Kanboard (Serveur Web Kanban)
Environnement
- Conteneur LXC Proxmox
- Ubuntu 18.04
Installation
Installer Apache, PHP et SQLite :
apt install -y apache2 libapache2-mod-php7.2 php7.2-cli php7.2-mbstring php7.2-sqlite3 php7.2-opcache php7.2-json php7.2-mysql php7.2-pgsql php7.2-ldap php7.2-gd php7.2-xml php7.2-zip php7.2-curl unzip
Activer le module Apache Headers :
a2enmod actions headers
Redémarrer Apache :
systemctl restart apache2
Télécharger et installer Kanboard :
cd /var/www
wget https://github.com/kanboard/kanboard/archive/v1.2.8.zip
unzip v1.2.8.zip
rm v1.2.8.zip
mv kanboard-1.2.8 kanboard
chown -R www-data:www-data kanboard
Configuration
Sauvegarder le virtualhost par défaut:
mv /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.bak
Éditer le virtualhost par défaut et le modifier de la manière suivante (/!\ à adapter à son besoin) :
nano /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName kanboard.domaine.lan
DocumentRoot /var/www/kanboard/
<Directory /var/www/kanboard/>
AllowOverride All
Options Indexes FollowSymLinks MultiViews
Order allow,deny
allow from all
</Directory>
<IfModule headers_module>
Header always set Referrer-Policy "no-referrer"
</IfModule>
LogLevel warn
ErrorLog /var/log/apache2/kanboard-error.log
CustomLog /var/log/apache2/kanboard-access.log combined
</VirtualHost>
Autoriser le téléversement d'un fichier de 128 Mio avec PHP :
cp -p /etc/php/7.2/apache2/php.ini /etc/php/7.2/apache2/php.ini.bak
cp -p /etc/php/7.2/cli/php.ini /etc/php/7.2/cli/php.ini.bak
sed -i s'/upload_max_filesize = 2M/upload_max_filesize = 128M/' /etc/php/7.2/apache2/php.ini
sed -i s'/post_max_size = 8M/post_max_size = 128M/' /etc/php/7.2/apache2/php.ini
sed -i s'/upload_max_filesize = 2M/upload_max_filesize = 128M/' /etc/php/7.2/cli/php.ini
sed -i s'/post_max_size = 8M/post_max_size = 128M/' /etc/php/7.2/cli/php.ini
Activer le Optimizer Plus Cache dans PHP :
sed -i s'/;opcache.enable=1/opcache.enable=1/' /etc/php/7.2/apache2/php.ini
sed -i s'/;opcache.enable_cli=0/opcache.enable_cli=1/' /etc/php/7.2/apache2/php.ini
sed -i s'/;opcache.memory_consumption=128/opcache.memory_consumption=128/' /etc/php/7.2/apache2/php.ini
sed -i s'/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/' /etc/php/7.2/apache2/php.ini
sed -i s'/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/' /etc/php/7.2/apache2/php.ini
sed -i s'/;opcache.revalidate_freq=2/opcache.revalidate_freq=1/' /etc/php/7.2/apache2/php.ini
sed -i s'/;opcache.save_comments=1/opcache.save_comments=1/' /etc/php/7.2/apache2/php.ini
Redémarrer Apache :
systemctl restart apache2
Installation des plugins
Copier le fichier /var/www/kanboard/config.default.php en /var/www/kanboard/config.php et le configurer comme suit :
cp -p /var/www/html/kanboard/config.default.php /var/www/html/kanboard/config.php
nano /var/www/html/kanboard/config.php
// Enable/Disable plugin installer (Disabled by default for security reasons)
// There is no code review or any approval process to submit a plugin.
// This is up to the Kanboard instance owner to validate if a plugin is legit.
