Production ready alternative to snapd

For external mongodb, it mongodb requires login, you can add username and password and IP address etc to MONGO_URL

It's also possible to use some part of bash autoupgrade script, if you need automatic upgrades https://github.com/wekan/wekan-bash-install-autoupgrade

there is some regex to download newest bundle

after downloading, unzip it, stop service, rename directories, start service

thank you for that detail

with those scripts we would be using mongo auth (unlike with the snap config where mongo is private (localhost) and with auth on mongo not enabled)?

Yes

Use urlencode for special characters https://www.url-encode-decode.com/

MONGO_URL=mongodb://myDBReader:D1fficultP%[email protected]:27017/admin

https://docs.mongodb.com/manual/reference/connection-string/

or: MONGO_URL=mongodb://myDBReader:D1fficultP%[email protected]:27017/wekan

depends what database name is in your database instance

there can me multiple databases, like in one MySQL server instance can be multiple databases

with different names

Thanks for your answers :) I really would like to stick with my current provider also because I have recently upgraded my package. The Bash script looks promising. Regarding security concerns if managed correctly is it a solid alternative to snapd?

I am also thinking about putting the bash setup into a docker container.

The bundle is really interesting. So I could just serve the node module on my server. You have both discussed this somehow in the previous posts.

@dabor It's the same Wekan code on bash script, Snap and Docker. Only difference is that Snap and Docker provide sandboxing. There is not any difference in features etc.

There is also docker-compose.yml at https://github.com/wekan/wekan . With it, you could change MONGO_URL to point to extenal mongodb, and remove wekan-db container from that docker-compose.yml .

For that bash autoupgrade script, some Wekan contributor made it, and it did work for him to get Wekan automatically upgraded. That script is for Debian 9, so most likely you need only that part that does upgrading. Or just create your own script that downloads wekan-3.xx.zip , unzips it, stops service, renames directories, starts service

About security: As you see in start-wekan.sh and docker-compose.yml , Wekan has brute force login protection. Not logged in users can not make any changes to database: for example at public boards I needed to use cookies to save state of board view Lists/Swimlanes/Calendar. Cookies are worse, because it requires webbrowser reload page to take effect, so that view changes. For logged in users change is immediate, because it's possible to write to database.

Wekan input forms have XSS protection, that's why currently it's not possible to get file:/// links etc clickable

That's a bug here https://github.com/wekan/wekan/issues/1615

I am very interested if anyone would find some vulnerability in Wekan, or some way to workaround permissions, because I would like to fix it.

I have updated all possible Wekan dependencies like Node.js etc to newest versions

Thanks for your write up. Pretty nice information. I think I got overwhelmed by the overall big list of Platforms. (Its not that its not good but it was a lot of reading - and maybe at some point I could not follow anymore)

Regarding security I was just worried that somehow its lesser than snap which is I would say but only because of the nature of snap vs docker.

I have already tested the setup with docker on my local environment which you have pointed out is possible (docker-compose.yml) and I think I will use this in production.