wekan/docs/Platforms/Propietary/Windows/Offline.md

Also see: Windows

Other CPU/OS On-Premise WeKan install

Wekan Windows 64bit version On-Premise

INFO ABOUT SETTINGS: https://github.com/wekan/wekan/issues/5591#issuecomment-2503681293

This is without container (without Docker or Snap).

Right click and download files 1-4:

1. wekan-7.93-amd64-windows.zip

2. node.exe

3. mongodb-windows-x86_64-7.0.21-signed.msi

4. start-wekan.bat

5. Copy files from steps 1-4 with USB stick or DVD to offline Windows computer

6. Double click mongodb-windows-x86_64-7.0.21-signed.msi . In installer, uncheck downloading MongoDB compass.

7. Unzip wekan-7.93-amd64-windows.zip , inside it is directory bundle, to it copy other files:

   bundle (directory)
   |_ start-wekan.bat (downloaded file)
   |_ node.exe (downloaded file)
   |_ main.js (extracted file)
   

8. Edit start-wekan.bat with Notepad. There add Windows computer IP address , like this, then Wekan will be at http://IP-ADDRESS-HERE/sign-in , for example http://192.168.0.100/sign-in but your different IP address. Add there wekan server computer IP address, not localhost. node.exe main.js is at bottom of start-wekan.bat, change there longer filename:

   SET ROOT_URL=http://IP-ADDRESS-HERE
   
   SET PORT=80
   
   node.exe main.js
   

If there is already some webserver at port 80, change to other port:

REM # Writable path required to exist and be writable for attachments to migrate and work correctly
SET WRITABLE_PATH=..

SET ROOT_URL=http://IP-ADDRESS-HERE:2000

SET PORT=2000

Then Wekan will be at http://IP-ADDRESS-HERE:2000/sign-in , for example http://192.168.0.100/sign-in , but with your different IP address.

1. Double click start-wekan.bat to run it. Give permission to network. If it does not work, try instead with right click, Run as Administrator.

2. For mobile devices, you can create PWA app icon using that http://IP-ADDRESS-HERE:2000/sign-in

RELATED INFO:

• Windows 2022 server example https://github.com/wekan/wekan/issues/5084
• Other settings example https://github.com/wekan/wekan/issues/4932

SSL/TLS at internal network, that is not connected to Internet, and can not be used from Internet

Configuring Caddy for SSL/TLS on a local LAN without an internet connection requires you to manually create and manage certificates, as Caddy's automatic certificate provisioning relies on external services like Let's Encrypt, which need internet access. Here's a breakdown of the process:

Generate Certificates 🔑

First, you'll need to generate a self-signed certificate authority (CA) and then use it to sign a certificate for your local domain. You can use tools like OpenSSL or Caddy's own cert command.

1. Create a Root CA: openssl genrsa -out rootCA.key 2048 openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 365 -out rootCA.pem

2. Create a Server Certificate:

   • Create a configuration file (server.csr.cnf) for your server certificate.
   • openssl req -new -nodes -newkey rsa:2048 -keyout server.key -out server.csr -config server.csr.cnf
   • openssl x509 -req -in server.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out server.crt -days 365 -sha256 -extfile server.csr.cnf -extensions req_ext

This process creates server.crt and server.key—the files Caddy will use.

Configure Caddyfile 📜

Next, you need to tell Caddy to use these specific certificates instead of trying to get them automatically. Modify your Caddyfile to use the tls directive with the paths to your generated files.

Caddyfile:

wekan.example.com {
        tls {
            load C:\wekan\certs\example.com.pem
            alpn http/1.1
        }
        proxy / localhost:2000 {
          websocket
          transparent
        }
}

• your_local_domain.lan is the hostname you'll use to access the site from other computers on your network.
• tls C:\path\to\server.crt C:\path\to\server.key is the key part. It explicitly tells Caddy to use these certificate and key files.

