Canvas RCE API is not working

[qq7]

As described in these forum threads:
https://community.bitnami.com/t/rich-content-editor-and-passenger/70780/4
https://community.canvaslms.com/thread/35404-files-tab-inactive-in-rich-content-editor-while-editing-pages

[thattejada]

Hi @qq7, are you using a self hosted installation of Canvas + RCE API?
If you open the browser inspector what does it show in a request like https://<your_canvas_host>/rce/api/folders/<any_id>?

[qq7]

Hi @diegotejadav, I am using self hosted Canvas and RCE API through Apache Passenger.
Opening this request returns error 404

[thattejada]

@qq7 What URL is calling the /rce/api/folders/ network request?

[qq7]

@diegotejadav https://canvas.jeremydavis.org/api/folders?contextType=course&contextId=1

[thattejada]

@qq7 how are you running the RCE service?
In our case we configured the rce api endpoint as /rce/api
We run the rce as a service and it runs at 127.0.0.1:3000
We edited /etc/apache2/sites-available/canvas.conf
and configured ProxyPass /rce/ http://127.0.0.1:3000/ before the <VirtualHost *:80> and <VirtualHost *:443> closing tags.

Also we needed to include manually the changes shown here in this pending pull request #5
And everything is working well.

[mesutaydemir]

Hi @diegotejadav
I've a self-hosted instance of canvas as test environment. As you must have guessed the Wiki sidebar containing Links, Files and Images tabs is not working.

1. On the same server I installed canvas-rce-api with the following command:

sudo docker run -d --name rce -p 3000:80 -e NODE_ENV=production -e VIRTUAL_HOST=127.0.0.1 -e ECOSYSTEM_KEY=astringthatisactually32byteslong -e ECOSYSTEM_SECRET=astringthatisactually32byteslong -e STATSD_PORT=8125 -e STATSD_HOST=127.0.0.1 instructure/canvas-rce-api

2. I added the following within server block both under 80 and 443 server blocks (using nginx not apache)

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded_Proto $scheme;
proxy_redirect off;
proxy_pass http://127.0.0.1:3000;
proxy_read_timeout 300s;
proxy_send_timeout 300s;

3. edited app/api/packageBookmark.js within docker as suggested in Added the RCE_API_HOST environment variable #5

4. curl -k http://localhost:3000/rce and https://<my_canvas_host>/rce returns Hello, from RCE Service

5. Part of my dynamic_settings.yml config is as follows:
   canvas:
   encryption-secret: "astringthatisactually32byteslong"
   signing-secret: "astringthatisactually32byteslong"
   rich-content-service:
   app-host: "http://127.0.0.1:3000"

6. https://<my_canvas_host>/rce/api/folders/ returns "Cannot GET /rce/api/folders/"

7. When I inspect network tab on firefox, I get 404 for the following 2 items:

Request URL:https://<my_canvas_host>/api/session
Request method:GET
Remote address:xxx.xxx.xx.xxx:443
Status code:
404
Version:HTTP/1.1
Referrer Policy:strict-origin-when-cross-origin

Request URL:https://<my_canvas_host>/api/folders?contextType=course&contextId=1
Request method:GET
Remote address:xxx.xxx.xx.xxx:443
Status code:
404
Version:HTTP/1.1
Referrer Policy:strict-origin-when-cross-origin

What am I doing wrong, any suggestion would be appreciated.

[qq7]

Hi @diegotejadav,
I am running Canvas with Apache and Open Source Passenger Standalone. When I try to implement your suggestion, putting ProxyPass before VirtualHost closing tag and try reaching example.com/rce/ it shows canvas page with a "Page not found" message.

Also, I've tried setting RCE_API_HOST to example.com:3002 which worked properly in a local installation without https and run with forever, but on a live server with Passenger it gives the following error.

[rkanka21]

are there any updates on this??

[mesutaydemir]

Still struggling :)

[D2Online]

Has anybody here managed to get this working? I'm running a standalone Canvas instance as per the 'Production Start' (not Docker container).

