By default wiki will, if we don't configure a security module, make all content read-only.
The previous default where unclaimed sites were editable by anybody can be enabled by setting security_legacy
to true.
This version of wiki will install
- a Passport based security module, to replace the earlier Mozilla Persona one, and
- a simpler friends, secret token, based security module, see wiki-security-friends for details.
To use this new, Passport based, security module you will need to:
-
migrate the existing Mozilla Persona identity files to the new JSON format owner files. This is achieved by running
wiki-migrate
, there are optional parametersdata
,status
andid
; these should be set to the same as you use to runwiki
. -
choose one, or more, of the OAuth providers that it makes available and follow the configuration notes.
It is recommended that you make use of TLS, while currently it is not required for OAuth, it is recommended by the identity providers. This will require configuring a proxy, in front of the Federated Wiki server, and getting the necessary certificated. There are a number of options, probably the easiest is to use Caddy with Automatic HTTPS, and On-Demand TLS. Which uses Let's Encrypt as the certificate authority.
If you want to use TLS
you will need to configure the wiki server by adding "security_useHttps": true,
to the configuration file, as well as using https://
in the callback URLs when you configure the OAuth provider.