.env.sample

@@ -3,27 +3,32 @@ TYPE=federatedwiki
 DOMAIN=federatedwiki.example.com
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.federatedwiki.example.com`'
+
 LETS_ENCRYPT_ENV=production
 
 COMPOSE_FILE="compose.yml"
 
-# Change to an absolute path to use a bind-mount, e.g. /opt/fedwiki
+## where the wiki data lives; change to an absolute path if you want a bind‑mount (e.g. /opt/fedwiki)
 FEDWIKI_VOLUME="fedwiki"
 
-# custom wiki.cafe image, for working oauth2 support
-#COMPOSE_FILE="$COMPOSE_FILE:compose.wikicafe.yml"
+## Persist the lib volume / node_modules directory. If you're not using plugmatic, you can disable this option.
+COMPOSE_FILE="$COMPOSE_FILE:compose.lib.yml"
 
-# persistent lib volume / node_modules directory, e.g. for plugmatic
-#COMPOSE_FILE="$COMPOSE_FILE:compose.lib.yml"
-
-# Note(3wc): If you change this after initial deployment, you will need to
-# manually copy the new value from `conf/config.initial.json`
+## Note(3wc): If you change this after initial deployment, you will need to
+## manually copy the new value from `conf/config.initial.json`
 SECRET_COOKIE_SECRET_VERSION=v1  # length=30
 
-# Disable SSL encryption (not recommended) 
-#COMPOSE_FILE="$COMPOSE_FILE:compose.insecure.yml"
-
+## Specify wiki config filename. If running multiple farms on the same machine with unique configurations, each config needs a unique filename.
+## e.g. config-farm1.json, config-farm2.json, etc.
+## If there exists a config file named "config.json", it will be used by all farms by default.
 CONFIG_FILE="config.json"
 
-# Customize caddyfile
-#CADDY=https://foo.bar.com https://*.foo.bar.com...
+## If using Caddy:
+## Customize your Caddyfile to determine what domains are accessible and will get TLS certificates.
+## You are also able to enable access over HTTP by adding domains like: http://${DOMAIN}, http://*.${DOMAIN}, http://*.*.${DOMAIN}
+CADDY=https://${DOMAIN}, https://*.${DOMAIN}, https://*.*.${DOMAIN}, https://*.*.*.${DOMAIN}
+
+## If using Traefik:
+## By default traefik allows: https://${DOMAIN}, https://*.${DOMAIN}, https://*.*.${DOMAIN}, https://*.*.*.${DOMAIN}
+## Uncomment the following line to also allow HTTP access
+#COMPOSE_FILE="$COMPOSE_FILE:compose.insecure.yml"

README.md

@@ -1,26 +1,25 @@
 # Federated Wiki
 
-Share pages circulating within a creative commons
+Share pages circulating within a creative commons.
+
+See [Federated Wiki on GitHub](https://github.com/fedwiki/wiki) for more information.
 
 <!-- metadata -->
+* **Maintainer**: [@3wordchant](https://git.coopcloud.tech/3wordchant), [@Bortseb](https://git.coopcloud.tech/Bortseb), [@cgalo5758](https://git.coopcloud.tech/cgalo5758)
+* **Status**: `stable`
 * **Category**: Apps
-* **Status**: 0, work-in-progress
-* **Image**: [`dobbs/farm`](https://hub.docker.com/r/dobbs/farm/), 4, upstream 
+* **Image**: [`wiki-cafe/fedwiki-oci-image`](https://git.coopcloud.tech/wiki-cafe/-/packages/container/fedwiki-oci-image/), 4, upstream 
 * **Healthcheck**: No
 * **Backups**: No
-* **Email**: No
+* **Email**: N/A
 * **Tests**: No
-* **SSO**: No
+* **SSO**: ? (Keycloak)
 <!-- endmetadata -->
 
 ## Basic usage
 
-1. Set up Docker Swarm and [`abra`]
-2. Deploy [`coop-cloud/traefik`]
-3. `abra app new federatedwiki`
-4. `abra app config YOURAPPDOMAIN` - be sure to change `DOMAIN` to something that resolves to
+1. Set up [Docker Swarm](https://docs.coopcloud.tech/operators/tutorial/#server-configuration) and [`abra`](https://docs.coopcloud.tech/abra/)
+2. `abra app new federatedwiki -S` - Copy the secret it generates, you will need it for your wiki config file.
+3. `abra app config YOURAPPDOMAIN` - be sure to change `DOMAIN` to something that resolves to
    your Docker swarm box
-5. `abra app deploy YOURAPPDOMAIN`
-
-[`abra`]: https://git.autonomic.zone/autonomic-cooperative/abra
-[`coop-cloud/traefik`]: https://git.autonomic.zone/coop-cloud/traefik
+4. `abra app deploy YOURAPPDOMAIN`

compose.insecure.yml

@@ -7,6 +7,5 @@ services:
     deploy:
       labels:
         - "traefik.http.services.${STACK_NAME}-non-tls.loadbalancer.server.port=3000"
-        - "traefik.http.routers.${STACK_NAME}-non-tls.rule=Host(`${DOMAIN}`) || HostRegexp(`{subdomain:\\w+}.${DOMAIN}`) || HostRegexp(`{subsubdomain:\\w+}.{subdomain:\\w+}.${DOMAIN}`)"
-        - "traefik.http.routers.${STACK_NAME}-non-tls.entrypoints=web"
-        - "caddy=https://${DOMAIN}, https://*.${DOMAIN}, https://*.*.${DOMAIN}, https://*.*.*.${DOMAIN}, http://${DOMAIN}, http://*.${DOMAIN}, http://*.*.${DOMAIN}, http://*.*.*.${DOMAIN}"
+        - "traefik.http.routers.${STACK_NAME}-non-tls.rule=Host(`${DOMAIN}`) || HostRegexp(`{subdomain:\\w+}.${DOMAIN}`) || HostRegexp(`{subsubdomain:\\w+}.{subdomain:\\w+}.${DOMAIN}`) || HostRegexp(`{subsubsubdomain:\\w+}.{subsubdomain:\\w+}.{subdomain:\\w+}.${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}-non-tls.entrypoints=web"

compose.yml

@@ -29,13 +29,13 @@ services:
       labels:
         - "traefik.enable=true"
         - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3000"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`) || HostRegexp(`{subdomain:\\w+}.${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`) || HostRegexp(`{subdomain:\\w+}.${DOMAIN}`) || HostRegexp(`{subsubdomain:\\w+}.{subdomain:\\w+}.${DOMAIN}`) || HostRegexp(`{subsubsubdomain:\\w+}.{subsubdomain:\\w+}.{subdomain:\\w+}.${DOMAIN}`)"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
         - "traefik.http.routers.${STACK_NAME}.tls.domains[0].main=${DOMAIN}"
         - "traefik.http.routers.${STACK_NAME}.tls.domains[0].sans=*.${DOMAIN}"
         - "traefik.http.routers.${STACK_NAME}.priority=1"
-        - "caddy=${CADDY:-https://${DOMAIN}, https://*.${DOMAIN}, https://*.*.${DOMAIN}, https://*.*.*.${DOMAIN}}"
+        - "caddy=${CADDY}"
         - "caddy.reverse_proxy={{upstreams 3000}}"
         - "caddy.tls.on_demand="
         - "backupbot.backup=true"

config.initial.json.tmpl

@@ -1,6 +1,6 @@
 {
   "farm": true,
   "cookieSecret": "{{ secret "cookie_secret" }}",
-  "secure_cookie": true,
+  "security_useHttps": true,
   "security_type": "friends"
 }