Join the conversation

Sign in to join this conversation, and others like it, in the communities you care about.

Wekan

General

Wekan is an open-source kanban board (Trello like) which allows a card-based task and to-do management.

More active conversations

Wekan / General

Production ready alternative to snapd

Production ready alternative to snapd

Wekan/General · February 15, 2020 at 1:51am

dabor

@dabr
rep
116

Production ready alternative to snapd

Wekan / General · February 15, 2020 at 1:51am (Edited 4 years ago)

Hi,

while I would love to install wekan on my server I am struggling on which method I should go for. Snapd is unfortunately not an option because my VPS does not support snapd installations. I have installed docker on my server but within the docs of wekan its sounds like its not a good solution for production deployments. Could someone please tell me which route I should go for or are they any good alternatives?

I am also not a fan of Univention, Sandstorm or paid services.

Regards

Load previous messages
February 16, 2020 at 5:26pm
Lauri Ojansivu@xet7
Team
5:26pm

About security: As you see in start-wekan.sh and docker-compose.yml , Wekan has brute force login protection. Not logged in users can not make any changes to database: for example at public boards I needed to use cookies to save state of board view Lists/Swimlanes/Calendar. Cookies are worse, because it requires webbrowser reload page to take effect, so that view changes. For logged in users change is immediate, because it's possible to write to database.

    • reply
    • like
    5:27pm

    Wekan input forms have XSS protection, that's why currently it's not possible to get file:/// links etc clickable

      • reply
      • like
      5:28pm

      That's a bug here https://github.com/wekan/wekan/issues/1615

        • reply
        • like
        5:29pm

        I am very interested if anyone would find some vulnerability in Wekan, or some way to workaround permissions, because I would like to fix it.

          • reply
          • like
          5:30pm

          I have updated all possible Wekan dependencies like Node.js etc to newest versions

            • reply
            • like
            February 17, 2020 at 1:35pm
            dabor@dabr
            1:35pm

            Thanks for your write up. Pretty nice information. I think I got overwhelmed by the overall big list of Platforms. (Its not that its not good but it was a lot of reading - and maybe at some point I could not follow anymore)

            Regarding security I was just worried that somehow its lesser than snap which is I would say but only because of the nature of snap vs docker.

            I have already tested the setup with docker on my local environment which you have pointed out is possible (docker-compose.yml) and I think I will use this in production.

              • reply
              • like
              1:36pm

              And again thanks for your support :D

                • reply
                • like
                February 17, 2020 at 7:43pm
                Lauri Ojansivu@xet7
                Team
                7:43pm

                Thanks :)

                  like-fill
                  1
                  • reply
                  • like