# Realms Wiki Beta with LDAP support This is a recipe of [Realms Wiki](https://github.com/scragg0x/realms-wiki) patched so that a docker image is build with LDAP support. The Dockefile actually downloads the Realms Wiki code from [Matthew Scragg's](https://github.com/scragg0x) original repo and not from my fork. ### Differences from the master repo * The docker image is based on Debian jessie instead of Ubuntu trusty * The *flask_ldap_login* is patched using [Stephane Martin's](https://github.com/stephane-martin) [patch](https://github.com/ContinuumIO/flask-ldap-login/issues/26) to eliminate the "Internal Server Error" message when logging in with LDAP. ### Clone the repo ``` git clone git@github.com:theodotos/realms-wiki.git ``` ### Build the image ``` cd realms-wiki/docker docker build -t realm-wiki-img . ``` ### Pull it from Docker Hub If you prefer using my build you can pull it from Docker Hub: ``` docker pull theodotos/realms-wiki ``` ### Run the container Create a *realms-wiki* volume: ``` docker volume create --name realms-wiki ``` For your own build: ``` docker run -d --name realms-wiki -p 5000:5000 --volume realms-wiki:/home/wiki realms-wiki-img ``` For my build: ``` docker run -d --name realms-wiki -p 5000:5000 --volume realms-wiki:/home/wiki theodotos/realms-wiki:latest ``` ### Configure the container Prepare a *realms-wiki.json* file like this: ``` cat > realms-wiki.json << EOF { "ALLOW_ANON": true, "BASE_URL": "http://realms.example.com", "CACHE_TYPE": "simple", "DB_URI": "sqlite:////home/wiki/data/wiki.db", "PORT": 5000, "REGISTRATION_ENABLED": true, "SEARCH_TYPE": "simple", "SECRET_KEY": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "SITE_TITLE": "Example Wiki", "WIKI_PATH": "/home/wiki/data/repo", "LDAP": { "URI": "ldap://ldap.example.com:389", "BIND_DN": "cn=realms,ou=services,dc=example,dc=com", "BIND_AUTH": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx", "USER_SEARCH": { "base": "ou=people,dc=example,dc=com", "filter": "uid=%(username)s"}, "START_TLS": true, "KEY_MAP": { "username": "uid", "email": "mail"}, "OPTIONS": { "OPT_PROTOCOL_VERSION": 3} } } EOF ``` **NOTE: you can use the `apg -n1 -x65 -m65` command to generate a SECRET_KEY** Copy the config over to the container: ``` cp realms-wiki.json realms-wiki:/home/wiki/realms-wiki ``` Restart the container: ``` docker restart realms-wiki ``` Browse to http://realms.example.com:5000 to test it. ### Some tips about STARTTLS If you ldap backend is not protected by a publicly trusted CA, you will need to add your Internal ROOT CA certificate in the trusted CA list of your container. Copy your Internal ROOT CA certificate in the container: ``` docker cp example-rootca.crt realms-wiki:/usr/local/share/ca-certificates/ ``` Add your Internal CA as trusted in the trusted CA list: ``` docker exec -i -t -u root realms-wiki /usr/sbin/update-ca-certificates ``` Restart the container and try again.