Interesting Take On A Wiki - Testing Now

black3dynamite

@jaredbusch said in Interesting Take On A Wiki - Testing Now:

okay, this thing just sucks donkey balls. I spent way the fuck too much time on this and still not working.

Assuming Fedora 27 Minimal

# required packages + nano 
dnf install -y composer git mariadb mariadb-server mcrypt nano php php-cli php-curl php-fpm php-gd php-json php-mbstring php-mysqlnd php-openssl php-pdo php-tidy php-tokenizer php-xml php-zip policycoreutils policycoreutils-python policycoreutils-python-utils
#open HTTP
firewall-cmd --zone=public --add-port=http/tcp --permanent
firewall-cmd --reload
#start and enable mariadb
systemctl start mariadb
systemctl enable mariadb
#start and enable apache
systemctl start httpd
systemctl enable httpd
# Create Database and user with a random password for Bookstack
export DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13)"
echo DB_PASS=$DB_PASS
mysql -e "CREATE DATABASE bookstack;"
mysql -e "CREATE USER 'bookstack'@'localhost' IDENTIFIED BY '$DB_PASS';"
mysql -e "GRANT ALL ON bookstack.* TO 'bookstack'@'localhost';"
mysql -e "FLUSH PRIVILEGES;"
# Secure MariaDB
###################################################
##############CHANGE THE PASSWORD##################
mysql -e "UPDATE mysql.user SET Password=PASSWORD('somesecurepassword') WHERE User='root';"
mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
mysql -e "DELETE FROM mysql.user WHERE User='';"
mysql -e "DROP DATABASE test;"
mysql -e "FLUSH PRIVILEGES;"
# Download BookStack
cd /var/www/html/
git clone https://github.com/ssddanbrown/BookStack.git --branch release --single-branch bookstack
export DIR_BOOKSTACK="/var/www/html/bookstack"
# Install BookStack composer dependancies
cd $DIR_BOOKSTACK
composer install
# Copy and update BookStack environment variables
cp $DIR_BOOKSTACK/.env.example $DIR_BOOKSTACK/.env
sed -i 's/DB_DATABASE=.*$/DB_DATABASE=bookstack/' $DIR_BOOKSTACK/.env
sed -i 's/DB_USERNAME=.*$/DB_USERNAME=bookstack/' $DIR_BOOKSTACK/.env
sed -i "s/DB_PASSWORD=.*\$/DB_PASSWORD=$DB_PASS/" $DIR_BOOKSTACK/.env
# update the apache DocumentRoot
sed -i 's/DocumentRoot "\/var\/www\/html"/DocumentRoot "\/var\/www\/html\/bookstack\/public"/' /etc/httpd/conf/httpd.conf
#setup SELinux permissions
export httpdrw='httpd_sys_rw_content_t'
setsebool -P httpd_can_sendmail 1
setsebool -P httpd_can_network_connect 1
semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/storage(/.*)?"
restorecon -R -F ${DIR_BOOKSTACK}/storage
semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/bootstrap/cache(/.*)?"
restorecon -R -F ${DIR_BOOKSTACK}/bootstrap/cache
semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/public/uploads(/.*)?"
restorecon -R -F ${DIR_BOOKSTACK}/public/uploads
#setup ownership of the bookstrap directory to apache
chown apache:apache -R $DIR_BOOKSTACK
# Generate the application key
php artisan key:generate --no-interaction --force
# Migrate the databases
php artisan migrate --no-interaction --force
#Restart httpd
systemctl restart httpd

Browse to the IP http://yourip and get redirected to http://yourip/login so that application is running.
If I set the APP_URL in the .env file, browsing to http://yourip will redirect to the http://FQDN/login. So yet more proof that the application if running.

But I see this.