Trust the Certificate 🔒

Finally, for browsers and other clients on your network to trust the connection and not show a security warning, you must install the root CA certificate (rootCA.pem) on each client machine.

1. On each client, navigate to the certificate management store (e.g., in Windows, search for "Manage computer certificates").
2. Import the rootCA.pem file into the "Trusted Root Certification Authorities" store.

This tells the client that any certificate signed by this CA (like your server.crt) is trustworthy. Without this step, every client will display a security warning because the certificate isn't from a publicly trusted authority.

Add wekan.example.com to every computer hosts file

As Administrator, edit with Notepad, changing dropdown *.txt to All Files, C:\Windows\System32\drivers\etc\hosts textfile.

To hosts file, add WeKan server local IP address:

192.168.0.200 wekan.example.com

Alternatively, use some nameserver at Windows server to have domain names at local network.

Other remaining settings for local network SSL/TLS, not connected to Internet

Look at similar settings below.

SSL/TLS with Caddy webserver, accessible at Internet

• Other unrelated Caddy info

This will start Caddy, like this:

example.com CloudFlare SSL/TLS Origin Certificate HTTP 443
=> Public IPv4 Cable modem HTTPS port 443
=> Local IPv4 HTTPS port 443 Caddy
=> Local IPv4 HTTP port 2000 Node.js main.js WeKan
=> MongoDB port 27017

From CloudFlare to Caddy, all is SSL/TLS encrypted. Caddy proxies all encrypted traffic to Node.js unencrypted HTTP port 2000.

At WeKan server laptop/desktop, locally between these executeable files, HTTP traffic is not encrypted:

• Between Caddy and WeKan
• Between WeKan and MongoDB

But outside of that server, all is SSL/TLS encrypted.

1) At your Internet router, forward ports HTTP 80 and HTTPS 443 to your server laptop/desktop IP address. Example:

Arris cable modem:

1. Login
2. Firewall / Virtual Server Port Forwarding
3. Add HTTP 80 and HTTPS 443:

HTTP 80:

Description: HTTP
Inbound Port: 80 to 80
Format: TCP
Private IP Address: YOUR-WEKAN-SERVER-LOCAL-IPv4-ADDRESS (example: 192.168.0.200)
Local Port: 80 to 80

HTTPS 443:

Description: HTTP
Inbound Port: 443 to 443
Format: TCP
Private IP Address: YOUR-WEKAN-SERVER-LOCAL-IPv4-ADDRESS (example: 192.168.0.200)
Local Port: 443 to 443

2) Check your WeKan server Windows computer local IPv4 address

You can check your IP address on Windows 11 using either the Settings app or the Command Prompt. These methods will show you your local IP address, which is the address your device uses to communicate within your home or office network.

Your public IP address, which is what devices outside your network see, is assigned by your internet service provider (ISP) and can be found using an online tool or a simple web search.

Method 1: Using the Settings App ⚙️

1. Open the Start menu and click on Settings (or press the Windows key + I).
2. In the left-hand menu, click on Network & internet.
3. Click on the connection you're currently using, either Wi-Fi or Ethernet.
4. On the next screen, your IP address (both IPv4 and IPv6) will be listed under the Properties section.

Method 2: Using the Command Prompt 💻

1. Click the Start menu or the search icon on your taskbar, type "cmd," and press Enter.
2. In the Command Prompt window, type ipconfig and press Enter.
3. Look for your active connection (e.g., "Ethernet adapter" or "Wireless LAN adapter Wi-Fi"). Your IP address will be listed next to "IPv4 Address."

3) Finding Your Public IP Address 🌍

a) At Arris Cable Modem, public IP address is at Login / WAN Setup / DHCP / IP Address

b) To find your public IP address, simply open a web browser and search for "what is my IP." A search engine like Google will display your public IP address right at the top of the search results.

