forked from coop-cloud/mediawiki
Compare commits
49 Commits
2.0.0+1.36
...
main
Author | SHA1 | Date |
---|---|---|
3wc | dd623d7e43 | |
Flancian | 19125b7b27 | |
3wc | 3e3482b89e | |
3wc | 3018af9382 | |
iexos | 40831b5d91 | |
3wordchant | d63e412256 | |
iexos | 3c4332f794 | |
iexos | 08d7201772 | |
iexos | 0fb7f2bd7f | |
iexos | 639cadaa17 | |
iexos | 5096046a86 | |
iexos | de60261fce | |
iexos | 7d1810cf93 | |
iexos | 5159ed1b36 | |
3wc | e6f77b37e6 | |
3wc | 260dd4d7f3 | |
decentral1se | 57cf8db271 | |
Flancian | 0c50c3398f | |
Flancian | e2ca6b6df4 | |
Flancian | b78c20fe41 | |
Flancian | 112bd3300f | |
flancian | cc3682ef89 | |
Flancian | b1d3e2a0f9 | |
Flancian | 7ca11b8bc9 | |
3wc | e8fc7e6532 | |
3wordchant | 381a3ee2d6 | |
Sam Wight | f2afce4145 | |
Flancian | a931c54b31 | |
Flancian | 3101cff3e8 | |
Flancian | 2dd1c7aeee | |
Flancian | f509f7b830 | |
Flancian | ff2d004bcf | |
Flancian | 917eb68ae7 | |
3wc | 2ad502e4fa | |
3wc | 9ee106a2ed | |
3wordchant | bce93ab727 | |
Flancian | 8c503d5d28 | |
3wc | d7d228ab7e | |
3wc | ae116a9954 | |
3wc | a71d9195e8 | |
3wc | f18c9882df | |
3wc | ffcf336329 | |
3wc | 7e8c307936 | |
3wc | 463d606257 | |
3wc | bf2fcbd7b4 | |
Cassowary | bde470d4f9 | |
Cassowary | c377ae6620 | |
3wc | de6e1d415e | |
3wc | f33004bb86 |
20
.drone.yml
20
.drone.yml
|
@ -3,10 +3,12 @@ kind: pipeline
|
|||
name: deploy to swarm-test.autonomic.zone
|
||||
steps:
|
||||
- name: deployment
|
||||
image: decentral1se/stack-ssh-deploy:latest
|
||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||
settings:
|
||||
host: swarm-test.autonomic.zone
|
||||
stack: mediawiki
|
||||
networks:
|
||||
- proxy
|
||||
purge: true
|
||||
generate_secrets: true
|
||||
deploy_key:
|
||||
|
@ -31,11 +33,17 @@ trigger:
|
|||
- main
|
||||
---
|
||||
kind: pipeline
|
||||
name: recipe release
|
||||
name: generate recipe catalogue
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: thecoopcloud/drone-abra:latest
|
||||
image: plugins/downstream
|
||||
settings:
|
||||
command: recipe mediawiki release
|
||||
deploy_key:
|
||||
from_secret: abra_bot_deploy_key
|
||||
server: https://build.coopcloud.tech
|
||||
token:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
|
56
.env.sample
56
.env.sample
|
@ -1,6 +1,7 @@
|
|||
TYPE=mediawiki
|
||||
|
||||
DOMAIN=mediawiki.example.com
|
||||
COMPOSE_FILE="compose.yml"
|
||||
|
||||
#EXTRA_DOMAINS=', `www.wiki.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
@ -11,19 +12,35 @@ MEDIAWIKI_EMAIL_CONTACT="info@wiki.example.com"
|
|||
MEDIAWIKI_EMAIL_FROM="wiki@wiki.example.com"
|
||||
MEDIAWIKI_LOGO_FILE='$wgResourceBasePath/resources/assets/wiki.png'
|
||||
|
||||
