Install and Secure Wekan Server on AlmaLinux 9

This tutorial intends to teach you to Install and Secure Wekan Server on AlmaLinux 9.

Wekan is an open-source kanban board application that allows you to manage your daily tasks with (virtual) cards. You can create boards and cards and move them between columns as you make progress on each job. You can also add people who work with you to the tasks on the board. Like other kanban tools, Wekan also allows you to use colored labels on cards to facilitate grouping, filtering, and assigning them to specific people. Because Wekan is open source (distributed under an MIT License), it’s easy to modify and use.

Steps To Install and Secure Wekan Server on AlmaLinux 9

To install and secure your Wekan server, you need some requirements first.

Requirements

You must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow the Initial Server Setup with AlmaLinux 9.

Also, you need to have the LEMP stack installed on your server. You can visit this article How To Install LEMP stack on AlmaLinux 9.

And you need a domain name that pointed to your server’s IP address.

When you are done with these requirements, you can follow the steps below to install the Wekan server on AlmaLinux 9.

Install snapd on AlmaLinux 9

In this guide, we use the Snap package management to install the Wekan server. To install an enable snapd tool, run the commands below:

# sudo dnf install epel-release -y
# sudo dnf install snapd -y
# sudo systemctl enable --now snapd.socket
# sudo ln -s /var/lib/snapd/snap /snap

Now you need to install SSL to secure your server.

Install SSL on AlmaLinux 9

At this point, you need to get an SSL certificate for your domain.

First, install the mod-ssl package on AlmaLinux 9 with the following command:

sudo dnf install mod_ssl -y

Then, you need to install the certbot client which is used to create Let’s Encrypt certificates:

sudo dnf install python3-certbot-nginx -y

Configure Nginx Reverse Proxy for Wekan Server on AlmaLinux 9

At this point, you need to make some changes to the Nginx configuration file for Wekan on AlmaLinux 9.

Open the file with your favorite text editor, here we use the vi editor:

sudo vi /etc/nginx/nginx.conf

Delete the lines in the file and add the following content to the file:

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}

When you are done, save and close the file.

Here you need to create an Nginx configuration file for your domain. Create and open the file with your favorite text editor:

sudo vi /etc/nginx/conf.d/wm.conf

Add the following content to the file:

upstream app {
    server server-ip:3001;
}

server {
listen 80 default_server;
server_name your-domain;
return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl; # managed by Certbot
    # The host name to respond to
    server_name your-domain;

    ssl_certificate /etc/letsencrypt/live/your-domain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/your-domain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
    proxy_pass http://app;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Real-Port $server_port;
    proxy_set_header X-Real-Scheme $scheme;
    }
}

When you are done, save and close the file.

Restart Nginx and check its status with the following commands:

# sudo systemctl restart nginx
# sudo systemctl status nginx
Output
● nginx.service - The nginx HTTP and reverse proxy server
     Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor pre>
    Drop-In: /usr/lib/systemd/system/nginx.service.d
             └─php-fpm.conf
     Active: active (running) since Tue 2023-02-28 04:55:41 EST; 4s ago
    Process: 74901 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, sta>
    Process: 74904 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCE>
    Process: 74905 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
   Main PID: 74906 (nginx)
      Tasks: 3 (limit: 23609)
     Memory: 3.7M
        CPU: 48ms
...

Now run the certbot to get your SSL certificates:

certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email your-email -d your-domain

Configure Firewall For Wekan Server

At this point, you need to enable the HTTP and HTTPS connections and port 3001 for Wekan through the AlmaLinux firewall with the commands below:

# sudo firewall-cmd --zone=public --permanent --add-port 80/tcp
# sudo firewall-cmd --zone=public --permanent --add-port 443/tcp
# sudo firewall-cmd --zone=public --permanent --add-port 3001/tcp
# sudo firewall-cmd --reload

Install Wekan server on AlmaLinux 9

At this point, you can install Wekan on your server with the snap command:

snap install wekan
Output
wekan 6.09 from Lauri Ojansivu (xet7) installed

Then, you need to set the root URL for Wekan:

snap set wekan root-url="https://your-domain"

Now you need to set a port number for Wekan:

snap set wekan port='3001'

Finally, restart MongoDB and Wekan on AlmaLinux 9:

# systemctl restart snap.wekan.mongodb
# systemctl restart snap.wekan.wekan

Access Wekan Web Interface

At this point, you can access your Wekan web interface by typing your domain name or server’s IP address in your web browser:

https://your-domain-or-IP/sign-in

You will see the Wekan server login screen. If you don’t have an account click Register.

Wekan login screen
Register For Wekan

Then, create a Wekan account and click Register.

Register Wekan account
Create an Account

Here you will see your Wekan server dashboard.

Wekan dashboard AlmaLinux 9
Wekan dashboard

Wekan is great for project managers who are into Kanban boards. While lacking the complex workflows of Jira, it matches up pretty well against Trello in terms of feature richness and is even more simple to use and manage boards.

If you are currently using Trello — consider trying out Wekan as it even has an import feature so you can get up and running with your current projects instantly.

Conclusion

At this point, you have learned to Install and Secure Wekan Server on AlmaLinux 9.

Hope you enjoy it. You may like these articles on the Orcacore website:

How To Install GCC Compiler on AlmaLinux 9

Install and Use Cockpit on AlmaLinux 9

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Leave a Reply

Stay informed and not overwhelmed, subscribe now!