2020
Wiki.js 2 with Nginx Installation
For the past few months I’ve been using Tiddlywiki as a memory dump but been having some issues. First started with the dreaded XMLHttpRequest error:
Error retrieving skinny tiddler list: XMLHttpRequest error code: 404
Which the available documentation offers no help with and the developers just shrug at. Then it just ate a fucken shotgun shell deep down its throat:
We en’t here for that shit so on we went looking for an alternative that treats markdown as a first-class white citizen in apartheid america. Found wiki.js, which seems to have that, and here we are.
What follows is a guide written after a week of bashing our head against multiple desks because devlopers are morons who don’t know how to write documentation, if they even bother writing any. What is available for wiki.js is fucken laughable or only applies to the 1.x series. Real developers are extinct, by the way.
This is what worked for us on Debian 9. You will have to adapt this for your own OS and hosting configuration. We’re not at fault if the results eat your pet, fuck your significant other, and make your mom call them daddy.
Ingredients
This assumes DNS is already routing properly, outgoing mail works, and you’ve already dealt with your firewall. This setup gets you a wiki.js installation with nginx as a reverse proxy running security.
All commands are executed as root.
Installation
Install what you need
# aptitude install nginx-extras postgresql postgresql-contrib pgcli nodejs certbot python-3-certbot-nginx
Download and extract wiki.js (assuming we’re at /var/www) like the documentation says:
# wget https://github.com/Requarks/wiki/releases/download/2.3.81/wiki-js.tar.gz
# mkdir wiki
# tar xzf wiki-js.tar.gz -C ./wiki
# cd ./wiki
# mv config.sample.yml config.yml
Configuration
Nginx
Edit your configuration file for nginx so it passes everything to the wiki cleanly through nginx. The original configuration was generated by nginxconfig.io and incorporates stuff from the official documentation
As of right now (2020-05-16_14-28) they are valid and working server blocks
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name wiki.domain.invalid;
# SSL
ssl_certificate /etc/letsencrypt/live/wiki.domain.invalid/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/wiki.domain.invalid/privkey.pem; #managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/wiki.domain.invalid/chain.pem;
# security headers
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
#add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header Strict-Transport-Security "max-age=0" always;
# . files
location ~ /\.(?!well-known) {
deny all;
}
# logging
access_log /var/log/nginx/wiki.domain.invalid.access.log;
error_log /var/log/nginx/wiki.domain.invalid.error.log warn;
# reverse proxy
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
#proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
#proxy_set_header X-Forwarded-Host $host;
#proxy_set_header X-Forwarded-Port $server_port;
proxy_next_upstream error timeout http_502 http_503 http_504;
}
# gzip
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name wiki.domain.invalid;
# ACME-challenge
location ^~ /.well-known/acme-challenge/ {
root /var/www/_letsencrypt;
}
location / {
return 301 https://wiki.domain.invalid$request_uri;
}
}
SSL
Using Let’s Encrypt SSL certificates:
# certbot
Go through the wizard and it will automatically fix the SSL entries on your server blocks. You could also do this if you know what you’re doing and don’t want certbot to mess around with your files:
# certbot certonly --webroot -d wiki.domain.invalid --email mail@domain.invalid -w /var/www/_letsencrypt -n --agree-to-tos
Nginx Testing
Test and reload your configuration:
# nginx -t
# service nginx reload
Watch out for any errors, as usual. At this point Nginx will be serving files but as wiki.js isn’t setup yet you’ll get HTTP 502 errors if you try to visit the site on a browser. This configuration plays well with other sites being hosted on the same server.
Postgres
Secure your Postgres installation:
# sudo su postgres
$ passwd
Then setup your database. pgcli has smart completions turned on by default and looks pretty.
$ pgcli
> create DATABASE wikijs;
> create USER wikijs_user with ENCRYPTED PASSWORD 'Strong password';
> grant ALL PRIVILEGES on DATABASE wikijs to wikijs_user;
> \c wikijs
> CREATE EXTENSION pg_trgm;
> exit
$ exit
Wiki.js
Edit config.yml and make the appropriate changes:
Portshould match what was configured in the nginx https server block (3000)- In
dbsection, enter your database credentials - Do not enable SSL unless you are not to run this behind a proxy. This might work on a developer workstation but on the public internet you’re asking to get it up the ass, no lube.
Once this is done, start the application and watch for any errors
# node server
At this point you can visit your site and go through the installation wizard.
Configuration
There are a bunch of things the official wiki.js documentation only mentions offhandedly, or that you’ll only find out if you go rooting around in the issues tracker.
Home Page
You can name it anything you want but if you make the path anything other than /home wiki.js will freak out on you and send you on a loop.
File Storage
By default wiki.js will keep all its shit on the DB, which is a fucken stupid bad decision. We like making good decisions so we need to tell wiki.js to keep its shit in the filesystem:
- Go to Administration > Storage
- Enter the desired absolute path for your stuff, like
/var/www/wiki.domain.invalid/wiki-content - Enable the target
- Apply the changes
We’re unsure if this means wiki.js will actually use file storage to begin with, but at least you’ll be able to create quick backups of all your stuff. You have backups and you test them, right?
Search Engine
The default search is slow AF, so we’re going to use something better
- Go to Administration > Search Engine
- Select Database – PostgreSQL
- Apply the changes
Finishing thoughts
This thing has potential but it’s got a long way to go before it can look up to MediaWiki. If you find issues with this holler at me on the twitters.
It’s a deep, deep, rabbit hole
In this case the old West Indian world, of which Tennessee lay at the northern fringe. It’s the shatter-zone of the slave diaspora. Circulating currents. We gave Jamaica blues. Jamaica gave us ska. Jamaica gave us dub, we gave back hip-hop. It’s been happening for four hundred years.
Source: That Chop on the Upbeat
More than you thought you’d want to learn about the origins of ska.
Dell Wireless 1703 on Windows Server 2019
Recently at work I had to install this OS (with the Desktop Experience feature set) on a Dell XPS 8700. Windows was able to recognize everything properly and all components but the network adapter would show up in Device Manager. Tried the usual things to fix this:
- Installing the driver from Dell; it would install but Windows would fail to make use of it.
- Updating the driver using “Search automatically for updated driver software”. This would fail with Windows complaining about an issue with the INF.
- Manually pick a driver from the filesystem. It would also fail with an error about the INF.
Looked at the INF file but there wasn’t anything in it that would make Windows Server just up and refuse to install the thing, and given there isn’t that much difference between Windows 10 and Windows Server the issue had to lie elsewhere.
There is one thing that Windows 10 does, however, and that’s automatically start WLAN services, since usually you’d see Windows Server be installed on enterprise hardware or have it connected to the network via Ethernet. Turns out Windows Server does not even install this feature on its own.
To install it:
- Click Start button.
- Type “Turn features on or off”.
- Click Next 4 times (Before you Begin, Installation Type, Server Selection (which defaults to the local server), and Features.
- On the Features selection list, scroll down to Wireless LAN Service and select it.
- Click Install and wait for the OS to do its thing.
- Reboot system. This is required for it all to work.
After the system comes back up the network adapter should be installed and enabled in Device Manager.
Ah, right… in addition to this it turns out the “Dell Update Application” totally does not work under this OS so you have to manually download and install all device drivers; this took me a couple of hours, so mind your clock.
This is most annoying
Riot tells Ars kernel-level system could be removed if vulnerability is detected.
Source: Ring 0 of fire: Does Riot Games’ new anti-cheat measure go too far? | Ars Technica
Given Riot’s labor and cultural practices I’m not holding much hope for them being able to fix issues quickly when (not if) someone breaks their driver and turns it into a rootkit like Sony’s.
Another issue the article does not go into is the fact every major game publisher will develop their own kernel-mode driver or use a 3rd party service (like BattlEye) to do so, leading to issues within the kernel that will be:
- A pain in the ass to diagnose
- Hidden from the player
- Likely will not provide any kind of error message since the developers will be afraid they could be used to break the driver.
- The risk of collisions between drivers will be increased, with likely both publishers being the cause.
Microsoft can help but there’s only so much they can do before breaking compatibility with previous versions of Windows; Gamers don’t care as much but Microsoft does have to worry about their main customer base (enterprise) who will definitely not like having weird code fuck around with workstation kernels(like this, and what Swift is complaining about is mere user-level applications.
People with time and money will probably want to look at PCI Passthrough to be able to run games in a Windows VM and not have to worry about any of this fuckery. Something goes wrong? Just restore to a previous snapshot of the VM and carry on as usual.
So… Tumblr still on, huh? After the debacle that was Yahoo… and the less said about…
So… Tumblr still on, huh? After the debacle that was Yahoo… and the less said about it, the bette.. Automattic hasn’t made things worse but they also haven’t made improvements either.
That will have to do for now.
Flips switch back on
*shrug*
Life hasn’t changed much since the current pandemic started.
I’m still working nights, so I don’t really get to see that many people. I still order pretty much everything for delivery.
The gf is staying with me during almost-quarantine since she was able to get a job in a restaurant (!!!).
Life goes on but I can see how it is changing for everyone around me.
