Running BookStack in aaPanel Using Docker

BookStack is a free and open-source wiki software aimed for a simple, self-hosted, and easy-to-use platform. Based on Laravel, a PHP framework, BookStack is released under the MIT License. It uses the ideas of books to organise pages and store information.

Running BookStack in aaPanel Using Docker

Create Docker compose in YAML file

Write this following code:

version: '3.8'

services:
  bookstack:
    image: lscr.io/linuxserver/bookstack:latest
    container_name: bookstack_app
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=<You timezone>
      - DB_HOST=<Your site public IP>
      - DB_DATABASE=<Your DB name>
      - DB_USERNAME=<Your DB username>
      - DB_PASSWORD=<Your DB password>
      - APP_KEY=<Generated API key>
      - APP_URL=<Your app URL>:<Host port>
    ports:
      - <Host port>:80
    volumes:
      - /<Your host bookstack path>/config:/config
    networks:
      - bridge

volumes:
  uploads:

networks:
  bridge:

Run this following command:

docker compose up -d

Activating SSL for BookStack Application

Add New Site

This following code is the original nginx setup.

server
{
    listen 80;
    server_name learning.introvesia.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/learning.introvesia.com;

    #SSL-START SSL related configuration, do NOT delete or modify the next line of commented-out 404 rules
    #error_page 404/404.html;
    #SSL-END

    #ERROR-PAGE-START  Error page configuration, allowed to be commented, deleted or modified
    error_page 404 /404.html;
    error_page 502 /502.html;
    #ERROR-PAGE-END

    #PHP-INFO-START  PHP reference configuration, allowed to be commented, deleted or modified
    include enable-php-00.conf;
    #PHP-INFO-END

    #REWRITE-START URL rewrite rule reference, any modification will invalidate the rewrite rules set by the panel
    include <Subdomain Configuration Path>/learning.introvesia.com.conf;
    #REWRITE-END

    # Forbidden files or directories
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }

    # Directory verification related settings for one-click application for SSL certificate
    location ~ \.well-known{
        allow all;
    }

    #Prohibit putting sensitive files in certificate verification directory
    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
        return 403;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        error_log /dev/null;
        access_log /dev/null;
    }

    location ~ .*\.(js|css)?$
    {
        expires      12h;
        error_log /dev/null;
        access_log /dev/null; 
    }
    access_log  /www/wwwlogs/learning.introvesia.com.log;
    error_log  /www/wwwlogs/learning.introvesia.com.error.log;
}

Setup After SSL is Activated

server
{
    listen 80;
		listen 443 ssl http2;
    server_name learning.introvesia.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/learning.introvesia.com;

    #CERT-APPLY-CHECK--START
    # Configuration related to file verification for SSL certificate application - Do not delete
    include <Subdomain Well-Known Path>/learning.introvesia.com.conf;
    #CERT-APPLY-CHECK--END
    #SSL-START SSL related configuration, do NOT delete or modify the next line of commented-out 404 rules
    #error_page 404/404.html;
    #HTTP_TO_HTTPS_START
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    #HTTP_TO_HTTPS_END
    ssl_certificate    <Subdomain File Path>/fullchain.pem;
    ssl_certificate_key    <Subdomain File Path>/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers <Generated SSL Ciphers>;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497  https://$host$request_uri;
		#SSL-END

    #ERROR-PAGE-START  Error page configuration, allowed to be commented, deleted or modified
    error_page 404 /404.html;
    error_page 502 /502.html;
    #ERROR-PAGE-END

    #PHP-INFO-START  PHP reference configuration, allowed to be commented, deleted or modified
    include enable-php-00.conf;
    #PHP-INFO-END

    #REWRITE-START URL rewrite rule reference, any modification will invalidate the rewrite rules set by the panel
    include <Subdomain Configuration Path>/learning.introvesia.com.conf;
    #REWRITE-END

    # Forbidden files or directories
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }

    # Directory verification related settings for one-click application for SSL certificate
    location ~ \.well-known{
        allow all;
    }

    #Prohibit putting sensitive files in certificate verification directory
    if ( $uri ~ "^/\.well-known/.*\.(php|jsp|py|js|css|lua|ts|go|zip|tar\.gz|rar|7z|sql|bak)$" ) {
        return 403;
    }

    location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
    {
        expires      30d;
        error_log /dev/null;
        access_log /dev/null;
    }

    location ~ .*\.(js|css)?$
    {
        expires      12h;
        error_log /dev/null;
        access_log /dev/null; 
    }
    access_log  /www/wwwlogs/learning.introvesia.com.log;
    error_log  /www/wwwlogs/learning.introvesia.com.error.log;
}

SSL Activation with Reverse Proxy

This following code will activate SSL.

server
{
    listen 80;
		listen 443 ssl http2;
    server_name learning.introvesia.com;
    index index.php index.html index.htm default.php default.htm default.html;
    root /www/wwwroot/learning.introvesia.com;

    #CERT-APPLY-CHECK--START
    # Configuration related to file verification for SSL certificate application - Do not delete
    include <Subdomain Well-Known Path>/learning.introvesia.com.conf;
    #CERT-APPLY-CHECK--END
    #SSL-START SSL related configuration, do NOT delete or modify the next line of commented-out 404 rules
    #error_page 404/404.html;
    #HTTP_TO_HTTPS_START
    if ($server_port !~ 443){
        rewrite ^(/.*)$ https://$host$1 permanent;
    }
    #HTTP_TO_HTTPS_END
    ssl_certificate    <Subdomain File Path>/fullchain.pem;
    ssl_certificate_key    <Subdomain File Path>/privkey.pem;
    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers <Generated SSL Ciphers>;
    ssl_prefer_server_ciphers on;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Strict-Transport-Security "max-age=31536000";
    error_page 497  https://$host$request_uri;
		#SSL-END

    #ERROR-PAGE-START  Error page configuration, allowed to be commented, deleted or modified
    error_page 404 /404.html;
    error_page 502 /502.html;
    #ERROR-PAGE-END

    #PHP-INFO-START  PHP reference configuration, allowed to be commented, deleted or modified
    include enable-php-00.conf;
    #PHP-INFO-END

    #REWRITE-START URL rewrite rule reference, any modification will invalidate the rewrite rules set by the panel
    include <Subdomain Configuration Path>/learning.introvesia.com.conf;
    #REWRITE-END
    
    location / {
        proxy_pass http://localhost:8080;  # Forward requests to BookStack
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Forbidden files or directories
    location ~ ^/(\.user.ini|\.htaccess|\.git|\.env|\.svn|\.project|LICENSE|README.md)
    {
        return 404;
    }

    # Directory verification related settings for one-click application for SSL certificate
    location ~ \.well-known{
        allow all;
    }
    
    access_log  /www/wwwlogs/learning.introvesia.com.log;
    error_log  /www/wwwlogs/learning.introvesia.com.error.log;
}

BookStack DB Adjustment for MySQL 8

Modify these following tables: