Interesting Take On A Wiki - Testing Now
-
The install guide says that you need to create some rewrite rules if not using Apache or have
.htaccess
disabled. So this means they default to Apache.Yet the Ubuntu install script installs Nginx.
https://www.bookstackapp.com/docs/admin/installation/
And that community guide for CentOS 7 also installs Nginx. I wonder which they intend to be used.
-
@scottalanmiller said in Interesting Take On A Wiki - Testing Now:
@nashbrydges said in Interesting Take On A Wiki - Testing Now:
@black3dynamite said in Interesting Take On A Wiki - Testing Now:
I'm testing this install next...just for fun.
Stick to Fedora, half that install is just getting CentOS to the point where it will work like Fedora. Just start with Fedora and integrated management of those pieces. That totally defeats the point of CentOS to use it in that way.
Also this was on that page... just no...
-
Also, you don't need IUS for any of that. It's all in the CentOS SCL repos.
Also as @JaredBusch mentioned disabling the firewall and SELinux, and he's a "Sr. Security Engineer"...................
-
okay, this thing just sucks donkey balls. I spent way the fuck too much time on this and still not working.
Assuming Fedora 27 Minimal
# required packages + nano dnf install -y composer git mariadb mariadb-server mcrypt nano php php-cli php-curl php-fpm php-gd php-json php-mbstring php-mysqlnd php-openssl php-pdo php-tidy php-tokenizer php-xml php-zip policycoreutils policycoreutils-python policycoreutils-python-utils #open HTTP firewall-cmd --zone=public --add-port=http/tcp --permanent firewall-cmd --reload #start and enable mariadb systemctl start mariadb systemctl enable mariadb #start and enable apache systemctl start httpd systemctl enable httpd # Create Database and user with a random password for Bookstack export DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13)" echo DB_PASS=$DB_PASS mysql -e "CREATE DATABASE bookstack;" mysql -e "CREATE USER 'bookstack'@'localhost' IDENTIFIED BY '$DB_PASS';" mysql -e "GRANT ALL ON bookstack.* TO 'bookstack'@'localhost';" mysql -e "FLUSH PRIVILEGES;" # Secure MariaDB ################################################### ##############CHANGE THE PASSWORD################## mysql -e "UPDATE mysql.user SET Password=PASSWORD('somesecurepassword') WHERE User='root';" mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" mysql -e "DELETE FROM mysql.user WHERE User='';" mysql -e "DROP DATABASE test;" mysql -e "FLUSH PRIVILEGES;" # Download BookStack cd /var/www/html/ git clone https://github.com/ssddanbrown/BookStack.git --branch release --single-branch bookstack export DIR_BOOKSTACK="/var/www/html/bookstack" # Install BookStack composer dependancies cd $DIR_BOOKSTACK composer install # Copy and update BookStack environment variables cp $DIR_BOOKSTACK/.env.example $DIR_BOOKSTACK/.env sed -i 's/DB_DATABASE=.*$/DB_DATABASE=bookstack/' $DIR_BOOKSTACK/.env sed -i 's/DB_USERNAME=.*$/DB_USERNAME=bookstack/' $DIR_BOOKSTACK/.env sed -i "s/DB_PASSWORD=.*\$/DB_PASSWORD=$DB_PASS/" $DIR_BOOKSTACK/.env # update the apache DocumentRoot sed -i 's/DocumentRoot "\/var\/www\/html"/DocumentRoot "\/var\/www\/html\/bookstack\/public"/' /etc/httpd/conf/httpd.conf #setup SELinux permissions export httpdrw='httpd_sys_rw_content_t' setsebool -P httpd_can_sendmail 1 setsebool -P httpd_can_network_connect 1 semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/storage(/.*)?" restorecon -R -F ${DIR_BOOKSTACK}/storage semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/bootstrap/cache(/.*)?" restorecon -R -F ${DIR_BOOKSTACK}/bootstrap/cache semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/public/uploads(/.*)?" restorecon -R -F ${DIR_BOOKSTACK}/public/uploads #setup ownership of the bookstrap directory to apache chown apache:apache -R $DIR_BOOKSTACK # Generate the application key php artisan key:generate --no-interaction --force # Migrate the databases php artisan migrate --no-interaction --force #Restart httpd systemctl restart httpd
Browse to the IP
http://yourip
and get redirected tohttp://yourip/login
so that application is running.
If I set theAPP_URL
in the.env
file, browsing tohttp://yourip
will redirect to thehttp://FQDN/login
. So yet more proof that the application if running.But I see this.
-
I seutp the docker image to demo things a bit and I like it. The WYSIWYG works well. I copy/pasted a web page into the editor and it kept everything.
