ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Install BookStack on Fedora 27

    Scheduled Pinned Locked Moved IT Discussion
    how tobookstackwikifedorafedora 27real instructionsguide
    64 Posts 14 Posters 19.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • JaredBuschJ
      JaredBusch
      last edited by JaredBusch

      Because I have a hypervisor in a colo that I run most of my services on, I have an instance running Nginx as a reverse proxy in front of any web services.

      It handles my SSL certififcates and connects without SSL to the servers behind it. Nothing is ever on a network bus to be intercepted.

      If you are in a similar situation with a proxy handling everything, then you only need to make a single change on your BookStack instance.

      Open up the .env file

      nano /var/www/html/bookstack/.env
      

      Edit the APP_URL to be https instead of http

      APP_URL=https://wiki.domain.com
      
      1 Reply Last reply Reply Quote 0
      • JaredBuschJ
        JaredBusch
        last edited by

        If you want to use SSL directly on the instance, then I recommend that you use certbot.

        1 Reply Last reply Reply Quote 0
        • JaredBuschJ
          JaredBusch
          last edited by JaredBusch

          The forced structure (Book - Chapter - Page) and the WSYIWYG editor make this the best Wiki I have ever used from the ease of use perspective.

          And trust me, ease of use is the primary factor. Because if it is not easy to use it will not get used.

          NashBrydgesN 1 Reply Last reply Reply Quote 2
          • NashBrydgesN
            NashBrydges @JaredBusch
            last edited by

            @jaredbusch I'm really enjoying the layout and functionality.

            1 Reply Last reply Reply Quote 0
            • AdamFA
              AdamF
              last edited by

              Well, looks like I have a new wiki to test.

              JaredBuschJ 1 Reply Last reply Reply Quote 0
              • JaredBuschJ
                JaredBusch @AdamF
                last edited by

                @fuznutz04 said in Install BookStack on Fedora 27:

                Well, looks like I have a new wiki to test.

                I really liked Wiki.js technically. But functionality wins.

                AdamFA 1 Reply Last reply Reply Quote 0
                • AdamFA
                  AdamF @JaredBusch
                  last edited by

                  @jaredbusch said in Install BookStack on Fedora 27:

                  @fuznutz04 said in Install BookStack on Fedora 27:

                  Well, looks like I have a new wiki to test.

                  I really liked Wiki.js technically. But functionality wins.

                  Agreed. I liked the look and layout, but it has to be easy for most people to use. Also, it has to have good progress being made.

                  1 Reply Last reply Reply Quote 0
                  • JaredBuschJ
                    JaredBusch
                    last edited by

                    Pull request made to update their documentation to include this guide.
                    https://github.com/BookStackApp/website/pull/20

                    1 Reply Last reply Reply Quote 0
                    • ObsolesceO
                      Obsolesce
                      last edited by

                      I'll use Bookstack as a wiki when they improve dev...

                      https://www.cvedetails.com/cve/CVE-2017-1000462/
                      https://github.com/BookStackApp/BookStack/issues/575

                      This has been open since October.

                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                      • JaredBuschJ
                        JaredBusch @Obsolesce
                        last edited by

                        @tim_g said in Install BookStack on Fedora 27:

                        I'll use Bookstack as a wiki when they improve dev...

                        https://www.cvedetails.com/cve/CVE-2017-1000462/
                        https://github.com/BookStackApp/BookStack/issues/575

                        This has been open since October.

                        Unless you have untrusted users in the wiki, this is not a serious issue.

                        Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.

                        ObsolesceO JaredBuschJ 2 Replies Last reply Reply Quote 0
                        • ObsolesceO
                          Obsolesce @JaredBusch
                          last edited by Obsolesce

                          @jaredbusch said in Install BookStack on Fedora 27:

                          @tim_g said in Install BookStack on Fedora 27:

                          I'll use Bookstack as a wiki when they improve dev...

                          https://www.cvedetails.com/cve/CVE-2017-1000462/
                          https://github.com/BookStackApp/BookStack/issues/575

                          This has been open since October.

                          Unless you have untrusted users in the wiki, this is not a serious issue.

                          Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.

                          It's not the severity of it, it's that it's still open. It's that there's not enough development work on it that has me concerned. What's next?

                          I know WP has a lot of vulnerabilities listed, but they are all patch, and they are quickly patched.

                          It's a shame because Bookstack looks like a winner other than that.

                          1 Reply Last reply Reply Quote 0
                          • JaredBuschJ
                            JaredBusch @JaredBusch
                            last edited by

                            @jaredbusch said in Install BookStack on Fedora 27:

                            @tim_g said in Install BookStack on Fedora 27:

                            I'll use Bookstack as a wiki when they improve dev...

                            https://www.cvedetails.com/cve/CVE-2017-1000462/
                            https://github.com/BookStackApp/BookStack/issues/575

                            This has been open since October.

                            Unless you have untrusted users in the wiki, this is not a serious issue.

                            Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.

                            Also, I cannot replicate, I tried.

                            ObsolesceO 1 Reply Last reply Reply Quote 0
                            • JaredBuschJ
                              JaredBusch
                              last edited by

                              Looks like a misleading report.
                              0_1519173031871_6c80a49a-c03f-4a74-9002-68696be105e5-image.png

                              1 Reply Last reply Reply Quote 0
                              • ObsolesceO
                                Obsolesce @JaredBusch
                                last edited by

                                @jaredbusch said in Install BookStack on Fedora 27:

                                @jaredbusch said in Install BookStack on Fedora 27:

                                @tim_g said in Install BookStack on Fedora 27:

                                I'll use Bookstack as a wiki when they improve dev...

                                https://www.cvedetails.com/cve/CVE-2017-1000462/
                                https://github.com/BookStackApp/BookStack/issues/575

                                This has been open since October.

                                Unless you have untrusted users in the wiki, this is not a serious issue.

                                Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.

                                Also, I cannot replicate, I tried.

                                Still, I see it as a high-risk software. It's not widely used, the devs are slow, and I doubt big vulnerabilities are will be dealt with appropriately.

                                If it's on a VPS for example, there can be a greater potential for server-wide compromising. When it becomes more popular (which I'm sure it will because it seems great), the vulnerabilities will be discovered... and they WILL be taken advantage of.

                                I just don't trust putting software on a public server that isn't very widely used, active, and developed. I'd rather wait.

                                JaredBuschJ 1 Reply Last reply Reply Quote 0
                                • JaredBuschJ
                                  JaredBusch @Obsolesce
                                  last edited by

                                  @tim_g said in Install BookStack on Fedora 27:

                                  @jaredbusch said in Install BookStack on Fedora 27:

                                  @jaredbusch said in Install BookStack on Fedora 27:

                                  @tim_g said in Install BookStack on Fedora 27:

                                  I'll use Bookstack as a wiki when they improve dev...

                                  https://www.cvedetails.com/cve/CVE-2017-1000462/
                                  https://github.com/BookStackApp/BookStack/issues/575

                                  This has been open since October.

                                  Unless you have untrusted users in the wiki, this is not a serious issue.

                                  Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.

                                  Also, I cannot replicate, I tried.

                                  Still, I see it as a high-risk software. It's not widely used, the devs are slow, and I doubt big vulnerabilities are will be dealt with appropriately.

                                  If it's on a VPS for example, there can be a greater potential for server-wide compromising. When it becomes more popular (which I'm sure it will because it seems great), the vulnerabilities will be discovered... and they WILL be taken advantage of.

                                  I just don't trust putting software on a public server that isn't very widely used, active, and developed. I'd rather wait.

                                  That is a bullshit answer.
                                  Your pet issue has been disproved.

                                  ObsolesceO 1 Reply Last reply Reply Quote 0
                                  • ObsolesceO
                                    Obsolesce @JaredBusch
                                    last edited by

                                    @jaredbusch said in Install BookStack on Fedora 27:

                                    @tim_g said in Install BookStack on Fedora 27:

                                    @jaredbusch said in Install BookStack on Fedora 27:

                                    @jaredbusch said in Install BookStack on Fedora 27:

                                    @tim_g said in Install BookStack on Fedora 27:

                                    I'll use Bookstack as a wiki when they improve dev...

