How to Install Askbot with Nginx and Secure with Let's Encrypt on CentOS 8

Askbot is a free, open-source, and highly-customizable question and answer forum software written in Python and Django. It is simple, lightweight, and very similar to other forum software StackOverflow and YahooAnswers. Askbot provides a ton of features including, Tags and categories, Email notifications, karma-based system, voting, content moderation and many more.

In this tutorial, we will show you how to install Askbot forum software on CentOS 8 with Let's Encrypt SSL.

Prerequisites

  • A server running CentOS 8.
  • A root password is setup on your server.

Install Required Dependencies

Before starting, you will need to install some required dependencies in your system.

First, install the “Development Tools” with the following command:

dnf group install 'Development Tools'

Next, install EPEL repository and other Python dependencies with the following command:

dnf install epel-release -y
dnf install python2-pip python2-devel python2-six -y

Once all the required packages are installed, you can proceed to the next step.

Install and Configure PostgreSQL

Askbot uses PostgreSQL to store their data. So you will need to install it in your system. You can install it with the following command:

dnf install postgresql-server postgresql-devel postgresql-contrib -y

Once installed, initialize the database with the following command:

postgresql-setup initdb

You should get the following output:

WARNING: using obsoleted argument syntax, try --help
WARNING: arguments transformed to: postgresql-setup --initdb --unit postgresql
 * Initializing database in '/var/lib/pgsql/data'
 * Initialized, logs are in /var/lib/pgsql/initdb_postgresql.log

Next, start the PostgreSQL service and enable it to start after system reboot with the following command:

systemctl start postgresql
systemctl enable postgresql

Next, log in to the PostgreSQL shell with the following command:

su - postgres
[postgres@centos8 ~]$ psql

Output:

psql (10.6)
Type "help" for help.
postgres=#

Next, create a database and user for Askbot with the following command:

postgres=# create database askbot;
postgres=# create user askbot with password 'password';

Next, grant all the privileges to the askbot with the following command:

postgres=# grant all privileges on database askbot to askbot;

Finally, exit from the PostgreSQL shell with the following command:

postgres=# \q

Next, you will need to configure local user authentication for PostgreSQL. You can do it by editing pg_hba.conf file:

nano /var/lib/pgsql/data/pg_hba.conf

Replace peer with md5 in the following lines:

local   all             all                                    md5  
host    all             all             127.0.0.1/32           md5  
host    all             all             ::1/128                md5

Save and close the file when you are finished. Then, restart the PostgreSQL service to apply the changes:

systemctl restart postgresql

Install and Configure Askbot

Before installing Askbot, you will need to create a user for Askbot. You can create a new Askbot user and set a password with the following command:

useradd -m -s /bin/bash askbot
passwd askbot

Next, add the Askbot user to the wheel group for sudo command access:

usermod -a -G wheel askbot

Next, install python virtualenv package with the following command:

pip2 install virtualenv six

Once installed, change the user to the askbot and create a new virtual environment for Askbot with the following command:

su - askbot
virtualenv askbot

You should see the following output:

created virtual environment CPython2.7.16.final.0-64 in 663ms
  creator CPython2Posix(dest=/home/askbot/askbot, clear=False, global=False)
  seeder FromAppData(download=False, pip=latest, setuptools=latest, wheel=latest, via=copy, app_data_dir=/tmp/tmp9YFr7B/seed-app-data/v1)
  activators PythonActivator,CShellActivator,FishActivator,PowerShellActivator,BashActivator

Next, change the directory to askbot and activate the virtual environment with the following command:

cd askbot
source bin/activate

Output:

(askbot) [askbot@centos8 askbot]$

Next, install Askbot and other required dependencies with the following command:

pip2 install six==1.10.0
pip2 install askbot psycopg2

Next, create a new directory for your application, change the directory to your application and setup the Askbot with the following command:

mkdir myapp
cd myapp
askbot-setup

You should see the following output:

Deploying Askbot - Django Q&A forum application
Problems installing? -> please email [email protected]

To CANCEL - hit Ctr-C at any time

Enter directory path (absolute or relative) to deploy
askbot. To choose current directory - enter "."
> .

Type "." and hit Enter to continue. You should see the following output:

Please select database engine:
1 - for postgresql, 2 - for sqlite, 3 - for mysql, 4 - oracle
type 1/2/3/4: 1

Type 1 to select a postgresql database engine and hit Enter to continue. You should see the following output:

Please enter database name (required)
> askbot

Please enter database user (required)
> askbot

Please enter database password (required)
> password

Provide your Askbot database details and hit Enter. Once the installation has been finished, you should see the following output:

Copying files: 
* __init__.py 
* manage.py 
* urls.py 
* django.wsgi 
Creating settings file
settings file created

copying directories:  * doc
* cron
* upfiles

Done. Please find further instructions at http://askbot.org/doc/

Next, generate Askbot Django static files and database with the following command:

python manage.py collectstatic
python manage.py syncdb

Provide your desired admin username, email and password as shown below:

You have installed Django's auth system, and don't have any superusers defined.
Would you like to create one now? (yes/no): yes
Username (leave blank to use 'askbot'): askbotadmin
Email address: [email protected]
Password: 
Password (again): 
Superuser created successfully.

