Skip to content

Kanboard install

Kanboard is installed as a Docker image using docker-compose.

Prerequisites

UFW firewall

sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https

Jail

sudo apt install fail2ban

Postfix (e-mail server)

  • config as satellite with dutmail.tudelft.nl

Let’s Encrypt

For https SSL certificates are created with Let’s Encrypt using the certbot tool:

sudo apt install certbot

Docker

  1. https://docs.docker.com/engine/install/ubuntu/
  2. https://docs.docker.com/engine/install/linux-postinstall/

docker-compose

php-ldap

sudo apt install php-ldap

Kanboard setup

Docker image

Create docker-compose.yml:

version: '2'
services:
  kanboard:
    image: kanboard/kanboard:latest
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - kanboard_data:/var/www/app/data
      - kanboard_plugins:/var/www/app/plugins
      - kanboard_ssl:/etc/nginx/ssl
volumes:
  kanboard_data:
  kanboard_plugins:
  kanboard_ssl:

Note

  • per default using sqlite database
  • per default data, plugins and ssl are persistent docker volumes (no entry after colon in first-level volumes). data contains db_sqlite and config.php. ssl contains SSL certificates.

Configuration

  • create config.php in persistent data-volume /var/lib/docker/volumes/kanboard_kanboard_data/_data with:

    <?php
    
    // Enable plugin installer (false by default)
    define('PLUGIN_INSTALLER', true);
    
    // We choose "mail" as mail transport
    define('MAIL_TRANSPORT', 'mail');
    
    // Enable LDAP authentication (false by default)
    define('LDAP_AUTH', true);
    
    define('LDAP_BIND_TYPE', 'proxy');
    define('LDAP_USERNAME', '<proxy-account>');
    define('LDAP_PASSWORD', '<password>');
    
    // LDAP server hostname
    define('LDAP_SERVER', 'tudelft.net');
    
    // LDAP properties
    define('LDAP_USER_BASE_DN', 'OU=MDS,DC=tudelft,DC=net');
    define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');
    

    Note

    • default plugins are not allowed to be installed via webinterface
    • mail setting will use PHP-mail; system mail (postfix) must be configured
    • default LDAP is disabled. Fill in your proxy-account in <proxy-account> and password in <password>
  • create SSL certificates with certbot and install in persistent ssl-volume /var/lib/docker/volumes/kanboard_kanboard_ssl/_data

    sudo certbot certonly
    cd /var/lib/docker/volumes/kanboard_kanboard_ssl/_data
    sudo mv kanboard.crt kanboard.crt_orig
    sudo mv kanboard.key kanboard.key_orig
    sudo cp /etc/letsencrypt/live/kanban-imphys.tnw.tudelft.nl/fullchain.pem kanboard.crt
    sudo cp /etc/letsencrypt/live/kanban-imphys.tnw.tudelft.nl/privkey.pem kanboard.key
    

    Note

    • the docker image uses Nginx as webserver with default using kanboard.crt and kanboard.key

Execute

Goto directory with previously created docker-compose.yml:

docker-compose up -d

Note

  • use -d for detach