プロジェクトマネジメントに不可欠なもの

  1. タスク管理ツール
  2. コミュニケーションツール
  3. wiki 会社運営になると、以上に会計ソフトが加わる

オープンソースソフトで代替したい

  1. タスク管理ツール:Redmine
  2. コミュニケーションツール:rocket.chat
  3. wiki : xwiki

How to introduce Redmine

いかのdocker composeを走らせるだけ

version: '3.7'

services:
  redmine:
    image: redmine:6.0.1
    ports:
      - "8008:3000"
    environment:
      REDMINE_DB_MYSQL: db
      REDMINE_DB_DATABASE: redmine
      REDMINE_DB_USERNAME: redmine
      REDMINE_DB_PASSWORD: redmine_password
    volumes:
      - redmine_data:/usr/src/redmine/files

  db:
    image: mysql:5.7
    command: mysqld --character-set-server=utf8 --collation-server=utf8_unicode_ci #--default-authentication-plugin=mysql_native_password --character-set-server=utf8mb4 --collation-server=utf8mb4_unicode_ci
    environment:
      MYSQL_ROOT_PASSWORD: root_password
      MYSQL_DATABASE: redmine
      MYSQL_USER: redmine
      MYSQL_PASSWORD: redmine_password
    volumes:
      - mysql_data:/var/lib/mysql

volumes:
  redmine_data:
    driver: local
  mysql_data:
    driver: local

詳しくは、こちらを読んでみてください、といった感じです。 https://blog.ingenboy.com/post/introduce_redmine/

How to introduce rocket.chat

volumes:
  mongodb_data: { driver: local }

services:
  rocketchat:
    image: ${IMAGE:-registry.rocket.chat/rocketchat/rocket.chat}:${RELEASE:-latest}
    restart: always
    labels:
      traefik.enable: "true"
      traefik.http.routers.rocketchat.rule: Host(`${DOMAIN:-}`)
      traefik.http.routers.rocketchat.tls: "true"
      traefik.http.routers.rocketchat.entrypoints: https
      traefik.http.routers.rocketchat.tls.certresolver: le
    environment:
      MONGO_URL: "${MONGO_URL:-\
        mongodb://${MONGODB_ADVERTISED_HOSTNAME:-mongodb}:${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017}/\
        ${MONGODB_DATABASE:-rocketchat}?replicaSet=${MONGODB_REPLICA_SET_NAME:-rs0}}"
      MONGO_OPLOG_URL: "${MONGO_OPLOG_URL:\
        -mongodb://${MONGODB_ADVERTISED_HOSTNAME:-mongodb}:${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017}/\
        local?replicaSet=${MONGODB_REPLICA_SET_NAME:-rs0}}"
      ROOT_URL: ${ROOT_URL:-http://localhost:${HOST_PORT:-3000}}
      PORT: ${PORT:-3000}
      DEPLOY_METHOD: docker
      DEPLOY_PLATFORM: ${DEPLOY_PLATFORM:-}
      REG_TOKEN: ${REG_TOKEN:-}
    depends_on:
      - mongodb
    expose:
      - ${PORT:-3000}
    ports:
      - "${BIND_IP:-0.0.0.0}:${HOST_PORT:-3000}:${PORT:-3000}"

  mongodb:
    image: docker.io/bitnami/mongodb:${MONGODB_VERSION:-6.0}
    restart: always
    volumes:
      - mongodb_data:/bitnami/mongodb
    environment:
      MONGODB_REPLICA_SET_MODE: primary
      MONGODB_REPLICA_SET_NAME: ${MONGODB_REPLICA_SET_NAME:-rs0}
      MONGODB_PORT_NUMBER: ${MONGODB_PORT_NUMBER:-27017}
      MONGODB_INITIAL_PRIMARY_HOST: ${MONGODB_INITIAL_PRIMARY_HOST:-mongodb}
      MONGODB_INITIAL_PRIMARY_PORT_NUMBER: ${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017}
      MONGODB_ADVERTISED_HOSTNAME: ${MONGODB_ADVERTISED_HOSTNAME:-mongodb}
      MONGODB_ENABLE_JOURNAL: ${MONGODB_ENABLE_JOURNAL:-true}
      ALLOW_EMPTY_PASSWORD: ${ALLOW_EMPTY_PASSWORD:-yes}

あとは、 以下のようなnginxファイルをおいて、プロキシしてください。

server {
    listen 443 ssl;
    server_name chat.ingenboy.com;

    ssl_certificate /etc/letsencrypt/live/chat.ingenboy.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/chat.ingenboy.com/privkey.pem; # managed by Certbot

    # Strong SSL settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 1h;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

ポイントは、websocketを使うので、

  proxy_set_header Upgrade $http_upgrade;
  proxy_set_header Connection "upgrade";

が必要なところです。

How to introduce xwiki

version: '2'
networks:
  bridge:
    driver: bridge
services:
  web:
    image: "xwiki:stable-mysql-tomcat"
    container_name: xwiki-mysql-tomcat-web
    depends_on:
      - db
    ports:
      - "8888:8080"
    environment:
      - DB_USER=xwiki
      - DB_PASSWORD=xwiki
      - DB_HOST=xwiki-mysql-db
    volumes:
      - xwiki-data:/usr/local/xwiki
    networks:
      - bridge
  db:
    image: "mysql:8.1"
    container_name: xwiki-mysql-db
    volumes:
      - mysql-data:/var/lib/mysql
      - ./init.sql:/docker-entrypoint-initdb.d/init.sql
    environment:
      - MYSQL_ROOT_PASSWORD=xwiki
      - MYSQL_USER=xwiki
      - MYSQL_PASSWORD=xwiki
      - MYSQL_DATABASE=xwiki
    command:
      - "--character-set-server=utf8mb4"
      - "--collation-server=utf8mb4_bin"
      - "--explicit-defaults-for-timestamp=1"
    networks:
      - bridge
volumes:
  mysql-data: {}
  xwiki-data: {}

で、こんな感じのプロキシ設定を入れる


server {
    listen 443 ssl;
    server_name wiki.ingenboy.com;
    ssl_certificate /etc/letsencrypt/live/wiki.ingenboy.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/wiki.ingenboy.com/privkey.pem; # managed by Certbot
    location / {
            proxy_pass http://100.64.1.61:8888;
            proxy_set_header Host wiki.ingenboy.com;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection 'upgrade';
            proxy_cache_bypass $http_upgrade;

    }
}
  
  server {
      listen 80;
      server_name wiki.ingenboy.com;
      return 301 https://$host$request_uri;
  }

地味に大事なのが、80番ポートへのリクエストを301でhttpsにリダイレクトするところかな。これはかなり大事。 httpでプロキシされてくるので、httpをhtmlに埋め込んでレスポンス返しているらしいな。まあよくある仕様だな。 いや、上の設定ではうまくいかない。一番下を見てくれ。

Main/#edit:1 Mixed Content: The page at 'https://wiki.ingenboy.com/bin/view/Main/#edit' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://wiki.ingenboy.com/bin/lock/Main/WebHome?ajax=1&action=edit&language=en'. This request has been blocked; the content must be served over HTTPS.

このエラーが出てリクエストできなくなるんだよな。つまり、tomcatをsslで動かすしかないって話だ。どうやって?って話だけどさ。 既知の問題なんですよね。 https://forum.xwiki.org/t/message-failed-to-lock-the-page-when-tring-to-edit-a-page/7609/24

結局これが一番簡単な解決方法

location / {
        proxy_pass http://100.64.1.61:8888;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Accept-Encoding "";  # Disable compression from backend
        proxy_cache_bypass $http_upgrade;

        sub_filter 'http://wiki.ingenboy.com' 'https://wiki.ingenboy.com';
        sub_filter_once off;
        sub_filter_types text/html;
        add_header X-Filter-Applied $upstream_http_content_type;
        add_header Content-Security-Policy "upgrade-insecure-requests";
    }

add_header Content-Security-Policy “upgrade-insecure-requests”; これいれることで、ブラウザは自動的にhttpリクエストをhttpsでリクエストするようになる。

もう一つ気を付けてほしいのが、 一番最初にスタートするとき以下のエラーが出る。

[jodconverter-offprocmng-0] WARN  tartProcessAndConnectRetryable - Office process died with exit code 81; restarting it

関連記事:https://forum.xwiki.org/t/office-process-died-with-exit-code-81/12550/2

三種の神器がそろった

最高だ。無料でPMツールが全部そろったんだぜ。これはすごいことだ。 あとは、会計ソフトだけ入れることができればもう俺の勝ちだ。