Changes for page How to setup an XWiki docker container
Last modified by Alexandru Pentilescu on 2023/06/25 18:56
From version 46.1
edited by Alexandru Pentilescu
on 2022/06/09 23:19
on 2022/06/09 23:19
Change comment:
There is no comment for this version
To version 52.1
edited by Alexandru Pentilescu
on 2022/06/12 08:31
on 2022/06/12 08:31
Change comment:
There is no comment for this version
Summary
-
Page properties (1 modified, 0 added, 0 removed)
Details
- Page properties
-
- Content
-
... ... @@ -5,7 +5,7 @@ 5 5 * You have sudo rights on the machine where you're trying to install the XWiki server on 6 6 * This machine already has docker fully installed and properly configured on it. Please perform a test installation of any random image from docker hub to ensure that everything works appropriately 7 7 * You already own and are in control of a domain name for which you wish to make the XWiki server accessible through. This domain name is already pre-configured to point to the server that you wish to install XWiki on. In my particular case, I already have pentilescu.com configured to point to my VPS and, what I wished to accomplish was to have a subdomain via which I could access XWiki. In this particular case, this subdomain was wiki.pentilescu.com. To that end, you must have nginx also configured and running on the same server in the background, to have it redirect connections whose destination is a specific port to a subdomain 8 -* Finally, you must have an SMTP email server running somewhere accessible to the docker instance. XWiki will need to use this server to relay account activation emails as well as password reset emails to its users8 +* Finally, it's recommended (although not mandatory) to have an SMTP email server running somewhere accessible to the docker instance. XWiki will need to use this server to relay account activation emails as well as password reset emails to its users 9 9 10 10 With all of these details in mind, let's begin! 11 11 ... ... @@ -158,7 +158,7 @@ 158 158 159 159 For the time being, press the "Later" button on the dialog (not the "Never" one!) and then run a "docker-compose down" to stop the container from running. The first test run was a success! Congratulations! 160 160 161 -= Nginx reverse proxy configuration = 161 += [OPTIONAL] Nginx reverse proxy configuration = 162 162 163 163 We assume you already have Nginx installed and properly configured on your machine. Also, we will assume you have an X.509 certificate whose Subject Alt Names includes both your domain name, as well as the subdomain for your wiki (i.e. in my case for pentilescu.com and wiki.pentilescu.com, respectively) and you've configured Nginx to utilize both of them! If this is not the case or you're unsure how to perform these configurations, please check the internal "How to setup an Nginx reverse proxy and also provide a global X.509 certificate for it" guide at the bottom of this page. 164 164 ... ... @@ -277,7 +277,14 @@ 277 277 Please be sure to use the appropriate IP address as configured in your "docker-compose.yml" file for your xwiki service. 278 278 For more information about postfix and setting it up, please visit the "How to setup a postfix SMTP server" article in the external references section at the bottom of this article! 279 279 280 -== Modifying cookie encryption keys== 280 + 281 +=== Correcting "localhost" directing URLs in received emails === 282 + 283 +This might be just a problem on my end but, after configuring my SMTP server and then requesting an unnecessary password reset for my account to test my configuration, the arrived email contained a password-reset URL which, instead of pointing to my server, as it should have, it pointed to http://localhost:8081. This is obviously wrong and NOT correct. 284 +Fix: go to "<your XWiki directory>/data/xwiki-data/data/" and open the "xwiki.cfg" configuration file there. Find the "xwiki.home" configuration option in that file, uncomment it if you have to, and set it to point to your actual fully qualified domain name (including the trailing "/" at the end) to correct this issue. Please remember to restart the XWiki docker container afterwards for the changes to take effect! 285 + 286 +== Modifying cookie encryption keys == 287 + 281 281 XWiki has an interesting login mechanism. It doesn't use session tokens to keep track of your user account. What it does do is that it stores two session cookies in your browser: one for your username and one for your password. 282 282 Every time you make a request to your server, these two session cookies are sent along with each request, effecitvely authenticating it. 283 283 This might seem as a huge security problem, as the password is stored in the session cookie and it can be easily viewed by anyone with local access to the web browser's machine. ... ... @@ -285,8 +285,14 @@ 285 285 As such, you, as the administrator, should change these encryption keys to your own, randomly generated ones. To do so, go to <your XWiki directory>/data/xwiki-data/data/ and modify the "xwiki.cfg" configuration file there. This file should have two configuration options called "xwiki.authentication.validationKey" and "xwiki.authentication.encryptionKey". Generate, from scratch, two different 32 character long encryption keys and replace the default ones with your ones. Uppercase and lowercase letters, as well as digits, are allowed. I don't believe other symbols are accepted though. 286 286 Change these and restart the docker container, for the changes to apply. 287 287 295 + 296 +== Make the "xwiki-data" directory accessible to non-root users == 297 + 298 +For whatever reason, my setup generated the "xwiki-data" directory under my XWiki folder as being owned by the root user and under the root group, with permission levels of {{{"rwx------"}}}. If you're not already the root user on that machine, these permission levels are problematic as they will prevent you from cd-ing into it and making necessary configuration changes, nor even backing up that directory for the future. 299 +As such, please remember to "sudo chmode 655 -R xwiki-data/" to make it accessible! If this security configuration is not appropriate for your use cases, you may tweak it to fit your needs! 300 + 288 288 = External references = 289 289 290 290 [[Official docker guide for installing XWiki>>https://github.com/xwiki/xwiki-docker/blob/master/README.md]] 291 -How to setup an Nginx reverse proxy and also provide a global X.509 certificate for it [NOT YET WRITTEN!]304 +[[How to setup an Nginx reverse proxy and also provide a global X.509 certificate for it>>https://wiki.pentilescu.com/bin/view/Guides/How%20to%20setup%20an%20Nginx%20reverse%20proxy%20and%20also%20provide%20a%20global%20X.509%20certificate%20for%20it/]] 292 292 How to setup a postfix SMTP server [NOT YET WRITTEN]