302 lines
8.8 KiB
Markdown
302 lines
8.8 KiB
Markdown
|
---
|
||
|
title: WikiJS
|
||
|
---
|
||
|
|
||
|
`# apt install nginx podman nodejs`
|
||
|
## Preparation
|
||
|
Create a new network for the database and wikijs
|
||
|
`$ podman network create wikijs`
|
||
|
|
||
|
## Database setup
|
||
|
`# podman pull docker://postgres`
|
||
|
|
||
|
```
|
||
|
# podman run -p 127.0.0.1:5432:5432 --name wikijsdb \
|
||
|
-e POSTGRES_PASSWORD=wikijs \
|
||
|
-e PGDATA=/var/lib/postgresql/data/pgdata \
|
||
|
-v /mnt/postgres/wikijsdb:/var/lib/postgresql/data \
|
||
|
-d docker.io/postgres
|
||
|
```
|
||
|
|
||
|
`# podman exec -it wikijsdb bash`
|
||
|
|
||
|
`# psql -U postgres`
|
||
|
|
||
|
Create database used by wikijs
|
||
|
`=# CREATE DATABASE wikijs;`
|
||
|
|
||
|
### Systemd Service
|
||
|
Generate the systems service file following the [podman guide](/linux/services/podman)
|
||
|
|
||
|
## Wiki.JS Setup
|
||
|
`$ cd /var`
|
||
|
`# wget https://github.com/Requarks/wiki/releases/download/(version)/wiki-js.tar.gz`
|
||
|
`# mkdir wiki`
|
||
|
`# tar xzf wiki-js.tar.gz -C ./wiki`
|
||
|
`$ cd ./wiki`
|
||
|
|
||
|
Move default config
|
||
|
`# mv config.sample.yml config.yml`
|
||
|
```
|
||
|
#######################################################################
|
||
|
# Wiki.js - CONFIGURATION #
|
||
|
#######################################################################
|
||
|
# Full documentation + examples:
|
||
|
# https://docs.requarks.io/install
|
||
|
|
||
|
# ---------------------------------------------------------------------
|
||
|
# Port the server should listen to
|
||
|
# ---------------------------------------------------------------------
|
||
|
|
||
|
port: 3000
|
||
|
|
||
|
# ---------------------------------------------------------------------
|
||
|
# Database
|
||
|
# ---------------------------------------------------------------------
|
||
|
# Supported Database Engines:
|
||
|
# - postgres = PostgreSQL 9.5 or later
|
||
|
# - mysql = MySQL 8.0 or later (5.7.8 partially supported, refer to docs)
|
||
|
# - mariadb = MariaDB 10.2.7 or later
|
||
|
# - mssql = MS SQL Server 2012 or later
|
||
|
# - sqlite = SQLite 3.9 or later
|
||
|
|
||
|
db:
|
||
|
type: postgres
|
||
|
|
||
|
# PostgreSQL / MySQL / MariaDB / MS SQL Server only:
|
||
|
host: localhost
|
||
|
port: 5432
|
||
|
user: postgres
|
||
|
pass: wikijs
|
||
|
db: wikijs
|
||
|
ssl: false
|
||
|
|
||
|
# Optional - PostgreSQL / MySQL / MariaDB only:
|
||
|
# -> Uncomment lines you need below and set `auto` to false
|
||
|
# -> Full list of accepted options: https://nodejs.org/api/tls.html#tls_tls_createsecurecontext_options
|
||
|
sslOptions:
|
||
|
auto: true
|
||
|
# rejectUnauthorized: false
|
||
|
# ca: path/to/ca.crt
|
||
|
# cert: path/to/cert.crt
|
||
|
# key: path/to/key.pem
|
||
|
# pfx: path/to/cert.pfx
|
||
|
# passphrase: xyz123
|
||
|
|
||
|
# SQLite only:
|
||
|
storage: path/to/database.sqlite
|
||
|
|
||
|
#######################################################################
|
||
|
# ADVANCED OPTIONS #
|
||
|
#######################################################################
|
||
|
# Do not change unless you know what you are doing!
|
||
|
|
||
|
# ---------------------------------------------------------------------
|
||
|
# SSL/TLS Settings
|
||
|
# ---------------------------------------------------------------------
|
||
|
# Consider using a reverse proxy (e.g. nginx) if you require more
|
||
|
# advanced options than those provided below.
|
||
|
|
||
|
ssl:
|
||
|
enabled: false
|
||
|
port: 3443
|
||
|
|
||
|
# Provider to use, possible values: custom, letsencrypt
|
||
|
provider: custom
|
||
|
|
||
|
# ++++++ For custom only ++++++
|
||
|
# Certificate format, either 'pem' or 'pfx':
|
||
|
format: pem
|
||
|
# Using PEM format:
|
||
|
key: path/to/key.pem
|
||
|
cert: path/to/cert.pem
|
||
|
# Using PFX format:
|
||
|
pfx: path/to/cert.pfx
|
||
|
# Passphrase when using encrypted PEM / PFX keys (default: null):
|
||
|
passphrase: null
|
||
|
# Diffie Hellman parameters, with key length being greater or equal
|
||
|
# to 1024 bits (default: null):
|
||
|
dhparam: null
|
||
|
|
||
|
# ++++++ For letsencrypt only ++++++
|
||
|
domain: wiki.yourdomain.com
|
||
|
subscriberEmail: admin@example.com
|
||
|
|
||
|
# ---------------------------------------------------------------------
|
||
|
# Database Pool Options
|
||
|
# ---------------------------------------------------------------------
|
||
|
# Refer to https://github.com/vincit/tarn.js for all possible options
|
||
|
|
||
|
pool:
|
||
|
# min: 2
|
||
|
# max: 10
|
||
|
|
||
|
# ---------------------------------------------------------------------
|
||
|
# IP address the server should listen to
|
||
|
# ---------------------------------------------------------------------
|
||
|
# Leave 0.0.0.0 for all interfaces
|
||
|
|
||
|
bindIP: 0.0.0.0
|
||
|
|
||
|
# ---------------------------------------------------------------------
|
||
|
# Log Level
|
||
|
# ---------------------------------------------------------------------
|
||
|
# Possible values: error, warn, info (default), verbose, debug, silly
|
||
|
|
||
|
logLevel: info
|
||
|
|
||
|
# ---------------------------------------------------------------------
|
||
|
# Offline Mode
|
||
|
# ---------------------------------------------------------------------
|
||
|
# If your server cannot access the internet. Set to true and manually
|
||
|
# download the offline files for sideloading.
|
||
|
|
||
|
offline: false
|
||
|
|
||
|
# ---------------------------------------------------------------------
|
||
|
# High-Availability
|
||
|
# ---------------------------------------------------------------------
|
||
|
# Set to true if you have multiple concurrent instances running off the
|
||
|
# same DB (e.g. Kubernetes pods / load balanced instances). Leave false
|
||
|
# otherwise. You MUST be using PostgreSQL to use this feature.
|
||
|
|
||
|
ha: false
|
||
|
|
||
|
# ---------------------------------------------------------------------
|
||
|
# Data Path
|
||
|
# ---------------------------------------------------------------------
|
||
|
# Writeable data path used for cache and temporary user uploads.
|
||
|
dataPath: ./data
|
||
|
```
|
||
|
|
||
|
Don't forget to open permissions so the systemd service can run the server
|
||
|
`# useradd -m wiki`
|
||
|
`# chown wiki:wiki -R /var/wiki`
|
||
|
|
||
|
Run server directly:
|
||
|
`$ node server`
|
||
|
|
||
|
## Systemd service
|
||
|
Put this under `/etc/systemd/system/wiki.service`
|
||
|
```
|
||
|
[Unit]
|
||
|
Description=Wiki.js
|
||
|
After=network.target
|
||
|
Wants=container-wikijsdb.service
|
||
|
|
||
|
[Service]
|
||
|
Type=simple
|
||
|
ExecStart=/usr/bin/node server
|
||
|
Restart=always
|
||
|
# Consider creating a dedicated user for Wiki.js here:
|
||
|
#User=nobody
|
||
|
User=wiki
|
||
|
Environment=NODE_ENV=production
|
||
|
WorkingDirectory=/var/wiki
|
||
|
|
||
|
[Install]
|
||
|
WantedBy=multi-user.target
|
||
|
```
|
||
|
|
||
|
`# systemctl daemon-reload`
|
||
|
`# systemctl enable --now wiki`
|
||
|
|
||
|
## Nginx config
|
||
|
*Replace "IPV4" and "IPV6"*
|
||
|
```
|
||
|
server {
|
||
|
server_name DOMAIN_NAME;
|
||
|
|
||
|
# Security / XSS Mitigation Headers
|
||
|
add_header X-Frame-Options "SAMEORIGIN";
|
||
|
add_header X-XSS-Protection "1; mode=block";
|
||
|
add_header X-Content-Type-Options "nosniff";
|
||
|
|
||
|
location = / {
|
||
|
return 302 https://$host/web/;
|
||
|
}
|
||
|
|
||
|
location / {
|
||
|
# Proxy main traffic
|
||
|
proxy_pass http://127.0.0.1:3000;
|
||
|
proxy_set_header Host $host;
|
||
|
proxy_set_header X-Real-IP $remote_addr;
|
||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||
|
proxy_set_header X-Forwarded-Protocol $scheme;
|
||
|
proxy_set_header X-Forwarded-Host $http_host;
|
||
|
}
|
||
|
|
||
|
listen [IPV6]:443 ssl; #set ipv6 address
|
||
|
# acme.sh
|
||
|
ssl_certificate_key /etc/acme-sh/DOMAIN_NAME/key.pem;
|
||
|
ssl_certificate /etc/acme-sh/DOMAIN_NAME/cert.pem;
|
||
|
# letsencrypt
|
||
|
#ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
|
||
|
#ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;
|
||
|
#include /etc/letsencrypt/options-ssl-nginx.conf;
|
||
|
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||
|
}
|
||
|
|
||
|
server {
|
||
|
if ($host = DOMAIN_NAME) {
|
||
|
return 301 https://$host$request_uri;
|
||
|
}
|
||
|
|
||
|
listen [IPV6]:80; #set ipv6 address
|
||
|
server_name DOMAIN_NAME;
|
||
|
return 404;
|
||
|
}
|
||
|
```
|
||
|
|
||
|
Enable config
|
||
|
`# ln -s /etc/nginx/sites-available/(config) /etc/nginx/sites-enabled`
|
||
|
|
||
|
Restart nginx
|
||
|
`# systemctl restart nginx`
|
||
|
|
||
|
## Wiki Settings
|
||
|
|
||
|
### Storage with git
|
||
|
Create a home directory for the wiki user if you haven't used "-m" when creating the user.
|
||
|
**Make sure not to have a "/" after the directory you want for your user**
|
||
|
```
|
||
|
# mkdir /home/wiki
|
||
|
# chown wiki:wiki -R /home/wiki
|
||
|
# usermod -d /home/wiki wiki
|
||
|
```
|
||
|
|
||
|
Create ssh key as wiki user
|
||
|
`$ ssh-keygen -t ed25519 -C wiki`
|
||
|
|
||
|
- DB - PostgreSQL used as Search Engine
|
||
|
|
||
|
## Update Wiki
|
||
|
Download and install the latest release with these steps
|
||
|
`# systemctl stop wiki`
|
||
|
`$ cd /var`
|
||
|
`# wget https://github.com/Requarks/wiki/releases/download/(version)/wiki-js.tar.gz`
|
||
|
This is to ensure we have a known good version to go back to in case something goes wrong
|
||
|
`# mv wiki wiki-old`
|
||
|
`# mkdir wiki`
|
||
|
`# tar xzf wiki-js.tar.gz -C ./wiki`
|
||
|
`# cp wiki-old/config.yml wiki/`
|
||
|
`# chown wiki:wiki -R /var/wiki`
|
||
|
`# systemctl start wiki`
|
||
|
|
||
|
## Database Backup
|
||
|
`# podman exec (container name) pg_dump (database name) -U (database user) -F c > wikibackup.dump`
|
||
|
|
||
|
## Database Restore
|
||
|
**The wiki has to be installed fully, but not yet configured**
|
||
|
*Also works for transfering wiki from one server to another*
|
||
|
Stop the database and wiki
|
||
|
|
||
|
Drop the existing database and restore from the database
|
||
|
`# podman exec -it (container name) dropdb -U (database user) (database name)`
|
||
|
`# podman exec -it (container name) createdb -U (database user) (database name)`
|
||
|
`cat ~/wikibackup.dump | docker exec -i (container name) pg_restore -U (database user) -d (database name)`
|
||
|
|
||
|
Start the database and wiki again
|
||
|
|