Getting started
By default DokuWiki is installed on a separate system account "dokuwiki"
,
in /srv/www/dokuwiki/
subdirectory and will be accessible on
https://wiki.<domain>/
. debops.nginx and debops.php roles are used
to configure the required environment.
Example inventory
You can install DokuWiki on a host by adding it to
[debops_service_dokuwiki]
group in your Ansible inventory:
[debops_service_dokuwiki]
hostname
Example playbook
Here's an example playbook which uses debops.dokuwiki
role to install
DokuWiki:
---
- name: Manage DokuWiki
collections: [ 'debops.debops', 'debops.roles01',
'debops.roles02', 'debops.roles03' ]
hosts: [ 'debops_service_dokuwiki' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
pre_tasks:
- name: Apply keyring configuration for php environment
ansible.builtin.import_role:
name: 'keyring'
vars:
keyring__dependent_apt_keys:
- '{{ php__keyring__dependent_apt_keys }}'
- '{{ nginx__keyring__dependent_apt_keys }}'
tags: [ 'role::keyring', 'skip::keyring', 'role::php', 'role::nginx' ]
- name: Prepare php environment
ansible.builtin.import_role:
name: 'php'
tasks_from: 'main_env'
tags: [ 'role::php', 'role::php:env', 'role::logrotate' ]
roles:
- role: apt_preferences
tags: [ 'role::apt_preferences', 'skip::apt_preferences' ]
apt_preferences__dependent_list:
- '{{ php__apt_preferences__dependent_list }}'
- '{{ nginx__apt_preferences__dependent_list }}'
- role: cron
tags: [ 'role::cron', 'skip::cron' ]
- role: logrotate
tags: [ 'role::logrotate', 'skip::logrotate' ]
logrotate__dependent_config:
- '{{ php__logrotate__dependent_config }}'
- role: php
tags: [ 'role::php', 'skip::php' ]
php__dependent_packages:
- '{{ dokuwiki__php__dependent_packages }}'
php__dependent_pools:
- '{{ dokuwiki__php__dependent_pools }}'
- role: ferm
tags: [ 'role::ferm', 'skip::ferm' ]
ferm__dependent_rules:
- '{{ nginx__ferm__dependent_rules }}'
- role: python
tags: [ 'role::python', 'skip::python' ]
python__dependent_packages3:
- '{{ ldap__python__dependent_packages3 }}'
- '{{ nginx__python__dependent_packages3 }}'
python__dependent_packages2:
- '{{ ldap__python__dependent_packages2 }}'
- '{{ nginx__python__dependent_packages2 }}'
- role: ldap
tags: [ 'role::ldap', 'skip::ldap' ]
ldap__dependent_tasks:
- '{{ dokuwiki__ldap__dependent_tasks }}'
- role: nginx
tags: [ 'role::nginx', 'skip::nginx' ]
nginx__dependent_upstreams:
- '{{ dokuwiki__nginx__dependent_upstreams }}'
nginx__dependent_servers:
- '{{ dokuwiki__nginx__dependent_servers }}'
- role: dokuwiki
tags: [ 'role::dokuwiki', 'skip::dokuwiki' ]
Post-install steps
When Ansible is finished, if you don't use LDAP, you need to finish the
configuration by opening the https://wiki.<domain>/install.php
page. There
you will be able to set the name of your new wiki, superuser account and
password, and other settings.
You can then login to your wiki and configure it using the administrative interface.
Some of the provided plugins, for example CodeMirror
, might not be
installed correctly. In that case, reinstalling them using the admin interface
should be enough to correctly enable them in DokuWiki.
LDAP support
If the LDAP environment managed by the debops.ldap role is configured on
a host on which DokuWiki is installed, the debops.dokuwiki role will
automatically integrate with it and configure LDAP authentication. In that
case, use of the /install.php
script might break the installation because
the install script disables all authentication plugins apart from the
authplain
plugin, using the conf/plugins.local.php
configuration
file. You can still do it if you wish, just remember to remove the authldap
entry from the mentioned file afterwards to restore LDAP support.
Alternatively, you can finish installation after logging in using an
administrator account. You will have to define basic set of ACLs using the ACL
manager - for example to make the whole wiki require authentication to read,
you can define an ACL entry for @ALL
to "None", and an ACL entry for
@USER
to "Upload", which will give users the broadest set of permissions
without allowing normal users to delete things. The name of the wiki and
license used by the wiki can be set in the Configuration Manager.
The debops.dokuwiki role by default creates a separate LDAP object (via
the debops.ldap role) that contains the definition of user groups used
by DokuWiki. The LDAP object will be a child of the LDAP account object used to
access the LDAP directory. This configuration is meant to allow configuration
of private DokuWiki instances for different groups of users in the LDAP
directory. If you want to instead use the global groups defined in LDAP, you
can change that by setting the dokuwiki__ldap_private_groups
variable
to False
.
One LDAP group will be created by default - "DokuWiki Administrators". This is
a groupOfNames
LDAP object that grants the superuser access to the wiki to
people specified using the member
attribute. You can define your own
additional groups in the same manner as long as they are put below the
ou=Groups
LDAP object used by the wiki. Inside of the DokuWiki ACL manager,
these groups have to be specified with the @
prefix, for example
@DokuWiki Administrators
.
By default access to DokuWiki service is limited to user accounts that have the
authorizedService
attribute with either dokuwiki
, web-public
or
*
values. To change the requirements or give access to the service to all
users, you can edit the LDAP user filter used by DokuWiki, specified in the
dokuwiki__ldap_user_filter
variable.
You should also read the LDAP Directory Information Tree for details about LDAP objects and directory structure configured by the debops.dokuwiki role.