Installing BookStack on Ubuntu Server 22.04 with SSL

Installing BookStack on Ubuntu Server 22.04 with SSL

July 2, 2022

My last post about this for Ubuntu 20.04 has by far been the most popular blog post that I’ve written so far, so lets get that guide up to date with the latest Ubuntu Server LTS and add some extra info for security and management of the server. Just in case you don’t know, BookStack is a free and open source Wiki software.


The first thing you need to do is install Ubuntu Server 22.04 on any platform of your choice. Personally I am still using Linode for this, however any provider or even self-hosting would work just fine for this.

Once that is complete we can move onto installing BookStack itself, this is very easy and these couple of instructions are directly from their Wiki.

# Download the script

# Make it executable
chmod a+x

# Run the script with admin permissions
sudo ./

Enter your domain name that the server will be hosted at when prompted.

Once that completes you should be able to access BookStack in your browser. With the default username being [email protected] and password being password, these should be changed, but first lets setup SSL to make secure.


First thing to do is install certbot and get the certificate generated.

apt install certbot

certbot certonly --webroot --agree-tos --email <your email addreess> -d <your domain> --webroot-path /var/www/bookstack/public

# Finally add the following to your crontab
# 0 0 * * * certbot renew

Once that is done we can configure Apache to use the certificate for Bookstack.

This is what the file should look like before:

<VirtualHost *:80>
    ServerName <your domain name>


This is after making the required changes: (the only changes required happen above line 10)

<VirtualHost *:80>
    ServerName <your domain name>
    Redirect permanent / https://<your domain name>/

<VirtualHost *:443>
    SSLEngine On
    SSLCertificateFile /etc/letsencrypt/live/<your domain name>/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/<your domain name>/privkey.pem
    ServerName <your domain name>

Finally you need to enable SSL on Apache2 and restart the service:

a2enmod ssl

systemctl restart apache2.service

Bookstack updates

The following script can be used to easily update Bookstack and clear the caches once the update completes.

cd /var/www/bookstack;
git pull origin release;
composer install --no-dev;
php artisan migrate;

php artisan cache:clear;
php artisan config:clear;
php artisan view:clear;

SMTP Setup

I have personally found that Amazon SES has been the easiest and cheapest way to send emails, currently this costs me around $0.03 per month. The same steps here could be setup with a Gmail account for free, however I think this is technically against their ToS so try that at your own risk.

In your /var/www/bookstack/.env file you can set this up with something similar to the following:

# Mail system to use
# Can be 'smtp' or 'sendmail'

# Mail sender details
[email protected]

# SMTP mail options
# These settings can be checked using the "Send a Test Email"
# feature found in the "Settings > Maintenance" area of the system. # For gmail:
MAIL_USERNAME=[your username here]
MAIL_PASSWORD=[your password here]

Security Settings

I would personally recommend adding the following couple of options in your /var/www/bookstack/.env file:

LOG_FAILED_LOGIN_MESSAGE="Failed login for %u" # Needed for setting up fail2ban as well

I would also recommend changing these few settings in the Bookstack Settings:

  1. Change the username and password of the Administrator user in Settings > Users > Administrator.
  2. Enable Multi-Factor Authentication for the Administrator user.
  3. Enable Enable higher security image uploads in Settings > General > Features & Security.
  4. Enable Requires Multi-Factor Authentication for Admin users in Settings > Roles > Admin.

If you don’t want the information on your Wiki to be public, you can disable the following settings:

  1. Disable Enable registration in Settings > General > Registration.
  2. Disable Allow public access in Settings > General > Features & Security.

Disabling registration doesn’t mean that you can’t add people to the site though. If you go to Settings > Users you can still invite people to your wiki using the Add new user button here.

Next steps

Aaaaaaaand just like that your site should be ready to use! Its a fairly simple setup, and below you can find some extra steps to take afterwards to help keep it secure.

  1. Setup ufw to block SSH from untrusted IP addresses.
  2. Setup fail2ban to block brute force attacks from logging into your server.