Docker MediaWiki Server: Difference between revisions

From KG7QIN's Wiki
Jump to navigation Jump to search
mNo edit summary
No edit summary
Line 1: Line 1:
[[Category: How to]]
[[Category:How to]]
[[Category:Software]]
[[Category:Software]]
= Docker MediaWiki Server =
Notes and configuration files for setting up MediaWiki in a dockerized environment.
Notes and configuration files for setting up MediaWiki in a dockerized environment.


Line 30: Line 28:
===MediaWiki===
===MediaWiki===
Copy the following to '''/srv/wiki/docker-compose.yml'''
Copy the following to '''/srv/wiki/docker-compose.yml'''
 
<syntaxhighlight lang="yaml">
  version: '3'
version: '3'
  services:
services:
    web:
  web:
      image: mediawiki
    image: mediawiki
      build: build/.
    build: build/.
      container_name: wiki
    container_name: wiki
      depends_on:  
    depends_on:  
        - database
      - database
          ## parsoid is bundled as part of 1.35+, only uncomment if using an older version
      ## parsoid is bundled as part of 1.35+, only uncomment if using an older version
          #- parsoid
      #- parsoid
      restart: always
    restart: always
      ports:
    ports:
        - 80:80
      - 80:80
      links:
    links:
        - database
      - database
      volumes:
    volumes:
        - /srv/wiki/html/images:/var/www/html/images
      - /srv/wiki/html/images:/var/www/html/images
        ## TODO: remove the # below AFTER you have downloaded the LocalSettings.php file
      ## TODO: remove the # below AFTER you have downloaded the LocalSettings.php file
        #- /srv/wiki/LocalSettings.php:/var/www/html/LocalSettings.php
      #- /srv/wiki/LocalSettings.php:/var/www/html/LocalSettings.php
    database:
  database:
      image: mariadb
    image: mariadb
      container_name: db
    container_name: db
      restart: always
    restart: always
      environment:
    environment:
        MYSQL_DATABASE: mediawiki
      MYSQL_DATABASE: mediawiki
        ## TODO: Change the password below
      ## TODO: Change the password below
        MYSQL_USER: wikiuser
      MYSQL_USER: wikiuser
        ## TODO: Change the password below
      ## TODO: Change the password below
        MYSQL_PASSWORD: wiki
      MYSQL_PASSWORD: wiki
        MYSQL_ROOT_PASSWORD: changeme
      MYSQL_ROOT_PASSWORD: changeme
      volumes:
    volumes:
        - /srv/wiki/db:/var/lib/mysql
      - /srv/wiki/db:/var/lib/mysql
     
 
      ## parsoid is bundled as part of 1.35+, only uncomment if using an older version
  ## parsoid is bundled as part of 1.35+, only uncomment if using an older version
      #parsoid:
  #parsoid:
      #  image: thenets/parsoid:0.10
  #  image: thenets/parsoid:0.10
      #  container_name: parsoid
  #  container_name: parsoid
      #  restart: always
  #  restart: always
      #  environment:
  #  environment:
      #  - PARSOID_NUM_WORKERS=0
  #  - PARSOID_NUM_WORKERS=0
      #    - PARSOID_DOMAIN_wiki=http://web/api.php
  #    - PARSOID_DOMAIN_wiki=http://web/api.php
      #  networks:
</syntaxhighlight>
      #    - default


==Internet==
==Internet==
Line 79: Line 76:


===NGINX-Proxy===
===NGINX-Proxy===
Copy the following to '''/srv/nginx-proxy/docker-compose.yml'''
*Copy the following to '''/srv/nginx-proxy/docker-compose.yml'''
<syntaxhighlight lang="yaml">
version: '2'
services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    environment:
      - "HTTPS_METHOD=noredirect"
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    ports:
      - "80:80"
      - "443:443"
    restart: always
    volumes:
      - "./data/etc/certs:/etc/nginx/certs"
      - "./data/etc/nginx/vhost.d:/etc/nginx/vhost.d"
      - "./data/etc/nginx/htpasswd:/etc/nginx/htpasswd"
      - "./data/etc/nginx/html:/usr/share/nginx/html"
      - "./data/etc/nginx/conf.d:/etc/nginx/conf.d"
      - "/var/run/docker.sock:/tmp/docker.sock:ro"


    version: '2'
  letsencrypt:
     services:
     image: jrcs/letsencrypt-nginx-proxy-companion
      nginx-proxy:
    environment:
        image: jwilder/nginx-proxy
    ### ToDo: Change to your e-mail address
        container_name: nginx-proxy
    #      - DEFAULT_EMAIL=admin@demo.io
        environment:
      - NGINX_PROXY_CONTAINER=nginx-proxy
          - "HTTPS_METHOD=noredirect"
    volumes_from:
        labels:
      - nginx-proxy
          - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    volumes:
        ports:
      - /var/run/docker.sock:/var/run/docker.sock:ro
          - "80:80"
      - ./data/etc/certs:/etc/nginx/certs:rw
          - "443:443"
    restart: always
        restart: always
 
        volumes:
networks:
          - "./data/etc/certs:/etc/nginx/certs"
  default:
          - "./data/etc/nginx/vhost.d:/etc/nginx/vhost.d"
    external:
          - "./data/etc/nginx/htpasswd:/etc/nginx/htpasswd"
      name: nginx-proxy
          - "./data/etc/nginx/html:/usr/share/nginx/html"
</syntaxhighlight>
          - "/var/run/docker.sock:/tmp/docker.sock:ro"
 
   
*Copy the following to '''/srv/nginx-proxy/data/etc/nginx/conf.d/proxy-settings.conf'''
      letsencrypt:
<syntaxhighlight lang="text">
        image: jrcs/letsencrypt-nginx-proxy-companion
proxy_connect_timeout      300;
        environment:
proxy_send_timeout          300;
        ### ToDo: Change to your e-mail address
proxy_read_timeout          30m;
        #      - DEFAULT_EMAIL=admin@demo.io
send_timeout                300;
          - NGINX_PROXY_CONTAINER=nginx-proxy
</syntaxhighlight>
        volumes_from:
 
          - nginx-proxy
Note: Add the following line to the file above for large file upload issues:
        volumes:
<syntaxhighlight lang="text">
          - /var/run/docker.sock:/var/run/docker.sock:ro
client_max_body_size        5000m;
          - ./data/etc/certs:/etc/nginx/certs:rw
</syntaxhighlight>
        restart: always
You will need to adjust the size to a value suitable for your environment.
   
    networks:
      default:
        external:
          name: nginx-proxy


====Create docker network====
====Create docker network====
Line 125: Line 138:
===MediaWiki===
===MediaWiki===
Copy the following to '''/srv/wiki/docker-compose.yml'''
Copy the following to '''/srv/wiki/docker-compose.yml'''
 
<syntaxhighlight lang="yaml">
    version: '3'
version: '3'
    services:
services:
      web:
  web:
        image: mediawiki
    image: mediawiki
        build: build/.
    build: build/.
        container_name: wiki
    container_name: wiki
        depends_on:  
    depends_on:  
          - database
      - database
        ## parsoid is bundled as part of 1.35+, only uncomment if using an older version
    ## parsoid is bundled as part of 1.35+, only uncomment if using an older version
        #  - parsoid
    #  - parsoid
        restart: always
    restart: always
        environment:
    environment:
          ## TODO: CHANGE VIRTUAL_HOST, LETSENCRYPT_HOST, and LETSENCRYPT_EMAIL TO YOUR OWN
      ## TODO: CHANGE VIRTUAL_HOST, LETSENCRYPT_HOST, and LETSENCRYPT_EMAIL TO YOUR OWN
          - VIRTUAL_HOST=wiki.example.com
      - VIRTUAL_HOST=wiki.example.com
          - HTTPS_METHOD=nohttp
      - HTTPS_METHOD=nohttp
          - LETSENCRYPT_HOST=wiki.example.com
      - LETSENCRYPT_HOST=wiki.example.com
          - LETSENCRYPT_EMAIL=nobody@example.com
      - LETSENCRYPT_EMAIL=nobody@example.com
        links:
    links:
          - database
      - database
        volumes:
    volumes:
          - /srv/wiki/html/images:/var/www/html/images
      - /srv/wiki/html/images:/var/www/html/images
          ## TODO: remove the # below AFTER you have downloaded the LocalSettings.php file
      ## TODO: remove the # below AFTER you have downloaded the LocalSettings.php file
          #- /srv/wiki/LocalSettings.php:/var/www/html/LocalSettings.php
      #- /srv/wiki/LocalSettings.php:/var/www/html/LocalSettings.php
        networks:
    networks:
          - default
      - default
          - nginx-proxy
      - nginx-proxy
   
 
      database:
  database:
        image: mariadb
    image: mariadb
        container_name: db
    container_name: db
        restart: always
    restart: always
        environment:
    environment:
          MYSQL_DATABASE: mediawiki
      MYSQL_DATABASE: mediawiki
          MYSQL_USER: wikiuser
      MYSQL_USER: wikiuser
          ## TODO: Change the password below
      ## TODO: Change the password below
          MYSQL_PASSWORD: wiki
      MYSQL_PASSWORD: wiki
          ## TODO: Change the password below
      ## TODO: Change the password below
          MYSQL_ROOT_PASSWORD: changeme
      MYSQL_ROOT_PASSWORD: changeme
        volumes:
    volumes:
          - /srv/wiki/db:/var/lib/mysql
      - /srv/wiki/db:/var/lib/mysql
        networks:
    networks:
          - default
      - default
      ## parsoid is bundled as part of 1.35+, only uncomment if using an older version
  ## parsoid is bundled as part of 1.35+, only uncomment if using an older version
      #parsoid:
  #parsoid:
      #  image: thenets/parsoid:0.10
  #  image: thenets/parsoid:0.10
      #  container_name: parsoid
  #  container_name: parsoid
      #  restart: always
  #  restart: always
      #  environment:
  #  environment:
      #    - PARSOID_NUM_WORKERS=0
  #    - PARSOID_NUM_WORKERS=0
      #    - PARSOID_DOMAIN_wiki=http://web/api.php
  #    - PARSOID_DOMAIN_wiki=http://web/api.php
      #  networks:  
  #  networks:  
      #    - default
  #    - default
      
      
    networks:
networks:
      nginx-proxy:
  nginx-proxy:
        external:
    external:
          name: nginx-proxy
      name: nginx-proxy
</syntaxhighlight>


=Mediawiki Docker Image=
=Mediawiki Docker Image=
Line 201: Line 215:


Note: You can change the version of the MediaWiki docker image used by changing the FROM line.
Note: You can change the version of the MediaWiki docker image used by changing the FROM line.
 
