Setup Wiki.js

Setup Ubuntu

sudo apt update

Setup MySQL

sudo apt install mysql-server
sudo mysql_secure_installation
sudo mysql
CREATE USER 'xxx'@'localhost' IDENTIFIED BY 'yyy';
CREATE USER 'xxx'@'127.0.0.1' IDENTIFIED WITH mysql_native_password BY 'yyy';
GRANT ALL PRIVILEGES ON *.* TO 'xxx'@'localhost' WITH GRANT OPTION;
GRANT ALL PRIVILEGES ON *.* TO 'xxx'@'127.0.0.1' WITH GRANT OPTION;
FLUSH PRIVILEGES;

Setup Node

curl -fsSL https://deb.nodesource.com/setup_16.x | sudo -E bash -
sudo apt-get install -y nodejs

Setup Wiki.js

cd /var/wikijs
wget https://github.com/Requarks/wiki/releases/download/2.5.219/wiki-js.tar.gz
tar xzf wiki-js.tar.gz -C ./wiki
cd wiki
mv config.sample.yml config.yml
cp config.yml config.yml.original
vim config.yml

Set port to 80. If using port 80 here, will need to do the following:

sudo apt-get install libcap2-bin
sudo setcap cap_net_bind_service=+ep `readlink -f \`which node\``

Setup Wikijs as a Service

vim /etc/systemd/system/wikijs.service
[Unit]
Description=Wiki.js
After=network.target

[Service]
Type=simple
ExecStart=/usr/bin/node server
Restart=always
# Consider creating a dedicated user for Wiki.js here:
User=nobody
Environment=NODE_ENV=production
WorkingDirectory=/var/wikijs

[Install]
WantedBy=multi-user.target
systemctl daemon-reload
systemctl start wikijs
systemctl enable wikijs
journalctl -ru wikijs

I had a few issues with permissions. Error: EACCES: permission denied, open ‘/home/jj/wiki/package.json And a similar error when saving a page. sudo chown -R jj: ~/wiki > chmod 755 ~/wiki/package.json Also changed the User=nobody in the service file to be the user.

Setup in Docker

* Have not verified

curl -fsSL https://get.docker.com -o get-docker.sh
DRY_RUN=1 sh ./get-docker.sh

docker pull ghcr.io/requarks/wiki:latest

docker run -d -p 8080:3000 --name wiki --restart unless-stopped -e "DB_TYPE=mysql" -e "DB_HOST=localhost" -e "DB_PORT=3306" -e "DB_USER=xxx" -e "DB_PASS=yyy" -e "DB_NAME=wiki" requarks/wiki:2
## or
docker run -d -p 8080:3000 --name wiki --restart unless-stopped -v YOUR-FILE.yml:/wiki/config.yml requarks/wiki:2

Setup UFW

sudo ufw allow http
sudo ufw allow https
sudo ufw --force enable

Setup SSL

This is pretty easy with certbot and wikijs integration with letsencrypt.

Install Certbot via Snap

Ubuntu 20.04 already has snapd installed.

sudo apt update
sudo apt install snapd
sudo reboot
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
## If you can stop webserver:
sudo certbot certonly --standalone
## If you cannot stop webserver:
sudo certbot certonly --webroot

Creates a systemctl timer: sudo systemctl list-timers

Fri 2021-12-03 23:38:00 UTC 7h left        n/a                         n/a          snap.certbot.renew.timer     snap.certbot.renew.service
# Test Auto Renewel
sudo certbot renew --dry-run
# View Certificates
sudo certbot certificates

The certificates can be found in /etc/letsencrypt/live/$DOMAIN.

  • privkey.pem
    • private key
  • fullchain.pem
    • all certs together. server cert is first in file
  • cert.pem
    • contains server cert by itself
  • chain.pem
    • includes additional intermediate certs; if you provide cert.pem, you must provide chain.pem.

Integrate with Wikijs

This is made super easy by the folks behind wikijs. Edit ~/wiki/config.yml.

ssl:
  enabled: true
  port: 443
  provider: letsencrypt

  domain: domain.com
  subscriberEmail: admin@domain.com

Set automatic redirect on Wiki.js frontend: Administration Area > SSL; Turn on automatic redirect. You do not need to specify where the certs are; You do not need to comment out additional parts of the yaml file as long as provider is set to letsencrypt.

Cleanup

sudo apt autoremove