Share your love
Install and Secure Wekan Server on AlmaLinux 9
This tutorial intends to teach you to Install and Secure Wekan Server on AlmaLinux 9.
Wekan is an open-source kanban board application that allows you to manage your daily tasks with (virtual) cards. You can create boards and cards and move them between columns as you make progress on each job. You can also add people who work with you to the tasks on the board. Like other kanban tools, Wekan also allows you to use colored labels on cards to facilitate grouping, filtering, and assigning them to specific people. Because Wekan is open source (distributed under an MIT License), it’s easy to modify and use.
Steps To Install and Secure Wekan Server on AlmaLinux 9
To install and secure your Wekan server, you need some requirements first.
Requirements
You must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow the Initial Server Setup with AlmaLinux 9.
Also, you need to have the LEMP stack installed on your server. You can visit this article How To Install LEMP stack on AlmaLinux 9.
And you need a domain name that pointed to your server’s IP address.
When you are done with these requirements, you can follow the steps below to install the Wekan server on AlmaLinux 9.
Install snapd on AlmaLinux 9
In this guide, we use the Snap package management to install the Wekan server. To install an enable snapd tool, run the commands below:
# sudo dnf install epel-release -y
# sudo dnf install snapd -y
# sudo systemctl enable --now snapd.socket
# sudo ln -s /var/lib/snapd/snap /snap
Now you need to install SSL to secure your server.
Install SSL on AlmaLinux 9
At this point, you need to get an SSL certificate for your domain.
First, install the mod-ssl package on AlmaLinux 9 with the following command:
sudo dnf install mod_ssl -y
Then, you need to install the certbot client which is used to create Let’s Encrypt certificates:
sudo dnf install python3-certbot-nginx -y
Configure Nginx Reverse Proxy for Wekan Server on AlmaLinux 9
At this point, you need to make some changes to the Nginx configuration file for Wekan on AlmaLinux 9.
Open the file with your favorite text editor, here we use the vi editor:
sudo vi /etc/nginx/nginx.conf
Delete the lines in the file and add the following content to the file:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
}
When you are done, save and close the file.
Here you need to create an Nginx configuration file for your domain. Create and open the file with your favorite text editor:
sudo vi /etc/nginx/conf.d/wm.conf
Add the following content to the file:
upstream app {
server server-ip:3001;
}
server {
listen 80 default_server;
server_name your-domain;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl; # managed by Certbot
# The host name to respond to
server_name your-domain;
ssl_certificate /etc/letsencrypt/live/your-domain/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/your-domain/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
proxy_pass http://app;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Real-Port $server_port;
proxy_set_header X-Real-Scheme $scheme;
}
}
When you are done, save and close the file.
Restart Nginx and check its status with the following commands:
# sudo systemctl restart nginx
# sudo systemctl status nginx
Output
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor pre>
Drop-In: /usr/lib/systemd/system/nginx.service.d
└─php-fpm.conf
Active: active (running) since Tue 2023-02-28 04:55:41 EST; 4s ago
Process: 74901 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, sta>
Process: 74904 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCE>
Process: 74905 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Main PID: 74906 (nginx)
Tasks: 3 (limit: 23609)
Memory: 3.7M
CPU: 48ms
...
Now run the certbot to get your SSL certificates:
certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email your-email -d your-domain
Configure Firewall For Wekan Server
At this point, you need to enable the HTTP and HTTPS connections and port 3001 for Wekan through the AlmaLinux firewall with the commands below:
# sudo firewall-cmd --zone=public --permanent --add-port 80/tcp
# sudo firewall-cmd --zone=public --permanent --add-port 443/tcp
# sudo firewall-cmd --zone=public --permanent --add-port 3001/tcp
# sudo firewall-cmd --reload
Install Wekan server on AlmaLinux 9
At this point, you can install Wekan on your server with the snap command:
snap install wekan
Output
wekan 6.09 from Lauri Ojansivu (xet7) installed
Then, you need to set the root URL for Wekan:
snap set wekan root-url="https://your-domain"
Now you need to set a port number for Wekan:
snap set wekan port='3001'
Finally, restart MongoDB and Wekan on AlmaLinux 9:
# systemctl restart snap.wekan.mongodb
# systemctl restart snap.wekan.wekan
Access Wekan Web Interface
At this point, you can access your Wekan web interface by typing your domain name or server’s IP address in your web browser:
https://your-domain-or-IP/sign-in
You will see the Wekan server login screen. If you don’t have an account click Register.
Then, create a Wekan account and click Register.
Here you will see your Wekan server dashboard.
Wekan is great for project managers who are into Kanban boards. While lacking the complex workflows of Jira, it matches up pretty well against Trello in terms of feature richness and is even more simple to use and manage boards.
If you are currently using Trello — consider trying out Wekan as it even has an import feature so you can get up and running with your current projects instantly.
Conclusion
At this point, you have learned to Install and Secure Wekan Server on AlmaLinux 9.
Hope you enjoy it. You may like these articles on the Orcacore website: