How to Install Focalboard on CentOS 9 Stream

Updated on May 25, 2022
How to Install Focalboard on CentOS 9 Stream header image

Introduction

Focalboard is a free, open-source collaboration and productivity tool that lets you organize and manage projects. This article explains how to install Focalboard on a CentOS 9 Stream server.

Prerequisites

Create the Focalboard Database

  1. Log in to PostgreSQL.

     $ sudo -iu postgres psql
  2. Create a new database.

     # CREATE DATABASE focalboardb;
  3. Set up a new database user with a strong password.

     # CREATE USER exampleuser WITH PASSWORD 'choose_a_strong_password';
  4. Grant the user rights to use the database.

     # GRANT ALL PRIVILEGES ON DATABASE focalboardb TO exampleuser;
  5. Exit PostgreSQL.

     # \q

Installation

  1. Download the latest Focalboard release file.

     Latest=$(curl -s https://api.github.com/repos/mattermost/focalboard/releases/latest|grep tag_name | cut -d '"' -f 4) wget https://github.com/mattermost/focalboard/releases/download/${Latest}/focalboard-server-linux-amd64.tar.gz
  2. Extract files from the archive.

     $ tar -xvf focalboard-server-linux-amd64.tar.gz
  3. Move the extracted files to /opt.

     $ sudo mv focalboard /opt/
  4. Change to the Focalboard directory.

     $ cd /opt/focalboard/
  5. Using a text editor of your choice, edit the config.json file.

     $ sudo nano config.json
  6. Find the following lines:

     "dbconfig": "./focalboard.db",
     "postgres_dbconfig": "dbname=focalboard sslmode=disable",
  7. Change them to reflect your Postgres database as shown below. Change exampleuser and choose_a_strong_password to the values you set in the first section.

     "dbtype": "postgres",
     "dbconfig": "postgres://exampleuser:choose_a_strong_password@localhost/focalboardb?sslmode=disable&connect_timeout=10",
  8. Save and close the file.

  9. Copy config.json to /opt/focalboard/bin.

     $ sudo cp /opt/focalboard/config.json  /opt/focalboard/bin/
  10. Copy the pack directory to /opt/focalboard/bin.

     $ sudo cp -r /opt/focalboard/pack  /opt/focalboard/bin/
  11. Verify the system SELinux mode.

     $ sudo getenforce
  12. Set the SELinux mode from enforcing to permissive.

     $ sudo setenforce 0

Configure Nginx as a Reverse Proxy

  1. Create a new Nginx configuration file.

     $ sudo touch /etc/nginx/conf.d/board.example.com.conf
  2. Edit the file.

     $ sudo nano /etc/nginx/conf.d/board.example.com.conf
  3. Copy and paste the following configurations to the file. Replace board.example.com with the DNS "A" record you created in the Prerequisite section.

     server {
     listen 80;
     server_name board.example.com;
    
     location ~ /ws/* {
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection "upgrade";
     client_max_body_size 50M;
     proxy_set_header Host $http_host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-Frame-Options SAMEORIGIN;
     proxy_buffers 256 16k;
     proxy_buffer_size 16k;
     client_body_timeout 60;
     send_timeout 300;
     lingering_timeout 5;
     proxy_connect_timeout 1d;
     proxy_send_timeout 1d;
     proxy_read_timeout 1d;
     proxy_pass http://localhost:8000;
     }
    
     location / {
     client_max_body_size 50M;
     proxy_set_header Connection "";
     proxy_set_header Host $http_host;
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto $scheme;
     proxy_set_header X-Frame-Options SAMEORIGIN;
     proxy_buffers 256 16k;
     proxy_buffer_size 16k;
     proxy_read_timeout 600s;
     proxy_cache_revalidate on;
     proxy_cache_min_uses 2;
     proxy_cache_use_stale timeout;
     proxy_cache_lock on;
     proxy_http_version 1.1;
     proxy_pass http://localhost:8000;
     }
     }
  4. Save and close the file.

  5. Test the Nginx configuration for errors.

     $ sudo nginx -t
  6. Restart Nginx.

     $ sudo systemctl restart nginx

Configure the Firewall

  1. Allow HTTP port 80 through the firewall.

     $ sudo firewall-cmd --permanent --add-port=80/tcp
  2. Allow the HTTPS port 443.

     $ sudo firewall-cmd --permanent --add-port=443/tcp
  3. Restart the Firewall to save changes.

     $ sudo firewall-cmd --reload

Install a Let's Encrypt TLS/SSL Certificate

  1. Install the EPEL repository.

     $ sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
  2. Install snap.

     $ sudo dnf install snapd
  3. Enable and start snap.

     $ sudo systemctl enable snapd
     $ sudo systemctl start snapd
  4. Install snap core, and create necessary links.

     $ sudo snap install core
     $ sudo ln -s /var/lib/snapd/snap /snap
     $ sudo echo 'export PATH=$PATH:/var/lib/snapd/snap/bin' > /etc/profile.d/snap.sh
  5. Install Certbot.

     $ sudo snap install --classic certbot
  6. Enable Certbot.

     $ sudo ln -s /snap/bin/certbot /usr/bin/certbot
  7. Request a Let's Encrypt certificate. Replace board.example.com with the DNS "A" record you created in the Prerequisite section and make sure the webroot directory /usr/share/nginx/html is accessible.

     $ sudo certbot certonly --webroot -w /usr/share/nginx/html -d board.example.com
  8. Edit the Nginx configuration file.

     $ sudo nano /etc/nginx/conf.d/board.example.com
  9. Paste the following configurations after the listen 80; directive. Again, replace board.example.com with your server name.

     listen       443 ssl http2;
     listen       [::]:443 ssl http2;
    
     server_name  board.example.com;
    
     # redirect all requests to https
     if ($scheme = http) {
     return 301 https://$server_name$request_uri;
     }
    
     ssl_certificate /etc/letsencrypt/live/board.example.com/fullchain.pem;
     ssl_certificate_key /etc/letsencrypt/live/board.example.com/privkey.pem;
     ssl_trusted_certificate /etc/letsencrypt/live/board.example.com/chain.pem;
     ssl_session_cache shared:SSL:1m;
     ssl_session_timeout  10m;
     ssl_ciphers PROFILE=SYSTEM;
     ssl_prefer_server_ciphers on;
  10. Save and close the file.

    Your completed Nginx configuration file should look similar to the one below, with your domain names.

     server {
        listen 80;
        listen       443 ssl http2;
        listen       [::]:443 ssl http2;
    
        server_name  example.com;
    
        # redirect requests to https
        if ($scheme = http) {
        return 301 https://$server_name$request_uri;
        }
    
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
        ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  10m;
        ssl_ciphers PROFILE=SYSTEM;
        ssl_prefer_server_ciphers on;
    
    
        location ~ /ws/* {
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        client_max_body_size 50M;
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Frame-Options SAMEORIGIN;
        proxy_buffers 256 16k;
        proxy_buffer_size 16k;
        client_body_timeout 60;
        send_timeout 300;
        lingering_timeout 5;
        proxy_connect_timeout 1d;
        proxy_send_timeout 1d;
        proxy_read_timeout 1d;
        proxy_pass 127.0.0.1:8000;
        }
    
        location / {
        client_max_body_size 50M;
        proxy_set_header Connection "";
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Frame-Options SAMEORIGIN;
        proxy_buffers 256 16k;
        proxy_buffer_size 16k;
        proxy_read_timeout 600s;
        proxy_cache_revalidate on;
        proxy_cache_min_uses 2;
        proxy_cache_use_stale timeout;
        proxy_cache_lock on;
        proxy_http_version 1.1;
        proxy_pass 127.0.0.1:8000;
        }
    
     }
  11. Test Nginx for errors.

      $ sudo nginx -t
  12. Restart Nginx.

      $ sudo systemctl restart nginx

Configure Focalboard as a System Service

  1. Create a new system service file.

     $ sudo nano /lib/systemd/system/focalboard.service
  2. Add the following contents to the file.

     [Unit]
     Description=Focalboard
    
     [Service]
     Type=simple
     Restart=always
     ExecStart=./opt/focalboard/bin/focalboard-server
     WorkingDirectory=/opt/focalboard
    
     [Install]
     WantedBy=multi-user.target

Save the file.

  1. Restart the systemd daemon.

     $ sudo systemctl daemon-reload
  2. Enable the Focalboard service file.

     $ sudo systemctl enable focalboard.service
  3. Start Focalboard.

     $ sudo systemctl start focalboard
  4. Verify that Focalboard is running.

     $ sudo systemctl status focalboard

Test Focalboard

Visit your server in a web browser.

    https://board.example.com

Focalboard on CentOS Stream

Create a new account and complete your Focalboard setup.

More Information

For more information, refer to the following articles.