So far I've got the canvas-rce-api service up and running via node.js and use Apache to proxy requests to it from Canvas. All seems to be set up correctly but I'm getting a 401 Unauthorised error when opening the images/files tabs. If I visit https://canvas.mydomain.com/rce I see the message Hello, from RCE Service. If I visit https://canvas.mydomain.com/rce/api/folders I get the message Authorization token required. Any help with this would be really appreciated!

Here are the steps I've taken so far:

1. Installed canvas-rce-api Node app explained here http://www.programmersought.com/article/3729940188/

2. Updated dynamic _settings.yml with the following:

production:
  config:
    canvas:
      canvas:
        encryption-secret:"32BYTESTRING"
        signing-secret:"32BYTESTRING"
      rich-content-service:
        app-host: "https://canvas.mydomain.com/rce"

3. Updated Apache config (/etc/apache2/sites-enabled/canvas.conf) with the following at the end of the file:

ProxyRequests Off
<Proxy *>
    Order deny, allow
    Deny from all
    Allow from 127.0.0.1
</Proxy>
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/rce
RewriteRule ^(.*)$ /rce?url=$1 [P]
SSLProxyEngine on
ProxyPass /rce http://localhost:3000 retry=1 acquire=3000 timeout=600 keepalive=On

[D2Online]

I've managed to get this working, it turns out my keys were the wrong way around. For anyone who may have the same trouble:

ECOSYSTEM_SECRET = signing-secret
ECOSYSTEM_KEY = encryption-secret

I'm not sure if this was clear in the docs or not, it may have just been me overlooking / reading the docs wrong.

If you have a similar setup to me and can't get this working let me know and I'll send you all of my config.

[thattejada]

@mesutaydemir, we're using the our selfhosted standalone Canvas deployment, we're not using Docker, so I haven't much to advice.
@DRiversVoyage Our .env config has:

PORT=3000
NODE_ENV=production
RCE_API_HOST=https://<our_domain>/rce/api
STATSD_HOST=127.0.0.1
HOST=128.0.0.1
STATSD_PORT=8125
STATS_PREFIX=rceapi
ECOSYSTEM_SECRET="<A_SECRET_KEY>"
ECOSYSTEM_KEY="<A_SECRET_KEY>"
FLICKR_API_KEY="<A_SECRET_KEY>"

Our Canvas apache conf:

<VirtualHost *:80>
  ServerName <SERVER_DOMAIN>
  ServerAlias <SERVER_DOMAIN>
  ServerAdmin <A_COOL_EMAIL>
  DocumentRoot /var/canvas/public
  ErrorLog /var/log/apache2/canvas_errors.log
  LogLevel warn
  CustomLog /var/log/apache2/canvas_access.log combined
  SetEnv RAILS_ENV production
  XSendFile On
  XSendFilePath /var/canvas
  <Directory /var/canvas/public>
    Options All
    AllowOverride All
    Require all granted
  </Directory>
  ProxyPass /rce/ http://127.0.0.1:3000/
</VirtualHost>
<VirtualHost *:443>
  ServerName <SERVER_DOMAIN>
  ServerAlias <SERVER_DOMAIN>
  ServerAdmin <A_COOL_EMAIL>
  DocumentRoot /var/canvas/public
  ErrorLog /var/log/apache2/canvas_errors.log
  LogLevel warn
  CustomLog /var/log/apache2/canvas_ssl_access.log combined
  SSLEngine on
  BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
  # the following ssl certificate files are generated for you from the ssl-cert package.
  SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
  SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
  SetEnv RAILS_ENV production
  XSendFile On
  XSendFilePath /var/canvas
  <Directory /var/canvas/public>
    Options All
    AllowOverride All
    Require all granted
  </Directory>
  ProxyPass /rce/ http://127.0.0.1:3000/
</VirtualHost>

And to enable ProxyPass on Apache:

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
sudo service apache2 restart

[Aetherus]

I agree with @DRiversVoyage . The documentation definitely needs improvement.

