Interesting Take On A Wiki - Testing Now
-
@black3dynamite said in Interesting Take On A Wiki - Testing Now:
<VirtualHost *:80>
ServerAdmin webmaster@localhost
<Directory /var/www/html/bookstack/public>
Require all granted
AllowOverride All
#Options +Indexes
</Directory>
DocumentRoot /var/www/html/bookstack/public
ServerName wiki.example.com
ErrorLog /var/log/httpd/bookstack.error.log
CustomLog /var/log/access.log combined
</VirtualHost>This combined setup worked perfectly!
-
This looks like it could work for multi-tenant environment.
- Created a new role and granted no permissions whatsoever.
- Created a new book with a sample page within the book
- Clicked on "More" at top right and assigned View only privileges to this new role I created
- Created new user and assigned user to new role
- Logged in as new user and all I can see is the test book to which I granted permissions. I also can't create any new material because those permissions weren't granted. When I search for a document that was created in the Admin role, I cannot see any search results that I know exist under the Admin role but that haven't been granted access to on this restricted user role. All I can see as this restricted user is the single book that I've granted View access to.
- The book permissions also cascade to other pages created in the same book so once permissions are set at the book, the are also set for child sections.
-
One awesome function is the Export capability. If I export a book to a PDF, all subsequent Chapters and Pages are also exported. It creates an index page linked to the child sections allowing navigation to the child sections within the PDF file.
-
@nashbrydges said in Interesting Take On A Wiki - Testing Now:
One awesome function is the Export capability. If I export a book to a PDF, all subsequent Chapters and Pages are also exported. It creates an index page linked to the child sections allowing navigation to the child sections within the PDF file.
If you are going to export to PDF a lot, there is another package you need to install
-
@black3dynamite said in Interesting Take On A Wiki - Testing Now:
@jaredbusch said in Interesting Take On A Wiki - Testing Now:
okay, this thing just sucks donkey balls. I spent way the fuck too much time on this and still not working.
Assuming Fedora 27 Minimal
# required packages + nano dnf install -y composer git mariadb mariadb-server mcrypt nano php php-cli php-curl php-fpm php-gd php-json php-mbstring php-mysqlnd php-openssl php-pdo php-tidy php-tokenizer php-xml php-zip policycoreutils policycoreutils-python policycoreutils-python-utils #open HTTP firewall-cmd --zone=public --add-port=http/tcp --permanent firewall-cmd --reload #start and enable mariadb systemctl start mariadb systemctl enable mariadb #start and enable apache systemctl start httpd systemctl enable httpd # Create Database and user with a random password for Bookstack export DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13)" echo DB_PASS=$DB_PASS mysql -e "CREATE DATABASE bookstack;" mysql -e "CREATE USER 'bookstack'@'localhost' IDENTIFIED BY '$DB_PASS';" mysql -e "GRANT ALL ON bookstack.* TO 'bookstack'@'localhost';" mysql -e "FLUSH PRIVILEGES;" # Secure MariaDB ################################################### ##############CHANGE THE PASSWORD################## mysql -e "UPDATE mysql.user SET Password=PASSWORD('somesecurepassword') WHERE User='root';" mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');" mysql -e "DELETE FROM mysql.user WHERE User='';" mysql -e "DROP DATABASE test;" mysql -e "FLUSH PRIVILEGES;" # Download BookStack cd /var/www/html/ git clone https://github.com/ssddanbrown/BookStack.git --branch release --single-branch bookstack export DIR_BOOKSTACK="/var/www/html/bookstack" # Install BookStack composer dependancies cd $DIR_BOOKSTACK composer install # Copy and update BookStack environment variables cp $DIR_BOOKSTACK/.env.example $DIR_BOOKSTACK/.env sed -i 's/DB_DATABASE=.*$/DB_DATABASE=bookstack/' $DIR_BOOKSTACK/.env sed -i 's/DB_USERNAME=.*$/DB_USERNAME=bookstack/' $DIR_BOOKSTACK/.env sed -i "s/DB_PASSWORD=.*\$/DB_PASSWORD=$DB_PASS/" $DIR_BOOKSTACK/.env # update the apache DocumentRoot sed -i 's/DocumentRoot "\/var\/www\/html"/DocumentRoot "\/var\/www\/html\/bookstack\/public"/' /etc/httpd/conf/httpd.conf #setup SELinux permissions export httpdrw='httpd_sys_rw_content_t' setsebool -P httpd_can_sendmail 1 setsebool -P httpd_can_network_connect 1 semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/storage(/.*)?" restorecon -R -F ${DIR_BOOKSTACK}/storage semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/bootstrap/cache(/.*)?" restorecon -R -F ${DIR_BOOKSTACK}/bootstrap/cache semanage fcontext -a -t ${httpdrw} "${DIR_BOOKSTACK}/public/uploads(/.*)?" restorecon -R -F ${DIR_BOOKSTACK}/public/uploads #setup ownership of the bookstrap directory to apache chown apache:apache -R $DIR_BOOKSTACK # Generate the application key php artisan key:generate --no-interaction --force # Migrate the databases php artisan migrate --no-interaction --force #Restart httpd systemctl restart httpdBrowse to the IP
http://youripand get redirected tohttp://yourip/loginso that application is running.
If I set theAPP_URLin the.envfile, browsing tohttp://youripwill redirect to thehttp://FQDN/login. So yet more proof that the application if running.But I see this.
I followed your guide except I created a conf file in
/etc/httpd/conf.d/wiki.example.com.confsudo tee /etc/httpd/conf.d/wiki.example.com.conf <<EOF <VirtualHost *:80> ServerAdmin webmaster@localhost <Directory /var/www/html/bookstack/public> Require all granted AllowOverride All #Options +Indexes </Directory> DocumentRoot /var/www/html/bookstack/public ServerName wiki.example.com ErrorLog /var/log/httpd/bookstack.error.log CustomLog /var/log/access.log combined </VirtualHost> EOFI pretty much did they same setup like Snipe-IT.
