- Introduction
- Tutorials
- User interfaces
- Administrative settings
- Creating/founding a new database project
- Opening page
- Invitations
- Modules
- API documentation
- Install new OBM Server guide
- PWA application
- Mobile application documentation
- Developer hints
- Frequently Asked Questions
- What is OpenBioMaps?
- What is OpenBioMaps Consortium?
- How can I create/find a new database-project?
- How can I upload data?
- How can I access data?
- How can I retrieve data with my mobile phone?
- How can I sign up for an OpenBioMaps project?
- Is there a programmable interface for developers?
- What language support is available?
- How can I contribute to OpenBioMaps?
- Should I pay for anything?
- How and where does the OpenBioMaps store the data?
- Is there any backup solution?
- I lost my password, how can I get a new one?
- Pink squares appear on the map page
- What is the RUM?
- Is it possible to assign a DOI to databases?
- Where can I find the list of the existing OpenBioMaps servers?
- How to use the OpenBioMaps mobile app?
- Where can I find the OpenBioMaps R package?
- What data download options are there?
- How/where can I access photos taken in the field with the mobile app?
- How can I delete data?
- I can’t query/see data which is visible to other users
Virtual server with Docker¶
It is the currently supported up-to-date virtual environment release of OpenBioMaps.
It is good for testing, and developing, and in a production environment as well.
For using obm-docker 4 steps are needed:
Install docker-compose
Get the obm-docker image
Configure your docker according to the host’s speciality (e.g. SSL, SMTP)
Start your docker environment
Prepare/Install Docker & Compose¶
sudo curl -L https://github.com/docker/compose/releases/download/1.29.2/docker-compose-`uname -s`-`uname -m` -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version
docker-compose version 1.29.2, build f46880fe
Visit this page for further information about installing docker:
Install / Setup an OpenBioMaps instance¶
In one step:
curl -s https://gitlab.com/openbiomaps/docker/obm-composer/-/raw/master/install.sh > /tmp/install.sh && sudo bash /tmp/install.sh
Visit your OBM app¶
http://YOUR_SERVER_NAME:9080/projects/sablon/
Log in to your template database using valaki@openbiomaps.org user name and abc123 password. After the first login, please change this default password!
If you installed the docker in your local computer you can access the services above in localhost.
Database access¶
You can access your Postgres database on the following pre-configured online database manager applications. However, it depends on your host-docker relationship.
!PhpPgAdmin is not available currently!
*Phppgadmin: http://YOUR_SERVER_NAME:9881/*
PhpPgadmin notes:
It is a very friendly tool, but unfortunately, it is currently not maintained, so we have to create our edition or wait for someone else…
Adminer: http://YOUR_SERVER_NAME:9882/
Adminer notes:
server = openbiomaps_biomaps_db_1
db_name = biomaps | gisadmin
db_user = biomapsadmin | sablon_admin | YOUR_PROJECT_admin
password = (check the .env file for the biomapsadmin's password or the local_vars.php.inc for ..._admin's password)
You can manage the database with the biomapsadmin user. This is a superuser. Its password is generated by the system during installation and can be found in the /srv/docker/openbiomaps/.env file.
For the MapServer map file, the encrypted password for the database connection can be generated with the /var/lib/openbiomaps/maps/access.key.
OpenBioMaps creates two databases by default. The ‘biomaps’ contains the tables needed for the system to work, while the ‘gisdata’ contains the data tables of the project databases. In other words, the latter is where the data collected by users will be stored and to which users can connect. The ‘biomapsadmin’ is a superuser in both databases. Its password is generated by the system during installation and stored in the /srv/docker/openbiomaps/.env file.
Docker maintenance app¶
This step is not obligatory but can be useful if you need a strong web admin interface for docker management.
mkdir -p /srv/docker/portainer && cd /srv/docker/portainer
git clone https://gitlab.com/openbiomaps/docker/obm-portainer.git .
sudo su
docker-compose pull
# Genereate a strong random password for the admin user
bash ./password_gen.sh
docker-compose up -d
On the portainer interface use the "Get started" button...
Visit your docker-admin (portainer) app
Log in to your app using admin user name and your password;
If you installed the docker in your local computer you can access the services above in localhost.
OBM maintenance: Supervisor¶
You can access OBM server admin interface: http://localhost:9880/supervisor.php
or
https://yourserver.com/supervisor.php
with supervisor username and password created by obm_post_install.sh. This password is located at /etc/openbiomaps/.htpasswd.
You can regenerate the Supervisor’s password with ./obm_post_install.sh update supervisor command
Updates: update application with Docker¶
These commands are safe, they do not destroy the changes made through the OpenBioMaps web interface.
foo@bar:~$ docker-compose pull
Pulling biomaps_db ... done
Pulling mapserver ... done
Pulling app ... done
## Pulling phppgadmin ... done -- There is no PhpPgAdmin currently
Pulling adminer ... done
foo@bar:~$ docker-compose up -d
Creating obm-composer_biomaps_db_1 ... done
Creating obm-composer_mapserver_1 ... done
Creating obm-composer_adminer_1 ... done
## Creating obm-composer_phppgadmin_1 ... done
Creating obm-composer_app_1 ... done
Update only one container
foo@bar:~$ docker-compose up -d app
Email setting for projects¶
You must set up a Mail server access to send emails from the app
Assuming that the new server does not have its domain name, the default value for sending mail is set to SMTP (/etc/openbiomaps/system_vars.php.inc), which requires you to configure outgoing smtp servers and associated authentication for each project (/var/www/html/biomaps/projects/…/local_vars.php.inc)
These config files can be edited in the supervisor interface.
Find the mail settings section and set up the SMTP host and authentication if needed.
If there is an external SMTP server here you are an example:
// Mail settings
define('SMTP_AUTH',true); # true
define('SMTP_HOST','mail.my-mail-server.com');
define('SMTP_USERNAME','my-name@my-mail-server.com');
define('SMTP_PASSWORD','something');
define('SMTP_SECURE','tls'); # Or starttls
define('SMTP_PORT','587'); # 465
define('SMTP_SENDER','openbiomaps@my-mail-server.com');
If SMTP_SENDER is not set, the SMTP_USERNAME will be the sender. Sending mails with Google, with these simple settings is not possible, because Google uses xoauth layer to authenticate! It is possible to include that layer here!
If the host system will be the SMTP server:
// Mail settings
define('SMTP_AUTH',false);
define('SMTP_HOST','172.17.0.1');
define('SMTP_PORT','25');
define('SMTP_SENDER','info@you-smtp-server');
For the IP address above check host “ip addr | grep docker0”
On the host depending on what MTA you have here you some examples:
Exim4¶
In the /etc/exim4/update-exim4.conf file
dc_relay_nets=‘172.21.0.0/16’
dc_local_interfaces=‘127.0.0.1 ; ::1 ; 172.17.0.1’
these lines should be updated, but depending on your exim config maybe something else as well.
In the /etc/exim4/exim4.config file
“hostlist relay_from_hosts…” line, you should extend with the obm_back network e.g.
hostlist relay_from_hosts = localhost :172.20.0.0/16 :172.17.0.0/16 :172.21.0.0/16
Comment: “Maybe one of the three networks is enough above, I did not test yet”
Postfix¶
inet_interfaces = 172.17.0.1
mynetworks = 172.21.0.4 172.20.0.6
Here’s how to find out docker networks and ip addresses:
docker container ls
Search for obm-composer_app_1
docker inspect xxxxx_obm-composer_app_1
Search for obm_back and obm_web interfaces:
obm-composer_obm_back {
…
“IPAddress”: “172.20.0.6”,
}
obm-composer_obm_web {
…
“IPAddress”: “172.21.0.4”,
}
Firewall¶
You may also need to update your firewall to enable incoming mail from the image to the host. The network address of obm_back must be allowed as an incoming network for the firewall. E.g.
ufw allow from 172.20.0.0/16 proto tcp to any port 25
Global SMTP settings¶
Most probably you want to use the same SMTP settings for all projects on your server. In this case, use the
SMTP_GLOBAL_HOST
SMTP_GLOBAL_AUTH
SMTP_GLOBAL_USERNAME
SMTP_GLOBAL_PASSWORD
SMTP_GLOBAL_SECURE
SMTP_GLOBAL_PORT
SMTP_GLOBAL_SENDER
parameters in the sytem_vars.php.inc. At least the SMTP_GLOBAL_HOST should be set if you want to use global parameters. The local parameters override the globals always.
Setting up ssl/https access (highly recommended)¶
You may need to update your project access protocol setting in the Supervisor however it depends on your host’s setting.
There is no webserver on the Host, but Host provide ssl certs for docker
One possible way is to use the host’s SSL certificates by the way to mount the necessary directories from the host to the docker. You can create letsencrypt
apt install dehydrated
vi /etc/dehydrated/domain.txt
YOURDOMAIN
dehydrated -c
docker-compose.yml:
services:
app:
image: registry.gitlab.com/openbiomaps/web-app:latest
volumes:
...
- /etc/letsencrypt/YOURDOMAIN:/etc/apache2/certs
- ./apache2/default-ssl.conf:/etc/apache2/sites-enabled/default-ssl.conf
ports:
- 80:80
- 443:443
...
Host has a web server and provides a proxy for the docker
Another way to use the host’s Apache proxy
Host: /etc/apache2/sites-enabled/000-default.conf
RedirectMatch permanent ^(?!/.well-known/.*) https://YOURDOMAIN/
Host: /etc/apache2/sites-enabled/default-ssl.conf
RequestHeader set X-Forwarded-Proto 'https'
RequestHeader set X-Forwarded-Host 'YOURDOMAIN'
RequestHeader set X-Forwarded-Port "443"
ProxyPass /.well-known !
ProxyPass /
http://localhost:8090/
ProxyPassReverse /
http://localhost:8090/
ProxyPreserveHost On
<Proxy *>
allow from all
</Proxy>
docker-compose.yml:
services:
app:
...
ports:
- 80:8090
...
In this case, you don’t need to use HTTPS protocol in project settings because the OBM can recognize the HTTPS request through the HTTP-X-FORWARD settings.
Using traefik to process different domain request in the docker level. E.g. you have several docker containers on your host…
To set up docker based https trafic rooter we recommend using traefik2.x in another container:
https://gitlab.com/openbiomaps/docker/traefik2.0-proxy
And update your docker-compose.yml file to communicate with traefik:
networks:
traefik20_default:
external: true
#obm_web:
# external: true
services:
app:
....
# Do not use ports, traefik provides them!!!
# ports:
# - 80:80
# - 443:443
networks:
- obm_back
#- obm_web
- traefik20_default
labels:
- traefik.enable=true
- traefik.docker.network=traefik20_default
- traefik.http.routers.obm-secured.rule=Host(`YOUR_DOMAIN`)
- traefik.http.routers.obm-secured.entrypoints=https
- traefik.http.routers.obm-secured.middlewares=hsts@file
- traefik.http.routers.obm-secured.tls.certresolver=letsencrypt
- "traefik.http.middlewares.obm-biotika-redirect.redirectregex.regex=^https?://biotika.YOURDOMAIN(.*)"
- "traefik.http.middlewares.obm-biotika-redirect.redirectregex.replacement=https://YOUR_DOMAIN/projects/YOURPROJECT/"
- traefik.http.middlewares.obm-biotika-redirect.redirectregex.permanent=true
phppgadmin:
...
networks:
#- obm_web
- obm_back
- traefik20_default
labels:
- "traefik.enable=true"
- "traefik.docker.network=traefik20_default"
- "traefik.http.routers.obm-pgadmin.rule=Host(`phppgadmin.YOURDOMAIN`)"
- "traefik.http.routers.obm-pgadmin.entrypoints=https"
- "traefik.http.routers.obm-pgadmin.tls.certresolver=letsencrypt"
- "traefik.http.services.obm-pgadmin.loadbalancer.server.port=8080"
volumes:
...