[sodiumchl]

The following is simpler solution for single server installation (without having to patch RCE):

Added to Apache2 conf:

Listen 3000
<VirtualHost *:3000>
  ServerName my.domain.com
  ServerAlias localhost 

  SSLEngine on
  SSLCertificateKeyFile /etc/ssl/xxxx.key
  SSLCertificateFile /etc/ssl/xxxx.crt
  SSLCertificateChainFile /etc/ssl/xxxx.ca-bundle

  PassengerAppRoot /var/canvas-rce-api
  PassengerAppType node
  PassengerStartupFile app.js
</VirtualHost>

/var/canvas/config/dynamic_settings.yml

production:
  config:
    canvas:
      canvas:
        encryption-secret: "mysecrete-afdasdfsadfdsafsda"
        signing-secret: "mysecrete-afdasdfsadfdsafsda"
      rich-content-service:
        app-host: "my.domain.com:3000"

/var/canvas-rce-api/.env

PORT=3000
NODE_ENV=production
STATSD_HOST=127.0.0.1
STATSD_PORT=8125
STATS_PREFIX=rceapi
ECOSYSTEM_SECRET="mysecrete-afdasdfsadfdsafsda"
ECOSYSTEM_KEY="mysecrete-afdasdfsadfdsafsda"
CIPHER_PASSWORD="Notused"

[daeynasvistas]

well .. same problem.

1. i get "Hello, from RCE Service" from https://canvas.domain.com/rce
2. i get "Authorization token required" from https://canvas.domain.com/rce/api/folders/5

when try to do something with RCE
Request URL:https://canvas.domain.com/api/session -> 404
(Failed to load resource: the server responded with a status of 404 (Not Found))

196 TypeError_ Cannot read property 'length' of undefined

And in browser:
error "Cannot read property 'length' of undefined"

my setup:

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
sudo service apache2 restart

/etc/apache2/sites-enabled/canvas.conf

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/rce
RewriteRule ^(.*)$ /rce?url=$1 [P]
SSLProxyEngine on
ProxyPass /rce http://localhost:3000 retry=1 acquire=3000 timeout=600 keepalive=On

dynamic _settings.yml

production:
  config:
    canvas:
      canvas:
        encryption-secret:"32BYTESTRING"
        signing-secret:"32BYTESTRING"
      rich-content-service:
        app-host: "https://canvas.domain.com/rce"

/canvas/canvas-rce-api/.env

PORT=3000
NODE_ENV=production
RCE_API_HOST=https://canvas.domain.com/rce
STATSD_HOST=127.0.0.1
HOST=128.0.0.1
STATSD_PORT=8125
STATS_PREFIX=rceapi
ECOSYSTEM_SECRET="32BYTESTRING"
ECOSYSTEM_KEY="32BYTESTRING"

[D2Online]

well .. same problem.

1. i get "Hello, from RCE Service" from https://canvas.domain.com/rce
2. i get "Authorization token required" from https://canvas.domain.com/rce/api/folders/5

when try to do something with RCE
Request URL:https://canvas.domain.com/api/session -> 404
(Failed to load resource: the server responded with a status of 404 (Not Found))

196 TypeError_ Cannot read property 'length' of undefined

And in browser:
error "Cannot read property 'length' of undefined"

my setup:

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
sudo service apache2 restart

/etc/apache2/sites-enabled/canvas.conf

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/rce
RewriteRule ^(.*)$ /rce?url=$1 [P]
SSLProxyEngine on
ProxyPass /rce http://localhost:3000 retry=1 acquire=3000 timeout=600 keepalive=On

dynamic _settings.yml

production:
  config:
    canvas:
      canvas:
        encryption-secret:"32BYTESTRING"
        signing-secret:"32BYTESTRING"
      rich-content-service:
        app-host: "https://canvas.domain.com/rce"

/canvas/canvas-rce-api/.env

PORT=3000
NODE_ENV=production
RCE_API_HOST=https://canvas.domain.com/rce
STATSD_HOST=127.0.0.1
HOST=128.0.0.1
STATSD_PORT=8125
STATS_PREFIX=rceapi
ECOSYSTEM_SECRET="32BYTESTRING"
ECOSYSTEM_KEY="32BYTESTRING"

@daeynasvistas i think this is the issue I had, try switching the key and secret values round. I’ll look at your code vs my code tomorrow and see if I can spot anything obvious.

