Jump to content

MediaWiki Setup Guide Portainer-Docker-251215-00: Difference between revisions

From Game in the Brain Wiki
← Older edit
VisualWikitext
No edit summary
No edit summary
 
(9 intermediate revisions by the same user not shown)
Line 1: Line 1:
= MediaWiki Setup Guide (Portainer & Docker) =


= MediaWiki Setup Guide (Portainer & Docker) =
This guide documents how to deploy, configure, and secure a '''MediaWiki''' instance using '''Portainer''' and '''Docker Compose'''. Designed as a general tutorial, it walks through the process of setting up a wiki from scratch, resolving common extension folder issues, and applying production configurations.
This guide documents how to deploy, configure, and secure a '''MediaWiki''' instance using '''Portainer''' and '''Docker Compose'''. Designed as a general tutorial for any user, it walks through the process of setting up a wiki from scratch. It covers initial deployment, resolving common extension folder issues, and applying production configurations (using <code>wiki.gi7b.org</code> as the example domain).


'''Reference:''' Official MediaWiki Docker Image https://hub.docker.com/_/mediawiki  
'''Reference:''' Official MediaWiki Docker Image [https://hub.docker.com//mediawiki https://hub.docker.com//mediawiki]


== 1. Prerequisites ==
== 1. Prerequisites ==
Before starting, ensure you have:
Before starting, ensure you have:


1. Docker & Docker Compose
'''Docker & Docker Compose''': [https://docs.docker.com/engine/install/ Installation Guide]


    Installation (Linux/Windows/Mac): <nowiki>https://docs.docker.com/engine/install/</nowiki>
'''Portainer CE''': [https://docs.portainer.io/start/install-ce/server/docker/linux Docker Standalone Install Guide]


    Docker Compose Standalone (if needed separately): <nowiki>https://docs.docker.com/compose/install/</nowiki>
'''Domain & Cloudflare Setup''': [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/ Cloudflare Tunnel (Cloudflared) Setup Guide]


2. Portainer CE (Community Edition)
'''NGINX Reverse Proxy''': [https://nginxproxymanager.com/guide/#quick-setup Nginx Proxy Manager Setup]


    Docker Standalone Install Guide: <nowiki>https://docs.portainer.io/start/install-ce/server/docker/linux</nowiki>
== 2. Host Folder Setup ==


3. Domain & Cloudflare Setup
Create a dedicated folder for your stack on the '''Docker host'''. This path is critical as it will store your configuration and extensions.


    How to Register a Domain with Cloudflare: <nowiki>https://developers.cloudflare.com/registrar/get-started/register-domain/</nowiki>
<syntaxhighlight lang="bash">


    Cloudflare Tunnel (Cloudflared) Setup Guide: <nowiki>https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/</nowiki>
Run on host terminal


4. NGINX Reverse Proxy
sudo mkdir -p /opt/stacks/mediawiki
sudo mkdir -p /opt/stacks/mediawiki/extensions
cd /opt/stacks/mediawiki
</syntaxhighlight>


    Nginx Proxy Manager (Docker Setup): <nowiki>https://nginxproxymanager.com/guide/#quick-setup</nowiki> (This is the standard GUI-based Nginx used in Docker stacks)
== 3. Deployment (Portainer / Docker Compose) ==


    Nginx Official Docker Image (for raw configuration): <nowiki>https://hub.docker.com/_/nginx</nowiki>
=== In Portainer ===


== 2. Host Folder Setup ==
Go to '''Stacks''' '''Add stack'''.
Create a dedicated folder for your stack on the '''Docker host'''. This path is critical as it will store your configuration and extensions.
# Run on host terminal
sudo mkdir -p /opt/stacks/mediawiki
sudo mkdir -p /opt/stacks/mediawiki/extensions
cd /opt/stacks/mediawiki


== 3. Deployment (Portainer / Docker Compose) ==
Name it mediawiki.
Use the following YAML configuration.


=== In Portainer: ===
Paste the configuration below into the Web editor.


# Go to '''Stacks''' → '''Add stack'''.
Click '''Deploy the stack'''.
# Name it mediawiki.
# Paste the configuration below into the Web editor.
# Click '''Deploy the stack'''.


