Deploying Kanboard.

Kanboard is a self-hosted pseudo Trello clone that supports a lot of interesting features, most notable for me is Mattermost integration and ActiveDirectory / LDAP integration.

In this post we’re going to walkthrough my process of setting up Kanboard on a debian 9 Google Cloud Compute Engine instance, but this should work on most debian VMs. It assumes your VM can talk to your AD controller and you have an incoming webhook setup for Mattermost.

First we want to install Apache and PHP by running the following commands.

#check for updates 
apt update
#go get apache and a whole bunch of PHP stuff.
apt install -y apache2 libapache2-mod-php7.0 php7.0-cli php7.0-mbstring \
    php7.0-sqlite3 php7.0-opcache php7.0-json php7.0-mysql php7.0-pgsql \
    php7.0-ldap php7.0-gd php7.0-xml
#enable drivers for postgres
systemctl enable apache2 postgresql

Next we’ll go out and grab Kanboard 1.2.5, unpack it and move it to the appropriate directory so Apache can serve it, then we’ll adjust the permissions for the “data” folder so that Kanboard can actually do stuff.

Run the following command.

#specific version you want
version=1.2.5
#download that version
wget https://github.com/kanboard/kanboard/archive/v$version.tar.gz
#unpack to /var/www
tar xzvf v$version.tar.gz -C /var/www/
#fix /data permissions
chown -R www-data:www-data /var/www/kanboard-$version/data

After a first install of software I like to reboot the box just to be sure Apache auto starts and the services have come up in the appropriate order, this is an optional step, and really a training scar from working on so many windows deployments.

Next is to actually log into your Kanboard isntallation, by default it’s going to be at http://yourserveraddressorip/kanboard
Login using username: admin password: admin
immediately go and change this password.

Navigate to the plugins screen, if you get a warning about not being able to install plugins from the web interface, you’ll need to edit the config.php file in /var/www/kanboard to reflect

//Enable/Disable plugin installer
define ('PLUGIN_INSTALLER', true);

After making that change, if you still receive the warning you’re likely missing the php-zip module, installing that is outside the scope of this post.

While we’re in the config.php file, we’re going to go ahead and make the changes necessary for AD/LDAP authentication.
We’re going to use proxy mode.

// Enable LDAP authentication (false by default)
define('LDAP_AUTH', true);
//Tell it what kind of ldap and how to connect
define('LDAP_BIND_TYPE', 'proxy'); 
define('LDAP_USERNAME', 'administrator@yourdomain.local'); define('LDAP_PASSWORD', 'this accounts domain password');
// LDAP server hostname 
define('LDAP_SERVER', 'hostname.yourdomain.local');
// LDAP properties 
define('LDAP_USER_BASE_DN', 'CN=Users,DC=yourdomain,DC=local'); 
define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');

Ldap properties can be confusing, the user filter should be pretty much left alone for Active directory, the LDAP_USER_BASE_DN is going to be variable depending on your folder structure in AD.

Save those changes to config.php and consider restarting apache to make sure the app has loaded the new config.

Next we’re going to go back to the plugins screen and install the Mattermost plugin, this plugin is particularly useful to my company because we’re going to use Kanboard as an almost CRM tool, with team time notifications when a task is moved from one point in the pipeline to another, currently we use email for this and it’s a communication nightmare.

Basically you click install, and then give it your mattermost webhook.

Once it’s installed, per project you can pick a Mattermost channel you’d like Kanboard to post in by giving it the channel id in the notifications section of the project configuration.

That’s it! we’re done! you have a brand new Kanboard deployment, using LDAP so your user base doesn’t have to remember any new credentials, and with Mattermost integration to help better gel together your project management and communication tools.