Difference between revisions of "WeBWorK 2.18 Ubuntu Server 22.04 LTS Amazon Machine Image"

These instructions cover setting up WeBWorK 2.18 using the WeBWorK 2.18 on Ubuntu Server 22.04 LTS AMI (Amazon Machine Image).

This version contains everything you need to run a WeBWorK server (e.g. WeBWorK, Mjolicious/hypnotoad, MariaDB, R server, log rotation, etc.) installed and configured.

Setting up the WeBWorK 2.18 Ubuntu Server 22.04 LTS Amazon Machine Image

Overview

After using the WeBWorK 2.18 on Ubuntu Server 22.04 LTS Amazon Machine Image, you will have a full fledged Ubuntu Server 22.04 LTS system with WeBWorK 2.18, Mjolicious/hypnotoad, MariaDB, R server, log rotation, etc. installed and configured.

It is imperative that you CHANGE THE PASSWORDS for the OS user wwadmin (who owns most WeBWorK files), for the MariaDB user webworkWrite who has access to MariaDB, for the WeBWorK user admin who has admin privileges and for the WeBWorK user profa who has professor privileges and also the Mjolicious secret (see below). Finally you should set up SSL (https) access to WeBWorK if students will be using your server.

There are more detailed instructions for Ubuntu Server 22.04 and WeBWorK 2.18 at Installation Manual for 2.18 on Ubuntu. The AMI (Amazon Machine Image) was built following those instructions.

First you need an AWS account

First you need an Amazon AWS account. If you do not already have an account see https://aws.amazon.com/free/ and sign up for a free account. Or look at https://aws.amazon.com/premiumsupport/knowledge-center/create-and-activate-aws-account/.

Find the AMI image

Sign in to the AWS Management Console (https://signin.aws.amazon.com/) and search for "EC2 Dashboard". You will be taken to the Amazon EC2 console. From the navigation bar (at the top of the page), select the "US East (Ohio) us-east-2" region. You can select any Region that's available to you, regardless of your location but the AMI image is stored in the US East (Ohio) region so you have to use that one. In the navigation pane (to the left) under IMAGES, select AMIs. Then to the left of the search bar, select "Public images" (the choices are "Owned by me", "Public images", "Private images") and in the search bar enter "WeBWorK". You should see WeBWorK 2.18 on Ubuntu Server 22.04 LTS listed.

NOTE: If for whatever reason you can not or do not want to use the US East (Ohio) region, you can copy the AMI to another region. See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/CopyingAMIs.html#ami-copy-steps or google "copy ami from one region to another".

Configure the WeBWorK AMI Image

Select the WeBWorK 2.18 on Ubuntu Server 22.04 LTS AMI and hit Launch instance from AMI

Name and tags

Name the instance and add additional tags if you want.

Choose an Instance Type

Information on ec2 instance types can be found at https://aws.amazon.com/ec2/instance-types/. I would suggest you look at t2 or t3 Instances.

The WeBWorK AMI was built from a t3.small ec2 instance having the following resources:

• 20 GB disk drive of which about 8 GB is used
• 2 GB memory
• 2 (virtual) cpu

The above resources are minimal. These resources are OK for testing but it is possible to overwhelm the machine. This may happen e.g. if you want to simultaneously display many problems in the Library Browser or if you have several simultaneous users. If this happens your options are to wait until the server recovers or reboot the server.

The Mathematical Association of America (MAA) courses1 server (which is no longer in use) was a t2.2xlarge ec2 instance having the following resources:

• 70 GB disk drive
• 32 GB memory
• 8 (virtual) cpu's

The MAA courses1 server was hosting over 600 courses of which around 150 were active in June, 2020.

Most likely the resources required for your server will fall within the range from small to 2xlarge. You can always change the resources available to an instance (see Changing the instance type below) but for this you will have to stop the instance. For this reason it is best to start with reasonable resources. For a server that you will be using with students it might be reasonable to start with a small or medium instance. But of course this is highly dependent on the number of students who will be using the server simultaneously.

Select or Create a key pair

A key pair is used to securely log into your server. Create a new key pair or use an existing one. Download and save the pem file (e.g. WWsecretkey.pem).

Network Settings

You can create a security group or use an existing one.

You also should create inbound rules so that you and others can communicate with your server instance.

Allow SSH (which you will use for direct terminal access to your server) which is probably already set up with source 0.0.0.0/0. This means, as the warring states: "Rules with source of 0.0.0.0/0 allow all IP addresses to access your instance" but of course no one can login unless they have the appropriate credentials. You can restrict this to a specific workstation (e.g. 98.12.176.149/32) or a range (e.g.98.12.176.0/24) of ip addresses (e.g. workstations on your network). If you select "My IP", you will only be able to connect from your workstation which is good for security but maybe not convenience. You can always add other rules to SSH in from other workstations.

