SET UP SECURE REMOTE ACCESS TO WEKAN
1 Set up subdomain or dynamic domain
First, allocate a suitable domain to connect through. If you’ve already got a domain, we advise setting up a dedicated subdomain like wekan.domain.com, which is set to point to your own network’s public IP address (as revealed at www.whatsmyip. com). Failing that, set up free dynamic hostname through a service like www.noip.com if you don’t have one.
2 Dynamic DNS updater
Public IP addresses often change over time – use a dynamic DNS client to ensure your domains update to the new address when it changes. Most domain providers offer tools for purchased domains, while dynamic hostnames can often be updated through routers or NASES. If you’re a docker user, we recommend Linuxserver’s ddclient as an automated solution.
3 Set up a reverse proxy
Wekan doesn’t offer a secure means of accessing your boards remotely, but by installing a reverse proxy with SSL certificates you can encrypt your connection. We recommend Linuxserver’s letsencrypt implementation (see http://bit.ly/ lxf260letsencrypt) for a guide. If you have a QNAP NAS, follow our guide to setting up letsencrypt in LXF260 (page 59).
4 Configure reverse proxy with Wekan
Go to https://github.com/wekan/wekan/wiki/nginxwebserver-config and paste the code beneath example.com. conf into a blank text document. Change all server_name references to point to your subdomain. If Wekan is running on a different server to your reverse proxy you’ll also need to amend the proxy_pass line to point to your Wekan server’s IP address.
5 Save and upload
Stop the letsencrypt container or nginx server, then save your text file into its config/nginx/proxy-confs folder with your choice of filename. If you’re running a regular nginx server, then save the file as advised on the Wekan wiki. Once done, restart your letsencrypt container or nginx server. If all is well, your reverse proxy should now be able to redirect Wekan traffic.
6 Redirect traffic through router
Finally, you need to route all traffic through ports 80 and 443 to your reverse proxy. Open your router’s configuration utility and locate its port-forwarding section (for example NAT Forwarding>virtual Servers on Tp-link routers). Once found, create two forwarding rules: one from port 80 to port 80 on your reverse proxy’s IP address, the other from port 443 to port 443.