Installing Wiki.js on Ubuntu 16.04

[Wiki.js](https://wiki.js.org/) is an elegant looking [wiki](https://en.wikipedia.org/wiki/Wiki) based on [Markdown](https://daringfireball.net/projects/markdown/). It supports LDAP and many more [authentication mechanisms](https://docs.requarks.io/wiki/install/authentication). In this guide we describe how to install *Wiki.js* on Ubuntu 16.04.

## Prerequisites

* An Ubuntu 16.04 instance.

### Install *curl*, *Node.js v8.x* and *build-essential*:

“`
# apt -y install curl
# curl -sL https://deb.nodesource.com/setup_8.x | bash –
# apt -y install nodejs build-essential
“`

### Install *MongoDB v3.4*

“`
# apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv 0C49F3730359A14518585931BC711F9BA15703C6
# echo “deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse” | tee /etc/apt/sources.list.d/mongodb-org-3.4.list
# apt update
# apt -y install mongodb-org
“`

Start *MongoDB*:

“`
# systemctl start mongodb
“`

Enable *MongoDB* at startup:

“`
# systemctl enable mongodb
“`

### Install *git*

The version that comes with Ubuntu 16.04 fills the minimum requirements so there is no need to install it from upstream.

“`
# apt -y install git
“`

## Install Wiki.js

“`
# mkdir /srv/wiki.js
# cd /srv/wiki.js
# npm install wiki.js@latest
“`

You will get this message:

“`
> Browse to http://your-server:3000/ to configure your wiki! (Replaced your-server with the hostname or IP of your server!)
▐ ⠂ ▌ I’ll wait until you’re done 😉
“`

Do as the message says. Let the wizard wait until we are done, and open another shell to work with.

## Setup nginx

Install *Nginx*:

“`
# apt -y install nginx
“`

Create this VirtualHost configuration (*/etc/nginx/sites-available/wiki.example.com.conf*):

“`
server {
listen [::]:80 ipv6only=off;
server_name wiki.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name wiki.example.com;

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS”;
ssl_prefer_server_ciphers on;

ssl_certificate /etc/nginx/ssl/wiki.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/wiki.example.com.key;
ssl_trusted_certificate /etc/nginx/ssl/CA.crt;

location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_next_upstream error timeout http_502 http_503 http_504;
}
}
“`

Enable the *wiki.example.com* VirtualHost:

“`
# cd /etc/nginx/sites-enabled/
# ln -s ../sites-available/wiki.example.com.conf
# unlink default
“`

Restart *Nginx*:

“`
# systemctl restart nginx
“`

## Configure Wiki.js

After the installation you will be asked if you wish to run the configuration wizard. Select this and continue:

“`
Yes, run configuration wizard on port 3000 (recommended)
“`

Now browse to http://wiki.example.com/ and follow the installation wizard:

* Welcome!: **Start**
* System Check (if all good): **Continue**
* General:
* Site title: **ExampleWiki**
* Host: **https://wiki.example.com**
* Port: **3000**
* Site UI Language: **English**
* Public Access: **Not selected**
* Press: **Continue**
* Important Considerations: **Continue**
* Database: **mongodb://localhost:27017/wiki**
* Database Check: **Continue**:
* Paths:
* Local Data Path: **./data**
* Local Repository Path: **./repo**
* Git Repository: **Skip this step**
* Git Repository Check: **Continue**
* Administrator Account
* Administrator Email: **admin@example.com**
* Password: **MySecretCombination**
* ConfirmPassword: **MySecretCombination**
* Finalizing: **Start**

## Enable Wiki.js on startup

“`
# npm install -g pm2
# pm2 startup
# pm2 save
“`

## Setup LDAP

This is an optional step for those wishing to integrate *Wiki.js* in their LDAP infrastructure.

### Trust CUT IST ISSUING CA

Connect to the LDAP (AD) server and get all certificates:

“`
openssl s_client -showcerts -connect dcs03ist00.lim.tepak.int:636 | tee ldap.log
“`

Hit ‘Ctrl-C’ to end the command.

The certificate with the ID ‘1’ in *ldap.log* is the ISSUING CA certificate. Extract the CUT IST ISSUING CA certificate and save it in *cut_issuing_ca.crt*:

“`
—–BEGIN CERTIFICATE—–
MIIF7DCCA9SgAwIBAgITcgAAAAakujIFDl5tvQAAAAAABjANBgkqhkiG9w0BAQsF
ADBNMQswCQYDVQQGEwJDWTEoMCYGA1UEChMfQ1lQUlVTIFVOSVZFUlNJVFkgT0Yg
VEVDSE5PTE9HWTEUMBIGA1UEAxMLQ1VUIFJPT1QgQ0EwHhcNMTUwMzA5MTAyMjAy
WhcNMjAwMzA5MTAzMjAyWjBeMRMwEQYKCZImiZPyLGQBGRYDaW50MRUwEwYKCZIm
iZPyLGQBGRYFdGVwYWsxEzARBgoJkiaJk/IsZAEZFgNsaW0xGzAZBgNVBAMTEkNV
VCBJU1QgSVNTVUlORyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMPHOqer+ovT+Y99lI4dSYa+XHAnCaup8vbLE9x4iKEjq9gfYq8Gs3Aujx6h32Y8
DLJcKHgxlzqwn6zzq2YSDziFPCka5bAZswaFqvD6fm22oujRmlUBDrW37OsP3nwJ
gT5GMUSzvE0ZvcdjotCm2iBDfGryJgU3PFgAvPXVyFq8bV1jTYBP8sqsWssIdOMg
doN8RLKj6gwJIwA1cvhvnuePU6a2HlHI314GaUqNtyX5PZ5VbUNIQXBt+McPNP0d
sg8yKzfBtl6V4U9xheKmdKxfIB0rN1L/uqzoewIrwUXab7l9kbSYoKqiPZkYnpEi
TQ8msXa/6TL0grQR085sugUCAwEAAaOCAbIwggGuMBAGCSsGAQQBgjcVAQQDAgEA
MB0GA1UdDgQWBBR0NThxWu0JH7JLfLf75h9dis6S6DCBnwYDVR0gBIGXMIGUMIGR
BgsrBgEEAYLiewEBATCBgTBOBggrBgEFBQcCAjBCHkAAQwBlAHIAdABpAGYAaQBj
AGEAdABpAG8AbgAgAFAAcgBhAGMAdABpAGMAZQAgAFMAdABhAHQAZQBtAGUAbgB0
MC8GCCsGAQUFBwIBFiNodHRwczovL3BraS5jdXQuYWMuY3kvcGtpL2Nwcy5odG1s
ADAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0T
AQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSY/OKi6F/HKZRvR0574L5dNf4KwzA5BgNV
HR8EMjAwMC6gLKAqhihodHRwOi8vcGtpLmN1dC5hYy5jeS9jcmwvQ1VULVJPT1Qt
Q0EuY3JsMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcwAoYoaHR0cDovL3BraS5j
dXQuYWMuY3kvcGtpL0NVVC1ST09ULUNBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEA
IVJPKacKldP8WEFkCNGJq9PIFr5R0MuD6DUSifnnj94Z004ET29+C3sesUsWHMLd
p1LA+6pmF8JUAUg5Zzab2gV3vHVorYIPlPs2IorhTlnl5k9UCAjBuT3HV1kcCt2R
L601KYIYN3QIiVaA3k7xOPp+Y9nL/OlvjE3S6MVeC2WJYl1Ai+eZWQpL/SvAA8vH
NQzCqqNUnCT1zr9Uei71r0elgtoevsRmWRVWPmOl4Sft0amJ5fXDhYvN0KiktDTt
SeBy+YY48vzbhTRPFhUsj84ePyQcBqtLWQlyhmFs8b+gtSbmYWA1AnWgA+/Fd37Z
k75/x8qqnyZ4BFBKzEzukIKyapnRf8ARzL6oHo7XIXmkUb4cBzf5asNkqRRcUxrl
IEPGuGjr0+yo49f0uP3v+xE+Vyam27B3A4hhrgyqIe26/FxlbkyHT7BLhxCSu7kX
hymb9rZwGy8LR6JVCHhOllXm0eaKiRxFBYcgofekgUfjL5Coip6wAzabtrqE38zX
EkQ6sFi4hFM2ifVKA6lU1OUfeK1j5hEcmGzyCS+4aWXeY9/tTlDj28Z04cp34jla
Oc2Q4VBmO6yA1d6L22o9gTb4gvTcghHOJezWeo5PFsSD+GmJfq4JLvaHk9gsbb5D
099bze3eSDCISoR5ce6mdkD6pr5PfsVfZHhSktc4nk4=
—–END CERTIFICATE—–
“`

Verify the certificate with:

“`
openssl x509 -text -in cut_issuing_ca.crt
“`

### Add the CUT ISSUING CA in the trusted chain of the system:

“`
cp cut_issuing_ca.crt /usr/local/share/ca-certificates/
update-ca-certificates
“`

### Configure LDAP for Wiki.js

Make these changes in */srv/wiki.js/config.yml*:

“`
ldap:
enabled: true
url: ‘ldap://ldap.example.com:389’
bindDn: ‘cn=wiki,ou=dsa,dc=example,dc=com’
bindCredentials: ‘MyLDAPCredentials’
searchBase: ‘ou=people,dc=example,dc=com’
searchFilter: ‘(uid={{username}})’
tlsEnabled: true
tlsCertPath: ‘/etc/ssl/certs/ca-certificates.crt’
“`

### Give Access permissions to authenticated users

Visit the Admin URL:

https://wiki.example.com/admin

Click on ‘Users’. You will get a list of users. You can give ‘Read and Write’ access to them from the ‘Access Rights’ field and you can upgrade them to ‘Global Administrators’ from the ‘Role Override’ field.

**NOTE: For LDAP the users need to login first before they are allowed to write.**

Enjoy your newly created Wiki!

References
———-
* https://docs.requarks.io/wiki
* https://nodejs.org/en/download/package-manager/#debian-and-ubuntu-based-linux-distributions
* https://docs.mongodb.com/manual/tutorial/install-mongodb-on-ubuntu/

8 comments

  1. Excellent guide, helped me a lot when I tried to set this up for my colleagues. Keep up the good work !

    I had trouble with AD Authentication until I figured it out that you have to populate email field for your users in AD.

  2. After all is said and done I am unable to upload files from behind the nginx proxy. I can connect directly to node at port 3000 and upload no problem. Thoughts on the correct nginx config to allow this?

      1. Jan 26 02:12:23 test.localnet systemd[1]: Starting A high performance web server and a reverse proxy server…
        Jan 26 02:12:23 test.localnet nginx[12198]: nginx: [emerg] invalid parameter “http2” in /etc/nginx/sites-enabled/test.localnet.conf:7
        Jan 26 02:12:23 test.localnet nginx[12198]: nginx: configuration file /etc/nginx/nginx.conf test failed
        Jan 26 02:12:23 test.localnet systemd[1]: nginx.service: control process exited, code=exited status=1
        Jan 26 02:12:23 test.localnet systemd[1]: Failed to start A high performance web server and a reverse proxy server.
        Jan 26 02:12:23 test.localnet systemd[1]: Unit nginx.service entered failed state.

        code on line:7

        listen 443 ssl http2;

Leave a Reply

Your email address will not be published. Required fields are marked *