                                    https://www.cvedetails.com/cve/CVE-2017-1000462/
                                    https://github.com/BookStackApp/BookStack/issues/575

                                    This has been open since October.

                                    Unless you have untrusted users in the wiki, this is not a serious issue.

                                    Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.

                                    Also, I cannot replicate, I tried.

                                    Still, I see it as a high-risk software. It's not widely used, the devs are slow, and I doubt big vulnerabilities are will be dealt with appropriately.

                                    If it's on a VPS for example, there can be a greater potential for server-wide compromising. When it becomes more popular (which I'm sure it will because it seems great), the vulnerabilities will be discovered... and they WILL be taken advantage of.

                                    I just don't trust putting software on a public server that isn't very widely used, active, and developed. I'd rather wait.

                                    That is a bullshit answer.
                                    Your pet issue has been disproved.

                                    Not pet issue, just a CVE that I seen... which I did not test. I just assumed vulnerabilities on that site were legit. I guess not.

                                    Now I have to question the credibility of every single security vulnerability on that website.

                                    I don't have time to test every CVE out there to verify them.

                                    Who knows, maybe Bookstack is completely secure with no possibility of a vulnerability. If that's the case, I'll definitly hop on board.

                                    1 Reply Last reply Reply Quote 0
                                    • I
                                      i3
                                      last edited by

                                      Thank you @JaredBusch for the excellent write up. I followed your instructions (copy and paste after editing the first section only) and did not receive any errors, however when I navigate to fqdn, it directs me to a page cannot be found page. Looking at the url it looks like is is appending the url twice.

                                      For example:
                                      I enter wiki.example.com
                                      and it navigates me to wiki.example.com/http:/wiki.example.com/login

                                      If I manually go to wiki.example.com/login I get a login page that is missing images.

                                      0_1519247086672_65e63e4c-d9c5-49bd-b0d3-87c79893b894-image.png

                                      Any thoughts?

                                      JaredBuschJ 1 Reply Last reply Reply Quote 0
                                      • JaredBuschJ
                                        JaredBusch @i3
                                        last edited by JaredBusch

                                        @i3 said in Install BookStack on Fedora 27:

                                        Thank you @JaredBusch for the excellent write up. I followed your instructions (copy and paste after editing the first section only) and did not receive any errors, however when I navigate to fqdn, it directs me to a page cannot be found page. Looking at the url it looks like is is appending the url twice.

                                        For example:
                                        I enter wiki.example.com
                                        and it navigates me to wiki.example.com/http:/wiki.example.com/login

                                        If I manually go to wiki.example.com/login I get a login page that is missing images.

                                        0_1519247086672_65e63e4c-d9c5-49bd-b0d3-87c79893b894-image.png

                                        Any thoughts?

                                        Check the APP_URL in your .env file.

                                        grep APP_URL /var/www/html/bookstack/.env
                                        

                                        You should see something like this
                                        0_1519247534365_6b542851-7a0a-47c5-b781-b4363796142c-image.png

                                        1 Reply Last reply Reply Quote 1
                                        • I
                                          i3
                                          last edited by

                                          When I did that it showed app_url=http:\wiki.example.com
                                          I edited it to show http:// and it is now working- thank you very much for the quick response!

                                          I went back to my original file of what I entered in the app_url and I entered 'http:\wiki.example.com'

                                          Did I do something wrong?

                                          JaredBuschJ 1 Reply Last reply Reply Quote 0
                                          • JaredBuschJ
                                            JaredBusch @i3
                                            last edited by

                                            @i3 said in Install BookStack on Fedora 27:

                                            When I did that it showed app_url=http:\wiki.example.com
                                            I edited it to show http:// and it is now working- thank you very much for the quick response!

                                            I went back to my original file of what I entered in the app_url and I entered 'http:\wiki.example.com'

                                            Did I do something wrong?

                                            Yes. You have to escape the / with a \ to make the script work.
                                            Look at the note I had there.

                                            # Note 2: You must escape the // hence \/\/
                                            export APP_FQDN='http:\/\/wiki.domain.com'
                                            
                                            1 Reply Last reply Reply Quote 1
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 1 / 4
                                            • First post
                                              Last post