Docker pod for (mediawiki + mysql + phpmyadmin + apache) + gitea + python + nginx. #krash
Charles Reid 3dde64de62 update mediawiki submodule 2 months ago
d-gitea @ f73c8c8258 update gitea submodule 2 months ago
d-mediawiki @ c3109e62f7 update mediawiki submodule 2 months ago
d-mysql @ 4bd88e74c1 update all submodules 1 year ago
d-nginx-charlesreid1 @ ddd33967f5 update d-nginx-charlesreid1 submodule 3 months ago
d-phpmyadmin @ e84de96196 update all submodules 1 year ago
d-python-files @ 473b497e28 update all submodules 1 year ago
docs update and sync readme and docs/ 3 months ago
mkdocs-material @ b0c6890853 update mkdocs-material 3 months ago
scripts add backup_gitea script + service 2 months ago
utils-backup fix spew in daily backup scripts 2 months ago
utils-gitea add "user" argument to scrape_gitea_as_sudo script 2 months ago
utils-mw fix the -C flag 2 months ago
utils-mysql remove 2 months ago
.gitignore update gitignore 2 months ago
.gitmodules change gh org for mkdocs-material 3 months ago
LICENSE MIT licensed 1 year ago add IMPORTANT instructions - nginx and mediawiki templates 3 months ago update todo 1 year ago add apply templates script 3 months ago
docker-compose.fixme.yml mount d-gitea/custom/conf and not d-gitea/custom/conf/app.ini, in case app.ini is not found 7 months ago
docker-compose.yml.j2 clean up docker-compose template 3 months ago
mkdocs.yml update port information 1 year ago Updating submodules to latest 3 months ago


This repo contains a docker compose file for running the site.


The services available through pod-charlesreid1 are:

  • mediawiki
  • apache + php
  • mysql
  • phpmyadmin
  • nginx (Let’s Encrypt used offline for SSL certificates)
  • python
  • gitea


See the documentation site here:

Or visit docs/

Source code on

Source code on

Quick Start

From your project directory, start up the pod:

$ docker-compose up

If you want to rebuild the images before starting them (i.e., if you changed the Dockerfile and want to rebuild the Docker image), use the --build flag:

$ docker-compose up --build

If you only want to rebuild the images without starting the Docker pod, use the build verb:

$ docker-compose build

And finally, if you want to rebuild every container from scratch, rather than using cached data (note that this may take a while), add the --no-cache flag:

$ docker-compose build --no-cache

IMPORTANT: If you are not setting up the charlesreid1 pod using ansible, you must also modify the contents of the following subdirectories to render the templates in each submodule into usable configuration files.

  • d-mediawiki/charlesreid1-config/ - contains MediaWiki extensions and configuration files for MediaWiki. See for details.

    • Build mediawiki extensions dir by running d-mediawiki/charlesreid1-config/

    • Render mediawiki config template (LocalSettings.php) by running d-mediawiki/charlesreid1-config/mediawiki/

    • Render apache config template ( by running d-mediawiki/charlesreid1-config/apache/

  • d-nginx-charlesreid1/conf.d - contains templates for nginx config files, but are not rendered until the render templates script is run.

    • Render nginx configuration file templates (d-nginx-charlesreid1/conf.d/) by running d-nginx-charlesreid1/ (note that this should render templates into d-nginx-charlesreid1/conf.d/ but may actually render templates into d-nginx-charlesreid1/conf.d_examples, in which case you need to copy the configuration files in the conf.d_examples directory into the conf.d directory)


See for info about running this docker pod:

  • Running the Docker Pod from Comand Line
  • Running the Docker Pod as a Startup Service
  • Workflow for Charlesreid1 Docker Pod Updates
  • Restoring the Docker Pod from Backups


See for info about data and volumes used by this docker pod:

  • Persistent Data Volumes
  • nginx
    • nginx + lets encrypt ssl certificates
    • nginx static content
    • nginx bind-mounted files
  • mysql
  • mediawiki
    • mediawiki data volume
    • mediawiki bind-mounted files
  • gitea
    • gitea data volume
    • gitea bind-mounted files
  • python file server (pyfiles)
    • pyfiles directory


There are a number of directories containing utility scripts - these are mostly dedicated to creating backups of any non-version-controlled data inside the container.

See for coverage of backup and utility scripts.

utils-backups - backup utilities (for cron jobs)

utils-mw - mediawiki backup utilities

utils-mysql mysql backup utilities

Domains and Ports

See Domains and for info about top-level domain names and ports used by this docker pod.

The domains ports document covers:

  • Domains
    • nginx domain handling
  • Ports
    • nginx ports
    • mediawiki/apache ports
    • phpmyadmin ports
    • mysql ports
    • gitea ports
    • python file server ports

Additional Port Info

The apache-mediawiki combination is running an apache service listening on port 8989. This can be adjusted, but should be adjusted in the Dockerfile, ports.conf, and wiki.conf.

The apache service listens on all interfaces (hence *:8989 in the apache conf file), but there is no port mapping specified in docker-compose.yml so it does not listen on any public interfaces.

Thus, the wiki is not publicly accessible via port 8989, but the wiki is available via port 8989 to any container linked to, or connected to the same network as, the mediawiki apache container.

Meanwhile, the nginx container has a public interface listening on port 80 and another listening on port 443. nginx listens for requests going to the wiki, detected via the url resource prefix being /w/ or /wiki/, and acts as a reverse proxy, forwarding the requests to Apache.

The user transparently sees everything happening via port 80 or (preferrably) 443, but on the backend nginx is passing along the URL request and returning the result.

Subdomains are served via reverse proxy on port 7777+.

The webhook server is a flask server listening on port 5000.


See for more info about getting secrets like passwords and sensitive files into various containers in the pod.

The important bit: we use root.password to store the password, and pass it into containers as an environment variable. Only this top-level pod-charlesreid1 repo should use the file root.password.

Details covered on the secrets page:

  • mysql database root password
  • mediawiki mysql database root password
  • gitea secret key and session id
  • nginx ssl certificates

Container-Specific Configuration Details

Each container has a different way of getting configuration files into the container. In the following documents we cover the specifics of each container.


docker compose documentation: