Skip to Content
Last modified by Alexandru Pentilescu on 2023/06/25 18:56
From version 8.1
edited by Alexandru Pentilescu
on 2022/06/08 21:09
Change comment: There is no comment for this version
To version 17.1
edited by Alexandru Pentilescu
on 2022/06/08 21:45
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -130,7 +130,8 @@
130 130  Please replace <database_password> and <mysql_root_password> with randomly generated long strings, preferrably containing a long sequence of lowercase, uppercase letters, digits and symbols. In my case, I chose 12 character long sequences for each of them. It's unlikely for a hacker to compromise your docker environment but it's still best practice to make the passwords as long and hard to guess as possible, as an extra layer of security.
131 131  
132 132  
133 -= First run of the container=
133 += First run of the container =
134 +
134 134  The first run is always the scariest. Start up the docker image and wait for everything to initialize:
135 135  
136 136  {{code language="bash"}}
... ... @@ -137,6 +137,54 @@
137 137  docker-compose up -d
138 138  {{/code}}
139 139  
141 +If you followed along just the way I described in this article, you shouldn't have any problems with this step. Note that XWiki takes a significant amount of time to initialize, around 10 minutes.
142 +
143 +Take your time and don't rush!
144 +
145 +When you want to see the status of your installation, visit the domain name pointing to your server at port 8081. In my case, I would visit http://pentilescu.com:8081/
146 +
147 +You might see a page indicating that XWiki is initializing, as well as a percentage counter indicating its progress. Let the server finish doing its thing.
148 +
149 +In the end, you should see an image like the one below:
150 +
151 +[[image:Screenshot_20220607_015727.png]]
152 +
153 +**While it may be tempting to immediately try to setup an administrator account from this portal, unless you're browsing this page from localhost (i.e. the XWiki server is on the exact same machine that you're running your web browser from) DO NOT register an account YET! All traffic is unencrypted to the server and may be intercepted by anyone sniffing your internet packets. We must first configure an X.509 TLS certificate with Nginx and configure Nginx to act as a reverse proxy for this wiki**
154 +
155 +For the time being, press the "Later" button on the dialog (not the "Never" one!) and then run a "docker-compose down" to stop the container from running. The first test run was a success! Congratulations!
156 +
157 += Nginx reverse proxy configuration =
158 +
159 +We assume you already have Nginx installed and properly configured on your machine. Also, we will assume you have an X.509 certificate whose Subject Alt Names includes both your domain name, as well as the subdomain for your wiki (i.e. in my case for pentilescu.com and wiki.pentilescu.com, respectively) and you've configured Nginx to utilize both of them! If this is not the case or you're unsure how to perform these configurations, please check the internal "How to setup an Nginx reverse proxy and also provide a global X.509 certificate for it" guide at the bottom of this page.
160 +
161 +In "/etc/nginx/sites-available/", please create a "xwiki.conf" file with the following contents:
162 +
163 +{{code language="nginx configuration file"}}
164 +server {
165 + server_name wiki.pentilescu.com;
166 +
167 + listen [::]:443 ssl http2; # managed by Certbot
168 + listen 443 ssl http2; # managed by Certbot
169 +
170 + include /etc/nginx/snippets/ssl.conf;
171 +
172 + location / {
173 + proxy_pass http://localhost:8081;
174 + }
175 +}
176 +{{/code}}
177 +
178 +Please replace "wiki.pentilescu.com" with the domain and subdomains that you desire for your particular website. Also, please adapt "/etc/nginx/snippets/ssl.conf" to reference the X.509 Nginx configuration file on your particular server. If you do not wish to support TLS at all, you may remove this line, as well as the "listen" directives from above.
179 +
180 +Effectively, what this configuration file will do is tell Nginx to redirect all HTTP/HTTPS connection verbs directed at wiki.pentilescu.com to localhost port 8081, optionally also injecting the TLS certificates into the connection to secure it as well. By doing this, instead of having to connect to port 8081 on your server manually, future users of your XWiki instance will have to type the subdomain in their browser's address bar instead, which is usually more human readable and more memorable for most people. Typing in "wiki.pentilescu.com" into your browser's address bar is more human friendly than typing "pentilescu.com:8081". Not only are numeric port numbers difficult to remember, but Nginx will also inject TLS into the connection to secure it if you configured the X.509 certificates properly, effectively securing your visitors' connection every time so that their login credentials are protected even against network sniffers.
181 +
182 +Once you've done this, create a symbolic link with the following command to activate your new configuration:
183 +
184 +{{code language="bash"}}
185 +sudo ln -s /etc/nginx/sites-available/xwiki.conf /etc/nginx/sites-enabled/xwiki.conf
186 +{{/code}}
187 +
140 140  = External references =
141 141  
142 142  [[Official docker guide for installing XWiki>>https://github.com/xwiki/xwiki-docker/blob/master/README.md]]
191 +How to setup an Nginx reverse proxy and also provide a global X.509 certificate for it -- NOT YET WRITTEN!--
Screenshot_20220607_015727.png
Author
... ... @@ -1,0 +1,1 @@
1 +XWiki.AlexandruPentilescu
Size
... ... @@ -1,0 +1,1 @@
1 +218.6 KB
Content