如何使用Nginx安装Wekan看板并在Debian 10上加密SSL

如何使用Nginx安装Wekan看板并在Debian 10上加密SSL

Wekan是一个免费的开源看板板,基于Meteor JavaScript框架构建,并已获得MIT许可。它与Workflowy和Trello非常相似,它们可以帮助您管理日常任务,准备待办事项列表,管理其他任务等等。它带有完全响应的Web界面,并已翻译成多种语言。 Wekan包含大量功能,例如导出Wekan板,导入Trello板,SMTP设置,还原存档的板,用户管理模块以及拖放功能。

本教程介绍了如何使用Nginx作为代理服务器在Debian 10上安装Wekan看板。

前提条件

  • 运行Debian 10的服务器。
  • 服务器IP指定的有效域名。
  • 在服务器上配置了root密码。

引言

开始之前,建议您使用以下命令将服务器更新到最新版本:

apt-get update -y apt-get upgrade -y

更新服务器后,请重新启动服务器以实施更改。

安装Wekan

在Debian 10上安装Wekan的最简单方法是使用snap。默认情况下,Snap软件包在Debian 10仓库中可用。您可以通过运行以下命令进行安装:

apt-get install snapd -y

安装/安装了快照之后,您可以通过运行以下命令来安装Wekan:

snap install wekan

安装Wekan后,Wekan和Mongodb服务将自动启动。

您可以使用以下命令检查Wekan服务的状态:

systemctl status snap.wekan.wekan

您将看到以下输出:

? snap.wekan.wekan.service - Service for snap application wekan.wekan
   Loaded: loaded (/etc/systemd/system/snap.wekan.wekan.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-12-22 07:43:34 UTC; 7s ago
 Main PID: 7836 (wekan-control)
    Tasks: 11 (limit: 2359)
   Memory: 156.3M
   CGroup: /system.slice/snap.wekan.wekan.service
           ??7836 /bin/bash /snap/wekan/678/bin/wekan-control
           ??8522 /snap/wekan/678/bin/node main.js

Dec 22 07:43:35 debian10 wekan.wekan[7836]: HEADER_LOGIN_EMAIL=Header login email. Example for siteminder: HEADEREMAILADDRESS (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: LOGOUT_WITH_TIMER=false (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: LOGOUT_IN= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: LOGOUT_ON_HOURS= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: LOGOUT_ON_MINUTES= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: DEFAULT_AUTHENTICATION_METHOD= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: ATTACHMENTS_STORE_PATH= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: MONGO_URL=mongodb://127.0.0.1:27019/wekan
Dec 22 07:43:37 debian10 wekan.wekan[7836]: Presence started serverId=ijqY8RbEWv8Hg9RSb
Dec 22 07:43:38 debian10 wekan.wekan[7836]: Meteor APM: completed instrumenting the app

默认情况下,Wekan在端口8080上运行。要将Wekan端口更改为3001,请执行以下命令:

snap set wekan port='3001'

接下来,重新启动Wekan和MongoDB服务以应用更改。

systemctl restart snap.wekan.mongodb systemctl restart snap.wekan.wekan

管理Wekan和MongoDB服务

要启动和停止Wekan服务,请执行以下命令:

systemctl stop snap.wekan.wekan systemctl start snap.wekan.wekan

要启动和停止MongoDB服务,请执行以下命令:

systemctl stop snap.wekan.mongodb systemctl start snap.wekan.mongodb

将Nginx配置为反向代理

Wekan已安装并在端口上监听 3001。接下来,我们建议在Nginx代理后面运行Wekan。

为此,请首先使用以下命令安装Nginx Web服务器:

apt-get install nginx -y

安装后,打开/etc/nginx/nginx.conf文件并设置hash_bucket_size。

nano /etc/nginx/nginx.conf

取消注释以下行:

        server_names_hash_bucket_size 64;

完成后,保存并关闭文件。接下来,重新启动Nginx服务以应用更改。

systemctl restart nginx

接下来,如下所示为Wekan创建一个Nginx虚拟主机文件。

nano /etc/nginx/conf.d/wekan.conf

添加以下行:

map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}
server {
    listen 80;
    server_name wekan.linuxbuz.com;
    if ($http_user_agent ~ "MSIE" ) {
        return 303 https://browser-update.org/update.html;
    }
    location / {
        proxy_pass http://127.0.0.1:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade; # allow websockets
        proxy_set_header Connection $connection_upgrade;
        proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP
    }
}

完成后,保存并关闭文件。接下来,使用以下命令检查Nginx语法错误:

nginx -t

您将看到以下输出:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

最后,重新启动Nginx服务以应用更改。

systemctl restart nginx

此时,Nginx已配置为将请求转发到Wekan端口3001。

通过免费的SSL加密保护Wekan

接下来,我们建议使用“让我们加密免费的SSL”保护Wekan。为此,您需要在服务器上安装Certbot客户端。 Certbot是一个Let’s Encrypt客户端,可用于下载免费的SSL并将Nginx配置为使用此证书。

默认情况下,默认Debian 10存储库中不提供最新版本的Certbot。因此,您需要将Certbot存储库添加到服务器。

您可以使用以下命令添加存储库:

echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list

接下来,更新存储库并使用以下命令安装Certbot客户端:

apt-get update -y apt-get install python-certbot-nginx -t buster-backports

安装完成后,运行以下命令获取并安装域SSL证书:

certbot --nginx -d wekan.linuxbuz.com

系统将要求您输入电子邮件地址并接受如下所示的条款和条件。

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wekan.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/wekan.conf

接下来,您需要选择是否将HTTP流量重定向到HTTPS。

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2

键入2,然后按Enter键开始安装过程。安装完成后,您将获得以下输出:

Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/wekan.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://wekan.linuxbuz.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=wekan.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/wekan.linuxbuz.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/wekan.linuxbuz.com/privkey.pem
   Your cert will expire on 2020-03-25. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

访问Wekan Web界面

接下来,打开您的Web浏览器并输入URL https://wekan.linuxbuz.com。您将被重定向到下一页。

请点击 报名 按钮显示以下页面。

创建一个帐号

输入所需的用户名,密码和电子邮件地址,然后单击 报名 按钮然后点击 签收 按钮显示以下页面。

登入

输入您的用户名,密码,然后单击 签收 按钮下一页显示Wekan仪表板。

维坎看板

现在就这样。 Wekan看板已成功安装在Debian 10服务器上,并使用Let’s Encrypt free SSL受保护。

Source

Sidebar