Deploying Kanboard.

Kanboard is a self-hosted pseudo Trello clone that supports a lot of interesting features, most notable for me is Mattermost integration and ActiveDirectory / LDAP integration.

In this post we’re going to walkthrough my process of setting up Kanboard on a debian 9 Google Cloud Compute Engine instance, but this should work on most debian VMs. It assumes your VM can talk to your AD controller and you have an incoming webhook setup for Mattermost.

First we want to install Apache and PHP by running the following commands.

#check for updates 
apt update
#go get apache and a whole bunch of PHP stuff.
apt install -y apache2 libapache2-mod-php7.0 php7.0-cli php7.0-mbstring \
    php7.0-sqlite3 php7.0-opcache php7.0-json php7.0-mysql php7.0-pgsql \
    php7.0-ldap php7.0-gd php7.0-xml
#enable drivers for postgres
systemctl enable apache2 postgresql

Next we’ll go out and grab Kanboard 1.2.5, unpack it and move it to the appropriate directory so Apache can serve it, then we’ll adjust the permissions for the “data” folder so that Kanboard can actually do stuff.

Run the following command.

#specific version you want
#download that version
#unpack to /var/www
tar xzvf v$version.tar.gz -C /var/www/
#fix /data permissions
chown -R www-data:www-data /var/www/kanboard-$version/data

After a first install of software I like to reboot the box just to be sure Apache auto starts and the services have come up in the appropriate order, this is an optional step, and really a training scar from working on so many windows deployments.

Next is to actually log into your Kanboard isntallation, by default it’s going to be at http://yourserveraddressorip/kanboard
Login using username: admin password: admin
immediately go and change this password.

Navigate to the plugins screen, if you get a warning about not being able to install plugins from the web interface, you’ll need to edit the config.php file in /var/www/kanboard to reflect

//Enable/Disable plugin installer
define ('PLUGIN_INSTALLER', true);

After making that change, if you still receive the warning you’re likely missing the php-zip module, installing that is outside the scope of this post.

While we’re in the config.php file, we’re going to go ahead and make the changes necessary for AD/LDAP authentication.
We’re going to use proxy mode.

// Enable LDAP authentication (false by default)
define('LDAP_AUTH', true);
//Tell it what kind of ldap and how to connect
define('LDAP_BIND_TYPE', 'proxy'); 
define('LDAP_USERNAME', 'administrator@yourdomain.local'); define('LDAP_PASSWORD', 'this accounts domain password');
// LDAP server hostname 
define('LDAP_SERVER', 'hostname.yourdomain.local');
// LDAP properties 
define('LDAP_USER_BASE_DN', 'CN=Users,DC=yourdomain,DC=local'); 
define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');

Ldap properties can be confusing, the user filter should be pretty much left alone for Active directory, the LDAP_USER_BASE_DN is going to be variable depending on your folder structure in AD.

Save those changes to config.php and consider restarting apache to make sure the app has loaded the new config.

Next we’re going to go back to the plugins screen and install the Mattermost plugin, this plugin is particularly useful to my company because we’re going to use Kanboard as an almost CRM tool, with team time notifications when a task is moved from one point in the pipeline to another, currently we use email for this and it’s a communication nightmare.

Basically you click install, and then give it your mattermost webhook.

Once it’s installed, per project you can pick a Mattermost channel you’d like Kanboard to post in by giving it the channel id in the notifications section of the project configuration.

That’s it! we’re done! you have a brand new Kanboard deployment, using LDAP so your user base doesn’t have to remember any new credentials, and with Mattermost integration to help better gel together your project management and communication tools.

A Mullet Deployment

Windows in the front, Linux in the back.

I’ve been working on a pretty interesting environment and I thought you guys might like to hear about it, I would also love to hear what you have to think in the comments! I’m contracting with a non-profit charity organization that is just getting started. Currently there are three users including the founder, they each have their own personal laptops 2 of them running Windows 7 and one of them running Windows 8.1 . They have the pretty standard office needs and they contacted me from a referral to see what I could do for them on their budget (which is tight).

After meeting with the founder already we hit our first snag, she’s very cloudphobic, borderline fanatical about the fact that she want’s to control all of the organizations data in house. That struck me as odd, but hey, every office is different right? Our only other challenges are that the budget really does not allow for nice hardware, and they are still pending for 501c status. What that translates to is we are going to have a hard time getting equipment.

From the discovery meeting I learned that this organization requires:

  • Active Directory
  • Network storage
  • Business class email and calendar
  • VPN access
  • Web server
  • WordPress website

I also learned that our challenges are:

  • We do not have 501c status yet (this could take months) which means we do not benefit from companies non-profit pricing schedules, and it will be harder to receive donated equipment.
  • The founder requires that everything is stored locally, she wants nothing in the cloud.

We couldn’t use Microsoft Server 2012 Essentials because of the email requirement and we certainly could not afford full Server 2012 and Exchange. I ended up going with Zentyal 3.3 which is a linux based small business server that gives *close enough* products that I thought would be a good fit considering all of our needs versus all of our challenges. (Added bonus, it’s free!) I purchased a HP ProLiant G7 N54L MicroServer an additional 500gb HDD and 4 GB of RAM. Which put us around $500 total for costs of server hardware. For networking I just went with the router/built it switch that the ISP provided.

Surprisingly It all went pretty well.

Everything was very simple to set up, it reminded me of Small Business 2008 is a lot of ways, the Zentyal GUI just walks you through it all and the entire build out took me maybe 4 hours of billable time. The only custom thing I had to do was install wordpress, which is a simple thing to do on linux, but this required me to change the management interface to listen on port 444 instead of 443. The entire build cost the client just under $3000.00 included the website I built out for them.

So what’s the catch?

Zentyal is not all there, yet. The domain acts like a Server 2000 domain, which is not necessarily a bad thing but if you get into a situation where you need to scale up, or add a windows server it could become a problem. OpenChange is still being proven and I’m genuinely un-sure of how it will perform over the long haul, Outlook 2010 seemed to think it was an exchange server so I have high hopes! Samba4 is not a Windows file server which could limit our ability to use Windows native network applications (Access, Quickbooks, Etc.). There is also the obvious red flags, the primary web server is also the primary domain controller, and mail server. All of the eggs are in one basket with no redundancy, maybe as funding increases and they receive their 501c we can revisit this project.

How would you have handled it?

I would love to hear about some other approaches from other geeks. What would you have changed? Would you have taken this project at all?