[daeynasvistas]

thanks @DRiversVoyage .. i was able to pass that problem!!
My bad.. like allways.
In the middle os the try catch i remove dynamic _settings.yml and replace it with original dynamic _settings.yml.example

I didnt replace development: by production: (sorry about that)

the examples above did work has expected

Ok now i have https://canvas.domkain.com/rce that kick on but.. another problem with SSSL certificate

my new error
(node:2619) UnhandledPromiseRejectionWarning: RequestError: Error: unable to verify the first certificate

I have a reverse proxy with my site certificate on it .. i dont have certificate on the actual server, thats probably the problem

[daeynasvistas]

Just for the record .. i was able to bypass the Certificate error
(node:2619) UnhandledPromiseRejectionWarning: RequestError: Error: unable to verify the first certificate

with this env setting in /canvas/canvas-rce-api/.env
NODE_TLS_REJECT_UNAUTHORIZED="0"

probably not good in production .. i will rebuild server and add certificate. But for testing, all good now

[sjnhnp]

thanks @DRiversVoyage .. i was able to pass that problem!!
My bad.. like allways.
In the middle os the try catch i remove dynamic _settings.yml and replace it with original dynamic _settings.yml.example

I didnt replace development: by production: (sorry about that)

the examples above did work has expected

Ok now i have https://canvas.domkain.com/rce that kick on but.. another problem with SSSL certificate

my new error
(node:2619) UnhandledPromiseRejectionWarning: RequestError: Error: unable to verify the first certificate

I have a reverse proxy with my site certificate on it .. i dont have certificate on the actual server, thats probably the problem

May I ask how did you solve the rce problem in the end, can you specifically describe your configuration?

[D2Online]

May I ask how did you solve the rce problem in the end, can you specifically describe your configuration?

@sjnhnp What's the issue you are having?

[sjnhnp]

May I ask how did you solve the rce problem in the end, can you specifically describe your configuration?

@sjnhnp What's the issue you are having?

well .. same problem.

i get "Hello, from RCE Service" from https://canvas.domain.com/rce
i get "Authorization token required" from https://canvas.domain.com/rce/api/folders/5

when try to do something with RCE
Request URL:https://canvas.domain.com/api/session -> 404
(Failed to load resource: the server responded with a status of 404 (Not Found))

[D2Online]

May I ask how did you solve the rce problem in the end, can you specifically describe your configuration?

@sjnhnp What's the issue you are having?

well .. same problem.

i get "Hello, from RCE Service" from https://canvas.domain.com/rce
i get "Authorization token required" from https://canvas.domain.com/rce/api/folders/5

when try to do something with RCE
Request URL:https://canvas.domain.com/api/session -> 404
(Failed to load resource: the server responded with a status of 404 (Not Found))

I solved this in my setup by switching the ECOSYSTEM_SECRET and ECOSYSTEM_KEY values. Have you tried this? It looks like everything else is setup correctly if you are getting 'Hello, from RCE service'.

ECOSYSTEM_SECRET = signing-secret
ECOSYSTEM_KEY = encryption-secret

[sjnhnp]

/canvas/canvas-rce-api/.env
/var/canvas/config/dynamic_settings.yml
/etc/apache2/sites-enabled/canvas.conf

what isyour configuration

May I ask how did you solve the rce problem in the end, can you specifically describe your configuration?

@sjnhnp What's the issue you are having?

well .. same problem.

i get "Hello, from RCE Service" from https://canvas.domain.com/rce
i get "Authorization token required" from https://canvas.domain.com/rce/api/folders/5

when try to do something with RCE
Request URL:https://canvas.domain.com/api/session -> 404
(Failed to load resource: the server responded with a status of 404 (Not Found))

I solved this in my setup by switching the ECOSYSTEM_SECRET and ECOSYSTEM_KEY values. Have you tried this? It looks like everything else is setup correctly if you are getting 'Hello, from RCE service'.

ECOSYSTEM_SECRET = signing-secret
ECOSYSTEM_KEY = encryption-secret

[D2Online]

var/canvas-rce-api/.env

RCE_API_HOST="https://canvas.mydomain.com:3000"
PORT=3000
NODE_ENV=production
STATSD_HOST=127.0.0.1
STATSD_PORT=8125
STATS_PREFIX=rceapi
ECOSYSTEM_SECRET=signing-secret
ECOSYSTEM_KEY=encryption-secret
CIPHER_PASSWORD=TEMP_PASSWORD
UNSPLASH_APP_ID= "UNSPLASH_APPID"
UNSPLASH_SECRET= "UNSPLASH_SECRET"
UNSPLASH_APP_NAME= "Canvas LMS"

/var/canvas/config/dynamic_settings.yml

production:
  config:
    canvas:
      canvas:
        signing-secret: "ECOSYSTEM_SECRET"
        encryption-secret: "ECOSYSTEM_KEY"
      rich-content-service:
        app-host: "https://canvas.mydomain.com/rce"

/etc/apache2/sites-enabled/canvas.conf (added to bottom of file, after last VirtualHost)

ProxyRequests Off
ProxyPreserveHost On
<Proxy *>
	Order deny,allow
	Deny from all
	Allow from  all
</Proxy>

<LocationMatch "/rce">
ProxyPass  http://127.0.0.1:3000 keepalive=On
ProxyPassReverse http://127.0.0.1:3000
SetEnv proxy-chain-auth On
ProxyAddHeaders Off
</LocationMatch>

SSLProxyEngine on

[sjnhnp]

Is there any modification to the rce file? in #5

and need？

sudo a2enmod proxy
sudo a2enmod proxy_http
sudo a2enmod proxy_balancer
sudo a2enmod lbmethod_byrequests
sudo service apache2 restart

[D2Online]

my packageBookmark.js file

"use strict";

const querystring = require("querystring");

// package bookmark from canvas to be embedded as a query parameter to the same
// path as the current request, and with all the same query parameters as the
// current request (except replacing any existing bookmark)
function packageBookmark(request, bookmark) {
  if (bookmark) {
    const path = request.baseUrl + request.path;
    const query = Object.assign({}, request.query, { bookmark });
    const qs = querystring.stringify(query);
//    return `${request.protocol}://${request.get("Host")}${path}?${qs}`;
    const myUrl = process.env.RCE_API_HOST || request.get("Host");
    return `${request.protocol}://${myUrl}${path}?${qs}`;
  } else {
    return null;
  }
}

module.exports = packageBookmark;

Loaded Modules

proxy_module
proxy_http_module

[sjnhnp]

my packageBookmark.js file

"use strict";

const querystring = require("querystring");

// package bookmark from canvas to be embedded as a query parameter to the same
// path as the current request, and with all the same query parameters as the
// current request (except replacing any existing bookmark)
function packageBookmark(request, bookmark) {
  if (bookmark) {
    const path = request.baseUrl + request.path;
    const query = Object.assign({}, request.query, { bookmark });
    const qs = querystring.stringify(query);
//    return `${request.protocol}://${request.get("Host")}${path}?${qs}`;
    const myUrl = process.env.RCE_API_HOST || request.get("Host");
    return `${request.protocol}://${myUrl}${path}?${qs}`;
  } else {
    return null;
  }
}

module.exports = packageBookmark;

Loaded Modules

proxy_module
proxy_http_module

thank you

and what is your app/api/folders.js

[sjnhnp]

display：

We're sorry, but something went wrong.

We've been notified about this issue and we'll take a look at it shortly.

[D2Online]

display：

We're sorry, but something went wrong.

