Kanboard install

Kanboard is installed as a Docker image using docker-compose.

• https://kanboard.org/
• https://docs.kanboard.org
• https://github.com/kanboard/kanboard

Prerequisites

• Linux installation: Ubuntu 20.04 LTS tested
• root-permission
• proxy-account for LDAP (see sysadm→NetID authentication in GitLab→Setting up LDAP)

UFW firewall

sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

Jail

sudo apt install fail2ban

Postfix (e-mail server)

• config as satellite with dutmail.tudelft.nl

Let’s Encrypt

For https SSL certificates are created with Let’s Encrypt using the certbot tool:

sudo apt install certbot

Docker

1. https://docs.docker.com/engine/install/ubuntu/
2. https://docs.docker.com/engine/install/linux-postinstall/

docker-compose

• https://docs.docker.com/compose/install/

php-ldap

sudo apt install php-ldap

Kanboard setup

Docker image

• https://docs.kanboard.org/en/latest/admin_guide/docker.html

Create docker-compose.yml:

version: '2'
services:
  kanboard:
    image: kanboard/kanboard:latest
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - kanboard_data:/var/www/app/data
      - kanboard_plugins:/var/www/app/plugins
      - kanboard_ssl:/etc/nginx/ssl
volumes:
  kanboard_data:
  kanboard_plugins:
  kanboard_ssl:

Note

• per default using sqlite database
• per default data, plugins and ssl are persistent docker volumes (no entry after colon in first-level volumes). data contains db_sqlite and config.php. ssl contains SSL certificates.

Configuration

• create config.php in persistent data-volume /var/lib/docker/volumes/kanboard_kanboard_data/_data with:

  <?php
  
  // Enable plugin installer (false by default)
  define('PLUGIN_INSTALLER', true);
  
  // We choose "mail" as mail transport
  define('MAIL_TRANSPORT', 'mail');
  
  // Enable LDAP authentication (false by default)
  define('LDAP_AUTH', true);
  
  define('LDAP_BIND_TYPE', 'proxy');
  define('LDAP_USERNAME', '<proxy-account>');
  define('LDAP_PASSWORD', '<password>');
  
  // LDAP server hostname
  define('LDAP_SERVER', 'tudelft.net');
  
  // LDAP properties
  define('LDAP_USER_BASE_DN', 'OU=MDS,DC=tudelft,DC=net');
  define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');
  

  Note

  • default plugins are not allowed to be installed via webinterface
  • mail setting will use PHP-mail; system mail (postfix) must be configured
  • default LDAP is disabled. Fill in your proxy-account in <proxy-account> and password in <password>

• create SSL certificates with certbot and install in persistent ssl-volume /var/lib/docker/volumes/kanboard_kanboard_ssl/_data

  sudo certbot certonly
  cd /var/lib/docker/volumes/kanboard_kanboard_ssl/_data
  sudo mv kanboard.crt kanboard.crt_orig
  sudo mv kanboard.key kanboard.key_orig
  sudo cp /etc/letsencrypt/live/kanban-imphys.tnw.tudelft.nl/fullchain.pem kanboard.crt
  sudo cp /etc/letsencrypt/live/kanban-imphys.tnw.tudelft.nl/privkey.pem kanboard.key
  

  Note

  • the docker image uses Nginx as webserver with default using kanboard.crt and kanboard.key

Execute

Goto directory with previously created docker-compose.yml:

docker-compose up -d

Note

• use -d for detach

---

Last update: 2021-04-19