define('PLUGIN_INSTALLER', true);
// E-mail address used for the "From" header (notifications)
define('MAIL_FROM', 'kanboard@domaine.lan');
// Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid"
define('MAIL_TRANSPORT', 'smtp');
// SMTP configuration to use when the "smtp" transport is chosen
define('MAIL_SMTP_HOSTNAME', 'smtp.domaine.lan');
define('MAIL_SMTP_PORT', 587);
define('MAIL_SMTP_USERNAME', 'kanboard@domaine.lan');
define('MAIL_SMTP_PASSWORD', 'mot_de_passe');
define('MAIL_SMTP_ENCRYPTION', tls); // Valid values are "null", "ssl" or "tls"
Se connecter dans le navigateur avec les identifiants admin/admin
Changer le mot de passe admin et créer un utilisateur
Dans le profil utilisateur, autoriser l'utilisateur à recevoir des emails
Installer les plugins :
- Auto Email Extended Actions
- Bigboard
- Gantt
- Nebula
Mise à jour
Sauvegarder l'installation actuelle :
mv /var/www/kanboard/ /var/www/kanboard.old
cd /var/www/
Télécharger et décompresser la nouvelle version :
wget https://github.com/kanboard/kanboard/archive/v1.x.x.zip
unzip /var/www/v1.x.x.zip
mv /var/www/kanboard-1.x.x/ /var/www/kanboard
chown -R www-data:www-data /var/www/kanboard
Copier les dossiers data et plugins ainsi que le fichier config.php de l'installation actuelle vers la nouvelle :
cp -p /var/www/kanboard.old/config.php /var/www/kanboard/
cp -pR /var/www/kanboard.old/data/ /var/www/kanboard/
cp -pR k/var/www/anboard.old/plugins/ /var/www/kanboard/
Vérifier que la nouvelle installation fonctionne et supprimer l'ancienne :
rm -fR /var/www/kanboard.old
Optionnel
Intégration à LDAP / Active Directory :
nano /var/www/html/kanboard/config.php
// Enable LDAP authentication (false by default)
define('LDAP_AUTH', true);
// LDAP server hostname
define('LDAP_SERVER', 'dc.domaine.lan');
// LDAP server port (389 by default)
define('LDAP_PORT', 389);
// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
define('LDAP_SSL_VERIFY', false);
// Enable LDAP START_TLS
define('LDAP_START_TLS', false);
// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
// Set to true if you want to preserve the case
define('LDAP_USERNAME_CASE_SENSITIVE', false);
// LDAP bind type: "anonymous", "user" or "proxy"
define('LDAP_BIND_TYPE', 'proxy');
// LDAP username to use with proxy mode
// LDAP username pattern to use with user mode
define('LDAP_USERNAME', 'kanboard@domaine.lan');
// LDAP password to use for proxy mode
define('LDAP_PASSWORD', '<mot de passe>');
// LDAP DN for users
// Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local
// Example for OpenLDAP: ou=People,dc=example,dc=com
define('LDAP_USER_BASE_DN', 'OU=Utilisateurs,DC=domaine,DC=lan');
// LDAP pattern to use when searching for a user account
// Example for ActiveDirectory: '(&(objectClass=user)(sAMAccountName=%s))'
// Example for OpenLDAP: 'uid=%s'
define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');
// LDAP attribute for username
// Example for ActiveDirectory: 'samaccountname'
// Example for OpenLDAP: 'uid'
define('LDAP_USER_ATTRIBUTE_USERNAME', 'samaccountname');
// LDAP attribute for user full name
// Example for ActiveDirectory: 'displayname'
// Example for OpenLDAP: 'cn'
define('LDAP_USER_ATTRIBUTE_FULLNAME', 'displayname');
// LDAP attribute for user email
define('LDAP_USER_ATTRIBUTE_EMAIL', 'mail');
// LDAP attribute to find groups in user profile
define('LDAP_USER_ATTRIBUTE_GROUPS', 'memberof');
Créer le virtualhost NginX (reverse-proxy) :
/!\ Kanbord inclut ses headers en dur dans config.php et dans divers fichiers. Il ne faut donc pas en ajouter sans raison.
nano/etc/nginx/sites-available/kanboard.docgreen.fr
server {
listen 80;
server_name kanboard.domaine.lan;
return 301 https://$server_name$request_uri;
}
server {
listen 443;
server_name kanboard.domaine.lan;
ssl_certificate /etc/letsencrypt/live/kanboard.domaine.lan/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kanboard.domaine.lan/privkey.pem;
location / {
proxy_pass http://192.168.10.223;
proxy_buffering off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Nginx-Scheme $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
location /.well-known/acme-challenge/ {
root /var/www/html/kanboard.docgreen.fr;
}
}
Sources
https://docs.kanboard.org/en/latest/admin_guide/ubuntu_installation.html
https://linuxconfig.org/how-to-change-hostname-on-ubuntu-18-04-bionic-beaver-linux