Install Wekan on Ubuntu 18.04 with Apache

Wekan is a great, open-source, self-hosted alternative to Trello. It can easily be installed on Ubuntu, the trickiest part is configuring the Apache reverse proxy. This is needed since it runs on Node.js.

There are two ways to install it: you can manually install NodeJS / MongoDB / Wekan SystemD service, or you can use "snap" which is basically a containerized package of all of these components. Snap is probably less performant and requires more resources than the manual installation, however, it is easier to install, work with, and to update. If you prefer the manual route there's a good tutorial on it here. In this tutorial we will install it using snap. Our configuration assumes that:

  • You will run wekan on a subdomain
  • It will be accessible through apache
sudo apt install snap
sudo apt install snapd
sudo snap install wekan
sudo snap set wekan root-url="https://wekan.yoursite.com"
sudo snap set wekan port='3333'
sudo systemctl restart snap.wekan.mongodb
sudo systemctl restart snap.wekan.wekan

# Make sure that node is listening on your custom port:
ss -tunelp | grep 3333
tcp   LISTEN  0       511                  0.0.0.0:3333           0.0.0.0:*      users:(("node",pid=12597,fd=15)) ino:581605 sk:27 <->

# You can also check the status of the wekan service:
systemctl status  snap.wekan.wekan
● snap.wekan.wekan.service - Service for snap application wekan.wekan
   Loaded: loaded (/etc/systemd/system/snap.wekan.wekan.service; enabled; vendor preset: enabled)
   Active: active (running) since Fri 2019-11-01 20:37:07 UTC; 43min ago
 Main PID: 11244 (wekan-control)
    Tasks: 11 (limit: 4704)
   CGroup: /system.slice/snap.wekan.wekan.service
           ├─11244 /bin/bash /snap/wekan/647/bin/wekan-control
           └─12597 /snap/wekan/647/bin/node main.js

# Set up Snap auto-updates:
snap set core refresh.schedule=01:00-02:00

# Manually refresh:
sudo snap refresh

Adding the Admin User

You must sign up at https://wekan.yourdomain.com/sign-up. The first user who signs up will become the administrator, subsequent users will be regular users. During sign up it will show an error because email isn't configured, ignore it. You can then navigate to https://wekan.yourdomain.com and log in.

Configuring Apache

This is documented in detail on the Wekan Wiki.

Upload your virtual host file to /etc/apache2/sites-available:

<VirtualHost *:443>
    ServerName example.com

    SSLEngine On
    SSLCertificateFile      /etc/letsencrypt/live/example.com/fullchain.pem
    SSLCertificateKeyFile   /etc/letsencrypt/live/example.com/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
    ServerSignature Off

    <Location />
     require all granted
    </Location>

    ProxyPassMatch   "^/(sockjs\/.*\/websocket)$" "ws://127.0.0.1:3001/$1"
    ProxyPass        "/" "http://127.0.0.1:3001/"
    ProxyPassReverse "/" "http://127.0.0.1:3001/"
</VirtualHost>

Follow Certbot instructions to obtain an SSL certificate (basically install certbot and run certbot --apache )

Continue configuring apache:

sudo a2enmod proxy proxy_http proxy_wstunnel
sudo systemctl restart apache2
sudo a2ensite example.com
sudo systemctl restart apache2


Working with Wekan

# Disable/enable the service:
sudo snap disable wekan
sudo snap enable wekan

# Restart wekan:
sudo systemctl restart snap.wekan.wekan

You can access MongoDB after installing mongodb-org-tools, see Install MongoDB Community Edition on Ubuntu

Getting/setting parameters

# Retrieve your configuration values:
sudo snap get wekan
sudo snap get wekan mail-url
sudo snap set wekan port='1234'

Error trying to send email: Hostname/IP doesn't match certificate's altnames

This can occur if your email server's certificate doesn't include the server's domain name; for example if you are on a shared host. The answer can be found in the wekan wiki page Troubleshooting Email. Set you email configuration as follows in the The key is to add rejectUnauthorized:false to the SMTP host address. Wekan admin panel:

SMTP Host: mail.example.com:587/?ignoreTLS=true&tls={rejectUnauthorized:false}&secure=false

SMTP Port: 587
Username: support%40example.com
Password: password
TLS support: [_] <== not checked

Sources