July 2, 2022
My last post about this for Ubuntu 20.04 has by far been the most popular blog post that I’ve written so far, so lets get that guide up to date with the latest Ubuntu Server LTS and add some extra info for security and management of the server. Just in case you don’t know, BookStack is a free and open source Wiki software.
The first thing you need to do is install Ubuntu Server 22.04 on any platform of your choice. Personally I am still using Linode for this, however any provider or even self-hosting would work just fine for this.
Once that is complete we can move onto installing BookStack itself, this is very easy and these couple of instructions are directly from their Wiki.
# Download the script
wget https://raw.githubusercontent.com/BookStackApp/devops/main/scripts/installation-ubuntu-22.04.sh
# Make it executable
chmod a+x installation-ubuntu-22.04.sh
# Run the script with admin permissions
sudo ./installation-ubuntu-22.04.sh
Enter your domain name that the server will be hosted at when prompted.
Once that completes you should be able to access BookStack in your browser. With the default username being [email protected] and password being password, these should be changed, but first lets setup SSL to make secure.
First thing to do is install certbot and get the certificate generated.
apt install certbot
certbot certonly --webroot --agree-tos --email <your email addreess> -d <your domain> --webroot-path /var/www/bookstack/public
# Finally add the following to your crontab
# 0 0 * * * certbot renewOnce that is done we can configure Apache to use the certificate for Bookstack.
This is what the file should look like before:
<VirtualHost *:80>
ServerName <your domain name>
...This is after making the required changes: (the only changes required happen above line 10)
<VirtualHost *:80>
ServerName <your domain name>
Redirect permanent / https://<your domain name>/
</VirtualHost>
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/<your domain name>/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/<your domain name>/privkey.pem
ServerName <your domain name>
...Finally you need to enable SSL on Apache2 and restart the service:
a2enmod ssl
systemctl restart apache2.serviceThe following script can be used to easily update Bookstack and clear the caches once the update completes.
cd /var/www/bookstack;
git pull origin release;
composer install --no-dev;
php artisan migrate;
php artisan cache:clear;
php artisan config:clear;
php artisan view:clear;
I have personally found that Amazon SES has been the easiest and cheapest way to send emails, currently this costs me around $0.03 per month. The same steps here could be setup with a Gmail account for free, however I think this is technically against their ToS so try that at your own risk.
In your /var/www/bookstack/.env file you can set this up with something similar to the following:
# Mail system to use
# Can be 'smtp' or 'sendmail'
MAIL_DRIVER=smtp
# Mail sender details
MAIL_FROM_NAME="Administrator"
[email protected]
# SMTP mail options
# These settings can be checked using the "Send a Test Email"
# feature found in the "Settings > Maintenance" area of the system.
MAIL_HOST=email-smtp.us-east-1.amazonaws.com # For gmail: smtp.gmail.com
MAIL_PORT=25
MAIL_USERNAME=[your username here]
MAIL_PASSWORD=[your password here]
MAIL_ENCRYPTION=tls
I would personally recommend adding the following couple of options in your /var/www/bookstack/.env file:
SESSION_SECURE_COOKIE=true
LOG_FAILED_LOGIN_MESSAGE="Failed login for %u" # Needed for setting up fail2ban as well
I would also recommend changing these few settings in the Bookstack Settings:
Settings > Users > Administrator.Multi-Factor Authentication for the Administrator user.Enable higher security image uploads in Settings > General > Features & Security.Requires Multi-Factor Authentication for Admin users in Settings > Roles > Admin.If you don’t want the information on your Wiki to be public, you can disable the following settings:
Enable registration in Settings > General > Registration.Allow public access in Settings > General > Features & Security.Disabling registration doesn’t mean that you can’t add people to the site though. If you go to Settings > Users you can still invite people to your wiki using the Add new user button here.
Aaaaaaaand just like that your site should be ready to use! Its a fairly simple setup, and below you can find some extra steps to take afterwards to help keep it secure.