-
Notifications
You must be signed in to change notification settings - Fork 0
Install Wekan Docker in production
Purpose: run Wekan on a production Linux server with Docker and Apache as a front-end (reverse proxy)
Install Docker and install Docker-Compose.
- Let say we create a dedicated user for Wekan :
sudo useradd -d /home/wekan -m -s /bin/bash wekan. - Add this user to the docker group:
sudo usermod -aG docker wekan - Create the file
/home/wekan/docker-compose.ymlcontaining:
wekan:
image: mquandalle/wekan
links:
- wekandb
environment:
- MONGO_URL=mongodb://wekandb/wekan
- ROOT_URL=http://mytodo.org
- MAIL_URL=smtp://user:[email protected]:25/
- [email protected]
ports:
- 8081:80
wekandb:
image: mongo
volumes:
- /home/wekan/data:/data/dbNote: we want to preserve the port 80 on the host, so we bind Wekan on port 8081. This port 8081 will next be bound to a vhost in apache (thus on port 80).
Note: to start the wekan containers automatically on boot, use the restart: always policy. e.g.
wekan:
image: mquandalle/wekan
restart: always
...
Info: Default DB user: wekandb. Default DB name: wekan.
You could use a mail server out-side of your machine (like you see above). Or you could start another Docker container which runs Postfix (try the marvambass/versatile-postfix Docker image).
If you already got a Postfix running on your host machine, you can add the local IP address to the docker-compose.yml file and use the hostname in the MAIL_URL:
environment:
[...]
- MAIL_URL=smtp://mailserver
- [email protected]
extra_hosts:
- "mailserver:192.168.1.20"
Note: 192.168.1.20 needs to be changed to your local server IP address.
And finally add the Docker IP range (172.17.x.x) to the Postfix trusted networks list (/etc/postfix/main.cf):
mynetworks = 127.0.0.0/8 172.17.0.0/16 [::ffff:127.0.0.0]/104 [::1]/128
- Enable Mod_Proxy:
sudo a2enmod proxy proxy_http proxy_wstunnelthen restart Apacheservice apache2 restart - Configure your virtual host (vhost)
Let say you have the following "mytodo.org" vhost configured in /etc/apache2/sites-available/mytodo.org.conf:
<VirtualHost *:80>
ServerName mytodo.org
ServerAdmin [email protected]
DocumentRoot /var/www-vhosts/mytodo.org
<Directory />
Options FollowSymLinks
AllowOverride AuthConfig FileInfo Indexes Options=MultiViews
</Directory>
<Directory /var/www-vhosts/mytodo.org>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride AuthConfig FileInfo Indexes Options=MultiViews
Require all granted
</Directory>
ErrorLog /var/log/apache2/mytodo.org-error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/mytodo.org-access.log combined
ServerSignature Off
</VirtualHost>Add the following lines at the end just before </VirtualHost>:
ProxyPassMatch "^/(sockjs\/.*\/websocket)$" "ws://127.0.0.1:8081/$1"
ProxyPass "/" "http://127.0.0.1:8081/"
ProxyPassReverse "/" "http://127.0.0.1:8081/"Note: if not already done, don't forget to enable your vhost sudo a2ensite mytodo.org
Reload Apache sudo service apache2 reload
Apache Mod_Proxy documentation
Existing configuration:
server {
listen 123.45.67.89:80;
server_name mytodo.org;
access_log /var/log/nginx/mytodo_access.log;
error_log /var/log/nginx/mytodo_error.log;
[...]
}Add the following after the error_log line:
location / {
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8081;
}
location ~ websocket$ {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
}And the following above your server line
upstream websocket {
server 127.0.0.1:8081;
}
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}As wekan user and from /home/wekan, run docker-compose up -d
- Verify everything works
This procedure has been tested on:
- VPS-SSD 2016 from OVH with Ubuntu 14.04
- About
- No UI major redesign
- Test Edge
- FAQ
- IRC FAQ - answers to questions asked at IRC
- Roadmap - board at Wekan demo
- Team
- Press
- Blog
- NOT related to Wekan
- Wekan vs Trello vs Restyaboard
- Features
- Custom Logo
- Gantt Chart
- Admin: Impersonate user
- Emoji etc syntax
- Numbered text syntax
- Time Tracking
- Subtasks <== Has fix
- Templates
- Archive and Delete
- Adding Users
- LDAP
- Keycloak
- Google login
- Azure
- OAuth2, Auth0, GitLab, RocketChat
- Oracle OIM on premise using OAuth2
- ADFS 4.0 using OAuth2 and OpenID
- Nextcloud
- CAS Please test
- SAML Please test
- IFTTT
- Custom Fields
- Due Date
- Forgot Password
- Requirements
- Translations
- Roadmap
- Fix Export board menu not visible on some boards
- Integrations
- RAM usage
- Demo
- Swimlane Documentation
- Wekan Markdown
- Download Wekan for various Platforms: Supported by xet7, Operating Systems, NAS, Cloud
- Example: New card with Python3 and REST API
- Python client to REST API
- Java
- Wekan Sandstorm cards to CSV using Python
- Excel and VBA
- Global Webhook
- Limiting Webhook data
- Receiving Webhooks
- Outgoing Webhook to Discord/Slack/RocketChat/Riot
- Outgoing Webhook to NodeRed
- Outgoing Webhook to PowerShell
- Security: Webhook and CA
- Outgoing Webhooks Data
- Outgoing Webhooks and Let's Encrypt
- Outgoing Webhooks Original Pull Request, multiple Webhooks, more parameters and response order