Skip to main content

Enabling HTTPS for the BookStack web interface

The default BookStack installation script for Ubuntu 20.04/18.04/16.04 only configures the Apache2 server to use HTTP, not HTTPS. With plain HTTP becoming more and more obsolete each day, you'll likely want to use HTTPS instead in combination with a Let's Encrypt SSL certificate (or a self-signed cert if you're only accessing locally).

Move the original BootStack config file (so you can access it again if needed)

sudo mv /etc/apache2/sites-available/bookstack.conf /etc/apache2/sites-available/bookstack.conf.old

Create a new BookStack Apache2 config file:

sudo nano /etc/apache2/sites-available/bookstack.conf

Here is an example configuration - you will need to change the ServerName and SSLCertificate directives to match your requirements.

<VirtualHost *:80>
    ServerName YOUR-DOMAIN-HERE
    RewriteEngine On
    RewriteRule ^(.*)$ https://%{HTTP_HOST}$1 [R=301,L]
</VirtualHost>

<VirtualHost *:443>
	ServerName YOUR-DOMAIN-HERE
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/bookstack/public/

    SSLEngine on
    SSLCertificateFile      /etc/letsencrypt/live/YOUR-DOMAIN-HERE/fullchain.pem
    SSLCertificateKeyFile   /etc/letsencrypt/live/YOUR-DOMAIN-HERE/privkey.pem

    <Directory /var/www/bookstack/public/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
        <IfModule mod_rewrite.c>
            <IfModule mod_negotiation.c>
                Options -MultiViews -Indexes
            </IfModule>
            RewriteEngine On
            # Handle Authorization Header
            RewriteCond %{HTTP:Authorization} .
            RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
            # Redirect Trailing Slashes If Not A Folder...
            RewriteCond %{REQUEST_FILENAME} !-d
            RewriteCond %{REQUEST_URI} (.+)/$
            RewriteRule ^ %1 [L,R=301]
            # Handle Front Controller...
            RewriteCond %{REQUEST_FILENAME} !-d
            RewriteCond %{REQUEST_FILENAME} !-f
            RewriteRule ^ index.php [L]
        </IfModule>
    </Directory>

	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

Enable Apache2's SSL module

sudo a2enmod ssl

Run Apache2's built in config tester to confirm there are no errors:

sudo apachectl configtest
Syntax OK

Edit BookStack's .env config file:

sudo nano /var/www/bookstack/.env

Change the APP_URL parameter so that it uses the full domain name, making sure that it specifies https:// not http://

# Application URL
# This must be the root URL that you want to host BookStack on.
# All URLs in BookStack will be generated using this value
# to ensure URLs generated are consistent and secure.
# If you change this in the future you may need to run a command
# to update stored URLs in the database. Command example:
# php artisan bookstack:update-url https://old.example.com https://new.example.com
APP_URL=https://YOUR-DOMAIN-HERE

Restart Apache2

sudo systemctl restart apache2

CreditSource

Back to top