<syntaxhighlight lang="dockerfile">
    FROM mediawiki:1.35.3
FROM mediawiki:1.35.3
    COPY ./extensions /var/www/html/extensions
COPY ./extensions /var/www/html/extensions
</syntaxhighlight>


==== Advanced ====
==== Advanced ====
Line 214: Line 229:


Copy the following to '''/srv/wiki/build/Dockerfile'''
Copy the following to '''/srv/wiki/build/Dockerfile'''
<syntaxhighlight lang="dockerfile">
FROM php:7.4-apache
COPY --from=composer /usr/bin/composer /usr/bin/composer
# System dependencies
RUN set -eux; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
git \
librsvg2-bin \
imagemagick \
# Required for SyntaxHighlighting
python3 \
; \
rm -rf /var/lib/apt/lists/*
# Install the PHP extensions we need
RUN set -eux; \
\
savedAptMark="$(apt-mark showmanual)"; \
\
apt-get update; \
apt-get install -y --no-install-recommends \
libicu-dev \
libonig-dev \
; \
\
docker-php-ext-install -j "$(nproc)" \
intl \
mbstring \
mysqli \
opcache \
; \
\
pecl install APCu-5.1.20; \
docker-php-ext-enable \
apcu \
; \
rm -r /tmp/pear; \
\
# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
apt-mark auto '.*' > /dev/null; \
apt-mark manual $savedAptMark; \
ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
| awk '/=>/ { print $3 }' \
| sort -u \
| xargs -r dpkg-query -S \
| cut -d: -f1 \
| sort -u \
| xargs -rt apt-mark manual; \
\
apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
rm -rf /var/lib/apt/lists/*


    FROM php:7.4-apache
# Enable Short URLs
   
RUN set -eux; \
    COPY --from=composer /usr/bin/composer /usr/bin/composer
a2enmod rewrite; \
   
{ \
    # System dependencies
echo "<Directory /var/www/html>"; \
    RUN set -eux; \
echo "  RewriteEngine On"; \
    \
echo "  RewriteCond %{REQUEST_FILENAME} !-f"; \
    apt-get update; \
echo "  RewriteCond %{REQUEST_FILENAME} !-d"; \
    apt-get install -y --no-install-recommends \
echo "  RewriteRule ^ %{DOCUMENT_ROOT}/index.php [L]"; \
    git \
echo "</Directory>"; \
    librsvg2-bin \
} > "$APACHE_CONFDIR/conf-available/short-url.conf"; \
    imagemagick \
a2enconf short-url
    # Required for SyntaxHighlighting
 
    python3 \
# Enable AllowEncodedSlashes for VisualEditor
    ; \
RUN sed -i "s/<\/VirtualHost>/\tAllowEncodedSlashes NoDecode\n<\/VirtualHost>/" "$APACHE_CONFDIR/sites-available/000-default.conf"
    rm -rf /var/lib/apt/lists/*
 
   
# set recommended PHP.ini settings
    # Install the PHP extensions we need
# see https://secure.php.net/manual/en/opcache.installation.php
    RUN set -eux; \
RUN { \
    \
echo 'opcache.memory_consumption=128'; \
    savedAptMark="$(apt-mark showmanual)"; \
echo 'opcache.interned_strings_buffer=8'; \
    \
echo 'opcache.max_accelerated_files=4000'; \
    apt-get update; \
echo 'opcache.revalidate_freq=60'; \
    apt-get install -y --no-install-recommends \
} > /usr/local/etc/php/conf.d/opcache-recommended.ini
    libicu-dev \
 
    libonig-dev \
# SQLite Directory Setup
    ; \
RUN set -eux; \
    \
mkdir -p /var/www/data; \
    docker-php-ext-install -j "$(nproc)" \
chown -R www-data:www-data /var/www/data
    intl \
 
    mbstring \
# Version
    mysqli \
ENV MEDIAWIKI_MAJOR_VERSION 1.35
    opcache \
ENV MEDIAWIKI_VERSION 1.35.3
    ; \
ENV MW_VERSION=REL1_35
    \
 
    pecl install APCu-5.1.20; \
# Home folder location
    docker-php-ext-enable \
ENV MW_HOME=/var/www/html
    apcu \
 
    ; \
 
    rm -r /tmp/pear; \
# MediaWiki setup
    \
RUN set -eux; \
    # reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
fetchDeps=" \
    apt-mark auto '.*' > /dev/null; \
gnupg \
    apt-mark manual $savedAptMark; \
dirmngr \
    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
"; \
    | awk '/=>/ { print $3 }' \
apt-get update; \
    | sort -u \
apt-get install -y --no-install-recommends $fetchDeps; \
    | xargs -r dpkg-query -S \
\
    | cut -d: -f1 \
curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
    | sort -u \
curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
    | xargs -rt apt-mark manual; \
export GNUPGHOME="$(mktemp -d)"; \
    \
# gpg key from https://www.mediawiki.org/keys/keys.txt
    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
    rm -rf /var/lib/apt/lists/*
D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
   
