Installing Leanote on CentOS 7 with MongoDB and Let’s Encrypt SSL

Leanote is a free, lightweight, and open source note-taking platform built with Golang. Designed with a strong focus on user experience, Leanote offers a broad range of useful functions such as Markdown support, private or public blogging, team-based collaboration, multi-platform compatibility, and efficient knowledge management.

This guide details the complete steps required to install and configure Leanote on a CentOS 7 server. We’ll also walk through securing your deployment using Nginx and an SSL certificate from Let’s Encrypt.

Prerequisites

• An active CentOS 7 server.
• A sudo-enabled user account named leanote.
• All installed packages must be updated to the latest stable versions using the EPEL YUM repository.
• The domain leanote.example.com should already resolve to the server.

Step 1: Set Up a Swap File

It’s advisable to configure a swap file when launching a new CentOS 7 instance to enhance system performance. For example, a 2048MB swap file is appropriate for a server with 2GB of RAM.

sudo dd if=/dev/zero of=/swapfile count=2048 bs=1M
sudo chmod 600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
echo '/swapfile   none    swap    sw    0   0' | sudo tee -a /etc/fstab
free -m

Note: Adjust the swap file size accordingly if your server specifications differ.

Step 2: Download Leanote Version 2.6.1

Fetch and extract the most recent stable release of Leanote for 64-bit Linux:

cd
wget https://sourceforge.net/projects/leanote-bin/files/2.6.1/leanote-linux-amd64-v2.6.1.bin.tar.gz
tar -zxvf leanote-linux-amd64-v2.6.1.bin.tar.gz

Step 3: Install MongoDB 4.0

Leanote requires MongoDB to be installed prior to deployment. Follow these steps to install MongoDB Community Edition 4.0:

Create the MongoDB 4.0 Repository

Add the MongoDB YUM repo to your system:

cat <
			

Install MongoDB Using YUM

Install all required MongoDB components using the newly added repository:

sudo yum install -y mongodb-org

Configure SELinux for MongoDB

MongoDB uses TCP port 27017 by default, which is blocked by SELinux in enforcing mode. Check the current SELinux status using the command below:

sudo getenforce

If you’re on a CentOS 7 server, the response should be Disabled. In that case, skip the SELinux configuration and continue.

For original CentOS installations where SELinux returns Enforcing, choose one of the following options:

Option 1: Open Port 27017 for MongoDB

sudo semanage port -a -t mongod_port_t -p tcp 27017

Option 2: Disable SELinux

sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
sudo shutdown -r now

Option 3: Set SELinux to Permissive Mode

sudo sed -i 's/SELINUX=enforcing/SELINUX=permissive/' /etc/selinux/config
sudo shutdown -r now

Enable and Start MongoDB

After installation, launch the MongoDB service and ensure it starts automatically at boot:

sudo systemctl start mongod.service
sudo systemctl enable mongod.service

Step 4: Import Leanote’s Initial Data into MongoDB

To initialize the Leanote system, load its default data set into MongoDB by executing the commands below:

rm /home/leanote/leanote/mongodb_backup/leanote_install_data/.DS_Store
mongorestore --host localhost -d leanote --dir /home/leanote/leanote/mongodb_backup/leanote_install_data/

Step 5: Enable MongoDB User Authentication

To secure your database, it’s important to activate access control for MongoDB. This involves creating dedicated user accounts and adjusting MongoDB’s configuration settings.

Access the MongoDB Shell

Start by launching the MongoDB shell:

mongo --host 127.0.0.1:27017

Create the User Administrator

Switch to the admin database and define a user account named useradmin with the ability to manage all users:

use admin
db.createUser({ user: "useradmin", pwd: "useradminpassword", roles: [{ role: "userAdminAnyDatabase", db: "admin" }] })

Security Tip: Use a strong, unpredictable username and password for better protection.

Create the Leanote Database Administrator

Now switch to the Leanote database and define an admin account named leanoteadmin:

use leanote
db.createUser({ user: "leanoteadmin", pwd: "leanoteadminpassword", roles: [{ role: "dbOwner", db: "leanote" }] })

Note: Just like before, make sure to pick a username and password that are difficult to guess.

Validate the Accounts

Switch to the admin and leanote databases to verify the new accounts:

use admin
db.auth("useradmin", "useradminpassword")

use leanote
db.auth("leanoteadmin", "leanoteadminpassword")

If the authentication succeeds, MongoDB will return 1.

Exit the shell:

exit

Enable Authorization in the MongoDB Config File

Add the following lines to the /etc/mongod.conf file to enable user authentication:

sudo bash -c "echo 'security:' >> /etc/mongod.conf"
sudo bash -c "echo '  authorization: enabled' >> /etc/mongod.conf"

Apply the changes by restarting MongoDB:

sudo systemctl restart mongod.service

From this point forward, only the defined accounts useradmin and leanoteadmin can manage MongoDB users and the Leanote database respectively.

Step 6: Modify Leanote Configuration

Start by creating a backup of the Leanote configuration file:

cd /home/leanote/leanote/conf/
cp app.conf app.conf.bak

Open the file using vi for editing:

vi app.conf

Update the following configuration values:

• site.url
• db.username
• db.password
• app.secret

Replace them with these values:

site.url=http://leanote.example.com:9000
db.username=leanoteadmin
db.password=leanoteadminpassword
app.secret=E52tyCDBRk39HmhdGYJLBS3etXpnz7DymmxkgHBYxd7Y9muWVVJ5QZNdDEaHV2sA

Important: You must use your own randomly generated 64-character string for the app.secret value. Never use the sample value in production.

Save and exit the editor:

:wq!

Step 7: Launch Leanote Server

To access Leanote via TCP port 9000, open the port in the firewall configuration:

sudo firewall-cmd --permanent --add-port=9000/tcp
sudo systemctl reload firewalld.service

Start Leanote using the provided shell script:

cd /home/leanote/leanote/bin
bash run.sh

Once you see Listening on.. 0.0.0.0:9000, open your browser and visit http://leanote.example.com:9000.

Login using the default administrative credentials:

• Username: admin
• Password: abc123

Important: Change the default password immediately after login for security reasons.

Step 8: Secure Leanote with HTTPS and Nginx

Although Leanote is now accessible via HTTP, this is not a secure protocol. To enhance security, install a free SSL certificate from Let’s Encrypt and set up Nginx as a reverse proxy.

Configure Hostname and FQDN

First, stop the Leanote process using Ctrl+C. Then configure your server’s hostname and fully qualified domain name (FQDN):

sudo hostnamectl set-hostname leanote
cat <
			

Verify the configuration:

hostname
hostname -f

Adjust Firewall Rules

Close port 9000 and allow web traffic via ports 80 and 443:

sudo firewall-cmd --permanent --remove-port=9000/tcp
sudo firewall-cmd --permanent --add-service=http
sudo firewall-cmd --permanent --add-service=https
sudo systemctl reload firewalld.service

Install and Configure Let’s Encrypt Certificate

Install Certbot to acquire an SSL certificate:

sudo yum -y install yum-utils
sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
sudo yum install -y certbot

Request a certificate for your domain:

sudo certbot certonly --standalone --agree-tos --no-eff-email -m admin@example.com -d leanote.example.com

Certificate and key will be stored here:

• /etc/letsencrypt/live/leanote.example.com/fullchain.pem
• /etc/letsencrypt/live/leanote.example.com/privkey.pem

Automate certificate renewal using a cron job:

sudo crontab -e

Then add this entry:

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew

Save and exit the editor:

:wq!

Install and Configure Nginx Reverse Proxy

Install Nginx from the EPEL repository:

sudo yum install -y nginx

Create the Leanote-specific Nginx config:

cat <
			

Apply the changes by restarting Nginx:

sudo systemctl daemon-reload
sudo systemctl restart nginx.service
sudo systemctl enable nginx.service

Update Leanote Configuration for HTTPS

Edit the Leanote config file to reflect HTTPS usage:

cd /home/leanote/leanote/conf/
vi app.conf

Locate this line:

site.url=http://leanote.example.com:9000

And change it to:

site.url=https://leanote.example.com

Save and close the file:

:wq!

Start Leanote Again

Finally, restart Leanote:

cd /home/leanote/leanote/bin
bash run.sh

Visit https://leanote.example.com/ to see the secured Leanote site. Login using your admin credentials or create new user accounts for collaborative work.

Note: You may press Ctrl+C to stop Leanote for now—we will later configure it to run as a background service.

Step 9: Install wkhtmltopdf for PDF Export

Leanote uses the wkhtmltopdf utility to convert HTML pages into downloadable PDF files. To install this tool, follow these steps:

cd
wget https://downloads.wkhtmltopdf.org/0.12/0.12.5/wkhtmltox-0.12.5-1.centos7.x86_64.rpm
sudo yum localinstall -y wkhtmltox-0.12.5-1.centos7.x86_64.rpm
which wkhtmltopdf

Once installed, note the binary path, which is typically /usr/local/bin/wkhtmltopdf. You’ll need to enter this path in the “Export PDF” settings section of the Leanote web admin interface when the application is operational.

Tip: If you encounter unreadable characters in your exported PDF documents, try placing the necessary fonts in the /usr/share/fonts/ directory to resolve the issue.

Step 10: Use Supervisor to Keep Leanote Running

To ensure that Leanote automatically restarts in the event of a crash, you can utilize the Supervisor tool. This utility monitors and manages background processes.

Install Supervisor

Install Supervisor via the YUM package manager:

sudo yum install -y supervisor

Create Supervisor Config for Leanote

Set up a dedicated configuration file for managing the Leanote service:

cat <
			

Start and Monitor Leanote via Supervisor

Activate Supervisor and monitor the Leanote process:

sudo supervisord -c /etc/supervisord.conf
sudo supervisorctl status leanote

If everything works correctly, the output will confirm Leanote is running. For example:

leanote                          RUNNING   pid 3707, uptime 0:02:36

Conclusion

With Leanote now fully configured and secured, you have a feature-rich, collaborative note-taking platform operating on your CentOS 7 server. From Markdown editing to team-based knowledge sharing, and with additional enhancements like PDF export and SSL protection, your Leanote environment is ready for production use. Supervisor ensures continuous uptime, and Nginx provides robust SSL handling for safe access. Don’t forget to change default credentials, monitor service logs, and schedule backups regularly to keep your setup secure and reliable.