Bookstack is a really cool and simple opensource wiki system that can be of  great use either in a team or by yourself if you want to document and organize information. This guide will show you how to do it on an Unraid system, but it can applied to any OS that is running docker.

MariaDB Installation

Installing MariaDB is very straight forward. Go to the “Apps” tab and search for mariadb and click install.  If you already have mariadb installed you can just skip to the create database part.

Choose your host port and your MYSQL Root password. I changed the default name and the host port as I already have a MariaDB container running and this container will only be for demonstration purposes.

Create the Bookstack database

  1. Exec into the container with docker exec -it bookstack bash
  2. Log into mysql with user root and the password you chose. mysql -uroot -p enter your password.

The output will look like this:

[email protected]:~# docker exec -it mariadb bash
[email protected]:/# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 3
Server version: 10.1.30-MariaDB-1~xenial mariadb.org binary distribution

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]

Next up is creating the database. (Remember to end all queries with a semicolon)

  1. Start with creating a user for the database. CREATE USER 'user' IDENTIFIED by 'password'; Where ‘user’ is your username and ‘password’ is the password you want for the new user. The ouput will be like this.
    MariaDB [(none)]> CREATE USER 'gilbn' IDENTIFIED by 'mypassword';
    Query OK, 0 rows affected (0.01 sec)
  2. Create the database with CREATE DATABASE IF NOT EXISTS bookstack;
    MariaDB [(none)]> CREATE DATABASE IF NOT EXISTS bookstack;
    Query OK, 1 row affected (0.00 sec)
  3. Give the user permissions to the database with GRANT ALL PRIVILEGES ON bookstack.* TO 'gilbn' IDENTIFIED BY 'mypassword';
    MariaDB [(none)]> GRANT ALL PRIVILEGES ON bookstack.* TO 'gilbn' IDENTIFIED BY 'mypassword';
    Query OK, 0 rows affected (0.00 sec)

Then quit mysql with quit and exit from the container by issuing the command exit


Letsencrypt

Installation

If you already have letsencrypt setup you can just skip down to the nginx part.
Go to the “Apps” tab and search for letsencrypt and install the linuxserver letsencrypt container.

Forward your domain to your public IP address. After you’ve done that add your different ANAME/CNAME records e.g www.yourdomain.com or wiki.yourdomain.com

  1. Container Port: 80 – Choose your desired host port. e.g 81 (You can’t set this to 80 as the unRAID web GUI uses that. )
  2. Container Port: 443 – Set this to 444 or something else (On update 6.4 unraid will use port 443 and it’s better to be ahead of time so it won’t cause any issues)
  3. Enter you email
  4. Add you domain e.g yourdomain.com
  5. Add your different sub domains e.g www,blog,plex ect
  6. Container Path: /config Install the container config to your desired location.

Next is portforwarding. This is done on your router and you need to forward port 80 to the port you chose in step 1. You also need to forward port 443 to 444 or the one you chose. So if your servers ip is 192.168.1.2 and you have chosen that the container is on port 81, you need to forward all traffic on port 80 to port 81 on ip 192.168.1.2 And do the same for port 443.
If you’re unsure how to do this on your router check out: Portforward.com Next go to https://yourserverip:444 or http://yourserverip:81 If you now see the Nginx welcome page, it works. Also test if yourdomain.com redirects you to the nginx welcome page.

Note: TTL differs from each provider, some has a minimum 60 minutes before DNS propagates and others have 1 minute. So it might take a while before https://yourdomain.com works.

If you already have letsencrypt setup and working with a domain and want to use another domain for your wordpress site you can do that by using the EXTRA_DOMAINS variable.

  1. Click on + Add another Path, Port or Variable
  2. Add these values. Config Type: Variable Name: Extra domain Key: EXTRA_DOMAINS Value: yourotherdomain.com, docs.yourotherdomain.com


Nginx

Go to the letsencrypt appdata location. Find the nginx folder and then edit the file called “default” in the “site-conf” folder. I recommend using notepad++ if you are editing the files on a windows machine.

If you want to Geo block your site read more here
Replace/add the contents of the default file with the server block below. Modifying it to use your domain of course.

If you are already using the default file I recommend creating another file in the site-confs folder. It’s much easier to work with separate config files than one huge one. You can call it wiki.conf or domain.conf etc. your choice.


# REDIRECT HTTP TRAFFIC TO https://[domain.com]
server {
    listen 80;
    server_name wiki.technicalramblings.com; 
    return 301 https://$server_name$request_uri;
}

# BLOG SITE
server {
 listen 443 ssl http2;
 server_name wiki.technicalramblings.com;

## Source: https://github.com/1activegeek/nginx-config-collection
## READ THE COMMENT ON add_header X-Frame-Options AND add_header Content-Security-Policy IF YOU USE THIS ON A SUBDOMAIN YOU WANT TO IFRAME!

## Certificates from LE container placement
ssl_certificate /config/keys/letsencrypt/fullchain.pem;
ssl_certificate_key /config/keys/letsencrypt/privkey.pem;

## Strong Security recommended settings per cipherli.st
ssl_dhparam /config/nginx/dhparams.pem; # Bit value: 4096
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_timeout  10m;

## NOTE: The add_header Content-Security-Policy won't work with duckdns since you don't own the root domain. Just buy a domain. It's cheap
## Settings to add strong security profile (A+ on securityheaders.io/ssllabs.com)

add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none; #SET THIS TO index IF YOU WANT GOOGLE TO INDEX YOU SITE!
add_header Content-Security-Policy "frame-ancestors https://*.DOMAIN.COM https://DOMAIN.COM https://$server_name"; #Add your domains you want to enable iframing on
add_header X-Frame-Options "allow-from https://DOMAIN.COM https://$server_name"; #Add your domains you want to enable iframing on. https://$server_name = sub.domain.com in this server block
add_header Referrer-Policy "strict-origin-when-cross-origin";
proxy_cookie_path / "/; HTTPOnly; Secure"; ##NOTE: This may cause issues with unifi. Remove HTTPOnly; or create another ssl config for unifi.
more_set_headers "Server: Classified";
more_clear_headers 'X-Powered-By';
 
 client_max_body_size 0; 
 
  
location / {
	proxy_pass http://192.168.1.34:6875/;
	include /config/nginx/proxy.conf;	
	} 
}

Note: see the comments on the Content-Security-Policy , X-Frame-Options!!

Installing Bookstack

Go to the “Apps” tab and search for Bookstack and install the container.
On the installation page add your database host, user, password and database name.

Template typo!

On the Reverse proxy URL part there is currently a typo in the Unraid container template that you need to fix for it to work.

Click edit on the line and change the Key from APPURL to APP_URL

Next add the domain you want to use Bookstack on. i.e https://wiki.technicalramblings.com

Fill out the different parts, it should look something like this:

Hit apply and let the container start up.
If you see nc: getaddrinfo: Name does not resolve in the logs, don’t worry. If I understand correctly the container spins up from a compose file and tries to connect to an sql database from that compose file. It will try for 30 seconds, and after that the container is accessible.  See:  https://github.com/linuxserver/docker-bookstack/pull/27#issue-272191337

Next you can go to your domain and Bookstack should load.

The default username and password of Bookstack is:
[email protected]
password

If you want to add email, ldap ect you will need to follow these instructions: https://github.com/linuxserver/docker-bookstack#advanced-users-full-control-over-the-env-file

Changing the default upload file size

If you want to be able to upload bigger files you will need to update the php-local.ini file in /config/php

Add the following two lines:

upload_max_filesize = 25M
post_max_size = 25M

25M = 25MB, change it to what you want.