|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 |
- # Realms Wiki Beta with LDAP support
-
- This is a recipe of [Realms Wiki](https://github.com/scragg0x/realms-wiki) patched so that a docker image is build with LDAP support. The Dockefile actually downloads the Realms Wiki code from [Matthew Scragg's](https://github.com/scragg0x) original repo and not from my fork.
-
- ### Differences from the master repo
-
- * The docker image is based on Debian jessie instead of Ubuntu trusty
- * The *flask_ldap_login* is patched using [Stephane Martin's](https://github.com/stephane-martin) [patch](https://github.com/ContinuumIO/flask-ldap-login/issues/26) to eliminate the "Internal Server Error" message when logging in with LDAP.
-
- ### Clone the repo
-
- ```
- git clone git@github.com:theodotos/realms-wiki.git
- ```
-
- ### Build the image
-
- ```
- cd realms-wiki/docker
- docker build -t realm-wiki-img .
- ```
-
- ### Pull it from Docker Hub
-
- If you prefer using my build, you can pull it from Docker Hub:
-
- ```
- docker pull theodotos/realms-wiki
- ```
-
- ### Run the container
-
- Create a *realms-wiki* volume:
-
- ```
- docker volume create --name realms-wiki
- ```
-
- For your own build:
-
- ```
- docker run -d --name realms-wiki -p 5000:5000 --volume realms-wiki:/home/wiki realms-wiki-img
- ```
-
- For my build:
-
- ```
- docker run -d --name realms-wiki -p 5000:5000 --volume realms-wiki:/home/wiki theodotos/realms-wiki:latest
- ```
-
- ### Configure the container
-
- Prepare a *realms-wiki.json* file like this:
-
- ```
- cat > realms-wiki.json << EOF
- {
- "ALLOW_ANON": true,
- "BASE_URL": "http://realms.example.com",
- "CACHE_TYPE": "simple",
- "DB_URI": "sqlite:////home/wiki/data/wiki.db",
- "PORT": 5000,
- "REGISTRATION_ENABLED": true,
- "SEARCH_TYPE": "simple",
- "SECRET_KEY": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
- "SITE_TITLE": "Example Wiki",
- "WIKI_PATH": "/home/wiki/data/repo",
-
- "LDAP": {
- "URI": "ldap://ldap.example.com:389",
- "BIND_DN": "cn=realms,ou=services,dc=example,dc=com",
- "BIND_AUTH": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
- "USER_SEARCH": {
- "base": "ou=people,dc=example,dc=com",
- "filter": "uid=%(username)s"},
- "START_TLS": true,
- "KEY_MAP": {
- "username": "uid",
- "email": "mail"},
- "OPTIONS": {
- "OPT_PROTOCOL_VERSION": 3}
- }
- }
- EOF
- ```
-
- **NOTE: you can use the `apg -n1 -x65 -m65` command to generate a SECRET_KEY**
-
- Copy the config over to the container:
-
- ```
- cp realms-wiki.json realms-wiki:/home/wiki/realms-wiki
- ```
-
- Restart the container:
-
- ```
- docker restart realms-wiki
- ```
-
- Browse to http://realms.example.com:5000 to test it.
-
- ### Some tips about STARTTLS
-
- If you ldap backend is not protected by a publicly trusted CA, you will need to add your Internal ROOT CA certificate in the trusted CA list of your container.
-
- Copy your Internal ROOT CA certificate in the container:
-
- ```
- docker cp example-rootca.crt realms-wiki:/usr/local/share/ca-certificates/
- ```
-
- Add your Internal CA as trusted in the trusted CA list:
-
- ```
- docker exec -i -t -u root realms-wiki /usr/sbin/update-ca-certificates
- ```
-
- Restart the container and try again.
|