Sign in Subscribe
Bookstack

Bookstack, Part Two

David Buhlman

2 min read
Bookstack, Part Two
Photo by James / Unsplash

So over the last couple of days I moved some more data into Bookstack from OneNote just so it isn't a blank demo to play with. Now I want to tackle configuring SSL.

I think I may have these steps backwards in my head but let's see. I had saved some links for certificates but seem to have lost them at this point. Ahhh I found them! I am going to try and set up a certificate via Certbot because it looks pretty damn cool and amazing!
The prerequisites for Certbot are as follows:

  • Comfort with command line. Check.
  • An HTTP website. Check.
  • That's already online. Check.
  • With an open port of 80. Not yet.
  • Which is hosted on a server. Check.
  • Which you can access via ssh. Check.
  • With the ability to sudo. Check.
  • I create a custom A record bookstack.domain.com that points to my IP address. While that propogates out to DNS I'll keep moving forward.

Steps performed on BOOKTSACK-01

  • sudo apt install ufw
  • sudo ufw allow 80/tcp
  • sudo ufw allow 443/tcp
  • sudo ufw allow 22/tcp

Steps performed on firewall

  • Create port forward 80 > 10.10.10.XXX:80
  • Create port forward 44313 > 10.10.10.XXX:443

Steps performed on BOOKTSACK-01

  • snap install core
    • Core 16-2.54.4 from Canonical installed
  • snap install hello-world
    • Hello-world 6.4 from Canonical installed
  • Hello-world
    • Command not found
  • sudo reboot
  • Hello-World
    • Command not found
  • cd /snap/bin
  • Hello-world

Success!

  • snap refresh core
  • sudo apt remove certbot
    • Package 'certbot' is not installed, so not removed.
  • snap install --classic certbot
    • Certbot 1.27.0 from Certbot Project (certbot-eff) installed
  • ln -s /snap/bin/certbot /usr/bin/certbot
  • certbot --apache
    • Enter email address
    • Y to terms
    • Y to share email with EFF
    • Enter domain: bookstack.domain.com
    • Certificate and key saved locally
    • Certbot set up a scheduled task to automatically renew
    • Successfully deployed certificate
    • Successfully enabled HTTPS

Let's test. Well redirection from HTTP to HTTPS is working, but it appears the page's CSS is not loading properly. Oh yeah, this is because I don't think I've added the subdomain to the server alias.

  • nano /var/www/bookstack/.env
    • APP_URL=https://bookstack.domain.com:44313
  • php artisan bookstack:update-url http://10.10.10.XXX https://10.10.10.XXX
  • php artisan clear:cache

I definitely need to dig into these .env files some more. It's confusing to me why it feels like it is acting differently between Bookstack and Monica. I'm struggling to find any good documentation. Can I have multiple APP_URL's? What would the syntax for that look like? On the positive side Certbot worked great! I have a certificate that the browser actually likes! How cool is that!

  • sudo ufw deny 80/tcp
  • sudo ufw reload
    I disable the port forwarding in my network firewall. I enable MFA on my Bookstack account. Next I try to take a backup of my work so far.

I disable the port forwarding in my network firewall. I enable MFA on my Bookstack account. Next I try to take a backup of my work so far.

  • mysqldump -u bookstack -p bookstack > var/backups/bookstack_backup.sql

Success!