diff --git a/LocalSettings.php.tmpl b/LocalSettings.php.tmpl index b39ce6c..0607ec2 100644 --- a/LocalSettings.php.tmpl +++ b/LocalSettings.php.tmpl @@ -55,9 +55,9 @@ $wgEmailAuthentication = true; ## Database settings $wgDBtype = "mysql"; -$wgDBserver = "mariadb"; -$wgDBname = "mediawiki"; -$wgDBuser = "mediawiki"; +$wgDBserver = "{{ env "DB_HOST" }}"; +$wgDBname = "{{ env "DB_NAME" }}"; +$wgDBuser = "{{ env "DB_USER" }}"; $wgDBpassword = rtrim(file_get_contents('/run/secrets/db_password')); # MySQL specific settings diff --git a/README.md b/README.md index 9ac6bc3..dec7503 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ This app includes optional SAML Single Sign On using NOTE: currently, if you enable SAML then it'll disable Mediawiki's own user account system. Patches to make this configurable are welcome! -1. Edit `.envrc` and uncomment lines in the `SAML` section (including `COMPOSE`) +1. Edit `.envrc` and uncomment lines in the `SAML` section (including `COMPOSE_FILE`) 2. `direnv allow` 3. Generate secrets: ``` diff --git a/compose.simplesaml.yml b/compose.simplesaml.yml index 8875b29..9b1f5b3 100644 --- a/compose.simplesaml.yml +++ b/compose.simplesaml.yml @@ -2,7 +2,7 @@ version: '3.8' services: - mediawiki: + app: volumes: - 'simplesaml:/var/simplesamlphp/' - 'simplesaml_log:/var/simplesamlphp/log' @@ -56,6 +56,7 @@ services: deploy: labels: - "traefik.enable=true" + - "traefik.docker.network=proxy" - "traefik.http.services.${STACK_NAME}_simplesaml.loadbalancer.server.port=80" - "traefik.http.routers.${STACK_NAME}_simplesaml.rule=(Host(`${DOMAIN}`) && PathPrefix(`/simplesaml`))" - "traefik.http.routers.${STACK_NAME}_simplesaml.entrypoints=web-secure" diff --git a/compose.yml b/compose.yml index d491150..d3721a7 100644 --- a/compose.yml +++ b/compose.yml @@ -2,7 +2,54 @@ version: '3.8' services: - mariadb: + app: + image: 'revianlabs/mediawiki-ve-bundle' + environment: + - DOMAIN + - STACK_NAME + - MEDIAWIKI_EMAIL_CONTACT + - MEDIAWIKI_EMAIL_FROM + - MEDIAWIKI_SITENAME + - MEDIAWIKI_SITENAMESPACE + - SAML_ENABLED + - DB_HOST=db + - DB_USER=mediawiki + - DB_NAME=mediawiki + volumes: + - 'mediawiki_images:/var/www/html/images' + - 'parsoid:/usr/lib/parsoid' + configs: + - source: LocalSettings_conf + target: /var/www/html/LocalSettings.php + - source: htaccess_conf + target: /var/www/html/.htaccess + - source: entrypoint2_conf + target: /docker-entrypoint2.sh + mode: 0555 + depends_on: + - db + secrets: + - db_password + - mediawiki_secret_key + networks: + - proxy + - internal + deploy: + update_config: + failure_action: rollback + labels: + - "traefik.enable=true" + - "traefik.docker.network=proxy" + - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" + - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})" + - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" + - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" + - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true" + - "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}" + entrypoint: /docker-entrypoint2.sh + + db: image: 'mariadb:10.5' environment: - MYSQL_USER=mediawiki @@ -23,45 +70,6 @@ services: max_attempts: 3 window: 120s - mediawiki: - image: 'revianlabs/mediawiki-ve-bundle' - environment: - - DOMAIN - - STACK_NAME - - MEDIAWIKI_EMAIL_CONTACT - - MEDIAWIKI_EMAIL_FROM - - MEDIAWIKI_SITENAME - - MEDIAWIKI_SITENAMESPACE - - SAML_ENABLED - volumes: - - 'mediawiki_images:/var/www/html/images' - - 'parsoid:/usr/lib/parsoid' - configs: - - source: LocalSettings_conf - target: /var/www/html/LocalSettings.php - - source: htaccess_conf - target: /var/www/html/.htaccess - - source: entrypoint2_conf - target: /docker-entrypoint2.sh - mode: 0555 - depends_on: - - mariadb - secrets: - - db_password - - mediawiki_secret_key - networks: - - proxy - - internal - deploy: - update_config: - failure_action: rollback - labels: - - "traefik.enable=true" - - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80" - - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)" - - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure" - - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}" - entrypoint: /docker-entrypoint2.sh volumes: mariadb: diff --git a/entrypoint.sh.tmpl b/entrypoint.sh.tmpl index 005fe48..4237d95 100755 --- a/entrypoint.sh.tmpl +++ b/entrypoint.sh.tmpl @@ -9,11 +9,11 @@ init_db() { apt update && apt install -y mariadb-client fi - PASSWORD=`cat /run/secrets/db_password` - TABLE_COUNT=$(mysql -u mediawiki --password="$PASSWORD" -h mariadb mediawiki -e "SELECT count(*) AS TOTAL FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'mediawiki';" -N -B) + PASSWORD=$(cat /run/secrets/db_password) + TABLE_COUNT=$(mysql -u "${DB_USER}" --password="$PASSWORD" -h "${DB_HOST}" "${DB_NAME}" -e "SELECT count(*) AS TOTAL FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_SCHEMA = 'mediawiki';" -N -B) if [[ "${TABLE_COUNT}" == "0" ]]; then - mysql -u mediawiki --password="$PASSWORD" -h mariadb mediawiki < /var/www/html/maintenance/tables.sql + mysql -u "${DB_USER}" --password="$PASSWORD" -h "${DB_HOST}" "${DB_NAME}" < /var/www/html/maintenance/tables.sql else php /var/www/html/maintenance/update.php fi diff --git a/entrypoint.simplesaml.sh.tmpl b/entrypoint.simplesaml.sh.tmpl index c1c8542..c6b260b 100644 --- a/entrypoint.simplesaml.sh.tmpl +++ b/entrypoint.simplesaml.sh.tmpl @@ -1,7 +1,5 @@ #!/usr/bin/env bash -set -e - file_env() { local var="$1" local fileVar="${var}_FILE"