Install Leanote

OK, @oneitonitram, you asked for it

Martin requested a “team wiki collaboration” app, and suggested Leanote:

It doesn’t look much like a wiki to me; rather it looks more like note-taking software, and in fact it seems to position itself as a replacement for Evernote. But nonetheless, it seems rather interesting. I don’t promise much effort in updating or maintaining this guide, but since it’s in the Howto category, it’s a wiki post–other users can edit it if desired. This is very basic, but it was enough to get Leanote up and running for me:

Work in Progress

Not for production use

Before you begin

Adjust your TLS certificate to add the hostname of leanote.yourdomain (or whatever hostname you want to assign to your Leanote installation), or create a new certificate for that FQDN. Then run these commands:

yum install mongodb mongodb-server
yum install
cd /opt
tar xfv download
rm download
systemctl enable --now mongod
mongorestore -h localhost -d leanote --dir leanote/mongodb_backup/leanote_install_data/
use leanote;
Replace leanote and abc123 in the command above with the desired database username and password. The password should be long and random.
Ctrl-D to exit Mongo.
nano /etc/mongod.conf
On line 70, uncomment auth = true. Save and exit.
systemctl restart mongod
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 64 | head -n 1
Copy the output of the command above.
nano leanote/conf/app.conf

  • Find the line that has app.secret= (it should be line 25), delete its current value, and replace with the value you just copied.
  • On line 8, set site.url to https://leanote.yourdomain (or alternate hostname if desired)
  • On lines 17 and 18, enter the database username and password you set above.
  • Save and exit

nano /usr/lib/systemd/system/leanote.service
Contents are:



WantedBy =

chmod +x leanote/bin/
systemctl enable --now leanote

Set up reverse proxy

config set leanote configuration
mkdir -p /etc/e-smith/templates-custom/etc/httpd/conf.d/virtualhosts.conf/
nano /etc/e-smith/templates-custom/etc/httpd/conf.d/virtualhosts.conf/15_leanote

You’re creating a template fragment. Its contents should be:

my $host = $leanote{hostname} || "leanote";
$OUT .= qq (
# 15_leanote

<VirtualHost *:80>
  ServerName $host.$DomainName
  RewriteEngine on
  RewriteRule ^/\\.well-known/ - [L]
  RewriteRule (.*) https://$host.$DomainName\$1 [R,L]
  Alias "/.well-known/acme-challenge/" "/var/www/html/.well-known/acme-challenge/"
  <Directory "/var/www/html/.well-known/acme-challenge/">
     Require all granted
     Options -Indexes -FollowSymLinks
     AllowOverride None

<VirtualHost *:443>
  ServerName $host.$DomainName
  SSLEngine on
  ProxyPass /
  ProxyPassReverse /

unless ($leanote{AllowDemo} eq 'enabled') {
	$OUT .= qq (
	RewriteEngine on
	RewriteRule ^/demo\$ /login [R=permanent,L]

if (length $leanote{CertFile}) {
	$OUT .= qq (
  SSLCertificateFile $leanote{CertFile}
  SSLCertificateChainFile $leanote{ChainFile}
  SSLCertificateKeyFile $leanote{KeyFile}
$OUT .= "\n</VirtualHost>\n"

Save and exit.

signal-event nethserver-httpd-update

Log in

Browse to https://leanote.yourdomain, and you’ll see a login screen. The default admin user is admin, password is abc123 (which you should change immediately).


Leanote will be made available on a virtual host of leanote.yourdomain. If you want to change this (say, to ln.yourdomain), run config setprop leanote hostname ln followed by signal-event nethserver-httpd-update.

By default, the Leanote demo mode is disabled. If you want to allow any visitor to your site to log in as a demo user without a password, run config setprop leanote AllowDemo enabled followed by signal-event nethserver-httpd-update.

By default, the Leanote virtual host will use the system’s default TLS certificate. To use a different cert (perhaps one you’ve obtained just for this virtual host), run:
config setprop leanote CertFile /path/to/cert
config setprop leanote ChainFile /path/to/intermediate/cert(s)
config setprop leanote KeyFile /path/to/private/key
signal-event nethserver-httpd-update

Important Admin settings

There are a few settings you’ll need to change, and others you’ll want to be aware of. Log in as the admin user, and in the upper-right corner of the screen, click on that user’s menu and select Admin:
This will take you to the administration page:

Save as PDF

To save notes as PDF, Leanote needs to know where the wkhtmltopdf binary is. To set that, on the left, click on Configuration, then on Export PDF. Enter the path to wkhtmltopdf, which is /usr/local/bin/wkhtmltopdf. Then click Submit:

Database backup/restore

On the left, click on Data, then Mongodb Tool Configuration. Enter the correct paths as shown here. Both mongodump and mongorestore live in /usr/local/bin/. Then click Submit.

Disable registration

Leanote does not synchronize its users with your Neth system, and by default, anyone who can reach your Leanote installation can register an account there without even needing to verify their email address. Unless your installation is on a protected network, you probably don’t want this. To disable registration, on the left, click on Configuration, then on Open Register. Uncheck the box and click Submit.

To Do

  • Security
    • MongoDB authentication
    • Disable account registration
    • Access control–allow access only from specified networks
    • Delete demo user/Try It button
  • Reverse proxy setup
    • Both for virtual host and subdirectory
  • systemd unit to start Leanote on boot (and in background)
  • LDAP/AD authentication?
  • wkhtmltopdf: cannot connect to X server
  • Figure out if there’s a Leanote fork that’s better maintained–Leanote itself hasn’t had a commit in over a year, or a release in over two years, and there are nearly 500 open issues.
  • RPM for Leanote itself
  • Nethserver module to integrate

cool @danb35
Thank you.
now lets get testing.

The to Do list is rather interesting, cool you considered those options too in the future

Just a note on mongodb. If I recall correctly, mongodb will not be / is not packaged for centos 8 due to license change. But is available directly from mongodb.

this giving an error
Error parsing command line: the required argument for option ‘–dir’ is missing
try ‘mongorestore --help’ for more information

You need to give the entire command, including the directory. Watch out for line wraps.

+1 for addition of Fail2Ban jail

systemd unit added.

Now, with that written up, some issues/concerns:

  • It looks like a great deal of the development and discussion are being done in Chinese. Certainly there’s nothing inherently wrong in that, but it’s a language I don’t speak, read, or write, so I’m likely missing a lot
  • Lots (479 at last count) of open issues
  • Last commit over a year ago, last release over two years ago. Leading to the question:
  • The desktop and iOS apps are showing much more recent activity, which is encouraging. But both of those pages (as well as the main README) link to a “BBS” at, which redirects to the GitHub issues page of the main project–not so encouraging.

I noticed accessing via https throws an erro, but normal http still works.

EDIT: just seen an issue raised on letsencrypt on the same

I’d expect so; nothing in this guide does anything to enable HTTPS. That would be handled in the reverse proxy setup that’s still a “to do.”

If these are active thene means there is still activity.

Maybe they currently do not have web developers, only desktop and mobile developers, and need developers to actively support. I dont know…

The good thing is that, the project is 100% open source. so it can be forked, and a widely English verion can be built on it.

Yes, and GitHub shows there are over 2000 forks of it right now. It might be worth investigating if there’s one that’s more actively maintained. Alternatively, it could be the case that there are no recent commits because there’s nothing that needs to be done on the base code–which is fine if it’s the case. But it’s nonetheless a concern.

there is once a software i asked the developer. why there is no new updated.
he just then posed the question back.

What new functions do you want which are not in the software?

he went ahead to mention that everything can be done by plugins and modules, so no need to update the core, unless there is need, or a security issue

479 open issues (some of which have been open for over five years) would seem to be an adequate answer to this question.

well, you are right, its been a while since the project was updated and the traffic around development recently seems not that huge.


someone was paid off…

Updated to add virtual host instructions. This will create a virtual host for leanote.yourdomain, redirect all traffic to https, and reverse proxy to the Leanote installation. It probably needs a little bit of refinement, though; images aren’t being displayed properly right now.


Well, it doesn’t look like it’s a reverse proxy problem as such, it’s rather a mixed-content problem. The thumbnail here:
Is broken because it’s trying to load http (why?) from a remote host (again, why?):

That’s, frankly, very disconcerting. But if I create a new note and add images, the image itself and its thumbnail shows up just fine–this looks like it may only affect the “default” note(s) for a new account.

Nothing I’ve seen in the Leanote docs indicates that this is possible–it looks like it can only authenticate users using its own built-in mechanism.

This is now done, as well as updates to the template fragment to allow customization of the hostname and the certificate.


Anyone else installed this? Tested? How’s it working? Good, bad, etc.?