Deployment - Metastem/Wikiless GitHub Wiki

The more hosted instances of Wikiless we have, the better load will be balanced between them all, leading to a better experience for everyone.

Pre-requisites

  • Server or an always-on computer
  • Fast internet connection

Dependencies

Wikiless is deployed using Docker. Docker containerizes the app for a more convenient and secure deployment.

Install Docker

If you don't have Docker already, follow the official documentation to install the engine.

Clone the repo

  1. Find a directory to put Wikiless's source code.
  2. Clone the repo with git clone https://github.com/Metastem/Wikiless.git wiki.
  3. Edit wikiless.config to your own settings.

Setup Docker-Compose

Wikiless provides an example docker-compose file in docker-compose.yml. This defines the setup for the container.

  1. Modify ports if needed.
  2. Usually you want to edit the ports: section to meet your needs, especially if you're using a reverse proxy, like nginx. Try replacing the - 80:8080 part with - 127.0.0.1:8180:8080.

Build and deploy

In the same directory as the docker-compose.yml file, run docker-compose up -d --build to run the container in the background as a daemon (-d) and compile it (--build).

Install nginx

You can install it for your operating system according to the official documentation.

Setup the config file

Depending on your operating system, this path may differ, but usually configs are stored in /etc/nginx/sites-enabled. Navigate to this directory and create a new file called <domain>.conf.

In this file, put the following:

server {
  server_name changethis;

    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    ssl_certificate /etc/letsencrypt/live/changethis/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/changethis/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    add_header strict_sni on;
    add_header strict_sni_header on;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Set-Cookie "Path=/; SameSite=Strict; HttpOnly; Secure";
    add_header Clear-Site-Data "cookies";
    add_header Permissions-Policy "interest-cohort=(),accelerometer=(),ambient-light-sensor=(),autoplay=(),camera=(),encrypted-media=(),focus-without-user-activation=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),speaker=(),sync-xhr=(),usb=(),vr=()";
    add_header Cross-Origin-Resource-Policy cross-origin;
    add_header Cross-Origin-Embedder-Policy require-corp;
    add_header Cross-Origin-Opener-Policy unsafe-none;
    resolver 1.1.1.1;

    ssl_trusted_certificate /etc/letsencrypt/live/changethis/chain.pem;
    ssl_stapling on;
    ssl_stapling_verify on;

    access_log off;
    error_log /dev/null crit;

   location / {
   proxy_set_header X-Forwarded-For $remote_addr;
   proxy_pass http://localhost:8180;
        }
}

server {
  listen 80;
  listen [::]:80;
  server_name changethis;
  return 301 https://changethis$request_uri;
  }

$remote_addr is passed to the app via X-Forwarded-For to enforce the anti-scraping ratelimit properly. If you remove this block, it may block access globally if your instance is abused.

Reload

Run nginx -t to test your config. If all is ok, it should print the following:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If there are no issues, reload using nginx -s reload.

That's it, Wikiless should now be running at http://localhost:8180.

⚠️ **GitHub.com Fallback** ⚠️