如何使用 Nginx 安装 Wekan Kanban 并在 Debian 10 上加密 SSL
在此页
- 先决条件
- 开始
- 安装 Wekan
- 管理 Wekan 和 MongoDB 服务
- 将 Nginx 配置为反向代理
- 使用 Lets Encrypt 免费 SSL 保护 Wekan
- 访问 Wekan 网络界面
Wekan 是一个免费的开源看板,使用 Meteor JavaScript 框架构建,并在 MIT 许可下分发。它与 Workflowy 和 Trello 非常相似,可以帮助您管理日常任务、准备待办事项列表、管理其他人等。它带有完全响应式的 Web 界面,并已翻译成多种语言。 Wekan 具有丰富的功能,包括导出 Wekan 看板、导入 Trello 看板、SMTP 设置、恢复存档的看板、用户管理模块、拖放功能等等。
在本教程中,我们将向您展示如何在 Debian 10 上使用 Nginx 作为代理服务器安装 Wekan 看板。
先决条件
- 运行 Debian 10 的服务器。
- 用您的服务器 IP 指向的有效域名。
- 在您的服务器上配置了根密码。
入门
在开始之前,建议使用以下命令将您的服务器更新为最新版本:
apt-get update -y
apt-get upgrade -y服务器更新后,重新启动它以实施更改。
安装 Wekan
在 Debian 10 上安装 Wekan 的最简单方法是使用 snap。默认情况下,快照包在 Debian 10 存储库中可用。您可以通过运行以下命令来安装它:
apt-get install snapd -y快照进入/停止后,您可以通过运行以下命令来安装 Wekan:
snap install wekan安装 Wekan 后,它会自动启动 Wekan 和 Mongodb 服务。
您可以使用以下命令查看 Wekan 服务的状态:
systemctl status snap.wekan.wekan您应该看到以下输出:
? snap.wekan.wekan.service - Service for snap application wekan.wekan
Loaded: loaded (/etc/systemd/system/snap.wekan.wekan.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2019-12-22 07:43:34 UTC; 7s ago
Main PID: 7836 (wekan-control)
Tasks: 11 (limit: 2359)
Memory: 156.3M
CGroup: /system.slice/snap.wekan.wekan.service
??7836 /bin/bash /snap/wekan/678/bin/wekan-control
??8522 /snap/wekan/678/bin/node main.js
Dec 22 07:43:35 debian10 wekan.wekan[7836]: HEADER_LOGIN_EMAIL=Header login email. Example for siteminder: HEADEREMAILADDRESS (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: LOGOUT_WITH_TIMER=false (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: LOGOUT_IN= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: LOGOUT_ON_HOURS= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: LOGOUT_ON_MINUTES= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: DEFAULT_AUTHENTICATION_METHOD= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: ATTACHMENTS_STORE_PATH= (default value)
Dec 22 07:43:35 debian10 wekan.wekan[7836]: MONGO_URL=mongodb://127.0.0.1:27019/wekan
Dec 22 07:43:37 debian10 wekan.wekan[7836]: Presence started serverId=ijqY8RbEWv8Hg9RSb
Dec 22 07:43:38 debian10 wekan.wekan[7836]: Meteor APM: completed instrumenting the app
默认情况下,Wekan 运行在 8080 端口。如果要将 Wekan 端口更改为 3001,请运行以下命令:
snap set wekan port='3001'接下来,重启 Wekan 和 MongoDB 服务以应用更改:
systemctl restart snap.wekan.mongodb
systemctl restart snap.wekan.wekan管理 Wekan 和 MongoDB 服务
要启动和停止 Wekan 服务,请运行以下命令:
systemctl stop snap.wekan.wekan
systemctl start snap.wekan.wekan要启动和停止 MongoDB 服务,请运行以下命令:
systemctl stop snap.wekan.mongodb
systemctl start snap.wekan.mongodb配置 Nginx 作为反向代理
Wekan 现已安装并侦听端口 3001。接下来,最好在 Nginx 代理后面运行 Wekan。
为此,首先使用以下命令安装 Nginx Web 服务器:
apt-get install nginx -y安装后,打开 /etc/nginx/nginx.conf 文件并设置 hash_bucket_size:
nano /etc/nginx/nginx.conf取消注释以下行:
server_names_hash_bucket_size 64;
完成后保存并关闭文件。然后,重新启动 Nginx 服务以应用更改:
systemctl restart nginx接下来,为 Wekan 创建一个 Nginx 虚拟主机文件,如下所示:
nano /etc/nginx/conf.d/wekan.conf添加以下行:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name wekan.linuxbuz.com;
if ($http_user_agent ~ "MSIE" ) {
return 303 https://browser-update.org/update.html;
}
location / {
proxy_pass http://127.0.0.1:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; # allow websockets
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP
}
}
完成后保存并关闭文件。然后,使用以下命令检查 Nginx 是否有任何语法错误:
nginx -t您应该看到以下输出:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
最后,重启 Nginx 服务以应用更改:
systemctl restart nginx此时,Nginx 配置为将请求转发到 Wekan 端口 3001。
使用 Lets Encrypt 免费 SSL 保护 Wekan
接下来,建议使用 Lets Encrypt 免费 SSL 来保护 Wekan。为此,您需要在服务器上安装 Certbot 客户端。 Certbot 是一个 Lets Encrypt 客户端,可用于下载免费的 SSL 并配置 Nginx 以使用此证书。
默认情况下,最新版本的 Certbot 在 Debian 10 默认存储库中不可用。因此,您需要在服务器上添加 Certbot 存储库。
您可以使用以下命令添加存储库:
echo "deb http://ftp.debian.org/debian buster-backports main" >> /etc/apt/sources.list接下来,更新存储库并使用以下命令安装 Certbot 客户端:
apt-get update -y
apt-get install python-certbot-nginx -t buster-backports安装完成后,运行以下命令为您的域获取并安装 SSL 证书:
certbot --nginx -d wekan.linuxbuz.com您将被要求提供您的电子邮件地址并接受服务条款,如下所示:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for wekan.linuxbuz.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/conf.d/wekan.conf
接下来,您需要选择是否将 HTTP 流量重定向到 HTTPS:
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
键入 2 并按 Enter 键开始安装过程。安装完成后,您应该得到以下输出:
Redirecting all traffic on port 80 to ssl in /etc/nginx/conf.d/wekan.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled https://wekan.linuxbuz.com
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=wekan.linuxbuz.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/wekan.linuxbuz.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/wekan.linuxbuz.com/privkey.pem
Your cert will expire on 2020-03-25. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the "certonly" option. To non-interactively renew *all* of
your certificates, run "certbot renew"
- Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
访问 Wekan Web 界面
现在打开您的 Web 浏览器并输入 URL https://wekan.linuxbuz.com。您将被重定向到以下页面:
单击“注册”按钮。您应该会看到以下页面:
提供您想要的用户名、密码、电子邮件,然后单击“注册”按钮。接下来,单击登录按钮。您应该会看到以下页面:
提供您的用户名、密码,然后单击“登录”按钮。您应该在以下页面中看到 Wekan 仪表板:
就这样吧。您已在 Debian 10 服务器上成功安装 Wekan 看板,并使用 Lets Encrypt 免费 SSL 对其进行保护。