SSH	            TCP	           22	          98.12.176.149/32             SSH for admin

You should allow HTTP (port 80). Initially for testing you may want to restrict these but for a production machine you would want to allow access from anywhere, i.e. 0.0.0.0/0. Note that except for guest users who have very limited access if you allow them at all, no one can log into WeBWorK on your server without a password. But see the section Passwords below for information on users who already have simple non secure passwords that must be changed.

You should also allow HTTPS although initially your server will not be setup for this.

Important If you do not see information about adding SSH (port 22) or HTTP (port 80) and/or HPPTS (port 443), select "Edit" next to "Networking" and add the required "Inbound Security Group Rules".

If you have problems connecting to your server, see the section Connection Problems below.

Configure storage

You can change the amount of disk space. 20 GB is a reasonable amount to start with for a small server.

Launch Your Server

Click "Launch instance" to launch your instance

Now Launch your server by clicking on "Launch instances". Clicking on the Instance ID is a fast way to get to your EC2 Dashboard. Or Click on "View all instances"

On your EC2 Dashboard (EC2 Management Console), find the Public IPv4 address, say 18.216.251.98. We will use this in our examples. Obviously you should substitute your own.

Accessing Your Server from a Terminal Emulator on your Host

You can login to your server using SSH (non secure telnet and FTP are not allowed but secure SSH and SFTP are) using your favorite terminal emulator. Note that I had to update my terminal emulator (MobaXterm) in order to connect. I recommend you use the latest version of your favorite terminal emulator.

If you use a terminal emulator like MobaXterm use the Advanced SSH Settings to use the WWsecretkey.pem file as your private key. Check the "private key" box, search for WWsecretkey.pem and then connect to 18.216.251.98 and login as ubuntu (no password required). Other terminal emulators (Putty, iTerm2, etc) will be similar.

If you are using ssh in a terminal window, use the command

ssh -i WWsecretkey.pem ubuntu@18.216.251.98

(you may have to provide the path to the WWsecretkey.pem file). Note that the permission on the WWsecretkey.pem file is required to be set so that the file is not readable by others. You need something like

chmod 600 WWsecretkey.pem

If you are using a bash shell running on Ubuntu under Windows 10, you may find it impossible to change the permission of WWsecretkey.pem. In that case copy WWsecretkey.pem to your home directory and change the permission there. From the directory containing WWsecretkey.pem

cp WWsecretkey.pem ~/
cd 
chmod 600 WWsecretkey.pem
ssh -i WWsecretkey.pem ubuntu@18.216.251.98

Connection Problems

If you have problems connecting the first thing to check is that ports 22 (and 80 and 443) are open for inbound connections and are accessible from your location. From the EC2 dashboard, select "Instances", click on the "Instance ID" number, select the "Security" tab, and look under "Inbound rules". Check that ports 22, 80 and 443 are open and are accessible from your location (e.g. "Source" 0.0.0.0/0 indicates your instance is accessible from everywhere but of course the proper credentials are necessary to connect). If a rule needs to be added or edited, select the "Security groups" number, "Edit inbound rules" and then edit and/or "Add rule".

If the inbound rules are not your problem look at https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/TroubleshootingInstancesConnecting.html for further help.

Users on your system

There are two users who can login to the system: ubuntu and wwadmin

ubuntu

ubuntu is the "system" user who has sudo privileges. You probably always want to initially log in as ubuntu using the secret key file WWsecretkey.pem.

Running commands as root

By default your Ubuntu server has no password set for the root user. To gain root access you have to use the sudo command while logged in as ubuntu.

To run commands as root use

$ sudo <command>

A log of all sudo commands is kept in /var/log/auth.log .

You can also use sudo to become root and get the root prompt #. To do this run

$ sudo -s
#

When you want to exit the root prompt and return to being the regular user ubuntu, do the following

# exit
exit
$

wwadmin

wwadmin is the "WeBWorK" administrator user who owns most of the WeBWorK system files. For example if you want to edit some WeBWorK file, you should use the su (switch user) command to become wwadmin. The password for wwadmin is "wwadmin" so the command is:

$ su wwadmin
Password: wwadmin
$

After you have finished whatever you have to do as wwadmin, you can return to being the ubuntu user by

$exit
exit
$

wwadmin is not in the sudo group so if you want to use sudo, you have to be ubuntu.

