Prod Deployment (Client & Server) - UQ-eLIPSE/shifoo-docs GitHub Wiki

Ensure you're signed in

ssh <uq_username>@mango.eait.uq.edu.au

Zone, DB and Node setup

triton instance create --name=shifoo-<tag-number> --network=zones webproject z1-standard
ssh root@shifoox-<tag-number>.zones.eait.uq.edu.au # Might need to wait a bit first..

If not sure about which tag-number, choose the number after the latest one after running triton --act-as=shifoox ls -o name,memory,disk,package,age,tags

webprojectl enable mysql

Generating keys

You now need to generate ssh-keys for shifoo-server, shifoo-client, coderunner-server and muLTI, so we can clone them.

Because GitHub doesn't allow using same deploy keys for multiple repos, we need to generate the keys individually 😭

We'll start with shifoo-server

ssh-keygen -t ed25519 -a 100 # Type out /root/.ssh/id_ed25519_shifoo_server
cat ~/.ssh/id_ed25519_shifoo_server.pub # Copy this output
  1. Head to the shifoo-server repository > settings (top bar) > deploy keys (left bar)
  2. Click Add Deploy Key
  3. Name the title of the zone created. i.e. shifoox-001
  4. Paste the key you copied in the Key section and click Add key

Repeat these steps for shifoo-client, coderunner-server and muLTI

  1. eval "$(ssh-agent -s)"
  2. Add all the keys using ssh-add. i.e. ssh-add ~/.ssh/id_ed25519_shifoo_server.

Now we're set to clone client and server repo:

git clone [email protected]:UQ-eLIPSE/shifoo-server.git
git clone [email protected]:UQ-eLIPSE/shifoo-client.git
mkdir /opt/server
mkdir /var/www/client
node -v

Node version as of 24/09/2024 is v20.16.0

Server setup

cd shifoo-server
vim config.json

Paste the following:

{
    "NODE_ENV": "production",
    "DATABASE_HOST": "localhost",
    "DATABASE_NAME": "shifoo",
    "DATABASE_PASSWORD": "<DB_PASSWORD from mdata-get mysql_pw>", # CHANGE
    "DATABASE_PORT": 3306,
    "DATABASE_USERNAME": "root",
    "JAVA_CODE_API": "https://shifoo-java22x.uqcloud.net/run", # CHANGE
    "JAVA_CODE_API_KEY": "SECRET_KEY",
    "LOGIN_PAGE": "https://shifoo.uqcloud.net/",
    "PORT": 8000,
    "PYTHON_CODE_API": "https://shifoo-py312x.uqcloud.net/run", # CHANGE
    "PYTHON_CODE_API_KEY": "SECRET_KEY",
    "SECRET": "secret",
    "SQL_DIALECT": "mysql",
    "TOKEN_LIFESPAN": "120m",
    "AUTH_JWT_SECRET": "secret",
    "AUTH_JWT_EXPIRATION_SECONDS": 3600,
    "AUTH_COOKIE_NAME": "shifoo_server_token",
    "AUTH_LTI_TEST_MODE": false,
    "AUTH_LTI_ENABLED": true,
    "AUTH_LTI_SECRET_KEY": "abc", # CHANGE
    "AUTH_LTI_CONSUMER_KEY": "shifoo.uqcloud.net",
    "AUTH_LTI_MAP": {
        "context_label": "courseCode",
        "context_title": "courseName",
        "user_id": "usernameAlternate",
        "custom_lis_person_sourcedid": "username",
        "roles": "roles"
    },
    "GIT_FOLDER": "/opt/server/git/",
    "GIT_REPO": "/opt/server/git/repo",
    "ALLOWED_ROLES": [] # CHANGE
}

DATABASE_PASSWORD is retrieved by typing mdata-get mysql_pw in the zone. Change the JAVA_CODE_API and PYTHON_CODE_API based on the latest deployed coderunners. As of 24/09/2024, it is the ones above.
After :wq, type in zone:

yarn global add rimraf && yarn
mysql -uroot -p$(mdata-get mysql_pw) -e 'CREATE DATABASE shifoo CHARACTER SET utf8mb4 COLLATE utf8mb4_bin;' && yarn run knex migrate:latest 
yarn build
cp -R dist/ /opt/server
cp -R node_modules/ /opt/server

TROUBLESHOOTING:
If yarn gave an error with the muLTI repo not found, try:

ssh-add -D
ssh-add ~/.ssh/id_ed25519_muLTI
yarn

This clears all the registered ssh keys and only adds muLTI - because apparently order matters here.

Client setup

cd ~/shifoo-client
vim .env

Paste the following:

NODE_ENV=production
VUE_APP_API=/api/
VUE_APP_WEBSOCKET_API=/
yarn && yarn build
cp -R dist/ /var/www/client/

Nginx and System service setup

vim /etc/systemd/system/shifoo.service
[Unit]
Description=Shifoo web service
After=network.target
Requires=mysql.service
[Service]
User=root
Group=root
StandardOutput=syslog
SyslogIdentifier=shifoo
Environment=NODE_ENV=production
Environment=PATH=/usr/bin
WorkingDirectory=/opt/server/dist/src
ExecStart=/usr/bin/node /opt/server/dist/src/index.js
Restart=always
RestartSec=10
[Install]
WantedBy=multi-user.target
systemctl enable shifoo
systemctl restart shifoo
vim /etc/nginx/frameworks-enabled/shifoo.conf

Paste the following

location / {
        root /var/www/client/dist/;
        add_header X-urii $uri always;
        add_header X-Frame-Options "" always;
        index  index.html index.htm index.php index.jsp index.aspx;
        try_files $uri $uri/ =404;
}
location /api {
       rewrite ^/api/(.*) /$1 break;
        proxy_pass http://localhost:8000;
        proxy_set_header Host $host;
       proxy_set_header X-Forwarded-Proto https;
       proxy_set_header X-Request-URL $request_uri;
}
location /socket.io {
        proxy_pass http://localhost:8000;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Request-URL $request_uri;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
}
location /ping { access_log off; return 200 'pong'; }

If SSO disabled:

vim /etc/nginx/conf.d/auth.conf
   # default            "allow:user:*"; # Should be commented out
   default              "allow:*"; # Uncomment this
  1. Run nginx -t and ensure there are no syntax errors
  2. Finally, run systemctl restart nginx
  3. Run the LTI tool
  4. Ensure the url is the same as the LOGIN_PAGE field in the /opt/server/dist/config.json
  5. Ensure the Secret Key is the SECRET_KEY in the same config file.
  6. Click Send Request
⚠️ **GitHub.com Fallback** ⚠️