I followed your guide except I created a conf file in /etc/httpd/conf.d/wiki.example.com.conf

sudo tee /etc/httpd/conf.d/wiki.example.com.conf <<EOF
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
      <Directory /var/www/html/bookstack/public>
        Require all granted
        AllowOverride All
        #Options +Indexes
      </Directory>
    DocumentRoot /var/www/html/bookstack/public
    ServerName wiki.example.com
    ErrorLog /var/log/httpd/bookstack.error.log
    CustomLog /var/log/httpd/access.log combined
</VirtualHost>
EOF

I pretty much did they same setup like Snipe-IT.

And my APP_URL is APP_URL=https://wiki.example.com

NashBrydges

@black3dynamite said in Interesting Take On A Wiki - Testing Now:

<VirtualHost *:80>
ServerAdmin webmaster@localhost
<Directory /var/www/html/bookstack/public>
Require all granted
AllowOverride All
#Options +Indexes
</Directory>
DocumentRoot /var/www/html/bookstack/public
ServerName wiki.example.com
ErrorLog /var/log/httpd/bookstack.error.log
CustomLog /var/log/access.log combined
</VirtualHost>

This combined setup worked perfectly!

NashBrydges

This looks like it could work for multi-tenant environment.

• Created a new role and granted no permissions whatsoever.
• Created a new book with a sample page within the book
• Clicked on "More" at top right and assigned View only privileges to this new role I created
• Created new user and assigned user to new role
• Logged in as new user and all I can see is the test book to which I granted permissions. I also can't create any new material because those permissions weren't granted. When I search for a document that was created in the Admin role, I cannot see any search results that I know exist under the Admin role but that haven't been granted access to on this restricted user role. All I can see as this restricted user is the single book that I've granted View access to.
• The book permissions also cascade to other pages created in the same book so once permissions are set at the book, the are also set for child sections.

NashBrydges

One awesome function is the Export capability. If I export a book to a PDF, all subsequent Chapters and Pages are also exported. It creates an index page linked to the child sections allowing navigation to the child sections within the PDF file.

JaredBusch

@nashbrydges said in Interesting Take On A Wiki - Testing Now:

One awesome function is the Export capability. If I export a book to a PDF, all subsequent Chapters and Pages are also exported. It creates an index page linked to the child sections allowing navigation to the child sections within the PDF file.

If you are going to export to PDF a lot, there is another package you need to install

https://www.bookstackapp.com/docs/admin/pdf-rendering/

JaredBusch

@black3dynamite said in Interesting Take On A Wiki - Testing Now:

@jaredbusch said in Interesting Take On A Wiki - Testing Now:

okay, this thing just sucks donkey balls. I spent way the fuck too much time on this and still not working.

