# Setup dokuwiki using docker

The goal of this howto is to
* set up a dokuwiki container using docker (and not e. g. podman, slightly different)
* use an SMB share for storing the data
* on a server using enforcing SELinux (Centos 7)

## Mount the data on an SMB share

Add something similar to this to your `/etc/fstab`:

```fstab
//vmhost/dokumente/dokuwiki     /home/<user>/dokuwiki-data      cifs  credentials=/root/.cifs,vers=3.0,uid=1000,gid=1000,context=system_u:object_r:container_file_t:s0,noexec,nosuid  0 0
```

_Note_: on an SELinux enabled system you need the set the SEContext correctly (as in exactly what you see in a directory that works in a container with `ls -lZ`)

The credentials can be stored in a file only root can read. Use the highest number for vers possible, it maybe even better to use the `smb3` filesystem with `posix` in newer versions of Linux.

```bash
sudo mount $(pwd)/dokuwiki-data
```

## Create the container and managing lifecycle via docker

We use an "official" container image, `$(pwd)` is meant to run from <user> home directory:

```bash
sudo docker run -d \
  --name=dokuwiki \
  -e PUID=1000 \
  -e PGID=1000 \
  -e TZ=Europe/Vienna \
  -p 50080:80 \
  -p 50443:443 \
  -v $(pwd)/dokuwiki:/config:z -v $(pwd)/dokuwiki-data:/data \
  --restart unless-stopped \
  lscr.io/linuxserver/dokuwiki:latest
```

This image stores all configuration in /config and all data in /data.
We want to keep config local but mount data from some SMB server. Change the following in `~/dokuwiki/dokuwiki/conf/local.php`

```php
$conf['savedir'] = '/data';
```

For podman we can create such a container but need to mange start/stop with systemnd.

## Reverse proxy on the host using apache

`/etc/httpd/conf.d/sites-enabled/dokuwiki.siam.homeunux.net.conf`

```apache
<VirtualHost *:80>
  ServerName dokuwiki.siam.homeunix.net
  ServerAlias dokuwiki.siam.homeunix.net

  Redirect / https://dokuwiki.siam.homeunix.net/
</VirtualHost>
<VirtualHost *:443>
  ServerName dokuwiki.siam.homeunix.net
  ServerAlias dokuwiki.siam.homeunix.net

  Include /etc/httpd/conf.d/shared/ssl.conf


 AllowEncodedSlashes NoDecode
 SSLProxyEngine On
 ProxyPreserveHost On


 # cert is issued for collaboraonline.example.com and we proxy to localhost
 SSLProxyVerify None
 SSLProxyCheckPeerCN Off
 SSLProxyCheckPeerName Off


 # static html, js, images, etc. served from coolwsd
 # browser is the client part of Collabora Online
 ProxyPass           / https://127.0.0.1:50443/ retry=0
 ProxyPassReverse    / https://127.0.0.1:50443/
```

## Add the new virtual host to Let's encrypt

```bash
setenforce 0
systemctl stop httpd
sudo docker run -it --rm --name certbot \
            -v "/etc/letsencrypt:/etc/letsencrypt" \
            -v "/var/lib/letsencrypt:/var/lib/letsencrypt" -v "/var/log/letsencrypt/:/var/log/letsencrypt/" \
            -p 80:80 -p 443:443 \
            certbot/certbot certonly --standalone -d [... the other letsencrypt domains],dokuwiki.machine-deck.jeffries-tube.at
systemctl start httpd
setenforce 1
```