How to install Wekan Kanban with Nginx and encrypt SSL on Debian 10

How to install Wekan Kanban with Nginx and encrypt SSL on Debian 10

Wekan is a free, open source kanban board built using the Meteor JavaScript framework and distributed under the MIT license. It is very similar to Workflowy and Trello and helps you manage daily tasks, prepare to-do lists, manage others, and more. It has a fully responsive web interface and has been translated into multiple languages. Wekan has a rich feature set, including: exporting Wekan boards, importing Trello boards, SMTP settings, restoring archived boards, user management modules, drag and drop functions, and more.

In this tutorial, we will show you how to install Wekan Kanban on Debian 10 using Nginx as a proxy server.

prerequisites

  • A server running Debian 10.
  • A valid domain name pointing to the server IP.
  • A root password is configured on your server.

getting Started

Before you begin, it is recommended to update the server to the latest version using the following command:

apt-get update -y apt-get upgrade -y

After updating the server, restart the server to implement the changes.

Install Wekan

The easiest way to install Wekan on Debian 10 is to use snap. By default, Snap packages are available in Debian 10 repositories. You can install it by running:

apt-get install snapd -y

After inserting / pinning the snapshot, you can install Wekan by running the following command:

snap install wekan

Once Wekan is installed, it will automatically start the Wekan and Mongodb services.

You can check the status of the Wekan service using the following command:

systemctl status snap.wekan.wekan

You should see the following output:

? snap.wekan.wekan.service - Service for snap application wekan.wekan
   Loaded: loaded (/etc/systemd/system/snap.wekan.wekan.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-12-22 07:43:34 UTC; 7s ago
 Main PID: 7836 (wekan-control)
    Tasks: 11 (limit: 2359)
   Memory: 156.3M
   CGroup: /system.slice/snap.wekan.wekan.service
           ??7836 /bin/bash /snap/wekan/678/bin/wekan-control
           ??8522 /snap/wekan/678/bin/node main.js

Dec 22 07:43:35 debian10 wekan.wekan[7836]: HEADER_LOGIN_EMAIL=Header login email. Example for siteminder: HEADEREMAILADDRESS (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: LOGOUT_WITH_TIMER=false (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: LOGOUT_IN= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: LOGOUT_ON_HOURS= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: LOGOUT_ON_MINUTES= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: DEFAULT_AUTHENTICATION_METHOD= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: ATTACHMENTS_STORE_PATH= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: MONGO_URL=mongodb://127.0.0.1:27019/wekan
Dec 22 07:43:37 debian10 wekan.wekan[7836]: Presence started serverId=ijqY8RbEWv8Hg9RSb
Dec 22 07:43:38 debian10 wekan.wekan[7836]: Meteor APM: completed instrumenting the app

Wekan runs on port 8080 by default. If you want to change the Wekan port to 3001, run the following command:

snap set wekan port='3001'

Next, restart the Wekan and MongoDB services to apply the changes:

systemctl restart snap.wekan.mongodb systemctl restart snap.wekan.wekan

Manage Wekan and MongoDB services

To start and stop the Wekan service, run the following command:

systemctl stop snap.wekan.wekan systemctl start snap.wekan.wekan

To start and stop the MongoDB service, run the following command:

systemctl stop snap.wekan.mongodb systemctl start snap.wekan.mongodb

Configure Nginx as a reverse proxy

Wekan is now installed and listening on the port 3001. Next, it is best to run Wekan behind the Nginx proxy.

To do this, first install the Nginx web server using the following command:

apt-get install nginx -y

After installation, open the /etc/nginx/nginx.conf file and set hash_bucket_size:

nano /etc/nginx/nginx.conf

Uncomment the following lines:

        server_names_hash_bucket_size 64;

Save and close the file when you are finished. Then, restart the Nginx service to apply the changes:

systemctl restart nginx

Next, create an Nginx virtual host file for Wekan as shown below:

nano /etc/nginx/conf.d/wekan.conf

Add the following lines:

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}
server {
    listen 80;
    server_name wekan.linuxbuz.com;
    if ($http_user_agent ~ "MSIE" ) {
        return 303 https://browser-update.org/update.html;
    }
    location / {
        proxy_pass http://127.0.0.1:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade; # allow websockets
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP
    }
}

Save and close the file when you are finished. Then, check for Nginx syntax errors using:

nginx -t

You should see the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Finally, restart the Nginx service to apply the changes:

systemctl restart nginx

At this point, Nginx has been configured to forward requests to Wekan port 3001.

Let’s Encrypt Free SSL to Protect Wekan

Next, it is recommended to use “Let’s Encrypt Free SSL” to protect Wekan. To do this, you will need to install the Certbot client on the server. Certbot is a Let’s Encrypt client that can be used to download free SSL and configure Nginx to use this certificate.

By default, there is no latest version of Certbot in the Debian 10 default repository. So you will need to add a Certbot repository on the server.

You can add a repository using the following command:

echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list

Next, update the repository and install the Certbot client using the following command:

apt-get update -y apt-get install python-certbot-nginx -t buster-backports

After the installation is complete, run the following command to obtain and install the SSL certificate for your domain:

certbot --nginx -d wekan.linuxbuz.com

You will be asked to provide an email address and accept the terms of service as follows:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wekan.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/wekan.conf

Next, you will need to choose whether to redirect HTTP traffic to HTTPS:

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

Type 2 and press Enter to begin the installation process. When the installation is complete, you will get the following output:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/wekan.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://wekan.linuxbuz.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=wekan.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/wekan.linuxbuz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/wekan.linuxbuz.com/privkey.pem
   Your cert will expire on 2020-03-25. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Access Wekan web interface

Now open your web browser and enter the URL https://wekan.linuxbuz.com. You will be redirected to the following page:

Click on register Button. You should see the following page:

create an account

Provide the required username, password, email and click register Button. Next, click Sign in Button. You should see the following page:

Sign in

Provide your username, password, and click Sign in Button. You should see the Wekan dashboard in the following pages:

Wekan Kanban Board

That’s it for now. You have successfully installed Wekan Kanban on your Debian 10 server and secured it with Let’s Encrypt free SSL.

Source

Sidebar