This commit is contained in:
alban 2019-09-07 22:32:42 +02:00
commit 32f158b57b
2 changed files with 355 additions and 0 deletions

71
README.md Normal file
View File

@ -0,0 +1,71 @@
# Wekan BASH Installer
## Why using this script?
If like me, you want to run Wekan on Debian and the [install options](https://github.com/wekan/wekan/wiki/Platforms) don't fit your model.
**Debian 9 Stretch images required for this script to work**
It won't work on Debian 10 Buster, little story about that below if you're interested.
## Crash course
`curl https://git.interhacker.space/alban/wekan-bash-installer/raw/branch/master/install.sh | bash`
Pretty simple if you're into `curl|bash` methods ;) Otherwise feel free to `git clone`, `wget`, or use the method of your liking to download and execute.
## How it works
**The script will install the following assets**
* Wekan
* NodeJS
* MongoDB
* Nginx
* Letsencrypt
* Supervisor
* Postfix
* Wekan auto updater
**Notes**
* Wekan runs on localhost port 8080
* Nginx acts as a reverse proxy for Wekan
* Letsencrypt is used to provide HTTPS
* Supervisor provides the daemonization of the process
* Postfix runs on localhost to send emails, if not configured previously
* The Wekan auto updater cron will check new bundles, install them, and reload the service
* You can configure in the script the NodeJS version of your choice
* NodeJS is installed from the NodeSource repository
## Words of Caution
### HTTPS and $DOMAIN
If you want an HTTPS vhost, better add your domain to the DNS.
Or Letsencrypt won't be able to verify your domain and you will get no certificate.
#### Backups
There's no mongodb backup automatically configured. Please don't run this in production without a data backup plan.
## Bugs, contribution
All are welcome.
Please send an email to wekan@albancrommer.com in case of an emergency.
## Why Debian 9 only?
Ah, well, you're reading, hey? Here's our little story.
Some day, mongodb decided it should change its licensing, and since it was restricting the freedom of its users Debian to remove mongodb packages from its new repositories.
Installing mongodb on Debian 10 «Buster» is a mess, and it doesn't look like mongodb has made any move to fix it.
So meanwhile, you're better off running

284
install.sh Normal file
View File

@ -0,0 +1,284 @@
#! /bin/bash
# @author alban
# @since 2019-09-06
# @license GPLv3
# @url https://git.interhacker.space/alban/wekan-bash-installer
# Which
MSG="Please provide the domain name you want to host wekan on [Default:localhost] : "
read -p "$MSG" DOMAIN
DOMAIN=${DOMAIN:-localhost}
MSG="Please provide the email address for wekan service mails [Default:wekan@${DOMAIN}] : "
read -p "$MSG" EMAIL
DEFAULT_EMAIL="wekan@$DOMAIN"
EMAIL=${EMAIL:-$DEFAULT_EMAIL}
[ "$DOMAIN" != "localhost" ] && {
MSG="Do you want to deploy an HTTPS vhost for wekan? [Y/n]"
read -p "$MSG"
REPLY=${REPLY:-Y}
SSL=$( [ "${REPLY^^}" == "Y" ] && echo "yes" || echo "no" )
}
################################################################################
# You MIGHT change the following variables depending on your situation
################################################################################
# Which nodejs do you wish to install
NODEREPO="node_12.x"
################################################################################
# After that, you should not need to edit anything below.
# But hack at leisure ;)
################################################################################
# This script will only work on Debian 9 "Stretch"
DISTRO="stretch"
# Helper functions
ops=0
Lets(){ let $(( ops++ )); echo -e "\n# ${ops}: $@\n"; }
Red(){ echo -e "\033[0;31m$@\033[0m"; }
# Now comments will be noted by "^Lets" lines, see next line as an example
Lets install required packages for basic APT operations
apt update
apt install -y apt-transport-https curl gnupg
Lets install the nodejs repository
curl -s https://deb.nodesource.com/gpgkey/nodesource.gpg.key | apt-key add -
echo "deb https://deb.nodesource.com/${NODEREPO} ${DISTRO} main" > /etc/apt/sources.list.d/$NODEREPO.list
Lets install application packages and set the services auto up
apt update
apt install -y nodejs mongodb mongodb-server git nginx npm supervisor certbot make g++ unzip
for f in mongodb nginx supervisor ; do systemctl enable $f; done
dpkg -l postfix | grep -q -E "^.i +postfix" || {
Lets install and configure the email service
Red Caution! Please choose the \"Internet Site\" option when requested!
apt install -y postfix
Lets configure Postfix to run on local loopback only
postconf -e 'inet_interfaces = 127.0.0.1'
service postfix restart
}
if [ $SSL == "yes" ] ; then
Lets create the nginx HTTP virtual host
cat << HEREDOC > /etc/nginx/sites-available/wekan.conf
# nginx configuration for wekan proxying
# this section is needed to proxy web-socket connections
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name $DOMAIN;
large_client_header_buffers 8 64k;
client_header_buffer_size 64k;
location .well-known/acme-challenge {
root /var/www/letsencrypt;
}
location / {
return 301 https://\$host\$request_uri;
}
}
HEREDOC
[ -L /etc/nginx/sites-enabled/wekan.conf ] || ln -s ../sites-available/wekan.conf /etc/nginx/sites-enabled/wekan.conf
Lets reload nginx
nginx -t && service nginx reload
Lets request the certificate from Letsencrypt
mkdir -p /var/www/letsencrypt/.well-known/acme-challenge
echo "test $(hostname) OK" > /var/www/letsencrypt/.well-known/acme-challenge/test.txt
chown -R www-data:www-data /var/www/letsencrypt
curl http://$DOMAIN/.well-known/acme-challenge/test.txt && \
certbot certonly --webroot --agree-tos -w /var/www/letsencrypt/ --email certs@$DOMAIN -d $DOMAIN
Lets create the HTTPS virtual host
cat << HEREDOC >> /etc/nginx/sites-available/wekan.conf
server {
listen 443 http2;
server_name $DOMAIN;
large_client_header_buffers 8 64k;
client_header_buffer_size 64k;
ssl on;
ssl_certificate /etc/letsencrypt/live/$DOMAIN/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$DOMAIN/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
# If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
# This works because IE 11 does not present itself as MSIE anymore
if (\$http_user_agent ~ "MSIE" ) {
return 303 https://browser-update.org/update.html;
}
# Pass requests to Wekan.
# If you have Wekan at https://example.com/wekan , change location to:
# location /wekan {
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade; # allow websockets
proxy_set_header Connection \$connection_upgrade;
proxy_set_header X-Forwarded-For \$remote_addr; # preserve client IP
# this setting allows the browser to cache the application in a way compatible with Meteor
# on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
# the root path (/) MUST NOT be cached
if (\$uri != '/wekan') {
expires 30d;
}
}
}
HEREDOC
Lets reload nginx to handle HTTPS
nginx -t && service nginx restart
else
Lets create the nginx HTTP virtual host
cat << HEREDOC > /etc/nginx/sites-available/wekan.conf
# nginx configuration for wekan proxying
# this section is needed to proxy web-socket connections
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name $DOMAIN;
large_client_header_buffers 8 64k;
client_header_buffer_size 64k;
location .well-known/acme-challenge {
root /var/www/letsencrypt;
}
# If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update
# This works because IE 11 does not present itself as MSIE anymore
if (\$http_user_agent ~ "MSIE" ) {
return 303 https://browser-update.org/update.html;
