ILIAS-Tricks not only for Schools

Install EtherpadLite@ILIAS

[wolfganghuebsch], [iliasadmin1] - 1. Jan 2018, 20:20

In this tutorial I install Etherpad-Lite on a Debian 9 and ILIAS 5.2 including a redirect to port 443/https. The tutorial should also fit to a current Ubuntu system.

Changelog

2019.09.18: Added a missing start script

Install needed office-suits and other stuff

apt-get install gzip git curl python libssl-dev pkg-config build-essential
apt-get install abiword
Determine paths:
- whereis abiword gives /usr/bin/abiword
- Keep the paths in mind

Install Database

mysql -u root -p
Give password for mysqluser root
mysql> CREATE DATABASE etherpad_1 CHARACTER SET utf8 COLLATE utf8_general_ci;
No we give a user all rights to the database etherpad_1. You can use the user of the current ilias-Database. You find the credentials in the ilias-webdir ilias/data/clientname/client.ini.php
mysql> GRANT ALL PRIVILEGES ON etherpad_1.* TO 'db_iliasuser1'@'localhost';
mysql> exit

Install an run EtherpadLite

cd /opt
git clone https://github.com/ether/etherpad-lite.git
Adjust right settings:
- chmod -R 770 /opt/etherpad-lite
- chown -R www-data:www-data /opt/etherpad-lite
cd etherpad-lite
Run it for the first time: bin/run.sh
Stop it with CTRL+C
nano settings.json
Comment out the lines concerning the dirty db settings between 38 and 46 and remove the comments from the mysql-part between line 47-56. Give the mysql-crendetials from above. Example:

/*
  //The Type of the database. You can choose between dirty, postgres, sqlite and mysql
  //You shouldn't use "dirty" for for anything else than testing or development
  "dbType" : "dirty",
  //the database specific settings
  "dbSettings" : {
                   "filename" : "var/dirty.db"
                 },
 
*/
  // An Example of MySQL Configuration
   "dbType" : "mysql",
   "dbSettings" : {
                    "user"    : "db_iliasuser1",
                    "host"    : "localhost",
                    "password": "123456789",
                    "database": "etherpad_1",
                    "charset" : "utf8"
                  },

Goto line 72 to set language: "lang": "en-gb" - language-settings can be found here Example for german: "lang": "de"
Goto line 108 and set "requireSession" : true,
Goto line 118 and set "minify" : false,
Give paths:
- Line 126: "soffice" : "/usr/bin/abiword",
Comment out lines 158-169 an give credendials for user
Adjust loglevel in 202: "loglevel": "WARN",
Comment out the logfile-part and give a filename in 214
Exit and start the service: bin/run.sh
Start your browser and call the pad: yourdmain.tld:9001
If you try to add a new pad, this message is expected: You do not have permission to access this pad
Stop the process with STRG+C
In your etherpad-lite-directory should now be a file called APIKEY.txt. If not, run bin/installDeps.sh

Because examples are allways good, here you can see my settings.json file I use @bbs-ilias:

/*
  This file must be valid JSON. But comments are allowed
 
  Please edit settings.json, not settings.json.template
 
  To still commit settings without credentials you can 
  store any credential settings in credentials.json
*/
{
  // Name your instance!
  "title": "Etherpad auf BBS-ILIAS",
 
  // favicon default name
  // alternatively, set up a fully specified Url to your own favicon
  "favicon": "favicon.ico",
 
  //IP and port which etherpad should bind at
  "ip": "0.0.0.0",
  "port" : 9001,
 
  /*
  // Node native SSL support
  // this is disabled by default
  //
  // make sure to have the minimum and correct file access permissions set
  // so that the Etherpad server can access them
 
  "ssl" : {
            "key"  : "/path-to-your/epl-server.key",
            "cert" : "/path-to-your/epl-server.crt",
            "ca": ["/path-to-your/epl-intermediate-cert1.crt", "/path-to-your/epl-intermediate-cert2.crt"]
          },
 
  */
 
   "dbType" : "mysql",
   "dbSettings" : {
                    "user"    : "dbuser123",
                    "host"    : "localhost",
                    "password": "dbpassword123",
                    "database": "Etherpad1"
                  },
 
  //the default text of a pad
  "defaultPadText" : "Welcome to Etherpad!\n\nThis pad text is synchronized as you type, so that everyone viewing this page sees the same text. This allows you to collaborate seamlessly on documents!\n\nGet involved with Etherpad at http:\/\/etherpad.org\n",
 
  /* Default Pad behavior, users can override by changing */
  "padOptions": {
    "noColors": true,
    "showControls": true,
    "showChat": true,
    "showLineNumbers": true,
    "useMonospaceFont": false,
    "userName": true,
    "userColor": false,
    "rtl": false,
    "alwaysShowChat": false,
    "chatAndUsers": false,
    "lang": "de"
  },
 
  /* Should we suppress errors from being visible in the default Pad Text? */
  "suppressErrorsInPadText" : false,
 
  /* Users must have a session to access pads. This effectively allows only group pads to be accessed. */
  "requireSession" : true,
 
  /* Users may edit pads but not create new ones. Pad creation is only via the API. This applies both to group pads and regular pads. */
  "editOnly" : false,
 
  /* Users, who have a valid session, automatically get granted access to password protected pads */
  "sessionNoPassword" : false,
 
  /* if true, all css & js will be minified before sending to the client. This will improve the loading performance massivly,
     but makes it impossible to debug the javascript/css */
  "minify" : false,
 
  /* How long may clients use served javascript code (in seconds)? Without versioning this
     may cause problems during deployment. Set to 0 to disable caching */
  "maxAge" : 21600, // 60 * 60 * 6 = 6 hours
 
  /* This is the absolute path to the Abiword executable. Setting it to null, disables abiword.
     Abiword is needed to advanced import/export features of pads*/
  "abiword" : "/usr/bin/abiword",
 
  /* This is the absolute path to the soffice executable. Setting it to null, disables LibreOffice exporting.
     LibreOffice can be used in lieu of Abiword to export pads */
  "soffice" : "/usr/bin/libreoffice",
 
  /* This is the path to the Tidy executable. Setting it to null, disables Tidy.
     Tidy is used to improve the quality of exported pads*/
  "tidyHtml" : null,
 
  /* Allow import of file types other than the supported types: txt, doc, docx, rtf, odt, html & htm */
  "allowUnknownFileEnds" : true,
 
  /* This setting is used if you require authentication of all users.
     Note: /admin always requires authentication. */
  "requireAuthentication" : false,
 
  /* Require authorization by a module, or a user with is_admin set, see below. */
  "requireAuthorization" : false,
 
  /*when you use NginX or another proxy/ load-balancer set this to true*/
  "trustProxy" : false,
 
  /* Privacy: disable IP logging */
  "disableIPlogging" : false,
 
  /* Users for basic authentication. is_admin = true gives access to /admin.
     If you do not uncomment this, /admin will not be available! */
  
  "users": {
    "admin": {
      "password": "ilias",
      "is_admin": true
    },
    "ilias": {
      "password": "ilias",
      "is_admin": false
    }
  },
  
 
  // restrict socket.io transport methods
  "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"],
 
  // Allow Load Testing tools to hit the Etherpad Instance.  Warning this will disable security on the instance.
  "loadTest": false,
 
  // Disable indentation on new line when previous line ends with some special chars (':', '[', '(', '{')
  /*
  "indentationOnNewLine": false,
  */
 
  /* The toolbar buttons configuration.
  "toolbar": {
    "left": [
      ["bold", "italic", "underline", "strikethrough"],
      ["orderedlist", "unorderedlist", "indent", "outdent"],
      ["undo", "redo"],
      ["clearauthorship"]
    ],
    "right": [
      ["importexport", "timeslider", "savedrevision"],
      ["settings", "embed"],
      ["showusers"]
    ],
    "timeslider": [
      ["timeslider_export", "timeslider_returnToPad"]
    ]
  },
  */
 
  /* The log level we are using, can be: DEBUG, INFO, WARN, ERROR */
  "loglevel": "WARN",
 
