Add VPS deployment support with Caddy reverse proxy

.github/workflows/build-docker.yml

@@ -49,6 +49,10 @@ jobs:
       - run: make wiki-production-image
         working-directory: Docker
 
+      - name: Use CI docker-compose
+        run: rm docker-compose.yml && mv docker-compose.ci.yml docker-compose.yml
+        working-directory: Docker
+
       - name: Start containers
         run: docker compose up -d
         working-directory: Docker

Docker/.env

@@ -1,25 +1,26 @@
-VERBOSE=
-
+# Change for production
 MARIADB_ROOT_PASSWORD=mediawiki
 MARIADB_DATABASE=mediawiki
 MARIADB_USER=mediawiki
+# Change for production
 MARIADB_PASSWORD=mediawiki
 
+# Change for production
 MW_ADMIN_PASSWORD=AdminPassword
 MW_SERVER_PORT=8484
 
-LOCAL_IP=127.0.0.1
-LOCAL_HOST=localhost
-
 NEO4J_USERNAME=neo4j
+# Change for production
 NEO4J_PASSWORD=password
 NEO4J_AUTH=neo4j/${NEO4J_PASSWORD}
 NEO4J_URL_EXTERNAL=bolt://localhost:7687
 
 NEO4J_USERNAME_READ=mediawiki_read
+# Change for production
 NEO4J_PASSWORD_READ=mediawiki_read
 
-MW_SERVER=http://${LOCAL_HOST}:${MW_SERVER_PORT}
+# Change for production: https://your-domain.com
+MW_SERVER=http://localhost:${MW_SERVER_PORT}
 
 #MW_SMTP_HOST=
 #MW_SMTP_ID_HOST=

Docker/Caddyfile

@@ -0,0 +1,3 @@
+{$MW_SERVER} {
+	reverse_proxy mediawiki:80
+}

Docker/Makefile

@@ -12,7 +12,7 @@ install-db:
 		php maintenance/install.php --dbuser ${MARIADB_USER} --dbpass ${MARIADB_PASSWORD} \
 			--dbname ${MARIADB_DATABASE} --dbserver db:3306 --lang en \
 			--pass ${MW_ADMIN_PASSWORD} \
-			--server http://${LOCAL_HOST}:${MW_SERVER_PORT} \
+			--server ${MW_SERVER} \
 			SiteName AdminName
 	${dockerCompose} exec -T mediawiki rm LocalSettings.php
 	${dockerCompose} exec -T mediawiki mv __LocalSettings.php LocalSettings.php
@@ -25,3 +25,11 @@ load-neo4j-users:
 
 test:
 	bash test.sh
+
+import-demo-data:
+	${dockerCompose} exec -T mediawiki php extensions/NeoWiki/maintenance/ImportDemoData.php
+
+update:
+	${dockerCompose} pull
+	${dockerCompose} up -d
+	${dockerCompose} exec -T mediawiki php maintenance/run.php update --quick

Docker/README.md

@@ -0,0 +1,43 @@
+# NeoWiki Docker Deployment
+
+Deploy NeoWiki on a VPS with automatic HTTPS via Caddy.
+
+## Prerequisites
+
+- Docker and Docker Compose installed on your VPS
+- A domain name pointing to your VPS
+- Ports 80 and 443 open
+
+## Setup
+
+1. Copy this directory to your VPS
+
+2. Edit `.env` and change all values marked with `# Change for production`:
+   - `MW_SERVER` - your wiki's URL (e.g., `https://wiki.example.com`)
+   - `MARIADB_ROOT_PASSWORD` - database root password
+   - `MARIADB_PASSWORD` - database user password
+   - `MW_ADMIN_PASSWORD` - MediaWiki admin password
+   - `NEO4J_PASSWORD` - Neo4j password
+   - `NEO4J_PASSWORD_READ` - Neo4j read-only user password
+
+3. Start the containers:
+   ```bash
+   docker compose up -d
+   ```
+
+4. Wait for containers to be healthy, then initialize the database:
+   ```bash
+   make install-db
+   make load-neo4j-users
+   ```
+
+5. Optionally load NeoWiki demo data:
+   ```bash
+   make import-demo-data
+   ```
+
+6. Access your wiki at your configured `MW_SERVER` URL
+
+## Extra
+
+Server hardening is not covered here.

