Installing Wiki.js on Ubuntu 16.04

Wiki.js is an elegant looking wiki based on Markdown. It supports LDAP and many more authentication mechanisms. In this guide we describe how to install Wiki.js on Ubuntu 16.04.

Prerequisites

  • An Ubuntu 16.04 instance.

Install curl, Node.js v8.x and build-essential:

# apt -y install curl
# curl -sL https://deb.nodesource.com/setup_8.x | bash -
# apt -y install nodejs build-essential

Install MongoDB v3.4

# apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv 0C49F3730359A14518585931BC711F9BA15703C6
# echo "deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse" | tee /etc/apt/sources.list.d/mongodb-org-3.4.list
# apt update
# apt -y install mongodb-org

Start MongoDB:

# systemctl start mongodb

Enable MongoDB at startup:

# systemctl enable mongodb

Install git

The version that comes with Ubuntu 16.04 fills the minimum requirements so there is no need to install it from upstream.

# apt -y install git

Install Wiki.js

# mkdir /srv/wiki.js
# cd /srv/wiki.js
# npm install wiki.js@latest

You will get this message:

> Browse to http://your-server:3000/ to configure your wiki! (Replaced your-server with the hostname or IP of your server!)
▐   ⠂    ▌ I'll wait until you're done ;)

Do as the message says. Let the wizard wait until we are done, and open another shell to work with.

Setup nginx

Install Nginx:

# apt -y install nginx

Create this VirtualHost configuration (/etc/nginx/sites-available/wiki.example.com.conf):

server {
    listen      [::]:80 ipv6only=off;
    server_name wiki.example.com;
    return      301 https://$server_name$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name  wiki.example.com;

    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
    ssl_prefer_server_ciphers on;

    ssl_certificate /etc/nginx/ssl/wiki.example.com.crt;
    ssl_certificate_key /etc/nginx/ssl/wiki.example.com.key;
    ssl_trusted_certificate /etc/nginx/ssl/CA.crt;

    location / {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://127.0.0.1:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_next_upstream error timeout http_502 http_503 http_504;
    }
}

Enable the wiki.example.com VirtualHost:

# cd /etc/nginx/sites-enabled/
# ln -s ../sites-available/wiki.example.com.conf
# unlink default

Restart Nginx:

# systemctl restart nginx

Configure Wiki.js

After the installation you will be asked if you wish to run the configuration wizard. Select this and continue:

Yes, run configuration wizard on port 3000 (recommended)

Now browse to http://wiki.example.com/ and follow the installation wizard:

  • Welcome!: Start
  • System Check (if all good): Continue
  • General:
    • Site title: ExampleWiki
    • Host: https://wiki.example.com
    • Port: 3000
    • Site UI Language: English
    • Public Access: Not selected
    • Press: Continue
  • Important Considerations: Continue
  • Database: mongodb://localhost:27017/wiki
  • Database Check: Continue:
  • Paths:
    • Local Data Path: ./data
    • Local Repository Path: ./repo
  • Git Repository: Skip this step
  • Git Repository Check: Continue
  • Administrator Account
    • Administrator Email: admin@example.com
    • Password: MySecretCombination
    • ConfirmPassword: MySecretCombination
  • Finalizing: Start

Enable Wiki.js on startup

# npm install -g pm2
# pm2 startup
# pm2 save

Setup LDAP

This is an optional step for those wishing to integrate Wiki.js in their LDAP infrastructure.

Trust CUT IST ISSUING CA

Connect to the LDAP (AD) server and get all certificates:

openssl s_client -showcerts -connect dcs03ist00.lim.tepak.int:636 | tee ldap.log

Hit ‘Ctrl-C’ to end the command.

The certificate with the ID ‘1’ in ldap.log is the ISSUING CA certificate. Extract the CUT IST ISSUING CA certificate and save it in cut_issuing_ca.crt:

