Installation Query

I think the recommended production setup for external access is to proxy formplayer through a different URL on the same server using something like nginx.

In production Dimagi sets up www.commcarehq.org/formplayer to proxy the underlying formplayer URL which avoids the CORS issue.

1 Like

Thank you very much, the mobile app is working now!!!

I had another doubt. When I try to export data, I get the following error.

Hello can someone please help me with this??

Hi

Are there any errors in the log files for either the Django worker or the Celery task queue?

Hello,

Thank you. I will check and revert.

Regards,
Sneha

Hello,

I have another doubt, how to update this?
image
Thank you.

On the same page (Application Advanced Settings) enable the ‘Build Settings’:
image

From there you can select the CommCare Version that you are using.

When new versions of the CommCare mobile client are released you can add them to your local CommCare instance by going to https:///builds/edit_menu/ and following the instructions at the bottom of the page.

Thank you. Was able to fix this.

Suddenly the toolbar/taskbar with ‘Dashboard, Reports, Data, Users, Applications, Admin’ is missing. I wonder how! Is there a way to get this back?

Hello,

We have a problem with data export.

This is the error that we are getting. Could you please help us.

Thank you.

Hello,

We made some changes and now data export is running endlessly. No error messages. It keeps running. What are the next steps?

Thank you.

Is the task actually running? Is there any log output from the Celery worker?

Hello,


Unable to find any errors in celery log.

It says as below:

[2019-12-05 12:24:16,802: INFO/MainProcess] Received task: corehq.celery_monitoring.heartbeat.heartbeat__celery[7480a354-c3de-4e37-a3aa-cc0b913a2438]

[2019-12-05 12:24:16,807: INFO/ForkPoolWorker-2] Task corehq.celery_monitoring.heartbeat.heartbeat__celery[7480a354-c3de-4e37-a3aa-cc0b913a2438] succeeded in 0.00250764004886s: None

[2019-12-05 12:24:26,883: INFO/MainProcess] Received task: corehq.celery_monitoring.heartbeat.heartbeat__celery[1ddc2ad9-32e3-4bde-bf63-fa0a011dc46a]

[2019-12-05 12:24:26,888: INFO/ForkPoolWorker-1] Task corehq.celery_monitoring.heartbeat.heartbeat__celery[1ddc2ad9-32e3-4bde-bf63-fa0a011dc46a] succeeded in 0.00229972228408s: None

[2019-12-05 12:24:36,884: INFO/MainProcess] Received task: corehq.celery_monitoring.heartbeat.heartbeat__celery[6def08c0-7f66-457c-b1b7-92c1952bde0f]

[2019-12-05 12:24:36,888: INFO/ForkPoolWorker-2] Task corehq.celery_monitoring.heartbeat.heartbeat__celery[6def08c0-7f66-457c-b1b7-92c1952bde0f] succeeded in 0.00268108397722s: None

[2019-12-05 12:24:46,884: INFO/MainProcess] Received task: corehq.celery_monitoring.heartbeat.heartbeat__celery[80ca6221-74c1-453e-95a1-dc2f12c0758f]

[2019-12-05 12:24:46,888: INFO/ForkPoolWorker-1] Task corehq.celery_monitoring.heartbeat.heartbeat__celery[80ca6221-74c1-453e-95a1-dc2f12c0758f] succeeded in 0.00195582397282s: None

However, in webserver log, I see that the below URL is continuously polled

05/Dec/2019 12:23:32] “GET /a/commcare-test1/data/export/poll_custom_export_download/?form_or_case=form&download_id=dl-bd42efda148540b5b019f5b81f32f558 HTTP/1.0” 200 –

./manage.py check_services gives following output.

/commcare/chs-home/.virtualenvs/commcare-hq/local/lib/python2.7/site-packages/djangular/core/urlresolvers.py:6: RemovedInDjango20Warning: Importing from django.core.urlresolvers is deprecated in favor of django.urls.

from django.core.urlresolvers import (get_resolver, get_urlconf, resolve, reverse, NoReverseMatch)

FAILURE (Took 0.00s) celery : reminder_queue has been blocked for as long as we can see (max allowed is 0:15:00)

submission_reprocessing_queue has been blocked for as long as we can see (max allowed is 1:00:00)

sms_queue has been blocked for as long as we can see (max allowed is 0:05:00)

export_download_queue has been blocked for as long as we can see (max allowed is 0:00:30)

case_import_queue has been blocked for as long as we can see (max allowed is 0:01:00)

sumologic_logs_queue has been blocked for as long as we can see (max allowed is 6:00:00)

send_report_throttled has been blocked for as long as we can see (max allowed is 6:00:00)

repeat_record_queue has been blocked for as long as we can see (max allowed is 1:00:00)

saved_exports_queue has been blocked for as long as we can see (max allowed is 6:00:00)

email_queue has been blocked for as long as we can see (max allowed is 0:00:30)

reminder_rule_queue has been blocked for as long as we can see (max allowed is 0:15:00)

async_restore_queue has been blocked for as long as we can see (max allowed is 0:01:00)

analytics_queue has been blocked for as long as we can see (max allowed is 0:30:00)

reminder_case_update_queue has been blocked for as long as we can see (max allowed is 0:15:00)

SUCCESS (Took 0.05s) blobdb : Successfully saved a file to the blobdb

SUCCESS (Took 0.04s) elasticsearch : Successfully sent a doc to ES and read it back

SUCCESS (Took 0.00s) postgres : default:commcarehq:OK Successfully got a user from postgres

SUCCESS (Took 0.01s) formplayer : Formplayer returned a 200 status code

SUCCESS (Took 0.00s) heartbeat : OK

SUCCESS (Took 0.01s) couch : Successfully queried an arbitrary couch view

SUCCESS (Took 0.01s) redis : Redis is up and using 283.68M memory

SUCCESS (Took 0.00s) rabbitmq : RabbitMQ Not configured, but not needed

SUCCESS (Took 0.28s) kafka : Kafka seems to be in order

Is there anything we need to do to unblock the queues? We have done the installation and configuration as per
https://github.com/dimagi/commcare-hq/blob/master/DEV_SETUP.md

Hello,

This is a data export issue. It keeps running. Could you please help.

Unable to find any errors in celery log.

It says as below:

[2019-12-05 12:24:16,802: INFO/MainProcess] Received task: corehq.celery_monitoring.heartbeat.heartbeat__celery[7480a354-c3de-4e37-a3aa-cc0b913a2438]

[2019-12-05 12:24:16,807: INFO/ForkPoolWorker-2] Task corehq.celery_monitoring.heartbeat.heartbeat__celery[7480a354-c3de-4e37-a3aa-cc0b913a2438] succeeded in 0.00250764004886s: None

[2019-12-05 12:24:26,883: INFO/MainProcess] Received task: corehq.celery_monitoring.heartbeat.heartbeat__celery[1ddc2ad9-32e3-4bde-bf63-fa0a011dc46a]

[2019-12-05 12:24:26,888: INFO/ForkPoolWorker-1] Task corehq.celery_monitoring.heartbeat.heartbeat__celery[1ddc2ad9-32e3-4bde-bf63-fa0a011dc46a] succeeded in 0.00229972228408s: None

[2019-12-05 12:24:36,884: INFO/MainProcess] Received task: corehq.celery_monitoring.heartbeat.heartbeat__celery[6def08c0-7f66-457c-b1b7-92c1952bde0f]

[2019-12-05 12:24:36,888: INFO/ForkPoolWorker-2] Task corehq.celery_monitoring.heartbeat.heartbeat__celery[6def08c0-7f66-457c-b1b7-92c1952bde0f] succeeded in 0.00268108397722s: None

[2019-12-05 12:24:46,884: INFO/MainProcess] Received task: corehq.celery_monitoring.heartbeat.heartbeat__celery[80ca6221-74c1-453e-95a1-dc2f12c0758f]

[2019-12-05 12:24:46,888: INFO/ForkPoolWorker-1] Task corehq.celery_monitoring.heartbeat.heartbeat__celery[80ca6221-74c1-453e-95a1-dc2f12c0758f] succeeded in 0.00195582397282s: None

However, in webserver log, I see that the below URL is continuously polled

05/Dec/2019 12:23:32] “GET /a/commcare-test1/data/export/poll_custom_export_download/?form_or_case=form&download_id=dl-bd42efda148540b5b019f5b81f32f558 HTTP/1.0” 200 –

./manage.py check_services gives following output.

/commcare/chs-home/.virtualenvs/commcare-hq/local/lib/python2.7/site-packages/djangular/core/urlresolvers.py:6: RemovedInDjango20Warning: Importing from django.core.urlresolvers is deprecated in favor of django.urls.

from django.core.urlresolvers import (get_resolver, get_urlconf, resolve, reverse, NoReverseMatch)

