The Mayan EDMS documentation offers two ways for the installation on a Ubuntu 20.04 LTS machine: The first one is via Docker, the second one is the direct installation. I went for the second (direct) option on a Raspberry Pi 4 running a Ubuntu 20.04 headless server. For the installation to succeed, you have to do some slight amendments to the installation instructions given in the Mayan EDMS.
Installation error while building Python wheel for gevent (PEP 517)
When I tried to install the Mayan EDMS from PyPi according to step 7 of the documentation I got the following error when the Python Wheel for gevent was built:
|
1 2 3 4 5 6 7 8 9 10 11 |
Building wheels for collected packages: gevent Building wheel for gevent (PEP 517) ... error ERROR: Command errored out with exit status 1: command: /opt/mayan-edms/bin/python /opt/mayan-edms/lib/python3.8/site-packages/pip/_vendor/pep517/_in_process.py build_wheel /tmp/tmpjf61jtxv cwd: /tmp/pip-install-4o2pfult/gevent_ca6fdc0ed0854e36bd21af7af5a2ba5c Complete output (342 lines): [...] ---------------------------------------- ERROR: Failed building wheel for gevent Failed to build gevent ERROR: Could not build wheels for gevent which use PEP 517 and cannot be installed directly |
The solution to the issue can be found in the github issues section for gevent. For building the Python wheel, we need make, so the simple solution is to install make to your Ubuntu system (sudo apt install make) or to add it to the list of requirements that are installed in step one of the documentation.
Initialization of project
When running the following command in step 10, be aware that it will take some time until you get a response in the command window. I first made the error and thought that the multiline shell command was incomplete. So I hit Crtl-C and ran directly into the trouble the documentation warned of, that I lost my admin user.
If you happen to have the same problem, you have to delete your mayan postgresql database and drop the mayan user and then repeat step 9:
|
1 2 |
ubuntu@mayan:~$ sudo -u postgres psql -c "DROP DATABASE mayan" ubuntu@mayan:~$ sudo -u postgres psql -c "DROP USER mayan" |
Further questions
How can I access my Mayan?
After successfully installing everything, the main question was: How the heck can I access my Mayan installation? Fact is that the installation does not run on port 80. Using sudo netstat -plunt I found out that port 8000 is listening to the outside world. And that will take your browser to the initial login page.
Is the mayan user set up during installation also the Mayan admin?
The answer is: no. During installation of your mayan system, you set up a couple of users that ran “under the hood”:
- the
mayansystem user in the Ubuntu OS (without password and login options; can only be used withsudo -U mayan) - the
mayanuser in your PostgreSQL database (which has a password) - the mayan user in your Redis
None of those users is exposed through Mayan’s web UI – the lead user who holds all privileges in the web UI is admin, and you have to set its password when you access Mayan’s web interface for the first time after installation.
Is there no way to run Mayan over HTTPS?
No – at least not directly. Here’s a statement from the Mayan developer:
We don’t include any native way in Mayan to do this because there are many way to configure SSL and that is something best left for deployment tools. We recommend using a reverse proxy.
You can use nginx, apache or Traefik.
Okeydoke – we’ll set up an nginx as a reverse-proxy then. What we need is…
- Install and setup
ddclientto regularly update the DynDNS record for our outside address. (Not shown in this post) - Install nginx itself and set it up as a reverse proxy. Outside communication is to be sent through https.
- Set up a Let’s encrypt certificate to identify and encrypt our site.
Install nginx and setup as reverse proxy
The key challenge is to come up with a configuration file for the nginx reverse proxy and have Certbot produce a certificate for that nginx instance. The way that worked for me was:
- Use the nginx default template with just dummy page. Run it under the dyndns domain will later run as the domain for the reverse proxy. All you need is a bare bone nginx server that runs on port 80 with your local network firewall opened for that port. Then run Certbot to produce your certificate.
- After you have your certificate, create a new file /etc/nginx/sites-available/edms.myddns.org and put the certificate paths as parameters for ssl_certificate and ssl_certificate_key in the server config. My config file finally looked like this:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
server { # SSL configuration server_name edms.myddns.org; access_log /var/log/nginx/mayan.access.log; error_log /var/log/nginx/mayan.error.log; listen [::]:443 ssl ipv6only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/edms.myddns.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/edms.myddns.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot location / { include /etc/nginx/proxy_params; proxy_pass http://localhost:8000; proxy_read_timeout 90; # Fix potential "It appears that your reverse proxy setup is broken" error proxy_redirect http://localhost:8000 https://edms.myddns.org; } } |
Save the file into /etc/nginx/sites-available. Then set a symlink into /etc/nginx/sites-enabled/:
|
1 |
sudo ln -s /etc/nginx/sites-available/edms.myddns.org /etc/nginx/sites-enabled/ |
Disable the default virtual host:
|
1 |
sudo unlink /etc/nginx/sites-enabled/default |