The Docker configuration powering https://star-citizen.wiki.
docker pull scwiki/wiki:dev
Create the user and allow it to use docker:
adduser scwiki
usermod -aG docker scwikiAnd add the resulting UID and GUID to .env
Create the network:
docker network create --subnet=172.16.0.0/29 star-citizen.wikiReplace $wgSecretKey in LocalSettings.php.
# Generates a 64 character long hex string
echo "$(openssl rand -hex 32)"
# Or
php -r "echo(bin2hex(openssl_random_pseudo_bytes(32)));"Replace $wgUpgradeKey in LocalSettings.php.
# Generates a 8 character long hex string
echo "$(openssl rand -hex 8)"
# Or
php -r "echo(bin2hex(openssl_random_pseudo_bytes(8)))";Copy .env-example to .env and populate the available fields.
Update $wgServer and $wgCanonicalServer in LocalSettings.php
Note:
Elasticsearch requires vm.max_map_count to be set to at least 262144.
Run: sysctl -w vm.max_map_count=262144
Create required folders:
$ mkdir -p /etc/star-citizen.wiki
$ mkdir -p /var/lib/star-citizen.wiki/{esdata,redis,db,cache}
$ mkdir -p /srv/star-citizen.wiki/{images,sitemap}Copy files to destination:
$ cp ./LocalSettings.php ./.smw.json /etc/star-citizen.wiki
$ cp -R ./config /etc/star-citizen.wiki
$ cp -R ./container-config /etc/star-citizen.wiki
$ cp -R ./includes /etc/star-citizen.wiki
$ chown -R scwiki: /etc/star-citizen.wiki /var/lib/star-citizen.wiki /srv/star-citizen.wiki/sitemap
$ chown -R scwiki:www-data /srv/star-citizen.wiki/sitemap /srv/star-citizen.wiki/images /var/lib/star-citizen.wiki/cache /etc/star-citizen.wiki/.smw.json
$ chmod -R g+w /var/lib/star-citizen.wiki /srv/star-citizen.wiki/sitemap /var/lib/star-citizen.wiki/cache /etc/star-citizen.wiki/.smw.json
$ chmod g+rwx /var/lib/star-citizen.wiki/esdata
$ chgrp 0 /var/lib/star-citizen.wiki/esdata
$ chmod g+rwx /srv/star-citizen.wiki/sitemap /srv/star-citizen.wiki/imagesStart the database and wiki container:
su scwiki
docker-compose up -d star-citizen.wiki-varnish
docker exec -it star-citizen.wiki-live /bin/bash
# This creates the database and installs the wiki
# You should use the user / db / password configured in the .env file
# See https://www.mediawiki.org/wiki/Manual:Install.php for more information
php maintenance/install.php \
--confpath /dev/null \
--dbserver db \
--dbuser scw \
--dbpass scw \
--dbname scw \
--pass ADMIN_PASSWORD \
WIKI_NAME \
ADMIN_NAMEStop all container:
docker-compose downUncomment the LocalSettings.php mount and start the stack.
docker-compose up -dConnect to the container and run the update script:
docker exec -it star-citizen.wiki-live /bin/bash
php maintenance/update.php --quickIf you are running traefik remove the ports portion from the varnish container and uncomment the expose part.
For local traefik instances without SSL you need to remove all labels containing tls and change out the entry point from https to http (or the name you set in your traefik config).
Also when not using the Star Citizen Wiki Traefik config you need to remove the labels containing middlewares.
The Wiki stack consists of the following services:
- star-citizen.wiki
- MediaWiki 1.39.x
- Including
- ffmpeg
- ghostscript / poppler-utils
- luasandbox
- webp
- zip / unzip
- PHP Extensions
- CURL
- DOM
- IMAGICK
- JSON
- REDIS
- SOCKETS
- ZIP
- Extensions and Skins bundled in the container
- mediawiki/admin-links
- mediawiki/advanced-search
- mediawiki/apiunto
- mediawiki/capiunto
- mediawiki/cirrus-search
- mediawiki/citizen-skin
- mediawiki/cldr
- mediawiki/commons-metadata
- mediawiki/cookie-warning
- mediawiki/disambiguator
- mediawiki/discord-notifications
- mediawiki/discussion-tools
- mediawiki/echo
- mediawiki/elastica
- mediawiki/embed-video (Fork)
- mediawiki/json-config
- mediawiki/labeled-section-transclusion
- mediawiki/linter
- mediawiki/media-search
- mediawiki/multi-purge
- mediawiki/oauth
- mediawiki/page-forms
- mediawiki/plausible
- mediawiki/popups
- mediawiki/related-articles
- mediawiki/sandbox-link
- mediawiki/semantic-media-wiki
- mediawiki/semantic-result-formats
- mediawiki/semantic-scribunto
- mediawiki/semantic-drolldown
- mediawiki/short-description
- mediawiki/symfony-mailer
- mediawiki/tabber-neue
- mediawiki/template-styles
- mediawiki/template-styles-extender
- mediawiki/thanks
- mediawiki/upload-wizard
- mediawiki/universal-language-selector
- octfx/wikiseo
- db
- MariaDB Server
- elasticsearch
- ElasticSearch 7.10.2 ("Official" Version)
- elasticsearch-smw
- ElasticSearch 7.10.2 ("Official" Version)
- ofelia
- Cron Container
- Semantic MediaWiki Jobs
- Queue
- Runs every 10 seconds
- Sitemap generation
- Runs daily
- redis (keydb)
- JobQueue
- Caching
- Varnish
- Page Cache
The following page rules are used for CloudFlare
star-citizen.wiki/thumb.php?*- Cache-Level: Cache Everything
- Browser-Cache-TTL: 1 Year
- Edge-Cache-TTL: 1 Month
- Always Online: Yes
star-citizen.wiki/load.php?*- Cache-Level: Cache Everything
- Browser-Cache-TTL: 1 Year
- Edge-Cache-TTL: 1 Month
- Always Online: Yes
Visit Firewall -> Firewall Rules and add the following code to a new rule.
This will disable bots trying to edit pages, visit special pages, or the login view.
(http.request.uri.query contains "action=edit" and cf.client.bot) or
(http.request.uri.query contains "action=visualeditor" and cf.client.bot) or
(http.request.uri.query contains "Anmelden" and cf.client.bot) or
(http.request.uri.path contains "Spezial" and cf.client.bot) or
(http.request.uri.query contains "Spezial" and cf.client.bot) or
(http.request.uri.query contains "UserLogin" and cf.client.bot) or
(http.request.uri.path contains "Special" and cf.client.bot) or
(http.request.uri.query contains "Special" and cf.client.bot)
After a major update OAuth Consumers seem to get invalidated.
For each registered consumer a new one needs to get created.
The MediaWiki Container service name cannot have the same name as the domain the wiki is running on.
If both names are equal, and the wiki is running on https, VisualEditor will fail to connect.
To use the custom licenses in UW you need to create the following system messages
MariaDB moved to a new healthcheck syntax. For databases that already exist, a local user must be added:
CREATE USER 'mysql'@'127.0.0.1';
GRANT USAGE ON *.* to 'mysql'@'127.0.0.1';