I'm not using WikiJS anymore. This article might be out of date
# apt install nginx podman nodejs
Create a new network for the database and wikijs
$ podman network create wikijs
# podman pull docker://postgres
podman run -p 127.0.0.1:5432:5432 --name wikijsdb \
-e POSTGRES_PASSWORD=wikijs \
-e PGDATA=/var/lib/postgresql/data/pgdata \
-v /mnt/postgres/wikijsdb:/var/lib/postgresql/data \
-d docker.io/postgres:15
# podman exec -it wikijsdb bash
# psql -U postgres
Create database used by wikijs
CREATE DATABASE wikijs;
Generate the systems service file following the podman guide
cd /var
wget https://github.com/Requarks/wiki/releases/download/(version)/wiki-js.tar.gz
mkdir wiki
tar xzf wiki-js.tar.gz -C ./wiki
cd ./wiki
Move default config
# mv config.sample.yml config.yml
#######################################################################
# Wiki.js - CONFIGURATION #
#######################################################################
# Full documentation + examples:
# https://docs.requarks.io/install
# ---------------------------------------------------------------------
# Port the server should listen to
# ---------------------------------------------------------------------
port: 3000
# ---------------------------------------------------------------------
# Database
# ---------------------------------------------------------------------
# Supported Database Engines:
# - postgres = PostgreSQL 9.5 or later
# - mysql = MySQL 8.0 or later (5.7.8 partially supported, refer to docs)
# - mariadb = MariaDB 10.2.7 or later
# - mssql = MS SQL Server 2012 or later
# - sqlite = SQLite 3.9 or later
db:
type: postgres
# PostgreSQL / MySQL / MariaDB / MS SQL Server only:
host: localhost
port: 5432
user: postgres
pass: wikijs
db: wikijs
ssl: false
# Optional - PostgreSQL / MySQL / MariaDB only:
# -> Uncomment lines you need below and set `auto` to false
# -> Full list of accepted options: https://nodejs.org/api/tls.html#tls_tls_createsecurecontext_options
sslOptions:
auto: true
# rejectUnauthorized: false
# ca: path/to/ca.crt
# cert: path/to/cert.crt
# key: path/to/key.pem
# pfx: path/to/cert.pfx
# passphrase: xyz123
# SQLite only:
storage: path/to/database.sqlite
#######################################################################
# ADVANCED OPTIONS #
#######################################################################
# Do not change unless you know what you are doing!
# ---------------------------------------------------------------------
# SSL/TLS Settings
# ---------------------------------------------------------------------
# Consider using a reverse proxy (e.g. nginx) if you require more
# advanced options than those provided below.
ssl:
enabled: false
port: 3443
# Provider to use, possible values: custom, letsencrypt
provider: custom
# ++++++ For custom only ++++++
# Certificate format, either 'pem' or 'pfx':
format: pem
# Using PEM format:
key: path/to/key.pem
cert: path/to/cert.pem
# Using PFX format:
pfx: path/to/cert.pfx
# Passphrase when using encrypted PEM / PFX keys (default: null):
passphrase: null
# Diffie Hellman parameters, with key length being greater or equal
# to 1024 bits (default: null):
dhparam: null
# ++++++ For letsencrypt only ++++++
domain: wiki.yourdomain.com
subscriberEmail: admin@example.com
# ---------------------------------------------------------------------
# Database Pool Options
# ---------------------------------------------------------------------
# Refer to https://github.com/vincit/tarn.js for all possible options
pool:
# min: 2
# max: 10
# ---------------------------------------------------------------------
# IP address the server should listen to
# ---------------------------------------------------------------------
# Leave 0.0.0.0 for all interfaces
bindIP: 0.0.0.0
# ---------------------------------------------------------------------
# Log Level
# ---------------------------------------------------------------------
# Possible values: error, warn, info (default), verbose, debug, silly
logLevel: info
# ---------------------------------------------------------------------
# Offline Mode
# ---------------------------------------------------------------------
# If your server cannot access the internet. Set to true and manually
# download the offline files for sideloading.
offline: false
# ---------------------------------------------------------------------
# High-Availability
# ---------------------------------------------------------------------
# Set to true if you have multiple concurrent instances running off the
# same DB (e.g. Kubernetes pods / load balanced instances). Leave false
# otherwise. You MUST be using PostgreSQL to use this feature.
ha: false
# ---------------------------------------------------------------------
# Data Path
# ---------------------------------------------------------------------
# Writeable data path used for cache and temporary user uploads.
dataPath: ./data
Don't forget to open permissions so the systemd service can run the server
useradd -m wiki
chown wiki:wiki -R /var/wiki
Run server directly:
$ node server
Put this under /etc/systemd/system/wiki.service
[Unit]
Description=Wiki.js
After=network.target
Wants=container-wikijsdb.service
[Service]
Type=simple
ExecStart=/usr/bin/node server
Restart=always
# Consider creating a dedicated user for Wiki.js here:
#User=nobody
User=wiki
Environment=NODE_ENV=production
WorkingDirectory=/var/wiki
[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl enable --now wiki
Replace "IPV4" and "IPV6"
server {
server_name DOMAIN_NAME;
# Security / XSS Mitigation Headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
location = / {
return 302 https://$host/web/;
}
location / {
# Proxy main traffic
proxy_pass http://127.0.0.1:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
}
listen [IPV6]:443 ssl; #set ipv6 address
# acme.sh
ssl_certificate_key /etc/acme-sh/DOMAIN_NAME/key.pem;
ssl_certificate /etc/acme-sh/DOMAIN_NAME/cert.pem;
# letsencrypt
#ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;
#include /etc/letsencrypt/options-ssl-nginx.conf;
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = DOMAIN_NAME) {
return 301 https://$host$request_uri;
}
listen [IPV6]:80; #set ipv6 address
server_name DOMAIN_NAME;
return 404;
}
Enable config
# ln -s /etc/nginx/sites-available/(config) /etc/nginx/sites-enabled
Restart nginx
# systemctl restart nginx
Create a home directory for the wiki user if you haven't used "-m" when creating the user.
Make sure not to have a "/" after the directory you want for your user
mkdir /home/wiki
chown wiki:wiki -R /home/wiki
usermod -d /home/wiki wiki
Create ssh key as wiki user
$ ssh-keygen -t ed25519 -C wiki
Download and install the latest release with these steps
systemctl stop wiki
cd /var
wget https://github.com/Requarks/wiki/releases/download/(version)/wiki-js.tar.gz
This is to ensure we have a known good version to go back to in case something goes wrong
mv wiki wiki-old
mkdir wiki
tar xzf wiki-js.tar.gz -C ./wiki
cp wiki-old/config.yml wiki/
chown wiki:wiki -R /var/wiki
systemctl start wiki
# podman exec (container name) pg_dump (database name) -U (database user) -F c > wikibackup.dump
The wiki has to be installed fully, but not yet configured
Also works for transfering wiki from one server to another
Stop the database and wiki
Drop the existing database and restore from the database
podman exec -it (container name) dropdb -U (database user) (database name)
podman exec -it (container name) createdb -U (database user) (database name)
cat ~/wikibackup.dump | docker exec -i (container name) pg_restore -U (database user) -d (database name)
Start the database and wiki again