Install and Configure uWSGI

Next, you will need to install uWSGI to your system. uWSGI is a software tool used to run Python based web applications. You can install it with the following command:

pip2 install uwsgi

After installing uWSGI, create a new directory for uWSGI with the following command:

mkdir -p /etc/uwsgi/sites

Next, create a new uWSGI configuration file as shown below:

nano /etc/uwsgi/sites/askbot.ini

Add the following lines:

[uwsgi]

chdir = /home/askbot/askbot/myapp
home = /home/askbot/askbot
static-map = /m=/home/askbot/askbot/myapp/static
wsgi-file = /home/askbot/askbot/myapp/django.wsgi
master = true
processes = 5
# Askbot will running under the sock file
socket = /run/uwsgi/askbot.sock
chmod-socket = 664
uid = askbot
gid = nginx
vacuum = true
# uWSGI Log file
ogto = /var/log/uwsgi.log

Create a Systemd Service File for uWSGI

Next, you will need to create a systemd service file to manage the uWSGI service. You can create it with the following command:

nano /etc/systemd/system/uwsgi.service

Add the following lines:

[Unit]
Description=uWSGI service

[Service]
ExecStartPre=/bin/bash -c 'mkdir -p /run/uwsgi; chown askbot:nginx /run/uwsgi'
ExecStart=/bin/uwsgi --emperor /etc/uwsgi/sites
Restart=always
KillSignal=SIGQUIT
Type=notify
NotifyAccess=all

[Install]
WantedBy=multi-user.target

Save and close the file when you are finished. Then, reload the systemd daemon with the following command:

systemctl daemon-reload

Install and Configure Nginx

Next, you will need to install and configure Nginx to serve your Askbot application.

First, install the Nginx webserver with the following command:

dnf install nginx -y

Once installed, create a new virtual host configuration file for Askbot:

nano /etc/nginx/conf.d/askbot.conf

Add the following lines:

server {
         listen 80;
         server_name askbot.linuxbuz.com;
         location / {
         include         uwsgi_params;
         uwsgi_pass	 unix:/run/uwsgi/askbot.sock;
    }
 }

Save and close the file. Then, start the Nginx and uWSGI service and enable them to start after system reboot with the following command:

systemctl start nginx
systemctl enable nginx
systemctl start uwsgi
systemctl enable uwsgi

Secure Askbot with Let's Encrypt SSL

Next, you will need to install the Certbot utility in your system to download and install Let's Encrypt SSL for Askbot domain.

You can install the Certbot client with the following command:

wget https://dl.eff.org/certbot-auto
mv certbot-auto /usr/local/bin/certbot-auto
chown root /usr/local/bin/certbot-auto
chmod 0755 /usr/local/bin/certbot-auto

Next, obtain and install an SSL certificate for your Askbot domain with the following command:

certbot-auto --nginx -d askbot.linuxbuz.com

The above command will first install all the required dependencies on your server. Once installed, you will be asked to provide an email address and accept the term of service as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for askbot.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/askbot.conf

Next, select whether or not to redirect HTTP traffic to HTTPS as shown below:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and hit Enter to continue. Once the installation has been finished, you should see the following output:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/askbot.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://askbot.linuxbuz.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=askbot.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/askbot.linuxbuz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/askbot.linuxbuz.com/privkey.pem
   Your cert will expire on 2020-06-11. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again with the "certonly" option. To non-interactively renew *all*
   of your certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Configure Firewall and SELinux

Next, you will need to create a firewall rule to allow HTTP and HTTPS service from external networks. You can allow it with the following command:

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

By default, SELinux is enabled in CentOS 8. It is recommended to disable it in order to work Askbot properly. You can disable it by editing the /etc/selinux/config file:

nano /etc/selinux/config

Find the following line:

SELINUX=enforcing

And, replace it with the following line:

SELINUX=disabled

Save and close the file. Then, restart your system to apply the changes:

Access Askbot

Now, open your web browser and type the URL https://askbot.linuxbuz.com. You will be redirected to the following screen:

Askbot web interface

Click on the sign in button. You should see the Askbot login page in the following screen:

Askbot sign-in

Provide your Askbot admin username, password and click on the Sign in button. You should see the Askbot dashboard in the following screen:

Ask questions in Askbot

Conclusion

Congratulations! you have successfully installed and configured Askbot forum on CentOS 8 and secured it with Let's Encrypt SSL. You can now start creating a question and answer with Askbot.

Share this page:

0 Comment(s)