MEDIAWIKI_IS_PRIVATE=1
|
||||
# list of language options (without ".json"):
|
||||
# https://gerrit.wikimedia.org/g/mediawiki/core/%2B/HEAD/languages/i18n
|
||||
MEDIAWIKI_LANGUAGE="en"
|
||||
|
||||
## SMTP
|
||||
#SMTP_HOST=postfix_relay_app
|
||||
#SMTP_HOST=mailu_front
|
||||
MEDIAWIKI_IS_PRIVATE=1
|
||||
MEDIAWIKI_ALLOW_REGISTRATION=0
|
||||
|
||||
MEDIAWIKI_DEBUG=0
|
||||
|
||||
SECRET_DB_ROOT_PASSWORD_VERSION=v1
|
||||
SECRET_DB_PASSWORD_VERSION=v1
|
||||
SECRET_MEDIAWIKI_SECRET_KEY_VERSION=v1 # length=64
|
||||
|
||||
# SMTP
|
||||
|
||||
## via local postfix/mailu
|
||||
#SMTP_HOST=postfix_relay_app
|
||||
#SMTP_HOST=mailu_front
|
||||
|
||||
## via remote email provider
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.smtp.yml"
|
||||
#SMTP_HOST="mail.example.com"
|
||||
#SMTP_PORT=587
|
||||
#SMTP_USER="${MEDIAWIKI_EMAIL_FROM}"
|
||||
#SECRET_SMTP_PASSWORD_VERSION=v1
|
||||
|
||||
# SAML
|
||||
|
||||
#COMPOSE_FILE="compose.yml:compose.simplesaml.yml"
|
||||
#COMPOSE_FILE="$COMPOSE_FILE:compose.simplesaml.yml"
|
||||
|
||||
#SAML_ENABLED=1
|
||||
#SAML_CONTACT_NAME="Sam Ell"
|
||||
|
@ -39,7 +56,32 @@ SECRET_MEDIAWIKI_SECRET_KEY_VERSION=v1 # length=64
|
|||
|
||||
## OpenID Connect
|
||||
# OPENID_ENABLED=1
|
||||
# COMPOSE_FILE="compose.yml:compose.openid.yml"
|
||||
# OPENID_KEYCLOAK_URL="https://keycloak.local:8080/auth/realms/acme/"
|
||||
# COMPOSE_FILE="$COMPOSE_FILE:compose.openid.yml"
|
||||
# OPENID_KEYCLOAK_URL="https://keycloak.local:8080/realms/acme/"
|
||||
# OPENID_CLIENT_ID="mediawiki"
|
||||
# SECRET_OPENID_CLIENT_SECRET_VERSION=v1
|
||||
|
||||
## WikiMarkdown
|
||||
#MARKDOWN_ENABLED=1
|
||||
|
||||
## MobileFrontend
|
||||
#MOBILEFRONTEND_ENABLED=1
|
||||
|
||||
## MsUpload
|
||||
#MSU_ENABLED=1
|
||||
|
||||
## PageForms
|
||||
#PAGEFORMS_ENABLED=1
|
||||
|
||||
## PageSchemas
|
||||
#PAGESCHEMAS_ENABLED=1
|
||||
|
||||
## SemanticMediaWiki
|
||||
#SEMANTICMW_ENABLED=1
|
||||
|
||||
## WikiMarkdown
|
||||
#MARKDOWN_ENABLED=1
|
||||
|
||||
## Tweeki skin
|
||||
#TWEEKI_ENABLED=0
|
||||
|
||||
|
|
|
@ -5,7 +5,6 @@ if ( !defined( 'MEDIAWIKI' ) ) {
|
|||
exit;
|
||||
}
|
||||
|
||||
|
||||
## Uncomment this to disable output compression
|
||||
# $wgDisableOutputCompression = true;
|
||||
|
||||
|
@ -85,7 +84,7 @@ $wgShellLocale = "C.UTF-8";
|
|||
#$wgCacheDirectory = "$IP/cache";
|
||||
|
||||
# Site language code, should be one of the list in ./languages/data/Names.php
|
||||
$wgLanguageCode = "en";
|
||||
$wgLanguageCode = "{{ env "MEDIAWIKI_LANGUAGE" }}";
|
||||
|
||||
$wgSecretKey = rtrim(file_get_contents('/run/secrets/mediawiki_secret_key'));
|
||||
|
||||
|
@ -107,8 +106,13 @@ $wgRightsIcon = "";
|
|||
# Path to the GNU diff3 utility. Used for conflict resolution.
|
||||
$wgDiff3 = "/usr/bin/diff3";
|
||||
|
||||
# The following permissions were set based on your choice in the installer
|
||||
{{ if eq (env "MEDIAWIKI_ALLOW_REGISTRATION") "1" }}
|
||||
$wgGroupPermissions['*']['createaccount'] = true;
|
||||
$wgEmailConfirmToEdit = true;
|
||||
{{ else }}
|
||||
$wgGroupPermissions['*']['createaccount'] = false;
|
||||
{{ end }}
|
||||
|
||||
$wgGroupPermissions['*']['edit'] = false;
|
||||
{{ if eq (env "MEDIAWIKI_IS_PRIVATE") "1" }}
|
||||
$wgGroupPermissions['*']['read'] = false;
|
||||
|
@ -116,15 +120,34 @@ $wgGroupPermissions['*']['read'] = false;
|
|||
$wgGroupPermissions['*']['read'] = true;
|
||||
{{ end }}
|
||||
|
||||
## Default skin: you can change the default skin. Use the internal symbolic
|
||||
## names, ie 'vector', 'monobook':
|
||||
$wgDefaultSkin = "vector";
|
||||
{{ if ne (env "MEDIAWIKI_PROXY_SERVERS") "" }}
|
||||
// In LocalSettings.php
|
||||
$wgUseCdn = true;
|
||||
$wgCdnServersNoPurge = [];
|
||||
$wgCdnServersNoPurge[] = "{{ env "MEDIAWIKI_PROXY_SERVERS" }}";
|
||||
{{ end }}
|
||||
|
||||
# Enabled skins.
|
||||
# The following skins were automatically enabled:
|
||||
wfLoadSkin( 'MonoBook' );
|
||||
wfLoadSkin( 'Timeless' );
|
||||
wfLoadSkin( 'Vector' );
|
||||
wfLoadSkin( 'MinervaNeue' );
|
||||
|
||||
## Default skin: you can change the default skin. Use the internal symbolic
|
||||
## names, ie 'vector', 'monobook':
|
||||
|
||||
{{ if eq (env "TWEEKI_ENABLED") "1" }}
|
||||
wfLoadSkin( 'Tweeki' );
|
||||
$wgDefaultSkin = "tweeki";
|
||||
{{ else }}
|
||||
$wgDefaultSkin = "vector";
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "MOBILEFRONTEND_ENABLED") "1" }}
|
||||
wfLoadExtension( 'MobileFrontend' );
|
||||
$wgDefaultMobileSkin = 'minerva';
|
||||
{{ end }}
|
||||
|
||||
# Enabled extensions. Most of the extensions are enabled by adding
|
||||
# wfLoadExtensions('ExtensionName');
|
||||
|
@ -143,47 +166,44 @@ $wgDefaultUserOptions['visualeditor-enable'] = 1;
|
|||
|
||||
$wgVisualEditorAllowLossySwitching = false;
|
||||
|
||||
$wgVirtualRestConfig['modules']['parsoid'] = [
|
||||
// URL to the Parsoid instance - use port 8142 if you use the Debian package - the parameter 'URL' was first used but is now deprecated (string)
|
||||
'url' => 'http://parsoid:8000/',
|
||||
// Parsoid "domain" (string, optional) - MediaWiki >= 1.26
|
||||
'domain' => 'localhost',
|
||||
// Parsoid "prefix" (string, optional) - deprecated since MediaWiki 1.26, use 'domain'
|
||||
'prefix' => 'localhost',
|
||||
// Forward cookies in the case of private wikis (string or false, optional)
|
||||
'forwardCookies' => true,
|
||||
// request timeout in seconds (integer or null, optional)
|
||||
'timeout' => null,
|
||||
// Parsoid HTTP proxy (string or null, optional)
|
||||
'HTTPProxy' => null,
|
||||
// whether to parse URL as if they were meant for RESTBase (boolean or null, optional)
|
||||
'restbaseCompat' => null,
|
||||
];
|
||||
|
||||
{{ if eq (env "SAML_ENABLED") "1" }}
|
||||
wfLoadExtension( 'PluggableAuth' );
|
||||
|
||||
wfLoadExtension( 'SimpleSAMLphp' );
|
||||
|
||||
$wgSimpleSAMLphp_InstallDir = "/var/simplesamlphp/";
|
||||
$wgSimpleSAMLphp_AuthSourceId = "{{ env "SAML_AUTH_SOURCE_ID" }}";
|
||||
$wgSimpleSAMLphp_RealNameAttribute = "{{ env "SAML_REAL_NAME_ATTRIBUTE" }}";
|
||||
$wgSimpleSAMLphp_EmailAttribute = "{{ env "SAML_EMAIL_ATTRIBUTE" }}";
|
||||
$wgSimpleSAMLphp_UsernameAttribute = "{{ env "SAML_USERNAME_ATTRIBUTE" }}";
|
||||
|
||||
$wgPluggableAuth_Config['Log in using my SAML'] = [
|
||||
'plugin' => 'SimpleSAMLphp',
|
||||
'data' => [
|
||||
'authSourceId' => '{{ env "SAML_AUTH_SOURCE_ID" }}',
|
||||
'usernameAttribute' => '{{ env "SAML_USERNAME_ATTRIBUTE" }}',
|
||||
'realNameAttribute' => '{{ env "SAML_REAL_NAME_ATTRIBUTE" }}',
|
||||
'emailAttribute' => '{{ env "SAML_EMAIL_ATTRIBUTE" }}'
|
||||
]
|
||||
];
|
||||
|
||||
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
||||
$wgGroupPermissions['*']['createaccount'] = false;
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "MEDIAWIKI_DEBUG") "1" }}
|
||||
$wgDebugLogFile = "/var/log/debug-{$wgDBname}.log";
|
||||
$wgShowExceptionDetails = true;
|
||||
$wgDebugToolbar = true;
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "OPENID_ENABLED") "1" }}
|
||||
wfLoadExtension( 'PluggableAuth' );
|
||||
wfLoadExtension( 'OpenIDConnect' );
|
||||
|
||||
$wgOpenIDConnect_Config['{{ env "OPENID_KEYCLOAK_URL" }}'] = [
|
||||
'clientID' => '{{ env "OPENID_CLIENT_ID"}}',
|
||||
'clientsecret' => '{{ secret "openid_client_secret" }}'
|
||||
$wgPluggableAuth_Config[] = [
|
||||
'plugin' => 'OpenIDConnect',
|
||||
'data' => [
|
||||
'providerURL' => '{{ env "OPENID_KEYCLOAK_URL" }}',
|
||||
'clientID' => '{{ env "OPENID_CLIENT_ID"}}',
|
||||
'clientsecret' => '{{ secret "openid_client_secret" }}'
|
||||
]
|
||||
];
|
||||
|
||||
$wgGroupPermissions['*']['autocreateaccount'] = true;
|
||||
|
@ -192,14 +212,42 @@ $wgGroupPermissions['*']['createaccount'] = false;
|
|||
|
||||
{{ if env "SMTP_HOST" }}
|
||||
$wgSMTP = [
|
||||
'host' => '{{ env "SMTP_HOST" }}', // could also be an IP address. Where the SMTP server is located
|
||||
'port' => 25, // Port to use when connecting to the SMTP server
|
||||
'auth' => false, // Should we use SMTP authentication (true or false)
|
||||
#'username' => 'my_user_name', // Username to use for SMTP authentication (if being used)
|
||||
#'password' => 'my_password' // Password to use for SMTP authentication (if being used)
|
||||
'host' => '{{ env "SMTP_HOST" }}', // could also be an IP address. Where the SMTP server is located
|
||||
'port' => {{ env "SMTP_PORT" }}, // Port to use when connecting to the SMTP server
|
||||
{{ if env "SMTP_USER" }}
|
||||
'auth' => true, // Should we use SMTP authentication (true or false)
|
||||
'username' => '{{ env "SMTP_USER" }}', // Username to use for SMTP authentication (if being used)
|
||||
'password' => '{{ secret "smtp_password" }}' // Password to use for SMTP authentication (if being used)
|
||||
{{ else }}
|
||||
'auth' => false
|
||||
{{ end }}
|
||||
];
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "MSU_ENABLED") "1" }}
|
||||
wfLoadExtension( 'MsUpload' );
|
||||
$wgAllowJavaUploads = true; // Solves problem with Office 2007 and newer files (docx, xlsx, etc.)
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "PAGEFORMS_ENABLED") "1" }}
|
||||
wfLoadExtension( 'PageForms' );
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "PAGESCHEMAS_ENABLED") "1" }}
|
||||
wfLoadExtension( 'PageSchemas' );
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "SEMANTICMW_ENABLED") "1" }}
|
||||
wfLoadExtension( 'SemanticMediaWiki' );
|
||||
enableSemantics( '{{ env "DOMAIN" }}' );
|
||||
{{ end }}
|
||||
|
||||
{{ if eq (env "MARKDOWN_ENABLED") "1" }}
|
||||
wfLoadExtension( 'WikiMarkdown' );
|
||||
$wgAllowMarkdownExtra = true; // allows usage of Parsedown Extra
|
||||
$wgAllowMarkdownExtended = true; // allows usage of Parsedown Extended
|
||||
{{ end }}
|
||||
|
||||
$wgFileExtensions = array(
|
||||
'png', 'gif', 'jpg', 'jpeg', 'doc', 'xls', 'mpp', 'pdf', 'ppt', 'tiff',
|
||||
'bmp', 'docx', 'xlsx', 'pptx', 'ps', 'odt', 'ods', 'odp', 'odg'
|
||||
|
@ -207,3 +255,15 @@ $wgFileExtensions = array(
|
|||
|
||||
$wgUploadSizeWarning = 1000000000;
|
||||
$wgMaxUploadSize = 1000000000;
|
||||
|
||||
# Greatly relax IP-based throttling for logging in while we work around docker networking issues.
|
||||
# https://social.coop/@flancian/110980993608947217
|
||||
$wgPasswordAttemptThrottle = [
|
||||
// Short term limit
|
||||
[ 'count' => 9999, 'seconds' => 300 ],
|
||||
// Long term limit. We need to balance the risk
|
||||
// of somebody using this as a DoS attack to lock someone
|
||||
// out of their account, and someone doing a brute force attack.
