Kanboard install¶
Kanboard is installed as a Docker image using docker-compose
.
Prerequisites¶
- Linux installation: Ubuntu 20.04 LTS tested
- root-permission
- proxy-account for LDAP (see sysadm→NetID authentication in GitLab→Setting up LDAP)
UFW firewall¶
sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
Jail¶
sudo apt install fail2ban
Postfix (e-mail server)¶
- config as satellite with
dutmail.tudelft.nl
Let’s Encrypt¶
For https
SSL certificates are created with Let’s Encrypt using the certbot
tool:
sudo apt install certbot
Docker¶
- https://docs.docker.com/engine/install/ubuntu/
- https://docs.docker.com/engine/install/linux-postinstall/
docker-compose¶
php-ldap¶
sudo apt install php-ldap
Kanboard setup¶
Docker image¶
Create docker-compose.yml
:
version: '2'
services:
kanboard:
image: kanboard/kanboard:latest
ports:
- "80:80"
- "443:443"
volumes:
- kanboard_data:/var/www/app/data
- kanboard_plugins:/var/www/app/plugins
- kanboard_ssl:/etc/nginx/ssl
volumes:
kanboard_data:
kanboard_plugins:
kanboard_ssl:
Note
- per default using
sqlite
database - per default
data
,plugins
andssl
are persistent docker volumes (no entry after colon in first-levelvolumes
).data
containsdb_sqlite
andconfig.php
.ssl
contains SSL certificates.
Configuration¶
-
create
config.php
in persistentdata
-volume/var/lib/docker/volumes/kanboard_kanboard_data/_data
with:<?php // Enable plugin installer (false by default) define('PLUGIN_INSTALLER', true); // We choose "mail" as mail transport define('MAIL_TRANSPORT', 'mail'); // Enable LDAP authentication (false by default) define('LDAP_AUTH', true); define('LDAP_BIND_TYPE', 'proxy'); define('LDAP_USERNAME', '<proxy-account>'); define('LDAP_PASSWORD', '<password>'); // LDAP server hostname define('LDAP_SERVER', 'tudelft.net'); // LDAP properties define('LDAP_USER_BASE_DN', 'OU=MDS,DC=tudelft,DC=net'); define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');
Note
- default plugins are not allowed to be installed via webinterface
mail
setting will use PHP-mail; system mail (postfix) must be configured- default LDAP is disabled. Fill in your proxy-account in
<proxy-account>
and password in<password>
-
create SSL certificates with
certbot
and install in persistentssl
-volume/var/lib/docker/volumes/kanboard_kanboard_ssl/_data
sudo certbot certonly cd /var/lib/docker/volumes/kanboard_kanboard_ssl/_data sudo mv kanboard.crt kanboard.crt_orig sudo mv kanboard.key kanboard.key_orig sudo cp /etc/letsencrypt/live/kanban-imphys.tnw.tudelft.nl/fullchain.pem kanboard.crt sudo cp /etc/letsencrypt/live/kanban-imphys.tnw.tudelft.nl/privkey.pem kanboard.key
Note
- the docker image uses Nginx as webserver with default using
kanboard.crt
andkanboard.key
- the docker image uses Nginx as webserver with default using
Execute¶
Goto directory with previously created docker-compose.yml
:
docker-compose up -d
Note
- use
-d
for detach