We've been notified about this issue and we'll take a look at it shortly.

I don’t think I changed folders.js but will check for you next time I’m on the server.

Did you receive an email with more details about this error? Does anything show up in error_reports?

[sjnhnp]

display：
We're sorry, but something went wrong.
We've been notified about this issue and we'll take a look at it shortly.

I don’t think I changed folders.js but will check for you next time I’m on the server.

Did you receive an email with more details about this error? Does anything show up in error_reports?

I want to ask you a question, I want to change the port 80 to 8080 where apache2 listens,

I modified canvas.conf
ports.conf

But can't open the webpage

[D2Online]

Why port 8080? In our school port 8080 is where all web traffic is sent to be filtered. We set up custom firewall rules to allow incoming and outgoing traffic to our server IP on ports 80 and 443. All other ports we use for canvas (3000,3001 etc) are proxied so don’t need opening on our firewall.

[sjnhnp]

yes,

but i change listen 80 to listen 8080,
and change VirtualHost *:8080
and restart apache

i cant open my website

[D2Online]

yes,

but i change listen 80 to listen 8080,
and change VirtualHost *:8080
and restart apache

i cant open my website

Could be your firewall is blocking port 8080, are you behind a firewall by any chance?

[sjnhnp]

ufw disable

[D2Online]

Can you access by going to http://localhost:8080 on the server itself? (Make sure localhost is in the VirtualHost as a ServerAlias)

[D2Online]

ufw disable

This will only disable the firewall on the machine. If you’re on a corporate or school network you’ll most likely have a firewall on the router. Who’s your ISP?

[sjnhnp]

I can know your email or other communication tools？

[D2Online]

I can know your email or other communication tools？

I’ve set up a workspace over on Slack, you can use the link below to join. https://join.slack.com/t/canvasdevelopers/shared_invite/zt-ds5n7px2-4QsENKWbOod8OJv6wCc7KA

[jdeisenberg]

Also getting Authorization token required after doing setup as in #6 (comment)

Since I am running this locally, both my secrets are identical and the default astringthatisactually32byteslong, so the order of the keys should not matter.

[D2Online]

Also getting Authorization token required after doing setup as in #6 (comment)

Since I am running this locally, both my secrets are identical and the default astringthatisactually32byteslong, so the order of the keys should not matter.

That’s the expected result as you are not providing a token. What do you get when opening the rce in Canvas?

Feel free join the slack workspace above, trying to build a community of Canvas devs where we can help each other out.

[krishna543019]

I had similar problem, i.e. Cannot read property 'length' of undefined"

I was using nginx with puma, and puma was running at 3000 port,

Later once i install the rce node app under 3001 port and updated the dynamic_settings.yml and rce .env file, it started to show 401 unauth error,

I was struggling in this error for 2 entire days, later it got fixed adding secret and encrypted keys to dynamic_settings.yml file

Thanks

[clapman]

Bitnami Canvas LMS > Apache Reverse SSL Proxy > Legacy & Enhanced RCE-API (Port 3001)

Found the following combination to work for Let's Encrypt SSL with Public NAT.

/opt/bitnami/apps/canvaslms/canvas-rce-api/.env

RCE_API_HOST="https://my.domain:3000"
PORT=3001
NODE_ENV=production
STATSD_HOST=127.0.0.1
STATSD_PORT=8125
STATS_PREFIX=rceapi
ECOSYSTEM_SECRET="astringthatisactually32byteslong"
ECOSYSTEM_KEY="astringthatisactually32byteslong"

/opt/bitnami/apps/canvaslms/htdocs/config/dynamic_settings.yml

production:
  config:
    canvas:
      canvas:
        signing-secret: "astringthatisactually32byteslong"
        encryption-secret: "astringthatisactually32byteslong"
      rich-content-service:
              app-host: "https://my-domain:3000"

/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf

TraceEnable off
ProxyRequests Off
ProxyPreserveHost On

Listen 3000
<VirtualHost *:3000>
  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache2/conf/my-domain.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache2/conf/my-domain.key"

