Skip to content

Install Wekan Docker in production

Lauri Ojansivu edited this page Jul 16, 2017 · 35 revisions

Purpose: run Wekan on a production Linux server with Docker and Apache or Nginx as a front-end server (reverse proxy)

1. Install Docker and Docker-compose

Install Docker and install Docker-Compose.

  • Docker-Compose:
curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose

2. Configure Wekan

version: '2'

services:

  wekandb:
    image: mongo:3.2.14
    container_name: wekan-db
    command: mongod --smallfiles --oplogSize 128
    networks:
      - wekan-tier
    expose:
      - 27017
    volumes:
      - wekan-db:/data/db
      - wekan-db-dump:/dump

  wekan:
    image: wekanteam/wekan:latest
    container_name: wekan-app
    networks:
      - wekan-tier
    ports:
      - 8081:80
    environment:
      - MONGO_URL=mongodb://wekandb:27017/wekan
      - ROOT_URL=http://example.com
      - MAIL_URL=smtp://user:[email protected]:25/
      - [email protected]
    depends_on:
      - wekandb

volumes:
  wekan-db:
    driver: local
  wekan-db-dump:
    driver: local

networks:
  wekan-tier:
    driver: bridge

Note: we want to preserve the port 80 on the host, so we bind Wekan on port 8081. This port 8081 will next be bound to a vhost in apache (thus on port 80).

Note: to start the wekan containers automatically on boot, use the restart: always policy on both containers. e.g.

wekan:
  image: wekanteam/wekan:latest
  restart: always
  ...

wekandb:
  image: mongo:3.2.12
  restart: always
  ...

Info: Default DB user: wekandb. Default DB name: wekan.

3. Configure Mail Server

You can choose to NOT configure a mail server, by not providing the MAIL_URL & MAIL_FROM environment parameters. Instead the mail message will be send to the terminal output. See FAQ for more info.

If you want to configure a mail server, you could use a mail server out-side of your machine (like the example above). Or you could start another Docker container which runs Postfix (try the marvambass/versatile-postfix Docker image).

If you already got a Postfix service running on your host machine, you can add the local IP address to the docker-compose.yml file and use the hostname in the MAIL_URL:

environment:
  [...]
 - MAIL_URL=smtp://mailserver
 - [email protected]
extra_hosts:
 - "mailserver:192.168.1.20"

Note: 192.168.1.20 needs to be changed to your local server IP address.

And finally add the Docker IP range (172.17.x.x) to the Postfix trusted networks list in /etc/postfix/main.cf:

mynetworks = 127.0.0.0/8 172.17.0.0/16 [::ffff:127.0.0.0]/104 [::1]/128  

4. Configure webserver as a front-end proxy

4.a Apache

  • Enable Mod_Proxy: sudo a2enmod proxy proxy_http proxy_wstunnel then restart Apache service apache2 restart
  • Configure your virtual host (vhost)

Let say you have the following "mytodo.org" vhost configured in /etc/apache2/sites-available/mytodo.org.conf:

<VirtualHost *:80>
        ServerName mytodo.org
        ServerAdmin [email protected]

        DocumentRoot /var/www-vhosts/mytodo.org
        <Directory />
                Options FollowSymLinks
                AllowOverride AuthConfig FileInfo Indexes Options=MultiViews
        </Directory>

        <Directory /var/www-vhosts/mytodo.org>
                Options -Indexes +FollowSymLinks +MultiViews
                AllowOverride AuthConfig FileInfo Indexes Options=MultiViews
                Require all granted
        </Directory>

        ErrorLog /var/log/apache2/mytodo.org-error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/mytodo.org-access.log combined
        ServerSignature Off
</VirtualHost>

Add the following lines at the end just before </VirtualHost>:

        ProxyPassMatch   "^/(sockjs\/.*\/websocket)$" "ws://127.0.0.1:8081/$1"
        ProxyPass        "/" "http://127.0.0.1:8081/"
        ProxyPassReverse "/" "http://127.0.0.1:8081/"

Note: if not already done, don't forget to enable your vhost sudo a2ensite mytodo.org

Reload Apache sudo service apache2 reload

Apache Mod_Proxy documentation

4.b nginx

Existing configuration:

server {
    listen 123.45.67.89:80;
    server_name mytodo.org;

    access_log  /var/log/nginx/mytodo_access.log;
    error_log   /var/log/nginx/mytodo_error.log;

    [...]
}

Add the following after the error_log line:

location / {
   proxy_read_timeout      300;
   proxy_connect_timeout   300;
   proxy_redirect          off;

   proxy_set_header    Host                $http_host;
   proxy_set_header    X-Real-IP           $remote_addr;
   proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
   proxy_set_header    X-Forwarded-Proto   $scheme;
      
   proxy_pass http://127.0.0.1:8081;
 }

location ~ websocket$ {
   proxy_pass http://websocket;
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection $connection_upgrade;
}

And the following above your server line

upstream websocket {
    server 127.0.0.1:8081;
}

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

5. Launch Wekan

As wekan user and from /home/wekan, run docker-compose up -d

6. Improvements to bring to this doc

  • Verify everything works

7. Tested on...

This procedure has been tested on:

Wekan

General

Support priorities for new features and bugfixes

  1. Commercial Support
  2. Community Support
  3. Debugging

Security

Backup

Repair

Themes

Features

Email

Logs and Stats

Migrating

Required Settings

Download

Webservers

REST API Docs

REST API issue

REST API client code

Webhooks

Case Studies

Development

Issues

Clone this wiki locally