Installation

issues with SElinux installation of 2.18

issues with SElinux installation of 2.18

by Alex Jordan -
Number of replies: 3

I am trying to install the 2.18 release candidate (develop branch at present) on a new Oracle Linux server. I've been following the instructions here, but it's an SELinux OS, so there are complications.

There is no www-data user or group. And at first, there was no apache user or group either. I installed apache just to get the apache user and group. And I've used 'apache' in place of 'www-data' throughout the instructions. I found that I needed to edit /opt/webwork/webwork2/conf/webwork2.service, replacing "www-data" with "apache" in two places. So far, does this all sound like it should work out OK?

The instructions say to install Node 16, and that is what I did. However Node 18 was available. Any reason not to go to 18?

I could not get `authbind` from the package manager, so I compiled it using
http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=authbind.git;a=snapshot;h=64b7841344fcc3cc5208a6ac8ec92c2db1a8802f;sf=tgz
Any reason that was a bad idea? I've seen alternate methods described for doing what authbind does, but they sounded complicated. I'm hoping I won't need to try them.

I generated self-signed certificate at /etc/ssl/local/cert.pem with key /etc/ssl/local/key.pem. And I put this line in the "listen:" part of webwork2.mojolicious.yml:
- https://*:443?cert=/etc/ssl/local/cert.pem&key=/etc/ssl/local/key.pem

But when I visit the site (which you have to be in my school's VPN to do for now) I get:

Secure Connection Failed
An error occurred during a connection to vmwebworkdevw02.pcc.edu. PR_CONNECT_RESET_ERROR
Error code: PR_CONNECT_RESET_ERROR

Any insight into what I may be doing wrong?
In reply to Alex Jordan

Re: issues with SElinux installation of 2.18

by Alex Jordan -
About the last issue: I switched to using port 80 and http, and at least I have reached the point of getting to the WeBWorK landing page. Since this is not a real WW server with a registered DNS entry, I'm not going to worry about https with it. Things may be different when I move our real server to 2.18 though.
In reply to Alex Jordan

Re: issues with SElinux installation of 2.18

by Glenn Rice -

For the most part, everything that you have done sounds like it will work, except the certificates obviously (obvious because it isn't working).

I assume you are trying the direct deployment approach (not proxying via apache2 or nginx).  If that is the case, rather than installing apache2 to get a user to work with you could just create a user.  You should look at the webwork2/conf/README.md file.  It has instructions on how to do this, and some other information you might find useful.  To create a user you run "sudo useradd -M webwork" (or use apache if you like instead of webwork).  You will need to edit the service files to change the user name.

At this point stick with node 16.  Node 18 probably will work, but it is untested with webwork2.  If you do test it, then report back on how it goes.

As to the authbind package not being available, what you have done should work.  Although you should see https://github.com/openwebwork/webwork2/pull/1874.  That changes this.  Instead of using authbind it switches to using the Mojolicious::Plugin::SetUserGroup module.

As to the certificates, I have never actually been able to get self signed certificates to work on a real server even with apache2 or nginx.  I have been able to get them to work locally, but not for a remotely accessed server.  I don't think that self signed certificates are actually supported for that.  You could try letsencrypt with certbot.  That is something that is free and does work.

The self signed certificate may not be the issue though.  Another possibility is permissions.  Make sure that the user you are using has read permission of the certificate files and any directory leading up to them in their path.

In reply to Glenn Rice

Re: issues with SElinux installation of 2.18

by Glenn Rice -
So I don't see any reason that node 18 would be a problem. I just tested it, and for everything that webwork2 needs it for it should be fine. Webwork3 has some issue with it though, but that is not a concern for webwork2. Webwork3 uses node much more than webwork2 does with its build system.