Also you should change the password for wwadmin to something much more secure than "wwadmin" (see Passwords).

Set the Timezone for your server

To find out what timezone your server is set to run the command

$ timedatectl

and you will see

...
Time zone: Etc/UTC (UTC, +0000)
...

which is probably not where you live. The timezone naming convention uses a “Region/City” format and to find the correct one for your location run the command

$  timedatectl list-timezones

Look through the list and find your timezone, e.g. "America/Los_Angeles". Then set the timezone (you have to be root), e.g.

$ sudo timedatectl set-timezone America/Los_Angeles

and then

$ timedatectl

to check it was set correctly.

Checking for and Installing Hotfixes

To check for and/or install updates you will have to become the wwadmin user:

$ su wwadmin
Password: wwadmin
$

Then follow the instructions at Check for and Install Hotfixes in the Installation Manual for 2.18 on Ubuntu. Remember that you have to switch back to the ubuntu user and restart the webwork2 app after updating the webwork2 and/or pg code.

$ exit
$ sudo systemctl restart webwork2

Important: The are bug fixes for both the webwork2 code and the pg code that occurred after the AMI was built. You should definitely update both the webwork2 and pg code.

Give your Instance a permanent IP address

As currently set up if you stop your instance (e.g. to change resources) when you restart it, the instance will have a new IP address, which means you will have to change the network setup. To fix this situation, go to your EC2 panel and in the left panel under "Network & Security", select "Elastic IPs". Then select "Allocate Elastic IP address", and hit "Allocate". For example, assume 18.190.3.215 was allocated. Now select your newly allocated IPv4 address and under "Actions", select "Associate Elastic IP address" and then "Choose an instance" (your instance!) and hit "Associate". Now the ip address 18.190.3.215 is permanently associated with your instance.

WeBWorK Configuration

The WeBWorK URL

We need a WeBWorK URL to give to students and professors so that they can access WeBWorK.

For this we can use your servers public ip address which we just changed from 18.216.251.98 to 18.190.3.215 or public URL address (e.g. ec2-18.190.3.215.us-east-2.compute.amazonaws.com) but besides being hard to remember this is really not a good idea for the following reason. At least some certificate authorities (e.g. Let's Encrypt) will not issue SLL certificates to sites with a ...compute.amazonaws.com URL because you may release it up and it may be reassigned to another user.

It is much better to use a permanent URL (something like webwork.yourschool.edu) and create a DNS record pointing your URL (webwork.yourschool.edu) to the permanent public ip address of your instance (18.190.3.215 in our example).

If for whatever reason you do not want to use a university URL, you can use Google Domains (https://domains.google/) or a similar provider to get and manage your own URL.

The WeBWorK .conf files

Most WeBWorK configuration is done in the files /opt/webwork/webwork2/conf/site.conf and /opt/webwork/webwork2/conf/localOverrides.conf. These files provide system-wide configuration settings, and defaults for course settings. Any setting in these files can be overridden in the course.conf file for a particular course. To override a setting for a course, just put the new setting (using the same syntax as is in localOverrides.conf) in the course.conf file. An instructor can only edit the course.conf file herself (for her own course) if she has "admin" privilege which by default professors do not have. But most things instructors may want to customize and many others (language, timezone, permissions, display modes, email, ...) can be set using the Course Configuration page from within the course and such setting override those in the configuration files.

Usually the "admin" user is added as an admin in all new courses and she can grant "admin" privileges to anyone (but she should be very careful in doing this).

Actually there are three main configuration files, site.conf, defaults.config and localOverrides.conf. The reason there are three configuration files is to make upgrading WeBWorK easier.

• site.conf: This file contains global variables which are required for basic configuration. It will not be overridden when you update WeBWorK but its distribution version, site.conf.dist will be.
• defaults.config: This file contains initial settings for many customizable options in WeBWorK. Do not edit defaults.config. It will be overridden next time you upgrade.
• localOverrides.conf This is where you should add all local customizations. It will not be overridden when you update WeBWorK but its distribution version, localOverrides.conf.dist will be.

It is important to remember that any time you edit WeBWorK's configuration files, you have the restart the webwork2 app for the changes to take effect.

There are several options that must be set for WeBWorK to work with your system. The rest of the file consists of customization options.

Edit the site.conf file

Now backup and edit site.conf

$ su wwadmin
Password: wwadmin
$ cd /opt/webwork/webwork2/conf
$ cp site.conf site.conf.bak1
$ nano site.conf

The $server_root_url is set as

 $server_root_url   = 'http://18.117.176.238/';

which you should replace with

 $server_root_url   = 'http://18.190.3.215/';

where of course replace 18.190.3.215 by your actual ip address.