-----BEGIN CERTIFICATE-----
MIIF7DCCA9SgAwIBAgITcgAAAAakujIFDl5tvQAAAAAABjANBgkqhkiG9w0BAQsF
ADBNMQswCQYDVQQGEwJDWTEoMCYGA1UEChMfQ1lQUlVTIFVOSVZFUlNJVFkgT0Yg
VEVDSE5PTE9HWTEUMBIGA1UEAxMLQ1VUIFJPT1QgQ0EwHhcNMTUwMzA5MTAyMjAy
WhcNMjAwMzA5MTAzMjAyWjBeMRMwEQYKCZImiZPyLGQBGRYDaW50MRUwEwYKCZIm
iZPyLGQBGRYFdGVwYWsxEzARBgoJkiaJk/IsZAEZFgNsaW0xGzAZBgNVBAMTEkNV
VCBJU1QgSVNTVUlORyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMPHOqer+ovT+Y99lI4dSYa+XHAnCaup8vbLE9x4iKEjq9gfYq8Gs3Aujx6h32Y8
DLJcKHgxlzqwn6zzq2YSDziFPCka5bAZswaFqvD6fm22oujRmlUBDrW37OsP3nwJ
gT5GMUSzvE0ZvcdjotCm2iBDfGryJgU3PFgAvPXVyFq8bV1jTYBP8sqsWssIdOMg
doN8RLKj6gwJIwA1cvhvnuePU6a2HlHI314GaUqNtyX5PZ5VbUNIQXBt+McPNP0d
sg8yKzfBtl6V4U9xheKmdKxfIB0rN1L/uqzoewIrwUXab7l9kbSYoKqiPZkYnpEi
TQ8msXa/6TL0grQR085sugUCAwEAAaOCAbIwggGuMBAGCSsGAQQBgjcVAQQDAgEA
MB0GA1UdDgQWBBR0NThxWu0JH7JLfLf75h9dis6S6DCBnwYDVR0gBIGXMIGUMIGR
BgsrBgEEAYLiewEBATCBgTBOBggrBgEFBQcCAjBCHkAAQwBlAHIAdABpAGYAaQBj
AGEAdABpAG8AbgAgAFAAcgBhAGMAdABpAGMAZQAgAFMAdABhAHQAZQBtAGUAbgB0
MC8GCCsGAQUFBwIBFiNodHRwczovL3BraS5jdXQuYWMuY3kvcGtpL2Nwcy5odG1s
ADAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0T
AQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSY/OKi6F/HKZRvR0574L5dNf4KwzA5BgNV
HR8EMjAwMC6gLKAqhihodHRwOi8vcGtpLmN1dC5hYy5jeS9jcmwvQ1VULVJPT1Qt
Q0EuY3JsMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcwAoYoaHR0cDovL3BraS5j
dXQuYWMuY3kvcGtpL0NVVC1ST09ULUNBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEA
IVJPKacKldP8WEFkCNGJq9PIFr5R0MuD6DUSifnnj94Z004ET29+C3sesUsWHMLd
p1LA+6pmF8JUAUg5Zzab2gV3vHVorYIPlPs2IorhTlnl5k9UCAjBuT3HV1kcCt2R
L601KYIYN3QIiVaA3k7xOPp+Y9nL/OlvjE3S6MVeC2WJYl1Ai+eZWQpL/SvAA8vH
NQzCqqNUnCT1zr9Uei71r0elgtoevsRmWRVWPmOl4Sft0amJ5fXDhYvN0KiktDTt
SeBy+YY48vzbhTRPFhUsj84ePyQcBqtLWQlyhmFs8b+gtSbmYWA1AnWgA+/Fd37Z
k75/x8qqnyZ4BFBKzEzukIKyapnRf8ARzL6oHo7XIXmkUb4cBzf5asNkqRRcUxrl
IEPGuGjr0+yo49f0uP3v+xE+Vyam27B3A4hhrgyqIe26/FxlbkyHT7BLhxCSu7kX
hymb9rZwGy8LR6JVCHhOllXm0eaKiRxFBYcgofekgUfjL5Coip6wAzabtrqE38zX
EkQ6sFi4hFM2ifVKA6lU1OUfeK1j5hEcmGzyCS+4aWXeY9/tTlDj28Z04cp34jla
Oc2Q4VBmO6yA1d6L22o9gTb4gvTcghHOJezWeo5PFsSD+GmJfq4JLvaHk9gsbb5D
099bze3eSDCISoR5ce6mdkD6pr5PfsVfZHhSktc4nk4=
-----END CERTIFICATE-----

Verify the certificate with:

openssl x509 -text -in cut_issuing_ca.crt

Add the CUT ISSUING CA in the trusted chain of the system:

cp cut_issuing_ca.crt /usr/local/share/ca-certificates/
update-ca-certificates

Configure LDAP for Wiki.js

Make these changes in /srv/wiki.js/config.yml:

  ldap:
    enabled: true
    url: 'ldap://ldap.example.com:389'
    bindDn: 'cn=wiki,ou=dsa,dc=example,dc=com'
    bindCredentials: 'MyLDAPCredentials'
    searchBase: 'ou=people,dc=example,dc=com'
    searchFilter: '(uid={{username}})'
    tlsEnabled: true
    tlsCertPath: '/etc/ssl/certs/ca-certificates.crt'

Give Access permissions to authenticated users

Visit the Admin URL:

https://wiki.example.com/admin

Click on ‘Users’. You will get a list of users. You can give ‘Read and Write’ access to them from the ‘Access Rights’ field and you can upgrade them to ‘Global Administrators’ from the ‘Role Override’ field.

NOTE: For LDAP the users need to login first before they are allowed to write.

Enjoy your newly created Wiki!

References

8 comments

  1. Excellent guide, helped me a lot when I tried to set this up for my colleagues. Keep up the good work !

    I had trouble with AD Authentication until I figured it out that you have to populate email field for your users in AD.

  2. After all is said and done I am unable to upload files from behind the nginx proxy. I can connect directly to node at port 3000 and upload no problem. Thoughts on the correct nginx config to allow this?

      1. Jan 26 02:12:23 test.localnet systemd[1]: Starting A high performance web server and a reverse proxy server… Jan 26 02:12:23 test.localnet nginx[12198]: nginx: [emerg] invalid parameter “http2” in /etc/nginx/sites-enabled/test.localnet.conf:7 Jan 26 02:12:23 test.localnet nginx[12198]: nginx: configuration file /etc/nginx/nginx.conf test failed Jan 26 02:12:23 test.localnet systemd[1]: nginx.service: control process exited, code=exited status=1 Jan 26 02:12:23 test.localnet systemd[1]: Failed to start A high performance web server and a reverse proxy server. Jan 26 02:12:23 test.localnet systemd[1]: Unit nginx.service entered failed state.

        code on line:7

        listen 443 ssl http2;

Leave a Reply

Your email address will not be published. Required fields are marked *