  ProxyPass / http://127.0.0.1:3001/ keepalive=On
  ProxyPassReverse / http://127.0.0.1:3001/
</VirtualHost>

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/rce
RewriteRule ^(.*)$ /rce?url=$1 [P]
SSLProxyEngine on
ProxyPass /rce http://localhost:3001/ retry=1 acquire=3000 timeout=600 keepalive=On
ProxyPassReverse /rce http://localhost:3001

[kerimcalik]

I applied all of these settings but I keep getting api/session 404 error

[D2Online]

I applied all of these settings but I keep getting api/session 404 error

Hi kerimcalik, if you join the slack workspace above we’ll see if we can help :-)

[kerimcalik]

I applied all of these settings but I keep getting api/session 404 error

Hi kerimcalik, if you join the slack workspace above we’ll see if we can help :-)

what is slack address

[D2Online]

I applied all of these settings but I keep getting api/session 404 error

Hi kerimcalik, if you join the slack workspace above we’ll see if we can help :-)

what is slack address

https://join.slack.com/t/canvasdevelopers/shared_invite/zt-f2ktnk4w-P30p203kMdmOtIvUJS8yZA

[churnd]

Sharing here because I found this thread while googling. We have Canvas + RCE running on an Ubuntu instance proxied by nginx running behind a load balancer, with the load balancer handling SSL. This is what is working for us:

server {
    listen      80;
    server_name _;
    root /opt/canvas/public;
        charset utf-8;
        include mime.types;
        default_type application/octet-stream;
    access_log /var/log/nginx/canvas.access.log;
    error_log /var/log/nginx/canvas.error.log;
    passenger_enabled on;
    rails_env production;
    location /rce {
    	rewrite /rce/(.*) /$1  break;
	proxy_pass         http://localhost:3000;
	proxy_redirect     off;
	proxy_set_header   Host $host;
	proxy_read_timeout 300s;
	proxy_send_timeout 300s;
    }
}

Key config that I see most people missing is rewrite /rce/(.*) /$1 break;. Hope this helps someone!

[xzykz22]

Has anyone achieved anything? I have this problem too.

[juniorojha]

I am facing the same problem guys, is there a clear documentation to get the current version of canvas-rce-api to work with canvas?

[DocStem]

@juniorojha @D2Online has outline above the most detailed explanation I have ever seen anywhere.

@clapman has almost an identical solution but modified for Vhost because that is what Bitnami uses instead of . (I have never gotten @clapman solution to work, I always encounter a CORs issue) My problem with @clapman solution is there are details missing associated with Bitnami configuration.

I am not sure I am the right person to give you all the information you need, but first you need to outline what Ball Park and row you sit in.
Point 1 needs to be What is your setup? Installed 1 Server or Multiple (Is Canvas on the same server as RCE)
Point 2 how was your RCE installed, (Docker or npm)
Point 3 Public IP / Domain with NAT (or without)

[D2Online]

@juniorojha @D2Online has outline above the most detailed explanation I have ever seen anywhere.

@clapman has almost an identical solution but modified for Vhost because that is what Bitnami uses instead of . (I have never gotten @clapman solution to work, I always encounter a CORs issue) My problem with @clapman solution is there are details missing associated with Bitnami configuration.

I am not sure I am the right person to give you all the information you need, but first you need to outline what Ball Park and row you sit in.
Point 1 needs to be What is your setup? Installed 1 Server or Multiple (Is Canvas on the same server as RCE)
Point 2 how was your RCE installed, (Docker or npm)
Point 3 Public IP / Domain with NAT (or without)

Cheers for the mention @DocStem!

@juniorojha join our slack channel #rce-api here https://join.slack.com/t/canvasdevelopers/shared_invite/zt-f2ktnk4w-P30p203kMdmOtIvUJS8yZA you may find some answers in the previous threads, or ask other members for some help. Pretty sure everyone who has joined for assistance getting rce set up now has it working thanks to the members there.

