Question

How to install ERP NEXT on digital oncean and connect domain name with ssl and restrict public ip

Posted September 27, 2020 141 views
Let's EncryptUbuntu 18.04

Hey can anyone guide me for the following:

1)install erpnext on fresh digital ocean ubuntu server
2) Connect domain name to that
3)then install ssl on that domain with auto renewal.
4) once domain is setup . Access via droplet IP will be disabled.

Note I don’t want one click install version that is availale on digital ocean but want to install using easy script of erp next

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
2 answers

Hi,
Here is the really useful tutorial on the subject, however, the author made manual installation of most of the components:
https://www.digitalocean.com/community/tutorials/how-to-install-an-erpnext-stack-on-ubuntu-18-04

But, if you want to get all process a bit simpler, and use easy install script, here are the steps.

1. Initial configuration.
Follow the prerequisites, step 1 and 2 of the tutorial mentioned above. Do not forget to reboot the system after that.

2. ERPNext installation with easy install script.
Download the script to your current location. It may be your home directory. You can remove the script after installation.

wget https://raw.githubusercontent.com/frappe/bench/develop/install.py

Run the script providing appropriate parameters

sudo -H python3 install.py --production --user erpnext --mariadb-version 10.4 --site your.domain.info --verbose

Explanation for some parameters.

  • --user - user context which the application will be installed in. If the user does not exist in the system, script will create it.
  • --mariadb-version - it is obviously the version of MariaDB. Although the latest stable version is 10.5, I recommend installing version 10.4. You would get a problem installing ver. 10.5. I will describe the workaround for it in another answer to this post.
  • --site - specify your domain here. Domain must point at your droplet’s IP address. Domain will be automatically associated with ERPNext installation, and nginx server block will be configured with it, what actually meets one of your defined requirements.
  • --verbose - thanks to it you get a lot of information during installation what may be useful for troubleshooting possible problems.

You will be asked for creating two passwords during the installation:

  • for MariaDB root user
  • for ERPNext Administrator

Keep both those passwords in safe place.

3. Securing the communication with Let’s Encrypt certificate.

It is quite likely you would like to access your application with more than one domain. Let’s assume that you would like to access it using both your.domain.info and www.your.domain.info. In such case, you need to modify ERPNext nginx server block configuration before installing a certificate.
This server block configuration is contained in file /etc/nginx/conf.d/frappe-bench.conf. Find the server_name directive and modify it appropriately.

  server_name your.domain.info www.your.domain.info;

Check if syntax of nginx configuration is OK

sudo nginx -t

Restart nginx service.

sudo systemctl restart nginx

Ensure that you can access your ERPNext application with both your domains. If it is OK you can continue the installation.

To install Let’s Encrypt certificate you must install certbot first. So, install certbot’s repository

sudo add-apt-repository ppa:certbot/certbot

You will get a note, accept it pressing Enter.

Output
This is the PPA for packages prepared by Debian Let's Encrypt Team and backported for Ubuntu. Note: Packages are only provided for currently supported Ubuntu releases. More info: https://launchpad.net/~certbot/+archive/ubuntu/certbot Press [ENTER] to continue or Ctrl-c to cancel adding it.

Then, install certbot

sudo apt install python-certbot-nginx

Now you can obtain a certificate for your domain or domains. I included two domains in exemplary command below.

sudo certbot --nginx -d your.domain.info -d www.your.domain.info

You will be asked for entering email address for sending notices on renewals. It is worthy to enter it. You may be also asked if you would like to redirect HTTP traffic to HTTPS. Agree to redirect.

Output
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 1: No redirect - Make no further changes to the webserver configuration. 2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you're confident your site works on HTTPS. You can undo this change by editing your web server's configuration. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

If certificate installation is successful you will get info like

Output
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: ...