  //Logging configuration. See log4js documentation for further information
  // https://github.com/nomiddlename/log4js-node
  // You can add as many appenders as you want here:
  "logconfig" :
    { "appenders": [
        { "type": "console"
        //, "category": "access"// only logs pad access
        }
    /*
      , { "type": "file"
      , "filename": "etherpad-lite.log"
      , "maxLogSize": 1024
      , "backups": 3 // how many log files there're gonna be at max
      //, "category": "test" // only log a specific category
        }*/
    /*
      , { "type": "logLevelFilter"
        , "level": "warn" // filters out all log messages that have a lower level than "error"
        , "appender":
          {  Use whatever appender you want here  }
        }*/
    /*
      , { "type": "logLevelFilter"
        , "level": "error" // filters out all log messages that have a lower level than "error"
        , "appender":
          { "type": "smtp"
          , "subject": "An error occured in your EPL instance!"
          , "recipients": "bar@blurdybloop.com, baz@blurdybloop.com"
          , "sendInterval": 60*5 // in secs -- will buffer log messages; set to 0 to send a mail for every message
          , "transport": "SMTP", "SMTP": { // see https://github.com/andris9/Nodemailer#possible-transport-methods
              "host": "smtp.example.com", "port": 465,
              "secureConnection": true,
              "auth": {
                  "user": "foo@example.com",
                  "pass": "bar_foo"
              }
            }
          }
        }*/
      ]
    }
}

Deploy Etherpad with a start-stop-script

cd /etc/init.d
nano etherpad-lite
Copy the following in:

#!/bin/bash
 
### BEGIN INIT INFO
# Provides:          etherpadlite
# Required-Start:    $local_fs $remote_fs $network $syslog
# Required-Stop:     $local_fs $remote_fs $network $syslog
# Default-Start:     2 3 4 5
# Default-Stop:      0 1 6
# Short-Description: starts etherpad lite1
# Description:       starts etherpad lite1 using start-stop-daemon
### END INIT INFO
 
PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/local/bin"
LOGFILE="/var/log/etherpad-lite.log"
EPLITE_DIR="/opt/etherpad-lite"
EPLITE_BIN="bin/safeRun.sh"
USER="root"
GROUP="www-data"
DESC="Etherpad Lite"
NAME="etherpad-lite"
 
set -e
 
. /lib/lsb/init-functions
 
start() {
  echo "Starting $DESC... "
 
        start-stop-daemon --start --chuid "$USER:$GROUP" --background --make-pidfile --pidfile /var/run/$NAME.pid --exec $EPLITE_DIR/$EPLITE_BIN -- $LOGFILE || true
  echo "done"
}
 
#We need this function to ensure the whole process tree will be killed
killtree() {
    local _pid=$1
    local _sig=${2-TERM}
    for _child in $(ps -o pid --no-headers --ppid ${_pid}); do
        killtree ${_child} ${_sig}
    done
    kill -${_sig} ${_pid}
}
 
stop() {
  echo "Stopping $DESC... "
  if test -f /var/run/$NAME.pid; then
    while test -d /proc/$(cat /var/run/$NAME.pid); do
      killtree $(cat /var/run/$NAME.pid) 15
      sleep 0.5
    done
    rm /var/run/$NAME.pid
  fi
  echo "done"
}
 
status() {
  status_of_proc -p /var/run/$NAME.pid "" "etherpad-lite" && exit 0 || exit $?
}
 
case "$1" in
  start)
          start
          ;;
  stop)
    stop
          ;;
  restart)
          stop
          start
          ;;
  status)
          status
          ;;
  *)
          echo "Usage: $NAME {start|stop|restart|status}" >&2
          exit 1
          ;;
esac
 
exit 0

chmod +x etherpad-lite
Call the script: /etc/init.d/etherpad-lite start
Start your browser again and call the pad: yourdomain.tld:9001

We add another script that checks if the service realy runs: nano /opt/scripts/checkpad
We add the following code and change line 3:

#!/bin/bash
 
url="http://yourdomain.de:9001"
#Use the following line only if you have a redirect from port 9001 to 443:
#url="https://pad.yourdomain.de"
code="OK"
status=$(curl -s --head $url | head -n 1)
echo $status
string="$status"
 
if [[ $string == *${code}* ]];
then
 
echo "Etherpad  up"
else
 
        echo "Etherpad seems to be down..."
 
