Join the conversation

Sign in to join this conversation, and others like it, in the communities you care about.

Wekan

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

Wekan / General

Production ready alternative to snapd

Production ready alternative to snapd

Wekan / General · February 15, 2020 at 1:51am (Edited 4 years ago)

Hi,

while I would love to install wekan on my server I am struggling on which method I should go for. Snapd is unfortunately not an option because my VPS does not support snapd installations. I have installed docker on my server but within the docs of wekan its sounds like its not a good solution for production deployments. Could someone please tell me which route I should go for or are they any good alternatives?

I am also not a fan of Univention, Sandstorm or paid services.

Regards

Load previous messages

February 15, 2020 at 3:02am

For external mongodb, it mongodb requires login, you can add username and password and IP address etc to MONGO_URL

    • reply
    • like

    It's also possible to use some part of bash autoupgrade script, if you need automatic upgrades https://github.com/wekan/wekan-bash-install-autoupgrade

      • reply
      • like

      there is some regex to download newest bundle

        • reply
        • like

        after downloading, unzip it, stop service, rename directories, start service

          • reply
          • like

          February 15, 2020 at 12:36pm

          thank you for that detail

            • reply
            • like

            with those scripts we would be using mongo auth (unlike with the snap config where mongo is private (localhost) and with auth on mongo not enabled)?

              • reply
              • like

              February 15, 2020 at 2:10pm

              Yes

                • reply
                • like

                Use urlencode for special characters https://www.url-encode-decode.com/

                MONGO_URL=mongodb://myDBReader:D1fficultP%[email protected]:27017/admin

                https://docs.mongodb.com/manual/reference/connection-string/

                  like-fill
                  1
                  • reply
                  • like

                  or: MONGO_URL=mongodb://myDBReader:D1fficultP%[email protected]:27017/wekan

                    • reply
                    • like

                    depends what database name is in your database instance

                      • reply
                      • like

                      there can me multiple databases, like in one MySQL server instance can be multiple databases

                        • reply
                        • like

                        with different names

                          • reply
                          • like

                          February 16, 2020 at 10:09am

                          Thanks for your answers :) I really would like to stick with my current provider also because I have recently upgraded my package. The Bash script looks promising. Regarding security concerns if managed correctly is it a solid alternative to snapd?

                            • reply
                            • like

                            I am also thinking about putting the bash setup into a docker container.

                              • reply
                              • like

                              The bundle is really interesting. So I could just serve the node module on my server. You have both discussed this somehow in the previous posts.

                                • reply
                                • like

                                February 16, 2020 at 5:18pm

                                @dabor It's the same Wekan code on bash script, Snap and Docker. Only difference is that Snap and Docker provide sandboxing. There is not any difference in features etc.

                                  • reply
                                  • like

                                  There is also docker-compose.yml at https://github.com/wekan/wekan . With it, you could change MONGO_URL to point to extenal mongodb, and remove wekan-db container from that docker-compose.yml .

                                    • reply
                                    • like

                                    For that bash autoupgrade script, some Wekan contributor made it, and it did work for him to get Wekan automatically upgraded. That script is for Debian 9, so most likely you need only that part that does upgrading. Or just create your own script that downloads wekan-3.xx.zip , unzips it, stops service, renames directories, starts service

                                      • reply
                                      • like

                                      About security: As you see in start-wekan.sh and docker-compose.yml , Wekan has brute force login protection. Not logged in users can not make any changes to database: for example at public boards I needed to use cookies to save state of board view Lists/Swimlanes/Calendar. Cookies are worse, because it requires webbrowser reload page to take effect, so that view changes. For logged in users change is immediate, because it's possible to write to database.

                                        • reply
                                        • like

                                        Wekan input forms have XSS protection, that's why currently it's not possible to get file:/// links etc clickable

                                          • reply
                                          • like
                                          • reply
                                          • like

                                          I am very interested if anyone would find some vulnerability in Wekan, or some way to workaround permissions, because I would like to fix it.

                                            • reply
                                            • like

                                            I have updated all possible Wekan dependencies like Node.js etc to newest versions

                                              • reply
                                              • like

                                              February 17, 2020 at 1:35pm

                                              Thanks for your write up. Pretty nice information. I think I got overwhelmed by the overall big list of Platforms. (Its not that its not good but it was a lot of reading - and maybe at some point I could not follow anymore)

                                              Regarding security I was just worried that somehow its lesser than snap which is I would say but only because of the nature of snap vs docker.

                                              I have already tested the setup with docker on my local environment which you have pointed out is possible (docker-compose.yml) and I think I will use this in production.

                                                • reply
                                                • like

                                                And again thanks for your support :D

                                                  • reply
                                                  • like