Jeremy Davis's picture

[9-04-2013] Note: this patch has been abandoned. It is not considered stable and will not be released as an official TKL appliance. See my post here for further details.

Seeing as this is a major revision (basically a re-write) of my first KnowledgeTree patch - which was my first patch ever - I thought'd I start a new thread. This patch (and accompanying ISO and OVZ template) is much better than the old KT-CE patch  (IMO anyway).

What the patch does (in order):

  • Add Apache2 site "knowledgetree". [overlay]
  • Add (individual) Ubuntu-partner, KT and Zend server .list repos to sources.list.d/ [overlay]
  • Add an amended services.txt to Confconsole output. [overlay]
  • Add Postfix conf file (although still needs work IMO - planned for future revision). [overlay]
  • Add KT install/config files inc .htaccess file which auto redirects http to https (/tmp - moved into correct place after KT install is completed by conf). Note this also includes 2 security fixes as detailed here & here. [overlay]
  • Add firstboot inithooks for setting 'admin' password and create random secrets for KT MySQL DB (, 20rengen-kt-secrets & 40knowledgetree) [overlay]
  • Sets hostname to 'knowledgetree'. [conf]
  • Imports and installs KT & Zend apt-keys [conf]
  • Installs KT-CE from KT repo (as per usual, auto-installs all dependancies, including Zend Server php5.2). [conf]
  • Installs other stuff (postfix, ssl-certs & postfix webmin modules). [conf]
  • Disables default apache site as well as Zend UI (rationale later). [conf]
  • Remove config.ini from KT config folder and link to conf in /etc (to avoid confusion). [conf]
  • Create link to KT webroot in default webroot (/var/www) so users can easily find KT webroot if need be. [conf]
  • Create MySQL user, create and populate database. [conf]
  • Disable LigHTTPd (which serves Zend GUI/WebUI - ties in with above, rationale below). [conf]
  • Stops Apache2, MySQL, Postfix & ZendServer services (so patching finalises cleanly). [conf]
  • Changes ownership of KT doc root to www-data:www-data [config]
  • Copy in KT overlay files (so KT web frontend 'installer' doesn't run. From /tmp folder - as mentioned above). This shoud perhaps be prior to ownership changes but seems to work... [conf]
  • Cleans up inc apt. [conf]

To do:

  • Extensive general testing.
  • Test emailing (and configure further if required/desirable).
  • Look at what (if any) KT plugins are available which may be useful for TKL community.
  • Consider what documentation will be required.
  • Test WebDAV connectivity (ensure is all working as it should).

Known Bugs

  • None known currently.

Notes/Features (mostly covered above but detailed for clarity)

  • Rebased patch on TKL LAMP (previous KT patch built on Core). I'm not 100% sure whether this is ideal as it uninstall php5.3 and installs php5.2 (from ZnedServer repo), but it saved me having to rob and include the MySQL firstboot scripts... Otherwise it will still build on Core, but you will need to set root MySQLpassword manually.
  • First boot scripts to set 'admin' user password and set random KT-MySQL passwords (not needed by end user, just created for security).
  • .htaccess file forces Apache to redirect http to https.
  • 2 known security bugs patched (bugs detailed here & here).
  • Set KT webroot (so KT is available at https://<ip>/ rather than https://<ip>/knowledgetree/).
  • ZendServer WebUI disabled (and LigHTTPd webserver not running). As by default the server is not available other than to localhost anyway, as well as not having a password or https enabled by default I thought it best to leave this out. If end users want to use ZendServer WebUI, then it will need to be re-enabled and configured.
  • OVZ template built from official TKL OVZ template source (ie patched the template).

Also please note that KnowledgeTree is a pretty huge app and as well as considerable Ubuntu dependancies, it downloads 250MB+ from the KT & Zend repos (about 370MB in total). Min 1GB RAM recommended for trouble free usage.

KnowledgeTree TKLPatch on GitHub here. Instructions on installing from GitHub here.
ISO and OVZ templates - TKL Community Downloads SourceForge page here.

Jeremy Davis's picture

From what I've read changes in Vista/7 make it impossible to use Win Explorer for accessing WebDAV, but it does still work with XP. If you are using the above patch you will need to disable https on WebDAV though.

You can change the .httaccess file (in the web root). Where it says '#Force HTTPS' change the 2 lines below to this:

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !^/yournonhttpsdirectory/
RewriteRule ^(.*)$$1 [R,L]

Add new comment