Did not test copy/pasting a Word document.
Pages also have tags if you want.
And you can upload files to attach to a page.
-
@jaredbusch said in Interesting Take On A Wiki - Testing Now:
okay, this thing just sucks donkey balls. I spent way the fuck too much time on this and still not working.
Assuming Fedora 27 Minimal
# required packages + nano dnf install -y composer git mariadb mariadb-server mcrypt nano php php-cli php-curl php-fpm php-gd php-json php-mbstring php-mysqlnd php-openssl php-pdo php-tidy php-tokenizer php-xml php-zip policycoreutils policycoreutils-python policycoreutils-python-utils #open HTTP firewall-cmd --zone=public --add-port=http/tcp --permanent firewall-cmd --reload #start and enable mariadb systemctl start mariadb systemctl enable mariadb #start and enable apache systemctl start httpd systemctl enable httpd # Create Database and user with a random password for Bookstack export DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13)" echo DB_PASS=$DB_PASS mysql -e "CREATE DATABASE bookstack;" mysql -e "CREATE USER 'bookstack'@'localhost' IDENTIFIED BY '$DB_PASS';" mysql -e "GRANT ALL ON bookstack.* TO 'bookstack'@'localhost';" mysql -e "FLUSH PRIVILEGES;" # Secure MariaDB ################################################### ##############CHANGE THE PASSWORD################## mysql -e "UPDATE mysql.user SET Password=PASSWORD('somesecurepassword') WHERE User='root';" mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" mysql -e "DELETE FROM mysql.user WHERE User='';" mysql -e "DROP DATABASE test;" mysql -e "FLUSH PRIVILEGES;" # Download BookStack cd /var/www/html/ git clone https://github.com/ssddanbrown/BookStack.git --branch release --single-branch bookstack export DIR_BOOKSTACK="/var/www/html/bookstack" # Install BookStack composer dependancies cd $DIR_BOOKSTACK composer install # Copy and update BookStack environment variables cp $DIR_BOOKSTACK/.env.example $DIR_BOOKSTACK/.env sed -i 's/DB_DATABASE=.*$/DB_DATABASE=bookstack/' $DIR_BOOKSTACK/.env sed -i 's/DB_USERNAME=.*$/DB_USERNAME=bookstack/' $DIR_BOOKSTACK/.env sed -i "s/DB_PASSWORD=.*\$/DB_PASSWORD=$DB_PASS/" $DIR_BOOKSTACK/.env # update the apache DocumentRoot sed -i 's/DocumentRoot "\/var\/www\/html"/DocumentRoot "\/var\/www\/html\/bookstack\/public"/' /etc/httpd/conf/httpd.conf #setup SELinux permissions export httpdrw='httpd_sys_rw_content_t' setsebool -P httpd_can_sendmail 1 setsebool -P httpd_can_network_connect 1 semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/storage(/.*)?" restorecon -R -F ${DIR_BOOKSTACK}/storage semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/bootstrap/cache(/.*)?" restorecon -R -F ${DIR_BOOKSTACK}/bootstrap/cache semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/public/uploads(/.*)?" restorecon -R -F ${DIR_BOOKSTACK}/public/uploads #setup ownership of the bookstrap directory to apache chown apache:apache -R $DIR_BOOKSTACK # Generate the application key php artisan key:generate --no-interaction --force # Migrate the databases php artisan migrate --no-interaction --force #Restart httpd systemctl restart httpd
Browse to the IP
http://yourip
and get redirected tohttp://yourip/login
so that application is running.
If I set theAPP_URL
in the.env
file, browsing tohttp://yourip
will redirect to thehttp://FQDN/login
. So yet more proof that the application if running.But I see this.
I followed your guide except I created a conf file in
/etc/httpd/conf.d/wiki.example.com.conf
sudo tee /etc/httpd/conf.d/wiki.example.com.conf <<EOF <VirtualHost *:80> ServerAdmin webmaster@localhost <Directory /var/www/html/bookstack/public> Require all granted AllowOverride All #Options +Indexes </Directory> DocumentRoot /var/www/html/bookstack/public ServerName wiki.example.com ErrorLog /var/log/httpd/bookstack.error.log CustomLog /var/log/httpd/access.log combined </VirtualHost> EOF
I pretty much did they same setup like Snipe-IT.
And my APP_URL is
APP_URL=https://wiki.example.com
-
@black3dynamite said in Interesting Take On A Wiki - Testing Now:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
<Directory /var/www/html/bookstack/public>
Require all granted
AllowOverride All
#Options +Indexes
</Directory>
DocumentRoot /var/www/html/bookstack/public
ServerName wiki.example.com
ErrorLog /var/log/httpd/bookstack.error.log
CustomLog /var/log/access.log combined
</VirtualHost>This combined setup worked perfectly!
-
This looks like it could work for multi-tenant environment.
- Created a new role and granted no permissions whatsoever.
- Created a new book with a sample page within the book
- Clicked on "More" at top right and assigned View only privileges to this new role I created
- Created new user and assigned user to new role
- Logged in as new user and all I can see is the test book to which I granted permissions. I also can't create any new material because those permissions weren't granted. When I search for a document that was created in the Admin role, I cannot see any search results that I know exist under the Admin role but that haven't been granted access to on this restricted user role. All I can see as this restricted user is the single book that I've granted View access to.
- The book permissions also cascade to other pages created in the same book so once permissions are set at the book, the are also set for child sections.
-
One awesome function is the Export capability. If I export a book to a PDF, all subsequent Chapters and Pages are also exported. It creates an index page linked to the child sections allowing navigation to the child sections within the PDF file.
-
@nashbrydges said in Interesting Take On A Wiki - Testing Now:
One awesome function is the Export capability. If I export a book to a PDF, all subsequent Chapters and Pages are also exported. It creates an index page linked to the child sections allowing navigation to the child sections within the PDF file.
If you are going to export to PDF a lot, there is another package you need to install
-
@black3dynamite said in Interesting Take On A Wiki - Testing Now:
@jaredbusch said in Interesting Take On A Wiki - Testing Now:
okay, this thing just sucks donkey balls. I spent way the fuck too much time on this and still not working.
Assuming Fedora 27 Minimal
# required packages + nano dnf install -y composer git mariadb mariadb-server mcrypt nano php php-cli php-curl php-fpm php-gd php-json php-mbstring php-mysqlnd php-openssl php-pdo php-tidy php-tokenizer php-xml php-zip policycoreutils policycoreutils-python policycoreutils-python-utils #open HTTP firewall-cmd --zone=public --add-port=http/tcp --permanent firewall-cmd --reload #start and enable mariadb systemctl start mariadb systemctl enable mariadb #start and enable apache systemctl start httpd systemctl enable httpd # Create Database and user with a random password for Bookstack export DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13)" echo DB_PASS=$DB_PASS mysql -e "CREATE DATABASE bookstack;" mysql -e "CREATE USER 'bookstack'@'localhost' IDENTIFIED BY '$DB_PASS';" mysql -e "GRANT ALL ON bookstack.* TO 'bookstack'@'localhost';" mysql -e "FLUSH PRIVILEGES;" # Secure MariaDB ################################################### ##############CHANGE THE PASSWORD################## mysql -e "UPDATE mysql.user SET Password=PASSWORD('somesecurepassword') WHERE User='root';" mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" mysql -e "DELETE FROM mysql.user WHERE User='';" mysql -e "DROP DATABASE test;" mysql -e "FLUSH PRIVILEGES;" # Download BookStack cd /var/www/html/ git clone https://github.com/ssddanbrown/BookStack.git --branch release --single-branch bookstack export DIR_BOOKSTACK="/var/www/html/bookstack" # Install BookStack composer dependancies cd $DIR_BOOKSTACK composer install # Copy and update BookStack environment variables cp $DIR_BOOKSTACK/.env.example $DIR_BOOKSTACK/.env sed -i 's/DB_DATABASE=.*$/DB_DATABASE=bookstack/' $DIR_BOOKSTACK/.env sed -i 's/DB_USERNAME=.*$/DB_USERNAME=bookstack/' $DIR_BOOKSTACK/.env sed -i "s/DB_PASSWORD=.*\$/DB_PASSWORD=$DB_PASS/" $DIR_BOOKSTACK/.env # update the apache DocumentRoot sed -i 's/DocumentRoot "\/var\/www\/html"/DocumentRoot "\/var\/www\/html\/bookstack\/public"/' /etc/httpd/conf/httpd.conf #setup SELinux permissions export httpdrw='httpd_sys_rw_content_t' setsebool -P httpd_can_sendmail 1 setsebool -P httpd_can_network_connect 1 semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/storage(/.*)?" restorecon -R -F ${DIR_BOOKSTACK}/storage semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/bootstrap/cache(/.*)?" restorecon -R -F ${DIR_BOOKSTACK}/bootstrap/cache semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/public/uploads(/.*)?" restorecon -R -F ${DIR_BOOKSTACK}/public/uploads #setup ownership of the bookstrap directory to apache chown apache:apache -R $DIR_BOOKSTACK # Generate the application key php artisan key:generate --no-interaction --force # Migrate the databases php artisan migrate --no-interaction --force #Restart httpd systemctl restart httpd
Browse to the IP
http://yourip
and get redirected tohttp://yourip/login
so that application is running.
