Bitnami Pootle for Google Cloud Platform

Description

Pootle is a user-friendly web portal for translation projects. It allows online translation, work assignment, gives statistics and makes it easy for volunteers to contribute.

First steps with the Bitnami Pootle Stack

Welcome to your new Bitnami application running on Google Cloud Platform! Here are a few questions (and answers!) you might need when first starting with your application.

What credentials do I need?

You need two sets of credentials:

The application credentials that allow you to log in to your new Bitnami application. These credentials consist of a username and password.
The server credentials that allow you to log in to your Google Cloud Platform server using an SSH client and execute commands on the server using the command line. These credentials consist of an SSH username and key.

What is the administrator username set for me to log in to the application for the first time?

Username: user

What SSH username should I use for secure shell access to my application?

SSH username: bitnami

What are the default ports?

A port is an endpoint of communication in an operating system that identifies a specific process or a type of service. Bitnami stacks include several services or servers that require a port.

IMPORTANT: Making this application's network ports public is a significant security risk. You are strongly advised to only allow access to those ports from trusted networks. If, for development purposes, you need to access from outside of a trusted network, please do not allow access to those ports via a public IP address. Instead, use a secure channel such as a VPN or an SSH tunnel. Follow these instructions to remotely connect safely and reliably.

Port 22 is the default port for SSH connections.

Bitnami opens some ports for the main servers. These are the ports opened by default: 80, 443.

How to start or stop the services?

Each Bitnami stack includes a control script that lets you easily stop, start and restart services. The script is located at /opt/bitnami/ctlscript.sh. Call it without any service name arguments to start all services:

$ sudo /opt/bitnami/ctlscript.sh start

Or use it to restart a single service, such as Apache only, by passing the service name as argument:

$ sudo /opt/bitnami/ctlscript.sh restart apache

Use this script to stop all services:

$ sudo /opt/bitnami/ctlscript.sh stop

Restart the services by running the script without any arguments:

$ sudo /opt/bitnami/ctlscript.sh restart

Obtain a list of available services and operations by running the script without any arguments:

$ sudo /opt/bitnami/ctlscript.sh

How to access the administration panel?

Access the administration panel by browsing to http://SERVER-IP/accounts/login/.

How to configure outbound email settings?

Google Cloud Platform doesn't allow SMTP traffic through default ports: 25, 465, 587. Check Google cloud documentation to learn how to use a VPN to bypass these restrictions or use a different port for sending emails from your application.

You just need to edit the settings file at /opt/bitnami/apps/pootle/etc/pootle/localsettings.py. Uncomment the EMAIL_* parameters and set the values for your SMTP server. For example, you can use a Gmail account to send the outgoing emails as follows. Replace USERNAME and PASSWORD with your Gmail account username and password respectively.

#Mail settings

# Address used for messages sent by Pootle.
DEFAULT_FROM_EMAIL = 'USERNAME@gmail.com'

# Mail server settings

# By default Pootle uses SMTP server on localhost, if the server is
# not configured for sending emails use these settings to setup an
# external outgoing SMTP server.

# Example for Google as an external SMTP server
EMAIL_HOST_USER = 'USERNAME@gmail.com'
EMAIL_HOST_PASSWORD = 'PASSWORD'
EMAIL_HOST = 'smtp.gmail.com'
EMAIL_PORT = 587
EMAIL_USE_TLS = True

To configure the application to use other third-party SMTP services for outgoing email, such as SendGrid or Mandrill, refer to the FAQ.

NOTE: If you are using Gmail as the outbound email server and have experienced issues trying to send emails correctly, check the How to troubleshoot Gmail SMTP issues to learn the causes of these issues and how to solve them.

How to create a full backup of Pootle?

Backup

The Bitnami Pootle Stack is self-contained and the simplest option for performing a backup is to copy or compress the Bitnami stack installation directory. To do so in a safe manner, you will need to stop all servers, so this method may not be appropriate if you have people accessing the application continuously.

Follow these steps:

Change to the directory in which you wish to save your backup:
```
  $ cd /your/directory
```

Stop all servers:

  $ sudo /opt/bitnami/ctlscript.sh stop

Create a compressed file with the stack contents:

  $ sudo tar -pczvf application-backup.tar.gz /opt/bitnami

Restart all servers:

  $ sudo /opt/bitnami/ctlscript.sh start

You should now download or transfer the application-backup.tar.gz file to a safe location.

Restore

Follow these steps:

Change to the directory containing your backup:
```
  $ cd /your/directory
```

Stop all servers:

  $ sudo /opt/bitnami/ctlscript.sh stop

Move the current stack to a different location:

  $ sudo mv /opt/bitnami /tmp/bitnami-backup

Uncompress the backup file to the original directoryv

  $ sudo tar -pxzvf application-backup.tar.gz -C /

Start all servers:

  $ sudo /opt/bitnami/ctlscript.sh start

If you want to create only a database backup, refer to these instructions for MySQL and PostgreSQL.

How to create an SSL certificate?

OpenSSL is required to create an SSL certificate. A certificate request can then be sent to a certificate authority (CA) to get it signed into a certificate, or if you have your own certificate authority, you may sign it yourself, or you can use a self-signed certificate (because you just want a test certificate or because you are setting up your own CA).

Follow the steps below:

Generate a new private key:

 $ sudo openssl genrsa -out /opt/bitnami/apache2/conf/server.key 2048

Create a certificate:
```
 $ sudo openssl req -new -key /opt/bitnami/apache2/conf/server.key -out /opt/bitnami/apache2/conf/cert.csr
```
IMPORTANT: Enter the server domain name when the above command asks for the "Common Name".
Send cert.csr to the certificate authority. When the certificate authority completes their checks (and probably received payment from you), they will hand over your new certificate to you.

Until the certificate is received, create a temporary self-signed certificate:

 $ sudo openssl x509 -in /opt/bitnami/apache2/conf/cert.csr -out /opt/bitnami/apache2/conf/server.crt -req -signkey /opt/bitnami/apache2/conf/server.key -days 365

Back up your private key in a safe location after generating a password-protected version as follows:
```
 $ sudo openssl rsa -des3 -in /opt/bitnami/apache2/conf/server.key -out privkey.pem
```
Note that if you use this encrypted key in the Apache configuration file, it will be necessary to enter the password manually every time Apache starts. Regenerate the key without password protection from this file as follows:
```
 $ sudo openssl rsa -in privkey.pem -out /opt/bitnami/apache2/conf/server.key
```

Find more information about certificates at http://www.openssl.org.

How to enable HTTPS support with SSL certificates?

TIP: If you wish to use a Let's Encrypt certificate, you will find specific instructions for enabling HTTPS support with Let's Encrypt SSL certificates in our Let's Encrypt guide.

NOTE: The steps below assume that you are using a custom domain name and that you have already configured the custom domain name to point to your cloud server.

Bitnami images come with SSL support already pre-configured and with a dummy certificate in place. Although this dummy certificate is fine for testing and development purposes, you will usually want to use a valid SSL certificate for production use. You can either generate this on your own (explained here) or you can purchase one from a commercial certificate authority.

Once you obtain the certificate and certificate key files, you will need to update your server to use them. Follow these steps to activate SSL support:

Use the table below to identify the correct locations for your certificate and configuration files.

Variable	Value
Current application URL	https://[custom-domain]/
	Example: https://my-domain.com/ or https://my-domain.com/appname
Apache configuration file	/opt/bitnami/apache2/conf/bitnami/bitnami.conf
Certificate file	/opt/bitnami/apache2/conf/server.crt
Certificate key file	/opt/bitnami/apache2/conf/server.key
CA certificate bundle file (if present)	/opt/bitnami/apache2/conf/server-ca.crt

Copy your SSL certificate and certificate key file to the specified locations.

NOTE: If you use different names for your certificate and key files, you should reconfigure the SSLCertificateFile and SSLCertificateKeyFile directives in the corresponding Apache configuration file to reflect the correct file names.

If your certificate authority has also provided you with a PEM-encoded Certificate Authority (CA) bundle, you must copy it to the correct location in the previous table. Then, modify the Apache configuration file to include the following line below the SSLCertificateKeyFile directive. Choose the correct directive based on your scenario and Apache version:

Variable	Value
Apache configuration file	/opt/bitnami/apache2/conf/bitnami/bitnami.conf
Directive to include (Apache v2.4.8+)	SSLCACertificateFile "/opt/bitnami/apache2/conf/server-ca.crt"
Directive to include (Apache < v2.4.8)	SSLCertificateChainFile "/opt/bitnami/apache2/conf/server-ca.crt"

NOTE: If you use a different name for your CA certificate bundle, you should reconfigure the SSLCertificateChainFile or SSLCACertificateFile directives in the corresponding Apache configuration file to reflect the correct file name.

Once you have copied all the server certificate files, you may make them readable by the root user only with the following commands:
```
 $ sudo chown root:root /opt/bitnami/apache2/conf/server*

 $ sudo chmod 600 /opt/bitnami/apache2/conf/server*
```
Open port 443 in the server firewall. Refer to the FAQ for more information.
Restart the Apache server.

You should now be able to access your application using an HTTPS URL.

How to force HTTPS redirection with Apache?

Add the following lines in the default Apache virtual host configuration file at /opt/bitnami/apache2/conf/bitnami/bitnami.conf, inside the default VirtualHost directive, so that it looks like this:

<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache2/htdocs"
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
  ...
</VirtualHost>

After modifying the Apache configuration files:

Open port 443 in the server firewall. Refer to the FAQ for more information.
Restart Apache to apply the changes.

How to debug Apache errors?

Once Apache starts, it will create two log files at /opt/bitnami/apache2/logs/access_log and /opt/bitnami/apache2/logs/error_log respectively.