And my APP_URL is
APP_URL=https://wiki.example.comOk, added the vhost config, removed the change to the httpd.conf, and it works
I added one yesterday also, but I must not have got all the options right.
-
@jaredbusch said in Interesting Take On A Wiki - Testing Now:
@nashbrydges said in Interesting Take On A Wiki - Testing Now:
One awesome function is the Export capability. If I export a book to a PDF, all subsequent Chapters and Pages are also exported. It creates an index page linked to the child sections allowing navigation to the child sections within the PDF file.
If you are going to export to PDF a lot, there is another package you need to install
Thanks for this.
-
@nashbrydges said in Interesting Take On A Wiki - Testing Now:
This looks like it could work for multi-tenant environment.
- Created a new role and granted no permissions whatsoever.
- Created a new book with a sample page within the book
- Clicked on "More" at top right and assigned View only privileges to this new role I created
- Created new user and assigned user to new role
- Logged in as new user and all I can see is the test book to which I granted permissions. I also can't create any new material because those permissions weren't granted. When I search for a document that was created in the Admin role, I cannot see any search results that I know exist under the Admin role but that haven't been granted access to on this restricted user role. All I can see as this restricted user is the single book that I've granted View access to.
- The book permissions also cascade to other pages created in the same book so once permissions are set at the book, the are also set for child sections.
That works well.
-
I opened an issue on their github last night (well this morning) before I went to bed.
https://github.com/BookStackApp/BookStack/issues/708The built in
.htaccessfile should have handled the rewrite rules and it is not.So the quesiton for anyone who knows is why not?
-
@jaredbusch said in Interesting Take On A Wiki - Testing Now:
I opened an issue on their github last night (well this morning) before I went to bed.
https://github.com/BookStackApp/BookStack/issues/708The built in
.htaccessfile should have handled the rewrite rules and it is not.So the quesiton for anyone who knows is why not?
The only thing that is different to me is
Options +FollowSymLinks
https://www.bookstackapp.com/docs/admin/installation/ -
@jaredbusch said in Interesting Take On A Wiki - Testing Now:
I opened an issue on their github last night (well this morning) before I went to bed.
https://github.com/BookStackApp/BookStack/issues/708The built in
.htaccessfile should have handled the rewrite rules and it is not.So the quesiton for anyone who knows is why not?
Weren't there some major changes to Apache's syntax for the Rewrite rules? Could that be part of the issue?
-
@black3dynamite said in Interesting Take On A Wiki - Testing Now:
@jaredbusch said in Interesting Take On A Wiki - Testing Now:
I opened an issue on their github last night (well this morning) before I went to bed.
https://github.com/BookStackApp/BookStack/issues/708The built in
.htaccessfile should have handled the rewrite rules and it is not.So the quesiton for anyone who knows is why not?
The only thing that is different to me is
Options +FollowSymLinks
https://www.bookstackapp.com/docs/admin/installation/This is what is in the defualt htaccess
[root@bookstack ~]# cat /var/www/html/bookstack/public/.htaccess <IfModule mod_rewrite.c> <IfModule mod_negotiation.c> Options -MultiViews </IfModule> RewriteEngine On # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ /$1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] </IfModule> -
So it looks to me like their provided file does not follow their own guide....
-
I added that to the htaccess and change apache confs back and restarted apache and broke again.
Looking at httpd.conf I see some differences between that and the vhost config also. so bah.
So thinking to just go with providing a vhost file.
-
Btw, I noticed directory browsing is enabled by default. Is it best to make the changes to the /etc/httpd/conf.d/autoindex.conf file to disable this for the server globally?
-
@nashbrydges said in Interesting Take On A Wiki - Testing Now:
Btw, I noticed directory browsing is enabled by default. Is it best to make the changes to the /etc/httpd/conf.d/autoindex.conf file to disable this for the server globally?
That would be an apache security setting and not directly related to the install.
-
@jaredbusch said in Interesting Take On A Wiki - Testing Now:
@nashbrydges said in Interesting Take On A Wiki - Testing Now:
Btw, I noticed directory browsing is enabled by default. Is it best to make the changes to the /etc/httpd/conf.d/autoindex.conf file to disable this for the server globally?
That would be an apache security setting and not directly related to the install.
Thanks. Disabled it in the vhost file.
-
I've got it. In
/etc/httpd/conf/httpd.conffile.Changing
<Directory "/var/www/html">to<Directory "/var/www/html/bookstack/public">
And also changingAllowOverride NonetoAllowOverride Allfixes the not found page. -
So from start to finish, running JB's script everything worked for me out of the box, except for one thing. I had to
firewall-cmd --set-default-zone=publicBut that may be because my install was done with the Server DVD and not a minimal install.
-
@dafyre said in Interesting Take On A Wiki - Testing Now:
So from start to finish, running JB's script everything worked for me out of the box, except for one thing. I had to
firewall-cmd --set-default-zone=publicBut that may be because my install was done with the Server DVD and not a minimal install.
The default zone is FedoraServer.
-
@black3dynamite said in Interesting Take On A Wiki - Testing Now:
@dafyre said in Interesting Take On A Wiki - Testing Now:
So from start to finish, running JB's script everything worked for me out of the box, except for one thing. I had to
firewall-cmd --set-default-zone=publicBut that may be because my install was done with the Server DVD and not a minimal install.
The default zone is FedoraServer.
Yeah. The script JB posted uses --zone=public so that's the reason I had to do that on mine.