Docker/SettingsTemplate.php

@@ -202,3 +202,5 @@
 ];
 
 $wgEmailConfirmToEdit = false;
+
+$wgGroupPermissions['*']['edit'] = false;

Docker/docker-compose.ci.yml

@@ -0,0 +1,51 @@
+services:
+  mediawiki:
+    image: ghcr.io/professionalwiki/neowiki:latest
+    ports:
+      - "127.0.0.1:${MW_SERVER_PORT}:80"
+      - "127.0.0.1:8486:8486"
+    depends_on:
+      - db
+      - neo
+    environment:
+      - MARIADB_DATABASE
+      - MARIADB_USER
+      - MARIADB_PASSWORD
+      - MW_SERVER
+      - NEO4J_URL_EXTERNAL
+      - NEO4J_USERNAME
+      - NEO4J_PASSWORD
+      - NEO4J_USERNAME_READ
+      - NEO4J_PASSWORD_READ
+    healthcheck:
+      test: "curl -fsSL http://localhost:80/index.php/Special:Version | grep 'Jeroen De Dauw'"
+      interval: 60s
+      timeout: 5s
+      retries: 1
+
+  db:
+    image: mariadb:11.8
+    environment:
+      - MARIADB_ROOT_PASSWORD
+      - MARIADB_DATABASE
+      - MARIADB_USER
+      - MARIADB_PASSWORD
+    healthcheck:
+      test: ["CMD", "mariadb-admin" ,"ping", "-h", "localhost"]
+      interval: 10s
+      timeout: 10s
+      retries: 4
+
+  neo:
+    image: neo4j:enterprise
+    ports:
+      - "127.0.0.1:7474:7474"
+      - "127.0.0.1:7687:7687"
+    environment:
+      - NEO4J_ACCEPT_LICENSE_AGREEMENT=eval
+      - NEO4J_AUTH
+    healthcheck:
+      test: "wget http://localhost:7474/browser -O - | grep 'Neo4j Browser'"
+      interval: 5s
+      timeout: 1s
+      retries: 10

Docker/docker-compose.yml

@@ -1,19 +1,19 @@
 services:
   mediawiki:
     image: ghcr.io/professionalwiki/neowiki:latest
-    ports:
-      - "${LOCAL_IP}:${MW_SERVER_PORT}:80"
-      - "${LOCAL_IP}:8486:8486"
+    restart: unless-stopped
+    volumes:
+      - mediawiki-images-data:/var/www/html/w/images
+      # Uncomment to use custom LocalSettings.
+      # - ./LocalSettings.php:/var/www/html/w/LocalSettings.php:ro
     depends_on:
       - db
       - neo
-    restart: unless-stopped
     environment:
       - MARIADB_DATABASE
       - MARIADB_USER
       - MARIADB_PASSWORD
       - MW_SERVER
-      - LOCAL_HOST
       - NEO4J_URL_EXTERNAL
       - NEO4J_USERNAME
       - NEO4J_PASSWORD
@@ -44,9 +44,6 @@ services:
   neo:
     image: neo4j:enterprise
     restart: unless-stopped
-    ports:
-      - "127.0.0.1:7474:7474"
-      - "127.0.0.1:7687:7687"
     volumes:
       - neo4j-data:/data
     environment:
@@ -58,6 +55,25 @@ services:
       timeout: 1s
       retries: 10
 
+  caddy:
+    image: caddy:2.10-alpine
+    restart: unless-stopped
+    ports:
+      - "80:80"
+      - "443:443"
+      - "443:443/udp"
+    volumes:
+      - ./Caddyfile:/etc/caddy/Caddyfile:ro
+      - caddy-data:/data
+      - caddy-config:/config
+    environment:
+      - MW_SERVER
+    depends_on:
+      - mediawiki
+
 volumes:
   mediawiki-db-data:
+  mediawiki-images-data:
   neo4j-data:
+  caddy-data:
+  caddy-config: