How to Deploy BookStack Wiki App
Docker Commands
docker network create bookstack_nw
docker run -d --net bookstack_nw \
-e MYSQL_ROOT_PASSWORD=secret \
-e MYSQL_DATABASE=bookstack \
-e MYSQL_USER=bookstack \
-e MYSQL_PASSWORD=secret \
-v bookstack-mysql:/var/lib/mysql \
--name="bookstack_db" \
mysql:5.7.21
docker run -d --net bookstack_nw \
-e DB_HOST=bookstack_db:3306 \
-e DB_DATABASE=bookstack \
-e DB_USERNAME=bookstack \
-e DB_PASSWORD=secret \
-e AZURE_APP_ID=*** \
-e AZURE_APP_SECRET=*** \
-e AZURE_TENANT=*** \
-e APP_URL=https://www.domain.com \
-v bookstack-uploads:/var/www/bookstack/public/uploads \
-v bookstack-storage:/var/www/bookstack/public/storage \
-p 8080:80 \
--name="bookstack" \
solidnerd/bookstack:0.24.2
docker run -d --net bookstack_nw \
-v ~/nginx:/etc/nginx/conf.d/ \
-p 80:80 -p 443:443 \
--name=nginx \
nginx
nginx config
server {
listen 80;
listen [::]:80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443;
server_name www.domain.com;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 E ECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
ssl_prefer_server_ciphers on;
ssl_certificate /etc/nginx/conf.d/fullchain.pem;
ssl_certificate_key /etc/nginx/conf.d/privkey.pem;
#charset koi8-r;
#access_log /var/log/nginx/host.access.log main;
location / {
proxy_pass http://bookstack:80;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 43200000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
}
}
SSL Certificates
Self-signed
openssl req -x509 -newkey rsa:2048 \
-keyout key.pem -out cert.pem \
-days 30000 -nodes
Let's encrypt
https://letsencrypt.org/getting-started/
mysql Deployment Config
apiVersion: apps.openshift.io/v1
kind: DeploymentConfig
metadata:
labels:
app: cakephp-mysql-persistent
template: cakephp-mysql-persistent
name: mysql
spec:
replicas: 1
selector:
name: mysql
strategy:
activeDeadlineSeconds: 21600
recreateParams:
timeoutSeconds: 600
resources: {}
type: Recreate
template:
metadata:
creationTimestamp: null
labels:
name: mysql
name: mysql
spec:
containers:
- env:
- name: MYSQL_USER
valueFrom:
secretKeyRef:
key: database-user
name: cakephp-mysql-persistent
- name: MYSQL_PASSWORD
valueFrom:
secretKeyRef:
key: database-password
name: cakephp-mysql-persistent
- name: MYSQL_DATABASE
value: default
image: >-
server:5000/rhscl/mysql-57-rhel7@sha256:154cd19e9c2a9df09ad61ce61139b955499aecd2247eb32df299104c750c6feb
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: 3306
timeoutSeconds: 1
name: mysql
ports:
- containerPort: 3306
protocol: TCP
readinessProbe:
exec:
command:
- /bin/sh
- '-i'
- '-c'
- >-
MYSQL_PWD='ymVAEh4ufpMShxgn' mysql -h 127.0.0.1 -u cakephp -D
default -e 'SELECT 1'
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
memory: 512Mi
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/lib/mysql/data
name: mysql-data
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
volumes:
- name: mysql-data
persistentVolumeClaim:
claimName: mysql
test: false
triggers:
- imageChangeParams:
automatic: true
containerNames:
- mysql
from:
kind: ImageStreamTag
name: 'mysql:5.7'
namespace: openshift
lastTriggeredImage: >-
hoecprvnex01.na.xom.com:5000/rhscl/mysql-57-rhel7@sha256:154cd19e9c2a9df09ad61ce61139b955499aecd2247eb32df299104c750c6feb
type: ImageChange
- type: ConfigChange