July 2, 2022
My last post about this for Ubuntu 20.04 has by far been the most popular blog post that I’ve written so far, so lets get that guide up to date with the latest Ubuntu Server LTS and add some extra info for security and management of the server. Just in case you don’t know, BookStack is a free and open source Wiki software.
The first thing you need to do is install Ubuntu Server 22.04 on any platform of your choice. Personally I am still using Linode for this, however any provider or even self-hosting would work just fine for this.
Once that is complete we can move onto installing BookStack itself, this is very easy and these couple of instructions are directly from their Wiki.
# Download the script wget https://raw.githubusercontent.com/BookStackApp/devops/main/scripts/installation-ubuntu-22.04.sh # Make it executable chmod a+x installation-ubuntu-22.04.sh # Run the script with admin permissions sudo ./installation-ubuntu-22.04.sh
Enter your domain name that the server will be hosted at when prompted.
Once that completes you should be able to access BookStack in your browser. With the default username being
[email protected] and password being
password, these should be changed, but first lets setup SSL to make secure.
First thing to do is install certbot and get the certificate generated.
apt install certbot certbot certonly --webroot --agree-tos --email <your email addreess> -d <your domain> --webroot-path /var/www/bookstack/public # Finally add the following to your crontab # 0 0 * * * certbot renew
Once that is done we can configure Apache to use the certificate for Bookstack.
This is what the file should look like before:
<VirtualHost *:80> ServerName <your domain name> ...
This is after making the required changes: (the only changes required happen above line 10)
<VirtualHost *:80> ServerName <your domain name> Redirect permanent / https://<your domain name>/ </VirtualHost> <VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/letsencrypt/live/<your domain name>/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/<your domain name>/privkey.pem ServerName <your domain name> ...
Finally you need to enable SSL on Apache2 and restart the service:
a2enmod ssl systemctl restart apache2.service
The following script can be used to easily update Bookstack and clear the caches once the update completes.
cd /var/www/bookstack; git pull origin release; composer install --no-dev; php artisan migrate; php artisan cache:clear; php artisan config:clear; php artisan view:clear;
I have personally found that Amazon SES has been the easiest and cheapest way to send emails, currently this costs me around $0.03 per month. The same steps here could be setup with a Gmail account for free, however I think this is technically against their ToS so try that at your own risk.
/var/www/bookstack/.env file you can set this up with something similar to the following:
# Mail system to use # Can be 'smtp' or 'sendmail' MAIL_DRIVER=smtp # Mail sender details MAIL_FROM_NAME="Administrator" [email protected] # SMTP mail options # These settings can be checked using the "Send a Test Email" # feature found in the "Settings > Maintenance" area of the system. MAIL_HOST=email-smtp.us-east-1.amazonaws.com # For gmail: smtp.gmail.com MAIL_PORT=25 MAIL_USERNAME=[your username here] MAIL_PASSWORD=[your password here] MAIL_ENCRYPTION=tls
I would personally recommend adding the following couple of options in your
SESSION_SECURE_COOKIE=true LOG_FAILED_LOGIN_MESSAGE="Failed login for %u" # Needed for setting up fail2ban as well
I would also recommend changing these few settings in the Bookstack Settings:
Settings > Users > Administrator.
Multi-Factor Authenticationfor the Administrator user.
Enable higher security image uploadsin
Settings > General > Features & Security.
Requires Multi-Factor Authenticationfor Admin users in
Settings > Roles > Admin.
If you don’t want the information on your Wiki to be public, you can disable the following settings:
Settings > General > Registration.
Allow public accessin
Settings > General > Features & Security.
Disabling registration doesn’t mean that you can’t add people to the site though. If you go to
Settings > Users you can still invite people to your wiki using the
Add new user button here.
Aaaaaaaand just like that your site should be ready to use! Its a fairly simple setup, and below you can find some extra steps to take afterwards to help keep it secure.