Install Wekan Kanban on CentOS 7 / CentOS 8 with Let's Encrypt SSL | ComputingFo...
source link: https://computingforgeeks.com/install-wekan-kanban-on-centos-with-lets-encrypt/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Wekan is an Open Source kanban board application with the MIT license. Wekan is an unbeatable tool that helps you keep your things organized, be it Work tasks, planning for holidays, preparing a personal todo list, managing other people e.t.c. It gives you a visual overview of the current state of projects which guarantees your productivity by allowing you to focus on the few items that matter the most.
For Ubuntu users, follow the guide: How To Install Kanboard on Ubuntu with Nginx
Features of Wekan Kanban
- You can list of all your public and private boards using shortcuts at top of page
- Has a full screen or window on a desktop and full screen on mobile Firefox without a need for browser buttons
- You have Keyboard shortcuts button at the bottom right corner
- User management module
- You can restore an archived board
- You add, star, watch, archive and delete boards
- Import Trello board: Text, labels, images, comments, checklists. Not imported yet: stickers, etc.
- Export Wekan board
- Clipboard and drag and drop functions
- Provides a REST API
- Authentication, Admin Panel, SMTP Settings and many others.
The easiest way to install Wekan Kanban board platform on CentOS 8/7 server is by using snapd and snap package which are installed separately:
Step 1: Install snap on CentOS 7 / CentOS 8
Install snap on CentOS 8 / CentOS 7 Linux system by running the commands below:
sudo yum install yum-plugin-copr epel-release -y
sudo yum install snapdAccept installation prompts that follows:
Dependencies resolved.
==================================================================================================================================================================
Package Architecture Version Repository Size
==================================================================================================================================================================
Installing:
snapd x86_64 2.50-1.el8 epel 19 M
Upgrading:
selinux-policy noarch 3.14.3-67.el8 baseos 628 k
selinux-policy-targeted noarch 3.14.3-67.el8 baseos 15 M
Installing dependencies:
bash-completion noarch 1:2.7-5.el8 baseos 274 k
libpkgconf x86_64 1.4.2-1.el8 baseos 35 k
pkgconf x86_64 1.4.2-1.el8 baseos 38 k
pkgconf-m4 noarch 1.4.2-1.el8 baseos 17 k
pkgconf-pkg-config x86_64 1.4.2-1.el8 baseos 15 k
snap-confine x86_64 2.50-1.el8 epel 3.5 M
snapd-selinux noarch 2.50-1.el8 epel 413 k
Transaction Summary
==================================================================================================================================================================
Install 8 Packages
Upgrade 2 Packages
Total download size: 39 M
Is this ok [y/N]: yAlso import GPG keys required:
...
------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 17 MB/s | 39 MB 00:02
warning: /var/cache/dnf/epel-58cdbde1f9d6f0c0/packages/snap-confine-2.50-1.el8.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 2f86d6a1: NOKEY
Extra Packages for Enterprise Linux 8 - x86_64 1.6 MB/s | 1.6 kB 00:00
Importing GPG key 0x2F86D6A1:
Userid : "Fedora EPEL (8) <[email protected]>"
Fingerprint: 94E2 79EB 8D8F 25B2 1810 ADF1 21EA 45AB 2F86 D6A1
From : /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-8
Is this ok [y/N]: yOnce installed, the systemd unit that manages the main snap communication socket needs to be enabled:
sudo systemctl enable --now snapd.socketEnable classic snap support:
sudo ln -s /var/lib/snapd/snap /snapService Socket status should show as listening:
$ systemctl status snapd.socket
● snapd.socket - Socket activation for snappy daemon
Loaded: loaded (/usr/lib/systemd/system/snapd.socket; enabled; vendor preset: disabled)
Active: active (listening) since Sat 2021-06-05 16:00:34 UTC; 22s ago
Listen: /run/snapd.socket (Stream)
/run/snapd-snap.socket (Stream)
Tasks: 0 (limit: 11224)
Memory: 0B
CGroup: /system.slice/snapd.socket
Jun 05 16:00:34 centos. systemd[1]: Starting Socket activation for snappy daemon.
Jun 05 16:00:34 centos. systemd[1]: Listening on Socket activation for snappy daemon.Step 2: Install wekan on CentOS 8 / CentOS 7
Once the snap package is installed, use it to install wekan.
