====Kanboard on CentOS 8====
Kanboard is an excellent opensource kanban system that also integrated with Active Directory. This setup will be based on a LAMP stack running in CentOS 8 (or Rocky OS 8 or RHEL8)

====Initial Setup====
Follow steps to setup LAMP stack at outlined in [[tech_documents:misc:lamp_stack_centos8|Install CentOS 8 LAMP stack]]

===Kanboard Specific Prerequisites===

==Install additional php modules==
<code>
sudo dnf install php php-mbstring php-pdo php-gd php-json php-cli php-mysql php-ldap php-mysqlnd php-xml php-zip
</code>

==Create Kanboard SQL database==
<code>
sudo mysql -u root -p
CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password'; (this is the DB user for the kanboard DB)
CREATE DATABASE kanboard;
GRANT ALL PRIVILEGES ON kanboard . * TO 'newuser'@'localhost';
FLUSH PRIVILEGES;
</code>

====Install Kanboard====
<code>
cd /var/www/html/kanboard.your_domain
sudo wget https://github.com/kanboard/kanboard/archive/refs/tags/v1.2.20.zip
sudo unzip v1.2.20.zip
sudo mv public_html public_html.delete
sudo mv kanboard-lastest public_html
sudo chown -R apache:apache /var/www/html/kanboard.your_domain/public_html
sudo chmod -R 764 /var/www/html/kanboard.your_domain/public_html/plugins
sudo setsebool -P httpd_can_network_connect=1
sudo chcon -R -t httpd_sys_content_rw_t /var/www/html/kanboard.your_domain/public_html/data
sudo chcon -R -t httpd_sys_content_rw_t /var/www/html/kanboard.your_domain/public_html/plugins
sudo rm kanboard-latest.zip
</code>

==Perform Initual Configuration==
<code>
sudo mv /var/www/html/kanboard.your_domain/public_html/config.default.php /var/www/html/kanboard/config.php
sudo vim /var/www/html/kanboard.your_domain/public_html/config.php
</code>

Set the SQL parameters
<code>
// We choose to use MySQL instead of Sqlite
define('DB_DRIVER', 'mysql');

// MySQL parameters
define('DB_USERNAME', 'REPLACE_ME');
define('DB_PASSWORD', 'REPLACE_ME');
define('DB_HOSTNAME', 'REPLACE_ME');
define('DB_NAME', 'kanboard');

// And disable users from creating their own accounts
define('LDAP_USER_CREATION', false);

// Optionally enable installation of plugins if needed, leave disabled otherwise
define('PLUGIN_INSTALLER', true);
</code>

Restart MariaDB, Apache and PHP-FPM
<code>
sudo systemctl restart mariadb
sudo systemctl restart httpd
sudo systemctl restart php-fpm
</code>

  * In a web browser, go to the FQDN of the kanboard virtual server (e.g. kanban.yourdomain.com) and login with admin/admin to verify function.
  * Go to Plugins page and install any plugins you might need (like calendar, task board date, mailgun)
  * Go to Settings -> Application Settings; set Application URL, set Timezone + date/time format.

==Configure Crontab for Kanboard Routines==
<code>
sudo crontab -u apache -e
</code>
Add the following
<code>
0 8 * * * cd /var/www/html/kanboard.your_domain/public_html && ./cli cronjob >/dev/null 2>&1
</code>

====Active Directory Integration====
  * Create AD user on Windows server that will be used for proxy
  * create an AD user that will act as a Kanboard admin + create 2 security groups, 1 for KanboardAdmins and 1 for KanboardManagers.

==Set AD Variables==
<code>
sudo vim /var/www/html/kanboard.your_domain/public_html/config.php
</code>

Configure Settings (remember to replace variables with your own and remember to add 'aroundyour@@names@@passwords')
<code>
define('LDAP_SSL_VERIFY', false);
define('LDAP_AUTH', true);
define('LDAP_SERVER', 'yourserver.ad.domain or IP.ADD.R.ESS');
define('LDAP_BIND_TYPE', 'proxy');
define('LDAP_USERNAME', 'kanboardaduser@ad.domain');
define('LDAP_PASSWORD', 'my super secret password');
define('LDAP_USER_BASE_DN', 'CN=Users,DC=ad,DC=domain');
define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');
define('LDAP_USER_ATTRIBUTE_USERNAME', 'sAMAccountName');

//And enable account creation or you'll get a failed login response
define('LDAP_USER_CREATION', true);
</code>

If you've enabled LDAPs on your Windows domain controllers you can authenticate via LDAPs by using the following variations:
<code>
define('LDAP_SERVER', 'ldaps://myserver.example.com:636');
define('LDAP_SSL_VERIFY', false);
define('LDAP_START_TLS', false);
</code>

Active Directory Groups
<code>
// LDAP DN for administrators
// Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_ADMIN_DN', 'CN=KanboardAdmins,OU=Groups,OU=Specialized,OU=Company,DC=Domain,DC=local');

// LDAP DN for managers
// Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_MANAGER_DN', 'CN=KanboardManagers,OU=Groups,OU=Specialized,OU=Company,DC=Domain,DC=local');

define('LDAP_GROUP_PROVIDER', true);

// LDAP Base DN for groups
define('LDAP_GROUP_BASE_DN', 'OU=Company,DC=Domain,DC=local');

// LDAP group filter
// Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*))
define('LDAP_GROUP_FILTER', '(&(objectClass=group)(sAMAccountName=%s*))');

</code>

===E-Mail Notifications===
Sending E-Mail via SMTP
<code>
sudo vim /var/www/html/kanboard.your_domain/public_html/config.php
</code>

Configuration
<code>
define('MAIL_FROM', 'no_reply_kanban@yourdomain.com');
define('MAIL_TRANSPORT', 'smtp');
define('MAIL_SMTP_HOSTNAME', 'mail.domain.com'); (or if on the same host as mailserver I had to use 127.0.0.1 or localhost for postfix to work)
define('MAIL_SMTP_PORT', 25);
define('MAIL_SMTP_USERNAME', 'username');
define('MAIL_SMTP_PASSWORD', 'password');
define('MAIL_SMTP_ENCRYPTION', null); // Valid values are null (not a string "null"), "ssl" or "tls"
</code>

Then in Web UI go to settings -> email settings and set the default email from email address.

====Upgrading====
Always do the following after upgrading to a new version:
  * From the archive (stable version) -> Decompress the new archive to /var/www/html/somefolder
  * Copy the data folder into the newly uncompressed directory
  * Copy your custom config.php 
  * If you have installed some plugins, use the latest version
  * Remove/rename your old Kanboard directory
  * Rename the new dir to the name of the old removed dir

Reset the permissions
<code>
sudo find /var/www/html\kanboard.your_domain/public_html -type f -exec chmod 640 {} \;
sudo find /var/www/html\kanboard.your_domain/public_html -type d -exec chmod 755 {} \;
sudo restorecon -R /var/www/html\kanboard.your_domain/public_html
sudo chcon -R -t httpd_sys_content_t /var/www/html/kanboard.your_domain/public_html
sudo chown -R apache:apache /var/www/html/kanboard.your_domain/public_html
sudo chown -R apache:apache /var/www/html/kanboard.your_domain/public_html/data
sudo chcon -R -t httpd_sys_content_rw_t /var/www/html/kanboard.your_domain/public_html/data
sudo chcon -R -t httpd_sys_content_rw_t /var/www/html/kanboard.your_domain/public_html/plugins
</code>

==E-Mail==
Install Cyrus-SASL (though this might not be needed)
<code>
sudo dnf install cyrus-sasl
</code>

Edit config.php and setup similar to:
<code>
// Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid"
define('MAIL_TRANSPORT', 'smtp');

// SMTP configuration to use when the "smtp" transport is chosen
define('MAIL_SMTP_HOSTNAME', 'mail.domain.com');
define('MAIL_SMTP_PORT', 587);
define('MAIL_SMTP_USERNAME', 'no-reply.kanban@domain.com');
define('MAIL_SMTP_PASSWORD', 'someGoodPassword');
define('MAIL_SMTP_ENCRYPTION', 'tls'); // Valid values are "null", "ssl" or "tls"
</code>

The setup your notification options per project in the Web UI.