Setting up a server on RHEL 7

16 views
Skip to first unread message

David Martin

unread,
Jul 27, 2020, 2:35:54 PM7/27/20
to numbas...@googlegroups.com
Many thanks for the documentation on setting up on RHEL 7. There are some small issues with the documentation which I have noted in the attached document. Waiting on SSL certificates at which point I will be able to test the installation. Hopefully these will be of use in correcting the errors and filling in a few gaps.

My notes are prefixed with ##DMAM (or ## DMAM).

..d
numbas installation notes.txt

David Martin

unread,
Jul 28, 2020, 11:41:48 AM7/28/20
to Numbas Users
Further fun with the installation. 

I've got it to a point where nginx is running, the ssl certificates are installed, I've persuaded selinux to let me play  and I now get an internal server error when trying to access the web page. It looks like it should be a trivial fix, but I don't know Django that well.

..d

Internal Server Error: /
Traceback (most recent call last):
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/core/handlers/exception.py", line 34, in inner
    response = get_response(request)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/core/handlers/base.py", line 115, in _get_response
    response = self.process_exception_by_middleware(e, request)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/channels/handler.py", line 243, in process_exception_by_middleware
    return super(AsgiHandler, self).process_exception_by_middleware(exception, request)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/core/handlers/base.py", line 113, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/views/decorators/csrf.py", line 54, in wrapped_view
    return view_func(*args, **kwargs)
  File "/srv/numbas-lti-provider/numbas_lti/views/entry.py", line 26, in index
    return render(request,'numbas_lti/index.html',context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/shortcuts.py", line 36, in render
    content = loader.render_to_string(template_name, context, request, using=using)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/template/loader.py", line 62, in render_to_string
    return template.render(context, request)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/template/backends/django.py", line 61, in render
    return self.template.render(context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/template/base.py", line 171, in render
    return self._render(context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/template/base.py", line 163, in _render
    return self.nodelist.render(context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/template/base.py", line 937, in render
    bit = node.render_annotated(context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/template/base.py", line 904, in render_annotated
    return self.render(context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/template/loader_tags.py", line 150, in render
    return compiled_parent._render(context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/template/base.py", line 163, in _render
    return self.nodelist.render(context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/template/base.py", line 937, in render
    bit = node.render_annotated(context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/template/base.py", line 904, in render_annotated
    return self.render(context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/template/loader_tags.py", line 62, in render
    result = block.nodelist.render(context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/template/base.py", line 937, in render
    bit = node.render_annotated(context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/template/base.py", line 904, in render_annotated
    return self.render(context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/templatetags/static.py", line 106, in render
    url = self.url(context)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/templatetags/static.py", line 103, in url
    return self.handle_simple(path)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/templatetags/static.py", line 118, in handle_simple
    return staticfiles_storage.url(path)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/contrib/staticfiles/storage.py", line 153, in url
    return self._url(self.stored_name, name, force)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/contrib/staticfiles/storage.py", line 132, in _url
    hashed_name = hashed_name_func(*args)
  File "/opt/numbas_lti_python/lib/python3.6/site-packages/django/contrib/staticfiles/storage.py", line 420, in stored_name
    raise ValueError("Missing staticfiles manifest entry for '%s'" % clean_name)
ValueError: Missing staticfiles manifest entry for 'bootstrap/css/bootstrap.css'

David Martin

unread,
Jul 28, 2020, 12:11:06 PM7/28/20
to Numbas Users
Turns out the staticfiles error is the need to run (as numbas_lti)

source /opt/numbas_lti_provider/bin/activate
cd  /srv/numbas_lti_provider
python3 manage.py collectstatic

Then as root or sudo

systemctl restart supervisord

Hope this helps.

..d


On Monday, 27 July 2020 19:35:54 UTC+1, David Martin wrote:

David Martin

unread,
Jul 29, 2020, 12:20:24 PM7/29/20
to Numbas Users
And we go on - finally have the server up and running and a firewall that lets me access it. 

I try to log in as admin (on Google Chrome) and get:

Forbidden (403)

CSRF verification failed. Request aborted.

You are seeing this message because this site requires a CSRF cookie when submitting forms. This cookie is required for security reasons, to ensure that your browser is not being hijacked by third parties.

If you have configured your browser to disable cookies, please re-enable them, at least for this site, or for 'same-origin' requests.

More information is available with DEBUG=True.


This is due to Google enforcing the SameSite directive in cookies.  To quote from the information given in the issues raised by Chrome:
  1. Mark cross-site cookies as Secure to allow setting them in cross-site contexts
    1. Cookies marked with SameSite=None must also be marked with Secure to allow setting them in a cross-site context. This behavior protects user data from being sent over an insecure connection.

      Resolve this issue by updating the attributes of the cookie:

      • Specify SameSite=None and Secure if the cookie is intended to be set in cross-site contexts. Note that only cookies sent over HTTPS may use the Secure attribute.
      • Specify SameSite=Strict or SameSite=Lax if the cookie should not be set by cross-site requests

    2. AFFECTED RESOURCES
Microsoft Edge does not have this issue as they do not follow the guidelines so strictly.


Hope this is helpful in sorting the issue - this may be a simple config change for Django.

