summary

  • Create an instance with Ubuntu / t2.medium / 8GB as appropriate
  • Install Docker
  • Install Polis
    • SSL certificate required if running on anything other than localhost

log on 2023-05-22 Create an instance with Ubuntu / t2.micro / 8GB as appropriate

  • As soon as I started the instance, I got a screen that looked like I could connect to the terminal from the browser, and I thought, ā€œI guess Iā€™m in good shape now,ā€ and clicked on it, but then I got discouraged because I couldnā€™t connect because the instance was still running.

Install Docker

Install Polis

  • GitHub - compdemocracy/polis: Open Source AI for large scale open ended feedback
  • $ git clone https://github.com/compdemocracy/polis.git
  • $ sudo apt install make
  • Follow the README
  • $ cp example.env .env
  • $ make start
    • docker compose -f docker-compose.yml -f docker-compose.dev.yml --env-file .env up
    • ERROR: permission denied while trying to connect to the Docker daemon ...
    • gpt-4.icon - The Docker daemon runs as the root user and by default no other user can interact with it. This is why you get "permission denied" errors. - Try the following steps to resolve this issue: - Adding a user to the docker group: This is the recommended way to solve this problem. You can add a user to the docker group with the following command - `$ sudo usermod -aG docker $USER` - After executing this command, you must log out and log in again to reevaluate your group membership.
    • Fixed!

The build is not finished after 10 minutes.

SSL Certificate

  • image
  • The Docker Compose infrastructure described in the main README uses an insecure self-signed SSL certificate. This is pre-generated and stored publicly in the source code. This HTTPS implementation is only suitable for testing.

  • Iā€™ll do it later.

create account

  • ERROR: unauthorized domain: https://3.87.68.32 server.ts
if (
  !domainOverride &&
  !hasWhitelistMatches(host) &&
  !routeIsWhitelistedForAnyDomain
) {
  logger.info("not whitelisted", { headers: req.headers, path: req.path });
  return next("unauthorized domain: " + host);
}
  • .env
    • image
  • Iā€™m not on localhost, so I donā€™t know if I need to do any configuration around this.
  • Itā€™s done.
    • image

SSL Certificate

  • Add an A record to the DNS that you manage.
  • Confirmation that nslookup can be pulled properly
  • Try accessing the site with a browser
    • Canā€™t access this site DNS_PROBE_FINISHED_NXDOMAIN

    • gpt-4.iconLocal DNS Cache: Your computer stores a local DNS cache to speed up the resolution of domain names. If this cache is outdated or corrupt, it can cause this error. You can clear your local DNS cache with the following command ā€¦
      • (OSX) % sudo killall -HUP mDNSResponder
    • Changed to ERR_CONNECTION_REFUSED
      • Oh, I didnā€™t start the server.
  • Letā€™s Encrypt certbot uses 80, so not with Polis server built :
Certbot failed to authenticate some domains (authenticator: standalone). The Certificate Authority reported these problems:
  Domain: *****
  Type:   dns
  Detail: DNS problem: NXDOMAIN looking up A for ***** - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for ***** - check that a DNS record exists for this domain
  • I thought it was the DNS, so I waited a bit or something, but no, this is not it.
    • EC2 security rules only opened 443 and 22.
    • Open 80 and make sure it is accessible from the outside.
      • $ sudo python3 -mhttp.server 80
  • @nishio: I donā€™t know how to make an SSL certificate or anything, but I have a laymanā€™s question: Iā€™m trying to make a certificate with Letā€™s Encrypt for a subdomain that I newly added an A record to the DNS about 30 minutes ago. Iā€™m trying to make a certificate with Letā€™s Encrypt for a subdomain to which I newly added an A record in DNS about 30 minutes ago, and I get an NXDOMAIN error.

