120 lines
3 KiB
Markdown
120 lines
3 KiB
Markdown
# Realms Wiki Beta with LDAP support
|
|
|
|
This is a recipe of [Realms Wiki](https://github.com/scragg0x/realms-wiki) patched so that a docker image is build with LDAP support. The Dockefile actually downloads the Realms Wiki code from [Matthew Scragg's](https://github.com/scragg0x) original repo and not from my fork.
|
|
|
|
### Differences from the master repo
|
|
|
|
* The docker image is based on Debian jessie instead of Ubuntu trusty
|
|
* The *flask_ldap_login* is patched using [Stephane Martin's](https://github.com/stephane-martin) [patch](https://github.com/ContinuumIO/flask-ldap-login/issues/26) to eliminate the "Internal Server Error" message when logging in with LDAP.
|
|
|
|
### Clone the repo
|
|
|
|
```
|
|
git clone git@github.com:theodotos/realms-wiki.git
|
|
```
|
|
|
|
### Build the image
|
|
|
|
```
|
|
cd realms-wiki/docker
|
|
docker build -t realm-wiki-img .
|
|
```
|
|
|
|
### Pull it from Docker Hub
|
|
|
|
If you prefer using my build, you can pull it from Docker Hub:
|
|
|
|
```
|
|
docker pull theodotos/realms-wiki
|
|
```
|
|
|
|
### Run the container
|
|
|
|
Create a *realms-wiki* volume:
|
|
|
|
```
|
|
docker volume create --name realms-wiki
|
|
```
|
|
|
|
For your own build:
|
|
|
|
```
|
|
docker run -d --name realms-wiki -p 5000:5000 --volume realms-wiki:/home/wiki realms-wiki-img
|
|
```
|
|
|
|
For my build:
|
|
|
|
```
|
|
docker run -d --name realms-wiki -p 5000:5000 --volume realms-wiki:/home/wiki theodotos/realms-wiki:latest
|
|
```
|
|
|
|
### Configure the container
|
|
|
|
Prepare a *realms-wiki.json* file like this:
|
|
|
|
```
|
|
cat > realms-wiki.json << EOF
|
|
{
|
|
"ALLOW_ANON": true,
|
|
"BASE_URL": "http://realms.example.com",
|
|
"CACHE_TYPE": "simple",
|
|
"DB_URI": "sqlite:////home/wiki/data/wiki.db",
|
|
"PORT": 5000,
|
|
"REGISTRATION_ENABLED": true,
|
|
"SEARCH_TYPE": "simple",
|
|
"SECRET_KEY": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
|
|
"SITE_TITLE": "Example Wiki",
|
|
"WIKI_PATH": "/home/wiki/data/repo",
|
|
|
|
"LDAP": {
|
|
"URI": "ldap://ldap.example.com:389",
|
|
"BIND_DN": "cn=realms,ou=services,dc=example,dc=com",
|
|
"BIND_AUTH": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
|
|
"USER_SEARCH": {
|
|
"base": "ou=people,dc=example,dc=com",
|
|
"filter": "uid=%(username)s"},
|
|
"START_TLS": true,
|
|
"KEY_MAP": {
|
|
"username": "uid",
|
|
"email": "mail"},
|
|
"OPTIONS": {
|
|
"OPT_PROTOCOL_VERSION": 3}
|
|
}
|
|
}
|
|
EOF
|
|
```
|
|
|
|
**NOTE: you can use the `apg -n1 -x65 -m65` command to generate a SECRET_KEY**
|
|
|
|
Copy the config over to the container:
|
|
|
|
```
|
|
cp realms-wiki.json realms-wiki:/home/wiki/realms-wiki
|
|
```
|
|
|
|
Restart the container:
|
|
|
|
```
|
|
docker restart realms-wiki
|
|
```
|
|
|
|
Browse to http://realms.example.com:5000 to test it.
|
|
|
|
### Some tips about STARTTLS
|
|
|
|
If you ldap backend is not protected by a publicly trusted CA, you will need to add your Internal ROOT CA certificate in the trusted CA list of your container.
|
|
|
|
Copy your Internal ROOT CA certificate in the container:
|
|
|
|
```
|
|
docker cp example-rootca.crt realms-wiki:/usr/local/share/ca-certificates/
|
|
```
|
|
|
|
Add your Internal CA as trusted in the trusted CA list:
|
|
|
|
```
|
|
docker exec -i -t -u root realms-wiki /usr/sbin/update-ca-certificates
|
|
```
|
|
|
|
Restart the container and try again.
|