441276E9CCD15F44F6D97D18C119E1A64D70938E \
    # Enable Short URLs
F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
    RUN set -eux; \
1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
    a2enmod rewrite; \
; \
    { \
gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
    echo "<Directory /var/www/html>"; \
tar -x --strip-components=1 -f mediawiki.tar.gz; \
    echo "  RewriteEngine On"; \
gpgconf --kill all; \
    echo " RewriteCond %{REQUEST_FILENAME} !-f"; \
rm -r "$GNUPGHOME" mediawiki.tar.gz.sig mediawiki.tar.gz; \
    echo "  RewriteCond %{REQUEST_FILENAME} !-d"; \
chown -R www-data:www-data extensions skins cache images; \
    echo "  RewriteRule ^ %{DOCUMENT_ROOT}/index.php [L]"; \
  \
    echo "</Directory>"; \
  apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
    } > "$APACHE_CONFDIR/conf-available/short-url.conf"; \
  rm -rf /var/lib/apt/lists/*
    a2enconf short-url
 
   
RUN set -eux; \
    # Enable AllowEncodedSlashes for VisualEditor
        apt update; \
    RUN sed -i "s/<\/VirtualHost>/\tAllowEncodedSlashes NoDecode\n<\/VirtualHost>/" "$APACHE_CONFDIR/sites-available/000-default.conf"
        apt install -y --no-install-recommends \
   
            unzip
    # set recommended PHP.ini settings
 
    # see https://secure.php.net/manual/en/opcache.installation.php
##### Commonly used extensions
    RUN { \
RUN set -x; \
    echo 'opcache.memory_consumption=128'; \
     cd $MW_HOME/extensions \
    echo 'opcache.interned_strings_buffer=8'; \
     && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Echo \
    echo 'opcache.max_accelerated_files=4000'; \
     && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Thanks \
    echo 'opcache.revalidate_freq=60'; \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/CheckUser
    } > /usr/local/etc/php/conf.d/opcache-recommended.ini
 
   
# Flow extension
    # SQLite Directory Setup
RUN set -x; \
    RUN set -eux; \
    cd $MW_HOME/extensions \
    mkdir -p /var/www/data; \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Flow \
    chown -R www-data:www-data /var/www/data
    && cd Flow \
   
    && composer install --no-dev \
    # Version
    && cd ..
    ENV MEDIAWIKI_MAJOR_VERSION 1.35
 
    ENV MEDIAWIKI_VERSION 1.35.3
### MediaWiki Language Extension Bundle
    ENV MW_VERSION=REL1_35
# Translate
   
RUN set -x; \
     # Home folder location
     cd $MW_HOME/extensions \
     ENV MW_HOME=/var/www/html
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Babel \
   
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/cldr \
      
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/CleanChanges \
    # MediaWiki setup
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/UniversalLanguageSelector
    RUN set -eux; \
 
    fetchDeps=" \
##### ElasticSearch extensions
    gnupg \
RUN set -x; \
    dirmngr \
    cd $MW_HOME/extensions \
    "; \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/CirrusSearch \
    apt-get update; \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Elastica \
    apt-get install -y --no-install-recommends $fetchDeps; \
     && cd Elastica \
    \
     && composer install --no-dev \
    curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
    && cd ..
    curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
 
    export GNUPGHOME="$(mktemp -d)"; \
##### MobileFrontend extension
     # gpg key from https://www.mediawiki.org/keys/keys.txt
RUN set -x; \
    gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
    cd $MW_HOME/extensions \
    D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/MobileFrontend
    441276E9CCD15F44F6D97D18C119E1A64D70938E \
 
    F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
##### ElectronPdfService extension
    1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
RUN set -x; \
    ; \
    cd $MW_HOME/extensions \
    gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/ElectronPdfService
    tar -x --strip-components=1 -f mediawiki.tar.gz; \
 
    gpgconf --kill all; \
##### ConfirmAccount, UploadWizard
    rm -r "$GNUPGHOME" mediawiki.tar.gz.sig mediawiki.tar.gz; \
RUN set -x; \
    chown -R www-data:www-data extensions skins cache images; \
    cd $MW_HOME/extensions \
      \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/ConfirmAccount \
      apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
     && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/UploadWizard
      rm -rf /var/lib/apt/lists/*
 
      
 
     RUN set -eux; \
#### Add AutoSitemap extension ** disable if wiki is not reacahble from Internet!
            apt update; \
RUN set -x; \
            apt install -y --no-install-recommends \
    cd $MW_HOME/extensions \
                unzip
    && git clone --depth 1 https://github.com/dolfinus/AutoSitemap.git
   
 
    ##### Commonly used extensions
# Copy any other extenions from the ./build/extensions folder
    RUN set -x; \
COPY ./extensions $MW_HOME/extensions
        cd $MW_HOME/extensions \
 
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Echo \
CMD ["apache2-foreground"]
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Thanks \
</syntaxhighlight>
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/CheckUser
      
    # Flow extension
    RUN set -x; \
        cd $MW_HOME/extensions \
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Flow \
        && cd Flow \
        && composer install --no-dev \
        && cd ..
   
