Install BookStack on Fedora 27



  • I have been looking for a documentation solution for our company for a while and have been testing a number of Wiki projects. I really liked the git backed concept of Wiki.js, but the project is lacking a solid WYSIWYG editor that I require for the less technical users to actually enter data into any system.

    BookStack lacks backing to a git repository but contains a very good WYSIWYg editor.

    This guide is changed up a bit. I am making use of session variables in bash. This means once you start, you cannot close your SSH session until you are done or things will not work right.

    So first things, edit these bits as noted.

    #Setup some session variables
    ######################################################
    ############## EDIT THESE APPROPRIATELY ##############
    ############### BEFORE YOU COPY/PASTE ################
    ######################################################
    # Root password for MariaDB
    export DB_ROOT_PASS='somesecurepassword'
    # Database name to use for application
    export DB_NAME='bookstack'
    # Database user to use for application
    export DB_USER='bs_user'
    # The domain name you have setup for the application
    # Note 1: if you use a proxy in front to handle the SSL
    # or if you setup SSL directly, this needs to be https
    # Note 2: You must escape the // hence \/\/
    export APP_FQDN='http:\/\/wiki.domain.com'
    # Folder to install application into
    export APP_DIR='/var/www/html/bookstack'
    

    Now, no more editing as you go. See how much better this is for a guide?
    A couple more variables and then install all the dependencies.

    ######################################################
    ######### DO NOT CHANGE ANYTHING BELOW HERE ##########
    ######################################################
    #SELinux RW label for Apache
    export HTTPDRW='httpd_sys_rw_content_t'
    
    # Generate a random password for the bookstack database user
    export DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 13)"
    
    ### Begin the setup process
    # Required packages + nano
    dnf install -y composer git mariadb mariadb-server mcrypt nano php php-cli php-curl php-fpm php-gd php-json php-mbstring php-mysqlnd php-openssl php-pdo php-tidy php-tokenizer php-xml php-zip policycoreutils policycoreutils-python policycoreutils-python-utils
    

    This is a basic guide and will not touch on SSL. Open the firewall and start the services. If you want SSL on this box, then use certbot later.

    # Allow HTTP through the firewall default zone
    firewall-cmd --add-port=http/tcp --permanent
    firewall-cmd --reload
    
    # Start and enable mariadb
    systemctl start mariadb
    systemctl enable mariadb
    
    # Start and enable apache
    systemctl start httpd
    systemctl enable httpd
    

    Create the app database and secure MariaDB

    # Create Database and user with a random password for Bookstack
    mysql -e "CREATE DATABASE $DB_NAME;"
    mysql -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
    mysql -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost';"
    mysql -e "FLUSH PRIVILEGES;"
    
    # Secure MariaDB (this does what mysql_secure_installation performs without interaction)
    mysql -e "UPDATE mysql.user SET Password=PASSWORD('$DB_ROOT_PASS') WHERE User='root';"
    mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
    mysql -e "DELETE FROM mysql.user WHERE User='';"
    mysql -e "DROP DATABASE test;"
    mysql -e "FLUSH PRIVILEGES;"
    

    Download BookStack and then run the composer install. Composer will generate a ton of spammy recommendations to the screen for other packages, ignore it.

    # Download BookStack
    git clone https://github.com/ssddanbrown/BookStack.git --branch release --single-branch $APP_DIR
    
    # Install BookStack composer dependencies
    cd $APP_DIR
    composer install
    

    The BookStack guide stated these directories needed to be writable.
    They are already 755, so setup SELinux to allow them to be written to by Apache. I also setup Apache to be able to send mail as there is an advanced email setting in the configuration file.

    # Setup SELinux permissions
    setsebool -P httpd_can_sendmail 1
    setsebool -P httpd_can_network_connect 1
    semanage fcontext -a -t ${HTTPDRW} "${APP_DIR}/storage(/.*)?"
    restorecon -R -F ${APP_DIR}/storage
    semanage fcontext -a -t ${HTTPDRW} "${APP_DIR}/bootstrap/cache(/.*)?"
    restorecon -R -F ${APP_DIR}/bootstrap/cache
    semanage fcontext -a -t ${HTTPDRW} "${APP_DIR}/public/uploads(/.*)?"
    restorecon -R -F ${APP_DIR}/public/uploads
    

    Setup the BookStack .env file, create the application key, and populate the database.

    # Create .env file and update variables
    cp $APP_DIR/.env.example $APP_DIR/.env
    sed -i "s/DB_DATABASE=.*\$/DB_DATABASE=$DB_NAME/" $APP_DIR/.env
    sed -i "s/DB_USERNAME=.*\$/DB_USERNAME=$DB_USER/" $APP_DIR/.env
    sed -i "s/DB_PASSWORD=.*\$/DB_PASSWORD=$DB_PASS/" $APP_DIR/.env
    sed -i "s/# APP_URL=.*\$/APP_URL=$APP_FQDN/" $APP_DIR/.env
    
    # Generate the application key
    php artisan key:generate --no-interaction --force
    # Migrate the databases
    php artisan migrate --no-interaction --force
    

    Give Apache ownership of the app directory and create a virtual host file.

    # Ensure ownership of the application directory is set to the web user (apache)
    chown apache:apache -R $APP_DIR
    
    # Create tha Apache virtual host file
    cat > /etc/httpd/conf.d/bookstack.conf <<EOF
    <VirtualHost *:80>
        <Directory $APP_DIR/public>
            Require all granted
            AllowOverride All
            #Options +Indexes
        </Directory>
        DocumentRoot $APP_DIR/public
        ErrorLog /var/log/httpd/bookstack.error.log
        CustomLog /var/log/httpd/access_log combined
    </VirtualHost>
    EOF
    

    Finally, restart Apache.

    # Restart httpd
    systemctl restart httpd
    

    Navigate to your FQDN and login with the default credentials.

    FQDN: http://wiki.domain.com
    Username: [email protected]
    Password: password

    Change the default login and enjoy your BookStack Wiki.



  • There are more advanced features and functions available if you read the documentation.
    https://www.bookstackapp.com/docs/



  • Because I have a hypervisor in a colo that I run most of my services on, I have an instance running Nginx as a reverse proxy in front of any web services.

    It handles my SSL certififcates and connects without SSL to the servers behind it. Nothing is ever on a network bus to be intercepted.

    If you are in a similar situation with a proxy handling everything, then you only need to make a single change on your BookStack instance.

    Open up the .env file

    nano /var/www/html/bookstack/.env
    

    Edit the APP_URL to be https instead of http

    APP_URL=https://wiki.domain.com
    


  • If you want to use SSL directly on the instance, then I recommend that you use certbot.



  • The forced structure (Book - Chapter - Page) and the WSYIWYG editor make this the best Wiki I have ever used from the ease of use perspective.

    And trust me, ease of use is the primary factor. Because if it is not easy to use it will not get used.



  • @jaredbusch I'm really enjoying the layout and functionality.



  • Well, looks like I have a new wiki to test.



  • @fuznutz04 said in Install BookStack on Fedora 27:

    Well, looks like I have a new wiki to test.

    I really liked Wiki.js technically. But functionality wins.



  • @jaredbusch said in Install BookStack on Fedora 27:

    @fuznutz04 said in Install BookStack on Fedora 27:

    Well, looks like I have a new wiki to test.

    I really liked Wiki.js technically. But functionality wins.

    Agreed. I liked the look and layout, but it has to be easy for most people to use. Also, it has to have good progress being made.



  • Pull request made to update their documentation to include this guide.
    https://github.com/BookStackApp/website/pull/20



  • I'll use Bookstack as a wiki when they improve dev...

    https://www.cvedetails.com/cve/CVE-2017-1000462/
    https://github.com/BookStackApp/BookStack/issues/575

    This has been open since October.



  • @tim_g said in Install BookStack on Fedora 27:

    I'll use Bookstack as a wiki when they improve dev...

    https://www.cvedetails.com/cve/CVE-2017-1000462/
    https://github.com/BookStackApp/BookStack/issues/575

    This has been open since October.

    Unless you have untrusted users in the wiki, this is not a serious issue.

    Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.



  • @jaredbusch said in Install BookStack on Fedora 27:

    @tim_g said in Install BookStack on Fedora 27:

    I'll use Bookstack as a wiki when they improve dev...

    https://www.cvedetails.com/cve/CVE-2017-1000462/
    https://github.com/BookStackApp/BookStack/issues/575

    This has been open since October.

    Unless you have untrusted users in the wiki, this is not a serious issue.

    Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.

    It's not the severity of it, it's that it's still open. It's that there's not enough development work on it that has me concerned. What's next?

    I know WP has a lot of vulnerabilities listed, but they are all patch, and they are quickly patched.

    It's a shame because Bookstack looks like a winner other than that.



  • @jaredbusch said in Install BookStack on Fedora 27:

    @tim_g said in Install BookStack on Fedora 27:

    I'll use Bookstack as a wiki when they improve dev...

    https://www.cvedetails.com/cve/CVE-2017-1000462/
    https://github.com/BookStackApp/BookStack/issues/575

    This has been open since October.

    Unless you have untrusted users in the wiki, this is not a serious issue.

    Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.

    Also, I cannot replicate, I tried.



  • Looks like a misleading report.
    0_1519173031871_6c80a49a-c03f-4a74-9002-68696be105e5-image.png



  • @jaredbusch said in Install BookStack on Fedora 27:

    @jaredbusch said in Install BookStack on Fedora 27:

    @tim_g said in Install BookStack on Fedora 27:

    I'll use Bookstack as a wiki when they improve dev...

    https://www.cvedetails.com/cve/CVE-2017-1000462/
    https://github.com/BookStackApp/BookStack/issues/575

    This has been open since October.

    Unless you have untrusted users in the wiki, this is not a serious issue.

    Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.

    Also, I cannot replicate, I tried.

    Still, I see it as a high-risk software. It's not widely used, the devs are slow, and I doubt big vulnerabilities are will be dealt with appropriately.

    If it's on a VPS for example, there can be a greater potential for server-wide compromising. When it becomes more popular (which I'm sure it will because it seems great), the vulnerabilities will be discovered... and they WILL be taken advantage of.

    I just don't trust putting software on a public server that isn't very widely used, active, and developed. I'd rather wait.



  • @tim_g said in Install BookStack on Fedora 27:

    @jaredbusch said in Install BookStack on Fedora 27:

    @jaredbusch said in Install BookStack on Fedora 27:

    @tim_g said in Install BookStack on Fedora 27:

    I'll use Bookstack as a wiki when they improve dev...

    https://www.cvedetails.com/cve/CVE-2017-1000462/
    https://github.com/BookStackApp/BookStack/issues/575

    This has been open since October.

    Unless you have untrusted users in the wiki, this is not a serious issue.

    Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.

    Also, I cannot replicate, I tried.

    Still, I see it as a high-risk software. It's not widely used, the devs are slow, and I doubt big vulnerabilities are will be dealt with appropriately.

    If it's on a VPS for example, there can be a greater potential for server-wide compromising. When it becomes more popular (which I'm sure it will because it seems great), the vulnerabilities will be discovered... and they WILL be taken advantage of.

    I just don't trust putting software on a public server that isn't very widely used, active, and developed. I'd rather wait.

    That is a bullshit answer.
    Your pet issue has been disproved.



  • @jaredbusch said in Install BookStack on Fedora 27:

    @tim_g said in Install BookStack on Fedora 27:

    @jaredbusch said in Install BookStack on Fedora 27:

    @jaredbusch said in Install BookStack on Fedora 27:

    @tim_g said in Install BookStack on Fedora 27:

    I'll use Bookstack as a wiki when they improve dev...

    https://www.cvedetails.com/cve/CVE-2017-1000462/
    https://github.com/BookStackApp/BookStack/issues/575

    This has been open since October.

    Unless you have untrusted users in the wiki, this is not a serious issue.

    Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.

    Also, I cannot replicate, I tried.

    Still, I see it as a high-risk software. It's not widely used, the devs are slow, and I doubt big vulnerabilities are will be dealt with appropriately.

    If it's on a VPS for example, there can be a greater potential for server-wide compromising. When it becomes more popular (which I'm sure it will because it seems great), the vulnerabilities will be discovered... and they WILL be taken advantage of.

    I just don't trust putting software on a public server that isn't very widely used, active, and developed. I'd rather wait.

    That is a bullshit answer.
    Your pet issue has been disproved.

    Not pet issue, just a CVE that I seen... which I did not test. I just assumed vulnerabilities on that site were legit. I guess not.

    Now I have to question the credibility of every single security vulnerability on that website.

    I don't have time to test every CVE out there to verify them.

    Who knows, maybe Bookstack is completely secure with no possibility of a vulnerability. If that's the case, I'll definitly hop on board.



  • Thank you @JaredBusch for the excellent write up. I followed your instructions (copy and paste after editing the first section only) and did not receive any errors, however when I navigate to fqdn, it directs me to a page cannot be found page. Looking at the url it looks like is is appending the url twice.

    For example:
    I enter wiki.example.com
    and it navigates me to wiki.example.com/http:/wiki.example.com/login

    If I manually go to wiki.example.com/login I get a login page that is missing images.

    0_1519247086672_65e63e4c-d9c5-49bd-b0d3-87c79893b894-image.png

    Any thoughts?



  • @i3 said in Install BookStack on Fedora 27:

    Thank you @JaredBusch for the excellent write up. I followed your instructions (copy and paste after editing the first section only) and did not receive any errors, however when I navigate to fqdn, it directs me to a page cannot be found page. Looking at the url it looks like is is appending the url twice.

    For example:
    I enter wiki.example.com
    and it navigates me to wiki.example.com/http:/wiki.example.com/login

    If I manually go to wiki.example.com/login I get a login page that is missing images.

    0_1519247086672_65e63e4c-d9c5-49bd-b0d3-87c79893b894-image.png

    Any thoughts?

    Check the APP_URL in your .env file.

    grep APP_URL /var/www/html/bookstack/.env
    

    You should see something like this
    0_1519247534365_6b542851-7a0a-47c5-b781-b4363796142c-image.png



  • When I did that it showed app_url=http:\wiki.example.com
    I edited it to show http:// and it is now working- thank you very much for the quick response!

    I went back to my original file of what I entered in the app_url and I entered 'http:\wiki.example.com'

    Did I do something wrong?



  • @i3 said in Install BookStack on Fedora 27:

    When I did that it showed app_url=http:\wiki.example.com
    I edited it to show http:// and it is now working- thank you very much for the quick response!

    I went back to my original file of what I entered in the app_url and I entered 'http:\wiki.example.com'

    Did I do something wrong?

    Yes. You have to escape the / with a \ to make the script work.
    Look at the note I had there.

    # Note 2: You must escape the // hence \/\/
    export APP_FQDN='http:\/\/wiki.domain.com'
    


  • Got it. I misunderstood and simply removed the two //

    I understand now.

    Again, thank you for the great write up and responses!



  • Yup, loving it.

    0_1519341548488_a1ca4829-39ae-40a7-b7d4-e0cf6b87f406-image.png

    When you export to PDF, you get a log at the bottom too.
    0_1519341594125_8b620af0-6098-4a71-8ae3-f4af8d2ed2a5-image.png



  • @JaredBusch Nice write-up. I am definitely going to be trying this soon.



  • This post is deleted!


  • Woop installed and ready to use.

    (Does it matter i have no idea what half those commands did, but yet i have a working system 🤔 )



  • @hobbit666 said in Install BookStack on Fedora 27:

    Woop installed and ready to use.

    (Does it matter i have no idea what half those commands did, but yet i have a working system 🤔 )

    I guess that was the point of the post, was to make it crazy simple. I suppose whether it matters if you have no idea or not depends on whether you want to learn what those commands do or not 😉



  • Seem to have an issue with pages.
    Can add a new one but with no details
    0_1519654967201_layout.png

    But if i change the heading or add some text both editing the Page or when i first create one i get:-
    0_1519655017224_error.png

    So creating a New Book and Chapter works fine



  • @hobbit666 ignore me rebooted now working