=== docker-compose.yml ===
=== docker-compose.yml ===
<services:
<syntaxhighlight lang="yaml">
  mediawiki:
services:
    image: mediawiki
mediawiki:
    container_name: mediawiki
image: mediawiki
    restart: always
container_name: mediawiki
    ports:
restart: always
      - 8595:80
ports:
    depends_on:
- 8595:80
      - database
depends_on:
    volumes:
- database
      - 230912_images:/var/www/html/images
volumes:
      # EXTENSIONS: Mounts host folder to container (Requires "Magic Command" step below)
- 230912_images:/var/www/html/images
      - /opt/stacks/mediawiki/extensions:/var/www/html/extensions
# EXTENSIONS: Mounts host folder to container (Requires "Magic Command" step below)
      # CONFIG: Uncomment the line below AFTER generating LocalSettings.php
- /opt/stacks/mediawiki/extensions:/var/www/html/extensions
      # - /opt/stacks/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php:ro
# CONFIG: Uncomment the line below AFTER generating LocalSettings.php
# - /opt/stacks/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php:ro
  database:
 
    image: mariadb
database:
    container_name: mediawiki-db
image: mariadb
    restart: always
container_name: mediawiki-db
    environment:
restart: always
      MYSQL_DATABASE: mediawiki
environment:
      MYSQL_USER: mediawiki
MYSQL_DATABASE: mediawiki
      MYSQL_PASSWORD: mediawiki
MYSQL_USER: mediawiki
      MYSQL_ROOT_PASSWORD: mediawiki
MYSQL_PASSWORD: mediawiki
    volumes:
MYSQL_ROOT_PASSWORD: mediawiki
      - 230912_db:/var/lib/mysql
volumes:
- 230912_db:/var/lib/mysql
volumes:
 
  230912_images:
volumes:
  230912_db:</code>
230912_images:
230912_db:
</syntaxhighlight>


== 4. First-Time Setup Wizard ==
== 4. First-Time Setup Wizard ==


# Open '''<nowiki>http://localhost:8191</nowiki>''' (or your server IP:8191).
Open http://[YOUR_SERVER_IP]:8595 in your browser.
# Follow the prompts. When asked for '''Database Settings''', use:


* '''Host:''' database
Follow the prompts. When asked for '''Database Settings''', use:
* '''Name:''' wiki
* '''User:''' wiki
* '''Password:''' wiki


# Complete the wizard and '''Download LocalSettings.php''' to your computer.
#* '''Host:''' database
#* '''Name:''' mediawiki
#* '''User:''' mediawiki
#* '''Password:''' mediawiki
 
Complete the wizard and '''Download LocalSettings.php''' to your computer.


== 5. Fixing Extensions (The "Magic Command") ==
== 5. Fixing Extensions (The "Magic Command") ==
'''Crucial Step:''' Because we mounted a volume to /extensions, the container's default extensions (VisualEditor, WikiEditor, etc.) are hidden. We must copy them from the image to the host.


'''Run this on your Host Terminal:'''
'''Crucial Step:''' Because we mounted a volume to /extensions, the container's default extensions (VisualEditor, SyntaxHighlight_GeSHi, etc.) are hidden. We must copy them from the image to the host.
docker run --rm --entrypoint tar mediawiki -c -C /var/www/html/extensions . | tar -x -C /opt/stacks/mediawiki/extensions
'''Download Mermaid (External Extension):'''
<code>cd /opt/stacks/mediawiki/extensions
git clone <nowiki>[https://github.com/SemanticMediaWiki/Mermaid.git]</nowiki>(<nowiki>https://github.com/SemanticMediaWiki/Mermaid.git</nowiki>) Mermaid</code>
Verify the folder content: You should see a mix of default extensions and Mermaid:


ls -F /opt/stacks/mediawiki/extensions/
=== Step A: Extract Extensions ===
<syntaxhighlight lang="bash">
docker run --rm --entrypoint tar mediawiki -c -C /var/www/html/extensions . | tar -x -C /opt/stacks/mediawiki/extensions
</syntaxhighlight>


''Output should look like this:''
=== Step B: Fix Permissions for Code Highlighting ===
<code>AbuseFilter/    CiteThisPage/      Echo/        Interwiki/      Mermaid/          PageImages/        README          SpamBlacklist/          TextExtracts/      WikiEditor/
The SyntaxHighlight_GeSHi extension requires a specific Python file (pygmentize) to be executable.
CategoryTree/   CodeEditor/     Gadgets/   Linter/     MultimediaViewer/ ParserFunctions/  ReplaceText/      SyntaxHighlight_GeSHi/ Thanks/
<syntaxhighlight lang="bash">
CheckUser/     ConfirmEdit/     ImageMap/   LoginNotify/ Nuke/             PdfHandler/       Scribunto/     TemplateData/         TitleBlacklist/
chmod a+x /opt/stacks/mediawiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize
Cite/            DiscussionTools/  InputBox/  Math/      OATHAuth/          Poem/            SecureLinkFixer/  TemplateStyles/      VisualEditor/</code>
</syntaxhighlight>
 
=== Step C: Add External Extensions ===
<syntaxhighlight lang="bash">
cd /opt/stacks/mediawiki/extensions
git clone https://github.com/SemanticMediaWiki/Mermaid.git Mermaid
</syntaxhighlight>


== 6. Configuring LocalSettings.php ==
== 6. Configuring LocalSettings.php ==
Move the downloaded LocalSettings.php to /opt/stacks/mediawiki/LocalSettings.php.
Move the downloaded LocalSettings.php to /opt/stacks/mediawiki/LocalSettings.php.
# in linux terminal
 
sudo nano /opt/stacks/mediawiki/LocalSettings.php
<syntaxhighlight lang="bash">
Edit the file (sudo nano /opt/stacks/mediawiki/LocalSettings.php) and make the following changes:
sudo nano /opt/stacks/mediawiki/LocalSettings.php
</syntaxhighlight>


=== A. Set the Custom Domain ===
=== A. Set the Custom Domain ===
Find the $wgServer line (around line 30) and change it to your actual domain:
Find the $wgServer line and change it to your actual domain:
## The protocol and server name to use in fully-qualified URLs
<syntaxhighlight lang="php">
$wgServer = "<nowiki>https://wiki.gi7b.org</nowiki>";
$wgServer = "https://wiki.gi7b.org";
</syntaxhighlight>


=== B. Add Permissions & Extensions ===
=== B. Add Permissions & Extensions ===
Paste this block at the '''very bottom''' of the file to enable security and extensions.
Paste this block at the '''very bottom''' of the file:
<code># -----------------------------------------------------------------------
<syntaxhighlight lang="php">
# CUSTOM PERMISSIONS & EXTENSIONS
/* -----------------------------------------------------------------------
# -----------------------------------------------------------------------
CUSTOM PERMISSIONS & EXTENSIONS
----------------------------------------------------------------------- */
# 1. SECURITY: Prevent anonymous editing and account creation
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
# 2. BUNDLED EXTENSIONS (Included in Docker image)
wfLoadExtension( 'WikiEditor' );
wfLoadExtension( 'VisualEditor' );
wfLoadExtension( 'CodeEditor' );
wfLoadExtension( 'SyntaxHighlight_GeSHi' );
wfLoadExtension( 'Cite' );
wfLoadExtension( 'InputBox' );
wfLoadExtension( 'Scribunto' );
wfLoadExtension( 'AbuseFilter' );
wfLoadExtension( 'Gadgets' );
wfLoadExtension( 'ParserFunctions' );
wfLoadExtension( 'Interwiki' );
# 3. EXTERNAL EXTENSIONS (Must be manually downloaded to /extensions folder)
wfLoadExtension( 'Mermaid' );
# 4. VISUALEDITOR CONFIGURATION
# Enable by default for everyone
$wgDefaultUserOptions['visualeditor-enable'] = 1;
# Allow VE to work in Docker containers (Fixes "Error contacting Parsoid")
$wgVisualEditorParsoidForwardCookies = true;
# 5. LUA CONFIGURATION (Required for Scribunto)
$wgScribuntoDefaultEngine = 'luastandalone';</code>
 
== 7. Apply Changes ==


# '''Mount the settings:''' In Portainer, go to the Stack Editor and '''uncomment''' the LocalSettings.php line.
1. SECURITY: Prevent anonymous editing and account creation
# '''Update the Stack:''' Click "Update the stack".
# '''Run Database Update:''' Run this command to initialize tables for the new extensions:  docker exec -it mediawiki php maintenance/update.php --quick


Your wiki is now live at '''<nowiki>https://wiki.gi7b.org</nowiki>''' with VisualEditor and Mermaid enabled!
$wgGroupPermissions['']['edit'] = false;
$wgGroupPermissions['']['createaccount'] = false;


== 8. Email Configuration and Admin Set up ==
2. BUNDLED EXTENSIONS
----


=== 1. Email goal (what we were trying to achieve) ===
wfLoadExtension( 'WikiEditor' );
* MediaWiki must be able to '''send email reliably'''
wfLoadExtension( 'VisualEditor' );
** account confirmation
wfLoadExtension( 'CodeEditor' );
** password reset
wfLoadExtension( 'SyntaxHighlight_GeSHi' ); # REQUIRED for Code Blocks
** notifications
wfLoadExtension( 'Cite' );
* Emails should appear as coming from '''<code>info@gi7b.org</code>'''
wfLoadExtension( 'InputBox' );
* Authentication must work with '''Gmail / Google Workspace'''
wfLoadExtension( 'Scribunto' );
* No local SMTP server, no Docker mail container
wfLoadExtension( 'AbuseFilter' );
wfLoadExtension( 'Gadgets' );
wfLoadExtension( 'ParserFunctions' );
wfLoadExtension( 'Interwiki' );


Success criterion (important to remember):<blockquote>MediaWiki explicitly says '''“email sent”''' — not just “no error”.</blockquote>
3. EXTERNAL EXTENSIONS
----


=== 2. App Password (Google side) ===
wfLoadExtension( 'Mermaid' );


=== Where it lives ===
4. VISUALEDITOR CONFIGURATION


* '''Google Account settings''', not Gmail UI  <nowiki>https://myaccount.google.com</nowiki>
$wgDefaultUserOptions['visualeditor-enable'] = 1;
$wgVisualEditorParsoidForwardCookies = true;


* → Security → App passwords
5. LUA CONFIGURATION (Required for Scribunto)


=== Preconditions ===
$wgScribuntoDefaultEngine = 'luastandalone';
</syntaxhighlight>


* 2-Step Verification '''must be enabled'''
== 7. Apply Changes ==
* App type: '''Mail'''
* Device: '''Other''' (e.g. <code>MediaWiki wiki.gi7b.org</code>)
 
=== Critical detail (easy to miss, caused real failure) ===
Google shows the password like this:
 
But MediaWiki / PHP '''must receive it without spaces''':
 
If you keep the spaces:
 
* Google returns <code>SMTP 535 5.7.8 BadCredentials</code>
* MediaWiki misleadingly says “invalid characters”
 
'''This was one of the key fixes.'''
----
 
=== 3. Real email vs alias (authentication reality) ===
 
=== Core rule (non-negotiable) ===
<blockquote>'''SMTP login must use a real mailbox, not an alias.'''</blockquote>Examples:
{| class="wikitable"
!Address type
!Can authenticate?
|-
|Real Gmail / Workspace mailbox
|✅ Yes
|-
|Alias (Send mail as)
|❌ No
|-
|Forward-only address
|❌ No
|}
So:
 
* '''Login / username''' → real mailbox (e.g. <code>admin@gi7b.org</code>, <code>justin@gi7b.org</code>)
* '''Sender address''' → can be <code>info@gi7b.org</code>
 
This is how Google enforces auditability and DMARC integrity.
----
 
=== 4. “Send as” using Cloudflare Email Routing (alias setup) ===
Your <code>info@gi7b.org</code> address was '''not''' a real mailbox.
 
It was configured as an alias using '''Cloudflare Email Routing'''.
 
That’s fine — and correct — for sending.
 
Reference (as requested, naked link only):
 
<nowiki>https://www.cloudflare.com/developer-platform/products/email-routing/</nowiki>
 
Key idea:
 
* Cloudflare routes mail for <code>info@gi7b.org</code>
* Gmail authenticates as the '''real mailbox'''
* MediaWiki sends “from” the alias
 
This combination is valid and common.
----


=== 5. Final MediaWiki SMTP configuration (conceptual) ===
'''Mount the settings''': In Portainer, go to the Stack Editor and '''uncomment''' the LocalSettings.php line.
$wgEnableEmail = true;
$wgEnableUserEmail = true;
$wgSMTP = [
  'host'     => 'ssl://smtp.gmail.com',
  'IDHost'  => 'wiki.gi7b.org',
  'port'     => 465,
  'auth'     => true,
  'username' => 'admin@gi7b.org',  // REAL mailbox
  'password' => 'APP_PASSWORD_OF_ADMIN',
];
$wgPasswordSender = 'info@gi7b.org'; // ALIAS is fine here
What mattered conceptually (not copying exact secrets):


* <code>username</code> = '''real mailbox'''
'''Update the Stack''': Click "Update the stack".
* <code>password</code> = '''App Password, no spaces'''
* <code>wgPasswordSender</code> = alias (<code>info@gi7b.org</code>)
* SMTP host = <code>smtp.gmail.com</code>
* TLS/SSL enabled


Once all three conditions were true:
'''Run Database Update''':


# real mailbox for login
<syntaxhighlight lang="bash">
# app password without spaces
docker exec -it mediawiki php maintenance/update.php --quick
# alias only used for sending
</syntaxhighlight>


→ Google accepted authentication.
== 8. Email Configuration and Admin Setup ==
----


=== 6. Testing and defining “success” ===
=== 1. SMTP Logic ===
MediaWiki must be able to send emails for account confirmation and resets. Authentication must work with '''Gmail / Google Workspace'''.


=== What failed before ===
=== 2. Google App Password ===


* Account confirmation attempted
Go to Google Account → Security → App passwords.
* Gmail rejected auth
* MediaWiki showed:


=== What changed after fixes ===
'''Critical Detail:''' MediaWiki must receive the password '''without spaces'''.


* Retried account confirmation
Displayed: xxxx xxxx xxxx xxxx → Input: xxxxxxxxxxxxxxxx
* MediaWiki returned:<blockquote>'''“email sent”'''</blockquote>


=== This is the success criterion ===
=== 3. SMTP Configuration ===
Not:
Add this to LocalSettings.php:
<syntaxhighlight lang="php">
$wgEnableEmail = true;
$wgEnableUserEmail = true;


* “no error”
$wgSMTP = [
* “page didn’t crash”
'host'    => 'ssl://smtp.gmail.com',
'IDHost'  => 'wiki.gi7b.org',
'port'    => 465,
'auth'    => true,
'username' => 'admin@gi7b.org',        // REAL mailbox
'password' => 'APP_PASSWORD_NO_SPACES', // Your Google App Password
];


But explicitly:<blockquote>'''MediaWiki confirms the email was sent'''</blockquote>That tells you:
$wgPasswordSender = 'info@gi7b.org';      // ALIAS is fine here
</syntaxhighlight>


* SMTP auth works
=== 4. Promote Account to Admin ===
* Mailer pipeline is functional
<syntaxhighlight lang="bash">
* Future account/password flows will work
docker exec -it mediawiki php maintenance/createAndPromote.php --sysop --bureaucrat YourUsername
</syntaxhighlight>


----
== 9. Brute Force Protection ==


=== 7. Final step: making your account admin ===
Add throttling to LocalSettings.php:
Once email was stable, we finalized control.
<syntaxhighlight lang="php">


=== What we did ===
Login attempt throttling


* Used the MediaWiki maintenance runner
$wgRateLimits['user']['login'] = [ 5, 60 ];  // 5 attempts per minute
* Promoted your existing account
$wgRateLimits['ip']['login']  = [ 20, 300 ]; // 20 attempts per 5 minutes
* Forced promotion because the user already existed
</syntaxhighlight>


Command (conceptually):
== 10. How to use Code Blocks ==


* promote <code>justinaquino</code>
'''Source Editor:''' Use the tag:
* assign <code>sysop</code> + <code>bureaucrat</code>
* confirmed by:


=== Important nuance ===
<pre>
<syntaxhighlight lang="python" copy>
print("This code has a copy button!")
</syntaxhighlight>
</pre>


* Some helper scripts (<code>showUserRights</code>, <code>version</code>) are missing in newer MediaWiki builds
== 11. Quick Guide: Adding Extensions ==
* That '''does not invalidate''' the promotion
* UI verification (<code>Special:UserRights</code>, <code>Special:CreateAccount</code>) is canonical


----
'''Download''':


=== 8. Final mental model (so this sticks) ===
<syntaxhighlight lang="bash">
* '''Email'''
cd /opt/stacks/mediawiki/extensions
** Gmail = SMTP server
git clone https://www.google.com/search?q=https://gerrit.wikimedia.org/r/mediawiki/extensions/ExtensionName
** MediaWiki = SMTP client
</syntaxhighlight>
** App Password = machine credential
** Alias ≠ login identity
* '''Security'''
** Real mailbox authenticates
** Alias is presentation only
** Cloudflare handles routing, not auth
* '''Success'''
** “Email sent” is the only signal that matters
** Admin rights are confirmed via UI, not missing CLI helpers


== 9. Protect your account from brute force (real defenses) ==
'''Enable''': Add wfLoadExtension( &#39;ExtensionName&#39; ); to LocalSettings.php.
MediaWiki already has '''some protection''', but we’ll harden it properly.


=== Layer 1 — Enable built-in throttling (do this) ===
'''Update''':
Add to <code>LocalSettings.php</code>:
# Login attempt throttling
$wgRateLimits['user']['login'] = [ 5, 60 ];  // 5 attempts per minute
$wgRateLimits['ip']['login']  = [ 20, 300 ]; // 20 attempts per 5 minutes
This alone stops most brute-force scripts.


== 10. List of Extensions ==
<syntaxhighlight lang="bash">
[https://www.youtube.com/watch?v=4xYbqbabTwI Youtube: Introduction to MediaWiki: Wikipedia's extensions (Part 2)]
docker exec -it mediawiki php maintenance/update.php --quick
# '''[[wikipedia:Special:Version|The installed Extensions of Wikipedia]]'''
</syntaxhighlight>
#

Latest revision as of 09:43, 26 January 2026

MediaWiki Setup Guide (Portainer & Docker)

This guide documents how to deploy, configure, and secure a MediaWiki instance using Portainer and Docker Compose. Designed as a general tutorial, it walks through the process of setting up a wiki from scratch, resolving common extension folder issues, and applying production configurations.

Reference: Official MediaWiki Docker Image https://hub.docker.com//mediawiki

1. Prerequisites

Before starting, ensure you have:

Docker & Docker Compose: Installation Guide

Portainer CE: Docker Standalone Install Guide

Domain & Cloudflare Setup: Cloudflare Tunnel (Cloudflared) Setup Guide

NGINX Reverse Proxy: Nginx Proxy Manager Setup

2. Host Folder Setup

Create a dedicated folder for your stack on the Docker host. This path is critical as it will store your configuration and extensions. 

Run on host terminal

sudo mkdir -p /opt/stacks/mediawiki
sudo mkdir -p /opt/stacks/mediawiki/extensions
cd /opt/stacks/mediawiki

3. Deployment (Portainer / Docker Compose)

In Portainer

Go to StacksAdd stack.

Name it mediawiki.

Paste the configuration below into the Web editor.

Click Deploy the stack.

docker-compose.yml

services:
mediawiki:
image: mediawiki
container_name: mediawiki
restart: always
ports:
- 8595:80
depends_on:
- database
volumes:
- 230912_images:/var/www/html/images
# EXTENSIONS: Mounts host folder to container (Requires "Magic Command" step below)
- /opt/stacks/mediawiki/extensions:/var/www/html/extensions
# CONFIG: Uncomment the line below AFTER generating LocalSettings.php
# - /opt/stacks/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php:ro

database:
image: mariadb
container_name: mediawiki-db
restart: always
environment:
MYSQL_DATABASE: mediawiki
MYSQL_USER: mediawiki
MYSQL_PASSWORD: mediawiki
MYSQL_ROOT_PASSWORD: mediawiki
volumes:
- 230912_db:/var/lib/mysql

volumes:
230912_images:
230912_db:

4. First-Time Setup Wizard

Open http://[YOUR_SERVER_IP]:8595 in your browser.

Follow the prompts. When asked for Database Settings, use:

    • Host: database
    • Name: mediawiki
    • User: mediawiki
    • Password: mediawiki

Complete the wizard and Download LocalSettings.php to your computer.

5. Fixing Extensions (The "Magic Command")

Crucial Step: Because we mounted a volume to /extensions, the container's default extensions (VisualEditor, SyntaxHighlight_GeSHi, etc.) are hidden. We must copy them from the image to the host.

Step A: Extract Extensions

docker run --rm --entrypoint tar mediawiki -c -C /var/www/html/extensions . | tar -x -C /opt/stacks/mediawiki/extensions

Step B: Fix Permissions for Code Highlighting

The SyntaxHighlight_GeSHi extension requires a specific Python file (pygmentize) to be executable. 

chmod a+x /opt/stacks/mediawiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize

Step C: Add External Extensions

cd /opt/stacks/mediawiki/extensions
git clone https://github.com/SemanticMediaWiki/Mermaid.git Mermaid

6. Configuring LocalSettings.php

Move the downloaded LocalSettings.php to /opt/stacks/mediawiki/LocalSettings.php. 

sudo nano /opt/stacks/mediawiki/LocalSettings.php

A. Set the Custom Domain

Find the $wgServer line and change it to your actual domain: 

$wgServer = "https://wiki.gi7b.org";

B. Add Permissions & Extensions

Paste this block at the very bottom of the file: 

/* -----------------------------------------------------------------------
CUSTOM PERMISSIONS & EXTENSIONS
----------------------------------------------------------------------- */

1. SECURITY: Prevent anonymous editing and account creation

$wgGroupPermissions['']['edit'] = false;
$wgGroupPermissions['']['createaccount'] = false;

2. BUNDLED EXTENSIONS

wfLoadExtension( 'WikiEditor' );
wfLoadExtension( 'VisualEditor' );
wfLoadExtension( 'CodeEditor' );
wfLoadExtension( 'SyntaxHighlight_GeSHi' ); # REQUIRED for Code Blocks
wfLoadExtension( 'Cite' );
wfLoadExtension( 'InputBox' );
wfLoadExtension( 'Scribunto' );
wfLoadExtension( 'AbuseFilter' );
wfLoadExtension( 'Gadgets' );
wfLoadExtension( 'ParserFunctions' );
wfLoadExtension( 'Interwiki' );

3. EXTERNAL EXTENSIONS

wfLoadExtension( 'Mermaid' );

4. VISUALEDITOR CONFIGURATION

$wgDefaultUserOptions['visualeditor-enable'] = 1;
$wgVisualEditorParsoidForwardCookies = true;

5. LUA CONFIGURATION (Required for Scribunto)

$wgScribuntoDefaultEngine = 'luastandalone';

7. Apply Changes

Mount the settings: In Portainer, go to the Stack Editor and uncomment the LocalSettings.php line.

Update the Stack: Click "Update the stack".

Run Database Update: 

docker exec -it mediawiki php maintenance/update.php --quick

8. Email Configuration and Admin Setup

1. SMTP Logic

MediaWiki must be able to send emails for account confirmation and resets. Authentication must work with Gmail / Google Workspace.

2. Google App Password

Go to Google Account → Security → App passwords.

Critical Detail: MediaWiki must receive the password without spaces.

Displayed: xxxx xxxx xxxx xxxx → Input: xxxxxxxxxxxxxxxx

3. SMTP Configuration

Add this to LocalSettings.php: 

$wgEnableEmail = true;
$wgEnableUserEmail = true;

$wgSMTP = [
'host'     => 'ssl://smtp.gmail.com',
'IDHost'   => 'wiki.gi7b.org',
'port'     => 465,
'auth'     => true,
'username' => 'admin@gi7b.org',        // REAL mailbox
'password' => 'APP_PASSWORD_NO_SPACES', // Your Google App Password
];

$wgPasswordSender = 'info@gi7b.org';       // ALIAS is fine here

4. Promote Account to Admin

docker exec -it mediawiki php maintenance/createAndPromote.php --sysop --bureaucrat YourUsername

9. Brute Force Protection

Add throttling to LocalSettings.php: 

Login attempt throttling

$wgRateLimits['user']['login'] = [ 5, 60 ];   // 5 attempts per minute
$wgRateLimits['ip']['login']   = [ 20, 300 ]; // 20 attempts per 5 minutes

10. How to use Code Blocks

Source Editor: Use the tag: 

<syntaxhighlight lang="python" copy>
print("This code has a copy button!")
</syntaxhighlight>

11. Quick Guide: Adding Extensions

Download: 

cd /opt/stacks/mediawiki/extensions
git clone https://www.google.com/search?q=https://gerrit.wikimedia.org/r/mediawiki/extensions/ExtensionName

Enable: Add wfLoadExtension( 'ExtensionName' ); to LocalSettings.php.

Update: 

docker exec -it mediawiki php maintenance/update.php --quick
Retrieved from "http://wiki.gi7b.org/index.php?title=MediaWiki_Setup_Guide_Portainer-Docker-251215-00&oldid=81"