..d

David Martin

unread,
Jul 29, 2020, 12:55:19 PM7/29/20
to Numbas Users
To fix this issue with Chrome, edit 
/srv/numbas_lti_provider/numbasltiprovider/settings.py and add the lines:

SESSION_COOKIE_SAMESITE = None
SESSION_COOKIE_SECURE = True
CSRF_COOKIE_SAMESITE = None
CSRF_COOKIE_SECURE = True

restart supervisord and all is good.
# systemctl restart supervisord

This then ensures the cookies are flagged correctly and Google Chrome will digest them without issues.

..d

Christian Lawson-Perfect

unread,
Jul 30, 2020, 11:14:53 AM7/30/20
to numbas...@googlegroups.com
Thanks for sticking with this, David. I'll fold these notes into the documentation.

--
You received this message because you are subscribed to the Google Groups "Numbas Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to numbas-users...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/numbas-users/14f95df3-9a33-45ae-98e8-c7bf2a5824b7o%40googlegroups.com.

drdmamartin

unread,
Jul 30, 2020, 11:58:59 AM7/30/20
to numbas...@googlegroups.com
no problem. I'd just come across this in another context so it was a aimple fix.

..d



Sent from my Samsung Galaxy smartphone.
You received this message because you are subscribed to a topic in the Google Groups "Numbas Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/numbas-users/jRUTkWP9GhU/unsubscribe.
To unsubscribe from this group and all its topics, send an email to numbas-users...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/numbas-users/CAEMHSOg-dhqZcewSgLY18GKQcCi1o7w2PG4ctnVufPk22rCHJw%40mail.gmail.com.

Christian Lawson-Perfect

unread,
Aug 5, 2020, 5:35:54 AM8/5/20
to numbas...@googlegroups.com
I've managed to install the LTI tool on a fresh RHEL 7.8 virtual machine, using your changes. I had some trouble installing python 3.6, while you stuck with 3.4, but I've documented what to do. The instructions at https://numbas-lti-provider.readthedocs.io/en/latest/installation/rhel-7.html are now up to date.
I've added the secure cookie settings to the first_setup script, so that shouldn't be a problem any more.

Thanks again!

deevan shafait

unread,
Apr 7, 2021, 10:19:29 AMApr 7
to Numbas Users
Hi,

I'm in the process of installing Numbas LTI on CentOS with a MySQL database, and I notice in your personal instructions that the /etc/supervisord.d/numbas_lti.ini is missing the the section for '[program:numbas_lti_huey]', I assume you added this later?

For test purposes, I am running the service on localhost, but I see an internal server error message when accessing the web site, can you point me in the right direction for error logging? (I can confirm nginx is running OK via resorting to the default.conf file, and restarting nginx, I see the NGINX home page when accessing http://localhost:80.

Thanks,

Naveed

Christian Lawson-Perfect

unread,
Apr 7, 2021, 10:27:39 AMApr 7
to numbas...@googlegroups.com
Yes, the huey section is a recent addition.

I think the logs for the numbas LTI tool should be in /var/log/supervisor, if you followed the installation instructions exactly. You might want to look at the nginx logs too, in /var/log/nginx, and turn on DEBUG mode in numbasltiprovider/settings.py, if you haven't already.

--
You received this message because you are subscribed to the Google Groups "Numbas Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to numbas-users...@googlegroups.com.

deevan shafait

unread,
Apr 7, 2021, 1:35:28 PMApr 7
to Numbas Users
I can now see the Numbas LTI home page :  "Numbas LTI Provider : Welcome to the Numbas LTI tool provider" ... but post login, I see the following in Chrome and I.E : "a CSRF verification failed. Request aborted." error :  403 Forbidden

Reason given for failure:

Referer checking failed - Referer is insecure while host is secure.

In general, this can occur when there is a genuine Cross Site Request Forgery, or when Django's CSRF mechanism has not been used correctly. For POST forms, you need to ensure:

  • Your browser is accepting cookies.
  • The view function passes a request to the template's render method.
  • In the template, there is a {% csrf_token %} template tag inside each POST form that targets an internal URL.
  • If you are not using CsrfViewMiddleware, then you must use csrf_protect on any views that use the csrf_token template tag, as well as those that accept the POST data.
  • The form has a valid CSRF token. After logging in in another browser tab or hitting the back button after a login, you may need to reload the page with the form, because the token is rotated after a login.

You're seeing the help section of this page because you have DEBUG = True in your Django settings file. Change that to False, and only the initial error message will be displayed.

You can customize this page using the CSRF_FAILURE_VIEW setting.

I've disabled the following in default.conf given I'm not using https for my test 'thorow away' server, and I can now login successfully!

#proxy_set_header X-FORWARDED-PROTO https;

Thanks.


Reply all
Reply to author
Forward
0 new messages