قالب وردپرس درنا توس
Home / How To / How to install Wekan Kanban with Nginx and let's encrypt SSL on Debian 10

How to install Wekan Kanban with Nginx and let's encrypt SSL on Debian 10



Wekan is a free and open source code for Kanban built with the Meteor JavaScript framework and distributed under the MIT license. It's very similar to Workflowy and Trello that help you manage your daily tasks, prepare todo lists, manage other people, and so on. It comes with a fully responsive web interface and translated into many languages. Wekan comes with a rich set of features including, Export Wekan Card, Import Trello Card, SMTP Settings, Reset an Archived Card, User Management Module, Drag-and-Drop features and many more.

In this tutorial we will show you how to install Wekan Kanban card with Nginx as a proxy server on Debian 10.

Prerequisites

  • A server running Debian 1
    0.
  • A valid domain name that is pointed to your server IP.
  • A root password is configured on your server.

Getting Started

Before you begin, it is recommended that you update your server with the latest version with the following command:

  apt-get update -y 
apt-get upgrade -y [19659010] When your server has updated, restart it to implement the changes.

Installing Wekan

The easiest way to install Wekan on Debian 10 is by using snap. By default, the snap package is available in the Debian 10 archive. You can install it by running the following command:

  apt-get install snapd-y 

When the snap is in / stopped, you can install Wekan by running the following command:

  snap install wekan [19659010] When Wekan has been installed, it starts Wekan and Mongodb service automatically. 

You can see the status of the Wekan service with the following command:

  systemctl status snap.wekan.wekan 

You should see the following output:

? snap.wekan.wekan.service - Service for snap application wekan.wekan
Loaded: loaded (/etc/systemd/system/snap.wekan.wekan.service; enabled; vendor setting: enabled)
Active: active (running) since Sun 2019-12-22 07:43:34 UTC; 7s ago
Main PID: 7836 (wekan control)
Details: 11 (limit: 2359)
Memory: 156.3 M
CGroup: /system.slice/snap.wekan.wekan.service
?? 7836 / bin / bash / snap / wekan / 678 ​​/ bin / wekan control
?? 8522 / snap / wekan / 678 ​​/ bin / node main.js

22 Dec 07:43:35 debian10 wekan.wekan [7836]: HEADER_LOGIN_EMAIL = E-mail address for header login. Example for site reminder: HEADEREMAILADDRESS (default)
22 Dec 07:43:35 debian10 wekan.wekan [7836]: LOGOUT_WITH_TIMER = false (default)
22 Dec 07:43:35 debian10 wekan.wekan [7836]: LOGOUT_IN = (default value)
Dec 22 07:43:35 debian10 wekan.wekan [7836]: LOGOUT_ON_HOURS = (default)
Dec 22 07:43:35 debian10 wekan.wekan [7836]: LOGOUT_ON_MINUTES = (default)
Dec 22 07:43:35 debian10 wekan.wekan [7836]: DEFAULT_AUTHENTICATION_METHOD = (default)
Dec 22 07:43:35 debian10 wekan.wekan [7836]: ATTACHMENTS_STORE_PATH = (default value)
22 Dec 07:43:35 debian10 wekan.wekan [7836]: MONGO_URL = mongodb: //127.0.0.1: 27019 / wekan
22 Dec 07:43:37 debian10 wekan.wekan [7836]: Presence started serverId = ijqY8RbEWv8Hg9RSb
22 Dec 07:43:38 debian10 wekan.wekan [7836]: Meteor APM: completed instrumentation of the app

By default, Wekan runs on port 8080. To change the Wekan port to 3001, run the following command:

  snap set wekan port = & # 39; 3001 & # 39; 

Then restart Wekan and MongoDB service to apply the changes:

  systemctl restart snap.wekan.mongodb 
systemctl restart snap.wekan.wekan

Manage Wekan and MongoDB Services

start and stop the Wekan service, run the following command: [19659009] systemctl stop snap.wekan.wekan
systemctl start snap.wekan.wekan

To start and stop the MongoDB service, run the following command:

  systemctl stop snap.wekan.mongodb 
systemctl start snap. wekan.mongodb

Configure Nginx as a Reverse Proxy

Wekan is now installed and listens to the port 3001 . Then it's a good idea to run Wekan behind the Nginx proxy.

To do so, first install the Nginx web server with the following command:

  apt-get install nginx-y 

After installing, open the /etc/nginx/nginx.conf file and set the hash_bucket_size: [19659009] nano /etc/nginx/nginx.conf Chapter19659010 ?? Enter the following line:

 server_names_hash_bucket_size 64;

Save and close the file when you are done. Then restart the Nginx service to apply the changes:

  systemctl restart nginx 

Then create a virtual Nginx host file for Wekan as shown below:

  nano /etc/nginx/conf.d/wekan.conf 

Add the following lines:

 map $ http_upgrade $ connection_upgrade {
standard upgrade;
& # 39; & # 39; close;
}
server {
listen 80;
servernamn wekan.linuxbuz.com;
if ($ http_user_agent ~ "MSIE") {
return 303 https://browser-update.org/update.html;
}
location / {
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $ http_upgrade; # allow web sockets
proxy_set_header Connection $ connection_upgrade;
proxy_set_header X-Forwarded-For $ remote_addr; # preserve the client's IP
}
}

Save and close the file when you are done. Then check Nginx for syntax errors with the following command:

  nginx -t 

You should see the following output:

 nginx: configuration file /etc/nginx/nginx.conf syntax is ok
nginx: The /etc/nginx/nginx.conf test configuration file is successful

Finally, restart the Nginx service to apply the changes:

  systemctl restart nginx 

At this point, Nginx is configured to forward the request to Wekan port 3001.

Secure Wekan with Let & # 39; s Encrypt Free SSL [19659008] Then it is recommended to secure Wekan with Let & # 39; s Encrypt Free SSL. To do this, you must install the Certbot client on your server. Certbot is a Let & # 39; s Encrypt client that can be used to download free SSL and configure Nginx to use this certificate.

By default, the latest version of Certbot is not available in the standard Debian 10 repository. So you need to add the Certbot repository to your server.

You can add the repository with the following command:

  echo "deb http://ftp.debian.org/debian buster-backports main">> /etc/apt/sources.listvud1919659010??Next, update the repository and install the Certbot client with the following command: 

  apt-get update -y 
apt-get install python-certbot-nginx -t buster-backports

When the installation is complete, run the following command to get and install the SSL certificate for your domain:

  certbot --nginx -d wekan.linuxbuz.com 

You will be prompted to enter your email address and accept the service shown below:

 Save Troubleshooting Log To / where / log / letsencrypt / letsencrypt.log
Selected plugins: Authenticator nginx, installer nginx
Enter Email Address (Used for Emergency Renewal and Security Messages) (Enter & # 39; c & # 39; to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Read the terms of use at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree to register on the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A) gree / (C) ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Should you be willing to share your email address with Electronic Frontier
Foundation, a founding partner of Let & # 39; s Encrypt project and the nonprofit
organization developing Certbot? We want to send an e-mail about our work
web encryption, EFF news, campaigns and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y) es / (N) o: N
Get a new certificate
Perform the following challenges:
http-01 challenge for wekan.linuxbuz.com
Waiting for verification ...
Cleaning of challenges
Distribute certificates to VirtualHost /etc/nginx/conf.d/wekan.conf

Then you must choose whether or not to redirect HTTP traffic to HTTPS:

 Please select whether you want to redirect HTTP traffic to HTTPS or remove HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No Redirect - Do not make any further changes to the web server configuration.
2: Redirect - Makes all requests redirect to secure HTTPS access. Select this for
new websites, or if you are sure your site is working on HTTPS. You can undo this
change by editing your web server configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the correct number [1-2] and then [enter] (press & # 39; c & # 39; to cancel): 2

Type 2 and press Enter to start the installation process. When the installation is complete, you should get the following output:

 Redirect all traffic on port 80 to ssl in /etc/nginx/conf.d/wekan.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have enabled https://wekan.linuxbuz.com

You should test your configuration on:
https://www.ssllabs.com/ssltest/analyze.html?d=wekan.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved to:
/etc/letsencrypt/live/wekan.linuxbuz.com/fullchain.pem
Your key file has been saved to:
/etc/letsencrypt/live/wekan.linuxbuz.com/privkey.pem
Your certificate will expire on March 20, 2020. To get a new or fine tuned
version of this certificate in the future, simply run certbot again
with the "certonly" option. Not to interactively renew * everything * off
your certificates, run "certbot renew"
- Your account details have been saved in your Certbot
configuration directory on / etc / letsencrypt. You should do one
secure backup of this folder now. This configuration directory is coming
also contains certificates and private keys obtained by Certbot
making regular backups of this folder is ideal.
- If you like Certbot, you can consider supporting our work by:

Donate to ISRG / Let & # 39; s Encrypt: https://letsencrypt.org/donate
Donate to EFF: https://eff.org/donate-le

Access Wekan Web Interface

Now open your web browser and enter the URL https://wekan.linuxbuz.com . You will be redirected to the following page:

 Wekan Login

Click the Register button. You should see the following page:

 Create an account

Enter your username, password, email and click the Register . Then click on the sign in the button. You should see the following page:

 Login

Enter your username, password and click Sign in the button. You should see the Wekan Dashboard on the following page:

 Wekan Kanban Board

That's it for now. You have installed Wekan Kanban on the Debian 10 server and secure it with Let & # 39; s Encrypt free SSL.


Source link