WeBWorK uses the DateTime module. DateTime is supposed to be able to determine the local timezone itself without you having to enter it but this often fails so it is best to just set it here. For is a list of timezones recognized by DateTime run the command

timedatectl list-timezones

These timezones are more refined than standard time zone usage in that they include switches to daylight savings time (e.g. some parts of a time zone may make the switch and others may not). For example if your server is in the eastern US, on the list you will see America/New_York and you should enter $siteDefaults{timezone} = "America/New_York"; which is the default. Read the documentation in this section of the the site.conf file for more information on selecting time zones and formatting dates.

Search for $siteDefaults{timezone} and enter your local timezone if it is not correct.

Here is some information on email although you might want to hold off on this until you check that your server is functioning well.

WeBWorK sends mail in two instances. The mail merge module is used to send mail to course participants, i.e. to report scores. The feedback module allows participants to send mail to course instructors.

To send mail, WeBWorK needs the address of an SMTP server. Normally you will use the address of your school's SMTP server. When connecting to the SMTP server, WeBWorK must also send an email address representing the sender of the email (this has nothing to do with the From address on the mail message). Edit the lines

$mail{smtpServer} = ;  # e.g. 'mail.yourschool.edu' or 'localhost'
$mail{smtpSender} = ;  # e.g.  'webwork@yourserver.yourschool.edu'

entering the appropriate information. Be sure to use single quotes and NOT double quotes around email addresses otherwise Perl will treat @ as an array variable.

If you do not use your school's SMTP server, the following documentation may be helpful:

https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-smtp.html

https://aws.amazon.com/premiumsupport/knowledge-center/ec2-port-25-throttle/

https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-smtp-software-package.html

Or if you want to install your own SMTP server:

https://ubuntu.com/server/docs/mail-postfix

Then save the file and Quit.

Now restart the webwork2 app so that our changes to the conf files takes effect. First we have to stop acting as wwadmin and return to the ubuntu user.

$ exit
exit
$ sudo systemctl restart webwork2

The defaults.config file

The defaults.config contains basic defaults for your system. You should not need to change these but if you decide to, you should not change them here since this file will be overwritten when you update WeBWorK. Instead make the change in the localOverrides.conf file using the same syntax as in the defaults.config file.

Test that Things are Working Properly

Connect to http://webwork.yourschool.edu/webwork2 (or http://18.190.3.215/webwork2 if your haven't set up a URL yet) where of course you should use your actual URL or ip address.

We will test out a few important parts of WeBWorK. If you run into problems, you should look at the WeBWorK app error log which is located at /opt/webwork/webwork2/logs/webwork2.log. And you should look at Test that Things are Working Properly in the Installation Manual for 2.18 on Ubuntu for help.

You should see the WeBWorK Welcome page with "Course Administration" and "myTestCourse" listed. At some point you may want to "hide" them so that they are not listed on the Welcome page (more on this later).

Click on "myTestCourse" and login with login name "profa" and password "profa". At this point you are a regular professor. There is also an administrator "admin", a regular student "jsmith" and several guest or practice users (who don't require a password but can view problems and "check" answers without them being "submitted" for credit). More on these below.

Now click on Homework Sets on the Main Menu and click on Demo. Then look at the problems. Mathematical equations should be typeset. Continue looking at problems to see if everything is working properly. Look through the problems in the other sets.

Next click on Problem List to bring back the Problem List Page and click on Download PDF .... The page is a little complicated because you are a professor so you see the professor view (students see a very simple page) but you can just scroll to the bottom and click on Generate hardcopy for selected users and selected sets.

Look through the problems in the other sets.

Now test the Library Browser. Click on Library Browser on the Main Menu. Click Open Problem Library (actually it should already be selected so it will be greyed out) and select a Subject, Chapter and Section and then hit View Problems. The first 20 of your selected problems will be displayed.

Next test that WeBWorK problems using R run properly. You are already in the Library Browser. Select "Statistics" as Subject, "Bayesian inference" as Chapter and "Posterior distribution" as Section and then hit View Problems. If the problems display with no error messages, all should be well. To be totally sure, click on the "eye" (Try it) in the upper right corner and test the problem. If there are no error messages, congratulate yourself. Everything works.

If you are new to WeBWorK or even if you are a pro, you should probably log in as a student to see what the student interface looks like. It's much simpler than the professor or admin interfaces. Login with login name "jsmith" and password "jsmith". The "admin" view is very similar to the "prof" view but you have the ability to change things about the course that mere professors do not have. Finally you can click on "Guest Login" and see what that looks like.

