This will cover the installation of Bookstack on Centos 7 including selinux and the firewall, which other guides disable.
From their website: “BookStack is a simple, self-hosted, easy-to-use platform for organising and storing information.”
This will also be using php71u, because nobody in the world really wants to run php5 still. This guide assumes a clean base Centos 7 minimal image and standard SELinux settings out of the box.
Prerequisites
Run the following commands to prep your system for Bookstack:
yum -y install epel-release
yum -y install https://centos7.iuscommunity.org/ius-release.rpm
yum -y install git mariadb-server nginx php71u php71u-fpm php71u-gd php71u-mbstring php71u-mysqlnd php71u-pdo php71u-tidy php71u-cli php71u-json php71u-xml
MySQL Setup
This is fairly straightforward, first we do the normal secure install:
systemctl restart mariadb.service
mysql_secure_installation
Now put in the password of your choice, answer yes to everything else, and proceed:
mysql -u root -p
CREATE DATABASE IF NOT EXISTS bookstackdb DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL PRIVILEGES ON bookstackdb.* TO 'bookstackuser'@'localhost' IDENTIFIED BY 'bookstackpass' WITH GRANT OPTION;
FLUSH PRIVILEGES;
quit
PHP Settings
Next, we edit PHP-FPM’s config file:
vim /etc/php-fpm.d/www.conf
Change/verify the following variables are set properly in the www.conf file:
listen = /var/run/php-fpm.sock
listen.owner = nginx ;
listen.group = nginx ;
listen.mode = 0660 ;
user = nginx ;
group = nginx ;
php_value[session.save_path] = /var/www/sessions
NGINX Configuration
And on to Nginx:
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig
vim /etc/nginx/nginx.conf
Paste the following Nginx config:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
include /etc/nginx/conf.d/*.conf;
}
Now we edit the server configuration:
server {
listen 80;
server_name localhost;
root /var/www/BookStack/public;
access_log /var/log/nginx/bookstack_access.log;
error_log /var/log/nginx/bookstack_error.log;
client_max_body_size 1G;
fastcgi_buffers 64 4K;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ ^/(?:\.htaccess|data|config|db_structure\.xml|README) {
deny all;
}
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/var/run/php-fpm.sock;
}
location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
access_log off;
}
}
Bookstack Installation
Composer Install (if PHP fails for some reason, look for similar issues here: https://www.rootusers.com/upgrade-php-5-6-7-1-centos-7-linux/):
cd /usr/local/bin
curl -sS https://getcomposer.org/installer | php
mv composer.phar composer
Bookstack install:
cd /var/www
mkdir /var/www/sessions
git clone https://github.com/BookStackApp/BookStack.git --branch release --single-branch
cd BookStack && composer install
Once that’s complete, back up the env file and edit it:
cp .env.example .env
vim .env
Verify that the following settings are correctly set based on the MySQL user you created earlier:
DB_HOST=localhost
DB_DATABASE=bookstackdb
DB_USERNAME=bookstackuser
DB_PASSWORD=bookstackpass
Cleanup
php artisan key:generate --force
chown -R nginx:nginx /var/www/{BookStack,sessions}
php artisan migrate --force
Enable the services:
systemctl enable nginx.service && systemctl enable mariadb.service && systemctl enable php-fpm.service
Firewall rules:
firewall-cmd --permanent --add-port 80/tcp
firewall-cmd --reload
Selinux rule:
setsebool -P httpd_unified 1
Now, reboot!
This is now a complete installation. You will sign in with the default username of admin@example.com with the password of password.
However, since you may want to use this at work, here’s how you’d configure LDAP authentication via Active Directory.
Group-Based LDAP Authentication via Microsoft Active Directory
Install the required package:
yum install php71u-ldap
Set the SELinux permission:
setsebool -P httpd_can_network_connect 1
Edit the .env file:
vim /var/www/BookStack/.env
And add the following values:
# LDAP Settings
LDAP_SERVER=ad1.contoso.com:389
LDAP_BASE_DN="OU=Contoso Co,DC=contoso,DC=com"
LDAP_DN=ldapuser@contoso.com
LDAP_PASS=ldapuserpassword
LDAP_USER_FILTER="(&(SAMAccountName=${user})(memberOf=CN=BookStackAdmin,OU=Contoso Groups,OU=Contoso Co,DC=contoso,DC=com))"
LDAP_VERSION=3
Now run
php artisan optimize
to verify it’s good to go!
Note: the filter is checking if SAMAccountName $user exists and is ALSO matching as a memberOf the CN=BookStackAdmin group using the full Distinguished Name. This is not documented anywhere.