docker/pod-charlesreid1
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
761 Commits 1 Branch 0 Tags
main
Commit Graph

761 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Charles Reid
361e34b636 Enable mod_remoteip so Apache logs record real client IPs instead of nginx docker-internal IP 
Apache was logging 172.21.0.5 (nginx container IP) for every request.
Configure RemoteIPHeader X-Real-IP and RemoteIPTrustedProxy to trust
the header nginx already sets, so access logs show actual visitor IPs.
 2026-06-22 20:46:14 -07:00
Charles Reid
97b5f74924 Merge branch 'chaz-mpm-prefork-tuning' 
* chaz-mpm-prefork-tuning:
  add MPM prefork tuning
  ignore .claude dir
 2026-06-14 08:08:24 -07:00
Charles Reid
4a2115fc14 Merge branch 'chaz-block-bot-traffic' 
* chaz-block-bot-traffic:
  block bot traffic in nginx, reconcile with golly wiki approach
 2026-06-14 08:08:16 -07:00
Charles Reid
52c7835847 Merge branch 'chaz-runner-registration-token' 
* chaz-runner-registration-token:
  revert runner token to jinja2 variable so it actually works
  put jinja var in environment.j2
  add gitea runner token to environment.example
  gitea runner token comes from env var
 2026-06-14 08:07:38 -07:00
Charles Reid
448f4d3da7 add MPM prefork tuning 
Live fix applied:
  - mpm_prefork.conf updated inside the running container, Apache gracefully restarted
  - Workers dropped from 12 to 6, MW container memory from 230 MB to 128 MB
  - Swap already recovering (494/511 vs 511/511)

  Persistent changes on disk (/home/charles/pod-charlesreid1/d-mediawiki/):
  - New file: charlesreid1-config/apache/mods/mpm_prefork.conf with the tuned values
  - Dockerfile updated with COPY charlesreid1-config/apache/mods/mpm_prefork.conf
  /etc/apache2/mods-enabled/mpm_prefork.conf
 2026-06-14 08:04:48 -07:00
Charles Reid
bfa16d3a51 ignore .claude dir 2026-06-14 08:04:34 -07:00
Charles Reid
81c32a12ce block bot traffic in nginx, reconcile with golly wiki approach 
robots.txt — expanded from a blanket /w/ block to granular MediaWiki
rules matching the golly wiki (api.php, includes, languages,
maintenance, resources, serialized, skins, Special pages), with an
explicit Allow: /wiki/.

https.DOMAIN.conf.j2 — two additions:

1. map $http_user_agent $is_bot block at the top, matching the same
   5 bot user-agents as golly (meta-externalagent, meta-webindexer,
   ClaudeBot, Amazonbot, SemrushBot)
2. if ($is_bot) { return 429; } added to all proxied location blocks:
   - /wiki/ and /w/ in the default server (charlesreid1.com)
   - /wiki/ and /w/ in the www server (www.charlesreid1.com)
   - / in the gitea server (git.charlesreid1.com)

Well-behaved bots see the robots.txt rules; misbehaving ones that
ignore robots.txt get a 429 at the nginx level before hitting
MediaWiki or Gitea.
 2026-06-14 08:00:27 -07:00
Charles Reid
4bc2da353e revert runner token to jinja2 variable so it actually works 2026-06-09 17:07:49 -07:00
Charles Reid
600ef0cf71 put jinja var in environment.j2 2026-06-09 16:32:59 -07:00
Charles Reid
4bc48d2d51 add gitea runner token to environment.example 2026-06-09 16:32:44 -07:00
Charles Reid
eab037ac64 gitea runner token comes from env var 2026-06-09 16:32:27 -07:00
Charles Reid
5a51420d5e fix mathjax config 2026-06-05 16:22:37 -07:00
Charles Reid
f092e99c6b keep mysql password inside container to avoid host process table exposure 2026-05-08 18:23:46 -07:00
Charles Reid
d79b9a9a1d replace subprocess shell calls with pathlib in backup canary to prevent shell injection 2026-05-08 18:23:43 -07:00
Charles Reid
942d75dd86 disable raw HTML in mediawiki to prevent stored XSS 2026-05-08 18:23:39 -07:00
Charles Reid
1e8af71026 add docker socket proxy to protect against unrestricted host access from gitea runner 2026-05-08 18:23:36 -07:00
Charles Reid
e8235f246f update .gitignore 2026-05-08 18:23:31 -07:00
Charles Reid
4ea40c091e Merge branch 'stupid-goddamn-mysql' 
* stupid-goddamn-mysql:
  fix stupid goddamn mysql secret volume
 2026-04-21 11:33:36 -07:00
Charles Reid
7f61795ad9 fix stupid goddamn mysql secret volume 2026-04-21 11:33:24 -07:00
Charles Reid
6e52b56302 Merge branch 'optimize-mw-dockerfile' 
* optimize-mw-dockerfile:
  fix d-mediawiki dockerfile
 2026-04-21 11:01:03 -07:00
Charles Reid
8926e6c33b Merge branch 'gitea-actions' 
* gitea-actions:
  remove unused data vol
  fix networking issues in gitea action runner
  fix stupid volume issue
  upgrade mediawiki (AGAIN)
  pod-charlesreid1 service: stdout journal
  remove endless tex packages from mw Dockerfile
  fix edit box style
  add runner config dir
  add gitea runner config
  get gitea container set up for gitea actions
 2026-04-21 11:00:54 -07:00
Charles Reid
e5b56493e8 fix d-mediawiki dockerfile 2026-04-21 10:58:46 -07:00
Charles Reid
3ec56cb967 remove unused data vol 2026-04-19 23:04:02 -07:00
Charles Reid
f134f3cfbe fix networking issues in gitea action runner 2026-04-19 16:27:52 -07:00
Charles Reid
021673c5aa fix stupid volume issue 2026-04-19 16:18:17 -07:00
Charles Reid
f0e7740409 upgrade mediawiki (AGAIN) 2026-04-19 16:18:02 -07:00
Charles Reid
45b60b42b4 pod-charlesreid1 service: stdout journal 2026-04-19 16:17:46 -07:00
Charles Reid
f58fa07a9d remove endless tex packages from mw Dockerfile 2026-04-19 12:07:40 -07:00
Charles Reid
c67149837a fix edit box style 2026-04-19 12:07:14 -07:00
Charles Reid
6fcc762836 add runner config dir 2026-04-19 11:38:55 -07:00
Charles Reid
90a98652be add gitea runner config 2026-04-19 11:36:10 -07:00
Charles Reid
3cc52ddb6f get gitea container set up for gitea actions 2026-04-19 11:00:45 -07:00
Charles Reid
714d939a0f fix [edit] style 2026-04-15 23:33:59 -07:00
Charles Reid
e007447c99 use -i not -it 2026-04-15 23:33:45 -07:00
Charles Reid
8b0645d700 fix [edit] style 2026-04-15 23:11:13 -07:00
Charles Reid
e4eeab201f remove plan files 2026-04-15 23:10:59 -07:00
Charles Reid
5470e90660 Merge branch 'claude-plans-execute-upgrade' 
* claude-plans-execute-upgrade:
  add build extensions dir script
  update gitignore
  add php error logging
  fix bootstrap2 skin for 1.39
  update LocalSettings.php
  upgrade to mediawiki 1.39 in mw dockerfile
  bump mysql dockerfile version from 5.7 to 8.0
  add mysql no root password plan
  add execution notes
  update plan
  remove plan
  add fixes for getting non-root mysql user
  fix wiki backups and canary script to check for missing trailer, not just nonzero files
  remove stupid dead file
  add plan to fix sql backups, plus implemented fixes for sql backups
  add mysql no root pw transition plan
  add mediawiki upgrade plan
 2026-04-15 22:58:04 -07:00
Charles Reid
49d5f64c98 add build extensions dir script 2026-04-15 22:56:36 -07:00
Charles Reid
2cba400f81 update gitignore 2026-04-15 22:55:08 -07:00
Charles Reid
ef59df6890 add php error logging 2026-04-15 22:55:02 -07:00
Charles Reid
047288fe7b fix bootstrap2 skin for 1.39 2026-04-15 22:54:08 -07:00
Charles Reid
fc0abbad25 update LocalSettings.php 2026-04-15 22:53:51 -07:00
Charles Reid
e51d8b19f2 upgrade to mediawiki 1.39 in mw dockerfile 2026-04-15 22:53:13 -07:00
Charles Reid
fe1a35d06e bump mysql dockerfile version from 5.7 to 8.0 2026-04-15 22:52:48 -07:00
Charles Reid
a7b4a4c9ff add mysql no root password plan 2026-04-15 22:51:27 -07:00
Charles Reid
47fd49cecb add execution notes 2026-04-15 22:29:05 -07:00
Charles Reid
564dfba199 update plan 2026-04-15 22:28:48 -07:00
Charles Reid
a907947e78 remove plan 2026-04-13 18:52:21 -07:00
Charles Reid
b44d535a93 Merge branch 'claude-plans-mysql-no-root' into claude-plans 
* claude-plans-mysql-no-root:
  add fixes for getting non-root mysql user
 2026-04-13 18:50:33 -07:00
Charles Reid
98d9368d65 add fixes for getting non-root mysql user 2026-04-13 18:50:02 -07:00