Install BookStack on Fedora 27
-
@jaredbusch said in Install BookStack on Fedora 27:
@tim_g said in Install BookStack on Fedora 27:
I'll use Bookstack as a wiki when they improve dev...
https://www.cvedetails.com/cve/CVE-2017-1000462/
https://github.com/BookStackApp/BookStack/issues/575This has been open since October.
Unless you have untrusted users in the wiki, this is not a serious issue.
Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.
It's not the severity of it, it's that it's still open. It's that there's not enough development work on it that has me concerned. What's next?
I know WP has a lot of vulnerabilities listed, but they are all patch, and they are quickly patched.
It's a shame because Bookstack looks like a winner other than that.
-
@jaredbusch said in Install BookStack on Fedora 27:
@tim_g said in Install BookStack on Fedora 27:
I'll use Bookstack as a wiki when they improve dev...
https://www.cvedetails.com/cve/CVE-2017-1000462/
https://github.com/BookStackApp/BookStack/issues/575This has been open since October.
Unless you have untrusted users in the wiki, this is not a serious issue.
Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.
Also, I cannot replicate, I tried.
-
Looks like a misleading report.
-
@jaredbusch said in Install BookStack on Fedora 27:
@jaredbusch said in Install BookStack on Fedora 27:
@tim_g said in Install BookStack on Fedora 27:
I'll use Bookstack as a wiki when they improve dev...
https://www.cvedetails.com/cve/CVE-2017-1000462/
https://github.com/BookStackApp/BookStack/issues/575This has been open since October.
Unless you have untrusted users in the wiki, this is not a serious issue.
Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.
Also, I cannot replicate, I tried.
Still, I see it as a high-risk software. It's not widely used, the devs are slow, and I doubt big vulnerabilities are will be dealt with appropriately.
If it's on a VPS for example, there can be a greater potential for server-wide compromising. When it becomes more popular (which I'm sure it will because it seems great), the vulnerabilities will be discovered... and they WILL be taken advantage of.
I just don't trust putting software on a public server that isn't very widely used, active, and developed. I'd rather wait.
-
@tim_g said in Install BookStack on Fedora 27:
@jaredbusch said in Install BookStack on Fedora 27:
@jaredbusch said in Install BookStack on Fedora 27:
@tim_g said in Install BookStack on Fedora 27:
I'll use Bookstack as a wiki when they improve dev...
https://www.cvedetails.com/cve/CVE-2017-1000462/
https://github.com/BookStackApp/BookStack/issues/575This has been open since October.
Unless you have untrusted users in the wiki, this is not a serious issue.
Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.
Also, I cannot replicate, I tried.
Still, I see it as a high-risk software. It's not widely used, the devs are slow, and I doubt big vulnerabilities are will be dealt with appropriately.
If it's on a VPS for example, there can be a greater potential for server-wide compromising. When it becomes more popular (which I'm sure it will because it seems great), the vulnerabilities will be discovered... and they WILL be taken advantage of.
I just don't trust putting software on a public server that isn't very widely used, active, and developed. I'd rather wait.
That is a bullshit answer.
Your pet issue has been disproved. -
@jaredbusch said in Install BookStack on Fedora 27:
@tim_g said in Install BookStack on Fedora 27:
@jaredbusch said in Install BookStack on Fedora 27:
@jaredbusch said in Install BookStack on Fedora 27:
@tim_g said in Install BookStack on Fedora 27:
I'll use Bookstack as a wiki when they improve dev...
https://www.cvedetails.com/cve/CVE-2017-1000462/
https://github.com/BookStackApp/BookStack/issues/575This has been open since October.
Unless you have untrusted users in the wiki, this is not a serious issue.
Sure, it needs handled, but you have to be able to author/edit a page in the first place in order to exploit this.
Also, I cannot replicate, I tried.
Still, I see it as a high-risk software. It's not widely used, the devs are slow, and I doubt big vulnerabilities are will be dealt with appropriately.
If it's on a VPS for example, there can be a greater potential for server-wide compromising. When it becomes more popular (which I'm sure it will because it seems great), the vulnerabilities will be discovered... and they WILL be taken advantage of.
I just don't trust putting software on a public server that isn't very widely used, active, and developed. I'd rather wait.
That is a bullshit answer.
Your pet issue has been disproved.Not pet issue, just a CVE that I seen... which I did not test. I just assumed vulnerabilities on that site were legit. I guess not.
Now I have to question the credibility of every single security vulnerability on that website.
I don't have time to test every CVE out there to verify them.
Who knows, maybe Bookstack is completely secure with no possibility of a vulnerability. If that's the case, I'll definitly hop on board.
-
Thank you @JaredBusch for the excellent write up. I followed your instructions (copy and paste after editing the first section only) and did not receive any errors, however when I navigate to fqdn, it directs me to a page cannot be found page. Looking at the url it looks like is is appending the url twice.
For example:
I enter wiki.example.com
and it navigates me to wiki.example.com/http:/wiki.example.com/loginIf I manually go to wiki.example.com/login I get a login page that is missing images.
Any thoughts?
-
@i3 said in Install BookStack on Fedora 27:
Thank you @JaredBusch for the excellent write up. I followed your instructions (copy and paste after editing the first section only) and did not receive any errors, however when I navigate to fqdn, it directs me to a page cannot be found page. Looking at the url it looks like is is appending the url twice.
For example:
I enter wiki.example.com
and it navigates me to wiki.example.com/http:/wiki.example.com/loginIf I manually go to wiki.example.com/login I get a login page that is missing images.
Any thoughts?
Check the
APP_URLin your.envfile.grep APP_URL /var/www/html/bookstack/.envYou should see something like this
-
When I did that it showed app_url=http:\wiki.example.com
I edited it to show http:// and it is now working- thank you very much for the quick response!I went back to my original file of what I entered in the app_url and I entered 'http:\wiki.example.com'
Did I do something wrong?
-
@i3 said in Install BookStack on Fedora 27:
When I did that it showed app_url=http:\wiki.example.com
I edited it to show http:// and it is now working- thank you very much for the quick response!I went back to my original file of what I entered in the app_url and I entered 'http:\wiki.example.com'
Did I do something wrong?
Yes. You have to escape the
/with a\to make the script work.
Look at the note I had there.# Note 2: You must escape the // hence \/\/ export APP_FQDN='http:\/\/wiki.domain.com' -
Got it. I misunderstood and simply removed the two //
I understand now.
Again, thank you for the great write up and responses!
-
Yup, loving it.
When you export to PDF, you get a log at the bottom too.
-
@JaredBusch Nice write-up. I am definitely going to be trying this soon.
-
This post is deleted! -
Woop installed and ready to use.
(Does it matter i have no idea what half those commands did, but yet i have a working system
) -
@hobbit666 said in Install BookStack on Fedora 27:
Woop installed and ready to use.
(Does it matter i have no idea what half those commands did, but yet i have a working system
)I guess that was the point of the post, was to make it crazy simple. I suppose whether it matters if you have no idea or not depends on whether you want to learn what those commands do or not
-
Seem to have an issue with pages.
Can add a new one but with no details
But if i change the heading or add some text both editing the Page or when i first create one i get:-
So creating a New Book and Chapter works fine
-
@hobbit666 ignore me rebooted now working
-
@nashbrydges said in Install BookStack on Fedora 27:
@hobbit666 said in Install BookStack on Fedora 27:
Woop installed and ready to use.
(Does it matter i have no idea what half those commands did, but yet i have a working system
)I guess that was the point of the post, was to make it crazy simple. I suppose whether it matters if you have no idea or not depends on whether you want to learn what those commands do or not
That is the point of my guides. They are for both education and getting a working system.
I could easily make it a script like @scottalanmiller did to my Nextcloud 13 guide, but I donβt want to.
I want my guides to educate as well as get the job done. I think the way that I breaks them up with a little blurb in between each set helps give it that right balance. Too much text and people who do not want to learn just move on. Not enough text, and it is basically just a script and the person learns nothing.
-
@jaredbusch said in Install BookStack on Fedora 27:
@nashbrydges said in Install BookStack on Fedora 27:
@hobbit666 said in Install BookStack on Fedora 27:
Woop installed and ready to use.
(Does it matter i have no idea what half those commands did, but yet i have a working system
)I guess that was the point of the post, was to make it crazy simple. I suppose whether it matters if you have no idea or not depends on whether you want to learn what those commands do or not
That is the point of my guides. They are for both education and getting a working system.
I could easily make it a script like @scottalanmiller did to my Nextcloud 13 guide, but I donβt want to.
I want my guides to educate as well as get the job done. I think the way that I breaks them up with a little blurb in between each set helps give it that right balance. Too much text and people who do not want to learn just move on. Not enough text, and it is basically just a script and the person learns nothing.
Learn by doing is an axiom for me.
