sudo apt update && sudo apt dist-upgrade -y sudo reboot
sudo apt install -y docker docker-compose nginx openssl
sudo mkdir -p /etc/wiki sudo openssl rand -base64 32 > /etc/wiki/.db-secret sudo chmod 600 /etc/wiki/.db-secret
docker network create wikinet docker volume create pgdata
docker run -d --name=db \ -e POSTGRES_DB=wiki \ -e POSTGRES_USER=wiki \ -e POSTGRES_PASSWORD_FILE=/etc/wiki/.db-secret \ -v /etc/wiki/.db-secret:/etc/wiki/.db-secret:ro \ -v pgdata:/var/lib/postgresql/data \ --restart=unless-stopped \ --network=wikinet \ postgres:17-alpine
docker run -d --name=wiki \ -e DB_TYPE=postgres \ -e DB_HOST=db \ -e DB_PORT=5432 \ -e DB_PASS_FILE=/etc/wiki/.db-secret \ -v /etc/wiki/.db-secret:/etc/wiki/.db-secret:ro \ -e DB_USER=wiki \ -e DB_NAME=wiki \ -e UPGRADE_COMPANION=1 \ --restart=unless-stopped \ --network=wikinet \ ghcr.io/requarks/wiki:2
docker run -d --name=wiki-update-companion \ -v /var/run/docker.sock:/var/run/docker.sock:ro \ --restart=unless-stopped \ --network=wikinet \ ghcr.io/requarks/wiki-update-companion:latest
sudo mkdir -p /etc/nginx/ssl/wiki.test
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/nginx/ssl/wiki.test/key.pem \ -out /etc/nginx/ssl/wiki.test/cert.pem \ -subj "/CN=wiki.test" \ -addext "subjectAltName=DNS:wiki.test"
sudo chmod 644 /etc/nginx/ssl/wiki.test/*
sudo tee /etc/nginx/conf.d/wiki.test.conf << 'EOF'
server {
listen 80;
server_name wiki.test;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name wiki.test;
ssl_certificate /etc/nginx/ssl/wiki.test/cert.pem;
ssl_certificate_key /etc/nginx/ssl/wiki.test/key.pem;
location / {
proxy_pass http://wiki:3000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
EOF
docker run -d --name=nginx-proxy \ -p 80:80 \ -p 443:443 \ -v /etc/nginx/conf.d:/etc/nginx/conf.d \ -v /etc/nginx/ssl:/etc/nginx/ssl \ --network=wikinet \ --restart=unless-stopped \ nginx:alpine
echo "127.0.0.1 wiki.test" | sudo tee -a /etc/hosts
curl -vk https://wiki.test
docker logs nginx-proxy docker logs wiki
sudo ufw allow 80/tcp sudo ufw allow 443/tcp
==== 5.2. Настройка автоматического обновления сертификатов ====
sudo crontab -e
Добавить строку:
@monthly openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/wiki.test/key.pem -out /etc/nginx/ssl/wiki.test/cert.pem -subj "/CN=wiki.test" -addext "subjectAltName=DNS:wiki.test" && docker restart nginx-proxy
Wiki.js теперь доступен по:
HTTP: http://wiki.test (автоматически перенаправляет на HTTPS)
HTTPS: https://wiki.test
Для доступа с других устройств добавьте запись в их файл `hosts`:
<IP_сервера> wiki.test