|
||||
[ 'count' => 999999, 'seconds' => 60 * 60 * 48 ],
|
||||
];
|
||||
|
||||
|
|
42
README.md
42
README.md
|
@ -1,18 +1,16 @@
|
|||
# Mediawiki
|
||||
|
||||
[![Build Status](https://drone.autonomic.zone/api/badges/coop-cloud/mediawiki/status.svg)](https://drone.autonomic.zone/coop-cloud/mediawiki)
|
||||
|
||||
Mediawiki [version 1.35][mediawiki-1.35]
|
||||
[![Build Status](https://build.coopcloud.tech/api/badges/coop-cloud/mediawiki/status.svg)](https://build.coopcloud.tech/coop-cloud/mediawiki)
|
||||
|
||||
<!-- metadata -->
|
||||
* **Category**: Apps
|
||||
* **Status**: ❸🍎
|
||||
* **Image**: [`mediawiki`](https://hub.docker.com/_/mediawiki), ❶💚, upstream
|
||||
* **Status**: 1, alpha
|
||||
* **Image**: [`mediawiki`](https://hub.docker.com/_/mediawiki), 4, upstream
|
||||
* **Healthcheck**: No
|
||||
* **Backups**: Yes
|
||||
* **Email**: ❶💚
|
||||
* **Tests**: ❷💛
|
||||
* **SSO**: ❷💛 (OAuth, SAML)
|
||||
* **Email**: 3
|
||||
* **Tests**: 2
|
||||
* **SSO**: 2 (OAuth, SAML)
|
||||
<!-- endmetadata -->
|
||||
|
||||
## Basic usage
|
||||
|
@ -21,20 +19,30 @@ Mediawiki [version 1.35][mediawiki-1.35]
|
|||
2. Deploy [`coop-cloud/traefik`][traefik]
|
||||
3. `abra app new mediawiki --secrets` (optionally with `--pass` if you'd like
|
||||
to save secrets in `pass`)
|
||||
4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
|
||||
4. `abra app config YOURAPPDOMAIN` - be sure to change `$DOMAIN` to something that resolves to
|
||||
your Docker swarm box
|
||||
5. `abra app YOURAPPDOMAIN deploy`
|
||||
5. `abra app deploy YOURAPPDOMAIN`
|
||||
6. Create an initial admin user:
|
||||
`abra app YOURAPPDOMAIN run app php /var/www/html/maintenance/createAndPromote.php --sysop YourUsername YourPassword`
|
||||
`abra app run YOURAPPDOMAIN app php /var/www/html/maintenance/createAndPromote.php --sysop YourUsername YourPassword`
|
||||
|
||||
## Email
|
||||
|
||||
1. `abra app YOURAPPDOMAIN config` - edit `.envrc` and uncomment the `SMTP` lines. Set `SMTP_HOST` to
|
||||
### Coop Cloud mailu or postfix
|
||||
|
||||
1. `abra app config YOURAPPDOMAIN` - edit `.envrc` and uncomment the `SMTP` lines. Set `SMTP_HOST` to
|
||||
`postfix_relay` for `coop-cloud/postfix_relay`, or `mailu_front` for
|
||||
`coop-cloud/mailu` (assuming default stack names)
|
||||
2. For `postfix_relay`, add the domain to your email config – `EXTRA_SENDER_DOMAINS` in
|
||||
`postfix_relay`. This doesn't seem to be required for Mailu.
|
||||
3. `abra app YOURAPPDOMAIN deploy`
|
||||
3. `abra app deploy YOURAPPDOMAIN`
|
||||
|
||||
### Remote provider
|
||||
|
||||
1. `abra app config YOURAPPDOMAIN` - uncomment `SMTP` under the "remote email provider" section and set values for `SMTP_HOST`, `SMTP_PORT` and `SMTP_USER`
|
||||
2. `abra app secret insert YOURAPPDOMAIN smtp_password v1 YOURSMTPPASSWORD`
|
||||
3. `abra app deploy YOURAPPDOMAIN`
|
||||
|
||||
Note: Only STARTTLS is supported, TLS won't work.
|
||||
|
||||
## Single Sign On
|
||||
|
||||
|
@ -48,13 +56,13 @@ This app includes optional SAML Single Sign On using
|
|||
NOTE: currently, if you enable SAML then it'll disable Mediawiki's own user account
|
||||
system. Patches to make this configurable are welcome!
|
||||
|
||||
1. `abra app YOURAPPDOMAIN config` - uncomment lines in the `SAML` section (including `COMPOSE_FILE`)
|
||||
1. `abra app config YOURAPPDOMAIN` - uncomment lines in the `SAML` section (including `COMPOSE_FILE`)
|
||||
2. Generate secrets: (add `--pass` if you want to store secrets in `pass`)
|
||||
```
|
||||
abra app YOURAPPDOMAIN secret generate saml_admin_password v1
|
||||
abra app YOURAPPDOMAIN secret generate saml_secret_salt v1 "pwgen -n 64 1"
|
||||
```
|
||||
3. `abra app YOURAPPDOMAIN deploy`
|
||||
3. `abra app deploy YOURAPPDOMAIN`
|
||||
4. Copy your SimpleSAMLphp metadata and certificates to the container (assuming
|
||||
you have local `metadata` and `cert` folders:
|
||||
```
|
||||
|
@ -72,14 +80,14 @@ system. Patches to make this configurable are welcome!
|
|||
|
||||
### OpenID Connect
|
||||
|
||||
1. `abra app YOURAPPDOMAIN config` - uncomment lines in the `OPENID` section (including `COMPOSE_FILE`)
|
||||
1. `abra app config YOURAPPDOMAIN` - uncomment lines in the `OPENID` section (including `COMPOSE_FILE`)
|
||||
2. Store your Keycloak-generated client secret in Docker:
|
||||
|
||||
```
|
||||
abra app YOURAPPDOMAIN secret insert openid_client_secret v1 put-your-secret-here
|
||||
```
|
||||
|
||||
3. `abra app YOURAPPDOMAIN deploy`
|
||||
3. `abra app deploy YOURAPPDOMAIN`
|
||||
|
||||
## License
|
||||
|
||||
|
|
10
abra.sh
10
abra.sh
|
@ -1,10 +1,10 @@
|
|||
export LOCAL_SETTINGS_CONF_VERSION=v2
|
||||
export LOCAL_SETTINGS_CONF_VERSION=v25
|
||||
export HTACCESS_CONF_VERSION=v1
|
||||
export ENTRYPOINT_CONF_VERSION=v2
|
||||
export COMPOSER_LOCAL_CONF_VERSION=v1
|
||||
export PHP_INI_VERSION=v1
|
||||
export ENTRYPOINT_CONF_VERSION=v20
|
||||
export COMPOSER_LOCAL_CONF_VERSION=v5
|
||||
export PHP_INI_VERSION=v4
|
||||
|
||||
export SAML_ENTRYPOINT_CONF_VERSION=v1
|
||||
export SAML_ENTRYPOINT_CONF_VERSION=v3
|
||||
|
||||
abra_backup_app() {
|
||||
_abra_backup_dir "app:/var/www/html/images"
|
||||
|
|
|
@ -5,7 +5,12 @@ services:
|
|||
app:
|
||||
volumes:
|
||||
- "simplesaml:/var/simplesamlphp/"
|
||||
- "simplesaml_cert:/var/simplesamlphp/cert"
|
||||
- "simplesaml_config:/var/simplesamlphp/config"
|
||||
- "simplesaml_data:/var/simplesamlphp/data"
|
||||
- "simplesaml_log:/var/simplesamlphp/log"
|
||||
- "simplesaml_metadata:/var/simplesamlphp/metadata"
|
||||
- "simplesaml_modules:/var/simplesamlphp/modules"
|
||||
environment:
|
||||
- SAML_AUTH_SOURCE_ID
|
||||
- SAML_EMAIL_ATTRIBUTE
|
||||
|
@ -14,7 +19,8 @@ services:
|
|||
- SAML_USERNAME_ATTRIBUTE
|
||||
|
||||
simplesaml:
|
||||
image: venatorfox/simplesamlphp:1.18.3
|
||||
# image: unicon/simplesamlphp:1.19.6
|
||||
image: git.coopcloud.tech/coop-cloud-chaos-patchs/simplesamlphp:1.19.7
|
||||
secrets:
|
||||
- saml_admin_password
|
||||
- saml_secret_salt
|
||||
|
@ -47,7 +53,12 @@ services:
|
|||
mode: 0555
|
||||
volumes:
|
||||
- simplesaml:/var/simplesamlphp/
|
||||
- simplesaml_log:/var/simplesamlphp/log
|
||||
- "simplesaml_cert:/var/simplesamlphp/cert"
|
||||
- "simplesaml_config:/var/simplesamlphp/config"
|
||||
- "simplesaml_data:/var/simplesamlphp/data"
|
||||
- "simplesaml_log:/var/simplesamlphp/log"
|
||||
- "simplesaml_metadata:/var/simplesamlphp/metadata"
|
||||
- "simplesaml_modules:/var/simplesamlphp/modules"
|
||||
networks:
|
||||
- proxy
|
||||
entrypoint: /docker-entrypoint.simplesaml.sh
|
||||
|
@ -62,7 +73,12 @@ services:
|
|||
|
||||
volumes:
|
||||
simplesaml:
|
||||
simplesaml_cert:
|
||||
simplesaml_config:
|
||||
simplesaml_data:
|
||||
simplesaml_log:
|
||||
simplesaml_metadata:
|
||||
simplesaml_modules:
|
||||
|
||||
secrets:
|
||||
saml_admin_password:
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
version: "3.8"
|
||||
|
||||
services:
|
||||
app:
|
||||
environment:
|
||||
- SMTP_USER
|
||||
secrets:
|
||||
- smtp_password
|
||||
|
||||
secrets:
|
||||
smtp_password:
|
||||
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}
|
||||
external: true
|
27
compose.yml
27
compose.yml
|
@ -3,7 +3,7 @@ version: "3.8"
|
|||
|
||||
services:
|
||||
app:
|
||||
image: mediawiki:1.36.2
|
||||
image: mediawiki:1.39.3
|
||||
environment:
|
||||
- DOMAIN
|
||||
- STACK_NAME
|
||||
|
@ -13,12 +13,15 @@ services:
|
|||
- MEDIAWIKI_SITENAMESPACE
|
||||
- MEDIAWIKI_LOGO_FILE
|
||||
- MEDIAWIKI_IS_PRIVATE
|
||||
- MEDIAWIKI_DEBUG
|
||||
- MEDIAWIKI_LANGUAGE=${MEDIAWIKI_LANGUAGE:-en}
|
||||
- SAML_ENABLED
|
||||
- OPENID_ENABLED
|
||||
- DB_HOST=db
|
||||
- DB_USER=mediawiki
|
||||
- DB_NAME=mediawiki
|
||||
- SMTP_HOST
|
||||
- SMTP_PORT=${SMTP_PORT:-25}
|
||||
volumes:
|
||||
- "mediawiki_images:/var/www/html/images"
|
||||
configs:
|
||||
|
@ -44,11 +47,13 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.0.0+1.36.2"
|
||||
- "coop-cloud.${STACK_NAME}.version=2.5.0+1.39.3"
|
||||
- "backupbot.backup=true"
|
||||
- "backupbot.backup.path=/var/www/html/images"
|
||||
entrypoint: /docker-entrypoint2.sh
|
||||
|
||||
db:
|
||||
image: mariadb:10.6
|
||||
image: mariadb:10.10
|
||||
environment:
|
||||
- MYSQL_USER=mediawiki
|
||||
- MYSQL_ROOT_PASSWORD_FILE=/run/secrets/db_root_password
|
||||
|
@ -61,14 +66,14 @@ services:
|
|||
- db_password
|
||||
networks:
|
||||
- internal
|
||||
|
||||
parsoid:
|
||||
image: thenets/parsoid:0.11.0
|
||||
hostname: parsoidserver
|
||||
networks:
|
||||
- internal
|
||||
environment:
|
||||
PARSOID_DOMAIN_localhost: http://app:80/api.php
|
||||
deploy:
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.path: "/tmp/dump.sql.gz"
|
||||
backupbot.backup.pre-hook: "sh -c 'mysqldump --single-transaction -u root -p\"$$(cat /run/secrets/db_root_password)\" mediawiki | gzip > /tmp/dump.sql.gz'"
|
||||
backupbot.backup.post-hook: "rm -f /tmp/dump.sql.gz"
|
||||
backupbot.restore: "true"
|
||||
backupbot.restore.post-hook: "sh -c 'mysql -u root -p\"$$(cat /run/secrets/db_root_password)\" mediawiki < /tmp/dbdump.sql && rm -f /tmp/dbdump.sql'"
|
||||
|
||||
volumes:
|
||||
mariadb:
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{
|
||||
{{ if eq (env "SEMANTICMW_ENABLED") "1" }}
|
||||
"require": {
|
||||
"mediawiki/semantic-media-wiki": "^4.1.0"
|
||||
},
|
||||
{{ end }}
|
||||
"extra": {
|
||||
"merge-plugin": {
|
||||
"include": [
|
||||
|
|
|
@ -8,7 +8,7 @@ init_composer() {
|
|||
if ! type composer > /dev/null 2>&1; then
|
||||
apt update -yqq && apt install -yqq curl git unzip zip
|
||||
curl -sS https://getcomposer.org/installer -o /tmp/composer-setup.php
|
||||
php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer --version=1.10.15
|
||||
php /tmp/composer-setup.php --install-dir=/usr/local/bin --filename=composer --version=2.5.4
|
||||
composer -V
|
||||
fi
|
||||
}
|
||||
|
@ -40,25 +40,22 @@ init_db() {
|
|||
php /var/www/html/maintenance/sql.php /var/www/html/maintenance/tables.sql
|
||||
php /var/www/html/maintenance/sql.php /var/www/html/maintenance/interwiki.sql
|
||||
# FIXME run createAndPromote.php with $ADMIN_USERNAME
|
||||
else
|
||||
php /var/www/html/maintenance/update.php --quick
|
||||
fi
|
||||
|
||||
if [ -n "${OPENID_ENABLED-}" ]; then
|
||||
php /var/www/html/maintenance/update.php --quick
|
||||
fi
|
||||
php /var/www/html/maintenance/update.php --quick
|
||||
}
|
||||
|
||||
init_extensions() {
|
||||
|
||||
if [ ! -d /var/www/html/extensions/PluggableAuth ]; then
|
||||
git clone --depth 1 -b REL1_32 \
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://gerrit.wikimedia.org/r/p/mediawiki/extensions/PluggableAuth \
|
||||
/var/www/html/extensions/PluggableAuth
|
||||
fi
|
||||
|
||||
if [ -n "${SAML_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/SimpleSAMLphp ]; then
|
||||
git clone --depth 1 -b REL1_32 \
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://gerrit.wikimedia.org/r/p/mediawiki/extensions/SimpleSAMLphp \
|
||||
/var/www/html/extensions/SimpleSAMLphp
|
||||
fi
|
||||
|
@ -66,17 +63,72 @@ init_extensions() {
|
|||
|
||||
if [ -n "${OPENID_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/OpenIDConnect ]; then
|
||||
git clone --depth 1 -b REL1_35 \
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/OpenIDConnect \
|
||||
/var/www/html/extensions/OpenIDConnect
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "${MOBILEFRONTEND_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/MobileFrontend ]; then
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://github.com/wikimedia/mediawiki-extensions-MobileFrontend.git \
|
||||
/var/www/html/extensions/MobileFrontend
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "${MSU_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/MsUpload ]; then
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/MsUpload \
|
||||
/var/www/html/extensions/MsUpload
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "${PAGEFORMS_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/PageForms ]; then
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/PageForms \
|
||||
/var/www/html/extensions/PageForms
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "${PAGESCHEMAS_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/PageSchemas ]; then
|
||||
git clone --depth 1 -b REL1_39 \
|
||||
https://gerrit.wikimedia.org/r/mediawiki/extensions/PageSchemas \
|
||||
/var/www/html/extensions/PageSchemas
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "${MARKDOWN_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/extensions/WikiMarkdown ]; then
|
||||
git clone --depth 1 \
|
||||
https://github.com/kuenzign/WikiMarkdown \
|
||||
/var/www/html/extensions/WikiMarkdown
|
||||
fi
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
init_skins() {
|
||||
|
||||
if [ -n "${TWEEKI_ENABLED-}" ]; then
|
||||
if [ ! -d /var/www/html/skins/Tweeki ]; then
|
||||
git clone --depth 1 \
|
||||
https://github.com/thaider/Tweeki \
|
||||
/var/www/html/skins/Tweeki
|
||||
fi
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
|
||||
main() {
|
||||
set -eu
|
||||
|
||||
init_extensions
|
||||
init_skins
|
||||
init_composer
|
||||
composer_install
|
||||
init_db
|
||||
|
|
|
@ -2,3 +2,9 @@ upload_max_filesize = 10M
|
|||
post_max_size = 10M
|
||||
max_execution_time = 7200
|
||||
max_file_uploads = 1000
|
||||
|
||||
{{ if eq (env "MEDIAWIKI_DEBUG") "0" }}
|
||||
error_reporting = E_ALL & ~E_DEPRECATED & ~E_STRICT
|
||||
{{ else }}
|
||||
error_reporting = E_ALL
|
||||
{{ end }}
|
||||
|
|
Loading…
Reference in New Issue