    ### MediaWiki Language Extension Bundle
    # Translate
    RUN set -x; \
        cd $MW_HOME/extensions \
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Babel \
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/cldr \
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/CleanChanges \
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/UniversalLanguageSelector
   
    ##### ElasticSearch extensions
    RUN set -x; \
        cd $MW_HOME/extensions \
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/CirrusSearch \
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Elastica \
        && cd Elastica \
        && composer install --no-dev \
        && cd ..
   
    ##### MobileFrontend extension
    RUN set -x; \
        cd $MW_HOME/extensions \
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/MobileFrontend
   
    ##### ElectronPdfService extension
    RUN set -x; \
        cd $MW_HOME/extensions \
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/ElectronPdfService
   
    ##### ConfirmAccount, UploadWizard
    RUN set -x; \
        cd $MW_HOME/extensions \
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/ConfirmAccount \
        && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/UploadWizard
   
   
    #### Add AutoSitemap extension ** disable if wiki is not reacahble from Internet!
    RUN set -x; \
        cd $MW_HOME/extensions \
        && git clone --depth 1 https://github.com/dolfinus/AutoSitemap.git
   
    # Copy any other extenions from the ./build/extensions folder
    COPY ./extensions $MW_HOME/extensions
   
    CMD ["apache2-foreground"]


=Running=
=Running=
Line 422: Line 438:
* Run '''''docker-compose up -d'''''
* Run '''''docker-compose up -d'''''
* Wait a minute then navigate to your wiki with https://<hostname/IP> for Intranet or https://<FQDN> for Internet.
* Wait a minute then navigate to your wiki with https://<hostname/IP> for Intranet or https://<FQDN> for Internet.
===Private IPs===
Mediawiki will only use the IP presented by the NGINX Proxy server (which will not be the client's real IP).  To have Mediawiki trust the X-Forwarded-For (and record them), add the following to the LocalSettings.php file:
<syntaxhighlight lang="php">
# Use X-ForwardedFor instead for Real IP
$wgUseCdn = true;
$wgCdnServersNoPurge = [];
$wgCdnServersNoPurge[] = "172.18.0.0/24";
</syntaxhighlight>
Change the '''172.18.0.0/24''' to the subnet your container is using for talking to the NGINX Proxy.
Reference: https://www.mediawiki.org/wiki/Manual:$wgUsePrivateIPs


=Misc=
=Misc=
Line 448: Line 476:


Add this to your '''LocalSettings.php''' file:
Add this to your '''LocalSettings.php''' file:
 
<syntaxhighlight lang="php>
  $wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'doc',
$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'doc',
      'xls', 'mpp', 'pdf', 'ppt', 'tiff', 'bmp', 'docx', 'xlsx',
    'xls', 'mpp', 'pdf', 'ppt', 'tiff', 'bmp', 'docx', 'xlsx',
      'pptx', 'ps', 'odt', 'ods', 'odp', 'odg'
    'pptx', 'ps', 'odt', 'ods', 'odp', 'odg'
  );
);
</syntaxhighlight>


===Increase file upload size===
===Increase file upload size===
Line 459: Line 488:


* Add this to your '''LocalSettings.php''' file to allow uploading of 2G files:
* Add this to your '''LocalSettings.php''' file to allow uploading of 2G files:
 
<syntaxhighlight lang="php>
  $wgUploadSizeWarning = 2147483647;
$wgUploadSizeWarning = 2147483647;
  $wgMaxUploadSize = 2147483647;
$wgMaxUploadSize = 2147483647;
 
</syntaxhighlight>
* Then create '''/srv/wiki/uploads.ini''' with the following:
* Then create '''/srv/wiki/uploads.ini''' with the following:
 
<syntaxhighlight lang="php>
  upload_max_filesize = 2048M
upload_max_filesize = 2048M
  post_max_size = 2048M
post_max_size = 2048M
  max_execution_time = 7200
max_execution_time = 7200
  max_file_uploads = 1000
max_file_uploads = 1000
 
</syntaxhighlight>
* Add the following line to the '''/srv/wiki/docker-compose.yml''' file under volumes
* Add the following line to the '''/srv/wiki/docker-compose.yml''' file under volumes


   - /srv/wiki/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini:ro
   - /srv/wiki/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini:ro

Revision as of 23:05, 8 September 2021

Notes and configuration files for setting up MediaWiki in a dockerized environment.

This guide is comprised of two methods for building a dockerized MediaWiki site:

  • From the official MediaWiki docker image - easiest for beginners and those who just want to stand up a site (simple)
  • From scratch - allows you to tweak the image more from the start and can be more complicated (advanced)

Regardless of the method used, this guide will also include any extensions you have in the build/extensions folder.

Preparation

There are two setups available:

  • One for Intranet use that doesn't use a proxy or SSL.
  • One for Internet use that uses NGINX as a proxy and Let's Encrypt for SSL.

Intranet - no proxy

  • Create /srv/wiki, /srv/wiki/build, and /srv/wiki/build/extensions directories.

Internet

  • Create /srv/wiki, /srv/wiki/build, /srv/wiki/build/extensions, and /srv/nginx-proxy directories.

Installation

Choose the type of installation that matches the one used in the preparation section above.

Intranet - no proxy

Use this if on an Intranet with no Internet access. If this becomes a heavily used site then consider putting this behind a proxy.

MediaWiki

Copy the following to /srv/wiki/docker-compose.yml

version: '3'
services:
  web:
    image: mediawiki
    build: build/.
    container_name: wiki
    depends_on: 
      - database
       ## parsoid is bundled as part of 1.35+, only uncomment if using an older version
       #- parsoid
    restart: always
    ports:
      - 80:80
    links:
      - database
    volumes:
      - /srv/wiki/html/images:/var/www/html/images
      ## TODO: remove the # below AFTER you have downloaded the LocalSettings.php file
      #- /srv/wiki/LocalSettings.php:/var/www/html/LocalSettings.php
  database:
    image: mariadb
    container_name: db
    restart: always
    environment:
      MYSQL_DATABASE: mediawiki
      ## TODO: Change the password below
      MYSQL_USER: wikiuser
      ## TODO: Change the password below
      MYSQL_PASSWORD: wiki
      MYSQL_ROOT_PASSWORD: changeme
    volumes:
      - /srv/wiki/db:/var/lib/mysql
   
  ## parsoid is bundled as part of 1.35+, only uncomment if using an older version
  #parsoid:
  #  image: thenets/parsoid:0.10
  #  container_name: parsoid
  #  restart: always
  #  environment:
  #   - PARSOID_NUM_WORKERS=0
  #    - PARSOID_DOMAIN_wiki=http://web/api.php

Internet

For an Internet setup you will use NGINX-Proxy with Let's Encrypt for SSL certificates.

NGINX-Proxy

  • Copy the following to /srv/nginx-proxy/docker-compose.yml
version: '2'
services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    environment:
      - "HTTPS_METHOD=noredirect"
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"
    ports:
      - "80:80"
      - "443:443"
    restart: always
    volumes:
      - "./data/etc/certs:/etc/nginx/certs"
      - "./data/etc/nginx/vhost.d:/etc/nginx/vhost.d"
      - "./data/etc/nginx/htpasswd:/etc/nginx/htpasswd"
      - "./data/etc/nginx/html:/usr/share/nginx/html"
      - "./data/etc/nginx/conf.d:/etc/nginx/conf.d"
      - "/var/run/docker.sock:/tmp/docker.sock:ro"

  letsencrypt:
    image: jrcs/letsencrypt-nginx-proxy-companion
    environment:
    ### ToDo: Change to your e-mail address
    #      - DEFAULT_EMAIL=admin@demo.io
      - NGINX_PROXY_CONTAINER=nginx-proxy
    volumes_from:
      - nginx-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/etc/certs:/etc/nginx/certs:rw
    restart: always

networks:
  default:
    external:
      name: nginx-proxy
  • Copy the following to /srv/nginx-proxy/data/etc/nginx/conf.d/proxy-settings.conf
proxy_connect_timeout       300;
proxy_send_timeout          300;
proxy_read_timeout          30m;
send_timeout                300;

Note: Add the following line to the file above for large file upload issues:

client_max_body_size        5000m;

You will need to adjust the size to a value suitable for your environment.

Create docker network

You will need to create an additional docker network for NGINX-Proxy and MediaWiki to talk on:

  • Run docker network create nginx-proxy

MediaWiki

Copy the following to /srv/wiki/docker-compose.yml

version: '3'
services:
  web:
    image: mediawiki
    build: build/.
    container_name: wiki
    depends_on: 
      - database
    ## parsoid is bundled as part of 1.35+, only uncomment if using an older version
    #  - parsoid
    restart: always
    environment:
      ## TODO: CHANGE VIRTUAL_HOST, LETSENCRYPT_HOST, and LETSENCRYPT_EMAIL TO YOUR OWN
      - VIRTUAL_HOST=wiki.example.com
      - HTTPS_METHOD=nohttp
      - LETSENCRYPT_HOST=wiki.example.com
      - LETSENCRYPT_EMAIL=nobody@example.com
    links:
      - database
    volumes:
      - /srv/wiki/html/images:/var/www/html/images
      ## TODO: remove the # below AFTER you have downloaded the LocalSettings.php file
      #- /srv/wiki/LocalSettings.php:/var/www/html/LocalSettings.php
    networks:
      - default
      - nginx-proxy
  
  database:
    image: mariadb
    container_name: db
    restart: always
    environment:
      MYSQL_DATABASE: mediawiki
      MYSQL_USER: wikiuser
      ## TODO: Change the password below
      MYSQL_PASSWORD: wiki
      ## TODO: Change the password below
      MYSQL_ROOT_PASSWORD: changeme
    volumes:
      - /srv/wiki/db:/var/lib/mysql
    networks:
      - default
  ## parsoid is bundled as part of 1.35+, only uncomment if using an older version
  #parsoid:
  #  image: thenets/parsoid:0.10
  #  container_name: parsoid
  #  restart: always
  #  environment:
  #     - PARSOID_NUM_WORKERS=0
  #    - PARSOID_DOMAIN_wiki=http://web/api.php
  #  networks: 
  #    - default
    
networks:
  nginx-proxy:
    external:
      name: nginx-proxy

Mediawiki Docker Image

Here you will find instructions on how to build your own custom MediaWiki docker image.

Dockerfile

There are two ways to create the Dockerfile for MediaWiki.

  • simple uses the MediaWiki image and adds your extension(s) to it.
  • advanced builds the MediaWiki image from scratch and adds your extension(s) to it.

For most users, the simple version of the Dockerfile will suffice.

Extract all extensions to the /srv/wiki/build/extensions directory.

Simple

Copy the following to /srv/wiki/build/Dockerfile

Note: You can change the version of the MediaWiki docker image used by changing the FROM line.

FROM mediawiki:1.35.3
COPY ./extensions /var/www/html/extensions

Advanced

Note: You can change the version installed by changing:

  • ENV MEDIAWIKI_MAJOR_VERSION 1.36
  • ENV MEDIAWIKI_VERSION 1.36.1
  • ENV MW_VERSION REL1_36

To change to version 1.35 (LTS until 2023) you can substitute 1.35, 1.35.3, and REL1_35 for the values above.

Copy the following to /srv/wiki/build/Dockerfile

FROM php:7.4-apache

COPY --from=composer /usr/bin/composer /usr/bin/composer

# System dependencies
RUN set -eux; \
	\
	apt-get update; \
	apt-get install -y --no-install-recommends \
		git \
		librsvg2-bin \
		imagemagick \
		# Required for SyntaxHighlighting
		python3 \
	; \
	rm -rf /var/lib/apt/lists/*

# Install the PHP extensions we need
RUN set -eux; \
	\
	savedAptMark="$(apt-mark showmanual)"; \
	\
	apt-get update; \
	apt-get install -y --no-install-recommends \
		libicu-dev \
		libonig-dev \
	; \
	\
	docker-php-ext-install -j "$(nproc)" \
		intl \
		mbstring \
		mysqli \
		opcache \
	; \
	\
	pecl install APCu-5.1.20; \
	docker-php-ext-enable \
		apcu \
	; \
	rm -r /tmp/pear; \
	\
	# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
	apt-mark auto '.*' > /dev/null; \
	apt-mark manual $savedAptMark; \
	ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
		| awk '/=>/ { print $3 }' \
		| sort -u \
		| xargs -r dpkg-query -S \
		| cut -d: -f1 \
		| sort -u \
		| xargs -rt apt-mark manual; \
	\
	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \
	rm -rf /var/lib/apt/lists/*

# Enable Short URLs
RUN set -eux; \
	a2enmod rewrite; \
	{ \
		echo "<Directory /var/www/html>"; \
		echo "  RewriteEngine On"; \
		echo "  RewriteCond %{REQUEST_FILENAME} !-f"; \
		echo "  RewriteCond %{REQUEST_FILENAME} !-d"; \
		echo "  RewriteRule ^ %{DOCUMENT_ROOT}/index.php [L]"; \
		echo "</Directory>"; \
	} > "$APACHE_CONFDIR/conf-available/short-url.conf"; \
	a2enconf short-url

# Enable AllowEncodedSlashes for VisualEditor
RUN sed -i "s/<\/VirtualHost>/\tAllowEncodedSlashes NoDecode\n<\/VirtualHost>/" "$APACHE_CONFDIR/sites-available/000-default.conf"

# set recommended PHP.ini settings
# see https://secure.php.net/manual/en/opcache.installation.php
RUN { \
		echo 'opcache.memory_consumption=128'; \
		echo 'opcache.interned_strings_buffer=8'; \
		echo 'opcache.max_accelerated_files=4000'; \
		echo 'opcache.revalidate_freq=60'; \
	} > /usr/local/etc/php/conf.d/opcache-recommended.ini

# SQLite Directory Setup
RUN set -eux; \
	mkdir -p /var/www/data; \
	chown -R www-data:www-data /var/www/data

# Version
ENV MEDIAWIKI_MAJOR_VERSION 1.35
ENV MEDIAWIKI_VERSION 1.35.3
ENV MW_VERSION=REL1_35

# Home folder location
ENV MW_HOME=/var/www/html


# MediaWiki setup
RUN set -eux; \
	fetchDeps=" \
		gnupg \
		dirmngr \
	"; \
	apt-get update; \
	apt-get install -y --no-install-recommends $fetchDeps; \
	\
	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz" -o mediawiki.tar.gz; \
	curl -fSL "https://releases.wikimedia.org/mediawiki/${MEDIAWIKI_MAJOR_VERSION}/mediawiki-${MEDIAWIKI_VERSION}.tar.gz.sig" -o mediawiki.tar.gz.sig; \
	export GNUPGHOME="$(mktemp -d)"; \
# gpg key from https://www.mediawiki.org/keys/keys.txt
	gpg --batch --keyserver keyserver.ubuntu.com --recv-keys \
		D7D6767D135A514BEB86E9BA75682B08E8A3FEC4 \
		441276E9CCD15F44F6D97D18C119E1A64D70938E \
		F7F780D82EBFB8A56556E7EE82403E59F9F8CD79 \
		1D98867E82982C8FE0ABC25F9B69B3109D3BB7B0 \
	; \
	gpg --batch --verify mediawiki.tar.gz.sig mediawiki.tar.gz; \
	tar -x --strip-components=1 -f mediawiki.tar.gz; \
	gpgconf --kill all; \
	rm -r "$GNUPGHOME" mediawiki.tar.gz.sig mediawiki.tar.gz; \
	chown -R www-data:www-data extensions skins cache images; \
   	\
   	apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false $fetchDeps; \
   	rm -rf /var/lib/apt/lists/*

RUN set -eux; \
        apt update; \
        apt install -y --no-install-recommends \
             unzip

##### Commonly used extensions
RUN set -x; \
    cd $MW_HOME/extensions \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Echo \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Thanks \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/CheckUser

# Flow extension
RUN set -x; \
    cd $MW_HOME/extensions \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Flow \
    && cd Flow \
    && composer install --no-dev \
    && cd ..

### MediaWiki Language Extension Bundle
# Translate
RUN set -x; \
    cd $MW_HOME/extensions \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Babel \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/cldr \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/CleanChanges \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/UniversalLanguageSelector

##### ElasticSearch extensions
RUN set -x; \
    cd $MW_HOME/extensions \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/CirrusSearch \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/Elastica \
    && cd Elastica \
    && composer install --no-dev \
    && cd ..

##### MobileFrontend extension
RUN set -x; \
    cd $MW_HOME/extensions \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/MobileFrontend

##### ElectronPdfService extension
RUN set -x; \
    cd $MW_HOME/extensions \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/ElectronPdfService

##### ConfirmAccount, UploadWizard
RUN set -x; \
    cd $MW_HOME/extensions \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/ConfirmAccount \
    && git clone --depth 1 -b $MW_VERSION https://gerrit.wikimedia.org/r/p/mediawiki/extensions/UploadWizard


#### Add AutoSitemap extension ** disable if wiki is not reacahble from Internet!
RUN set -x; \
    cd $MW_HOME/extensions \
    && git clone --depth 1 https://github.com/dolfinus/AutoSitemap.git

# Copy any other extenions from the ./build/extensions folder
COPY ./extensions $MW_HOME/extensions

CMD ["apache2-foreground"]

Running

First start

  • Update the /srv/wiki/docker-compose.yml file with the hostname (or FQDN for Internet), your email, and database passwords.
  • Run docker-compose up -d to start
  • Login to wiki to complete setup (use http://<hostname/IP> for Intranet or https://<FQDN> for Internet)

Database connection details

  • When prompted for the database enter db://localhost

Note: When prompted have MediaWiki use the same user account (root) for the database that was used for setup. Attempting to use a different user will result in an error and failure. This is due to the MediaWiki setup script attempting to use the database connection string as the hostname for the user (<username>@<connection string>) when granting user access to the database.

LocalSettings File

  • Download when prompted
  • Copy LocalSettings.php to the /srv/wiki directory

Finalize setup

  • Uncomment the #- /srv/wiki/LocalSettings.php:/var/www/html/LocalSettings.php line in the /srv/wiki/docker-compose.yml file
  • chmod 755 the LocalSettings.php file
  • Run docker-compose up -d
  • Wait a minute then navigate to your wiki with https://<hostname/IP> for Intranet or https://<FQDN> for Internet.

Private IPs

Mediawiki will only use the IP presented by the NGINX Proxy server (which will not be the client's real IP). To have Mediawiki trust the X-Forwarded-For (and record them), add the following to the LocalSettings.php file:

# Use X-ForwardedFor instead for Real IP
$wgUseCdn = true;
$wgCdnServersNoPurge = [];
$wgCdnServersNoPurge[] = "172.18.0.0/24";

Change the 172.18.0.0/24 to the subnet your container is using for talking to the NGINX Proxy.

Reference: https://www.mediawiki.org/wiki/Manual:$wgUsePrivateIPs

Misc

Preventing access

Note: You can also choose an access level at initial installation.

https://www.mediawiki.org/wiki/Manual:Preventing_access#Simple_private_wiki

Upgrading

IMPORTANT: Read https://www.mediawiki.org/wiki/Manual:Upgrading first for information about upgrading.

  1. Update /srv/wiki/build/Dockerfile. Either update version (simple) or make sure Dockerfile has the required dependencies and update version (advanced).
  2. Run docker-compose build

If step 2 is successful:

  1. Run docker-compose up -d
  2. Run docker-compose exec web bash
  3. Run cd maintenance
  4. Run php update.php

File uploads

Allow .pdf files to be uploaded

See https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads#Configuring_file_types

Add this to your LocalSettings.php file:

$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'doc',
    'xls', 'mpp', 'pdf', 'ppt', 'tiff', 'bmp', 'docx', 'xlsx',
    'pptx', 'ps', 'odt', 'ods', 'odp', 'odg'
);

Increase file upload size

See https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads#Set_maximum_size_for_file_uploads

  • Add this to your LocalSettings.php file to allow uploading of 2G files:
$wgUploadSizeWarning = 2147483647;
$wgMaxUploadSize = 2147483647;
  • Then create /srv/wiki/uploads.ini with the following:
upload_max_filesize = 2048M
post_max_size = 2048M
max_execution_time = 7200
max_file_uploads = 1000
  • Add the following line to the /srv/wiki/docker-compose.yml file under volumes
  - /srv/wiki/uploads.ini:/usr/local/etc/php/conf.d/uploads.ini:ro