[qq7]

Since RCE API has proved to be working I am closing this issue in favor of the newer one regarding configuration: #12

[firmanhadi]

Bitnami Canvas LMS > Apache Reverse SSL Proxy > Legacy & Enhanced RCE-API (Port 3001)

Found the following combination to work for Let's Encrypt SSL with Public NAT.

/opt/bitnami/apps/canvaslms/canvas-rce-api/.env

RCE_API_HOST="https://my.domain:3000"
PORT=3001
NODE_ENV=production
STATSD_HOST=127.0.0.1
STATSD_PORT=8125
STATS_PREFIX=rceapi
ECOSYSTEM_SECRET="astringthatisactually32byteslong"
ECOSYSTEM_KEY="astringthatisactually32byteslong"

/opt/bitnami/apps/canvaslms/htdocs/config/dynamic_settings.yml

production:
  config:
    canvas:
      canvas:
        signing-secret: "astringthatisactually32byteslong"
        encryption-secret: "astringthatisactually32byteslong"
      rich-content-service:
              app-host: "https://my-domain:3000"

/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf

TraceEnable off
ProxyRequests Off
ProxyPreserveHost On

Listen 3000
<VirtualHost *:3000>
  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache2/conf/my-domain.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache2/conf/my-domain.key"

  ProxyPass / http://127.0.0.1:3001/ keepalive=On
  ProxyPassReverse / http://127.0.0.1:3001/
</VirtualHost>

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/rce
RewriteRule ^(.*)$ /rce?url=$1 [P]
SSLProxyEngine on
ProxyPass /rce http://localhost:3001/ retry=1 acquire=3000 timeout=600 keepalive=On
ProxyPassReverse /rce http://localhost:3001

Thank you very much, I have finally made it works based on your configuration.

[serveradmin247]

I've managed to get this working, it turns out my keys were the wrong way around. For anyone who may have the same trouble:

ECOSYSTEM_SECRET = signing-secret
ECOSYSTEM_KEY = encryption-secret

I'm not sure if this was clear in the docs or not, it may have just been me overlooking / reading the docs wrong.

If you have a similar setup to me and can't get this working let me know and I'll send you all of my config.

This is the Golden answer
Spent a lot of time on this!

[adeel-raza]

Bitnami Canvas LMS > Apache Reverse SSL Proxy > Legacy & Enhanced RCE-API (Port 3001)

Found the following combination to work for Let's Encrypt SSL with Public NAT.

/opt/bitnami/apps/canvaslms/canvas-rce-api/.env

RCE_API_HOST="https://my.domain:3000"
PORT=3001
NODE_ENV=production
STATSD_HOST=127.0.0.1
STATSD_PORT=8125
STATS_PREFIX=rceapi
ECOSYSTEM_SECRET="astringthatisactually32byteslong"
ECOSYSTEM_KEY="astringthatisactually32byteslong"

/opt/bitnami/apps/canvaslms/htdocs/config/dynamic_settings.yml

production:
  config:
    canvas:
      canvas:
        signing-secret: "astringthatisactually32byteslong"
        encryption-secret: "astringthatisactually32byteslong"
      rich-content-service:
              app-host: "https://my-domain:3000"

/opt/bitnami/apache2/conf/bitnami/bitnami-apps-vhosts.conf

TraceEnable off
ProxyRequests Off
ProxyPreserveHost On

Listen 3000
<VirtualHost *:3000>
  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache2/conf/my-domain.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache2/conf/my-domain.key"

  ProxyPass / http://127.0.0.1:3001/ keepalive=On
  ProxyPassReverse / http://127.0.0.1:3001/
</VirtualHost>

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/rce
RewriteRule ^(.*)$ /rce?url=$1 [P]
SSLProxyEngine on
ProxyPass /rce http://localhost:3001/ retry=1 acquire=3000 timeout=600 keepalive=On
ProxyPassReverse /rce http://localhost:3001

This was helpful it resolved the RCE issues on my install. Thanks!