Set up WeBWorK to use SSL

This step configures the system so that access to WeBWorK will be through an encrypted connection (SSL) with an https: URL. It is optional but you should certainly do this if students will be using your server. Note that TLS is the successor protocol to SSL and is used everywhere. So that when we and others use the more common acronym SSL, we really are talking about TLS.

You can find general directions in Set up SSL in the Installation Manual for 2.18 on Ubuntu. In those directions, you want to follow Option1 (Set up Hypnotoad to use SSL (Option 1)) since that is how the AMI was configured.

Here we will give explicit directions for working with your AWS instance, Google Domains and Let's Encrypt. Working with other setups should be analogous.

First we set up our URL

Login to https://domains.google/ and select your domain or get a new one. As an example I will use my domain, "apizer.org". Select "apizer.org", click on "Manage", Select "DNS", "Custom records", "Manage custom records" and finally "Create a new record". For "Host name" enter "webwork" (which means the URL will be "webwork.apizer.org"), For "Type" select "A" meaning you are using ipv4, leave "TTL" at 3600 (1 hour) and under "DATA" enter 18.190.3.215 where of course you need to enter the permanent ip address you obtained above in Give your Instance a permanent IP address. The click "Save"

Note that it may take a few minutes for your new URL to propagate through the system, so you might have to wait a bit for the next step but in my experience I was able to proceed immediately.

Next we create our SLL certificate and key

First install certbot

$ sudo snap install --classic certbot

Next we need to stop the webwork2 app so that certbot can use port 80

$ sudo systemctl stop webwork2

Now run certbot

$ sudo certbot  certonly --standalone

When it requests "Please enter the domain name(s) you would like on your certificate (comma and/or space separated) (Enter 'c' to cancel):", I entered "webwork.apizer.org" but of course you want to enter the URL you just setup above. When the process completes, copy the location of your certificate and key, in my case:

/etc/letsencrypt/live/webwork.apizer.org/fullchain.pem
/etc/letsencrypt/live/webwork.apizer.org/privkey.pem

Finally make sure that these files are readable by the webwork2 app:

$ sudo chown www-data /etc/letsencrypt/live/webwork.apizer.org/fullchain.pem /etc/letsencrypt/live/webwork.apizer.org/privkey.pem

Note that for files to be readable by www-data, www-data must have executable permission on all directories lying above the actual file location. In our case the actual files lie under

/etc/letsencrypt/archive/

since the files under .../live/ are links pointing to files under .../archive/ I have done this twice and in one case certbot created directories that are all world executable, e.g.

ls -l /etc/letsencrypt/
drwxr-xr-x 4 root root 4096 Aug 30 18:59 archive
drwxr-xr-x 4 root root 4096 Aug 30 18:59 live

so there was no problem but in the other case there was a problem e.g

ls -l /etc/letsencrypt/
drwx------   3 root root 4096 Oct 22 17:29 archive/
drwx------   3 root root 4096 Oct 22 17:29 live/

so I had to run

cd /etc/letsencrypt/
sudo chmod 755 *

Note that several others have reported this was a problem when they ran certbot so it is something to definitely check.

Now we we configure the webwork2 app to use SSL

Edit webwork2.mojolicious.yml

We need to tell hypnotoad where the certificates are. First we make a backup of the webwork2.mojolicious.yml file and then edit it:

$ su wwadmin
$ cd /opt/webwork/webwork2/conf/
$ cp webwork2.mojolicious.yml webwork2.mojolicious.yml.bak1
$ nano webwork2.mojolicious.yml

In the hypnotoad: section below the lines

listen:
 - http://*:80

add the line

 - https://*:443?cert=/etc/letsencrypt/live/webwork.apizer.org/fullchain.pem&key=/etc/letsencrypt/live/webwork.apizer.org/privkey.pem

where of course use the path to your certificate and key.

Finally a few lines above this change

redirect_http_to_https: 0

to

redirect_http_to_https: 1

Then save the file and quit.

Edit site.conf

Now backup and then edit site.conf

cp site.conf site.conf.bak2
nano site.conf

The $server_root_url is set as

 $server_root_url   = 'http://18.190.3.215/';

where of course 18.190.3.215 is replaced by your actual ip address. Change this to

$server_root_url   = 'https://webwork.apizer.org/';

where of course use your own URL obtained above and don't forget to enter https in place of http.

The save the file and quit.

Start the webwork2 app

Stop acting as wwadmin and then start the webwork2 app:

$ exit
$ sudo systemctl start webwork2

Test that all is well

Try accessing your server using your new URL. E.g. accessing your server using either "http://webwork.apizer.org/webwork2" or "https://webwork.apizer.org/webwork2" (where of course substitute your own URL) should give you a secure connection (most browsers will display a lock symbol) . Check that problems display correctly, the Library Browser behaves well, etc.

Renewing the certificate

Since under our setup the webwork2 app is listening to both ports 80 and 443 and certbot needs to use port 80 for renewals, we must stop the webwork2 app before renewing. Run

$ sudo systemctl stop webwork2
$ sudo certbot renew
$ sudo systemctl start webwork2

Note that if you just want to test the renewal process without actually renewing, run

$ sudo certbot renew --dry-run

instead. If you really want to use certbot's automatic renewal process, one option is to edit webwork2.mojolicious.yml and comment out the line

- http://*:80

so it reads

# - http://*:80

and a few lines above this change

redirect_http_to_https: 1

to

redirect_http_to_https: 0

Note that this means students will need to use https: to connect to your server and will get an error message (which they may not understand) if they use http:

Finish up

Once access to your WeBWorK server is set up (as it should be now), if all you want to do is test out WeBWorK yourself without any other users, you are all set at this point but please read the rest of these instructions so that you understand how insecure your WeBWorK server is right now.

Passwords

It is IMPERATIVE that you CHANGE THE PASSWORD for the OS user wwadmin (who has ownership of the WeBWorK files). Otherwise anyone can connect to your server and pretty easily gain access to the WeBWorK files. Also it is IMPERATIVE that you CHANGE THE PASSWORD for the MariaDB user webworkWrite who has login privileges to MariaDB. Otherwise anyone can connect to MariaDB server and pretty easily gain access to the WeBWorK database. Finally it is IMPERATIVE that you CHANGE THE PASSWORD for the WeBWorK user admin who has admin privileges both in the admin course and in the myTestCourse and for the WeBWorK user profa who has professor privileges in the myTestCourse. Otherwise anyone can connect to WeBWorK server and pretty easily gain access and do anything they want. Finally you need to change the mojolicious secret

Change the mojolicious secret

Edit /opt/webwork/webwork2/conf/webwork2.mojolicious.yml with your preferred text editor. Near the beginning of the file change the secrets: to whatever you want to change it to, but don't leave it at the default setting. You can choose random characters or a long phrase.

Change the password for wwadmin

$su wwadmin
Password: wwadmin
$ passwd
Changing passwd for wwadmin:
(current) UNIX password: wwadmin
Enter new UNIX password: <new wwadmin password> 
Retype new UNIX password: <new wwadmin password>
passwd: password update successfully
$exit
exit
$ 

Do not forget the <new wwadmin password> that you just entered. Below when we refer to <wwadmin password>, we mean the new <wwadmin password>, <new wwadmin password> that you just entered above.

Change the password for webworkWrite

Now we change the passwords for the MariaDB user webworkWrite. First we edit site.conf.

$su wwadmin
Password:  <wwadmin password>
$ cd /opt/webwork/webwork2/conf
$ nano site.conf

Search for $database_password = 'wwadmin'; and replace this by
$database_password = 'database_password'; where of course you should replace 'database_password' with your own password (you do need single or double quotes). We refer to this password as <database_password>. Remember it as we will need it shortly. Then save the file and Quit.

Then restart the webwork2 app so the changes take effect.

$ exit
exit
$ sudo systemctl restart webwork2

and start MariaDB

$ sudo mysql

You should see

Welcome to the MariaDB monitor ...
MariaDBl>

Now lets check the MariaDB users.

MariaDB> SELECT user,password,authentication_string,plugin,host FROM mysql.user;

You will see a table with four users. You should see that the user webworkWrite) has a valid password (which will be displayed in encrypted form).

Now we will change the password for the webworkWrite User

MariaDB> ALTER USER 'webworkWrite'@'localhost' IDENTIFIED BY '<database_password>';

where of course you should replace <database_password> by whatever you used above (use the single quotes but no angle braces). Then

MariaDB> FLUSH PRIVILEGES;
use your up arrow key to run the command
MariaDB> SELECT user,password,authentication_string,plugin,host FROM mysql.user;

and you should see that webworkWrite has a new passwords (which will be displayed in encrypted form).

Then exit MariaDB

MariaDB> exit
Bye
$

If you want to check that you set the password correctly, do the following:

mysql -u webworkWrite -p -h127.0.0.1 --protocol=tcp
Enter password: <database_password>

and you should see

Welcome to the MariaDB monitor ...
MariaDBl>

Now exit

MariaDB> exit
Bye
$

Change the password for admin

Change the passwords for the WeBWorK user admin in two courses. Login to both the WeBWorK admin course (http://.../webwork2/admin) and myTestCourse (http://.../webwork2/myTestCourse) with Username "admin" and Password "admin". Then change the passwords from "admin" to something more secure. Note that in WeBWorK to change the password of the user you are logged in as, select "User Settings" in the "MAIN MENU". Or you can login as "profa" and use the "Classlist Editor" to change the password.

Change the password for profa

Change the passwords for the WeBWorK user profa. Login to myTestCourse (http://.../webwork2/myTestCourse) with Username "profa" and Password "profa". Then change the passwords from "profa" to something more secure. Or you can login as "admin" and use the "Classlist Editor" to change the password.

Change the password for jsmith

Change the passwords for the WeBWorK user jsmith if you want. jsmith is just a regular student so she can't do any real damage but you may still want to change the password. Login to myTestCourse (http://.../webwork2/myTestCourse) with Username "jsmith" and Password "jsmith". Then change the passwords from "jsmith" to something more secure. Or you can login as "admin" or "profa" and use the "Classlist Editor" to change the password.

More House Keeping

Hide the admin and myTestCourse courses

Log out of myTestCourse if you are logged in and go to the WeBWorK Welcome page. Click on Course Administration and login as admin with the new admin password you set for the admin course. Select "Hide Inactive Courses" and select the courses you want to hide and hit "Hide Courses". If you go back to the WeBWorK Welcome page, you will see no courses listed. You can still access these courses directly by

http://webwork.yourschool.edu/webwork2/admin 
http://webwork.yourschool.edu/webwork2/mytestcourse 

where of course you should use your actual URL.

Institution Logo

The institution logo (which is the MAA logo by default) appears on every WeBWorK page. You can replace with you own logo by doing the following. We took these directions verbatim from Alex Jordan's Forum post https://webwork.maa.org/moodle/mod/forum/discuss.php?d=5642.

All you need to do is add lines like these to a config file like localOverrides.conf:

$institutionLogo = 'myimage'; $institutionURL = 'URL for target if a user clicks on the image'; $institutionName = 'Name of the target, to be used in alt text';

myimage is an image file that you place in webwork2/htdocs/themes/math4/images/. It could be for example 'myimage.svg' containing some text.

The easiest way to do this is to search for the lines

# The institution logo should be an image file in the theme's images folder
#$institutionLogo = 'my_school_logo.png';
#$institutionURL  = 'http://www.myschool.edu';
#$institutionName = 'My University';

in /opt/webwork/webwork2/conf/localOverrides.conf, remove the #'s from the last three lines and enter your information. If you want to just make the change for an individual course, copy the code and put it in /opt/webwork/courses/Course_Name/course.conf.

Adjust Hypnotoad's configuration according to your server's memory and also adjust connection limits

Look at Serving Directly via Hypnotoad in the Installation Manual for 2.18 on Ubuntu 22.04 Server and adjust "clients", "workers" and "spare" in the file /opt/webwork/webwork2/conf/webwork2.mojolicious.yml according to the rule of thumb given there. You may also have to adjust the number of database connections, see Connection_Limits in the Installation Manual for 2.18 on Ubuntu 22.04 Server

Changing the instance type

For general information look at the following reference and also google "change the instance type of ec2"

• https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-resize.html#resize-ebs-backed-instance

Important: When you stop you instance (as you have to do to change the instance type), your root volume /dev/root (/dev/xvda1) will be saved and this contains all changes you or your students may have made.

First you should review information on ec2 instance types can be found at https://aws.amazon.com/ec2/instance-types/. I would suggest you look at t2 or t3 Instances.

Sign in to the AWS Management Console (https://signin.aws.amazon.com/) and search for the "EC2" service. You will be taken to the Amazon EC2 console.

1. In the navigation pane, choose Instances.
2. Select the instance and choose Actions, Instance State, Stop.
3. In the confirmation dialog box, choose Yes, Stop. It can take a few minutes for the instance to stop.
4. With the instance still selected, choose Actions, Instance Settings, Change Instance Type. This action is disabled if the instance state is not stopped.
5. In the Change Instance Type dialog box, do the following:
6. From Instance Type, select the instance type that you want.
7. (Optional) If the instance type that you selected supports EBS–optimization, select EBS-optimized to enable EBS–optimization or deselect EBS-optimized to disable EBS–optimization. If the instance type that you selected is EBS–optimized by default, EBS-optimized is selected and you can't deselect it.
8. Choose Apply to accept the new settings.
9. To restart the stopped instance, select the instance and choose Actions, Instance State, Start.

