<markdown> # Work in Progress # Not for production use

## Before you begin Adjust your TLS certificate to add the hostname of leanote.yourdomain (or whatever hostname you want to assign to your Leanote installation), or create a new certificate for that FQDN. Then run these commands:

`yum install mongodb mongodb-server`

`yum install`

`cd /opt`


`tar xfv download`

`rm download`

`systemctl enable –now mongod`

`mongorestore -h localhost -d leanote –dir leanote/mongodb_backup/leanote_install_data/`


`use leanote;`


Replace `leanote` and `abc123` in the command above with the desired database username and password. The password should be long and random. Ctrl-D to exit Mongo.

`nano /etc/mongod.conf`

On line 70, uncomment `auth = true`. Save and exit.

`systemctl restart mongod`

`cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1`

Copy the output of the command above.

`nano leanote/conf/app.conf`

* Find the line that has `app.secret=` (it should be line 25), delete whatever value is there, and replace with the value you just copied. * On line 8, set `site.url` to `https://leanote.yourdomain` (or alternate hostname if desired) * On lines 17 and 18, enter the database username and password you set above. * Save and exit

`nano /usr/lib/systemd/system/leanote.service`

Contents are:

``` [Unit] Description=Leanote After=mongod.service

[Service] Type=simple ExecStart=/opt/leanote/bin/

[Install] WantedBy = ```

`chmod +x leanote/bin/`

`systemctl enable –now leanote`

### Set up reverse proxy `config set leanote configuration`

`mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf.d/virtualhosts.conf/`

`nano /etc/e-smith/templates-custom/etc/httpd/conf.d/virtualhosts.conf/15_leanote`

You're creating a template fragment. Its contents should be: ``` { my $host = $leanote{hostname} || “leanote”; $OUT .= qq ( # 15_leanote

<VirtualHost *:80>

ServerName $host.$DomainName
RewriteEngine on
RewriteRule ^/\\.well-known/ - [L]
RewriteRule (.*) https://$host.$DomainName\$1 [R,L]
Alias "/.well-known/acme-challenge/" "/var/www/html/.well-known/acme-challenge/"
<Directory "/var/www/html/.well-known/acme-challenge/">
   Require all granted
   Options -Indexes -FollowSymLinks
   AllowOverride None


<VirtualHost *:443>

ServerName $host.$DomainName
SSLEngine on
ProxyPass /
ProxyPassReverse /


unless ($leanote{AllowDemo} eq 'enabled') {

$OUT .= qq (
RewriteEngine on
RewriteRule ^/demo\$ /login [R=permanent,L]

); }

if (length $leanote{CertFile}) {

$OUT .= qq (
SSLCertificateFile $leanote{CertFile}
SSLCertificateChainFile $leanote{ChainFile}
SSLCertificateKeyFile $leanote{KeyFile}

); } $OUT .= “\n</VirtualHost>\n” } ``` Save and exit.

`signal-event nethserver-httpd-update`

### Log in Browse to https://leanote.yourdomain, and you'll see a login screen. The default admin user is `admin`, password is `abc123` (which you should change immediately).

### Customizing Leanote will be made available on a virtual host of leanote.yourdomain. If you want to change this (say, to ln.yourdomain), run `config setprop leanote hostname ln` followed by `signal-event nethserver-httpd-update`.

By default, the Leanote demo mode is disabled. If you want to allow any visitor to your site to log in as a demo user without a password, run `config setprop leanote AllowDemo enabled` followed by `signal-event nethserver-httpd-update`.

By default, the Leanote virtual host will use the system's default TLS certificate. To use a different cert (perhaps one you've obtained just for this virtual host), run:

`config setprop leanote CertFile /path/to/cert`

`config setprop leanote ChainFile /path/to/intermediate/cert(s)`

`config setprop leanote KeyFile /path/to/private/key`

`signal-event nethserver-httpd-update`

## Important Admin settings There are a few settings you'll need to change, and others you'll want to be aware of. Log in as the `admin` user, and in the upper-right corner of the screen, click on that user's menu and select Admin: ![7facb85a137785494d486986754c2603.png](:/c651ad8f37cb47bbbe012c156f5e16b3) This will take you to the administration page: ![0f9c4cbb45ec6a4f176390c1b3ab11f6.png](:/5f0790d4220e47f3a25f31832eeb9524)

### Save as PDF To save notes as PDF, Leanote needs to know where the `wkhtmltopdf` binary is. To set that, on the left, click on Configuration, then on Export PDF. Enter the path to `wkhtmltopdf`, which is `/usr/local/bin/wkhtmltopdf`. Then click Submit: ![8036e9e285bab778a92c884e7558c985.png](:/3338c38f2acf4d35bed52f8a733d22f9)

### Database backup/restore On the left, click on Data, then Mongodb Tool Configuration. Enter the correct paths as shown here. Both `mongodump` and `mongorestore` live in `/usr/local/bin/`. Then click Submit. ![50d12cdbe09d567dec255ecb97728b9e.png](:/b5cae47dfa2f4184bb4edd6ec3995a70)

### Disable registration Leanote does not synchronize its users with your Neth system, and by default, anyone who can reach your Leanote installation can register an account there without even needing to verify their email address. Unless your installation is on a protected network, you probably don't want this. To disable registration, on the left, click on Configuration, then on Open Register. Uncheck the box and click Submit. ![13d9c1e6d75d0035cf8199cfc90ffdf9.png](:/b912181ed3434682ab27a4448913c2a9)

## To Do

* Security

  • [s]MongoDB authentication[/s]
  • [s]Disable account registration[/s]
  • Access control–allow access only from specified networks
  • Delete demo user/Try It button

* Reverse proxy setup

  • [s]Both for virtual host and[/s] subdirectory

* [s]systemd unit to start Leanote on boot (and in background)[/s] * [s]LDAP/AD authentication?[/s] * [s]`wkhtmltopdf: cannot connect to X server`[/s] * Figure out if there's a Leanote fork that's better maintained–Leanote itself hasn't had a commit in over a year, or a release in over two years, and there are nearly 500 open issues. * RPM for Leanote itself * Nethserver module to integrate </markdown>

  • userguide/leanote.txt
  • Last modified: 2020/05/22 20:46
  • by Dan Brown