2016-09-23 22:04:17 +03:00
# Realms Wiki Beta with LDAP support
2014-09-04 06:25:48 +03:00
2016-09-23 22:04:17 +03:00
This is a recipe of [Realms Wiki ](https://github.com/scragg0x/realms-wiki ) patched so that a docker image is build with LDAP support. The Dockefile actually downloads the Realms Wiki code from [Matthew Scragg's ](https://github.com/scragg0x ) original repo and not from my fork.
2014-09-04 06:25:48 +03:00
2016-09-23 22:04:17 +03:00
### Differences from the master repo
2014-09-04 16:06:22 +03:00
2016-09-23 22:04:17 +03:00
* The docker image is based on Debian jessie instead of Ubuntu trusty
* The *flask_ldap_login* is patched using [Stephane Martin's ](https://github.com/stephane-martin ) [patch ](https://github.com/ContinuumIO/flask-ldap-login/issues/26 ) to eliminate the "Internal Server Error" message when logging in with LDAP.
2014-10-17 22:30:00 +03:00
2016-09-23 22:04:17 +03:00
### Clone the repo
2014-09-04 06:25:48 +03:00
2016-09-23 22:04:17 +03:00
```
git clone git@github.com:theodotos/realms-wiki.git
```
2014-09-04 06:25:48 +03:00
2016-09-23 22:04:17 +03:00
### Build the image
2014-09-04 06:25:48 +03:00
2016-09-23 22:04:17 +03:00
```
cd realms-wiki/docker
docker build -t realm-wiki-img .
```
2014-09-10 19:35:11 +03:00
2016-09-23 22:04:17 +03:00
### Pull it from Docker Hub
2014-10-17 22:30:00 +03:00
2016-09-23 22:21:28 +03:00
If you prefer using my build, you can pull it from Docker Hub:
2014-09-04 06:25:48 +03:00
2016-09-23 22:04:17 +03:00
```
docker pull theodotos/realms-wiki
```
2014-10-17 22:30:00 +03:00
2016-09-23 22:04:17 +03:00
### Run the container
2014-09-02 17:29:04 +03:00
2016-09-23 22:04:17 +03:00
Create a *realms-wiki* volume:
2014-09-04 06:25:48 +03:00
2016-09-23 22:04:17 +03:00
```
docker volume create --name realms-wiki
```
2015-06-30 15:34:02 +03:00
2016-09-23 22:04:17 +03:00
For your own build:
2015-06-30 15:34:02 +03:00
2016-09-23 22:04:17 +03:00
```
docker run -d --name realms-wiki -p 5000:5000 --volume realms-wiki:/home/wiki realms-wiki-img
```
2014-10-17 22:30:00 +03:00
2016-09-23 22:04:17 +03:00
For my build:
2014-10-17 22:30:00 +03:00
2016-09-23 22:04:17 +03:00
```
docker run -d --name realms-wiki -p 5000:5000 --volume realms-wiki:/home/wiki theodotos/realms-wiki:latest
```
2015-06-30 15:34:02 +03:00
2016-09-23 22:04:17 +03:00
### Configure the container
2015-06-30 15:34:02 +03:00
2016-09-23 22:04:17 +03:00
Prepare a *realms-wiki.json* file like this:
2014-10-17 22:30:00 +03:00
2016-09-23 22:04:17 +03:00
```
cat > realms-wiki.json < < EOF
{
"ALLOW_ANON": true,
"BASE_URL": "http://realms.example.com",
"CACHE_TYPE": "simple",
"DB_URI": "sqlite:////home/wiki/data/wiki.db",
"PORT": 5000,
"REGISTRATION_ENABLED": true,
"SEARCH_TYPE": "simple",
"SECRET_KEY": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"SITE_TITLE": "Example Wiki",
"WIKI_PATH": "/home/wiki/data/repo",
2015-11-22 19:19:11 +02:00
2015-11-23 01:12:26 +02:00
"LDAP": {
2016-09-23 22:04:17 +03:00
"URI": "ldap://ldap.example.com:389",
"BIND_DN": "cn=realms,ou=services,dc=example,dc=com",
"BIND_AUTH": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
"USER_SEARCH": {
"base": "ou=people,dc=example,dc=com",
"filter": "uid=%(username)s"},
"START_TLS": true,
2015-11-23 01:12:26 +02:00
"KEY_MAP": {
2016-09-23 22:04:17 +03:00
"username": "uid",
"email": "mail"},
2015-11-23 01:12:26 +02:00
"OPTIONS": {
2016-09-23 22:04:17 +03:00
"OPT_PROTOCOL_VERSION": 3}
2015-11-22 19:19:11 +02:00
}
2016-09-23 22:04:17 +03:00
}
EOF
```
2015-11-22 19:19:11 +02:00
2016-09-23 22:04:17 +03:00
**NOTE: you can use the `apg -n1 -x65 -m65` command to generate a SECRET_KEY**
2014-09-04 06:25:48 +03:00
2016-09-23 22:04:17 +03:00
Copy the config over to the container:
2014-09-04 16:06:22 +03:00
2016-09-23 22:04:17 +03:00
```
cp realms-wiki.json realms-wiki:/home/wiki/realms-wiki
```
2014-10-02 01:14:54 +03:00
2016-09-23 22:04:17 +03:00
Restart the container:
2014-10-02 01:14:54 +03:00
2016-09-23 22:04:17 +03:00
```
docker restart realms-wiki
```
2014-10-02 01:14:54 +03:00
2016-09-23 22:04:17 +03:00
Browse to http://realms.example.com:5000 to test it.
2014-10-02 01:14:54 +03:00
2016-09-23 22:04:17 +03:00
### Some tips about STARTTLS
2014-10-17 22:30:00 +03:00
2016-09-23 22:04:17 +03:00
If you ldap backend is not protected by a publicly trusted CA, you will need to add your Internal ROOT CA certificate in the trusted CA list of your container.
2014-10-17 22:30:00 +03:00
2016-09-23 22:04:17 +03:00
Copy your Internal ROOT CA certificate in the container:
2014-10-17 22:30:00 +03:00
2016-09-23 22:04:17 +03:00
```
docker cp example-rootca.crt realms-wiki:/usr/local/share/ca-certificates/
```
2014-10-17 22:30:00 +03:00
2016-09-23 22:04:17 +03:00
Add your Internal CA as trusted in the trusted CA list:
2014-09-04 16:06:22 +03:00
2016-09-23 22:04:17 +03:00
```
docker exec -i -t -u root realms-wiki /usr/sbin/update-ca-certificates
```
2014-09-10 22:37:48 +03:00
2016-09-23 22:04:17 +03:00
Restart the container and try again.