Docker pod for charlesreid1.com: nginx + gitea + mediawiki + mysql https://pages.charlesreid1.com/pod-charlesreid1
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
Charles Reid a3f460113a add instructions for blocking IP addresses 2 months ago
d-gitea update gitea app.ini jinja template 1 year ago
d-mediawiki update php.ini upload size to match localsettings.php 3 years ago
d-mysql add d-mysql directory contents 3 years ago
d-nginx-charlesreid1 add "ban jerks" section to nginx config 2 months ago
docs add instructions for blocking IP addresses 2 months ago
mkdocs-material@b0c6890853 update mkdocs-material submodule 5 years ago
scripts add wikifiles restore script 1 year ago
.gitignore ignore log files 3 years ago
.gitmodules make mkdocs-material submodule url https instad of git so it works without ssh key preconfigured 3 years ago
LICENSE update license 3 years ago
Makefile chmod the logs 1 year ago
README.md add IMPORTANT instructions - nginx and mediawiki templates 6 years ago
common.mk check if pod_charlesreid1_dir env var exists 3 years ago
docker-compose.yml.j2 remove tree 3 years ago
environment.example fix up aws backup script to use native aws cli env vars 3 years ago
environment.j2 fix missing var name in environment.j2 3 years ago
mkdocs.yml update port information 6 years ago

README.md

pod-charlesreid1

This repo contains a docker compose file for running the charlesreid1.com site.

Services

The services available through pod-charlesreid1 are:

  • mediawiki
  • apache + php
  • mysql
  • phpmyadmin
  • nginx (Let's Encrypt used offline for SSL certificates)
  • python
  • gitea

See the documentation site here: https://pages.charlesreid1.com/pod-charlesreid1

Or visit docs/index.md

Source code on git.charlesreid1.com: https://git.charlesreid1.com/docker/pod-charlesreid1

Source code on github.com: https://github.com/charlesreid1-docker/pod-charlesreid1

Quick Start

From your project directory, start up the pod:

$ docker-compose up

If you want to rebuild the images before starting them (i.e., if you changed the Dockerfile and want to rebuild the Docker image), use the --build flag:

$ docker-compose up --build

If you only want to rebuild the images without starting the Docker pod, use the build verb:

$ docker-compose build

And finally, if you want to rebuild every container from scratch, rather than using cached data (note that this may take a while), add the --no-cache flag:

$ docker-compose build --no-cache

IMPORTANT: If you are not setting up the charlesreid1 pod using ansible, you must also modify the contents of the following subdirectories to render the templates in each submodule into usable configuration files.

  • d-mediawiki/charlesreid1-config/ - contains MediaWiki extensions and configuration files for MediaWiki. See https://github.com/charlesreid1-docker/charlesreid1-wiki-config for details.

    • Build mediawiki extensions dir by running d-mediawiki/charlesreid1-config/build_extensions_dir.sh

    • Render mediawiki config template (LocalSettings.php) by running d-mediawiki/charlesreid1-config/mediawiki/apply_templates.py

    • Render apache config template (charlesreid1.wiki.conf) by running d-mediawiki/charlesreid1-config/apache/apply_templates.py

  • d-nginx-charlesreid1/conf.d - contains templates for nginx config files, but are not rendered until the render templates script is run.

    • Render nginx configuration file templates (d-nginx-charlesreid1/conf.d/) by running d-nginx-charlesreid1/apply_templates.py (note that this should render templates into d-nginx-charlesreid1/conf.d/ but may actually render templates into d-nginx-charlesreid1/conf.d_examples, in which case you need to copy the configuration files in the conf.d_examples directory into the conf.d directory)

Running

See Running.md for info about running this docker pod:

  • Running the Docker Pod from Comand Line
  • Running the Docker Pod as a Startup Service
  • Workflow for Charlesreid1 Docker Pod Updates
  • Restoring the Docker Pod from Backups

Volumes

See Volumes.md for info about data and volumes used by this docker pod:

  • Persistent Data Volumes
  • nginx
    • nginx + lets encrypt ssl certificates
    • nginx static content
    • nginx bind-mounted files
  • mysql
  • mediawiki
    • mediawiki data volume
    • mediawiki bind-mounted files
  • gitea
    • gitea data volume
    • gitea bind-mounted files
  • python file server (pyfiles)
    • pyfiles directory

Backups

There are a number of directories containing utility scripts - these are mostly dedicated to creating backups of any non-version-controlled data inside the container.

See Backups.md for coverage of backup and utility scripts.

utils-backups - backup utilities (for cron jobs)

utils-mw - mediawiki backup utilities

utils-mysql mysql backup utilities

Domains and Ports

See Domains and Ports.md for info about top-level domain names and ports used by this docker pod.

The domains ports document covers:

  • Domains
    • nginx domain handling
  • Ports
    • nginx ports
    • mediawiki/apache ports
    • phpmyadmin ports
    • mysql ports
    • gitea ports
    • python file server ports

Additional Port Info

The apache-mediawiki combination is running an apache service listening on port 8989. This can be adjusted, but should be adjusted in the Dockerfile, ports.conf, and wiki.conf.

The apache service listens on all interfaces (hence *:8989 in the apache conf file), but there is no port mapping specified in docker-compose.yml so it does not listen on any public interfaces.

Thus, the wiki is not publicly accessible via port 8989, but the wiki is available via port 8989 to any container linked to, or connected to the same network as, the mediawiki apache container.

Meanwhile, the nginx container has a public interface listening on port 80 and another listening on port 443. nginx listens for requests going to the wiki, detected via the url resource prefix being /w/ or /wiki/, and acts as a reverse proxy, forwarding the requests to Apache.

The user transparently sees everything happening via port 80 or (preferrably) 443, but on the backend nginx is passing along the URL request and returning the result.

Subdomains are served via reverse proxy on port 7777+.

The webhook server is a flask server listening on port 5000.

Secrets

See Secrets.md for more info about getting secrets like passwords and sensitive files into various containers in the pod.

The important bit: we use root.password to store the password, and pass it into containers as an environment variable. Only this top-level pod-charlesreid1 repo should use the file root.password.

Details covered on the secrets page:

  • mysql database root password
  • mediawiki mysql database root password
  • gitea secret key and session id
  • nginx ssl certificates

Container-Specific Configuration Details

Each container has a different way of getting configuration files into the container. In the following documents we cover the specifics of each container.

docker compose documentation: