How to Install Focalboard on CentOS 9 Stream

Introduction

Focalboard is a free, open-source collaboration and productivity tool that lets you organize and manage projects. This article explains how to install Focalboard on a CentOS 9 Stream server.

Prerequisites

• Launch a new CentOS 9 Stream server on Vultr.
• Create a DNS "A" record pointing to the server's IP address, like board.example.com.
• Log in to the server with SSH as a non-root user with sudo privileges.
• Install PostgreSQL.
• Install Nginx.

Create the Focalboard Database

1. Log in to PostgreSQL.

   $ sudo -iu postgres psql
   

2. Create a new database.

   # CREATE DATABASE focalboardb;
   

3. Set up a new database user with a strong password.

   # CREATE USER exampleuser WITH PASSWORD 'choose_a_strong_password';
   

4. Grant the user rights to use the database.

   # GRANT ALL PRIVILEGES ON DATABASE focalboardb TO exampleuser;
   

5. Exit PostgreSQL.

   # \q
   

Installation

1. Download the latest Focalboard release file.

   Latest=$(curl -s https://api.github.com/repos/mattermost/focalboard/releases/latest|grep tag_name | cut -d '"' -f 4) wget https://github.com/mattermost/focalboard/releases/download/${Latest}/focalboard-server-linux-amd64.tar.gz
   

2. Extract files from the archive.

   $ tar -xvf focalboard-server-linux-amd64.tar.gz
   

3. Move the extracted files to /opt.

   $ sudo mv focalboard /opt/
   

4. Change to the Focalboard directory.

   $ cd /opt/focalboard/
   

5. Using a text editor of your choice, edit the config.json file.

   $ sudo nano config.json
   

6. Find the following lines:

   "dbconfig": "./focalboard.db",
   "postgres_dbconfig": "dbname=focalboard sslmode=disable",
   

7. Change them to reflect your Postgres database as shown below. Change exampleuser and choose_a_strong_password to the values you set in the first section.

   "dbtype": "postgres",
   "dbconfig": "postgres://exampleuser:choose_a_strong_password@localhost/focalboardb?sslmode=disable&connect_timeout=10",
   

8. Save and close the file.

9. Copy config.json to /opt/focalboard/bin.

   $ sudo cp /opt/focalboard/config.json  /opt/focalboard/bin/
   

10. Copy the pack directory to /opt/focalboard/bin.

    $ sudo cp -r /opt/focalboard/pack  /opt/focalboard/bin/
    

11. Verify the system SELinux mode.

    $ sudo getenforce
    

12. Set the SELinux mode from enforcing to permissive.

    $ sudo setenforce 0
    

Configure Nginx as a Reverse Proxy

1. Create a new Nginx configuration file.

   $ sudo touch /etc/nginx/conf.d/board.example.com.conf
   

2. Edit the file.

   $ sudo nano /etc/nginx/conf.d/board.example.com.conf
   

3. Copy and paste the following configurations to the file. Replace board.example.com with the DNS "A" record you created in the Prerequisite section.

   server {
   listen 80;
   server_name board.example.com;
   
   location ~ /ws/* {
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "upgrade";
   client_max_body_size 50M;
   proxy_set_header Host $http_host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header X-Frame-Options SAMEORIGIN;
   proxy_buffers 256 16k;
   proxy_buffer_size 16k;
   client_body_timeout 60;
   send_timeout 300;
   lingering_timeout 5;
   proxy_connect_timeout 1d;
   proxy_send_timeout 1d;
   proxy_read_timeout 1d;
   proxy_pass http://localhost:8000;
   }
   
   location / {
   client_max_body_size 50M;
   proxy_set_header Connection "";
   proxy_set_header Host $http_host;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto $scheme;
   proxy_set_header X-Frame-Options SAMEORIGIN;
   proxy_buffers 256 16k;
   proxy_buffer_size 16k;
   proxy_read_timeout 600s;
   proxy_cache_revalidate on;
   proxy_cache_min_uses 2;
   proxy_cache_use_stale timeout;
   proxy_cache_lock on;
   proxy_http_version 1.1;
   proxy_pass http://localhost:8000;
   }
   }
   

4. Save and close the file.

5. Test the Nginx configuration for errors.

   $ sudo nginx -t
   

6. Restart Nginx.

   $ sudo systemctl restart nginx
   

Configure the Firewall

1. Allow HTTP port 80 through the firewall.

   $ sudo firewall-cmd --permanent --add-port=80/tcp
   

2. Allow the HTTPS port 443.

   $ sudo firewall-cmd --permanent --add-port=443/tcp
   

3. Restart the Firewall to save changes.

   $ sudo firewall-cmd --reload
   

Install a Let's Encrypt TLS/SSL Certificate

1. Install the EPEL repository.

   $ sudo dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
   

2. Install snap.

   $ sudo dnf install snapd
   

3. Enable and start snap.

   $ sudo systemctl enable snapd
   $ sudo systemctl start snapd
   

4. Install snap core, and create necessary links.

   $ sudo snap install core
   $ sudo ln -s /var/lib/snapd/snap /snap
   $ sudo echo 'export PATH=$PATH:/var/lib/snapd/snap/bin' > /etc/profile.d/snap.sh
   

5. Install Certbot.

   $ sudo snap install --classic certbot
   

6. Enable Certbot.

   $ sudo ln -s /snap/bin/certbot /usr/bin/certbot
   

7. Request a Let's Encrypt certificate. Replace board.example.com with the DNS "A" record you created in the Prerequisite section and make sure the webroot directory /usr/share/nginx/html is accessible.

   $ sudo certbot certonly --webroot -w /usr/share/nginx/html -d board.example.com
   

8. Edit the Nginx configuration file.

   $ sudo nano /etc/nginx/conf.d/board.example.com
   

9. Paste the following configurations after the listen 80; directive. Again, replace board.example.com with your server name.

   listen       443 ssl http2;
   listen       [::]:443 ssl http2;
   
   server_name  board.example.com;
   
   # redirect all requests to https
   if ($scheme = http) {
   return 301 https://$server_name$request_uri;
   }
   
   ssl_certificate /etc/letsencrypt/live/board.example.com/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/board.example.com/privkey.pem;
   ssl_trusted_certificate /etc/letsencrypt/live/board.example.com/chain.pem;
   ssl_session_cache shared:SSL:1m;
   ssl_session_timeout  10m;
   ssl_ciphers PROFILE=SYSTEM;
   ssl_prefer_server_ciphers on;
   

10. Save and close the file.

    Your completed Nginx configuration file should look similar to the one below, with your domain names.

    server {
       listen 80;
       listen       443 ssl http2;
       listen       [::]:443 ssl http2;
    
       server_name  example.com;
    
       # redirect requests to https
       if ($scheme = http) {
       return 301 https://$server_name$request_uri;
       }
    
       ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
       ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
       ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
       ssl_session_cache shared:SSL:1m;
       ssl_session_timeout  10m;
       ssl_ciphers PROFILE=SYSTEM;
       ssl_prefer_server_ciphers on;
    
    
       location ~ /ws/* {
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection "upgrade";
       client_max_body_size 50M;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       client_body_timeout 60;
       send_timeout 300;
       lingering_timeout 5;
       proxy_connect_timeout 1d;
       proxy_send_timeout 1d;
       proxy_read_timeout 1d;
       proxy_pass 127.0.0.1:8000;
       }
    
       location / {
       client_max_body_size 50M;
       proxy_set_header Connection "";
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header X-Frame-Options SAMEORIGIN;
       proxy_buffers 256 16k;
       proxy_buffer_size 16k;
       proxy_read_timeout 600s;
       proxy_cache_revalidate on;
       proxy_cache_min_uses 2;
       proxy_cache_use_stale timeout;
       proxy_cache_lock on;
       proxy_http_version 1.1;
       proxy_pass 127.0.0.1:8000;
       }
    
    }
    

11. Test Nginx for errors.

     $ sudo nginx -t
    

12. Restart Nginx.

     $ sudo systemctl restart nginx
    

Configure Focalboard as a System Service

1. Create a new system service file.

   $ sudo nano /lib/systemd/system/focalboard.service
   

2. Add the following contents to the file.

   [Unit]
   Description=Focalboard
   
   [Service]
   Type=simple
   Restart=always
   ExecStart=./opt/focalboard/bin/focalboard-server
   WorkingDirectory=/opt/focalboard
   
   [Install]
   WantedBy=multi-user.target
   

Save the file.

1. Restart the systemd daemon.

   $ sudo systemctl daemon-reload
   

2. Enable the Focalboard service file.

   $ sudo systemctl enable focalboard.service
   

3. Start Focalboard.

   $ sudo systemctl start focalboard
   

4. Verify that Focalboard is running.

   $ sudo systemctl status focalboard
   

Test Focalboard

Visit your server in a web browser.

    https://board.example.com

Create a new account and complete your Focalboard setup.

More Information

For more information, refer to the following articles.

• Focalboard documentation
• Nginx documentation
• Let’s Encrypt documentation