Kanboard on CentOS 8
Kanboard is an excellent opensource kanban system that also integrated with Active Directory. This setup will be based on a LAMP stack running in CentOS 8 (or Rocky OS 8 or RHEL8)
Initial Setup
Follow steps to setup LAMP stack at outlined in Install CentOS 8 LAMP stack
Kanboard Specific Prerequisites
Install additional php modules
sudo dnf install php php-mbstring php-pdo php-gd php-json php-cli php-mysql php-ldap php-mysqlnd php-xml php-zip
Create Kanboard SQL database
sudo mysql -u root -p CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password'; (this is the DB user for the kanboard DB) CREATE DATABASE kanboard; GRANT ALL PRIVILEGES ON kanboard . * TO 'newuser'@'localhost'; FLUSH PRIVILEGES;
Install Kanboard
cd /var/www/html/kanboard.your_domain sudo wget https://github.com/kanboard/kanboard/archive/refs/tags/v1.2.20.zip sudo unzip v1.2.20.zip sudo mv public_html public_html.delete sudo mv kanboard-lastest public_html sudo chown -R apache:apache /var/www/html/kanboard.your_domain/public_html sudo chmod -R 764 /var/www/html/kanboard.your_domain/public_html/plugins sudo setsebool -P httpd_can_network_connect=1 sudo chcon -R -t httpd_sys_content_rw_t /var/www/html/kanboard.your_domain/public_html/data sudo chcon -R -t httpd_sys_content_rw_t /var/www/html/kanboard.your_domain/public_html/plugins sudo rm kanboard-latest.zip
Perform Initual Configuration
sudo mv /var/www/html/kanboard.your_domain/public_html/config.default.php /var/www/html/kanboard/config.php sudo vim /var/www/html/kanboard.your_domain/public_html/config.php
Set the SQL parameters
// We choose to use MySQL instead of Sqlite
define('DB_DRIVER', 'mysql');
// MySQL parameters
define('DB_USERNAME', 'REPLACE_ME');
define('DB_PASSWORD', 'REPLACE_ME');
define('DB_HOSTNAME', 'REPLACE_ME');
define('DB_NAME', 'kanboard');
// And disable users from creating their own accounts
define('LDAP_USER_CREATION', false);
// Optionally enable installation of plugins if needed, leave disabled otherwise
define('PLUGIN_INSTALLER', true);
Restart MariaDB, Apache and PHP-FPM
sudo systemctl restart mariadb sudo systemctl restart httpd sudo systemctl restart php-fpm
- In a web browser, go to the FQDN of the kanboard virtual server (e.g. kanban.yourdomain.com) and login with admin/admin to verify function.
- Go to Plugins page and install any plugins you might need (like calendar, task board date, mailgun)
- Go to Settings → Application Settings; set Application URL, set Timezone + date/time format.
Configure Crontab for Kanboard Routines
sudo crontab -u apache -e
Add the following
0 8 * * * cd /var/www/html/kanboard.your_domain/public_html && ./cli cronjob >/dev/null 2>&1
Active Directory Integration
- Create AD user on Windows server that will be used for proxy
- create an AD user that will act as a Kanboard admin + create 2 security groups, 1 for KanboardAdmins and 1 for KanboardManagers.
Set AD Variables
sudo vim /var/www/html/kanboard.your_domain/public_html/config.php
Configure Settings (remember to replace variables with your own and remember to add 'aroundyour@@names@@passwords')
define('LDAP_SSL_VERIFY', false);
define('LDAP_AUTH', true);
define('LDAP_SERVER', 'yourserver.ad.domain or IP.ADD.R.ESS');
define('LDAP_BIND_TYPE', 'proxy');
define('LDAP_USERNAME', 'kanboardaduser@ad.domain');
define('LDAP_PASSWORD', 'my super secret password');
define('LDAP_USER_BASE_DN', 'CN=Users,DC=ad,DC=domain');
define('LDAP_USER_FILTER', '(&(objectClass=user)(sAMAccountName=%s))');
define('LDAP_USER_ATTRIBUTE_USERNAME', 'sAMAccountName');
//And enable account creation or you'll get a failed login response
define('LDAP_USER_CREATION', true);
If you've enabled LDAPs on your Windows domain controllers you can authenticate via LDAPs by using the following variations:
define('LDAP_SERVER', 'ldaps://myserver.example.com:636');
define('LDAP_SSL_VERIFY', false);
define('LDAP_START_TLS', false);
Active Directory Groups
// LDAP DN for administrators
// Example: CN=Kanboard-Admins,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_ADMIN_DN', 'CN=KanboardAdmins,OU=Groups,OU=Specialized,OU=Company,DC=Domain,DC=local');
// LDAP DN for managers
// Example: CN=Kanboard Managers,CN=Users,DC=kanboard,DC=local
define('LDAP_GROUP_MANAGER_DN', 'CN=KanboardManagers,OU=Groups,OU=Specialized,OU=Company,DC=Domain,DC=local');
define('LDAP_GROUP_PROVIDER', true);
// LDAP Base DN for groups
define('LDAP_GROUP_BASE_DN', 'OU=Company,DC=Domain,DC=local');
// LDAP group filter
// Example for ActiveDirectory: (&(objectClass=group)(sAMAccountName=%s*))
define('LDAP_GROUP_FILTER', '(&(objectClass=group)(sAMAccountName=%s*))');
E-Mail Notifications
Sending E-Mail via SMTP
sudo vim /var/www/html/kanboard.your_domain/public_html/config.php
Configuration
define('MAIL_FROM', 'no_reply_kanban@yourdomain.com');
define('MAIL_TRANSPORT', 'smtp');
define('MAIL_SMTP_HOSTNAME', 'mail.domain.com'); (or if on the same host as mailserver I had to use 127.0.0.1 or localhost for postfix to work)
define('MAIL_SMTP_PORT', 25);
define('MAIL_SMTP_USERNAME', 'username');
define('MAIL_SMTP_PASSWORD', 'password');
define('MAIL_SMTP_ENCRYPTION', null); // Valid values are null (not a string "null"), "ssl" or "tls"
Then in Web UI go to settings → email settings and set the default email from email address.
Upgrading
Always do the following after upgrading to a new version:
- From the archive (stable version) → Decompress the new archive to /var/www/html/somefolder
- Copy the data folder into the newly uncompressed directory
- Copy your custom config.php
- If you have installed some plugins, use the latest version
- Remove/rename your old Kanboard directory
- Rename the new dir to the name of the old removed dir
Reset the permissions
sudo find /var/www/html\kanboard.your_domain/public_html -type f -exec chmod 640 {} \;
sudo find /var/www/html\kanboard.your_domain/public_html -type d -exec chmod 755 {} \;
sudo restorecon -R /var/www/html\kanboard.your_domain/public_html
sudo chcon -R -t httpd_sys_content_t /var/www/html/kanboard.your_domain/public_html
sudo chown -R apache:apache /var/www/html/kanboard.your_domain/public_html
sudo chown -R apache:apache /var/www/html/kanboard.your_domain/public_html/data
sudo chcon -R -t httpd_sys_content_rw_t /var/www/html/kanboard.your_domain/public_html/data
sudo chcon -R -t httpd_sys_content_rw_t /var/www/html/kanboard.your_domain/public_html/plugins
Install Cyrus-SASL (though this might not be needed)
sudo dnf install cyrus-sasl
Edit config.php and setup similar to:
// Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid"
define('MAIL_TRANSPORT', 'smtp');
// SMTP configuration to use when the "smtp" transport is chosen
define('MAIL_SMTP_HOSTNAME', 'mail.domain.com');
define('MAIL_SMTP_PORT', 587);
define('MAIL_SMTP_USERNAME', 'no-reply.kanban@domain.com');
define('MAIL_SMTP_PASSWORD', 'someGoodPassword');
define('MAIL_SMTP_ENCRYPTION', 'tls'); // Valid values are "null", "ssl" or "tls"
The setup your notification options per project in the Web UI.