traefik20_letsencrypt:
external: true
This latter example is maybe not complete yet…
If you provide Postgres access you also need to set up SSL over Postgres
If you have Traefik you can configure SSL access there. In another case, you can give SSL certs for your database container and set up Postgres to accept connection only through SSL.
docker-compose.yml:
services:
...
biomaps_db:
volumes:
- /PATH_TO_CERTS/ssl.cert:/etc/ssl/certs/YOURDOMAIN.cert
- /PATH_TO_CERTS/ssl.key:/etc/ssl/certs/YOURDOMAIN.key
- ./postgresql.conf:/var/lib/postgresql/data/postgresql.conf
- ./pg_hba.conf:/var/lib/postgresql/data/pg_hba.conf
In biomaps_db container: /…./pg_hba.conf:
hostssl all all all md5
/…./postgres.conf:
ssl = on
ssl_cert_file = '/etc/ssl/certs/YOURDOMAIN.cert'
ssl_key_file = '/etc/ssl/certs/YOURDOMAIN.key'
You can try your postgres connection without ssl:
psql "postgresql://gisadmin@YOURDMAIN:5432/gisdata?sslmode=disable"
If your SSL require works, you will get an error message like this:
psql: FATAL: no pg_hba.conf entry for host “xxxxxxx”, user “gisadmin”, database “gisdata”, SSL off
Docker maintenance¶
Stopping docker¶
foo@bar:~$ docker-compose down
Drop everything (including data and databases)¶
foo@bar:~$ docker-compose down -v
Shell access of the system in the container image¶
foo@bar:~$ docker-compose exec app bash
Here we accessed the app service. See service names in docker-compose.yml file.
Reading logs¶
foo@bar:~$ docker-compose logs -f app
Using pgtop¶
docker-compose exec -u postgres
Restart app¶
Do not restart Apache from the Docker shell, but from outside
foo@bar:~$ docker-compose restart app
Remove huge amounts of old, not used docker images¶
Do we have a lot?
docker images | grep "<none>"
Let’s drop them…
docker images | grep "<none>" | awk '{print $3}' | sed -e 's/^/docker rmi /' | bash
You may need to edit the traefik2.0/traefik.yml, traefik2.0/docker-compose.yml, and traefik2.0/acme.json files
Auto update of docker¶
https://github.com/OpenBioMaps/scripts/blob/master/docker-auto-update.readme
Archive tables, data, …¶
For scripts follow this repo:
https://github.com/OpenBioMaps/scripts
use this to set up a periodic sql dumps of important tables: archive.sh
crontab setting examples for archive.sh¶
#dumping normal tables from Monday to Saturday
15 04 * * 1-6 /root/archive.sh normal &
#dumping all tables and whole databases on every Sunday
15 04 * * 7 /root/archive.sh full &
Example settings in obm_archive_settings.sh¶
#path of table list
table_list="${HOME}/.archive_list.txt"
#postgres parameters
project_database="gisdata"
system_database="biomaps"
admin_user="gisadmin"
archive_path="/home/archives"
pgport="5432"
pg_dump="pg_dump -p $pgport"
psql="psql -p $pgport"
#FOR DOCKER based OBM systems
#docker="/usr/bin/docker-compose -f /path/to/docker-compose.yml exec -T"
#pg_dump="$docker biomaps_db pg_dump -p $pgport"
#psql="$docker biomaps_db psql -p $pgport"
#table dayof_week dayofmonth month
#foo at every day
#foo * * *
#bar every Monday
#bar 1 * *
#casbla at every 1st day of every June
#casbla * 1 6
Dumping table from the database using docker¶
docker-compose exec -T biomaps_db bash -c “pg_dump -U biomapsadmin –table public.YOUR_TABLE gisdata” > YOUR_TABLE.sql
Not docker: VirtualBox (outdated!!!)¶
The VirtualBox edition currently is outdated, not recommended to use it!
Download VirtualBox from https://www.virtualbox.org/wiki/Downloads
Download the latest .ova image from http://openbiomaps.org/downloads
Read this readme for the next steps: http://openbiomaps.org/downloads/virtual-image/README