Installing BookStack on Ubuntu Server 20.04 with SSL

Installing BookStack on Ubuntu Server 20.04 with SSL


May 21, 2020

BookStack is a free and open source Wiki software. Its powerful markdown editor and ease of use has made it a popular alternative to software such as DokuWiki and Wiki.js. It is also very easy to setup and get running. In this article I will show you how to install and configure BookStack to work on Ubuntu Server 20.04 with an SSL certificate from LetsEncrypt.

The first thing you need to do is install Ubuntu Server 20.04 on any platform of your choice. Personally I use Linode, however any provider or even self-hosting would work just fine for this.

Once that is complete we can move onto installing BookStack itself, this is very easy and these couple of instructions are directly from their Wiki.

# Download the script
wget https://raw.githubusercontent.com/BookStackApp/devops/master/scripts/installation-ubuntu-20.04.sh

# Make it executable
chmod a+x installation-ubuntu-20.04.sh

# Run the script with admin permissions
sudo ./installation-ubuntu-20.04.sh

Enter your domain name that the server will be hosted at when prompted.

Once that completes you should be able to access BookStack in the browser. With the default username being [email protected] and password being password, these should be changed, but first lets setup SSL to make secure.

First thing to do is install certbot and get the certificate generated.

apt install certbot

certbot certonly --webroot --agree-tos --email <your email addreess> -d <your domain> --webroot-path /var/www/bookstack/public

# Finally add the following to your crontab
# 0 0 * * * certbot renew

Once that is done we can configure Apache to use the certificate for Bookstack.

This is what the file should look like before:

<VirtualHost *:80>
    ServerName <your domain name>

...

This is after making the required changes: (the only changes required happen above line 10)

<VirtualHost *:80>
    ServerName <your domain name>
    Redirect permanent / https://<your domain name>/
</VirtualHost>

<VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/<your domain name>/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/<your domain name>/privkey.pem
    ServerName <your domain name>
                                                                                               
...

Finally you need to enable SSL on Apache2 and restart the service:

a2enmod ssl

systemctl restart apache2.service

Aaaaaaaand just like that you’re done! Its a fairly simple setup, and below you can find some extra steps for afterwards to help keep it secure.

  1. Change the admin users password and email address.
  2. Setup SMTP for password resets.
  3. Add SESSION_SECURE_COOKIE=true to /var/www/bookstack/.env so cookies are only delivered over SSL.
  4. Setup UFW to block SSH from un-trusted IP addresses.
  5. Setup fail2ban to block brute force attacks from logging into your server.