Remember to Adjust Hypnotoad's configuration according to your server's memory and also adjust connection limits.

Increase disk space

This is a two part process. The first step is

Expand the EBS root volume

For general information look at the following reference and also google "expand disk of ec2"

• https://aws.amazon.com/premiumsupport/knowledge-center/expand-root-ebs-linux/

Sign in to the AWS Management Console (https://signin.aws.amazon.com/) and search for the "EC2" service. You will be taken to the Amazon EC2 console. In the navigation pane (to the left), choose "Volumes", right click on the volume you what to expand and select "Modify Volume". In the pop up window select the new size, say 25, and click "Modify" and then confirm by clicking "Yes". You will see

 Modify Volume Request Succeeded
Your volume is now being modified.

The second step is to

Repartition the disk and expand the file system

Let us assume you have completed the first step and expanded the disk capacity from it's initial 20 GB to 25GB although in practice you will probably want to make it larger. First enter

$ df -h
Filesystem      Size  Used Avail Use% Mounted on

/dev/root        20G  5.3G   15G  28% /
...

to see how much disk space we have initially. Now run parted as root:

$ sudo parted

and you will see something like

GNU Parted 3.3
Using /dev/xvda
Welcome to GNU Parted! Type 'help' to view a list of commands.
(parted) 

Now enter the "print" command

(parted) print
Model: Xen Virtual Block Device (xvd)
Disk /dev/xvda: 26.8GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start   End     Size    Type     File system  Flags
 1      1049kB  21.5GB  21.5GB  primary  ext4         boot

(parted)

We need to know the number of the partition we want to resize. We can see it is 1 from the above. Now enter the "resizepart" command

(parted) resizepart
Partition number? 1
Warning: Partition /dev/xvda1 is being used. Are you sure you want to continue?
Yes/No? Yes
End?  [21.5GB]? 26.5GB
(parted)

Now enter the "print" command again

(parted) print
Model: Xen Virtual Block Device (xvd)
Disk /dev/xvda: 26.8GB
Sector size (logical/physical): 512B/512B
Partition Table: msdos
Disk Flags:

Number  Start   End     Size    Type     File system  Flags
 1      1049kB  26.5GB  26.5GB  primary  ext4         boot

(parted)

Notice we now have a 26.5 GB disk. Now quit parted.

(parted) quit
Information: You may need to update /etc/fstab.

Now we resize the file system. The above information tells us that we are working on partition 1 on /dev/xvda, so we use /dev/xvda1 in the command below

$  sudo resize2fs /dev/xvda1 
resize2fs 1.45.5 (07-Jan-2020)
Filesystem at /dev/xvda1 is mounted on /; on-line resizing required
old_desc_blocks = 3, new_desc_blocks = 4
The filesystem on /dev/xvda1 is now 6469470 (4k) blocks long.

and run df -h and we should see something like

$ df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/root        24G  5.3G   19G  23% /
...

indicating that we now a lot more space on our disk. Yea!

File and Directory Locations and System Information

This installation of WeBWorK and Ubuntu follows the instructions given in Installation_Manual_for_2.17_on_Ubuntu. You can look there to find the locations of the WeBWorK files. MathJax is installed locally and optional configurations B and C are implemented.

Consult Category:Administrators for other WeBWorK documentation for system administrators.

Known Issues

Here are the known issues with this release.

PGbasicmacros.pl

Displaying certain symbols (e.g. {, },<,>,≤, ≥) in the text (not in Math Mode) of a WeBWorK problem fails. An example is Problem 1 in Set 0 in "myTestCourse" (see Test that Things are Working Properly below). For information on this see https://github.com/openwebwork/pg/issues/473. This can be fixed. However the fix causes trouble with WeBWorK problems that use the associated macros incorrectly in Math Mode (see https://webwork.maa.org/moodle/mod/forum/discuss.php?d=5727) and there are quite a few more problems that use them incorrectly than correctly. If you use any of these problems, the easiest solution would be to not perform the fix.

If you do what to proceed with the fix we need to edit the PGbasicmacros.pl file.

$ cd /opt/webwork/pg/macros
$ cp PGbasicmacros.pl PGbasicmacros.pl.bak1

$ nano PGbasicmacros.pl

Look for the line

HTML_MathJax     => [ "HTML_dpng", "HTML_tth", "HTML", ],

and replace it by

#HTML_MathJax     => [ "HTML_dpng", "HTML_tth", "HTML", ],
HTML_MathJax     => [ "HTML_dpng", "HTML", "HTML_tth", ],

Then save the file and Quit.

-- Main.ArnoldPizer - August 2023