 +
                restart: always
 +
</syntaxhighlight>
 +
* create .env file for environment variables use in container
 +
<syntaxhighlight lang=bash>
 +
$ vim .env
 +
</syntaxhighlight>
 +
 +
add line in .env like
 +
<syntaxhighlight lang=bash>
 +
ECOSYSTEM_KEY="astringthatisactually32byteslong"
 +
ECOSYSTEM_SECRET="astringthatisactually32byteslong"
 +
</syntaxhighlight>
 +
 +
* deploy canvas rce api
 +
<syntaxhighlight lang=bash>
 +
$ docker-compose up -d
 +
</syntaxhighlight>
 +
 +
== canvas lms build and deployment ==
 +
=== on canvas lms server ===
 +
 +
* mount nfs file share edit file '''/etc/fstab'''
 +
<syntaxhighlight lang=bash>
 +
$ sudo apt-get install -y nfs-common
 +
$ sudo vim /etc/fstab
 +
</syntaxhighlight>
 +
 +
add line end of file like
 +
<syntaxhighlight lang=bash>
 +
10.110.60.239:/export/cnoc /home/cnoc/share nfs auto,noatime,nolock,bg,nfsvers=4,intr,tcp,actimeo=1800 0 0
 +
</syntaxhighlight>
 +
 +
create mount point
 +
<syntaxhighlight lang=bash>
 +
$ mkdir /home/cnoc/share
 +
</syntaxhighlight>
 +
 +
mount nfs file share
 +
<syntaxhighlight lang=bash>
 +
$ sudo mount -a
 +
</syntaxhighlight>
 +
 +
* clone canvas source code
 +
<syntaxhighlight lang=bash>
 +
$ git clone https://github.com/instructure/canvas-lms.git canvas
 +
$ cd canvas
 +
$ git checkout stable
 +
</syntaxhighlight>
 +
 +
* install ruby
 +
<syntaxhighlight lang=bash>
 +
$ sudo apt-get install software-properties-common
 +
$ sudo add-apt-repository ppa:brightbox/ruby-ng
 +
$ sudo apt-get update
 +
$ sudo apt-get install ruby2.4 ruby2.4-dev zlib1g-dev libxml2-dev \
 +
                      libsqlite3-dev libpq-dev \
 +
                      libxmlsec1-dev curl make g++
 +
</syntaxhighlight>
 +
 +
* install node.js
 +
<syntaxhighlight lang=bash>
 +
$ curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
 +
$ sudo apt-get install nodejs
 +
</syntaxhighlight>
 +
 +
* install Bundler
 +
<syntaxhighlight lang=bash>
 +
$ sudo gem install bundler --version 1.13.6
 +
$ bundle _1.13.6_ install --path vendor/bundle
 +
</syntaxhighlight>
 +
 +
* install Yarn
 +
<syntaxhighlight lang=bash>
 +
$ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
 +
$ echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
 +
$ sudo apt-get update && sudo apt-get install yarn=1.10.1-1
 +
 +
$ yarn install
 +
</syntaxhighlight>
 +
 +
* copy configuration file
 +
<syntaxhighlight lang=bash>
 +
$ for config in amazon_s3 database \
 +
  delayed_jobs domain file_store outgoing_mail security external_migration; \
 +
  do cp config/$config.yml.example config/$config.yml; done
 +
</syntaxhighlight>
 +
 +
* Dynamic settings configuration
 +
<syntaxhighlight lang=bash>
 +
$ cp config/dynamic_settings.yml.example config/dynamic_settings.yml
 +
$ vim config/dynamic_settings.yml
 +
</syntaxhighlight>
 +
 +
add configuration on top of file
 +
<syntaxhighlight lang=bash>
 +
production:
 +
  config:
 +
    canvas:
 +
      canvas:
 +
        encryption-secret: "your secret on rce .env file"
 +
        signing-secret: "your secret on rce .env file"
 +
      rich-content-service:
 +
        app-host: "rce-canvas.cm.edu"
 +
</syntaxhighlight>
 +
 +
* Database configuration
 +
<syntaxhighlight lang=bash>
 +
$ cp config/database.yml.example config/database.yml
 +
$ vim config/database.yml
 +
</syntaxhighlight>
 +
 +
edit production block reflect your Postgres server
 +
<syntaxhighlight lang=bash>
 +
production:
 +
  adapter: postgresql
 +
  encoding: utf8
 +
  database: canvas
 +
  host: 10.110.60.209
 +
  username: postgres
 +
  password: <youre password on postgres .env file>
 +
  timeout: 5000
 +
</syntaxhighlight>
 +
 +
* Outgoing mail configuration
 +
<syntaxhighlight lang=bash>
 +
$ cp config/outgoing_mail.yml.example config/outgoing_mail.yml
 +
$ vim config/outgoing_mail.yml
 +
</syntaxhighlight>
 +
 +
edit production block, please tell your canvas-lms server's ip address to mail administrator to allow canvas-lms send mail
 +
<syntaxhighlight lang=bash>
 +
production:
 +
  address: "202.28.249.12"
 +
  port: "25"
 +
#  user_name: "user"
 +
#  password: "password"
 +
#  authentication: "plain" # plain, login, or cram_md5
 +
  domain: "cmu.ac.th"
 +
  outgoing_address: "no-reply-canvas-cm-edu@cmu.ac.th"
 +
  default_name: "CM EDU Canvas"
 +
</syntaxhighlight>
 +
 +
 +
* URL configuration
 +
<syntaxhighlight lang=bash>
 +
$ cp config/domain.yml.example config/domain.yml
 +
$ vim config/domain.yml
 +
</syntaxhighlight>
 +
 +
edit production block
 +
<syntaxhighlight lang=bash>
 +
production:
 +
  domain: "canvas.cm.edu"
 +
  # whether this instance of canvas is served over ssl (https) or not
 +
  # defaults to true for production, false for test/development
 +
  ssl: true
 +
  # files_domain: "canvasfiles.example.com"
 +
</syntaxhighlight>
 +
 +
* Security configuration
 +
<syntaxhighlight lang=bash>
 +
$ cp config/security.yml.example config/security.yml
 +
$ vim config/security.yml
 +
</syntaxhighlight>
 +
 +
edit production block
 +
<syntaxhighlight lang=bash>
 +
production: &default
 +
  # replace this with a random string of at least 20 characters
 +
  encryption_key: qwertyuiopasdfghjklzxcvbnm
 +
  lti_iss: 'https://canvas.instructure.com'
 +
</syntaxhighlight>
 +
 +
* Generate Assets
 +
<syntaxhighlight lang=bash>
 +
$ mkdir /home/cnoc/share/tmp
 +
$ ln -s /home/cnoc/share/tmp tmp
 +
$ mkdir -p log tmp/pids public/assets app/stylesheets/brandable_css_brands
 +
$ touch app/stylesheets/_brandable_variables_defaults_autogenerated.scss
 +
$ touch Gemfile.lock
 +
$ touch log/production.log
 +
$ sudo chown -R cnoc config/environment.rb log tmp public/assets \
 +
                              app/stylesheets/_brandable_variables_defaults_autogenerated.scss \
 +
                              app/stylesheets/brandable_css_brands Gemfile.lock config.ru
 +
 +
$ yarn install
 +
$ RAILS_ENV=production bundle exec rake canvas:compile_assets
 +
</syntaxhighlight>
 +
 +
 +
* Database population
 +
<syntaxhighlight lang=bash>
 +
$ RAILS_ENV=production bundle exec rake db:initial_setup
 +
</syntaxhighlight>
 +
 +
 +
* install apache
 +
<syntaxhighlight lang=bash>
 +
$ sudo apt-get install passenger libapache2-mod-passenger apache2
 +
$ sudo a2enmod rewrite
  
 
</syntaxhighlight>
 
</syntaxhighlight>
 +
 +
* Configure Passenger with Apache
 +
<syntaxhighlight lang=bash>
 +
$ sudo a2enmod passenger
 +
</syntaxhighlight>
 +
 +
* Configure SSL with Apache
 +
<syntaxhighlight lang=bash>
 +
$ sudo a2enmod ssl
 +
</syntaxhighlight>
 +
 +
* Configure Canvas with Apache
 +
<syntaxhighlight lang=bash>
 +
$ sudo a2dissite 000-default.conf
 +
$ sudo vim /etc/apache2/sites-available/canvas.conf
 +
</syntaxhighlight>
 +
 +
in canvas.conf add
 +
<syntaxhighlight lang=bash>
 +
<VirtualHost *:443>
 +
  ServerName canvas.cm.edu
 +
  ServerAdmin supawit.w@cmu.ac.th
 +
  DocumentRoot /home/cnoc/canvas/public
 +
  ErrorLog /var/log/apache2/canvas_errors.log
 +
  LogLevel warn
 +
  CustomLog /var/log/apache2/canvas_ssl_access.log combined
 +
  SSLEngine on
 +
  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
 +
  # the following ssl certificate files are generated for you from the ssl-cert package.
 +
  SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
 +
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
 +
  SetEnv RAILS_ENV production
 +
  <Directory /home/cnoc/canvas/public>
 +
    Options All
 +
    AllowOverride All
 +
    Require all granted
 +
  </Directory>
 +
  PassengerDefaultUser cnoc
 +
  XSendFile On
 +
  XSendFilePath /home/cnoc/canvas
 +
</VirtualHost>
 +
</syntaxhighlight>
 +
 +
enable canvas site
 +
<syntaxhighlight lang=bash>
 +
$ sudo a2ensite canvas
 +
</syntaxhighlight>
 +
 +
* Optimizing File Downloads
 +
<syntaxhighlight lang=bash>
 +
$ sudo apt-get install libapache2-mod-xsendfile
 +
</syntaxhighlight>
 +
 +
* Cache configuration
 +
<syntaxhighlight lang=bash>
 +
$ cp config/cache_store.yml.example config/cache_store.yml
 +
$ vim config/cache_store.yml
 +
</syntaxhighlight>
 +
 +
add end of file
 +
<syntaxhighlight lang=bash>
 +
production:
 +
  cache_store: redis_cache_store
 +
</syntaxhighlight>
 +
 +
copy redis configuration file
 +
<syntaxhighlight lang=bash>
 +
$ cp config/redis.yml.example config/redis.yml
 +
$ vim config/redis.yml
 +
</syntaxhighlight>
 +
edit production block
 +
<syntaxhighlight lang=bash>
 +
production:
 +
  servers:
 +
#  # list of redis servers to use in the ring
 +
  - redis://10.110.60.239
 +
</syntaxhighlight>
 +
 +
* restart apache
 +
<syntaxhighlight lang=bash>
 +
$ sudo service apache2 restart
 +
</syntaxhighlight>
 +
 +
* Automated jobs
 +
<syntaxhighlight lang=bash>
 +
$ sudo ln -s /home/cnoc/canvas/script/canvas_init /etc/init.d/canvas_init
 +
$ sudo update-rc.d canvas_init defaults
 +
$ sudo /etc/init.d/canvas_init start
 +
</syntaxhighlight>
 +
 +
== nginx configuration ==
 +
=== on nginx server ===
 +
add file configuration for canvas.cm.edu site
 +
<syntaxhighlight lang=bash>
 +
$ sudo vim /etc/nginx/sites-available/canvas.cm.edu.conf
 +
</syntaxhighlight>
 +
add configuration
 +
<syntaxhighlight lang=bash>
 +
upstream canvas.cm.edu {
 +
        server 10.110.60.215:443;
 +
}
 +
server {
 +
        listen 80;
 +
        server_name canvas.cm.edu;
 +
        client_max_body_size 1G;
 +
        fastcgi_buffers 16 16k;
 +
        fastcgi_buffer_size 64k;
 +
        proxy_buffer_size  128k;
 +
        proxy_buffers  4 256k;
 +
        proxy_busy_buffers_size  256k;
 +
        location / {
 +
                proxy_set_header Host $http_host;
 +
                proxy_set_header X-Real-IP $remote_addr;
 +
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +
                proxy_pass https://canvas.cm.edu;
 +
        }
 +
}
 +
</syntaxhighlight>
 +
 +
enable site
 +
<syntaxhighlight lang=bash>
 +
$ cd /etc/nginx/sites-enabled/ && sudo ln -s ../sites-available/canvas.cm.edu.conf && cd
 +
$ sudo nginx -t && sudo service nginx reload
 +
</syntaxhighlight>
 +
enable https for site
 +
<syntaxhighlight lang=bash>
 +
$ sudo certbot --nginx
 +
</syntaxhighlight>
 +
then select canvas.cm.edu site
 +
 +
add file configuration for rce-canvas.cm.edu site
 +
<syntaxhighlight lang=bash>
 +
$ sudo vim /etc/nginx/sites-available/rce-canvas.cm.edu.conf
 +
</syntaxhighlight>
 +
add configuration
 +
<syntaxhighlight lang=bash>
 +
upstream rce-canvas.cm.edu {
 +
        server 10.110.60.239:80;
 +
}
 +
server {
 +
        listen 80;
 +
        server_name rce-canvas.cm.edu;
 +
        client_max_body_size 1G;
 +
        location / {
 +
                proxy_set_header Host $http_host;
 +
                proxy_set_header X-Real-IP $remote_addr;
 +
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
 +
                proxy_pass http://rce-canvas.cm.edu;
 +
        }
 +
}
 +
</syntaxhighlight>
 +
 +
enable site
 +
<syntaxhighlight lang=bash>
 +
$ cd /etc/nginx/sites-enabled/ && sudo ln -s ../sites-available/rce-canvas.cm.edu.conf && cd
 +
$ sudo nginx -t && sudo service nginx reload
 +
</syntaxhighlight>
 +
enable https for site
 +
<syntaxhighlight lang=bash>
 +
$ sudo certbot --nginx
 +
</syntaxhighlight>
 +
then select rce-canvas.cm.edu site
 +
 +
== Scale out ==
 +
* for scale out canvas-lms the fast way is clone built canvas-lms server and add it to ngnix upstream server.
 +
* if you can not clone just build canvas-lms server with same first server's configuration then add it to ngnix upstream server.
 +
* do not forget to add new server ip address to nfs file share server as well.
 +
* if you edit configuration do it on all server in same way, then restart service on all server. follow this document for restart canvas [https://github.com/instructure/canvas-lms/wiki/Troubleshooting https://github.com/instructure/canvas-lms/wiki/Troubleshooting]
 +
 +
== Reference ==
 +
[https://github.com/instructure/canvas-lms/wiki/Production-Start https://github.com/instructure/canvas-lms/wiki/Production-Start]

Latest revision as of 06:23, 24 July 2020

Diagram

Canvas.cm.edu.png

domain : canvas.cm.edu
rce domain : rce-canvas.cm.edu
nginx load balancer
- ip : 10.110.60.55
share file ip : 10.110.60.239
- server ubuntu 18.04 with docker, cpu 4, ram 8
- ip : 10.110.60.239
postgres :
- server : ubuntu 18.04 with docker, cpu 4, ram 8
- ip :10.110.60.209
canvas-lms
- server : ubuntu 16.04 cpu 8, ram 8
- ip : 10.110.60.215

nfs share file configuration

on file share server

  • install nfs
$ sudo apt-get install -y nfs-kernel-server
  • create directory for file sharing
$ mkdir -p /home/cnoc/share
$ sudo mkdir -p /export/cnoc
$ sudo chown cnoc:cnoc /export/cnoc
  • bind mount filesystem edit file /etc/fstab
$ sudo vim /etc/fstab

add line end of file like

UUID=702da501-ff9a-11e9-a6a6-506b8dc215cd / ext4 defaults 0 0
UUID=702da500-ff9a-11e9-a6a6-506b8dc215cd /boot ext4 defaults 0 0
/swap.img       none    swap    sw      0       0
/home/cnoc/share /export/cnoc none bind 0 0

mount filesystem

$ sudo mount -a
  • export fs configuration
$ sudo vim /etc/exports

add line end of file like this allow canvas lms use nfs exports if add canvas-lms server you have to add new server ip address here

/export/cnoc 10.110.60.215(rw,sync,no_root_squash,no_subtree_check)
/export/cnoc 10.110.60.144(rw,sync,no_root_squash,no_subtree_check)

restart nfs service

$ sudo service nfs-kernel-server restart

postgres database deployment

on postgres server

  • create dokcer-compose.yml for deploy postgres database
$ mkdir postgres
$ cd postgres
$ vim docker-compose.yml

add line in docker-compose.yml like

version: '3'
services:
        pg:
                image: postgres:12.3
                container_name: postgres
                restart: always
                environment:
                        POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
                        POSTGRES_DB: ${POSTGRES_DB}
                volumes:
                        - ./data:/var/lib/postgresql/data
                ports:
                        - 5432:5432
        adminer:
                image: adminer
                restart: always
                ports:
                        - 8080:8080
  • create .env file for environment variables use in container
$ vim .env

add line in .env file like

POSTGRES_PASSWORD=<your password>
POSTGRES_DB=canvas
  • deploy postgres
$ docker-compose up -d


redis cache deployment

on file share server

  • create docker-compose.yml for deploy redis
$ mkdir redis
$ cd redis
$ vim docker-compose.yml

add line in docker-compose.yml like

version: '3'
services:
        redis:
                container_name: redis
                image: redis:6.0.4
                ports:
                        - 6379:6379
                restart: always
  • deploy redis
$ docker-compose up -d

canvas rce api deployment

on file share server

  • create docker-compose.yml for deployment
$ mkdir canvas-rce-api
$ cd canvas-rce-api
$ vim docker-compose.yml

add line in docker-compose.yml like

version: '3'
services:
        canvas-rce-api:
                container_name: canvas-rce-api
                image: instructure/canvas-rce-api
                ports:
                        - 80:80
                environment:
                        ECOSYSTEM_KEY: ${ECOSYSTEM_KEY}
                        ECOSYSTEM_SECRET: ${ECOSYSTEM_SECRET}
                        NODE_ENV: production
                        STATSD_HOST: statsd
                        STATSD_PORT: 1825
                restart: always
                extra_hosts:
                        - "canvas.cm.edu:10.110.60.55"
        statsd:
                container_name: statsd
                image: statsd/statsd
                restart: always
  • create .env file for environment variables use in container
$ vim .env

add line in .env like

ECOSYSTEM_KEY="astringthatisactually32byteslong"
ECOSYSTEM_SECRET="astringthatisactually32byteslong"
  • deploy canvas rce api
$ docker-compose up -d

canvas lms build and deployment

on canvas lms server

  • mount nfs file share edit file /etc/fstab
$ sudo apt-get install -y nfs-common
$ sudo vim /etc/fstab

add line end of file like

10.110.60.239:/export/cnoc /home/cnoc/share nfs auto,noatime,nolock,bg,nfsvers=4,intr,tcp,actimeo=1800 0 0

create mount point

$ mkdir /home/cnoc/share

mount nfs file share

$ sudo mount -a
  • clone canvas source code
$ git clone https://github.com/instructure/canvas-lms.git canvas
$ cd canvas
$ git checkout stable
  • install ruby
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:brightbox/ruby-ng
$ sudo apt-get update
$ sudo apt-get install ruby2.4 ruby2.4-dev zlib1g-dev libxml2-dev \
                       libsqlite3-dev libpq-dev \
                       libxmlsec1-dev curl make g++
  • install node.js
$ curl -sL https://deb.nodesource.com/setup_10.x | sudo -E bash -
$ sudo apt-get install nodejs
  • install Bundler
$ sudo gem install bundler --version 1.13.6
$ bundle _1.13.6_ install --path vendor/bundle
  • install Yarn
$ curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
$ echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
$ sudo apt-get update && sudo apt-get install yarn=1.10.1-1

$ yarn install
  • copy configuration file
$ for config in amazon_s3 database \
  delayed_jobs domain file_store outgoing_mail security external_migration; \
  do cp config/$config.yml.example config/$config.yml; done
  • Dynamic settings configuration
$ cp config/dynamic_settings.yml.example config/dynamic_settings.yml
$ vim config/dynamic_settings.yml

add configuration on top of file

production:
  config:
    canvas:
      canvas:
        encryption-secret: "your secret on rce .env file"
        signing-secret: "your secret on rce .env file"
      rich-content-service:
        app-host: "rce-canvas.cm.edu"
  • Database configuration
$ cp config/database.yml.example config/database.yml
$ vim config/database.yml

edit production block reflect your Postgres server

production:
  adapter: postgresql
  encoding: utf8
  database: canvas
  host: 10.110.60.209
  username: postgres
  password: <youre password on postgres .env file>
  timeout: 5000
  • Outgoing mail configuration
$ cp config/outgoing_mail.yml.example config/outgoing_mail.yml
$ vim config/outgoing_mail.yml

edit production block, please tell your canvas-lms server's ip address to mail administrator to allow canvas-lms send mail

production:
  address: "202.28.249.12"
  port: "25"
#  user_name: "user"
#  password: "password"
#  authentication: "plain" # plain, login, or cram_md5
  domain: "cmu.ac.th"
  outgoing_address: "no-reply-canvas-cm-edu@cmu.ac.th"
  default_name: "CM EDU Canvas"


  • URL configuration
$ cp config/domain.yml.example config/domain.yml
$ vim config/domain.yml

edit production block

production:
  domain: "canvas.cm.edu"
  # whether this instance of canvas is served over ssl (https) or not
  # defaults to true for production, false for test/development
  ssl: true
  # files_domain: "canvasfiles.example.com"
  • Security configuration
$ cp config/security.yml.example config/security.yml
$ vim config/security.yml

edit production block

production: &default
  # replace this with a random string of at least 20 characters
  encryption_key: qwertyuiopasdfghjklzxcvbnm
  lti_iss: 'https://canvas.instructure.com'
  • Generate Assets
$ mkdir /home/cnoc/share/tmp
$ ln -s /home/cnoc/share/tmp tmp
$ mkdir -p log tmp/pids public/assets app/stylesheets/brandable_css_brands
$ touch app/stylesheets/_brandable_variables_defaults_autogenerated.scss
$ touch Gemfile.lock
$ touch log/production.log
$ sudo chown -R cnoc config/environment.rb log tmp public/assets \
                              app/stylesheets/_brandable_variables_defaults_autogenerated.scss \
                              app/stylesheets/brandable_css_brands Gemfile.lock config.ru

