# Mediawiki [![Build Status](https://drone.autonomic.zone/api/badges/coop-cloud/mediawiki/status.svg)](https://drone.autonomic.zone/coop-cloud/mediawiki) Mediawiki [version 1.35][mediawiki-1.35] * **Category**: Apps * **Status**: ❸🍎 * **Image**: [`mediawiki`](https://hub.docker.com/_/mediawiki), βΆπŸ’š, upstream * **Healthcheck**: No * **Backups**: Yes * **Email**: βΆπŸ’š * **Tests**: β·πŸ’› * **SSO**: β·πŸ’› (OAuth, SAML) ## Basic usage 1. Set up Docker Swarm and [`abra`][abra] 2. Deploy [`coop-cloud/traefik`][traefik] 3. `abra app new mediawiki --secrets` (optionally with `--pass` if you'd like to save secrets in `pass`) 4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to your Docker swarm box 5. `abra app YOURAPPDOMAIN deploy` 6. Create an initial admin user: `abra app YOURAPPDOMAIN run app php /var/www/html/maintenance/createAndPromote.php --sysop YourUsername YourPassword` ## Email 1. `abra app YOURAPPDOMAIN config` - edit `.envrc` and uncomment the `SMTP` lines. Set `SMTP_HOST` to `postfix_relay` for `coop-cloud/postfix_relay`, or `mailu_front` for `coop-cloud/mailu` (assuming default stack names) 2. For `postfix_relay`, add the domain to your email config – `EXTRA_SENDER_DOMAINS` in `postfix_relay`. This doesn't seem to be required for Mailu. 3. `abra app YOURAPPDOMAIN deploy` ## Single Sign On ### SimpleSAMLphp This app includes optional SAML Single Sign On using [SimpleSAMLphp][simplesamlphp] and Mediawiki's [Extension:SimpleSAMLphp][mw-simplesamlphp], based on the [`venatorfox/simplesamlphp`][venatorfox-simplesamlphp] image. NOTE: currently, if you enable SAML then it'll disable Mediawiki's own user account system. Patches to make this configurable are welcome! 1. `abra app YOURAPPDOMAIN config` - uncomment lines in the `SAML` section (including `COMPOSE_FILE`) 2. Generate secrets: (add `--pass` if you want to store secrets in `pass`) ``` abra app YOURAPPDOMAIN secret generate saml_admin_password v1 abra app YOURAPPDOMAIN secret generate saml_secret_salt v1 "pwgen -n 64 1" ``` 3. `abra app YOURAPPDOMAIN deploy` 4. Copy your SimpleSAMLphp metadata and certificates to the container (assuming you have local `metadata` and `cert` folders: ``` abra app YOURAPPDOMAIN cp metadata simplesaml:/var/simplesamlphp/ abra app YOURAPPDOMAIN cp cert simplesaml:/var/simplesamlphp/ ``` 5. You can log into SimpleSAMLphp using the password you generated at https://$DOMAIN/simplesaml/ and test authentication 6. Edit SimpleSAMLphp's `config.php` and change `store.sql.dsn`: ``` abra app YOURAPPDOMAIN run simplesaml vi /var/simplesamlphp/config/config.php # find 'store.sql.dsn' and edit to: # 'sqlite:/var/simplesamlphp/data/simplesamlphp.sq3' ``` ### OpenID Connect 1. `abra app YOURAPPDOMAIN config` - uncomment lines in the `OPENID` section (including `COMPOSE_FILE`) 2. Store your Keycloak-generated client secret in Docker: ``` abra app YOURAPPDOMAIN secret insert openid_client_secret v1 put-your-secret-here ``` 3. `abra app YOURAPPDOMAIN deploy` ## License MIT License [mediawiki-1.35]: https://www.mediawiki.org/wiki/Release_notes/1.35 [abra]: https://git.autonomic.zone/autonomic-cooperative/abra [traefik]: https://git.autonomic.zone/coop-cloud/traefik [simplesamlphp]: https://simplesamlphp.org/ [mw-simplesamlphp]: https://www.mediawiki.org/wiki/Extension:SimpleSAMLphp [venatorfox-simplesamlphp]: https://hub.docker.com/r/venatorfox/simplesamlphp