$ sudo snap install wekan
2021-06-05T16:02:19Z INFO Waiting for automatic snapd restart...
wekan 5.30 from Lauri Ojansivu (xet7) installedSet web URL root for wekan:
sudo snap set wekan root-url="https://wekan.example.com"You can run Wekan on standard http port 80 or on a different port like.3001 A custom port is useful when running Wekan behind a proxy like Nginx
sudo snap set wekan port='3001'
sudo systemctl restart snap.wekan.mongodb
sudo systemctl restart snap.wekan.wekanCheck for status
$ sudo ss -tunelp | grep 3001
tcp LISTEN 0 128 *:3001 *:* users:(("node",pid=25724,fd=14)) ino:4125584 sk:ffff8b01487ab640 <->
$ systemctl status snap.wekan.wekan
● snap.wekan.wekan.service - Service for snap application wekan.wekan
Loaded: loaded (/etc/systemd/system/snap.wekan.wekan.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2018-08-18 09:08:44 UTC; 8s ago
Main PID: 25621 (wekan-control)
CGroup: /system.slice/snap.wekan.wekan.service
├─25621 /bin/bash /snap/wekan/249/bin/wekan-control
└─25724 /snap/wekan/249/bin/node main.js
Aug 18 09:08:44 centos-01 wekan.wekan[25621]: BROWSER_POLICY_ENABLED=true (default value)
Aug 18 09:08:44 centos-01 wekan.wekan[25621]: TRUSTED_URL= (default value)
Aug 18 09:08:44 centos-01 wekan.wekan[25621]: MONGO_URL=mongodb:///var/snap/wekan/249/share/mongodb-27019.sock/wekan
Aug 18 09:08:45 centos-01 wekan.wekan[25621]: Presence started serverId=XxH7mx9v3uaiBPFTS
Aug 18 09:08:45 centos-01 wekan.wekan[25621]: Note: you are using a pure-JavaScript implementation of bcrypt.
Aug 18 09:08:45 centos-01 wekan.wekan[25621]: While this implementation will work correctly, it is known to be
Aug 18 09:08:45 centos-01 wekan.wekan[25621]: approximately three times slower than the native implementation.
Aug 18 09:08:45 centos-01 wekan.wekan[25621]: In order to use the native implementation instead, run
Aug 18 09:08:45 centos-01 wekan.wekan[25621]: meteor npm install --save bcrypt
Aug 18 09:08:45 centos-01 wekan.wekan[25621]: in the root directory of your application.Its systemd service unit file is /etc/systemd/system/snap.wekan.wekan.service
Disable and enable wekan service
Use the following snap commands to enable and disable wekan on CentOS 8 / CentOS 7 server.
sudo snap disable wekan
sudo snap enable wekanIf you use the mongodb port for another app, then, change it too:
sudo snap set wekan mongodb-port=27019Accessing MongoDB CLI for Administration
To use MongoDB CLI, you need to install MongoDB 3.2.x tools, and run on CLI:
$ mongo --port 27019Restart Wekan after changes
If you need to restart Wekan whenever you make changes, use the command:
sudo systemctl restart snap.wekan.wekanStep 3: Set Snap Auto-updates
Install all Snap updates automatically between 02:00 AM and 04:00 AM
snap set core refresh.schedule=02:00-04:00Automatic upgrades happen sometime after Wekan is released, or at a scheduled time, or with:
sudo snap refreshStep 4: Configure Wekan Email Settings (Optional)
Configure Admin notification email. This is optional since Wekan doesn’t need email configurations to function.
sudo snap set wekan mail-url='smtps://user:[email protected]:453'
sudo snap set wekan mail-from='Wekan Boards <[email protected]>'Step 5: Get Let’s Encrypt SSL certificate
Request for certbot ssl certificate that will be used on Wekan nginx configuration file. As port 80 is used for this, ensure it is open on the firewall:
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --reloadRequest for a certificate using scriptcertbot. Provide a valid email address for expiry notifications and a valid domain to be used for Wekan.
sudo yum -y install epel-release
sudo yum -y install certbot
export DOMAIN="wekan.example.com"
export EMAIL="[email protected]"
sudo certbot certonly --standalone -d $DOMAIN --preferred-challenges http --agree-tos -n -m $EMAIL --keep-until-expiringStep 6: Configure Nginx Proxy
Install Nginx which will serve as a Reverse proxy for Wekan.
sudo yum -y install nginxOnce installed, configure it like below:
sudo vim /etc/nginx/conf.d/wekan.confRemember and modify content to fit your use. An important setting to change is the Wekan domain name, so replace all occurrences of example.com with your domain name.
