5

Install Wekan Kanban Board system on Ubuntu 20.04|18.04

 2 years ago
source link: https://computingforgeeks.com/install-wekan-kanban-board-system-on-ubuntu/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Install Wekan Kanban Board system on Ubuntu 20.04|18.04
Search

This guide aims to cover complete installation of Wekan on Ubuntu 20.04/18.04 LTS. Wekan is a free and open source Trello-style Kanban Board system that helps you manage tasks and keep your stuff organized, plan for holidays, prepare a personal todo list, managing other people e.t.c.

Below are some key features of Wekan Kanban Board system:

  • You can list of all your public and private boards using shortcuts at top of page
  • Has a full screen or window on a desktop and full screen on mobile Firefox without a need for browser buttons
  • You have Keyboard shortcuts button at the bottom right corner
  • User management module
  • You can restore an archived board
  • You add, star, watch, archive and delete boards
  • Import Trello board: Text, labels, images, comments, checklists. Not imported yet: stickers, etc.
  • Export Wekan board
  • Clipboard and drag and drop functions
  • Provides a REST API
  • Authentication, Admin Panel, SMTP Settings, and many others.

Step 1: Install Snap on Ubuntu 20.04/18.04

The easiest way to install Wekan Kanban board tool on Ubuntu 20.04/18.04 is by using snap. If you’re new to Snap, check our guide on Installing Snap on Linux

Installation of snap on Ubuntu should be as easy as running

sudo apt update
sudo apt install snap

For CentOS users, check Install Wekan Open source Kanban on CentOS with Lets’s Encrypt

Step 2: Install Wekan on Ubuntu 20.04/18.04 with snap

Once the snap package is installed, install wekan by running the command:

$ sudo snap install wekan
wekan 5.30 from Lauri Ojansivu (xet7) installed

You need to configure a web URL root for wekan:

sudo snap set wekan root-url="https://wekan.example.com"

You can run Wekan on standard http port 80 or on a different port like.3001 A custom port is useful when running Wekan behind a proxy like Nginx

sudo snap set wekan port='3001'
sudo systemctl restart snap.wekan.mongodb
sudo systemctl restart snap.wekan.wekan

Check for status

$ sudo ss -tunelp | grep 3001
tcp   LISTEN  0       128                  0.0.0.0:3001           0.0.0.0:*      users:(("node",pid=5703,fd=14)) ino:29462 sk:6 <->

Its systemd service unit file is /etc/systemd/system/snap.wekan.wekan.service.To check service status, use:

$ systemctl status  snap.wekan.wekan
● snap.wekan.wekan.service - Service for snap application wekan.wekan
     Loaded: loaded (/etc/systemd/system/snap.wekan.wekan.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2021-06-05 15:09:29 UTC; 47s ago
   Main PID: 7615 (wekan-control)
      Tasks: 12 (limit: 2344)
     Memory: 135.5M
     CGroup: /system.slice/snap.wekan.wekan.service
             ├─7615 /bin/bash /snap/wekan/1518/bin/wekan-control
             └─8164 /snap/wekan/1518/bin/node main.js

Jun 05 15:09:30 ubuntu wekan.wekan[7615]: RESULTS_PER_PAGE= (default value)
Jun 05 15:09:30 ubuntu wekan.wekan[7615]: MONGO_URL=mongodb://127.0.0.1:27019/wekan
Jun 05 15:09:33 ubuntu wekan.wekan[8164]: Note: you are using a pure-JavaScript implementation of bcrypt.
Jun 05 15:09:33 ubuntu wekan.wekan[8164]: While this implementation will work correctly, it is known to be
Jun 05 15:09:33 ubuntu wekan.wekan[8164]: approximately three times slower than the native implementation.
Jun 05 15:09:33 ubuntu wekan.wekan[8164]: In order to use the native implementation instead, run
Jun 05 15:09:33 ubuntu wekan.wekan[8164]:   meteor npm install --save bcrypt
Jun 05 15:09:33 ubuntu wekan.wekan[8164]: in the root directory of your application.
Jun 05 15:09:34 ubuntu wekan.wekan[8164]: Presence started serverId=warKZo7PYy9G4fxtc
Jun 05 15:09:37 ubuntu wekan.wekan[8164]: {"line":"87","file":"percolate_synced-cron.js","message":"SyncedCron: Scheduled \"notification_cleanup\" next run @Sat >

How To Disable and enable wekan service

Use the following snap commands to enable wekan service on Ubuntu 20.04/18.04 to start on boot.

sudo snap enable wekan

To disable the service, use:

sudo snap disable wekan

MongoDB service port can also be changed to a custom one:

sudo snap set wekan mongodb-port=27019

Accessing MongoDB CLI for Administration

To use MongoDB CLI, you need to install MongoDB 3.2.x tools, and run on CLI:

$ sudo apt install mongodb-clients -y
$ mongo --port 27019
MongoDB shell version v3.6.8
connecting to: mongodb://127.0.0.1:27019/
WARNING: No implicit session: Logical Sessions are only supported on server versions 3.6 and greater.
Implicit session: dummy session
MongoDB server version: 3.2.22
WARNING: shell and server versions do not match
Server has startup warnings:
2021-06-05T15:09:26.343+0000 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2021-06-05T15:09:26.344+0000 I CONTROL  [initandlisten]
>

Restarting Wekan after changes

If you need to restart Wekan whenever you make changes, use the command:

sudo systemctl restart snap.wekan.wekan

Step 3: Set Snap Auto-updates

Install all Snap updates automatically between 02:00 AM and 04:00 AM

snap set core refresh.schedule=02:00-04:00

Automatic upgrades happen sometime after Wekan is released, or at a scheduled time, or with:

$ sudo snap refresh
2021-06-05T15:23:10Z INFO Waiting for automatic snapd restart...
snapd 2.50.1 from Canonical✓ refreshed

Step 4: Configure Wekan Email Settings (Optional)

Configure Admin notification email. This is optional since Wekan doesn’t need email configurations to function.

sudo snap set wekan mail-url='smtps://user:[email protected]:453'
sudo snap set wekan mail-from='Wekan Boards <[email protected]>'

Step 5: Configure Nginx without SSL

Install nginx web server:

sudo apt install nginx -y

For the default Nginx configuration, /etc/nginx/nginx.conf 

$ sudo vim /etc/nginx/nginx.conf

Here are the recommended settings:

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
	worker_connections 1024;
	# multi_accept on;
}

http {

	##
	# Basic Settings
	##

	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	types_hash_max_size 2048;
	server_tokens off;
        set_real_ip_from 0.0.0.0/32; # All addresses get a real IP.
        real_ip_header X-Forwarded-For;
        limit_conn_zone $binary_remote_addr zone=arbeit:10m;
        client_body_timeout 60;
        client_header_timeout 60;
        keepalive_timeout 10 10;
        send_timeout 60;
        reset_timedout_connection on;

	# server_names_hash_bucket_size 64;
	# server_name_in_redirect off;

	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	##
	# SSL Settings
	##

	ssl_protocols TLSv1.2 TLSv1.1 TLSv1; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:30m;
        ssl_session_timeout 1d;
        ssl_ciphers ECDH+aRSA+AESGCM:ECDH+aRSA+SHA384:ECDH+aRSA+SHA256:ECDH:EDH+CAMELLIA:EDH+aRSA:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA;
        ssl_ecdh_curve secp384r1;
        ssl_stapling on;
        ssl_stapling_verify on;
        add_header X-XSS-Protection '1; mode=block';
        add_header X-Frame-Options SAMEORIGIN;
        add_header Strict-Transport-Security 'max-age=31536000';
        add_header X-Content-Options nosniff;
        add_header X-Micro-Cache $upstream_cache_status;

	##
	# Logging Settings
	##

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	##
	# Gzip Settings
	##

	gzip on;
	gzip_disable "msie6";
        gzip_buffers 16 8k;
        gzip_comp_level 1;
        gzip_http_version 1.1;
        gzip_min_length 10;
        gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/x-icon application/vnd.ms-fontobject font/opentype application/x-font-ttf;
        gzip_vary on;
        gzip_proxied any; # Compression for all requests.

	##
	# Virtual Host Configs
	##

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}

If you want to use SSL, check step 6. For http only service, create Nginx Virtual Host for Wekan.

sudo vim /etc/nginx/conf.d/wekan.conf

Add the following contents to the file.

# This section is needed to proxy web-socket connections
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

# HTTP
server {
    listen 80;
    server_name wekan.example.com;
    
    # If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
    # This works because IE 11 does not present itself as MSIE anymore
    if ($http_user_agent ~ "MSIE" ) {
        return 303 https://browser-update.org/update.html;
    }

    # Pass requests to Wekan.
    # If you have Wekan at https://example.com/wekan, change the location to:
    # location /wekan {
    location / {
        proxy_pass http://127.0.0.1:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade; # allow websockets
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP

        # this setting allows the browser to cache the application in a way compatible with Meteor
        # on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
        # the root path (/) MUST NOT be cached
        #if ($uri != '/wekan') {
        #    expires 30d;
        #}
    }
}

Don’t forget to substitute wekan.example.com with your actual domain.