4) If you don't have domain name like example.com

1. Register and login to https://cloudflare.com

2. Buy a domain, like example.com

5) Add settings at CloudFlare

1. CloudFlare / Account Home / AI Audit: Block all AI crawlers, so that they do not slow down your websites and WeKan. But if you need Google Search to see your website like example.com, allow Googlebot.

2. CloudFlare / Account Home / example.com / DNS / Records / Add Record

   Type: A
   Name: wekan (for wekan.example.com, or kanban for kanban.example.com)
   IPv4 Address: YOUR-PUBLIC-IPv4-ADDRESS (example: 80.123.123.123)
   - Proxy Status: Orange cloud selected (not grey cloud)
   - TTL: Auto
   

3. Click Save

4. CloudFlare / Account Home / example.com / SSL/TLS / Overview / SSL/TLS Encryption / Configure / Full (strict)

5. CloudFlare / Account Home / example.com / Origin Server / Create Cerfificate for example.com

6. At Notepad, copy paste SSL/TLS certs in this order from top to bottom to one textfile example.com.pem:

   1. Private Cert
   2. Public Cert
   3. Certificate Chain
   

7. Have for example this directory structure (can also be D: or E: etc)

   C:.
   ├───wekan directory
   │   ├───files directory
   │   ├───certs directory
   │   │   └───example.com.pem
   │   ├───bundle directory
   │   │   └───main.js
   │   ├───caddy.exe from .zip file
   │   ├───Caddyfile textfile for Caddy 2 config
   │   └───start-wekan.bat textfile
   │ 
   └───Program Files
   

8. Edit start-wekan.bat with Notepad, search and change these settings, change subdomain wekan.example.com and node saving cmd.exe text outout to log.txt for logging:

   SET WRITABLE_PATH=..\FILES
   
   SET ROOT_URL=https://wekan.example.com  
   
   SET PORT=2000
   
   node main.js > log.txt 2>&1
   

If you have problems with attachments, instead try:

SET WRITABLE_PATH=..\FILES\

1. Download newest Caddy webserver caddy_VERSION-NUMBER_windows_amd64.zip from https://github.com/caddyserver/caddy/releases , extract .zip file, and copy caddy.exe to above directory structure.

• Caddy website https://caddyserver.com
• Caddy features https://caddyserver.com/features
• Caddy code https://github.com/caddyserver/caddy
• Caddy forum https://caddy.community/

1. To Caddyfile, with Notepad add this:

   wekan.example.com {
       tls {
           load C:\wekan\certs\example.com.pem
           alpn http/1.1
       }
       proxy / localhost:2000 {
         websocket
         transparent
       }
   }
   

2. Open cmd.exe terminal, write there:

   C:
   
   cd \wekan
   
   wekan.bat
   

3. Open another cmd.exe terminal, write there this. It will format Caddyfile to have correct text format, and validate is Caddyfile configuration settings correct.

   C:
   
   cd \wekan
   
   caddy fmt --overwrite Caddyfile
   
   caddy validate
   

If there is errors, ask Google Search about that error, edit Caddyfile with Notepad to fix it.

If there is not any errors, start Caddy:

caddy

This will start Caddy, like this:

example.com CloudFlare SSL/TLS Origin Certificate HTTP 443 => Public IPv4 Cable modem HTTPS port 443 => Local IPv4 HTTPS port 443 Caddy => Local IPv4 HTTP port 2000 Node.js main.js WeKan => MongoDB port 27017

From CloudFlare to Caddy, all is SSL/TLS encrypted. Caddy proxies all encrypted traffic to Node.js unencrypted HTTP port 2000.

At WeKan server laptop/desktop, locally between these executeable files, HTTP traffic is not encrypted:

• Between Caddy and WeKan
• Between WeKan and MongoDB

But outside of that server, all is SSL/TLS encrypted.