Assuming Fedora 27 Minimal

# required packages + nano 
dnf install -y composer git mariadb mariadb-server mcrypt nano php php-cli php-curl php-fpm php-gd php-json php-mbstring php-mysqlnd php-openssl php-pdo php-tidy php-tokenizer php-xml php-zip policycoreutils policycoreutils-python policycoreutils-python-utils
#open HTTP
firewall-cmd --zone=public --add-port=http/tcp --permanent
firewall-cmd --reload
#start and enable mariadb
systemctl start mariadb
systemctl enable mariadb
#start and enable apache
systemctl start httpd
systemctl enable httpd
# Create Database and user with a random password for Bookstack
export DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13)"
echo DB_PASS=$DB_PASS
mysql -e "CREATE DATABASE bookstack;"
mysql -e "CREATE USER 'bookstack'@'localhost' IDENTIFIED BY '$DB_PASS';"
mysql -e "GRANT ALL ON bookstack.* TO 'bookstack'@'localhost';"
mysql -e "FLUSH PRIVILEGES;"
# Secure MariaDB
###################################################
##############CHANGE THE PASSWORD##################
mysql -e "UPDATE mysql.user SET Password=PASSWORD('somesecurepassword') WHERE User='root';"
mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
mysql -e "DELETE FROM mysql.user WHERE User='';"
mysql -e "DROP DATABASE test;"
mysql -e "FLUSH PRIVILEGES;"
# Download BookStack
cd /var/www/html/
git clone https://github.com/ssddanbrown/BookStack.git --branch release --single-branch bookstack
export DIR_BOOKSTACK="/var/www/html/bookstack"
# Install BookStack composer dependancies
cd $DIR_BOOKSTACK
composer install
# Copy and update BookStack environment variables
cp $DIR_BOOKSTACK/.env.example $DIR_BOOKSTACK/.env
sed -i 's/DB_DATABASE=.*$/DB_DATABASE=bookstack/' $DIR_BOOKSTACK/.env
sed -i 's/DB_USERNAME=.*$/DB_USERNAME=bookstack/' $DIR_BOOKSTACK/.env
sed -i "s/DB_PASSWORD=.*\$/DB_PASSWORD=$DB_PASS/" $DIR_BOOKSTACK/.env
# update the apache DocumentRoot
sed -i 's/DocumentRoot "\/var\/www\/html"/DocumentRoot "\/var\/www\/html\/bookstack\/public"/' /etc/httpd/conf/httpd.conf
#setup SELinux permissions
export httpdrw='httpd_sys_rw_content_t'
setsebool -P httpd_can_sendmail 1
setsebool -P httpd_can_network_connect 1
semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/storage(/.*)?"
restorecon -R -F ${DIR_BOOKSTACK}/storage
semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/bootstrap/cache(/.*)?"
restorecon -R -F ${DIR_BOOKSTACK}/bootstrap/cache
semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/public/uploads(/.*)?"
restorecon -R -F ${DIR_BOOKSTACK}/public/uploads
#setup ownership of the bookstrap directory to apache
chown apache:apache -R $DIR_BOOKSTACK
# Generate the application key
php artisan key:generate --no-interaction --force
# Migrate the databases
php artisan migrate --no-interaction --force
#Restart httpd
systemctl restart httpd

Browse to the IP http://yourip and get redirected to http://yourip/login so that application is running.
If I set the APP_URL in the .env file, browsing to http://yourip will redirect to the http://FQDN/login. So yet more proof that the application if running.

But I see this.

I followed your guide except I created a conf file in /etc/httpd/conf.d/wiki.example.com.conf

sudo tee /etc/httpd/conf.d/wiki.example.com.conf <<EOF
<VirtualHost *:80>
    ServerAdmin webmaster@localhost
      <Directory /var/www/html/bookstack/public>
        Require all granted
        AllowOverride All
        #Options +Indexes
      </Directory>
    DocumentRoot /var/www/html/bookstack/public
    ServerName wiki.example.com
    ErrorLog /var/log/httpd/bookstack.error.log
    CustomLog /var/log/access.log combined
</VirtualHost>
EOF

I pretty much did they same setup like Snipe-IT.

And my APP_URL is APP_URL=https://wiki.example.com

Ok, added the vhost config, removed the change to the httpd.conf, and it works

I added one yesterday also, but I must not have got all the options right.

NashBrydges

@jaredbusch said in Interesting Take On A Wiki - Testing Now:

@nashbrydges said in Interesting Take On A Wiki - Testing Now:

One awesome function is the Export capability. If I export a book to a PDF, all subsequent Chapters and Pages are also exported. It creates an index page linked to the child sections allowing navigation to the child sections within the PDF file.

If you are going to export to PDF a lot, there is another package you need to install

https://www.bookstackapp.com/docs/admin/pdf-rendering/

Thanks for this.

black3dynamite

@nashbrydges said in Interesting Take On A Wiki - Testing Now:

This looks like it could work for multi-tenant environment.

• Created a new role and granted no permissions whatsoever.
• Created a new book with a sample page within the book
• Clicked on "More" at top right and assigned View only privileges to this new role I created
• Created new user and assigned user to new role
• Logged in as new user and all I can see is the test book to which I granted permissions. I also can't create any new material because those permissions weren't granted. When I search for a document that was created in the Admin role, I cannot see any search results that I know exist under the Admin role but that haven't been granted access to on this restricted user role. All I can see as this restricted user is the single book that I've granted View access to.
• The book permissions also cascade to other pages created in the same book so once permissions are set at the book, the are also set for child sections.

