About me: My name is Solène Rapenne, pronouns she/her. I like learning and sharing knowledge. Hobbies: '(BSD OpenBSD Qubes OS Lisp cmdline gaming security QubesOS internet-stuff). I love percent and lambda characters. Qubes OS core team member, former OpenBSD developer solene@. No AI is involved in this blog.

Contact me: solene at dataswamp dot org or @solene@bsd.network (mastodon).

I'm a freelance OpenBSD, FreeBSD, Linux and Qubes OS consultant, this includes DevOps, DevSecOps, technical writing or documentation work. If you enjoy this blog, you can sponsor my open source work financially so I can write this blog and contribute to Free Software as my daily job.

How to install Kanboard on OpenBSD

Written by Solène, on 07 July 2023.
Tags: #openbsd #selfhosting #nocloud

Comments on Fediverse/Mastodon

1. Introduction §

Let me share an installation guide on OpenBSD for a product I like: kanboard. It's a Kanban board written in PHP, it's easy of use, light, effective, the kind of software I like.

While there is a docker image for easy deployment on Linux, there is no guide to install it on OpenBSD. I did it successfuly, including httpd for the web server.

Kanboard official project website

2. Setup §

We will need a fairly simple stack:

  • httpd for the web server (I won't explain how to do TLS here)
  • php 8.2
  • database backed by sqlite, if you need postgresql or mysql, adapt

2.1. Kanboard files §

Prepare a directory where kanboard will be extracted, it must be owned by root:

install -d -o root -g wheel -m 755 /var/www/htdocs/kanboard

Download the latest version of kanboard, prefer the .tar.gz file because it won't require an extra program.

Kanboard GitHub releases

Extract the archive, and move the extracted content into /var/www/htdocs/kanboard; the file /var/www/htdocs/kanboard/cli should exists if you did it correctly.

Now, you need to fix the permissions for a single directory inside the project to allow the web server to write persistent data.

install -d -o www -g www -m 755 /var/www/htdocs/kanboard/data

2.2. PHP configuration §

For kanboard, we will need PHP and a few extensions. They can be installed and enabled using the following command: (for the future, 8.2 will be obsolete, adapt to the current PHP version)

pkg_add php-zip--%8.2 php-curl--%8.2 php-zip--%8.2 php-pdo_sqlite--%8.2
for mod in pdo_sqlite opcache gd zip curl
do
  ln -s /etc/php-8.2.sample/${mod}.ini /etc/php-8.2/
done
rcctl enable php82_fpm
rcctl start php82_fpm

Now you have the service php82_fpm (chrooted in /var/www/) ready to be used by httpd.

2.3. HTTPD configuration §

Configure the web server httpd, you can use nginx or apache if you prefer, with the following piece of configuration:

server "kanboard.my.domain" {
    listen on * port 80

    location "*.php" {
        fastcgi socket "/run/php-fpm.sock"
    } 

    # don't rewrite for assets (fonts, images)
    location "/assets/*" {
        root "/htdocs/kanboard/"
        pass
    }

    location match "/(.*)" {
        request rewrite "/index.php%1"
    }

    location "/*" {
        root "/htdocs/kanboard"
    }
}

Now, enable httpd if not already done, and (re)start httpd:

rcctl enable httpd
rcctl restart httpd

From now, Kanboard should be reachable and usable. The default credentials are admin/admin.

2.4. Sending emails §

If you want to send emails, you have three choices:

  • use php mail() which just use the local relay
  • use sendmail command, which will also use the local relay
  • configure an smtp server with authentication, can be a remote server

2.4.1. Local email §

If you want to use one of the first two methods, you will have to add a few files to the chroot like /bin/sh; you can find accurate and up to date information about the specific changes in the file /usr/local/share/doc/pkg-readms/php-8.2.

2.4.2. Using a remote smtp server §

If you want to use a remote server with authentication (I made a dedicated account for kanboard on my mail server):

Copy /var/www/htdocs/kanboard/config.default.php as /var/www/htdocs/kanboard/config.php, and changes the variables below accordingly:

define('MAIL_TRANSPORT', 'smtp');

define('MAIL_SMTP_HOSTNAME',   'my-server.local');
define('MAIL_SMTP_PORT',       587);
define('MAIL_SMTP_USERNAME',   'YOUR_SMTP_USER');
define('MAIL_SMTP_PASSWORD',   'XXXXXXXXXXXXXXXXXXXx');
define('MAIL_SMTP_HELO_NAME',  null);
define('MAIL_SMTP_ENCRYPTION', "tls");

Your kanboard should be able to send emails now. You can check by creating a new task, and click on "Send by email".

NOTE: Your user also NEED to enable email notifications.

2.5. Cronjob configuration §

For some tasks like reminding emails or stats computation, Kanboard requires to run a daily job by running a the CLI version.

You can do it as the www user in root crontab:

0 1 * * * -ns su -m www -c 'cd /var/www/htdocs/kanboard && /usr/local/bin/php-8.2 cli cronjob'

3. Conclusion §

Kanboard is a fine piece of software, I really like the kanban workflow to organize. I hope you'll enjoy it as well.

I'd also add that installing software without docker is still a thing, this requires you to know exactly what you need to make it run, and how to configure it, but I'd consider this a security bonus point. Think that it will also have all its dependencies updated along with your system upgrades over time.