Star Citizen Wiki Docker

The Docker configuration powering https://star-citizen.wiki.

docker pull scwiki/wiki:dev

Installation

Create the user and allow it to use docker:

adduser scwiki

usermod -aG docker scwiki

And add the resulting UID and GUID to .env

Create the network:

docker network create --subnet=172.16.0.0/29 star-citizen.wiki

Replace $wgSecretKey in LocalSettings.php.

# Generates a 64 character long hex string 
echo "$(openssl rand -hex 32)"
# Or
php -r "echo(bin2hex(openssl_random_pseudo_bytes(32)));"

Replace $wgUpgradeKey in LocalSettings.php.

# Generates a 8 character long hex string 
echo "$(openssl rand -hex 8)"
# Or
php -r "echo(bin2hex(openssl_random_pseudo_bytes(8)))";

Copy .env-example to .env and populate the available fields.

Update $wgServer and $wgCanonicalServer in LocalSettings.php

Note:
Elasticsearch requires vm.max_map_count to be set to at least 262144.
Run: sysctl -w vm.max_map_count=262144

Create required folders:

$ mkdir -p /etc/star-citizen.wiki
$ mkdir -p /var/lib/star-citizen.wiki/{esdata,redis,db,cache}
$ mkdir -p /srv/star-citizen.wiki/{images,sitemap}

Copy files to destination:

$ cp ./LocalSettings.php ./.smw.json /etc/star-citizen.wiki
$ cp -R ./config /etc/star-citizen.wiki
$ cp -R ./container-config /etc/star-citizen.wiki
$ cp -R ./includes /etc/star-citizen.wiki

$ chown -R scwiki: /etc/star-citizen.wiki /var/lib/star-citizen.wiki /srv/star-citizen.wiki/sitemap
$ chown -R scwiki:www-data /srv/star-citizen.wiki/sitemap /srv/star-citizen.wiki/images /var/lib/star-citizen.wiki/cache /etc/star-citizen.wiki/.smw.json
$ chmod -R g+w /var/lib/star-citizen.wiki /srv/star-citizen.wiki/sitemap /var/lib/star-citizen.wiki/cache /etc/star-citizen.wiki/.smw.json
$ chmod g+rwx /var/lib/star-citizen.wiki/esdata
$ chgrp 0 /var/lib/star-citizen.wiki/esdata
$ chmod g+rwx /srv/star-citizen.wiki/sitemap /srv/star-citizen.wiki/images

Start the database and wiki container:

su scwiki
docker-compose up -d star-citizen.wiki-varnish

docker exec -it star-citizen.wiki-live /bin/bash

# This creates the database and installs the wiki
# You should use the user / db / password configured in the .env file
# See https://www.mediawiki.org/wiki/Manual:Install.php for more information
php maintenance/install.php \
  --confpath /dev/null \
  --dbserver db \
  --dbuser scw \
  --dbpass scw \
  --dbname scw \
  --pass ADMIN_PASSWORD \
  WIKI_NAME \
  ADMIN_NAME

Stop all container:

docker-compose down

Uncomment the LocalSettings.php mount and start the stack.

docker-compose up -d

Connect to the container and run the update script:

docker exec -it star-citizen.wiki-live /bin/bash

php maintenance/update.php --quick

Configuration

Traefik

If you are running traefik remove the ports portion from the varnish container and uncomment the expose part.

For local traefik instances without SSL you need to remove all labels containing tls and change out the entry point from https to http (or the name you set in your traefik config).

Also when not using the Star Citizen Wiki Traefik config you need to remove the labels containing middlewares.

Stack

The Wiki stack consists of the following services:

• star-citizen.wiki
  • MediaWiki 1.39.x
  • Including
    • ffmpeg
    • ghostscript / poppler-utils
    • luasandbox
    • webp
    • zip / unzip
  • PHP Extensions
    • CURL
    • DOM
    • IMAGICK
    • JSON
    • REDIS
    • SOCKETS
    • ZIP
  • Extensions and Skins bundled in the container
    • mediawiki/admin-links
    • mediawiki/advanced-search
    • mediawiki/apiunto
    • mediawiki/capiunto
    • mediawiki/cirrus-search
    • mediawiki/citizen-skin
    • mediawiki/cldr
    • mediawiki/commons-metadata
    • mediawiki/cookie-warning
    • mediawiki/disambiguator
    • mediawiki/discord-notifications
    • mediawiki/discussion-tools
    • mediawiki/echo
    • mediawiki/elastica
    • mediawiki/embed-video (Fork)
    • mediawiki/json-config
    • mediawiki/labeled-section-transclusion
    • mediawiki/linter
    • mediawiki/media-search
    • mediawiki/multi-purge
    • mediawiki/oauth
    • mediawiki/page-forms
    • mediawiki/plausible
    • mediawiki/popups
    • mediawiki/related-articles
    • mediawiki/sandbox-link
    • mediawiki/semantic-media-wiki
    • mediawiki/semantic-result-formats
    • mediawiki/semantic-scribunto
    • mediawiki/semantic-drolldown
    • mediawiki/short-description
    • mediawiki/symfony-mailer
    • mediawiki/tabber-neue
    • mediawiki/template-styles
    • mediawiki/template-styles-extender
    • mediawiki/thanks
    • mediawiki/upload-wizard
    • mediawiki/universal-language-selector
    • octfx/wikiseo
• db
  • MariaDB Server
• elasticsearch
  • ElasticSearch 7.10.2 ("Official" Version)
• elasticsearch-smw
  • ElasticSearch 7.10.2 ("Official" Version)
• ofelia
  • Cron Container
  • Semantic MediaWiki Jobs
  • Queue
    • Runs every 10 seconds
  • Sitemap generation
    • Runs daily
• redis (keydb)
  • JobQueue
  • Caching
• Varnish
  • Page Cache

Cloudflare Settings

Page Rules

The following page rules are used for CloudFlare

• star-citizen.wiki/thumb.php?*
  • Cache-Level: Cache Everything
  • Browser-Cache-TTL: 1 Year
  • Edge-Cache-TTL: 1 Month
  • Always Online: Yes
• star-citizen.wiki/load.php?*
  • Cache-Level: Cache Everything
  • Browser-Cache-TTL: 1 Year
  • Edge-Cache-TTL: 1 Month
  • Always Online: Yes

Firewall Rules

Visit Firewall -> Firewall Rules and add the following code to a new rule.

This will disable bots trying to edit pages, visit special pages, or the login view.

(http.request.uri.query contains "action=edit" and cf.client.bot) or
(http.request.uri.query contains "action=visualeditor" and cf.client.bot) or
(http.request.uri.query contains "Anmelden" and cf.client.bot) or
(http.request.uri.path contains "Spezial" and cf.client.bot) or
(http.request.uri.query contains "Spezial" and cf.client.bot) or
(http.request.uri.query contains "UserLogin" and cf.client.bot) or
(http.request.uri.path contains "Special" and cf.client.bot) or
(http.request.uri.query contains "Special" and cf.client.bot)

Upgrade notes

After a major update OAuth Consumers seem to get invalidated.
For each registered consumer a new one needs to get created.

Further notes

The MediaWiki Container service name cannot have the same name as the domain the wiki is running on.
If both names are equal, and the wiki is running on https, VisualEditor will fail to connect.

Upload Wizard Messages

To use the custom licenses in UW you need to create the following system messages

MariaDB Healthchecks

MariaDB moved to a new healthcheck syntax. For databases that already exist, a local user must be added:

CREATE USER 'mysql'@'127.0.0.1';
GRANT USAGE ON *.* to 'mysql'@'127.0.0.1';