That works well.

JaredBusch

I opened an issue on their github last night (well this morning) before I went to bed.
https://github.com/BookStackApp/BookStack/issues/708

The built in .htaccess file should have handled the rewrite rules and it is not.

So the quesiton for anyone who knows is why not?

black3dynamite

@jaredbusch said in Interesting Take On A Wiki - Testing Now:

I opened an issue on their github last night (well this morning) before I went to bed.
https://github.com/BookStackApp/BookStack/issues/708

The built in .htaccess file should have handled the rewrite rules and it is not.

So the quesiton for anyone who knows is why not?

The only thing that is different to me is Options +FollowSymLinks
https://www.bookstackapp.com/docs/admin/installation/

dafyre

@jaredbusch said in Interesting Take On A Wiki - Testing Now:

I opened an issue on their github last night (well this morning) before I went to bed.
https://github.com/BookStackApp/BookStack/issues/708

The built in .htaccess file should have handled the rewrite rules and it is not.

So the quesiton for anyone who knows is why not?

Weren't there some major changes to Apache's syntax for the Rewrite rules? Could that be part of the issue?

JaredBusch

@black3dynamite said in Interesting Take On A Wiki - Testing Now:

@jaredbusch said in Interesting Take On A Wiki - Testing Now:

I opened an issue on their github last night (well this morning) before I went to bed.
https://github.com/BookStackApp/BookStack/issues/708

The built in .htaccess file should have handled the rewrite rules and it is not.

So the quesiton for anyone who knows is why not?

The only thing that is different to me is Options +FollowSymLinks
https://www.bookstackapp.com/docs/admin/installation/

This is what is in the defualt htaccess

[root@bookstack ~]# cat /var/www/html/bookstack/public/.htaccess 
<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    # Redirect Trailing Slashes If Not A Folder...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)/$ /$1 [L,R=301]

    # Handle Front Controller...
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]
</IfModule>

JaredBusch

So it looks to me like their provided file does not follow their own guide....

JaredBusch

I added that to the htaccess and change apache confs back and restarted apache and broke again.

Looking at httpd.conf I see some differences between that and the vhost config also. so bah.

So thinking to just go with providing a vhost file.

NashBrydges

Btw, I noticed directory browsing is enabled by default. Is it best to make the changes to the /etc/httpd/conf.d/autoindex.conf file to disable this for the server globally?

JaredBusch

@nashbrydges said in Interesting Take On A Wiki - Testing Now:

Btw, I noticed directory browsing is enabled by default. Is it best to make the changes to the /etc/httpd/conf.d/autoindex.conf file to disable this for the server globally?

That would be an apache security setting and not directly related to the install.

NashBrydges

@jaredbusch said in Interesting Take On A Wiki - Testing Now:

@nashbrydges said in Interesting Take On A Wiki - Testing Now:

Btw, I noticed directory browsing is enabled by default. Is it best to make the changes to the /etc/httpd/conf.d/autoindex.conf file to disable this for the server globally?

That would be an apache security setting and not directly related to the install.

Thanks. Disabled it in the vhost file.

black3dynamite

I've got it. In /etc/httpd/conf/httpd.conf file.

Changing <Directory "/var/www/html"> to <Directory "/var/www/html/bookstack/public">
And also changing AllowOverride None to AllowOverride All fixes the not found page.

dafyre

So from start to finish, running JB's script everything worked for me out of the box, except for one thing. I had to

firewall-cmd --set-default-zone=public

But that may be because my install was done with the Server DVD and not a minimal install.

black3dynamite

@dafyre said in Interesting Take On A Wiki - Testing Now:

So from start to finish, running JB's script everything worked for me out of the box, except for one thing. I had to

firewall-cmd --set-default-zone=public

But that may be because my install was done with the Server DVD and not a minimal install.

The default zone is FedoraServer.