If I set theAPP_URL
in the.env
file, browsing tohttp://yourip
will redirect to thehttp://FQDN/login
. So yet more proof that the application if running.But I see this.
I followed your guide except I created a conf file in
/etc/httpd/conf.d/wiki.example.com.conf
sudo tee /etc/httpd/conf.d/wiki.example.com.conf <<EOF <VirtualHost *:80> ServerAdmin webmaster@localhost <Directory /var/www/html/bookstack/public> Require all granted AllowOverride All #Options +Indexes </Directory> DocumentRoot /var/www/html/bookstack/public ServerName wiki.example.com ErrorLog /var/log/httpd/bookstack.error.log CustomLog /var/log/access.log combined </VirtualHost> EOF
I pretty much did they same setup like Snipe-IT.
And my APP_URL is
APP_URL=https://wiki.example.com
Ok, added the vhost config, removed the change to the httpd.conf, and it works
I added one yesterday also, but I must not have got all the options right.
-
@jaredbusch said in Interesting Take On A Wiki - Testing Now:
@nashbrydges said in Interesting Take On A Wiki - Testing Now:
One awesome function is the Export capability. If I export a book to a PDF, all subsequent Chapters and Pages are also exported. It creates an index page linked to the child sections allowing navigation to the child sections within the PDF file.
If you are going to export to PDF a lot, there is another package you need to install
Thanks for this.
-
@nashbrydges said in Interesting Take On A Wiki - Testing Now:
This looks like it could work for multi-tenant environment.
- Created a new role and granted no permissions whatsoever.
- Created a new book with a sample page within the book
- Clicked on "More" at top right and assigned View only privileges to this new role I created
- Created new user and assigned user to new role
- Logged in as new user and all I can see is the test book to which I granted permissions. I also can't create any new material because those permissions weren't granted. When I search for a document that was created in the Admin role, I cannot see any search results that I know exist under the Admin role but that haven't been granted access to on this restricted user role. All I can see as this restricted user is the single book that I've granted View access to.
- The book permissions also cascade to other pages created in the same book so once permissions are set at the book, the are also set for child sections.
That works well.
-
I opened an issue on their github last night (well this morning) before I went to bed.
https://github.com/BookStackApp/BookStack/issues/708The built in
.htaccess
file should have handled the rewrite rules and it is not.So the quesiton for anyone who knows is why not?
-
@jaredbusch said in Interesting Take On A Wiki - Testing Now:
I opened an issue on their github last night (well this morning) before I went to bed.
https://github.com/BookStackApp/BookStack/issues/708The built in
.htaccess
file should have handled the rewrite rules and it is not.So the quesiton for anyone who knows is why not?
The only thing that is different to me is
Options +FollowSymLinks
https://www.bookstackapp.com/docs/admin/installation/ -
@jaredbusch said in Interesting Take On A Wiki - Testing Now:
I opened an issue on their github last night (well this morning) before I went to bed.
https://github.com/BookStackApp/BookStack/issues/708The built in
.htaccess
file should have handled the rewrite rules and it is not.So the quesiton for anyone who knows is why not?
Weren't there some major changes to Apache's syntax for the Rewrite rules? Could that be part of the issue?
-
@black3dynamite said in Interesting Take On A Wiki - Testing Now:
@jaredbusch said in Interesting Take On A Wiki - Testing Now:
I opened an issue on their github last night (well this morning) before I went to bed.
https://github.com/BookStackApp/BookStack/issues/708The built in
.htaccess
file should have handled the rewrite rules and it is not.So the quesiton for anyone who knows is why not?
The only thing that is different to me is
Options +FollowSymLinks
https://www.bookstackapp.com/docs/admin/installation/This is what is in the defualt htaccess
[root@bookstack ~]# cat /var/www/html/bookstack/public/.htaccess <IfModule mod_rewrite.c> <IfModule mod_negotiation.c> Options -MultiViews </IfModule> RewriteEngine On # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ /$1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] </IfModule>
-
So it looks to me like their provided file does not follow their own guide....
-
I added that to the htaccess and change apache confs back and restarted apache and broke again.
Looking at httpd.conf I see some differences between that and the vhost config also. so bah.
So thinking to just go with providing a vhost file.
-
Btw, I noticed directory browsing is enabled by default. Is it best to make the changes to the /etc/httpd/conf.d/autoindex.conf file to disable this for the server globally?