Monday, October 3, 2022

Install and Secure Wekan Server on AlmaLinux 8

In this article, we want to teach you to Install and Secure Wekan Server on AlmaLinux 8.

Wekan is an open-source kanban board that allows a card-based task and to-do management.

Wekan allows the creation of Boards, on which Cards can be moved around between a number of Columns. Boards can have many members, allowing for easy collaboration, just add everyone that should be able to work with you on the board to it.

Also, you can assign colored labels to cards to facilitate grouping and filtering, additionally, you can add members to a card, for example, to assign a task to someone.

Install and Secure Wekan Server on AlmaLinux 8

To install and secure your Wekan server, you need some requirements first.

Requirements

You need to log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow the Initial Server Setup with AlmaLinux 8.

Also, you need to have the LEMP stack installed on your server. For this, you can visit this article How To Install LEMP stack on AlmaLinux 8.

And you need a domain name that pointed to your server’s IP address.

When you are done with these requirements, you can follow the steps below to install the Wekan server on AlmaLinux 8.

Install snapd on AlmaLinux 8

In this guide, we use the Snap package management to install the Wekan server. To install an enable snapd tool, run the commands below:

# sudo dnf install epel-release
# sudo dnf install snapd
# sudo systemctl enable --now snapd.socket
# sudo ln -s /var/lib/snapd/snap /snap

Now you need to install SSL to secure your server.

Install SSL on AlmaLinux 8

At this point, you need to get an SSL certificate for your domain.

First, install the mod-ssl package on AlmaLinux 8 with the following command:

sudo dnf install mod_ssl

Then, you need to install the certbot client which is used to create Let’s Encrypt certificates:

sudo dnf install python3-certbot-nginx -y

Now run the certbot to get your SSL certificates:

certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email your-email -d your-domain

Configure Nginx Reverse Proxy for Wekan Server on AlmaLinux 8

At this point, you need to make some changes to the Nginx configuration file for Wekan on AlmaLinux 8.

Open the file with your favorite text editor, here we use vi:

sudo vi /etc/nginx/nginx.conf

Delete the lines at the file and add the following content to the file:

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}

When you are done, save and close the file.

Here you need to create an Nginx configuration file for your domain. Create and open the file with your favorite text editor:

sudo vi /etc/nginx/conf.d/wm.conf

Add the following content to the file:

upstream app {
    server server-ip:3001;
}

server {
listen 80 default_server;
server_name your-domain;
return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl; # managed by Certbot
    # The host name to respond to
    server_name your-domain;

    ssl_certificate /etc/letsencrypt/live/your-domain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/your-domain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
    proxy_pass http://app;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Real-Port $server_port;
    proxy_set_header X-Real-Scheme $scheme;
    }
}

When you are done, save and close the file.

Restart Nginx and check its status with the following commands:

# sudo systemctl restart nginx
# sudo systemctl status nginx
Output
nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor pres>
Drop-In: /usr/lib/systemd/system/nginx.service.d
└─php-fpm.conf
Active: active (running) since Sat 2022-03-05 04:24:04 EST; 4s ago
Process: 93843 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 93840 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
...

At this point, you need to enable the HTTP and HTTPS connections and port 3001 for Wekan through the AlmaLinux firewall with the commands below:

# sudo firewall-cmd --zone=public --permanent --add-port 80/tcp
# sudo firewall-cmd --zone=public --permanent --add-port 443/tcp
# sudo firewall-cmd --zone=public --permanent --add-port 3001/tcp
# sudo firewall-cmd --reload

Install Wekan server on AlmaLinux 8

At this point, you can install Wekan on your server with the snap command:

snap install wekan
Output
wekan 6.09 from Lauri Ojansivu (xet7) installed

Then, you need to set the root URL for Wekan:

snap set wekan root-url="https://your-domain"

Now you need to set a port number for Wekan:

snap set wekan port='3001'

Finally, restart MongoDB and Wekan on AlmaLinux 8:

# systemctl restart snap.wekan.mongodb
# systemctl restart snap.wekan.wekan

Access Wekan Web Interface

At this point, you can access your Wekan web interface by typing your domain name or server’s IP address in your web browser:

https://your-domain-or-IP/sign-in

You will see the Wekan server login screen. If you don’t have an account click Register.

Wekan sign in screen

Then, create a Wekan account and click Register.

Create a Wekan account

Here you will see your Wekan server dashboard.

Wekan dashboard on AlmaLinux 8

Conclusion

At this point, you learn to Install and Secure Wekan Server on AlmaLinux 8.

Hope you enjoy it.

May you will be interested in these articles:

How To Install Wekan Server on Debian 11.

Install and Configure Zabbix 6.0 on AlmaLinux 8.

How To Set up 7-Zip on AlmaLinux 8.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles