[Wiki.js](https://wiki.js.org/) is an elegant looking [wiki](https://en.wikipedia.org/wiki/Wiki) based on [Markdown](https://daringfireball.net/projects/markdown/). It supports LDAP and many more [authentication mechanisms](https://docs.requarks.io/wiki/install/authentication). In this guide we describe how to install *Wiki.js* on Ubuntu 16.04.

## Prerequisites

* An Ubuntu 16.04 instance.

### Install *curl*, *Node.js v8.x* and *build-essential*:

“`
# apt -y install curl
# curl -sL https://deb.nodesource.com/setup_8.x | bash –
# apt -y install nodejs build-essential
“`

### Install *MongoDB v3.4*

“`
# apt-key adv –keyserver hkp://keyserver.ubuntu.com:80 –recv 0C49F3730359A14518585931BC711F9BA15703C6
# echo “deb [ arch=amd64,arm64 ] http://repo.mongodb.org/apt/ubuntu xenial/mongodb-org/3.4 multiverse” | tee /etc/apt/sources.list.d/mongodb-org-3.4.list
# apt update
# apt -y install mongodb-org
“`

Start *MongoDB*:

“`
# systemctl start mongodb
“`

Enable *MongoDB* at startup:

“`
# systemctl enable mongodb
“`

### Install *git*

The version that comes with Ubuntu 16.04 fills the minimum requirements so there is no need to install it from upstream.

“`
# apt -y install git
“`

## Install Wiki.js

“`
# mkdir /srv/wiki.js
# cd /srv/wiki.js
# npm install wiki.js@latest
“`

You will get this message:

“`
> Browse to http://your-server:3000/ to configure your wiki! (Replaced your-server with the hostname or IP of your server!)
▐ ⠂ ▌ I’ll wait until you’re done 😉
“`

Do as the message says. Let the wizard wait until we are done, and open another shell to work with.

## Setup nginx

Install *Nginx*:

“`
# apt -y install nginx
“`

Create this VirtualHost configuration (*/etc/nginx/sites-available/wiki.example.com.conf*):

“`
server {
listen [::]:80 ipv6only=off;
server_name wiki.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name wiki.example.com;

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers “EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS”;
ssl_prefer_server_ciphers on;

ssl_certificate /etc/nginx/ssl/wiki.example.com.crt;
ssl_certificate_key /etc/nginx/ssl/wiki.example.com.key;
ssl_trusted_certificate /etc/nginx/ssl/CA.crt;

location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection “upgrade”;
proxy_next_upstream error timeout http_502 http_503 http_504;
}
}
“`

Enable the *wiki.example.com* VirtualHost:

“`
# cd /etc/nginx/sites-enabled/
# ln -s ../sites-available/wiki.example.com.conf
# unlink default
“`

Restart *Nginx*:

“`
# systemctl restart nginx
“`

## Configure Wiki.js

After the installation you will be asked if you wish to run the configuration wizard. Select this and continue:

“`
Yes, run configuration wizard on port 3000 (recommended)
“`

Now browse to http://wiki.example.com/ and follow the installation wizard:

* Welcome!: **Start**
* System Check (if all good): **Continue**
* General:
* Site title: **ExampleWiki**
* Host: **https://wiki.example.com**
* Port: **3000**
* Site UI Language: **English**
* Public Access: **Not selected**
* Press: **Continue**
* Important Considerations: **Continue**
* Database: **mongodb://localhost:27017/wiki**
* Database Check: **Continue**:
* Paths:
* Local Data Path: **./data**
* Local Repository Path: **./repo**
* Git Repository: **Skip this step**
* Git Repository Check: **Continue**
* Administrator Account
* Administrator Email: **admin@example.com**
* Password: **MySecretCombination**
* ConfirmPassword: **MySecretCombination**
* Finalizing: **Start**

## Enable Wiki.js on startup

“`
# npm install -g pm2
# pm2 startup
# pm2 save
“`

## Setup LDAP

This is an optional step for those wishing to integrate *Wiki.js* in their LDAP infrastructure.

### Trust CUT IST ISSUING CA

Connect to the LDAP (AD) server and get all certificates:

“`
openssl s_client -showcerts -connect dcs03ist00.lim.tepak.int:636 | tee ldap.log
“`

Hit ‘Ctrl-C’ to end the command.

The certificate with the ID ‘1’ in *ldap.log* is the ISSUING CA certificate. Extract the CUT IST ISSUING CA certificate and save it in *cut_issuing_ca.crt*:

“`
—–BEGIN CERTIFICATE—–
MIIF7DCCA9SgAwIBAgITcgAAAAakujIFDl5tvQAAAAAABjANBgkqhkiG9w0BAQsF
ADBNMQswCQYDVQQGEwJDWTEoMCYGA1UEChMfQ1lQUlVTIFVOSVZFUlNJVFkgT0Yg
VEVDSE5PTE9HWTEUMBIGA1UEAxMLQ1VUIFJPT1QgQ0EwHhcNMTUwMzA5MTAyMjAy
WhcNMjAwMzA5MTAzMjAyWjBeMRMwEQYKCZImiZPyLGQBGRYDaW50MRUwEwYKCZIm
iZPyLGQBGRYFdGVwYWsxEzARBgoJkiaJk/IsZAEZFgNsaW0xGzAZBgNVBAMTEkNV
VCBJU1QgSVNTVUlORyBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AMPHOqer+ovT+Y99lI4dSYa+XHAnCaup8vbLE9x4iKEjq9gfYq8Gs3Aujx6h32Y8
DLJcKHgxlzqwn6zzq2YSDziFPCka5bAZswaFqvD6fm22oujRmlUBDrW37OsP3nwJ
gT5GMUSzvE0ZvcdjotCm2iBDfGryJgU3PFgAvPXVyFq8bV1jTYBP8sqsWssIdOMg
doN8RLKj6gwJIwA1cvhvnuePU6a2HlHI314GaUqNtyX5PZ5VbUNIQXBt+McPNP0d
sg8yKzfBtl6V4U9xheKmdKxfIB0rN1L/uqzoewIrwUXab7l9kbSYoKqiPZkYnpEi
TQ8msXa/6TL0grQR085sugUCAwEAAaOCAbIwggGuMBAGCSsGAQQBgjcVAQQDAgEA
MB0GA1UdDgQWBBR0NThxWu0JH7JLfLf75h9dis6S6DCBnwYDVR0gBIGXMIGUMIGR
BgsrBgEEAYLiewEBATCBgTBOBggrBgEFBQcCAjBCHkAAQwBlAHIAdABpAGYAaQBj
AGEAdABpAG8AbgAgAFAAcgBhAGMAdABpAGMAZQAgAFMAdABhAHQAZQBtAGUAbgB0
MC8GCCsGAQUFBwIBFiNodHRwczovL3BraS5jdXQuYWMuY3kvcGtpL2Nwcy5odG1s
ADAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0T
AQH/BAUwAwEB/zAfBgNVHSMEGDAWgBSY/OKi6F/HKZRvR0574L5dNf4KwzA5BgNV
HR8EMjAwMC6gLKAqhihodHRwOi8vcGtpLmN1dC5hYy5jeS9jcmwvQ1VULVJPT1Qt
Q0EuY3JsMEQGCCsGAQUFBwEBBDgwNjA0BggrBgEFBQcwAoYoaHR0cDovL3BraS5j
dXQuYWMuY3kvcGtpL0NVVC1ST09ULUNBLmNydDANBgkqhkiG9w0BAQsFAAOCAgEA
IVJPKacKldP8WEFkCNGJq9PIFr5R0MuD6DUSifnnj94Z004ET29+C3sesUsWHMLd
p1LA+6pmF8JUAUg5Zzab2gV3vHVorYIPlPs2IorhTlnl5k9UCAjBuT3HV1kcCt2R
L601KYIYN3QIiVaA3k7xOPp+Y9nL/OlvjE3S6MVeC2WJYl1Ai+eZWQpL/SvAA8vH
NQzCqqNUnCT1zr9Uei71r0elgtoevsRmWRVWPmOl4Sft0amJ5fXDhYvN0KiktDTt
SeBy+YY48vzbhTRPFhUsj84ePyQcBqtLWQlyhmFs8b+gtSbmYWA1AnWgA+/Fd37Z
k75/x8qqnyZ4BFBKzEzukIKyapnRf8ARzL6oHo7XIXmkUb4cBzf5asNkqRRcUxrl
IEPGuGjr0+yo49f0uP3v+xE+Vyam27B3A4hhrgyqIe26/FxlbkyHT7BLhxCSu7kX
hymb9rZwGy8LR6JVCHhOllXm0eaKiRxFBYcgofekgUfjL5Coip6wAzabtrqE38zX
EkQ6sFi4hFM2ifVKA6lU1OUfeK1j5hEcmGzyCS+4aWXeY9/tTlDj28Z04cp34jla
Oc2Q4VBmO6yA1d6L22o9gTb4gvTcghHOJezWeo5PFsSD+GmJfq4JLvaHk9gsbb5D
099bze3eSDCISoR5ce6mdkD6pr5PfsVfZHhSktc4nk4=
—–END CERTIFICATE—–
“`

Verify the certificate with:

“`
openssl x509 -text -in cut_issuing_ca.crt
“`

### Add the CUT ISSUING CA in the trusted chain of the system:

“`
cp cut_issuing_ca.crt /usr/local/share/ca-certificates/
update-ca-certificates
“`

### Configure LDAP for Wiki.js

Make these changes in */srv/wiki.js/config.yml*:

“`
ldap:
enabled: true
url: ‘ldap://ldap.example.com:389’
bindDn: ‘cn=wiki,ou=dsa,dc=example,dc=com’
bindCredentials: ‘MyLDAPCredentials’
searchBase: ‘ou=people,dc=example,dc=com’
searchFilter: ‘(uid={{username}})’
tlsEnabled: true
tlsCertPath: ‘/etc/ssl/certs/ca-certificates.crt’
“`

### Give Access permissions to authenticated users

Visit the Admin URL:

https://wiki.example.com/admin

Click on ‘Users’. You will get a list of users. You can give ‘Read and Write’ access to them from the ‘Access Rights’ field and you can upgrade them to ‘Global Administrators’ from the ‘Role Override’ field.

**NOTE: For LDAP the users need to login first before they are allowed to write.**

Enjoy your newly created Wiki!

References
———-
* https://docs.requarks.io/wiki
* https://nodejs.org/en/download/package-manager/#debian-and-ubuntu-based-linux-distributions
* https://docs.mongodb.com/manual/tutorial/install-mongodb-on-ubuntu/

These are the instructions for installing an [ORCID](http://orcid.org/)[^orcid] authentication node. We will be using the [simple-orcid-auth-node](https://github.com/ORCID/simple-orcid-auth-node)[^soan] developed by the ORCID organization.

### Assumptions

* An Ubuntu 16.04 server machine but works on 14.04x with some minor changes.
* A FQDN, let’s say *orcid.example.com*.
* Server IP is 10.2.2.2 in our case.
* Create an *orcid* user: `sudo useradd -r -m -d /var/www/html/orcid orcid`.
* For Ubuntu 14.04 it is better to use */var/www/orcid* instead of */var/www/html/orcid*.
* Also use `service restart` on 14.04.x instead of `systemctl restart `.

### Installing *simple-orcid-auth-node*

* Install necessary packages (as a privileged user):

“`
$ sudo apt -y install nginx nodejs npm
“`

__NOTE: If you are using Ubuntu 14.04.x do not install the [node](http://packages.ubuntu.com/trusty/node) package. This package is completely unrelated with [nodejs](https://nodejs.org/en/).__[^node]

* Download and extract *simple-orcid-auth-node* (as the *orcid* user):

“`
sudo su – orcid
wget https://github.com/rcpeters/simple-orcid-auth-node/archive/master.tar.gz
tar xvzf master.tar.gz
“`

* Install the application:

“`
$ cd simple-orcid-auth-node-master/
$ npm install
“`

* Test run the application (as the *orcid* user):

“`
$ nodejs client-app.js
server started on 8000
“`

Looks OK. Now point your Hit CTRL^C and move on.

__NOTE: If you prefer using the legacy `node client-app.js` invocation, you need to install the [nodejs-legacy](http://packages.ubuntu.com/xenial/nodejs-legacy) package as well.__

### Setting ORCID as an autostart service

* Autostart using *systemd*[^systemd] (Ubuntu 16.04):

* Create the */etc/systemd/system/orcid.service* service definition (as the *root* user):

$ cat > /etc/systemd/system/orcid.service << EOF
[Service]
ExecStart=/usr/bin/nodejs /var/www/html/orcid/simple-orcid-auth-node-master/client-app.js
WorkingDirectory=/var/www/html/orcid/simple-orcid-auth-node-master
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=orcid
User=orcid
Group=orcid
Environment=NODE_ENV=production
[Install] WantedBy=multi-user.target EOF

* Reload *systemd* and start the service:

“`
$ sudo systemctl daemon-reload
$ sudo systemctl start orcid.service
“`

* Verify that the service is started:

$ sudo systemctl status orcid.service
● orcid.service
   Loaded: loaded (/etc/systemd/system/orcid.service; disabled; vendor preset: enabled)
   Active: active (running) since Wed 2016-04-27 09:00:16 UTC; 37s ago
 Main PID: 11141 (nodejs)
    Tasks: 5 (limit: 512)
   Memory: 24.1M
      CPU: 268ms
   CGroup: /system.slice/orcid.service
           └─11141 /usr/bin/nodejs /var/www/html/orcid/simple-orcid-auth-node-master/client-app.js
Apr 27 09:00:16 orcid systemd[1]: Started orcid.service. Apr 27 09:00:16 orcid orcid[11141]: server started on 8000

* Autostart using *sysv-init* (Ubuntu 14.04.x):

* Prepare a *sysv-init* startup script or use mine for convinience:

“`
$ cd /etc/init.d
$ wget https://raw.githubusercontent.com/theodotos/arena/master/orcid
$ chmod +x orcid
$ update-rc.d orcid enable
$ update-rc.d orcid defaults
“`

Now *orcid* should be able to autostart after a reboot.

### Setting up nginx

* Prepare this configuration:

$ cat > /etc/nginx/sites-available/orcid << EOF
server {
    listen 80;     listen [::]:80 ipv6only=on;
    server_name orcid.example.com;
    access_log /var/log/nginx/orcid.access.log;     error_log /var/log/nginx/orcid.error.log;
    location / {         proxy_pass http://localhost:8000/;         proxy_set_header Host \$host;         proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;     } } EOF

* Enable the *orcid* site:

“`
$ cd /etc/nginx/sites-enabled/
$ sudo ln -s /etc/nginx/sites-available/orcid
“`

* Uncomment the following line in */etc/nginx/nginx.conf*[^nginx]:

“`
server_names_hash_bucket_size 64;
“`

* Restart *nginx*:

“`
$ sudo systemctl restart nginx.service
“`

* Verify *nginx* with `sudo systemctl status nginx.service`

Now you can visit the http://orcid.example.com site and test your setup

### Going to production

The default *simple-orcid-auth-node* is using the sandbox ORCID service which is ideal for testing. This is how the configuration file (*helpers/config.js*) looks like:

“`
module.exports = config = {
// Config for OAuth2
CLIENT_ID: ‘APP-O9TUKAPVLALU1SOJ’,
CLIENT_SECRET: ‘0eafb938-020e-45a6-a148-3c222171d9d8’,
AUTHORIZE_URI: ‘https://sandbox.orcid.org/oauth/authorize’,
TOKEN_EXCHANGE_URI: ‘https://api.sandbox.orcid.org/oauth/token’,
CODE_CALLBACK_URI: ‘http://localhost:8000/authorization-code-callback’,
// General server config
PORT: ‘8000’,
SERVER_IP: ‘127.0.0.1’,
}

“`

This setup will not work in production. You have to modify the **CLIENT_ID** and **CLIENT_SECRET** variables with your own credentials and change the **AUTHORIZE_URI** and **TOKEN_EXCHANGE_URI** to point to the production ORCID services:

module.exports = config = {
  // Config for OAuth2 
  CLIENT_ID: 'APP-HSGSHJS335353GSGSG',
  CLIENT_SECRET: '56d4eb21-6622-8483-3422-f53f3fs53sfs35f',
  AUTHORIZE_URI: 'https://orcid.org/oauth/authorize',
  TOKEN_EXCHANGE_URI: 'https://api.orcid.org/oauth/token',
  CODE_CALLBACK_URI: 'http://localhost:8000/authorization-code-callback',
  // General server config
  PORT: '8000',
  SERVER_IP: '127.0.0.1',
}
...

Restart *nginx* and *orcid* when done:

“`
$ sudo systemctl restart nginx.service orcid.service
“`

References
———-

[^orcid]: https://en.wikipedia.org/wiki/ORCID
[^soan]: https://github.com/ORCID/simple-orcid-auth-node
[^node]: https://github.com/ORCID/simple-orcid-auth-node/issues/3
[^systemd]: https://www.digitalocean.com/community/tutorials/how-to-deploy-node-js-applications-using-systemd-and-nginx
[^nginx]: http://charles.lescampeurs.org/2008/11/14/fix-nginx-increase-server_names_hash_bucket_size