Bookstack is a really cool and simple opensource wiki system that can be of great use either in a team or by yourself if you want to document and organize information. This guide will show you how to do it on an Unraid system, but it can applied to any OS that is running docker.

MariaDB Installation

Installing MariaDB is very straight forward. Go to the “Apps” tab and search for mariadb and click install. If you already have mariadb installed you can just skip to the create database part.

Choose your host port and your MYSQL Root password. I changed the default name and the host port as I already have a MariaDB container running and this container will only be for demonstration purposes.

Create the Bookstack database

Open terminal and exec into the container with docker exec -it mariadb bash Log into mysql with user root and the password you chose. mysql -uroot -p enter your password.

The output will look like this:

[email protected]:~# docker exec -it mariadb bash [email protected]:/# mysql -uroot -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 3 Server version: 10.1.30-MariaDB-1~xenial mariadb.org binary distribution Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]

Next up is creating the database. (Remember to end all queries with a semicolon)

Start with creating a user for the database. CREATE USER 'user' IDENTIFIED by 'password'; Where ‘user’ is your username and ‘password’ is the password you want for the new user. The ouput will be like this. MariaDB [(none)]> CREATE USER 'gilbn' IDENTIFIED by 'mypassword'; Query OK, 0 rows affected (0.01 sec) Create the database with CREATE DATABASE IF NOT EXISTS bookstack; MariaDB [(none)]> CREATE DATABASE IF NOT EXISTS bookstack; Query OK, 1 row affected (0.00 sec) Give the user permissions to the database with GRANT ALL PRIVILEGES ON bookstack.* TO 'gilbn' IDENTIFIED BY 'mypassword'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON bookstack.* TO 'gilbn' IDENTIFIED BY 'mypassword'; Query OK, 0 rows affected (0.00 sec)

Then quit mysql with quit and exit from the container by issuing the command exit

Letsencrypt

Installation

If you already have letsencrypt setup you can just skip down to the nginx part.

Go to the “Apps” tab and search for letsencrypt and install the linuxserver letsencrypt container.

Forward your domain to your public IP address. After you’ve done that add your different ANAME/CNAME records e.g www.yourdomain.com or wiki.yourdomain.com

Container Port: 80 – Choose your desired host port. e.g 81 (You can’t set this to 80 as the unRAID web GUI uses that. ) Container Port: 443 – Set this to 444 or something else (On update 6.4 unraid will use port 443 and it’s better to be ahead of time so it won’t cause any issues) Enter you email Add you domain e.g yourdomain.com Add your different sub domains e.g www,blog,plex ect Container Path: /config Install the container config to your desired location.

Next is portforwarding. This is done on your router and you need to forward port 80 to the port you chose in step 1. You also need to forward port 443 to 444 or the one you chose. So if your servers ip is 192.168.1.2 and you have chosen that the container is on port 81, you need to forward all traffic on port 80 to port 81 on ip 192.168.1.2 And do the same for port 443.

If you’re unsure how to do this on your router check out: Portforward.com Next go to https://yourserverip:444 or http://yourserverip:81 If you now see the Nginx welcome page, it works. Also test if yourdomain.com redirects you to the nginx welcome page.

Note: TTL differs from each provider, some has a minimum 60 minutes before DNS propagates and others have 1 minute. So it might take a while before https://yourdomain.com works.

If you already have letsencrypt setup and working with a domain and want to use another domain for your wordpress site you can do that by using the

EXTRA_DOMAINS

Click on + Add another Path, Port or Variable Add these values. Config Type: Variable Name: Extra domain Key: EXTRA_DOMAINS Value: yourotherdomain.com, docs.yourotherdomain.com

variable.

Nginx

Go to the letsencrypt appdata location. Find the nginx folder and then edit the file called “default” in the “site-conf” folder. I recommend using notepad++ if you are editing the files on a windows machine.

If you want to Geo block your site read more here

Replace/add the contents of the default file with the server block below. Modifying it to use your domain of course.

If you are already using the default file I recommend creating another file in the site-confs folder. It’s much easier to work with separate config files than one huge one. You can call it wiki.conf or domain.conf etc. your choice.

# REDIRECT HTTP TRAFFIC TO https://[domain.com] server { listen 80; server_name wiki.technicalramblings.com; return 301 https://$server_name$request_uri; } # BLOG SITE server { listen 443 ssl http2; server_name wiki.technicalramblings.com; ## Source: https://github.com/1activegeek/nginx-config-collection ## READ THE COMMENT ON add_header X-Frame-Options AND add_header Content-Security-Policy IF YOU USE THIS ON A SUBDOMAIN YOU WANT TO IFRAME! ## Certificates from LE container placement ssl_certificate /config/keys/letsencrypt/fullchain.pem; ssl_certificate_key /config/keys/letsencrypt/privkey.pem; ## Strong Security recommended settings per cipherli.st ssl_dhparam /config/nginx/dhparams.pem; # Bit value: 4096 ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384; ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0 ssl_session_timeout 10m; ## NOTE: The add_header Content-Security-Policy won't work with duckdns since you don't own the root domain. Just buy a domain. It's cheap ## Settings to add strong security profile (A+ on securityheaders.io/ssllabs.com) add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; #SET THIS TO index IF YOU WANT GOOGLE TO INDEX YOU SITE! add_header Content-Security-Policy "frame-ancestors https://*.DOMAIN.COM https://DOMAIN.COM https://$server_name"; #Add your domains you want to enable iframing on add_header X-Frame-Options "allow-from https://DOMAIN.COM https://$server_name"; #Add your domains you want to enable iframing on. https://$server_name = sub.domain.com in this server block add_header Referrer-Policy "strict-origin-when-cross-origin"; add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;"; #FEATURE POLICY: READ MORE HERE: https://scotthelme.co.uk/a-new-security-header-feature-policy/ proxy_cookie_path / "/; HTTPOnly; Secure"; ##NOTE: This may cause issues with unifi. Remove HTTPOnly; or create another ssl config for unifi. more_set_headers "Server: Classified"; more_clear_headers 'X-Powered-By'; client_max_body_size 0; location / { proxy_pass http://192.168.1.34:6875/; include /config/nginx/proxy.conf; } }

Note: see the comments on the Content-Security-Policy , X-Frame-Options!!

Installing Bookstack

Go to the “Apps” tab and search for Bookstack and install the container.

On the installation page add your database host, user, password and database name and app_url.

Fill out the different parts, it should look something like this:



Hit apply and let the container start up.

If you see nc: getaddrinfo: Name does not resolve in the logs, don’t worry. If I understand correctly the container spins up from a compose file and tries to connect to an sql database from that compose file. It will try for 30 seconds, and after that the container is accessible. See: https://github.com/linuxserver/docker-bookstack/pull/27#issue-272191337

Next you can go to your domain and Bookstack should load.



The default username and password of Bookstack is:

[email protected]

password



If you want to add email, ldap ect you will need to follow these instructions: https://github.com/linuxserver/docker-bookstack#advanced-users-full-control-over-the-env-file

Changing the default upload file size

If you want to be able to upload bigger files you will need to update the php-local.ini file in /config/php

Add the following two lines:

upload_max_filesize = 25M post_max_size = 25M

25M = 25MB, change it to what you want.

For any questions you can find me here: