The goal of this howto is to
Add something similar to this to your /etc/fstab:
//vmhost/dokumente/dokuwiki /home/<user>/dokuwiki-data cifs credentials=/root/.cifs,vers=3.0,uid=1000,gid=1000,context=system_u:object_r:container_file_t:s0,noexec,nosuid 0 0
Note: on an SELinux enabled system you need the set the SEContext correctly (as in exactly what you see in a directory that works in a container with ls -lZ)
The credentials can be stored in a file only root can read. Use the highest number for vers possible, it maybe even better to use the smb3 filesystem with posix in newer versions of Linux.
sudo mount $(pwd)/dokuwiki-data
We use an “official” container image. This image assumes to run as a docker and therefore root image. We run it using podmans pseudo root (mapped to the current user) technology. That's why we only use the root user. This is mapped to the current user automatically. php-fpm tries hard to prevent users from running it as root. We need to change the startup options using this script $HOME/dokuwiki-svc-php-fpm-run:
#!/usr/bin/with-contenv bash # shellcheck shell=bash exec /usr/sbin/php-fpm82 -F -R
quadlet is the podman way of running containers using systemd:
[Unit] Description=Wiki for documenting various service setups [Container] Image=lscr.io/linuxserver/dokuwiki:latest Environment=PUID=0 Environment=PGID=0 Environment=TZ=Europe/Vienna PublishPort=50080:80 PublishPort=50443:443 Volume=/home/$USER/dokuwiki:/config:z Volume=/home/$USER/dokuwiki-data/:/config/dokuwiki/data/:z Volume=/home/$USER/dokuwiki-svc-php-fpm-run:/etc/s6-overlay/s6-rc.d/svc-php-fpm/run:z AutoUpdate=registry [Install] WantedBy=multi-user.target
Replace $USER so it points to the correct user directory. Create this as dokuwiki.container in /home/$USER/.config/containers/systemd
This creates a dokuwiki service with the correct podman call and also enables auto updates using podman auto-update
systemctl --user daemon-reload systemctl --user start dokuwiki systemctl --user status dokuwiki systemctl --user enable dokuwiki # by default user processes will be terminated after logout sudo loginctl enable-linger $USER
/etc/httpd/conf.d/sites-enabled/dokuwiki.siam.homeunux.net.conf
<VirtualHost *:80> ServerName dokuwiki.machine-deck.jeffries-tube.at ServerAlias dokuwiki.machine-deck.jeffries-tube.at Redirect / https://dokuwiki.machine-deck.jeffries-tube.at/ </VirtualHost> <VirtualHost *:443> ServerName dokuwiki.machine-deck.jeffries-tube.at ServerAlias dokuwiki.machine-deck.jeffries-tube.at Include /etc/httpd/conf.d/shared/ssl.conf AllowEncodedSlashes NoDecode SSLProxyEngine On ProxyPreserveHost On # cert is issued for collaboraonline.example.com and we proxy to localhost SSLProxyVerify None SSLProxyCheckPeerCN Off SSLProxyCheckPeerName Off # static html, js, images, etc. served from coolwsd # browser is the client part of Collabora Online ProxyPass / https://127.0.0.1:50443/ retry=0 ProxyPassReverse / https://127.0.0.1:50443/
setenforce 0 systemctl stop httpd sudo docker run -it --rm --name certbot \ -v "/etc/letsencrypt:/etc/letsencrypt" \ -v "/var/lib/letsencrypt:/var/lib/letsencrypt" -v "/var/log/letsencrypt/:/var/log/letsencrypt/" \ -p 80:80 -p 443:443 \ certbot/certbot certonly --standalone -d [... the other letsencrypt domains],dokuwiki.machine-deck.jeffries-tube.at systemctl start httpd setenforce 1
podman auto-update --dry-run --format "{{.Image}} {{.Updated}}" # lscr.io/linuxserver/dokuwiki:latest pending podman auto-update