Hacky installation of Focalboard

I was asked by a client if I could install focalboard on a hestia server. I gather this is made by the same people as mattermost, so the instructions look like they might also apply to mattermost too.

First of all a disclaimer. Although this did work, it was just used as a proof of concept. Ultimately the client decided not to use it, so I didn’t spend much time considering security, and it wasn’t around long enough to see if SSL certs renewed OK. Your mileage may vary. You may destroy your server if you follow these instructions. etc.

Initial Hestia Setup
So, as the site involves running an executable, I created a new user to run it under.

  • In hestia create web domain and point DNS to it.
  • Issue SSL cert.
  • leave index.html if you want.
  • create database in hestia if you’re using mysql and get the credentials

Focalboard Installation

  • Create a working directory under the new user. [mkdir ~code ; cd code]
  • download and unzip focalboard into eg ~/code/focalboard
  • edit ~/code/focalboard/config.json and add your database creds.
    eg
{
	"serverRoot": "http://localhost:8000",
	"port": 8000,
	"dbtype": "mysql",
	"dbconfig": "user_dbuser:[email protected](127.0.0.1:3306)/user_focaldb",
	"postgres_dbconfig": "dbname=focalboard sslmode=disable",
	"useSSL": false,
	"webpath": "./pack",
	"filespath": "./files",
    "telemetry": true,
    "prometheus_address": ":9092",
    "session_expire_time": 2592000,
    "session_refresh_time": 18000,
    "localOnly": false,
    "enableLocalMode": true,
    "localModeSocketLocation": "/var/tmp/focalboard_local.socket"
	}
  • note, executable is at /home/user/code/focalboard/bin/focalboard-server

Systemd service file
As root, you need to: nano /etc/systemd/system/focalboard.service

	[Unit]
	Description=Focalboard server

	[Service]
	Type=simple
	Restart=always
	RestartSec=5s
	ExecStart=/home/user/code/focalboard/bin/focalboard-server
	WorkingDirectory=/home/user/code/focalboard/
	User=user

	[Install]
	WantedBy=multi-user.target

Then start and enable the service
systemctl enable focalboard.service
systemctl start focalboard.service

Test with curl http://localhost:8000

Proxy Setup
OK, if that’s working, then you need to set up the proxy. We take a copy of the existing proxy template and copy it to focalboard.tpl and focalboard.stpl
They look like this: basically the nginx templates they give you on the focalboard site, but adapted with the Hestia variables.

nano /usr/local/hestia/data/templates/web/nginx/focalboard.tpl

upstream focalboard {
   server localhost:8000;
   keepalive 32;
}

server {
   listen %ip%:%proxy_port% ;
   server_name %domain_idn% %alias_idn%;
   root           %docroot%;
   access_log     /var/log/%web_system%/domains/%domain%.log combined;
   access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;

   location ~ /ws/* {
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       client_max_body_size 50M;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       client_body_timeout 60;
       send_timeout 300;
       lingering_timeout 5;
       proxy_connect_timeout 1d;
       proxy_send_timeout 1d;
       proxy_read_timeout 1d;
       proxy_pass http://focalboard;
   }

   location / {
       client_max_body_size 50M;
       proxy_set_header Connection "";
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       proxy_read_timeout 600s;
       proxy_cache_revalidate on;
       proxy_cache_min_uses 2;
       proxy_cache_use_stale timeout;
       proxy_cache_lock on;
       proxy_http_version 1.1;
       proxy_pass http://focalboard;
   }

   include %home%/%user%/conf/web/%domain%/nginx.conf_*;
}

nano /usr/local/hestia/data/templates/web/nginx/focalboard.stpl

server {
    listen %ip%:%proxy_ssl_port% ssl http2;
    server_name %domain_idn% %alias_idn%;
    ssl_certificate      %ssl_pem%;
    ssl_certificate_key  %ssl_key%;
    ssl_stapling on;
    ssl_stapling_verify on;
    error_log  /var/log/%web_system%/domains/%domain%.error.log error;
    root           %docroot%;
    access_log     /var/log/%web_system%/domains/%domain%.log combined;
    access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;

   location ~ /ws/* {
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       client_max_body_size 50M;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       client_body_timeout 60;
       send_timeout 300;
       lingering_timeout 5;
       proxy_connect_timeout 1d;
       proxy_send_timeout 1d;
       proxy_read_timeout 1d;
       proxy_pass http://focalboard;
   }

   location / {
       client_max_body_size 50M;
       proxy_set_header Connection "";
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       proxy_read_timeout 600s;
       proxy_cache_revalidate on;
       proxy_cache_min_uses 2;
       proxy_cache_use_stale timeout;
       proxy_cache_lock on;
       proxy_http_version 1.1;
       proxy_pass http://focalboard;
   }

  include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*;

}

Once SSL is working you might decide to use this as focalboard.tpl

upstream focalboard {
   server localhost:8000;
   keepalive 32;
}

server {
   listen %ip%:%proxy_port% ;
   server_name %domain_idn% %alias_idn%;
   root           %docroot%;
   access_log     /var/log/%web_system%/domains/%domain%.log combined;
   access_log     /var/log/%web_system%/domains/%domain%.bytes bytes;

   return 301 https://$host$request_uri;
}

Now, back in Hestia CP you can select the new template for your domain under the Proxy section.

Add include %home%/%user%/conf/web/%domain%/nginx.conf_*; to .tpl template

And include %home%/%user%/conf/web/%domain%/nginx.ssl.conf_*; to .stpl template to allow LE certificates

2 Likes

Done. Server was only running for a couple of days, so we didn’t get to renew a cert.

I have done something similar for Icinga2. It works fine but as long it is used for that client alone it should be fine