ASL-Corp members, Bureaucrats, Check users, Structured Discussions bots, oversight, Suppressors, Administrators, Upload Wizard campaign editors
1,714
edits
Changes
Jump to navigation
Jump to search
Created initial page.
= Docker MediaWiki Server =
Notes and configuration files for setting up MediaWiki with nginx-proxy for Let's Encrypt SSL certs.
This guide is comprised of two methods for building a dockerized MediaWiki site:
* From the official MediaWiki docker image - easiest for beginners and those who just want to stand up a site (simple)
* From scratch - allows you to tweak the image more from the start and can be more complicated (advanced)
Regardless of the method used, this guide will also include any extensions you have in the build/extensions folder.
== nginx-proxy ==
* Create '''/srv/nginx-proxy'''
* Add this file
=== docker-compose.yml ===
docker-compose.yml
version: '2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
environment:
- "HTTPS_METHOD=noredirect"
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
ports:
- "80:80"
- "443:443"
restart: always
volumes:
- "./data/etc/certs:/etc/nginx/certs"
- "./data/etc/nginx/vhost.d:/etc/nginx/vhost.d"
- "./data/etc/nginx/htpasswd:/etc/nginx/htpasswd"
- "./data/etc/nginx/html:/usr/share/nginx/html"
- "/var/run/docker.sock:/tmp/docker.sock:ro"
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
environment:
### ToDo: Change to your e-mail address
# - DEFAULT_EMAIL=admin@demo.io
- NGINX_PROXY_CONTAINER=nginx-proxy
volumes_from:
- nginx-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/etc/certs:/etc/nginx/certs:rw
restart: always
networks:
default:
external:
name: nginx-proxy
== MediaWiki ==
* Create /srv/wiki, /srv/wiki/build, /srv/wiki/build/extensions
* Add the following files
=== docker-compose.yml ===
Copy the following to '''/srv/wiki/docker-compose.yml'''
version: '3'
services:
web:
image: mediawiki
build: build/.
container_name: wiki
depends_on:
- database
- parsoid
restart: always
#ports:
# - 80:80
environment:
## TODO: CHANGE VIRTUAL_HOST, LETSENCRYPT_HOST, and LETSENCRYPT_EMAIL TO YOUR OWN
- VIRTUAL_HOST=wiki.example.com
- HTTPS_METHOD=nohttp
- LETSENCRYPT_HOST=wiki.example.com
- LETSENCRYPT_EMAIL=nobody@example.com
links:
- database
volumes:
- /srv/wiki/html/images:/var/www/html/images
#- /srv/wiki/LocalSettings.php:/var/www/html/LocalSettings.php
networks:
- default
- nginx-proxy
database:
image: mariadb
container_name: db
restart: always
environment:
MYSQL_DATABASE: mediawiki
MYSQL_USER: wikiuser
MYSQL_PASSWORD: wiki
MYSQL_ROOT_PASSWORD: changeme <--- change this password
volumes:
- /srv/wiki/db:/var/lib/mysql
networks:
- default
parsoid:
# image: pastakhov/parsoid:0.7.1
image: thenets/parsoid:0.10
container_name: parsoid
restart: always
environment:
# - PARSOID_NUM_WORKERS=0
- PARSOID_DOMAIN_wiki=http://web/api.php
networks:
- default
networks:
nginx-proxy:
external:
name: nginx-proxy
=== Dockerfile ===
==== Simple ====
Copy the following to '''/srv/wiki/build/Dockerfile'''
Note: You can change the version of the MediaWiki docker image used by changing the FROM line.
FROM mediawiki:1.35.3
COPY ./extensions /var/www/html/extensions
==== Advanced ====
Note: You can change the version installed by changing:
* ENV MEDIAWIKI_MAJOR_VERSION 1.36
* ENV MEDIAWIKI_VERSION 1.36.1
To change to version 1.35 (LTS until 2023) you can substitite 1.35 and 1.35.3 for the values above.
Copy the following to '''/srv/wiki/build/Dockerfile'''
FROM php:7.4-apache
# System dependencies
RUN set -eux; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
git \
librsvg2-bin \
imagemagick \
# Required for SyntaxHighlighting
python3 \
; \
rm -rf /var/lib/apt/lists/*
# Install the PHP extensions we need
RUN set -eux; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libicu-dev \
libonig-dev \
; \
\
docker-php-ext-install -j "$(nproc)" \
intl \
mbstring \
mysqli \
opcache \
; \
\
pecl install APCu-5.1.20; \
docker-php-ext-enable \
apcu \
; \
rm -r /tmp/pear; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
# Enable Short URLs
RUN set -eux; \
a2enmod rewrite; \
{ \
echo "<Directory /var/www/html>"; \
echo " RewriteEngine On"; \
echo " RewriteCond %{REQUEST_FILENAME} !-f"; \
echo " RewriteCond %{REQUEST_FILENAME} !-d"; \
echo " RewriteRule ^ %{DOCUMENT_ROOT}/index.php [L]"; \
echo "</Directory>"; \
} > "$APACHE_CONFDIR/conf-available/short-url.conf"; \
a2enconf short-url
# Enable AllowEncodedSlashes for VisualEditor
RUN sed -i "s/<\/VirtualHost>/\tAllowEncodedSlashes NoDecode\n<\/VirtualHost>/" "$APACHE_CONFDIR/sites-available/000-default.conf"
# set recommended PHP.ini settings
# see https://secure.php.net/manual/en/opcache.installation.php
RUN { \
echo 'opcache.memory_consumption=128'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=4000'; \
echo 'opcache.revalidate_freq=60'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini
# SQLite Directory Setup
RUN set -eux; \
mkdir -p /var/www/data; \
chown -R www-data:www-data /var/www/data
# Version
ENV MEDIAWIKI_MAJOR_VERSION 1.36
ENV MEDIAWIKI_VERSION 1.36.1
# MediaWiki setup
RUN set -eux; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://www.mediawiki.org/keys/keys.txt
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
441276E9CCD15F44F6D97D18C119E1A64D70938E \
F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
; \
gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
tar -x --strip-components=1 -f mediawiki.tar.gz; \
gpgconf --kill all; \
rm -r "$GNUPGHOME" mediawiki.tar.gz.sig mediawiki.tar.gz; \
chown -R www-data:www-data extensions skins cache images; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
COPY ./extensions /var/www/html/extensions
CMD ["apache2-foreground"]
=== First start ===
* Update the /srv/wiki/docker-compose.yml file with the host, email and database password
* Run '''''docker-compose up -d''''' to start
* Login to wiki to complete setup (use https://<fqdn> specified in the files above)
=== Database connection details ===
When prompted for the database enter '''db://localhost'''
=== LocalSettings File ===
* Download when prompted
* Stop the wiki with '''''docker-compose down'''''
* Copy LocalSettings.php to the /srv/wiki directory
* Uncomment the '''#- /srv/wiki/LocalSettings.php:/var/www/html/LocalSettings.php''' line in the '''/srv/wiki/docker-compose.yml''' file
* chmod 755 the LocalSettings.php file
* Run '''''docker-compose up -d'''''
* Wait a minute then navigate to your wiki with https://<fqdn>
== Misc ==
=== Preventing access ===
https://www.mediawiki.org/wiki/Manual:Preventing_access#Simple_private_wiki
Notes and configuration files for setting up MediaWiki with nginx-proxy for Let's Encrypt SSL certs.
This guide is comprised of two methods for building a dockerized MediaWiki site:
* From the official MediaWiki docker image - easiest for beginners and those who just want to stand up a site (simple)
* From scratch - allows you to tweak the image more from the start and can be more complicated (advanced)
Regardless of the method used, this guide will also include any extensions you have in the build/extensions folder.
== nginx-proxy ==
* Create '''/srv/nginx-proxy'''
* Add this file
=== docker-compose.yml ===
docker-compose.yml
version: '2'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
environment:
- "HTTPS_METHOD=noredirect"
labels:
- "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
ports:
- "80:80"
- "443:443"
restart: always
volumes:
- "./data/etc/certs:/etc/nginx/certs"
- "./data/etc/nginx/vhost.d:/etc/nginx/vhost.d"
- "./data/etc/nginx/htpasswd:/etc/nginx/htpasswd"
- "./data/etc/nginx/html:/usr/share/nginx/html"
- "/var/run/docker.sock:/tmp/docker.sock:ro"
letsencrypt:
image: jrcs/letsencrypt-nginx-proxy-companion
environment:
### ToDo: Change to your e-mail address
# - DEFAULT_EMAIL=admin@demo.io
- NGINX_PROXY_CONTAINER=nginx-proxy
volumes_from:
- nginx-proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/etc/certs:/etc/nginx/certs:rw
restart: always
networks:
default:
external:
name: nginx-proxy
== MediaWiki ==
* Create /srv/wiki, /srv/wiki/build, /srv/wiki/build/extensions
* Add the following files
=== docker-compose.yml ===
Copy the following to '''/srv/wiki/docker-compose.yml'''
version: '3'
services:
web:
image: mediawiki
build: build/.
container_name: wiki
depends_on:
- database
- parsoid
restart: always
#ports:
# - 80:80
environment:
## TODO: CHANGE VIRTUAL_HOST, LETSENCRYPT_HOST, and LETSENCRYPT_EMAIL TO YOUR OWN
- VIRTUAL_HOST=wiki.example.com
- HTTPS_METHOD=nohttp
- LETSENCRYPT_HOST=wiki.example.com
- LETSENCRYPT_EMAIL=nobody@example.com
links:
- database
volumes:
- /srv/wiki/html/images:/var/www/html/images
#- /srv/wiki/LocalSettings.php:/var/www/html/LocalSettings.php
networks:
- default
- nginx-proxy
database:
image: mariadb
container_name: db
restart: always
environment:
MYSQL_DATABASE: mediawiki
MYSQL_USER: wikiuser
MYSQL_PASSWORD: wiki
MYSQL_ROOT_PASSWORD: changeme <--- change this password
volumes:
- /srv/wiki/db:/var/lib/mysql
networks:
- default
parsoid:
# image: pastakhov/parsoid:0.7.1
image: thenets/parsoid:0.10
container_name: parsoid
restart: always
environment:
# - PARSOID_NUM_WORKERS=0
- PARSOID_DOMAIN_wiki=http://web/api.php
networks:
- default
networks:
nginx-proxy:
external:
name: nginx-proxy
=== Dockerfile ===
==== Simple ====
Copy the following to '''/srv/wiki/build/Dockerfile'''
Note: You can change the version of the MediaWiki docker image used by changing the FROM line.
FROM mediawiki:1.35.3
COPY ./extensions /var/www/html/extensions
==== Advanced ====
Note: You can change the version installed by changing:
* ENV MEDIAWIKI_MAJOR_VERSION 1.36
* ENV MEDIAWIKI_VERSION 1.36.1
To change to version 1.35 (LTS until 2023) you can substitite 1.35 and 1.35.3 for the values above.
Copy the following to '''/srv/wiki/build/Dockerfile'''
FROM php:7.4-apache
# System dependencies
RUN set -eux; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
git \
librsvg2-bin \
imagemagick \
# Required for SyntaxHighlighting
python3 \
; \
rm -rf /var/lib/apt/lists/*
# Install the PHP extensions we need
RUN set -eux; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libicu-dev \
libonig-dev \
; \
\
docker-php-ext-install -j "$(nproc)" \
intl \
mbstring \
mysqli \
opcache \
; \
\
pecl install APCu-5.1.20; \
docker-php-ext-enable \
apcu \
; \
rm -r /tmp/pear; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*
# Enable Short URLs
RUN set -eux; \
a2enmod rewrite; \
{ \
echo "<Directory /var/www/html>"; \
echo " RewriteEngine On"; \
echo " RewriteCond %{REQUEST_FILENAME} !-f"; \
echo " RewriteCond %{REQUEST_FILENAME} !-d"; \
echo " RewriteRule ^ %{DOCUMENT_ROOT}/index.php [L]"; \
echo "</Directory>"; \
} > "$APACHE_CONFDIR/conf-available/short-url.conf"; \
a2enconf short-url
# Enable AllowEncodedSlashes for VisualEditor
RUN sed -i "s/<\/VirtualHost>/\tAllowEncodedSlashes NoDecode\n<\/VirtualHost>/" "$APACHE_CONFDIR/sites-available/000-default.conf"
# set recommended PHP.ini settings
# see https://secure.php.net/manual/en/opcache.installation.php
RUN { \
echo 'opcache.memory_consumption=128'; \
echo 'opcache.interned_strings_buffer=8'; \
echo 'opcache.max_accelerated_files=4000'; \
echo 'opcache.revalidate_freq=60'; \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini
# SQLite Directory Setup
RUN set -eux; \
mkdir -p /var/www/data; \
chown -R www-data:www-data /var/www/data
# Version
ENV MEDIAWIKI_MAJOR_VERSION 1.36
ENV MEDIAWIKI_VERSION 1.36.1
# MediaWiki setup
RUN set -eux; \
fetchDeps=" \
gnupg \
dirmngr \
"; \
apt-get update; \
apt-get install -y --no-install-recommends $fetchDeps; \
\
curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://www.mediawiki.org/keys/keys.txt
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
441276E9CCD15F44F6D97D18C119E1A64D70938E \
F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
; \
gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
tar -x --strip-components=1 -f mediawiki.tar.gz; \
gpgconf --kill all; \
rm -r "$GNUPGHOME" mediawiki.tar.gz.sig mediawiki.tar.gz; \
chown -R www-data:www-data extensions skins cache images; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
rm -rf /var/lib/apt/lists/*
COPY ./extensions /var/www/html/extensions
CMD ["apache2-foreground"]
=== First start ===
* Update the /srv/wiki/docker-compose.yml file with the host, email and database password
* Run '''''docker-compose up -d''''' to start
* Login to wiki to complete setup (use https://<fqdn> specified in the files above)
=== Database connection details ===
When prompted for the database enter '''db://localhost'''
=== LocalSettings File ===
* Download when prompted
* Stop the wiki with '''''docker-compose down'''''
* Copy LocalSettings.php to the /srv/wiki directory
* Uncomment the '''#- /srv/wiki/LocalSettings.php:/var/www/html/LocalSettings.php''' line in the '''/srv/wiki/docker-compose.yml''' file
* chmod 755 the LocalSettings.php file
* Run '''''docker-compose up -d'''''
* Wait a minute then navigate to your wiki with https://<fqdn>
== Misc ==
=== Preventing access ===
https://www.mediawiki.org/wiki/Manual:Preventing_access#Simple_private_wiki