Docker WeKan Offline

At Internet connected computer, download:

1. Docker for Windows
2. docker-compose.yml from https://github.com/wekan/wekan
3. docker-compose up -d at Internet connected computer
4. Save wekan-app and wekan-db containers to files https://docs.docker.com/engine/reference/commandline/save/

At Offline Windows computer:

1. Install Docker for Windows
2. Load wekan-app container from file https://docs.docker.com/engine/reference/commandline/load/
3. Check what is ID of wekan-app container with docker images
4. Change at docker-compose.yml wekan-app contaier image:gc.... to image:ID where ID from step 3 above
5. Do steps 2-4 also for wekan-db container
6. docker-compose up -d

WeKan Updates

1. Updating only WeKan. Not updating Node.js and MongoDB.

1.1. Make backup, look at steps 2.1. and 2.2 below.

1.2. Download newest WeKan bundle .zip file from https://github.com/wekan/wekan/releases

1.3. Replace old bundle with new from that .zip file.

1.4. Start WeKan with start-wekan.sh

1. If it does not work, you maybe need to update Node.js and MongoDB.

2.1. Backup part 1/2. Try mongodump to backup database like this command. If mongodump command does not exist, download MongoDB Tools from https://www.mongodb.com/try/download/database-tools . Make backup:

mongodump

Backup will be is in directory dump. More info at https://github.com/wekan/wekan/wiki/Backup

2.2. Backup part 2/2. If there is files at WRITABLE_PATH directory mentioned at start-wekan.bat of https://github.com/wekan/wekan , also backup those. For example, if there is WRITABLE_PATH=.., it means previous directory. So when WeKan is started with node main.js in bundle directory, it may create in previous directory (where is bundle) directory files, where is subdirectories like files\attachments, files\avatars or similar.

2.3. Check required compatible version of Node.js from https://wekan.fi Install WeKan ® Server section and Download that version node.exe for Windows 64bit from https://nodejs.org/dist/

2.4. Check required compatible version of MongoDB from https://wekan.fi Install WeKan ® Server section and Download that version Windows MongoDB .msi installer from https://www.mongodb.com/try/download/community

2.5. Remove old Node.js and MongoDB (at Windows, Control Panel / Add Remove Programs).

2.6. Install newest Node.js and MongoDB.

2.7. Restore database with mongorestore, like this:

mongorestore --drop

If there are errors, try this instead:

mongorestore --drop --noIndexRestore

2.8. Start wekan with start-wekan.bat

2.9. If WeKan does not start with your old start-wekan.bat, download newest start-wekan.bat and look are there differences to your old start-wekan.bat . For example, with this command, could work on WSL or PowerShell or Linux or after installing git:

diff old-start-wekan.bat start-wekan.bat

b) How to fix errors on Linux bundle to create Windows bundle

Download Linux bundle wekan-VERSION.zip from from https://github.com/wekan/wekan/releases or https://releases.wekan.team/

npm install -g node-pre-gyp

cd bundle\programs\server\npm\node_modules\meteor\accounts-password

npm remove bcrypt

npm install bcrypt

c) WSL

WSL

d) Wekan to VirtualBox Ubuntu offline

1. Install newest VirtualBox

2. Install newest Ubuntu 64bit to VirtualBox

3. Install Wekan Snap version to Ubuntu with these commands:

   sudo snap install wekan
   

4. Shutdown Ubuntu

5. At VirtualBox menu, export appliance to wekan.ova file

6. Copy virtualbox-install.exe and wekan.ova to offline computer

7. At offline computer, install virtualbox and import wekan.ova

8. Set virtualbox network to bridged: https://github.com/wekan/wekan/wiki/virtual-appliance#how-to-use

9. Start VirtualBox and Ubuntu

10. In Ubuntu, type command:

    ip address
    

    => it will show Ubuntu IP address

11. In Ubuntu Terminal, type with your IP address, at below instead of 192.168.0.100:

    sudo snap set wekan root-url='http://192.168.0.100'
    
    sudo snap set wekan port='80'
    

12. Then at local network Wekan is at: http://192.168.0.100