Docker pod for (mediawiki + mysql + phpmyadmin + apache) + gitea + python + nginx. #krash
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Charles Reid 8ec2a7db2a fix container names 6 months ago
d-gitea @ 524e02a136 update d-gitea submodule 1 year ago
d-mediawiki @ 4f45d78e35 update d-mediawiki submodule 11 months ago
d-mysql @ eecacd1074 bump d-mysql version 1 year ago
d-nginx-charlesreid1 @ d39c70098a bump commit pointer for d-nginx-charlesreid1 1 year ago
d-phpmyadmin @ e84de96196 update all submodules 2 years ago
d-python-files @ 473b497e28 update all submodules 2 years ago
docs fix typos in docs links 1 year ago
mkdocs-material @ b0c6890853 update mkdocs-material submodule 1 year ago
scripts remove unused databot and service scripts 1 year ago
utils-backup chmod +x 1 year ago
utils-mw fix permissions in restore_wikifiles 1 year ago
utils-mysql fix restore database script commands 1 year ago
.gitignore update gitignore 2 years ago
.gitmodules add d-gitea submodule 1 year ago
LICENSE MIT licensed 3 years ago add IMPORTANT instructions - nginx and mediawiki templates 2 years ago update todo 3 years ago add apply templates script 2 years ago
docker-compose.fixme.yml mount d-gitea/custom/conf and not d-gitea/custom/conf/app.ini, in case app.ini is not found 2 years ago
docker-compose.yml.j2 fix container names 6 months ago
mkdocs.yml update port information 2 years ago Updating submodules to latest 2 years ago


This repo contains a docker compose file
for running the site.


The services available through pod-charlesreid1 are:

  • mediawiki
  • apache + php
  • mysql
  • phpmyadmin
  • nginx (Let’s Encrypt used offline for SSL certificates)
  • python
  • gitea

See the documentation site here:

Or visit docs/

Source code on

Source code on

Quick Start

From your project directory, start up the pod:

$ docker-compose up

If you want to rebuild the images before starting them
(i.e., if you changed the Dockerfile and want to rebuild the
Docker image), use the --build flag:

$ docker-compose up --build

If you only want to rebuild the images without starting the
Docker pod, use the build verb:

$ docker-compose build

And finally, if you want to rebuild every container from scratch,
rather than using cached data (note that this may take a while),
add the --no-cache flag:

$ docker-compose build --no-cache

IMPORTANT: If you are not setting up the charlesreid1 pod using
ansible, you must also modify the contents of the following subdirectories
to render the templates in each submodule into usable configuration files.

  • d-mediawiki/charlesreid1-config/ - contains MediaWiki extensions and configuration
    files for MediaWiki. See
    for details.

    • Build mediawiki extensions dir by running

    • Render mediawiki config template (LocalSettings.php) by running

    • Render apache config template ( by running

  • d-nginx-charlesreid1/conf.d - contains templates for nginx config files, but are not
    rendered until the render templates script is run.

    • Render nginx configuration file templates (d-nginx-charlesreid1/conf.d/)
      by running d-nginx-charlesreid1/
      (note that this should render templates into d-nginx-charlesreid1/conf.d/
      but may actually render templates into d-nginx-charlesreid1/conf.d_examples,
      in which case you need to copy the configuration files in the conf.d_examples
      directory into the conf.d directory)


See for info about running this docker pod:

  • Running the Docker Pod from Comand Line
  • Running the Docker Pod as a Startup Service
  • Workflow for Charlesreid1 Docker Pod Updates
  • Restoring the Docker Pod from Backups


See for info about data and volumes
used by this docker pod:

  • Persistent Data Volumes
  • nginx
    • nginx + lets encrypt ssl certificates
    • nginx static content
    • nginx bind-mounted files
  • mysql
  • mediawiki
    • mediawiki data volume
    • mediawiki bind-mounted files
  • gitea
    • gitea data volume
    • gitea bind-mounted files
  • python file server (pyfiles)
    • pyfiles directory


There are a number of directories containing utility scripts - these are mostly
dedicated to creating backups of any non-version-controlled data inside the container.

See for coverage of backup and utility scripts.

utils-backups - backup utilities (for cron jobs)

utils-mw - mediawiki backup utilities

utils-mysql mysql backup utilities

Domains and Ports

See Domains and for info about top-level domain names
and ports used by this docker pod.

The domains ports document covers:

  • Domains
    • nginx domain handling
  • Ports
    • nginx ports
    • mediawiki/apache ports
    • phpmyadmin ports
    • mysql ports
    • gitea ports
    • python file server ports

Additional Port Info

The apache-mediawiki combination is running an apache service listening on port 8989.
This can be adjusted, but should be adjusted in the Dockerfile, ports.conf, and wiki.conf.

The apache service listens on all interfaces (hence *:8989 in the apache conf file),
but there is no port mapping specified in docker-compose.yml so it does not listen
on any public interfaces.

Thus, the wiki is not publicly accessible via port 8989, but the wiki is available via port 8989
to any container linked to, or connected to the same network as, the mediawiki apache container.

Meanwhile, the nginx container has a public interface listening on port 80
and another listening on port 443. nginx listens for requests going to
the wiki, detected via the url resource prefix being /w/ or /wiki/,
and acts as a reverse proxy, forwarding the requests to Apache.

The user transparently sees everything happening via port 80 or (preferrably) 443,
but on the backend nginx is passing along the URL request and returning the result.

Subdomains are served via reverse proxy on port 7777+.

The webhook server is a flask server listening on port 5000.


See for more info about getting secrets like
passwords and sensitive files into various containers in the pod.

The important bit: we use root.password to store the password, and pass it
into containers as an environment variable. Only this top-level pod-charlesreid1
repo should use the file root.password.

Details covered on the secrets page:

  • mysql database root password
  • mediawiki mysql database root password
  • gitea secret key and session id
  • nginx ssl certificates

Container-Specific Configuration Details

Each container has a different way of getting
configuration files into the container.
In the following documents we cover
the specifics of each container.

docker compose documentation: