How to install Askbot with Nginx on CentOS 8 and use Let’s Encrypt for security protection

How to install Askbot with Nginx on CentOS 8 and use Let’s Encrypt for security protection

Askbot is a free, open source, highly customizable question and answer forum software written in Python and Django. It is simple, lightweight, and very similar to other forum software StackOverflow and Yahoo Answers. Askbot provides a lot of features, including tags and categories, email notifications, karma-based systems, voting, content review, and more.

In this tutorial, we will show you how to install Askbot Forum software on CentOS 8 using Let’s Encrypt SSL.

prerequisites

  • Server running CentOS 8.
  • The root password is set on your server.

Install required dependencies

Before you start, you will need to install some required dependencies in the system.

First, install the “Development Tools” using the following command:

dnf group install 'Development Tools'

Next, install the EPEL repository and other Python dependencies using the following command:

dnf install epel-release -ydnf install python2-pip python2-devel python2-six -y

Once all the necessary software packages are installed, you can proceed to the next step.

Install and configure PostgreSQL

Askbot uses PostgreSQL to store its data. Therefore, you need to install it in the system. You can use the following command to install:

dnf install postgresql-server postgresql-devel postgresql-contrib -y

After installation, use the following command to initialize the database:

postgresql-setup initdb

You should get the following output:

WARNING: using obsoleted argument syntax, try --help
WARNING: arguments transformed to: postgresql-setup --initdb --unit postgresql
 * Initializing database in '/var/lib/pgsql/data'
 * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log

Next, start the PostgreSQL service and use the following command to start it after the system restarts:

systemctl start postgresqlsystemctl enable postgresql

Next, log in to the PostgreSQL shell using the following command:

su - postgres[[email protected] ~]$ psql

Output:

psql (10.6)
Type "help" for help.
postgres=# 

Next, use the following command to create a database and user for Askbot:

postgres=# create database askbot;postgres=# create user askbot with password 'password';

Next, use the following command to grant all privileges to askbot:

postgres=# grant all privileges on database askbot to askbot;

Finally, use the following command to exit from the PostgreSQL Shell:

postgres=# q

Next, you will need to configure local user authentication for PostgreSQL. You can do this by editing the pg_hba.conf file:

nano /var/lib/pgsql/data/pg_hba.conf

Replace the peer with md5 in the following line:

local   all             all                                    md5  
host    all             all             127.0.0.1/32           md5  
host    all             all             ::1/128                md5  

Save and close the file when finished. Then, restart the PostgreSQL service to apply the changes:

systemctl restart postgresql

Install and configure Askbot

Before installing Askbot, you need to create a user for Askbot. You can use the following command to create a new Askbot user and set a password:

useradd -m -s /bin/bash askbotpasswd askbot

Next, add the Askbot user to the wheel group for sudo command access:

usermod -a -G wheel askbot

Next, install the python virtualenv package using the following command:

pip2 install virtualenv six

After installation, change the user to askbot and use the following command to create a new virtual environment for Askbot:

su - askbotvirtualenv askbot

You should see the following output:

created virtual environment CPython2.7.16.final.0-64 in 663ms
  creator CPython2Posix(dest=/home/askbot/askbot, clear=False, global=False)
  seeder FromAppData(download=False, pip=latest, setuptools=latest, wheel=latest, via=copy, app_data_dir=/tmp/tmp9YFr7B/seed-app-data/v1)
  activators PythonActivator,CShellActivator,FishActivator,PowerShellActivator,BashActivator

Next, change the directory to askbot and use the following command to activate the virtual environment:

cd askbotsource bin/activate

Output: Advertising

(askbot) [[email protected] askbot]$

Next, use the following command to install Askbot and other required dependencies:

pip2 install six==1.10.0pip2 install askbot psycopg2

Next, create a new directory for your application, change the directory to your application, and set up Askbot with the following command:

mkdir myappcd myappaskbot-setup

You should see the following output:

Deploying Askbot - Django Q&A forum application
Problems installing? -> please email [email protected]

To CANCEL - hit Ctr-C at any time

Enter directory path (absolute or relative) to deploy
askbot. To choose current directory - enter "."
> .

Type “.” And hit Input Then say. You should see the following output:

Please select database engine:
1 - for postgresql, 2 - for sqlite, 3 - for mysql, 4 - oracle
type 1/2/3/4: 1

Type 1 to select a postgresql database engine, and then press Enter to continue. You should see the following output:

Please enter database name (required)
> askbot

Please enter database user (required)
> askbot

Please enter database password (required)
> password

Provide your Askbot database details and click Input. After the installation is complete, you should see the following output:

Copying files: 
* __init__.py 
* manage.py 
* urls.py 
* django.wsgi 
Creating settings file
settings file created

copying directories:  * doc
* cron
* upfiles

Done. Please find further instructions at http://askbot.org/doc/

Next, use the following command to generate Askbot Django static files and databases:

python manage.py collectstaticpython manage.py syncdb

Provide the required administrator username, email and password as follows:

You have installed Django's auth system, and don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'askbot'): askbotadmin
Email address: [email protected]
Password: 
Password (again): 
Superuser created successfully.

Install and configure uWSGI

Next, you will need to install uWSGI on your system. uWSGI is a software tool for running Python-based web applications. You can use the following command to install:

pip2 install uwsgi

After installing uWSGI, use the following command to create a new directory for uWSGI:

mkdir -p /etc/uwsgi/sites

Next, create a new uWSGI configuration file as follows:

nano /etc/uwsgi/sites/askbot.ini

Add the following line:

[uwsgi]

chdir = /home/askbot/askbot/myapp
home = /home/askbot/askbot
static-map = /m=/home/askbot/askbot/myapp/static
wsgi-file = /home/askbot/askbot/myapp/django.wsgi
master = true
processes = 5
# Askbot will running under the sock file
socket = /run/uwsgi/askbot.sock
chmod-socket = 664
uid = askbot
gid = nginx
vacuum = true
# uWSGI Log file
ogto = /var/log/uwsgi.log

Create system service files for uWSGI

Next, you will need to create a systemd service file to manage the uWSGI service. You can create it using the following command:

nano /etc/systemd/system/uwsgi.service

Add the following line:

[Unit]
Description=uWSGI service

[Service]
ExecStartPre=/bin/bash -c 'mkdir -p /run/uwsgi; chown askbot:nginx /run/uwsgi'
ExecStart=/bin/uwsgi --emperor /etc/uwsgi/sites
Restart=always
KillSignal=SIGQUIT
Type=notify
NotifyAccess=all

[Install]
WantedBy=multi-user.target

Save and close the file when finished. Then, use the following command to reload the systemd daemon:

systemctl daemon-reload

Install and configure Nginx

Next, you will need to install and configure Nginx to serve your Askbot application.

First, install the Nginx web server using the following command:

dnf install nginx -y

After installation, create a new virtual host configuration file for Askbot:

nano /etc/nginx/conf.d/askbot.conf

Add the following line:

server {
         listen 80;
         server_name askbot.linuxbuz.com;
         location / {
         include         uwsgi_params;
         uwsgi_pass	 unix:/run/uwsgi/askbot.sock;
    }
 }

Save and close the file. Then, start the Nginx and uWSGI services and use the following command to start them after the system restarts:

systemctl start nginxsystemctl enable nginxsystemctl start uwsgisystemctl enable uwsgi

Let’s encrypt SSL to protect Askbot

Next, you will need to install the Certbot utility in your system to download and install Let’s Encrypt SSL for Askbot domain.

You can install the Certbot client using the following command:

wget https://dl.eff.org/certbot-automv certbot-auto /usr/local/bin/certbot-autochown root /usr/local/bin/certbot-autochmod 0755 /usr/local/bin/certbot-auto

Next, use the following command to obtain and install an SSL certificate for your Askbot domain:

certbot-auto --nginx -d askbot.linuxbuz.com

The above command will first install all necessary dependencies on the server. After installation, you will be asked to provide an email address and accept the terms of service as follows:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for askbot.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/askbot.conf

Next, choose whether to redirect HTTP traffic to HTTPS as follows:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Types of 2 And hit Input Then say. After the installation is complete, you should see the following output:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/askbot.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://askbot.linuxbuz.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=askbot.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/askbot.linuxbuz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/askbot.linuxbuz.com/privkey.pem
   Your cert will expire on 2020-06-11. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Configure firewall and SELinux

Next, you will need to create firewall rules to allow HTTP and HTTPS services from external networks. You can allow it using the following command:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=httpsfirewall-cmd --reload

By default, SELinux is enabled in CentOS 8. It is recommended to disable it to make Askbot work properly. You can disable it by editing the / etc / selinux / config file:

nano /etc/selinux/config

Find the following line:

SELINUX=enforcing

And, replace it with the following line:

SELINUX=disabled

Save and close the file. Then, restart the system to apply the changes:

Visit Askbot

Now, open a web browser and enter the URL https://askbot.linuxbuz.com. You will be redirected to the following screen: Advertising

ad

Click Sign in Button. You should see the Askbot login page on the following screen:

Askbot login

Provide your Askbot administrator username, password, and click Sign in Button. You should see the Askbot dashboard in the following screen:

Ask questions in Askbot

in conclusion

Congratulations! You have successfully installed and configured the Askbot forum on CentOS 8, and protected it with Let’s Encrypt SSL. Now you can start using Askbot to create questions and answers.

Sidebar