Kanboard (Serveur Web Kanban)

Logo Kanboard

Environnement

Installation

Installer Apache, PHP et SQLite :

apt install -y apache2 libapache2-mod-php7.2 php7.2-cli php7.2-mbstring php7.2-sqlite3 php7.2-opcache php7.2-json php7.2-mysql php7.2-pgsql php7.2-ldap php7.2-gd php7.2-xml php7.2-zip php7.2-curl unzip

Activer le module Apache Headers :

a2enmod actions headers

Redémarrer Apache :

systemctl restart apache2

Télécharger et installer Kanboard :

cd /var/www
wget https://github.com/kanboard/kanboard/archive/v1.2.8.zip
unzip v1.2.8.zip
rm v1.2.8.zip
mv kanboard-1.2.8 kanboard
chown -R www-data:www-data kanboard

Configuration

Sauvegarder le virtualhost par défaut:

mv /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/000-default.conf.bak

Éditer le virtualhost par défaut et le modifier de la manière suivante (/!\ à adapter à son besoin) :

nano /etc/apache2/sites-available/000-default.conf
    <VirtualHost *:80>
        ServerName   kanboard.domaine.lan
        DocumentRoot /var/www/kanboard/

        <Directory /var/www/kanboard/>
            AllowOverride All
            Options Indexes FollowSymLinks MultiViews
            Order allow,deny
            allow from all
        </Directory>

        <IfModule headers_module>
            Header always set Referrer-Policy "no-referrer"
        </IfModule>

        LogLevel  warn
        ErrorLog  /var/log/apache2/kanboard-error.log
        CustomLog /var/log/apache2/kanboard-access.log combined
    </VirtualHost>

Autoriser le téléversement d'un fichier de 128 Mio avec PHP :

cp -p /etc/php/7.2/apache2/php.ini /etc/php/7.2/apache2/php.ini.bak
cp -p /etc/php/7.2/cli/php.ini /etc/php/7.2/cli/php.ini.bak
sed -i s'/upload_max_filesize = 2M/upload_max_filesize = 128M/' /etc/php/7.2/apache2/php.ini
sed -i s'/post_max_size = 8M/post_max_size = 128M/' /etc/php/7.2/apache2/php.ini
sed -i s'/upload_max_filesize = 2M/upload_max_filesize = 128M/' /etc/php/7.2/cli/php.ini
sed -i s'/post_max_size = 8M/post_max_size = 128M/' /etc/php/7.2/cli/php.ini

Activer le Optimizer Plus Cache dans PHP :

sed -i s'/;opcache.enable=1/opcache.enable=1/' /etc/php/7.2/apache2/php.ini
sed -i s'/;opcache.enable_cli=0/opcache.enable_cli=1/' /etc/php/7.2/apache2/php.ini
sed -i s'/;opcache.memory_consumption=128/opcache.memory_consumption=128/' /etc/php/7.2/apache2/php.ini
sed -i s'/;opcache.interned_strings_buffer=8/opcache.interned_strings_buffer=8/' /etc/php/7.2/apache2/php.ini
sed -i s'/;opcache.max_accelerated_files=10000/opcache.max_accelerated_files=10000/' /etc/php/7.2/apache2/php.ini
sed -i s'/;opcache.revalidate_freq=2/opcache.revalidate_freq=1/' /etc/php/7.2/apache2/php.ini
sed -i s'/;opcache.save_comments=1/opcache.save_comments=1/' /etc/php/7.2/apache2/php.ini

Redémarrer Apache :

systemctl restart apache2

Installation des plugins

Copier le fichier /var/www/kanboard/config.default.php en /var/www/kanboard/config.php et le configurer comme suit :

cp -p /var/www/html/kanboard/config.default.php /var/www/html/kanboard/config.php
nano /var/www/html/kanboard/config.php
// Enable/Disable plugin installer (Disabled by default for security reasons)
// There is no code review or any approval process to submit a plugin.
// This is up to the Kanboard instance owner to validate if a plugin is legit.
define('PLUGIN_INSTALLER', true);

// E-mail address used for the "From" header (notifications)
define('MAIL_FROM', 'kanboard@domaine.lan');

// Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid"
define('MAIL_TRANSPORT', 'smtp');

// SMTP configuration to use when the "smtp" transport is chosen
define('MAIL_SMTP_HOSTNAME', 'smtp.domaine.lan');
define('MAIL_SMTP_PORT', 587);
define('MAIL_SMTP_USERNAME', 'kanboard@domaine.lan');
define('MAIL_SMTP_PASSWORD', 'mot_de_passe');
define('MAIL_SMTP_ENCRYPTION', tls); // Valid values are "null", "ssl" or "tls"

Se connecter dans le navigateur avec les identifiants admin/admin

Changer le mot de passe admin et créer un utilisateur

Dans le profil utilisateur, autoriser l'utilisateur à recevoir des emails

Installer les plugins :

Mise à jour

Sauvegarder l'installation actuelle :

mv /var/www/kanboard/ /var/www/kanboard.old
cd /var/www/

Télécharger et décompresser la nouvelle version :

wget https://github.com/kanboard/kanboard/archive/v1.x.x.zip

unzip /var/www/v1.x.x.zip
mv /var/www/kanboard-1.x.x/ /var/www/kanboard
chown -R www-data:www-data /var/www/kanboard

Copier les dossiers data et plugins ainsi que le fichier config.php de l'installation actuelle vers la nouvelle :

cp -p /var/www/kanboard.old/config.php  /var/www/kanboard/
cp -pR /var/www/kanboard.old/data/  /var/www/kanboard/
cp -pR k/var/www/anboard.old/plugins/  /var/www/kanboard/

Vérifier que la nouvelle installation fonctionne et supprimer l'ancienne :

rm -fR /var/www/kanboard.old

Optionnel

Intégration à LDAP / Active Directory :

nano /var/www/html/kanboard/config.php
// Enable LDAP authentication (false by default)
define('LDAP_AUTH', true);

// LDAP server hostname
define('LDAP_SERVER', 'dc.domaine.lan');

// LDAP server port (389 by default)
define('LDAP_PORT', 389);

// By default, require certificate to be verified for ldaps:// style URL. Set to false to skip the verification
define('LDAP_SSL_VERIFY', false);

// Enable LDAP START_TLS
define('LDAP_START_TLS', false);

// By default Kanboard lowercase the ldap username to avoid duplicate users (the database is case sensitive)
// Set to true if you want to preserve the case
define('LDAP_USERNAME_CASE_SENSITIVE', false);

// LDAP bind type: "anonymous", "user" or "proxy"
define('LDAP_BIND_TYPE', 'proxy');

// LDAP username to use with proxy mode
// LDAP username pattern to use with user mode
define('LDAP_USERNAME', 'kanboard@domaine.lan');

// LDAP password to use for proxy mode
define('LDAP_PASSWORD', '<mot de passe>');

// LDAP DN for users
// Example for ActiveDirectory: CN=Users,DC=kanboard,DC=local
// Example for OpenLDAP: ou=People,dc=example,dc=com
define('LDAP_USER_BASE_DN', 'OU=Utilisateurs,DC=domaine,DC=lan');

// LDAP pattern to use when searching for a user account
// Example for ActiveDirectory: '(&(objectClass=user)(sAMAccountName=%s))'
// Example for OpenLDAP: 'uid=%s'
define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');

// LDAP attribute for username
// Example for ActiveDirectory: 'samaccountname'
// Example for OpenLDAP: 'uid'
define('LDAP_USER_ATTRIBUTE_USERNAME', 'samaccountname');

// LDAP attribute for user full name
// Example for ActiveDirectory: 'displayname'
// Example for OpenLDAP: 'cn'
define('LDAP_USER_ATTRIBUTE_FULLNAME', 'displayname');

// LDAP attribute for user email
define('LDAP_USER_ATTRIBUTE_EMAIL', 'mail');

// LDAP attribute to find groups in user profile
define('LDAP_USER_ATTRIBUTE_GROUPS', 'memberof');

Créer le virtualhost NginX (reverse-proxy) :

/!\ Kanbord inclut ses headers en dur dans config.php et dans divers fichiers. Il ne faut donc pas en ajouter sans raison.

nano/etc/nginx/sites-available/kanboard.docgreen.fr
server {
    listen          80;
    server_name     kanboard.domaine.lan;
    return 301      https://$server_name$request_uri;
}

server {
    listen          443;
    server_name     kanboard.domaine.lan;

    ssl_certificate /etc/letsencrypt/live/kanboard.domaine.lan/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/kanboard.domaine.lan/privkey.pem;

    location / {
        proxy_pass                              http://192.168.10.223;
        proxy_buffering                         off;
        proxy_set_header Host                   $http_host;
        proxy_set_header X-Real-IP              $remote_addr;
        proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto      $scheme;
        proxy_set_header X-Nginx-Scheme         $scheme;
        proxy_set_header X-Forwarded-Port       $server_port;
    }

    location /.well-known/acme-challenge/ {
        root    /var/www/html/kanboard.docgreen.fr;
    }
}

Sources

https://docs.kanboard.org/en/latest/admin_guide/ubuntu_installation.html

https://linuxconfig.org/how-to-change-hostname-on-ubuntu-18-04-bionic-beaver-linux