FAILURE (Took 0.00s) celery : reminder_queue has been blocked for as long as we can see (max allowed is 0:15:00)

submission_reprocessing_queue has been blocked for as long as we can see (max allowed is 1:00:00)

sms_queue has been blocked for as long as we can see (max allowed is 0:05:00)

export_download_queue has been blocked for as long as we can see (max allowed is 0:00:30)

case_import_queue has been blocked for as long as we can see (max allowed is 0:01:00)

sumologic_logs_queue has been blocked for as long as we can see (max allowed is 6:00:00)

send_report_throttled has been blocked for as long as we can see (max allowed is 6:00:00)

repeat_record_queue has been blocked for as long as we can see (max allowed is 1:00:00)

saved_exports_queue has been blocked for as long as we can see (max allowed is 6:00:00)

email_queue has been blocked for as long as we can see (max allowed is 0:00:30)

reminder_rule_queue has been blocked for as long as we can see (max allowed is 0:15:00)

async_restore_queue has been blocked for as long as we can see (max allowed is 0:01:00)

analytics_queue has been blocked for as long as we can see (max allowed is 0:30:00)

reminder_case_update_queue has been blocked for as long as we can see (max allowed is 0:15:00)

SUCCESS (Took 0.05s) blobdb : Successfully saved a file to the blobdb

SUCCESS (Took 0.04s) elasticsearch : Successfully sent a doc to ES and read it back

SUCCESS (Took 0.00s) postgres : default:commcarehq:OK Successfully got a user from postgres

SUCCESS (Took 0.01s) formplayer : Formplayer returned a 200 status code

SUCCESS (Took 0.00s) heartbeat : OK

SUCCESS (Took 0.01s) couch : Successfully queried an arbitrary couch view

SUCCESS (Took 0.01s) redis : Redis is up and using 283.68M memory

SUCCESS (Took 0.00s) rabbitmq : RabbitMQ Not configured, but not needed

SUCCESS (Took 0.28s) kafka : Kafka seems to be in order

Is there anything we need to do to unblock the queues? We have done the installation and configuration as per
https://github.com/dimagi/commcare-hq/blob/master/DEV_SETUP.md

Thank you.

It looks like your server process isn’t connected properly to your celery process. I’m not sure what is causing that.

Do you intend to do dev work on CommCareHQ? The instructions you’re following describe how to set up a local development environment. It is not suitable for use in a production setting. I’ll make that more clear in the documentation.

Production environments are managed by commcare-cloud. Here are the instructions for setting up a one-server environment:

Hello,

We have installed monolith environment as per https://dimagi.github.io/commcare-cloud/setup/new_environment.html

Installation completes but creating new version fails with the following error in formplayer logs.

Caused by: java.security.cert.CertPathValidatorException: signature check failed

    at sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:135) ~[na:1.8.0_252]

    at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:233) ~[na:1.8.0_252]

    at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:141) ~[na:1.8.0_252]

    at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80) ~[na:1.8.0_252]

    at java.security.cert.CertPathValidator.validate(CertPathValidator.java:292) ~[na:1.8.0_252]

    at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:375) ~[na:1.8.0_252]

    ... 65 common frames omitted

Caused by: java.security.SignatureException: Signature does not match.

Tried installation without SSL as detailed in https://github.com/dimagi/commcare-cloud/blob/master/docs/services/nginx/ssl.md – Step 1. But still it gets configured with https.

The certificate that is generated during the installation process doesn’t have domain name in it. But our site name has complete domain name.

Hence I tried to create a new certificate using openssl and updated the cacerts. But, while compiling forms, Django log says

Max retries exceeded with url: /formplayer/validate_form (Caused by SSLError(SSLError(“bad handshake: Error([(‘SSL routines’, ‘tls_process_server_certificate’, ‘certificate verify failed’)],)”,)

Could you please provide the right pointer to install monolith without https.

If that is not available, please give us details on how we can use a self signed openssl certificate on monolith environment.

Thank you.

The SSL certificate is required for formplayer authentication and can you please create a Valid domain and point the domain name to the proxy server Then create an SSL certificate using letsencrypt (https://github.com/dimagi/commcare-cloud/blob/master/docs/services/nginx/ssl.mt)

Thank you. Will try and revert.

Hello,

We would like to configure the site with our own wildcard SSL certificate issued by GoDaddy. I followed the instructions given in the following post:

TLS certificates

\ 160x160 TLS certificates

An update on these instructions - I managed to get it working and had a couple of tips that might help others: The format of the block in the vault used for the certificate requires each line of the certificate and PK data to be indented: ssl_secrets: certs: my_site: -----BEGIN CERTIFICATE----- xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxxxxxxxx…

http://forum.dimagi.com

However, deploy_proxy.yml still executes letsencrypt certificate generation.

Please let us know the correct procedure to configure the site with custom wildcard SSL certificate.

-From Ms. Bindu Rajesh (DB In charge)

1 Like

Can you try setting

letsencrypt_cchq_ssl: False

in your proxy config?

We tried this and it did not work. Is there anything we can do??

Thank you.