Monday, October 3, 2022

Install and Secure Wekan Server on Rocky Linux 8

In this guide, we want to teach you to Install and Secure Wekan Server on Rocky Linux 8.

Wekan is an open-source kanban board application that allows you to manage your daily tasks with (virtual) cards. You can create boards and cards and move them between columns as you make progress on each task.

You can also add people who work with you to the tasks on the board. Like other kanban tools, Wekan also allows you to use colored labels on cards to facilitate grouping, filtering, and assigning them to specific people. Because Wekan is open source (distributed under an MIT License), it’s easy to modify and use.

Install and Secure Wekan Server on Rocky Linux 8

To install the Wekan server, you need some requirements.

Requirements

First, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our guide the Initial Server Setup with Rocky Linux 8.

Then, you need to have LEMP Stack installed on your server. You can follow this guide on How To Install LEMP Stack on Rocky Linux 8.

Also, you need to have a domain name that pointed to your server’s IP address.

Now follow the steps below to complete this guide.

Install snapd on Rocky Linux 8

In this guide, we use the Snap package management to install the Wekan server. To install an enable snapd tool, run the commands below:

# sudo dnf install epel-release
# sudo dnf install snapd
# sudo systemctl enable --now snapd.socket
# sudo ln -s /var/lib/snapd/snap /snap

Now you need to install SSL to secure your server.

Install SSL on Rocky Linux 8

At this point, you need to get an SSL certificate for your domain.

First, install the mod-ssl package on Rocky Linux 8 with the following command:

sudo dnf install mod_ssl

Then, you need to install the certbot client which is used to create Let’s Encrypt certificates:

sudo dnf install python3-certbot-nginx -y

Now run the certbot to get your SSL certificates:

certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email your-email -d your-domain

Configure Nginx Reverse Proxy for Wekan Server on Rocky Linux 8

At this point, you need to make some changes to the Nginx configuration file for Wekan on Rocky Linux 8.

Open the file with your favorite text editor, here we use vi:

sudo vi /etc/nginx/nginx.conf

Delete the lines at the file and add the following content to the file:

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
}

When you are done, save and close the file.

Here you need to create an Nginx configuration file for your domain. Create and open the file with your favorite text editor:

sudo vi /etc/nginx/conf.d/your-domain.conf

Add the following content to the file:

upstream app {
    server server-ip:3001;
}

server {
listen 80 default_server;
server_name your-domain;
return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl; # managed by Certbot
    # The host name to respond to
    server_name your-domain;

    ssl_certificate /etc/letsencrypt/live/your-domain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/your-domain/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    location / {
    proxy_pass http://app;
    proxy_set_header X-Real-IP  $remote_addr;
    proxy_set_header X-Forwarded-For $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Real-Port $server_port;
    proxy_set_header X-Real-Scheme $scheme;
    }
}

When you are done, save and close the file.

Restart Nginx and check its status with the following commands:

# sudo systemctl restart nginx
# sudo systemctl status nginx
Output
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor pres>
Drop-In: /usr/lib/systemd/system/nginx.service.d
└─php-fpm.conf
Active: active (running) since Wed 2022-08-10 07:56:43 EDT; 5s ago
Process: 94354 ExecStart=/usr/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 94344 ExecStartPre=/usr/sbin/nginx -t (code=exited, status=0/SUCCESS)
Process: 94343 ExecStartPre=/usr/bin/rm -f /run/nginx.pid (code=exited, statu>
Main PID: 94355 (nginx)
Tasks: 3 (limit: 11413)
Memory: 5.1M
CGroup: /system.slice/nginx.service
├─94355 nginx: master process /usr/sbin/nginx
...

At this point, you need to enable the HTTP and HTTPS connections and port 3001 for Wekan through the Rocky Linux firewall with the commands below:

# sudo firewall-cmd --zone=public --permanent --add-port 80/tcp
# sudo firewall-cmd --zone=public --permanent --add-port 443/tcp
# sudo firewall-cmd --zone=public --permanent --add-port 3001/tcp
# sudo firewall-cmd --reload

Install Wekan on Rocky Linux 8

At this point, you can install Wekan on your server with the snap command:

snap install wekan
Output
wekan 6.09 from Lauri Ojansivu (xet7) installed

Then, you need to set the root URL for Wekan:

snap set wekan root-url="https://your-domain"

Now you need to set a port number for Wekan:

snap set wekan port='3001'

Finally, restart MongoDB and Wekan on Rocky Linux 8:

# systemctl restart snap.wekan.mongodb
# systemctl restart snap.wekan.wekan

Access Wekan Web Interface

At this point, you can access your Wekan web interface by typing your domain name or server’s IP address in your web browser:

https://your-domain-or-IP/sign-in

You will see the Wekan server login screen. If you don’t have an account click Register.

register for Wekan server

Now create a Wekan account and click register.

Create a account for Wekan server

Here you will see your Wekan server dashboard.

Wekan dashboard

From here you can manage your daily tasks with (virtual) cards.

Conclusion

At this point, you learn to Install and Secure Wekan Server on Rocky Linux 8.

Hope you enjoy it.

Please subscribe to us on Facebook and Twitter.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles