Table of Contents

Kanboard on CentOS 8

Kanboard is an excellent opensource kanban system that also integrated with Active Directory. This setup will be based on a LAMP stack running in CentOS 8 (or Rocky OS 8 or RHEL8)

Initial Setup

Follow steps to setup LAMP stack at outlined in Install CentOS 8 LAMP stack

Kanboard Specific Prerequisites

Install additional php modules
sudo dnf install php php-mbstring php-pdo php-gd php-json php-cli php-mysql php-ldap php-mysqlnd php-xml php-zip
Create Kanboard SQL database
sudo mysql -u root -p
CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password'; (this is the DB user for the kanboard DB)
CREATE DATABASE kanboard;
GRANT ALL PRIVILEGES ON kanboard . * TO 'newuser'@'localhost';
FLUSH PRIVILEGES;

Install Kanboard

cd /var/www/html/kanboard.your_domain
sudo wget https://github.com/kanboard/kanboard/archive/refs/tags/v1.2.20.zip
sudo unzip v1.2.20.zip
sudo mv public_html public_html.delete
sudo mv kanboard-lastest public_html
sudo chown -R apache:apache /var/www/html/kanboard.your_domain/public_html
sudo chmod -R 764 /var/www/html/kanboard.your_domain/public_html/plugins
sudo setsebool -P httpd_can_network_connect=1
sudo chcon -R -t httpd_sys_content_rw_t /var/www/html/kanboard.your_domain/public_html/data
sudo chcon -R -t httpd_sys_content_rw_t /var/www/html/kanboard.your_domain/public_html/plugins
sudo rm kanboard-latest.zip
Perform Initual Configuration
sudo mv /var/www/html/kanboard.your_domain/public_html/config.default.php /var/www/html/kanboard/config.php
sudo vim /var/www/html/kanboard.your_domain/public_html/config.php

Set the SQL parameters

// We choose to use MySQL instead of Sqlite
define('DB_DRIVER', 'mysql');

// MySQL parameters
define('DB_USERNAME', 'REPLACE_ME');
define('DB_PASSWORD', 'REPLACE_ME');
define('DB_HOSTNAME', 'REPLACE_ME');
define('DB_NAME', 'kanboard');

// And disable users from creating their own accounts
define('LDAP_USER_CREATION', false);

// Optionally enable installation of plugins if needed, leave disabled otherwise
define('PLUGIN_INSTALLER', true);

Restart MariaDB, Apache and PHP-FPM

sudo systemctl restart mariadb
sudo systemctl restart httpd
sudo systemctl restart php-fpm
Configure Crontab for Kanboard Routines
sudo crontab -u apache -e

Add the following

0 8 * * * cd /var/www/html/kanboard.your_domain/public_html && ./cli cronjob >/dev/null 2>&1

Active Directory Integration

Set AD Variables
sudo vim /var/www/html/kanboard.your_domain/public_html/config.php

Configure Settings (remember to replace variables with your own and remember to add 'aroundyour@@names@@passwords')

define('LDAP_SSL_VERIFY', false);
define('LDAP_AUTH', true);
define('LDAP_SERVER', 'yourserver.ad.domain or IP.ADD.R.ESS');
define('LDAP_BIND_TYPE', 'proxy');
define('LDAP_USERNAME', 'kanboardaduser@ad.domain');
define('LDAP_PASSWORD', 'my super secret password');
define('LDAP_USER_BASE_DN', 'CN=Users,DC=ad,DC=domain');
define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');
define('LDAP_USER_ATTRIBUTE_USERNAME', 'sAMAccountName');

//And enable account creation or you'll get a failed login response
define('LDAP_USER_CREATION', true);

If you've enabled LDAPs on your Windows domain controllers you can authenticate via LDAPs by using the following variations:

define('LDAP_SERVER', 'ldaps://myserver.example.com:636');
define('LDAP_SSL_VERIFY', false);
define('LDAP_START_TLS', false);

Active Directory Groups

// LDAP DN for administrators
// Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_ADMIN_DN', 'CN=KanboardAdmins,OU=Groups,OU=Specialized,OU=Company,DC=Domain,DC=local');

// LDAP DN for managers
// Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_MANAGER_DN', 'CN=KanboardManagers,OU=Groups,OU=Specialized,OU=Company,DC=Domain,DC=local');

define('LDAP_GROUP_PROVIDER', true);

// LDAP Base DN for groups
define('LDAP_GROUP_BASE_DN', 'OU=Company,DC=Domain,DC=local');

// LDAP group filter
// Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*))
define('LDAP_GROUP_FILTER', '(&(objectClass=group)(sAMAccountName=%s*))');

E-Mail Notifications

Sending E-Mail via SMTP

sudo vim /var/www/html/kanboard.your_domain/public_html/config.php

Configuration

define('MAIL_FROM', 'no_reply_kanban@yourdomain.com');
define('MAIL_TRANSPORT', 'smtp');
define('MAIL_SMTP_HOSTNAME', 'mail.domain.com'); (or if on the same host as mailserver I had to use 127.0.0.1 or localhost for postfix to work)
define('MAIL_SMTP_PORT', 25);
define('MAIL_SMTP_USERNAME', 'username');
define('MAIL_SMTP_PASSWORD', 'password');
define('MAIL_SMTP_ENCRYPTION', null); // Valid values are null (not a string "null"), "ssl" or "tls"

Then in Web UI go to settings → email settings and set the default email from email address.

Upgrading

Always do the following after upgrading to a new version:

Reset the permissions

sudo find /var/www/html\kanboard.your_domain/public_html -type f -exec chmod 640 {} \;
sudo find /var/www/html\kanboard.your_domain/public_html -type d -exec chmod 755 {} \;
sudo restorecon -R /var/www/html\kanboard.your_domain/public_html
sudo chcon -R -t httpd_sys_content_t /var/www/html/kanboard.your_domain/public_html
sudo chown -R apache:apache /var/www/html/kanboard.your_domain/public_html
sudo chown -R apache:apache /var/www/html/kanboard.your_domain/public_html/data
sudo chcon -R -t httpd_sys_content_rw_t /var/www/html/kanboard.your_domain/public_html/data
sudo chcon -R -t httpd_sys_content_rw_t /var/www/html/kanboard.your_domain/public_html/plugins
E-Mail

Install Cyrus-SASL (though this might not be needed)

sudo dnf install cyrus-sasl

Edit config.php and setup similar to:

// Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid"
define('MAIL_TRANSPORT', 'smtp');

// SMTP configuration to use when the "smtp" transport is chosen
define('MAIL_SMTP_HOSTNAME', 'mail.domain.com');
define('MAIL_SMTP_PORT', 587);
define('MAIL_SMTP_USERNAME', 'no-reply.kanban@domain.com');
define('MAIL_SMTP_PASSWORD', 'someGoodPassword');
define('MAIL_SMTP_ENCRYPTION', 'tls'); // Valid values are "null", "ssl" or "tls"

The setup your notification options per project in the Web UI.