Validate nginx configuration:

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Step 6: Wekan SSL encryption with Let’s Encrypt (optional)

This section demonstrates how to use Let’s Encrypt to secure access to your Wekan Dashboard. Any other valid SSL certificates can be used and skipping Let’s Encrypt certificates generation step.

To request for certbot SSL certificate, you need the port 80  open and not used by any web service. If you have UFW firewall running, open the port using:

sudo ufw allow proto tcp from any to any port 80,443

We’ll request for a certificate using.certbotProvide a valid email address for expiry notifications and a valid domain to be used for Wekan.

sudo apt update
sudo apt install certbot -y
export DOMAIN="wekan.example.com"
export EMAIL="[email protected]"
sudo systemctl stop nginx
sudo certbot certonly --standalone -d $DOMAIN --preferred-challenges http --agree-tos -n -m $EMAIL --keep-until-expiring

When done. configure Nginx Proxy

sudo vim /etc/nginx/conf.d/wekan.conf

Paste these contents into file wekan.conf:

# this section is needed to proxy web-socket connections
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}

# HTTP
server {
    listen 80; 
    server_name wekan.example.com;
    # redirect non-SSL to SSL
    location / {
        rewrite     ^ https://example.com$request_uri? permanent;
    }
}

# HTTPS server
server {
    listen 443 ssl http2; # we enable HTTP/2 here (previously SPDY)
    server_name example.com; # this domain must match Common Name (CN) in the SSL certificate

    ssl_certificate /etc/letsencrypt/live/wekan.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/wekan.example.com/privkey.pem;

    # If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
    # This works because IE 11 does not present itself as MSIE anymore
    if ($http_user_agent ~ "MSIE" ) {
        return 303 https://browser-update.org/update.html;
    }

    # Pass requests to Wekan.
    # If you have Wekan at https://example.com/wekan , change location to:
    # location /wekan {
    location / {
        proxy_pass http://127.0.0.1:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade; # allow websockets
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP

        # this setting allows the browser to cache the application in a way compatible with Meteor
        # on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
        # the root path (/) MUST NOT be cached
        #if ($uri != '/wekan') {
        #    expires 30d;
        #}
    }
}

Replace all occurrences of wekan.example.com with your Wekan domain name.

Start nginx service and enable it to start on boot:

$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If config is OK, take it into use by starting nginx service:

sudo systemctl restart nginx
sudo systemctl enable nginx

Confirm that nginx service is indeed running:

$ systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
     Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
     Active: active (running) since Sat 2021-06-05 15:40:16 UTC; 26s ago
       Docs: man:nginx(8)
   Main PID: 11710 (nginx)
      Tasks: 2 (limit: 2344)
     Memory: 3.0M
     CGroup: /system.slice/nginx.service
             ├─11710 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
             └─11711 nginx: worker process

Jun 05 15:40:16 ubuntu systemd[1]: Starting A high performance web server and a reverse proxy server...
Jun 05 15:40:16 ubuntu systemd[1]: Started A high performance web server and a reverse proxy server.

You can view wekan help page by running:

wekan.help

Step 7: Adding Wekan UI Users

Go to your Wekan URL like https://example.com/sign-up  page. For a fresh installation, you need to signup to get an admin account.

Register your username, email address, and password. The first user to be registered have admin privileges, and the next one will be normal users. If you want other admins too, you can change their permission to admin at Admin Panel.

Note: If you get some error about email settings, you can ignore it. WORKING EMAIL IS NOT REQUIRED. Wekan works without setting up email.

Once an account has been created. Login to Wekan at https://example.com/sign-in

Registering normal users:

By default, other users can register themselves by visiting the page https://example.com/sign-up and creating an account. If you would like to disable self-registration, navigate to Admin Panel > Settings > Registration > [X] Disable self-registration. Then invite new users to selected boards by email address.

Conclusion

You should have been successful to install Wekan Kanban application on Ubuntu 20.04/18.04 LTS server. It is not a compulsory requirement to configure Nginx reverse proxy with Letsencrypt SSL certificate.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK