DevOps/docker-mediawiki-extended
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial Commit

Browse Source
This commit is contained in:
sodema 2022-11-28 13:27:43 +00:00
commit 1989612ad7
8 changed files with 283 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.env

3
README.md Normal file
View File

@ -0,0 +1,3 @@
# mediawiki-ldap
cp example.env .env > set Variables > Build Container > Start Stack > run ./run_install.sh > connect to your Wiki URL > Login with LDAP

48
build/Dockerfile Normal file
View File

@ -0,0 +1,48 @@
FROM mediawiki:1.35.8
MAINTAINER david.martin@sodema.de
RUN apt-get update && apt-get -y install libldb-dev git && rm -rf /var/lib/apt/lists/*
ADD https://github.com/mlocati/docker-php-extension-installer/releases/latest/download/install-php-extensions /usr/local/bin/
RUN chmod +x /usr/local/bin/install-php-extensions && \
install-php-extensions ldap
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthentication2.git /var/www/html/extensions/LDAPAuthentication2
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPAuthorization.git /var/www/html/extensions/LDAPAuthorization
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPGroups.git /var/www/html/extensions/LDAPGroups
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPProvider.git /var/www/html/extensions/LDAPProvider
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPSyncAll.git /var/www/html/extensions/LDAPSyncAll
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-LDAPUserInfo.git /var/www/html/extensions/LDAPUserInfo
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-PluggableAuth.git /var/www/html/extensions/PluggableAuth
RUN git clone --branch REL1_35 https://github.com/wikimedia/mediawiki-extensions-Auth_remoteuser.git /var/www/html/extensions/Auth_remoteuser
RUN if test -f /var/www/html/LocalSettings.php; then echo 'require_once "$IP/LocalSettings.LDAP.php";' >> /var/www/html/LocalSettings.php;fi
RUN set -eux; \
mkdir -p /log/mediawiki; \
chown -R www-data:www-data /log/mediawiki
RUN touch '/log/mediawiki/resourceloader.log'
RUN touch '/log/mediawiki/exception.log'
RUN touch '/log/mediawiki/exception.json'
RUN touch '/log/mediawiki/LDAPAuthentication2.log'
RUN touch '/log/mediawiki/LDAPAuthorization.log'
RUN touch '/log/mediawiki/LDAPGroups.log'
RUN touch '/log/mediawiki/LDAPUserInfo.log'
RUN touch '/log/mediawiki/LDAPProvider.log'
RUN touch '/log/mediawiki/PluggableAuth.log'
RUN touch '/log/mediawiki/ldap.log'
RUN touch '/log/mediawiki/mw_debug.log'
RUN chown -R www-data:www-data /log/mediawiki && chmod -R 0660 /log/mediawiki
RUN set -eux; \
mkdir -p /opt/mediawiki; \
chown -R www-data:www-data /log/mediawiki
ADD include/LocalSettings.LDAP.php /opt/mediawiki
ADD include/install_wiki.sh /opt/mediawiki/
RUN chmod +x /opt/mediawiki/install_wiki.sh

120
build/include/LocalSettings.LDAP.php Normal file
View File

@ -0,0 +1,120 @@
<?php
# debug - set to true for debugging
$wgShowExceptionDetails = false;
$wgDebugToolbar = false;
$wgShowDebug = false;
$wgDevelopmentWarnings = false;
$wgDebugLogGroups = array(
'resourceloader' => '/log/mediawiki/resourceloader.log',
'exception' => '/log/mediawiki/exception.log',
'exception-json' => '/log/mediawiki/exception.json',
'LDAPAuthentication2' => '/log/mediawiki/LDAPAuthentication2.log',
'LDAPAuthorization' => '/log/mediawiki/LDAPAuthorization.log',
'LDAPGroups' => '/log/mediawiki/LDAPGroups.log',
'LDAPUserInfo' => '/log/mediawiki/LDAPUserInfo.log',
'LDAPProvider' => '/log/mediawiki/LDAPProvider.log',
'PluggableAuth' => '/log/mediawiki/PluggableAuth.log',
'LDAP' => '/log/mediawiki/ldap.log',
'MediaWiki\\Extension\\LDAPProvider\\Client' => '/log/mediawiki/LDAPClient.log'
);
wfLoadExtensions( [
'LDAPAuthentication2',
'LDAPAuthorization',
'LDAPGroups',
'LDAPProvider',
'LDAPUserInfo',
'PluggableAuth'
] );
$wgAuthRemoteuserDomain = "LDAP_DOMAINNAME";
$wgAuthRemoteuserMailDomain = "LDAP_SERVER_NAME";
$wgAuthRemoteuserNotify = true;
#LDAPAuthorization
$wgLdapAuthDomainNames = "LDAP_DOMAINNAME";
$wgLdapAuthIsActiveDirectory = 'false';
$wgLdapAuthSearchTree = true ;
#PluggableAuth
$wgPluggableAuth_EnableAutoLogin = false ;
$wgPluggableAuth_EnableLocalProperties = false ;
$wgPluggableAuth_EnableLocalLogin = false ;
$wgPluggableAuth_ButtonLabel = "LDAP Log In"; # defaults to "Login with PluggableAuth "
#LDAPAuthentication2
$LDAPAuthenticationAllowLocalLogin = true;
$LDAPAuthenticationUsernameNormalizer = 'strtolower';
$LDAPProviderDomainConfigProvider = function() {
$config = [
"LDAP_DOMAINNAME" => [
"connection" => [
"server" => "LDAP_SERVER_NAME",
"port" => "LDAP_SERVER_PORT",
"enctype" => "LDAP_ENCTYPE",
"user" => LDAP_BIND_USER,
"pass" => LDAP_BIND_PASS,
"basedn" => "LDAP_BASE",
"userbasedn" => "LDAP_BASE",
"groupbasedn" => "LDAP_BASE",
"searchattribute" => "LDAP_USER_ATTR",
"usernameattribute" => "LDAP_USER_ATTR",
"realnameattribute" => "displayname",
"emailattribute" => "mail",
"grouprequest" => "MediaWiki\\Extension\\LDAPProvider\\UserGroupsRequest\\UserMemberOf::factory",
"nestedgroups" => true
],
"authorization" => [
"rules" => [
"attributes" => []
]
],
"userinfo" => [
"attributes-map" => [
"email" => "mail",
"realname" => "displayname"
]
],
"groupsync" => [
"mechanism" => "allgroups"
]
]
];
return new \MediaWiki\Extension\LDAPProvider\DomainConfigProvider\InlinePHPArray( $config );
};
$LDAPProviderCacheTime = 5;
$LDAPProviderCacheType = "CACHE_NONE" ;
$LDAPProviderDefaultDomain = "LDAP_DOMAINNAME" ;
# Group Permissions
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createaccount'] = true;
$wgGroupPermissions['*']['autocreateaccount'] = true;
$wgGroupPermissions['wiki-admins']['delete'] = true;
$wgGroupPermissions['wiki-admins']['undelete'] = true;
$wgGroupPermissions['wiki-admins']['undelete'] = true;
$wgGroupPermissions['wiki-admins']['editprotected'] = true;
$wgGroupPermissions['wiki-admins']['protect'] = true;
## Visual Editor Stuff
wfLoadExtension( 'VisualEditor' );
wfLoadExtension( 'WikiEditor' );

18
build/include/install_wiki.sh Normal file
View File

@ -0,0 +1,18 @@
#!/bin/bash
php maintenance/install.php --dbname=$DB_NAME --dbserver=$DB_HOST --installdbuser=$DB_USER --installdbpass=$DB_PASS --dbuser=$DB_USER --dbpass=$DB_PASS --server=$WIKI_URL --scriptpath=$WIKI_PATH --lang=$WIKI_LANG --pass=$WIKI_ADMIN_PASS $WIKI_NAME $WIKI_ADMIN
if test -f /var/www/html/LocalSettings.php; then echo 'require_once "$IP/LocalSettings.LDAP.php";' >> /var/www/html/LocalSettings.php;fi
cp /opt/mediawiki/LocalSettings.LDAP.php /var/www/html/LocalSettings.LDAP.php
sed -i "s/LDAP_DOMAINNAME/$LDAP_DOMAINNAME/g" /var/www/html/LocalSettings.LDAP.php
sed -i "s/LDAP_SERVER_NAME/$LDAP_SERVER_NAME/g" /var/www/html/LocalSettings.LDAP.php
sed -i "s/LDAP_SERVER_PORT/$LDAP_SERVER_PORT/g" /var/www/html/LocalSettings.LDAP.php
sed -i "s/LDAP_ENCTYPE/$LDAP_ENCTYPE/g" /var/www/html/LocalSettings.LDAP.php
sed -i "s/LDAP_BIND_USER/$LDAP_BIND_USER/g" /var/www/html/LocalSettings.LDAP.php
sed -i "s/LDAP_BIND_PASS/$LDAP_BIND_PASS/g" /var/www/html/LocalSettings.LDAP.php
sed -i "s/LDAP_BASE/$LDAP_BASE/g" /var/www/html/LocalSettings.LDAP.php
sed -i "s/LDAP_USER_ATTR/$LDAP_USER_ATTR/g" /var/www/html/LocalSettings.LDAP.php
sed -i "s/WIKI_LANG/$WIKI_LANG/g" /var/www/html/LocalSettings.LDAP.php
php maintenance/update.php --quick

66
docker-compose.yml Normal file
View File

@ -0,0 +1,66 @@
version: '3.3'
services:
mediawiki:
image: mediawiki-ldap:latest
# build: ./build/Dockerfile
container_name: mediawiki-app
restart: unless-stopped
environment:
- LDAP_BASE=${LDAP_BASE}
- LDAP_SERVER_NAME=${LDAP_SERVER_NAME}
- LDAP_SERVER_PORT=${LDAP_SERVER_PORT}
- LDAP_DOMAINNAME=${LDAP_DOMAINNAME}
- LDAP_ENCTYPE=${LDAP_ENCTYPE}
- LDAP_USER_ATTR=${LDAP_USER_ATTR}
- LDAP_BIND_USER=${LDAP_BIND_USER}
- LDAP_BIND_PASS=${LDAP_BIND_PASS}
- DB_HOST=${DB_HOST}
- DB_PORT=${DB_PORT}
- DB_NAME=${DB_NAME}
- DB_USER=${DB_USER}
- DB_PASS=${DB_PASS}
- WIKI_NAME=${WIKI_NAME}
- WIKI_ADMIN=${WIKI_ADMIN}
- WIKI_ADMIN_PASS=${WIKI_ADMIN_PASS}
- WIKI_URL=${WIKI_URL}
- WIKI_LANG=${WIKI_LANG}
labels:
- "traefik.enable=true"
- "traefik.http.routers.mediawiki.rule=Host(`wiki.katronic.de`)"
- "traefik.http.routers.mediawiki.entrypoints=websecure"
- "traefik.http.routers.mediawiki.tls.certresolver=mytlschallenge"
volumes:
- mediawiki-data:/var/www/html/
- mediawiki-logs:/log/mediawiki
# - /opt/docker-compose/mediawiki/php.ini:/usr/local/etc/php/conf.d/mediawiki.ini
expose:
- '80'
networks:
- proxy
mariadb:
image: mariadb
container_name: mediawiki-db
restart: unless-stopped
networks:
- proxy
volumes:
- mediawiki-db:/var/lib/mysql
environment:
- MYSQL_DATABASE=${DB_NAME}
- MYSQL_USER=${DB_USER}
- MYSQL_PASSWORD=${DB_PASS}
- MYSQL_RANDOM_ROOT_PASSWORD='yes'
volumes:
mediawiki-db:
driver: local
mediawiki-data:
driver: local
mediawiki-logs:
driver: local
networks:
proxy:
external: true

18
example.env Normal file
View File

@ -0,0 +1,18 @@
LDAP_BASE=dc=yourdomain,dc=local
LDAP_SERVER_NAME=ldap.yourdomain.local
LDAP_SERVER_PORT=9636
LDAP_DOMAINNAME=yourdomain.local
LDAP_ENCTYPE=ssl
LDAP_USER_ATTR=uid
LDAP_BIND_USER="uid=readonly,cn=users,dc=yourdomain,dc=local"
LDAP_BIND_PASS="SecretBindPassword"
DB_HOST=mediawiki-db
DB_PORT=3306
DB_NAME=mediawiki
DB_USER=mediawiki
DB_PASS=SecretDBPass
WIKI_NAME=Yourdomain_Wiki
WIKI_ADMIN=Admin
WIKI_ADMIN_PASS=ChangeMe2022!
WIKI_URL=https://wiki.yourdomain.local
WIKI_LANG=de

9
run_install.sh Executable file
View File

@ -0,0 +1,9 @@
#!/bin/bash
# start the installscript and create LocalSettings.php
# set CONT_NAME to your container_name variable from docker-compose.yml
CONT_NAME=mediawiki-app
docker exec $CONT_NAME /opt/mediawiki/install_wiki.sh