        status60=$(curl -s --head $url | head -n 1)
        echo $status
        string60="$status"
 
        if [ -f /var/run/etherpad-lite.pid ]
        then
        echo "Etherpad process active, try to stop..."
        /etc/init.d/etherpad-lite stop
        sleep 10
        rm /var/run/etherpad-lite.pid
        fi
 
        /etc/init.d/etherpad-lite start
 
fi

chmod +x /opt/scripts/checkpad

Crontab settings

nano /etc/crontab

#Check Etherpad every 2 minutes if it runs. If not, it will be restarted
*/2 * * * * root /opt/scripts/checkpad > /dev/null 2>&1
 
#Stop Etherpad-Lite once a day (the line above will restart it automatically)
1 6 * * *     root /etc/init.d/etherpad-lite stop >/dev/null 2>&1

Install Plugins

To call the admin page type in your browser: yourdmain.tld:9001/admin
Login with the admin-credentials you set in the file settings.json
Choose "Plugin-Manager"
I recomend to install only two or three plugins because plugins are always dangerous and their use can lead to crashes. I recommend only:
- headings2
- author_hover

Configuring ILIAS

mkdir -p /var/www/html/ilias/Customizing/global/plugins/Services/Repository/RepositoryObject
cd /var/www/html/ilias/Customizing/global/plugins/Services/Repository/RepositoryObject
git clone https://github.com/jrocho/ILIAS-Etherpad-Lite-Plugin.git EtherpadLite
Adjust right settings:
- chmod -R 775 EtherpadLite
- chown -R www-data:www-data EtherpadLite

Login to ILIAS and call Administration-Plugins
Update the Plugin (Aktualisieren)
Configure the plugin:

Setting	http	http port 80	https
Host	bbs-ilias	pad.bbs-ilias.de	pad.bbs-ilias
Port	9001	80	443
Apikey	Content of APIKEY.txt	Content of APIKEY.txt	Content of APIKEY.txt
Domain	.bbs-ilias.de	.bbs-ilias.de	.bbs-ilias.de
https	unchecked	checked	checked
EP-Version	>=1.4	>=1.4	>=1.4
Usergroup	leave empty	leave empty	leave empty

The standardport of etherpad-lite is 9001. If you want to run your installation completely under port 80 or 443 (https), you have to install a rewrite that I explain in the next chapter.

Configure a port-rewrite from 9001 to 80

If you want to run your whole ILIAS-installation under https, you have to configure a port-rewrite from port 9001 to 80 and later on to 443 (the rewrite to 443 will be done automatically by script). If you want that, you have to add another vhost-file:
cd /etc/apache2/sites-available
nano pad.bbs-ilias.de
Copy the following in:

<VirtualHost pad.bbs-ilias.de:80>
  LoadModule  proxy_module         /usr/lib/apache2/modules/mod_proxy.so
  LoadModule  proxy_http_module    /usr/lib/apache2/modules/mod_proxy_http.so
  LoadModule  headers_module       /usr/lib/apache2/modules/mod_headers.so
  LoadModule  deflate_module       /usr/lib/apache2/modules/mod_deflate.so
 
  ProxyVia On
  ProxyRequests Off
  ProxyPass / http://localhost:9001/
  ProxyPassReverse / http://localhost:9001/
  ProxyPreserveHost on
  <Proxy *>
    Options FollowSymLinks MultiViews
    AllowOverride All
    Order allow,deny
    allow from all
  </Proxy>
 
RewriteEngine on
RewriteCond %{SERVER_NAME} =pad.bbs-ilias.de
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent]
</VirtualHost>

Edit the lines 1 and 20
Restart the webserver: /etc/init.d/apache2 restart
Call in the browser http://pad.yourdomain.tld
We expect:

Enable port 443/https

I assume that you allready installed certbot. If so, do the following:
certbot --apache
Choose your new vhost pad.yourdomain.tld
Follow the menu
Have a test in your browser: https://pad.yourdomain.tld
Update the new configuration (see table upwards) in ILIAS->Adminsitration->Plugins
You can find more information for https and ILIAS here

Information Message

No comment has been posted yet.