The access_log file is used to track client requests. When a client requests a document from the server, Apache records several parameters associated with the request in this file, such as: the IP address of the client, the document requested, the HTTP status code, and the current time.
The error_log file is used to record important events. This file includes error messages, startup messages, and any other significant events in the life cycle of the server. This is the first place to look when you run into a problem when using Apache.

If no error is found, you will see a message similar to:

Syntax OK

How to connect instances hosted in separate virtual networks or VPCs?

The Google Cloud Platform makes it possible to connect instances hosted in separate Virtual Private Clouds (VPCs), even if those instances belong to different projects or are hosted in different regions. This feature, known as VPC Network Peering, can result in better security (as services do not need to be exposed on public IP addresses) and performance (due to use of private, rather than public, networks and IP addresses).

Learn more about VPC Network Peering.

How to find the MySQL database credentials?

Database username: root.
Database password: The same as the application password. Find out how to obtain application credentials.

How to connect to the MySQL database?

You can connect to the MySQL database from the same computer where it is installed with the mysql client tool.

$ mysql -u root -p

You will be prompted to enter the root user password. This is the same as the application password.

How to debug errors in your database?

The main log file is created at /opt/bitnami/mysql/data/mysqld.log on the MySQL database server host.

How to change the MySQL root password?

You can modify the MySQL password using the following command at the shell prompt. Replace the NEW_PASSWORD placeholder with the actual password you wish to set.

$ /opt/bitnami/mysql/bin/mysqladmin -p -u root password NEW_PASSWORD

How to reset the MySQL root password?

If you don't remember your MySQL root password, you can follow the steps below to reset it to a new value:

Create a file in /home/bitnami/mysql-init with the content shown below (replace NEW_PASSWORD with the password you wish to use):
```
 UPDATE mysql.user SET Password=PASSWORD('NEW_PASSWORD') WHERE User='root';
 FLUSH PRIVILEGES;
```
If your stack ships MySQL v5.7.x, use the following content instead of that shown above:
```
 UPDATE mysql.user SET authentication_string=PASSWORD('NEW_PASSWORD') WHERE User='root';
 FLUSH PRIVILEGES;
```
TIP: Check the MySQL version with the command /opt/bitnami/mysql/bin/mysqladmin --version or /opt/bitnami/mysql/bin/mysqld --version.

Stop the MySQL server:

 $ sudo /opt/bitnami/ctlscript.sh stop mysql

Start MySQL with the following command:

 $ sudo /opt/bitnami/mysql/bin/mysqld_safe --pid-file=/opt/bitnami/mysql/data/mysqld.pid --datadir=/opt/bitnami/mysql/data --init-file=/home/bitnami/mysql-init 2> /dev/null &

Restart the MySQL server:

 $ sudo /opt/bitnami/ctlscript.sh restart mysql

Remove the script:
```
 $ rm /home/bitnami/mysql-init
```

How to upload files to the server with SFTP?

Although you can use any SFTP/SCP client to transfer files to your server, the link below explains how to configure FileZilla (Windows, Linux and Mac OS X), WinSCP (Windows) and Cyberduck (Mac OS X). It is required to use your server's private SSH key to configure the SFTP client properly. Choose your preferred application and follow the steps in the link below to connect to the server through SFTP.

How to upload files to the server

How to enable user registration?

To enable external users to register, configure email settings.

How to use Pootle administration commands?

Use Pootle administration commands through the django-admin.py scripts. Remember that you must specify the correct Pootle path and Pootle settings. Here's an example of how to use the refresh_stats command:

$ /opt/bitnami/python/bin/python /opt/bitnami/apps/django/bin/django-admin.py refresh_stats --settings=pootle.

How to install Xapian for the search features?

Xapian is an open source search engine library, released under the GPL. Follow the steps and commands below to install it:

Get the latest sources:

 $ wget http://oligarchy.co.uk/xapian/1.2.12/xapian-core-1.2.12.tar.gz
 $ wget http://oligarchy.co.uk/xapian/1.2.12/xapian-bindings-1.2.12.tar.gz
 $ sudo su

Decompress Xapian sources:

 $ tar zxf xapian-core-1.2.12.tar.gz
 $ tar zxf xapian-bindings-1.2.12.tar.gz

Install dependencies:

Debian:

 $ sudo apt-get update
 $ sudo apt-get install gcc g++ make
 $ sudo apt-get install uuid-dev

CentOS:

 $ sudo yum groups mark install "Development Tools"

Set paths:

 $ export LDFLAGS=-L/opt/bitnami/common/lib
 $ export CPPFLAGS=-I/opt/bitnami/common/include

Compile and install Xapian:

 $ cd xapian-core-1.2.12
 $ ./configure --prefix=/opt/bitnami/common
 $ make
 $ sudo make install
 $ cd ../xapian-bindings-1.2.12
 $ ./configure --prefix=/opt/bitnami/common --with-python
 $ make
 $ sudo make install

Restart the servers:

 $ sudo /opt/bitnami/ctlscript.sh restart