Installed certbot package takes care of certificate renewal process by adding a renew script to directory /etc/cron.d. You can run renewal test and check if it is going smoothly.

sudo certbot renew --dry-run

4. Disabling access to ERPNext via droplet’s IP address.
To achieve that add the following server block configuration to the file /etc/nginx/conf.d/frappe-bench.conf.

server {
  listen 443 ssl;
  server_name your-droplet-ip;
  return 444;
}

Replace your-droplet-ip with corresponding IP address. You can also replace response code 444 (“Connection closed without response”) with the more appropriate one.
The above configuration is related to HTTPS traffic. HTTP traffic was redirected to HTTPS by modifications done by certbot, so you do not have to do anything with that. You can just replace response code 404 with the one you like.

server {
  if ($host = www.your.domain.info) {
    return 301 https://$host$request_uri;
  } # managed by Certbot


  if ($host = your.domain.info) {
    return 301 https://$host$request_uri;
  } # managed by Certbot

  listen 80;

  server_name your.domain.info www.your.domain.info;
  return 404; # managed by Certbot

}

After the modifications check if syntax of nginx configuration is OK

sudo nginx -t

Restart nginx service.

sudo systemctl restart nginx

Now, you should have ERPNext installed, and have HTTPS access to it via your domain only, not via droplet’s IP address :)

by Damaso Sanoja
ERPNext is an Enterprise Resource Planning (ERP) suite that leverages the power and flexibility of open-source technologies. It excels at managing core business processes such as finance, sales, HR, manufacturing, purchases, services, helpdesk, and more. In this tutorial you will install and configure an ERPNext stack on one server running Ubuntu 18.04. With all of your data centralized on a MariaDB server, ERPNext can greatly simplify a businesses e-commerce needs.

Hi again :)
As I mentioned in the previous answer, you would get the error installing ERPNext with MariaDB 10.5 (the most current and stable MariaDB version at the moment). Now I am going to explain a workaround for that problem.
So, to install ERPNext with MariaDB 10.5 you need to perform all the steps as for version 10.4. The only difference is in the easy script parameter. The whole command would look like

sudo -H python3 install.py --production --user erpnext --mariadb-version 10.5 --site your.domain.info --verbose

The installation will be running for some time. You will be asked for creating the passwords for MariaDB root user and ERPNext Administrator in the meantime. Finally you will end with an error message looks like below and the installation will be stopped.

"For key collation_server. Expected value utf8mb4_unicode_ci, found value utf8mb4_general_ci",
"================================================================================",
"Creation of your site - site1.local failed because MariaDB is not properly ",
"configured.  If using version 10.2.x or earlier, make sure you use the ",
"the Barracuda storage engine. ",
 "",
"Please verify the settings above in MariaDB's my.cnf.  Restart MariaDB.  And ",
"then run `bench new-site site1.local` again.",
"",
"",
"================================================================================",
"Database settings do not match expected values; stopping database setup."

The cause of this problem is located in one of the MariaDB config files which was apparently added to version 10.5. The collation settings from that file overwrite the settings provided by easy install script. To fix that problem simply comment two lines in /etc/mysql/mariadb.conf.d/50-server.cnf, as it is shown below

#character-set-server  = utf8mb4
#collation-server      = utf8mb4_general_ci

Then, to return on installation path again, you need to do two things more.

1. Remove just created site directory.

sudo rm -R /home/erpnext/frappe-bench/sites/your.domain.info/

You need to replace highlighted parts of the path with the values you provided as parameters to easy script:

  • erpnext with the value of --user parameter
  • your.domain.info with the value of --site parameter

2. Remove just created database.
Log into database management interactive shell.

mysql --user root --password --host=localhost

You will be asked for the password that you entered for MariaDB root user during the installation. After successful authentication you will get MariaDB/MySQL interactive shell prompt sign.

MariaDB [(none)]>

List existing databases.

SHOW DATABASES;

The result will be similar to that

Output
+--------------------+ | Database | +--------------------+ | _b089dc2a314866b9 | | information_schema | | mysql | | performance_schema | +--------------------+

Remove the database with the name starting with underscore symbol

DROP DATABASE _b089dc2a314866b9;

Exit the database management interactive shell

EXIT;

Then, you can restart your installation.

sudo -H python3 install.py --production --user erpnext --mariadb-version 10.5 --site your.domain.info --verbose

The installation should be done successfully now :)

Submit an Answer