Should master branch work?

[g-goulis]

Is master branch fully functional or should I try the more updated x-api-2.0 branch version? @adl-trey

[vbhayden]

Hey there @g-goulis,

The master branch works fine and still uses the 1.0.3 spec. I am going to tag the current master branch as a 1.0.3 release and then move it into its own dedicated branch for legacy support for whatever packages end up needing security updates etc.

There were a few hiccups with Django being confused about the inclusion of contextAgents and contextGroups for the tables, so for the live one I had to manually exclude the lrs tables during a manual migration etc.

The 2.0 work will be merged into master after that though, which will be sometime today or tomorrow.

[g-goulis]

Sounds good @adl-trey

Will stay posted for the update and try a clean install with the new version. I had some issues with my first install attempt in an azure vm so this is probably a good point to try again. If there are any other additional resources you know of besides the readme's I would appreciate it.

Thanks for your work

[vbhayden]

Hey there,

The 2.0 changes have been merged into the master branch -- with the previous 1.0.3 compliant master being moved into xapi-1.0.3 etc. A clean deployment with the Docker containers + Docker Compose should bring it up without any issues, but let me know if you run into trouble etc.

[g-goulis]

Yep I tried this morning, I think maybe I am doing things out of order but maybe you could tell me. I did a fresh install and cannot access the web management tool for rabbit @ 15672, cannot access the webserver on http (don't even see traffic when I look at the docker logs for the nginx) and cannot access on https where I see lots of ssl errors.

I don't know if additional configuration is required beyond the 7 stepped list but beyond that I am fairly sure this isn't a VM (azure) issue or permission issue of any sort. None of my docker containers showed any errors but if it means anything the certbot doesn't stay up it runs and exits with code 1.

[vbhayden]

Yeah, the certbot container just comes up and dies -- it's included in the docker-compose.yml for scope context + volume sharing when generating a public cert for Nginx on live resources. The self-signed certs should last though when using the init-ssl.sh script. It is self-signed though, so networks may have trouble with it.

For Rabbit, Postgres, and Redis, these services are configured to only be accessible by local resources -- noted by their 127.0.0.1:XXXX:XXXX port mapping in the Docker Compose setup. You can make those accessible by removing the 127.0.0.1: etc.

Alternatively, you could modify the nginx config file to only use http and ignore the non-domain blockers:

worker_processes auto;
worker_rlimit_nofile 100000;

events {
    worker_connections  4096;
    use epoll;
    multi_accept on;
}

http {
    include           mime.types;
    default_type      application/octet-stream;
    sendfile          on;
    keepalive_timeout 65;

    proxy_buffer_size   128k;
    proxy_buffers       4 256k;
    proxy_busy_buffers_size 256k;

    client_body_in_file_only clean;
    client_body_buffer_size 32;

    client_max_body_size 300M;

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/access.log debug;

    server {
        listen       80;
        server_name  $HOSTNAME;

        include           mime.types;
        default_type      application/octet-stream;
        keepalive_timeout 1200s;
        keepalive_requests 100000;

        # reduce the data that needs to be sent over network -- for testing environment
        gzip on;
        # gzip_static on;
        gzip_min_length 10240;
        gzip_comp_level 1;
        gzip_vary on;
        gzip_disable msie6;
        gzip_proxied expired no-cache no-store private auth;
        gzip_types
            # text/html is always compressed by HttpGzipModule
            text/css
            text/javascript
            text/xml
            text/plain
            text/x-component
            application/javascript
            application/x-javascript
            application/json
            application/xml
            application/rss+xml
            application/atom+xml
            font/truetype
            font/opentype
            application/vnd.ms-fontobject
            image/svg+xml;

        proxy_ssl_server_name on;

        client_body_in_file_only clean;
        client_body_buffer_size 32K;

        client_max_body_size 300M;

        sendfile on;

        send_timeout           300;
        proxy_connect_timeout  300;
        proxy_send_timeout     300;
        proxy_read_timeout     300;

        location / {
            include proxy_headers.conf;
            proxy_pass http://lrs:8000;
        }

        # Static assets for the LRS
        location /static {
            autoindex on;
            expires 1w;
            alias /opt/lrs/lrs-static;
        }
        location /static/el-pagination {
            autoindex on;
            expires 1w;
            alias /opt/lrs/ep-static;
        }
        location /static/admin {
            autoindex on;
            expires 1w;
            alias /opt/lrs/admin-static;
        }

        location ~ /.well-known/acme-challenge {
            allow   all;
            root    /usr/share/nginx/html;
        }
    }
}