Bookstack: How do I get an SSL with the autoinstaller?

Created on 3 Jul 2019 · 3Comments · Source: BookStackApp/BookStack

Hey guys,

I love BookStack, but I just couldn't make it work on the SSL mode.
I installed BookStack via the official script for auto-installing it. So it runs on Apache. When I edited 000-default.conf to the bookstack location it still displayed the same Apache2 Ubuntu Default Page.
We're running it on Ubuntu 18.04 and we have the Cloudflare SSL.

Any idea how to edit it in the bookstack.conf, I've tried
`Listen 443 http
Listen 80
NameVirtualHost *:80
NameVirtualHost *:443
ServerName *:80

ServerName docs.mni.me
ServerAdmin webmaster@localhost
DocumentRoot /var/www/bookstack/public/
SSLEngine on
SSLCertificateFile /Users/myusername/certs/server.crt
SSLCertificateKeyFile /Users/myusername/certs/server.key

SSLEngine off
ServerName docs.mni.me
ServerAdmin webmaster@localhost
DocumentRoot /var/www/bookstack/public/
`

But, then I cannot start the apache server. Any tips on how to enable SSL?

Thanks and cheers,
Nedim!

Source

Nedimko123

Most helpful comment

@ssddanbrown Thanks a lot, mate. That file location was the only thing I couldn't get right.

So if anybody in the future needs help, here is what I did:

-Got an SSL certificate form let's encrypt (sudo add-apt-repository ppa:certbot/certbot, sudo apt install python-certbot-apache ,sudo certbot --apache -d example.com)
-Used the code provided here.
-Restarted Apache (/etc/init.d/apache2 restart, /etc/init.d/apache2 start)
-Working as charm

Thanks again and cheers 👍 ,
Nedim!

Nedimko123 on 3 Jul 2019

🎉4 👍3

All 3 comments

Hi @Nedimko123,

I'd expect your /etc/apache2/sites-available/bookstack.conf file to look something like this with HTTPS enabled:

<VirtualHost *:80>
    ServerName docs.mni.me
    RewriteEngine On
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
    ServerName docs.mni.me
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/bookstack/public/

    SSLEngine on
    SSLCertificateFile      /Users/myusername/certs/server.crt
    SSLCertificateKeyFile   /Users/myusername/certs/server.key

    <Directory /var/www/bookstack/public/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
        <IfModule mod_rewrite.c>
            <IfModule mod_negotiation.c>
                Options -MultiViews -Indexes
            </IfModule>
            RewriteEngine On
            # Handle Authorization Header
            RewriteCond %{HTTP:Authorization} .
            RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
            # Redirect Trailing Slashes If Not A Folder...
            RewriteCond %{REQUEST_FILENAME} !-d
            RewriteCond %{REQUEST_URI} (.+)/$
            RewriteRule ^ %1 [L,R=301]
            # Handle Front Controller...
            RewriteCond %{REQUEST_FILENAME} !-d
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^ index.php [L]
        </IfModule>
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Note, I haven't tested the above though but i've just taken the original script config and tweaked to the bare minimum I thought would be needed for HTTPS. Not really sure if the cloudflare layer causes complications.

On your server you can use the following command to check the apache config once set:

sudo apachectl configtest

That should report any syntax errors. If you've editing the 000-default.conf file and added a custom ServerName you'll need to revert that otherwise the VirtualHosts will conflict (bookstack.conf should be the only file with ServerName docs.mni.me).

Let me know if that helps.