# this section is needed to proxy web-socket connections
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# HTTP
server {
listen 80; # if this is not a default server, remove "default_server"
listen [::]:80 ipv6only=on;
server_name wekan.example.com;
# redirect non-SSL to SSL
location / {
rewrite ^ https://wekan.example.com$request_uri? permanent;
}
}
# HTTPS server
server {
listen 443 ssl http2; # we enable HTTP/2 here (previously SPDY)
server_name wekan.example.com; # this domain must match Common Name (CN) in the SSL certificate
ssl_certificate /etc/letsencrypt/live/wekan.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wekan.example.com/privkey.pem;
# If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
# This works because IE 11 does not present itself as MSIE anymore
if ($http_user_agent ~ "MSIE" ) {
return 303 https://browser-update.org/update.html;
}
# Pass requests to Wekan.
# If you have Wekan at https://wekan.example.com/wekan , change location to:
# location /wekan {
location / {
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # allow websockets
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP
# this setting allows the browser to cache the application in a way compatible with Meteor
# on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
# the root path (/) MUST NOT be cached
#if ($uri != '/wekan') {
# expires 30d;
#}
}
}Where:
- wekan.example.com is replaced with the actual Wekan domain name
For the default Nginx configuration, here are the recommended settings:
user nginx;
worker_processes auto;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
server_tokens off;
set_real_ip_from 0.0.0.0/32; # All addresses get a real IP.
real_ip_header X-Forwarded-For;
limit_conn_zone $binary_remote_addr zone=arbeit:10m;
client_body_timeout 60;
client_header_timeout 60;
keepalive_timeout 10 10;
send_timeout 60;
reset_timedout_connection on;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1.2 TLSv1.1 TLSv1; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:30m;
ssl_session_timeout 1d;
ssl_ciphers ECDH+aRSA+AESGCM:ECDH+aRSA+SHA384:ECDH+aRSA+SHA256:ECDH:EDH+CAMELLIA:EDH+aRSA:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA;
ssl_ecdh_curve secp384r1;
ssl_stapling on;
ssl_stapling_verify on;
add_header X-XSS-Protection '1; mode=block';
add_header X-Frame-Options SAMEORIGIN;
add_header Strict-Transport-Security 'max-age=31536000';
add_header X-Content-Options nosniff;
add_header X-Micro-Cache $upstream_cache_status;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_buffers 16 8k;
gzip_comp_level 1;
gzip_http_version 1.1;
gzip_min_length 10;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf;
gzip_vary on;
gzip_proxied any; # Compression for all requests.
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}Start nginx service and enable it to start on boot:
$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfulIf config is OK, take it into use by starting nginx service:
sudo systemctl start nginx
sudo systemctl enable nginxYou can view wekan help page by running:
wekan.helpStep 7: Adding Wekan UI Users
Go to your Wekan URL like https://wekan.example.com/sign-up page. For a fresh installation, you need to signup to get admin account.
Register your username, email address, and password. The first user to be registered have admin privileges, and the next one will be normal users. If you want other admins too, you can change their permission to admin at Admin Panel.
Note: If you get some error about email settings, you can ignore it. WORKING EMAIL IS NOT REQUIRED. Wekan works without setting up email.
Once an account has been created. Login to Wekan at https://example.com/sign-in
Registering normal users:
By default, other users can register themselves by visiting the page https://example.com/sign-up and creating an account. If you would like to disable self-registration, navigate to Admin Panel > Settings > Registration > [X] Disable self-registration. Then invite new users to selected boards by email address.
Conclusion
This has marked the end of how to install Wekan Kanban board application on CentOS 7 / CentOS 8 server. We went further and configured Nginx reverse proxy with Letsencrypt SSL certificate. This setup is qualified to be deployed in Production environments.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK