Jump to content

MediaWiki Setup Guide Portainer-Docker-251215-00: Difference between revisions

From Game in the Brain Wiki
← Older edit
VisualWikitext
No edit summary
 
(13 intermediate revisions by the same user not shown)
Line 1: Line 1:
= MediaWiki Setup Guide (Portainer & Docker) =


= MediaWiki Setup Guide (Portainer & Docker) =
This guide documents how to deploy, configure, and secure a '''MediaWiki''' instance using '''Portainer''' and '''Docker Compose'''. Designed as a general tutorial, it walks through the process of setting up a wiki from scratch, resolving common extension folder issues, and applying production configurations.
This guide documents how to deploy, configure, and secure a '''MediaWiki''' instance using '''Portainer''' and '''Docker Compose'''. Designed as a general tutorial for any user, it walks through the process of setting up a wiki from scratch. It covers initial deployment, resolving common extension folder issues, and applying production configurations (using <code>wiki.gi7b.org</code> as the example domain).


'''Reference:''' Official MediaWiki Docker Image https://hub.docker.com/_/mediawiki  
'''Reference:''' Official MediaWiki Docker Image [https://hub.docker.com//mediawiki https://hub.docker.com//mediawiki]


== 1. Prerequisites ==
== 1. Prerequisites ==
Before starting, ensure you have:
Before starting, ensure you have:


1. Docker & Docker Compose
'''Docker & Docker Compose''': [https://docs.docker.com/engine/install/ Installation Guide]


    Installation (Linux/Windows/Mac): <nowiki>https://docs.docker.com/engine/install/</nowiki>
'''Portainer CE''': [https://docs.portainer.io/start/install-ce/server/docker/linux Docker Standalone Install Guide]


    Docker Compose Standalone (if needed separately): <nowiki>https://docs.docker.com/compose/install/</nowiki>
'''Domain & Cloudflare Setup''': [https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/ Cloudflare Tunnel (Cloudflared) Setup Guide]


2. Portainer CE (Community Edition)
'''NGINX Reverse Proxy''': [https://nginxproxymanager.com/guide/#quick-setup Nginx Proxy Manager Setup]


    Docker Standalone Install Guide: <nowiki>https://docs.portainer.io/start/install-ce/server/docker/linux</nowiki>
== 2. Host Folder Setup ==


3. Domain & Cloudflare Setup
Create a dedicated folder for your stack on the '''Docker host'''. This path is critical as it will store your configuration and extensions.


    How to Register a Domain with Cloudflare: <nowiki>https://developers.cloudflare.com/registrar/get-started/register-domain/</nowiki>
<syntaxhighlight lang="bash">


    Cloudflare Tunnel (Cloudflared) Setup Guide: <nowiki>https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/get-started/create-remote-tunnel/</nowiki>
Run on host terminal


4. NGINX Reverse Proxy
sudo mkdir -p /opt/stacks/mediawiki
sudo mkdir -p /opt/stacks/mediawiki/extensions
cd /opt/stacks/mediawiki
</syntaxhighlight>


    Nginx Proxy Manager (Docker Setup): <nowiki>https://nginxproxymanager.com/guide/#quick-setup</nowiki> (This is the standard GUI-based Nginx used in Docker stacks)
== 3. Deployment (Portainer / Docker Compose) ==


    Nginx Official Docker Image (for raw configuration): <nowiki>https://hub.docker.com/_/nginx</nowiki>
=== In Portainer ===


== 2. Host Folder Setup ==
Go to '''Stacks''' '''Add stack'''.
Create a dedicated folder for your stack on the '''Docker host'''. This path is critical as it will store your configuration and extensions.
# Run on host terminal
sudo mkdir -p /opt/stacks/mediawiki
sudo mkdir -p /opt/stacks/mediawiki/extensions
cd /opt/stacks/mediawiki


== 3. Deployment (Portainer / Docker Compose) ==
Name it mediawiki.
Use the following YAML configuration.


=== In Portainer: ===
Paste the configuration below into the Web editor.


# Go to '''Stacks''' → '''Add stack'''.
Click '''Deploy the stack'''.
# Name it mediawiki.
# Paste the configuration below into the Web editor.
# Click '''Deploy the stack'''.


=== docker-compose.yml ===
=== docker-compose.yml ===
<services:
<syntaxhighlight lang="yaml">
  mediawiki:
services:
    image: mediawiki
mediawiki:
    container_name: mediawiki
image: mediawiki
    restart: always
container_name: mediawiki
    ports:
restart: always
      - 8595:80
ports:
    depends_on:
- 8595:80
      - database
depends_on:
    volumes:
- database
      - 230912_images:/var/www/html/images
volumes:
      # EXTENSIONS: Mounts host folder to container (Requires "Magic Command" step below)
- 230912_images:/var/www/html/images
      - /opt/stacks/mediawiki/extensions:/var/www/html/extensions
# EXTENSIONS: Mounts host folder to container (Requires "Magic Command" step below)
      # CONFIG: Uncomment the line below AFTER generating LocalSettings.php
- /opt/stacks/mediawiki/extensions:/var/www/html/extensions
      # - /opt/stacks/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php:ro
# CONFIG: Uncomment the line below AFTER generating LocalSettings.php
# - /opt/stacks/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php:ro
  database:
 
    image: mariadb
database:
    container_name: mediawiki-db
image: mariadb
    restart: always
container_name: mediawiki-db
    environment:
restart: always
      MYSQL_DATABASE: mediawiki
environment:
      MYSQL_USER: mediawiki
MYSQL_DATABASE: mediawiki
      MYSQL_PASSWORD: mediawiki
MYSQL_USER: mediawiki
      MYSQL_ROOT_PASSWORD: mediawiki
MYSQL_PASSWORD: mediawiki
    volumes:
MYSQL_ROOT_PASSWORD: mediawiki
      - 230912_db:/var/lib/mysql
volumes:
- 230912_db:/var/lib/mysql
volumes:
 
  230912_images:
volumes:
  230912_db:</code>
230912_images:
230912_db:
</syntaxhighlight>


== 4. First-Time Setup Wizard ==
== 4. First-Time Setup Wizard ==


# Open '''<nowiki>http://localhost:8191</nowiki>''' (or your server IP:8191).
Open http://[YOUR_SERVER_IP]:8595 in your browser.
# Follow the prompts. When asked for '''Database Settings''', use:


* '''Host:''' database
Follow the prompts. When asked for '''Database Settings''', use:
* '''Name:''' wiki
* '''User:''' wiki
* '''Password:''' wiki


# Complete the wizard and '''Download LocalSettings.php''' to your computer.
#* '''Host:''' database
#* '''Name:''' mediawiki
#* '''User:''' mediawiki
#* '''Password:''' mediawiki
 
Complete the wizard and '''Download LocalSettings.php''' to your computer.


== 5. Fixing Extensions (The "Magic Command") ==
== 5. Fixing Extensions (The "Magic Command") ==
'''Crucial Step:''' Because we mounted a volume to /extensions, the container's default extensions (VisualEditor, WikiEditor, etc.) are hidden. We must copy them from the image to the host.


'''Run this on your Host Terminal:'''
'''Crucial Step:''' Because we mounted a volume to /extensions, the container's default extensions (VisualEditor, SyntaxHighlight_GeSHi, etc.) are hidden. We must copy them from the image to the host.
docker run --rm --entrypoint tar mediawiki -c -C /var/www/html/extensions . | tar -x -C /opt/stacks/mediawiki/extensions
'''Download Mermaid (External Extension):'''
<code>cd /opt/stacks/mediawiki/extensions
git clone <nowiki>[https://github.com/SemanticMediaWiki/Mermaid.git]</nowiki>(<nowiki>https://github.com/SemanticMediaWiki/Mermaid.git</nowiki>) Mermaid</code>
Verify the folder content: You should see a mix of default extensions and Mermaid:


ls -F /opt/stacks/mediawiki/extensions/
=== Step A: Extract Extensions ===
<syntaxhighlight lang="bash">
docker run --rm --entrypoint tar mediawiki -c -C /var/www/html/extensions . | tar -x -C /opt/stacks/mediawiki/extensions
</syntaxhighlight>


''Output should look like this:''
=== Step B: Fix Permissions for Code Highlighting ===
<code>AbuseFilter/    CiteThisPage/      Echo/        Interwiki/      Mermaid/          PageImages/        README          SpamBlacklist/          TextExtracts/      WikiEditor/
The SyntaxHighlight_GeSHi extension requires a specific Python file (pygmentize) to be executable.
CategoryTree/   CodeEditor/     Gadgets/   Linter/     MultimediaViewer/ ParserFunctions/  ReplaceText/      SyntaxHighlight_GeSHi/ Thanks/
<syntaxhighlight lang="bash">
CheckUser/     ConfirmEdit/     ImageMap/   LoginNotify/ Nuke/             PdfHandler/       Scribunto/     TemplateData/         TitleBlacklist/
chmod a+x /opt/stacks/mediawiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize
Cite/            DiscussionTools/  InputBox/  Math/      OATHAuth/          Poem/            SecureLinkFixer/  TemplateStyles/      VisualEditor/</code>
</syntaxhighlight>
 
=== Step C: Add External Extensions ===
<syntaxhighlight lang="bash">
cd /opt/stacks/mediawiki/extensions
git clone https://github.com/SemanticMediaWiki/Mermaid.git Mermaid
</syntaxhighlight>


== 6. Configuring LocalSettings.php ==
== 6. Configuring LocalSettings.php ==
Move the downloaded LocalSettings.php to /opt/stacks/mediawiki/LocalSettings.php.
Move the downloaded LocalSettings.php to /opt/stacks/mediawiki/LocalSettings.php.


Edit the file (sudo nano /opt/stacks/mediawiki/LocalSettings.php) and make the following changes:
<syntaxhighlight lang="bash">
sudo nano /opt/stacks/mediawiki/LocalSettings.php
</syntaxhighlight>


=== A. Set the Custom Domain ===
=== A. Set the Custom Domain ===
Find the $wgServer line (around line 30) and change it to your actual domain:
Find the $wgServer line and change it to your actual domain:
## The protocol and server name to use in fully-qualified URLs
<syntaxhighlight lang="php">
$wgServer = "<nowiki>[https://wiki.gi7b.org]</nowiki>(<nowiki>https://wiki.gi7b.org</nowiki>)";
$wgServer = "https://wiki.gi7b.org";
</syntaxhighlight>


=== B. Add Permissions & Extensions ===
=== B. Add Permissions & Extensions ===
Paste this block at the '''very bottom''' of the file to enable security and extensions.
Paste this block at the '''very bottom''' of the file:
<code># -----------------------------------------------------------------------
<syntaxhighlight lang="php">
# CUSTOM PERMISSIONS & EXTENSIONS
/* -----------------------------------------------------------------------
# -----------------------------------------------------------------------
CUSTOM PERMISSIONS & EXTENSIONS
----------------------------------------------------------------------- */
# 1. SECURITY: Prevent anonymous editing and account creation
 
$wgGroupPermissions['*']['edit'] = false;
1. SECURITY: Prevent anonymous editing and account creation
$wgGroupPermissions['*']['createaccount'] = false;
 
$wgGroupPermissions['']['edit'] = false;
# 2. BUNDLED EXTENSIONS (Included in Docker image)
$wgGroupPermissions['']['createaccount'] = false;
wfLoadExtension( 'WikiEditor' );
 
wfLoadExtension( 'VisualEditor' );
2. BUNDLED EXTENSIONS
wfLoadExtension( 'CodeEditor' );
 
wfLoadExtension( 'SyntaxHighlight_GeSHi' );
wfLoadExtension( 'WikiEditor' );
wfLoadExtension( 'Cite' );
wfLoadExtension( 'VisualEditor' );
wfLoadExtension( 'InputBox' );
wfLoadExtension( 'CodeEditor' );
wfLoadExtension( 'Scribunto' );
wfLoadExtension( 'SyntaxHighlight_GeSHi' ); # REQUIRED for Code Blocks
wfLoadExtension( 'AbuseFilter' );
wfLoadExtension( 'Cite' );
wfLoadExtension( 'Gadgets' );
wfLoadExtension( 'InputBox' );
wfLoadExtension( 'ParserFunctions' );
wfLoadExtension( 'Scribunto' );
wfLoadExtension( 'Interwiki' );
wfLoadExtension( 'AbuseFilter' );
wfLoadExtension( 'Gadgets' );
# 3. EXTERNAL EXTENSIONS (Must be manually downloaded to /extensions folder)
wfLoadExtension( 'ParserFunctions' );
wfLoadExtension( 'Mermaid' );
wfLoadExtension( 'Interwiki' );
 
# 4. VISUALEDITOR CONFIGURATION
3. EXTERNAL EXTENSIONS
# Enable by default for everyone
 
$wgDefaultUserOptions['visualeditor-enable'] = 1;
wfLoadExtension( 'Mermaid' );
# Allow VE to work in Docker containers (Fixes "Error contacting Parsoid")
 
$wgVisualEditorParsoidForwardCookies = true;
4. VISUALEDITOR CONFIGURATION
 
# 5. LUA CONFIGURATION (Required for Scribunto)
$wgDefaultUserOptions['visualeditor-enable'] = 1;
$wgScribuntoDefaultEngine = 'luastandalone';</code>
$wgVisualEditorParsoidForwardCookies = true;
 
5. LUA CONFIGURATION (Required for Scribunto)
 
$wgScribuntoDefaultEngine = 'luastandalone';
</syntaxhighlight>


== 7. Apply Changes ==
== 7. Apply Changes ==


# '''Mount the settings:''' In Portainer, go to the Stack Editor and '''uncomment''' the LocalSettings.php line.
'''Mount the settings''': In Portainer, go to the Stack Editor and '''uncomment''' the LocalSettings.php line.
# '''Update the Stack:''' Click "Update the stack".
 
# '''Run Database Update:''' Run this command to initialize tables for the new extensions: docker exec -it mediawiki php maintenance/update.php --quick
'''Update the Stack''': Click "Update the stack".
 
'''Run Database Update''':
 
<syntaxhighlight lang="bash">
docker exec -it mediawiki php maintenance/update.php --quick
</syntaxhighlight>
 
== 8. Email Configuration and Admin Setup ==
 
=== 1. SMTP Logic ===
MediaWiki must be able to send emails for account confirmation and resets. Authentication must work with '''Gmail / Google Workspace'''.
 
=== 2. Google App Password ===
 
Go to Google Account → Security → App passwords.
 
'''Critical Detail:''' MediaWiki must receive the password '''without spaces'''.
 
Displayed: xxxx xxxx xxxx xxxx → Input: xxxxxxxxxxxxxxxx
 
=== 3. SMTP Configuration ===
Add this to LocalSettings.php:
<syntaxhighlight lang="php">
$wgEnableEmail = true;
$wgEnableUserEmail = true;
 
$wgSMTP = [
'host'    => 'ssl://smtp.gmail.com',
'IDHost'  => 'wiki.gi7b.org',
'port'    => 465,
'auth'    => true,
'username' => 'admin@gi7b.org',        // REAL mailbox
'password' => 'APP_PASSWORD_NO_SPACES', // Your Google App Password
];
 
$wgPasswordSender = 'info@gi7b.org';      // ALIAS is fine here
</syntaxhighlight>
 
=== 4. Promote Account to Admin ===
<syntaxhighlight lang="bash">
docker exec -it mediawiki php maintenance/createAndPromote.php --sysop --bureaucrat YourUsername
</syntaxhighlight>
 
== 9. Brute Force Protection ==
 
Add throttling to LocalSettings.php:
<syntaxhighlight lang="php">
 
Login attempt throttling
 
$wgRateLimits['user']['login'] = [ 5, 60 ];  // 5 attempts per minute
$wgRateLimits['ip']['login']  = [ 20, 300 ]; // 20 attempts per 5 minutes
</syntaxhighlight>
 
== 10. How to use Code Blocks ==
 
'''Source Editor:''' Use the tag:
 
<pre>
<syntaxhighlight lang="python" copy>
print("This code has a copy button!")
</syntaxhighlight>
</pre>
 
== 11. Quick Guide: Adding Extensions ==
 
'''Download''':
 
<syntaxhighlight lang="bash">
cd /opt/stacks/mediawiki/extensions
git clone https://www.google.com/search?q=https://gerrit.wikimedia.org/r/mediawiki/extensions/ExtensionName
</syntaxhighlight>
 
'''Enable''': Add wfLoadExtension( &#39;ExtensionName&#39; ); to LocalSettings.php.
 
'''Update''':


Your wiki is now live at '''<nowiki>https://wiki.gi7b.org</nowiki>''' with VisualEditor and Mermaid enabled!
<syntaxhighlight lang="bash">
docker exec -it mediawiki php maintenance/update.php --quick
</syntaxhighlight>

Latest revision as of 09:43, 26 January 2026

MediaWiki Setup Guide (Portainer & Docker)

This guide documents how to deploy, configure, and secure a MediaWiki instance using Portainer and Docker Compose. Designed as a general tutorial, it walks through the process of setting up a wiki from scratch, resolving common extension folder issues, and applying production configurations.

Reference: Official MediaWiki Docker Image https://hub.docker.com//mediawiki

1. Prerequisites

Before starting, ensure you have:

Docker & Docker Compose: Installation Guide

Portainer CE: Docker Standalone Install Guide

Domain & Cloudflare Setup: Cloudflare Tunnel (Cloudflared) Setup Guide

NGINX Reverse Proxy: Nginx Proxy Manager Setup

2. Host Folder Setup

Create a dedicated folder for your stack on the Docker host. This path is critical as it will store your configuration and extensions. 

Run on host terminal

sudo mkdir -p /opt/stacks/mediawiki
sudo mkdir -p /opt/stacks/mediawiki/extensions
cd /opt/stacks/mediawiki

3. Deployment (Portainer / Docker Compose)

In Portainer

Go to StacksAdd stack.

Name it mediawiki.

Paste the configuration below into the Web editor.

Click Deploy the stack.

docker-compose.yml

services:
mediawiki:
image: mediawiki
container_name: mediawiki
restart: always
ports:
- 8595:80
depends_on:
- database
volumes:
- 230912_images:/var/www/html/images
# EXTENSIONS: Mounts host folder to container (Requires "Magic Command" step below)
- /opt/stacks/mediawiki/extensions:/var/www/html/extensions
# CONFIG: Uncomment the line below AFTER generating LocalSettings.php
# - /opt/stacks/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php:ro

database:
image: mariadb
container_name: mediawiki-db
restart: always
environment:
MYSQL_DATABASE: mediawiki
MYSQL_USER: mediawiki
MYSQL_PASSWORD: mediawiki
MYSQL_ROOT_PASSWORD: mediawiki
volumes:
- 230912_db:/var/lib/mysql

volumes:
230912_images:
230912_db:

4. First-Time Setup Wizard

Open http://[YOUR_SERVER_IP]:8595 in your browser.

Follow the prompts. When asked for Database Settings, use:

    • Host: database
    • Name: mediawiki
    • User: mediawiki
    • Password: mediawiki

Complete the wizard and Download LocalSettings.php to your computer.

5. Fixing Extensions (The "Magic Command")

Crucial Step: Because we mounted a volume to /extensions, the container's default extensions (VisualEditor, SyntaxHighlight_GeSHi, etc.) are hidden. We must copy them from the image to the host.

Step A: Extract Extensions

docker run --rm --entrypoint tar mediawiki -c -C /var/www/html/extensions . | tar -x -C /opt/stacks/mediawiki/extensions

Step B: Fix Permissions for Code Highlighting

The SyntaxHighlight_GeSHi extension requires a specific Python file (pygmentize) to be executable. 

chmod a+x /opt/stacks/mediawiki/extensions/SyntaxHighlight_GeSHi/pygments/pygmentize

Step C: Add External Extensions

cd /opt/stacks/mediawiki/extensions
git clone https://github.com/SemanticMediaWiki/Mermaid.git Mermaid

6. Configuring LocalSettings.php

Move the downloaded LocalSettings.php to /opt/stacks/mediawiki/LocalSettings.php. 

sudo nano /opt/stacks/mediawiki/LocalSettings.php

A. Set the Custom Domain

Find the $wgServer line and change it to your actual domain: 

$wgServer = "https://wiki.gi7b.org";

B. Add Permissions & Extensions

Paste this block at the very bottom of the file: 

/* -----------------------------------------------------------------------
CUSTOM PERMISSIONS & EXTENSIONS
----------------------------------------------------------------------- */

1. SECURITY: Prevent anonymous editing and account creation

$wgGroupPermissions['']['edit'] = false;
$wgGroupPermissions['']['createaccount'] = false;

2. BUNDLED EXTENSIONS

wfLoadExtension( 'WikiEditor' );
wfLoadExtension( 'VisualEditor' );
wfLoadExtension( 'CodeEditor' );
wfLoadExtension( 'SyntaxHighlight_GeSHi' ); # REQUIRED for Code Blocks
wfLoadExtension( 'Cite' );
wfLoadExtension( 'InputBox' );
wfLoadExtension( 'Scribunto' );
wfLoadExtension( 'AbuseFilter' );
wfLoadExtension( 'Gadgets' );
wfLoadExtension( 'ParserFunctions' );
wfLoadExtension( 'Interwiki' );

3. EXTERNAL EXTENSIONS

wfLoadExtension( 'Mermaid' );

4. VISUALEDITOR CONFIGURATION

$wgDefaultUserOptions['visualeditor-enable'] = 1;
$wgVisualEditorParsoidForwardCookies = true;

5. LUA CONFIGURATION (Required for Scribunto)

$wgScribuntoDefaultEngine = 'luastandalone';

7. Apply Changes

Mount the settings: In Portainer, go to the Stack Editor and uncomment the LocalSettings.php line.

Update the Stack: Click "Update the stack".

Run Database Update: 

docker exec -it mediawiki php maintenance/update.php --quick

8. Email Configuration and Admin Setup

1. SMTP Logic

MediaWiki must be able to send emails for account confirmation and resets. Authentication must work with Gmail / Google Workspace.

2. Google App Password

Go to Google Account → Security → App passwords.

Critical Detail: MediaWiki must receive the password without spaces.

Displayed: xxxx xxxx xxxx xxxx → Input: xxxxxxxxxxxxxxxx

3. SMTP Configuration

Add this to LocalSettings.php: 

$wgEnableEmail = true;
$wgEnableUserEmail = true;

$wgSMTP = [
'host'     => 'ssl://smtp.gmail.com',
'IDHost'   => 'wiki.gi7b.org',
'port'     => 465,
'auth'     => true,
'username' => 'admin@gi7b.org',        // REAL mailbox
'password' => 'APP_PASSWORD_NO_SPACES', // Your Google App Password
];

$wgPasswordSender = 'info@gi7b.org';       // ALIAS is fine here

4. Promote Account to Admin

docker exec -it mediawiki php maintenance/createAndPromote.php --sysop --bureaucrat YourUsername

9. Brute Force Protection

Add throttling to LocalSettings.php: 

Login attempt throttling

$wgRateLimits['user']['login'] = [ 5, 60 ];   // 5 attempts per minute
$wgRateLimits['ip']['login']   = [ 20, 300 ]; // 20 attempts per 5 minutes

10. How to use Code Blocks

Source Editor: Use the tag: 

<syntaxhighlight lang="python" copy>
print("This code has a copy button!")
</syntaxhighlight>

11. Quick Guide: Adding Extensions

Download: 

cd /opt/stacks/mediawiki/extensions
git clone https://www.google.com/search?q=https://gerrit.wikimedia.org/r/mediawiki/extensions/ExtensionName

Enable: Add wfLoadExtension( 'ExtensionName' ); to LocalSettings.php.

Update: 

docker exec -it mediawiki php maintenance/update.php --quick
Retrieved from "http://wiki.gi7b.org/index.php?title=MediaWiki_Setup_Guide_Portainer-Docker-251215-00&oldid=81"