Install BookStack on Fedora 27
-
If you want to use SSL directly on the instance, then I recommend that you use
certbot. -
The forced structure (Book - Chapter - Page) and the WSYIWYG editor make this the best Wiki I have ever used from the ease of use perspective.
And trust me, ease of use is the primary factor. Because if it is not easy to use it will not get used.
-
@jaredbusch I'm really enjoying the layout and functionality.
-
Well, looks like I have a new wiki to test.
-
@fuznutz04 said in Install BookStack on Fedora 27:
Well, looks like I have a new wiki to test.
I really liked Wiki.js technically. But functionality wins.
-
@jaredbusch said in Install BookStack on Fedora 27:
@fuznutz04 said in Install BookStack on Fedora 27:
Well, looks like I have a new wiki to test.
I really liked Wiki.js technically. But functionality wins.
Agreed. I liked the look and layout, but it has to be easy for most people to use. Also, it has to have good progress being made.
-
Pull request made to update their documentation to include this guide.
https://github.com/BookStackApp/website/pull/20 -
I'll use Bookstack as a wiki when they improve dev...
https://www.cvedetails.com/cve/CVE-2017-1000462/
https://github.com/BookStackApp/BookStack/issues/575This has been open since October.
-
@tim_g said in Install BookStack on Fedora 27:
I'll use Bookstack as a wiki when they improve dev...
https://www.cvedetails.com/cve/CVE-2017-1000462/
https://github.com/BookStackApp/BookStack/issues/575This has been open since October.
Unless you have untrusted users in the wiki, this is not a serious issue.
Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.
-
@jaredbusch said in Install BookStack on Fedora 27:
@tim_g said in Install BookStack on Fedora 27:
I'll use Bookstack as a wiki when they improve dev...
https://www.cvedetails.com/cve/CVE-2017-1000462/
https://github.com/BookStackApp/BookStack/issues/575This has been open since October.
Unless you have untrusted users in the wiki, this is not a serious issue.
Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.
It's not the severity of it, it's that it's still open. It's that there's not enough development work on it that has me concerned. What's next?
I know WP has a lot of vulnerabilities listed, but they are all patch, and they are quickly patched.
It's a shame because Bookstack looks like a winner other than that.
-
@jaredbusch said in Install BookStack on Fedora 27:
@tim_g said in Install BookStack on Fedora 27:
I'll use Bookstack as a wiki when they improve dev...
https://www.cvedetails.com/cve/CVE-2017-1000462/
https://github.com/BookStackApp/BookStack/issues/575This has been open since October.
Unless you have untrusted users in the wiki, this is not a serious issue.
Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.
Also, I cannot replicate, I tried.
-
Looks like a misleading report.
-
@jaredbusch said in Install BookStack on Fedora 27:
@jaredbusch said in Install BookStack on Fedora 27:
@tim_g said in Install BookStack on Fedora 27:
I'll use Bookstack as a wiki when they improve dev...
https://www.cvedetails.com/cve/CVE-2017-1000462/
https://github.com/BookStackApp/BookStack/issues/575This has been open since October.
Unless you have untrusted users in the wiki, this is not a serious issue.
Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.
Also, I cannot replicate, I tried.
Still, I see it as a high-risk software. It's not widely used, the devs are slow, and I doubt big vulnerabilities are will be dealt with appropriately.
If it's on a VPS for example, there can be a greater potential for server-wide compromising. When it becomes more popular (which I'm sure it will because it seems great), the vulnerabilities will be discovered... and they WILL be taken advantage of.
I just don't trust putting software on a public server that isn't very widely used, active, and developed. I'd rather wait.
-
@tim_g said in Install BookStack on Fedora 27:
@jaredbusch said in Install BookStack on Fedora 27:
@jaredbusch said in Install BookStack on Fedora 27:
@tim_g said in Install BookStack on Fedora 27:
I'll use Bookstack as a wiki when they improve dev...
https://www.cvedetails.com/cve/CVE-2017-1000462/
https://github.com/BookStackApp/BookStack/issues/575This has been open since October.
Unless you have untrusted users in the wiki, this is not a serious issue.
Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.
Also, I cannot replicate, I tried.
Still, I see it as a high-risk software. It's not widely used, the devs are slow, and I doubt big vulnerabilities are will be dealt with appropriately.
If it's on a VPS for example, there can be a greater potential for server-wide compromising. When it becomes more popular (which I'm sure it will because it seems great), the vulnerabilities will be discovered... and they WILL be taken advantage of.
I just don't trust putting software on a public server that isn't very widely used, active, and developed. I'd rather wait.
That is a bullshit answer.
Your pet issue has been disproved. -
@jaredbusch said in Install BookStack on Fedora 27:
@tim_g said in Install BookStack on Fedora 27:
@jaredbusch said in Install BookStack on Fedora 27:
@jaredbusch said in Install BookStack on Fedora 27:
@tim_g said in Install BookStack on Fedora 27:
I'll use Bookstack as a wiki when they improve dev...
https://www.cvedetails.com/cve/CVE-2017-1000462/
https://github.com/BookStackApp/BookStack/issues/575This has been open since October.
Unless you have untrusted users in the wiki, this is not a serious issue.
Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.
Also, I cannot replicate, I tried.
Still, I see it as a high-risk software. It's not widely used, the devs are slow, and I doubt big vulnerabilities are will be dealt with appropriately.
If it's on a VPS for example, there can be a greater potential for server-wide compromising. When it becomes more popular (which I'm sure it will because it seems great), the vulnerabilities will be discovered... and they WILL be taken advantage of.
I just don't trust putting software on a public server that isn't very widely used, active, and developed. I'd rather wait.
That is a bullshit answer.
Your pet issue has been disproved.Not pet issue, just a CVE that I seen... which I did not test. I just assumed vulnerabilities on that site were legit. I guess not.
Now I have to question the credibility of every single security vulnerability on that website.
I don't have time to test every CVE out there to verify them.
Who knows, maybe Bookstack is completely secure with no possibility of a vulnerability. If that's the case, I'll definitly hop on board.
-
Thank you @JaredBusch for the excellent write up. I followed your instructions (copy and paste after editing the first section only) and did not receive any errors, however when I navigate to fqdn, it directs me to a page cannot be found page. Looking at the url it looks like is is appending the url twice.
For example:
I enter wiki.example.com
and it navigates me to wiki.example.com/http:/wiki.example.com/loginIf I manually go to wiki.example.com/login I get a login page that is missing images.
Any thoughts?
-
@i3 said in Install BookStack on Fedora 27:
Thank you @JaredBusch for the excellent write up. I followed your instructions (copy and paste after editing the first section only) and did not receive any errors, however when I navigate to fqdn, it directs me to a page cannot be found page. Looking at the url it looks like is is appending the url twice.
For example:
I enter wiki.example.com
and it navigates me to wiki.example.com/http:/wiki.example.com/loginIf I manually go to wiki.example.com/login I get a login page that is missing images.
Any thoughts?
Check the
APP_URLin your.envfile.grep APP_URL /var/www/html/bookstack/.envYou should see something like this
-
When I did that it showed app_url=http:\wiki.example.com
I edited it to show http:// and it is now working- thank you very much for the quick response!I went back to my original file of what I entered in the app_url and I entered 'http:\wiki.example.com'
Did I do something wrong?
-
@i3 said in Install BookStack on Fedora 27:
When I did that it showed app_url=http:\wiki.example.com
I edited it to show http:// and it is now working- thank you very much for the quick response!I went back to my original file of what I entered in the app_url and I entered 'http:\wiki.example.com'
Did I do something wrong?
Yes. You have to escape the
/with a\to make the script work.
Look at the note I had there.# Note 2: You must escape the // hence \/\/ export APP_FQDN='http:\/\/wiki.domain.com' -
Got it. I misunderstood and simply removed the two //
I understand now.
Again, thank you for the great write up and responses!