}
# Pass requests to Wekan.
# If you have Wekan at https://example.com/wekan , change location to:
# location /wekan {
location / {
proxy_pass http://127.0.0.1:8080;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade; # allow websockets
proxy_set_header Connection \$connection_upgrade;
proxy_set_header X-Forwarded-For \$remote_addr; # preserve client IP
# this setting allows the browser to cache the application in a way compatible with Meteor
# on every applicaiton update the name of CSS and JS file is different, so they can be cache infinitely (here: 30 days)
# the root path (/) MUST NOT be cached
if (\$uri != '/wekan') {
expires 30d;
}
}
}
HEREDOC
fi
Lets create the supervisor configuration
mkdir /var/log/wekan
ROOT_URL=$( [ $SSL == "yes" ] && echo "https://$DOMAIN" || echo "http://$DOMAIN")
cat << HEREDOC > /etc/supervisor/conf.d/wekan.conf
[program:wekan]
command=/usr/bin/node main.js
process_name=%(program_name)s
numprocs=1
directory=/home/wekan/bundle
umask=022
priority=999
autostart=true
startsecs=1
startretries=3
autorestart=unexpected
exitcodes=0,2
stopsignal=QUIT
stopwaitsecs=10
stopasgroup=false
killasgroup=false
user=wekan
redirect_stderr=false
stdout_logfile=/var/log/wekan/out.log
stdout_logfile_maxbytes=1MB
stdout_logfile_backups=10
stdout_capture_maxbytes=1MB
stdout_events_enabled=false
stderr_logfile=/var/log/wekan/err.log
stderr_logfile_maxbytes=1MB
stderr_logfile_backups=10
stderr_capture_maxbytes=1MB
stderr_events_enabled=false
environment=MONGO_URL='mongodb://127.0.0.1:27017/wekan',ROOT_URL='$ROOT_URL',MAIL_URL='smtp://localhost:25/',MAIL_FROM='$EMAIL',PORT=8080,BIND_IP=127.0.0.1,HTTP_FORWARDED_COUNT=1
serverurl=AUTO
HEREDOC
Lets create the auto upgrade script
cat << HEREDOC > /usr/local/sbin/auto_upgrade_wekan
#! /bin/bash
exec & >> /var/log/auto_upgrade_wekan.log
URL="https://releases.wekan.team/"
NEW=\$(curl -s \$URL | grep -e ">wekan.*zip"|sed -r "s/^.*>wekan-(.*?).zip<.*\$/\1/"| sort | tail -n 1)
CUR=\$(readlink /home/wekan/bundle| cut -d"/" -f 4)
[ "\$NEW" == "\$CUR" ] && exit 0
[ -e /home/wekan/\$NEW ] && exit 0
echo "$(date) Install $NEW"
TMP=\$( mktemp -d )
cd "\$TMP"
wget --quiet "\$URL/wekan-\$NEW.zip"
unzip "wekan-\$NEW.zip" &>/dev/null
mv bundle "/home/wekan/\$NEW"
cd "/home/wekan/\$NEW/programs/server"
npm uninstall fibers
npm install fibers
chown -R wekan:wekan "/home/wekan/\$NEW"
rm -rf "\$TMP"
rm -f "/home/wekan/bundle"
ln -s "/home/wekan/\$NEW" "/home/wekan/bundle"
supervisorctl restart wekan
echo "$(date) Restarted"
HEREDOC
chmod +x /usr/local/sbin/auto_upgrade_wekan
cat << HEREDOC > /etc/cron.d/auto_upgrade_wekan
0 0 * * * root /usr/local/sbin/auto_upgrade_wekan
HEREDOC
Lets add a wekan user
adduser --disabled-password --gecos "" wekan
Lets download the latest bundle
URL="https://releases.wekan.team/"
NEW=$(curl -s $URL | grep -e ">wekan.*zip"|sed -r "s/^.*>wekan-(.*?).zip<.*$/\1/"| sort | tail -n 1)
TMP=$( mktemp -d )
cd "$TMP"
wget --quiet "$URL/wekan-$NEW.zip"
unzip "wekan-$NEW.zip" &>/dev/null
mv bundle "/home/wekan/$NEW"
cd "/home/wekan/$NEW/programs/server"
npm uninstall fibers
npm install fibers
chown -R wekan:wekan "/home/wekan/$NEW"
rm -rf "$TMP"
ln -s "/home/wekan/$NEW" "/home/wekan/bundle"
Lets reload supervisor
supervisorctl reread
supervisorctl update