    • (I may have simply misplaced the domain name, orz)

The certificate is ready. Tweak file-server/nginx.Dockerfile and `file-server/nginx/nginx-ssl.site.default.conf

  • The nginx-ssl.site.default.conf is copied diff
--- a/file-server/nginx.Dockerfile
+++ b/file-server/nginx.Dockerfile
@@ -1,10 +1,12 @@
 FROM docker.io/nginx:1.21.5-alpine
 
-COPY nginx/nginx-ssl.site.default.conf /etc/nginx/conf.d/default.conf
+COPY nginx/nginx-ssl.site.nhiro.conf /etc/nginx/conf.d/default.conf
 
 # We only use these in testing.
 COPY nginx/certs/snakeoil.cert.pem /etc/nginx/certs/snakeoil.cert.pem
 COPY nginx/certs/snakeoil.key.pem  /etc/nginx/certs/snakeoil.key.pem
+COPY fullchain.pem /etc/nginx/certs/fullchain.pem
+COPY privkey.pem /etc/nginx/certs/privkey.pem

conf.diff

     server_name _;
 
-    ssl_certificate /etc/nginx/certs/snakeoil.cert.pem;
-    ssl_certificate_key /etc/nginx/certs/snakeoil.key.pem;
+    ssl_certificate /etc/nginx/certs/fullchain.pem;
+    ssl_certificate_key /etc/nginx/certs/privkey.pem;
     ssl_session_timeout 10m;
  • $ docker compose up --detach --build --no-deps nginx-proxy
  • In fact, it would be better to get the certificate file from Letā€™s encryptā€™s certbot, since it seems to update it automatically, but it was too much trouble, so I cpā€™d it.
    • When a file could not be read due to its location, the owner of the directory or file being root, or permissions, etc., it would simply disconnect from the server instead of stopping with a clear error, and it was a pain to find out what was causing the problem.
    • Finally, just sudo cpā€™ing the certificate didnā€™t work, chmod 666 did.

After a while, Bad Gateway killed it. polis-dev-nginx-proxy-1 | 2023/05/24 04:16:35 [error] 32#32: *12492 connect() failed (111: Connection refused) while connecting to upstream, client: ::ffff:133.200.136.32, server: _, request: "GET /7xrm9snjcc HTTP/2.0", upstream: "http://172.18.0.5:5000/7xrm9snjcc", host: "polis.nhiro.org", referrer: "https://t.co/" Hmmm, dead at the end of nginx. Maybe itā€™s not good if access is concentrated, since the development server is operated in production as it is for the purpose of development observation. It would be good to see the logs to determine the cause, where is it?

Error in detailed report display

  • GET /report/undefined/api/v3/reports?report_id=r2bafdsneascdm6sbmnad 404

    • undefined
  • Only the report screen is reading the URL prefix from the .env.
  • Iā€™m using document.origin instead when itā€™s not pointed out, but itā€™s undefined

from /villagepump/2023/05/24 /villagepump/inajob.icon

  • The UI is the same, so itā€™s a mystery to me that Iā€™m not logged in (though of course I should be).
  • I was confused because when I clicked on the link for the login lead, I was sent to the main Polis.
  • I canā€™t link to Twitter (havenā€™t set the key?)
    • Maybe I havenā€™t!/villagepump/nishio.icon
      • Opinion posting is allowed anonymously, the seed opinion created by the administrator and the opinion posted by the participants are indistinguishable!
  • Background: I wanted to plug Polis for a discussion that occurred within the company./villagepump/nishio.icon
    • pol.is is treated as an ā€œexternal cloud serviceā€, so it is troublesome
      • I think it would be beneficial to the world if it were easier to understand the procedure for getting it up quickly and using it for internal purposes./villagepump/nishio.icon
        • Especially since Iā€™m thinking, ā€œWouldnā€™t this be beneficial for decision making within the private sector?ā€ I think it could be useful for decision making in the private sector. ā€” polisć£ć¦ćƒ­ć‚°ć‚¤ćƒ³ć›ćšć«ęŠ•ē„Ø恧恍恟悓恠/villagepump/takker.icon
  • When I vote and leave, I lose my vote results. I donā€™t know what to do./villagepump/issac.icon
    • There is no Twitter to link to, so I canā€™t even go back through the icons.
      • Only the memory of my vote remains.
    • You canā€™t (and shouldnā€™t) be able to see which of each question you answered when you work together./villagepump/inajob.icon
      • No list of votes answered in the past, etc. (Iā€™d like to have one)
      • Understanding that the icon will be yours when the diagram is available, and that you will only receive email notifications when there are additional questions.
      • I want to tinker with various things (my own instance for that)./villagepump/nishio.icon

This page is auto-translated from /nishio/EC2恧Polis using DeepL. If you looks something interesting but the auto-translated English is not good enough to understand it, feel free to let me know at @nishio_en. Iā€™m very happy to spread my thought to non-Japanese readers.