$ yarn install
$ RAILS_ENV=production bundle exec rake canvas:compile_assets


  • Database population
$ RAILS_ENV=production bundle exec rake db:initial_setup


  • install apache
$ sudo apt-get install passenger libapache2-mod-passenger apache2
$ sudo a2enmod rewrite
  • Configure Passenger with Apache
$ sudo a2enmod passenger
  • Configure SSL with Apache
$ sudo a2enmod ssl
  • Configure Canvas with Apache
$ sudo a2dissite 000-default.conf
$ sudo vim /etc/apache2/sites-available/canvas.conf

in canvas.conf add

<VirtualHost *:443>
  ServerName canvas.cm.edu
  ServerAdmin supawit.w@cmu.ac.th
  DocumentRoot /home/cnoc/canvas/public
  ErrorLog /var/log/apache2/canvas_errors.log
  LogLevel warn
  CustomLog /var/log/apache2/canvas_ssl_access.log combined
  SSLEngine on
  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
  # the following ssl certificate files are generated for you from the ssl-cert package.
  SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
  SetEnv RAILS_ENV production
  <Directory /home/cnoc/canvas/public>
    Options All
    AllowOverride All
    Require all granted
  </Directory>
  PassengerDefaultUser cnoc
  XSendFile On
  XSendFilePath /home/cnoc/canvas
</VirtualHost>

enable canvas site

$ sudo a2ensite canvas
  • Optimizing File Downloads
$ sudo apt-get install libapache2-mod-xsendfile
  • Cache configuration
$ cp config/cache_store.yml.example config/cache_store.yml
$ vim config/cache_store.yml

add end of file

production:
  cache_store: redis_cache_store

copy redis configuration file

$ cp config/redis.yml.example config/redis.yml
$ vim config/redis.yml

edit production block

production:
   servers:
#   # list of redis servers to use in the ring
   - redis://10.110.60.239
  • restart apache
$ sudo service apache2 restart
  • Automated jobs
$ sudo ln -s /home/cnoc/canvas/script/canvas_init /etc/init.d/canvas_init
$ sudo update-rc.d canvas_init defaults
$ sudo /etc/init.d/canvas_init start

nginx configuration

on nginx server

add file configuration for canvas.cm.edu site

$ sudo vim /etc/nginx/sites-available/canvas.cm.edu.conf

add configuration

upstream canvas.cm.edu {
        server 10.110.60.215:443;
}
server {
        listen 80;
        server_name canvas.cm.edu;
        client_max_body_size 1G;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 64k;
        proxy_buffer_size   128k;
        proxy_buffers   4 256k;
        proxy_busy_buffers_size   256k;
        location / {
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass https://canvas.cm.edu;
        }
}

enable site

$ cd /etc/nginx/sites-enabled/ && sudo ln -s ../sites-available/canvas.cm.edu.conf && cd
$ sudo nginx -t && sudo service nginx reload

enable https for site

$ sudo certbot --nginx

then select canvas.cm.edu site

add file configuration for rce-canvas.cm.edu site

$ sudo vim /etc/nginx/sites-available/rce-canvas.cm.edu.conf

add configuration

upstream rce-canvas.cm.edu {
        server 10.110.60.239:80;
}
server {
        listen 80;
        server_name rce-canvas.cm.edu;
        client_max_body_size 1G;
        location / {
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_pass http://rce-canvas.cm.edu;
        }
}

enable site

$ cd /etc/nginx/sites-enabled/ && sudo ln -s ../sites-available/rce-canvas.cm.edu.conf && cd
$ sudo nginx -t && sudo service nginx reload

enable https for site

$ sudo certbot --nginx

then select rce-canvas.cm.edu site

Scale out

  • for scale out canvas-lms the fast way is clone built canvas-lms server and add it to ngnix upstream server.
  • if you can not clone just build canvas-lms server with same first server's configuration then add it to ngnix upstream server.
  • do not forget to add new server ip address to nfs file share server as well.
  • if you edit configuration do it on all server in same way, then restart service on all server. follow this document for restart canvas https://github.com/instructure/canvas-lms/wiki/Troubleshooting

Reference

https://github.com/instructure/canvas-lms/wiki/Production-Start