Wiki Host - MediaWiki#
MediaWiki instance at 141.56.51.13 running in an LXC container.
Overview#
- Hostname: wiki
- FQDN: wiki.htw.stura-dresden.de
- IP Address: 141.56.51.13
- Type: Proxmox LXC Container
- Services: MediaWiki, MariaDB, Apache httpd, PHP-FPM
Services#
MediaWiki#
The StuRa HTW Dresden wiki runs MediaWiki with extensive customization:
- Name: Wiki StuRa HTW Dresden
- Language: German (de)
- Default skin: Vector (classic)
- Session timeout: 3 hours (10800 seconds)
- ImageMagick: Enabled for image processing
- Instant Commons: Enabled (access to Wikimedia Commons images)
Custom Namespaces#
The wiki defines several custom namespaces for organizational purposes:
| Namespace | ID | Purpose |
|---|---|---|
| StuRa | 100 | Standard StuRa content |
| Intern | 102 | Internal (non-public) StuRa content |
| Admin | 104 | Administrative wiki content |
| Person | 106 | Individual person pages (non-public) |
| Faranto | 108 | Faranto e.V. content |
| ET | 212 | ET Fachschaft content |
| ET_intern | 412 | ET internal content |
| LaUCh | 216 | LaUCh Fachschaft content |
| LaUCh_intern | 416 | LaUCh internal content |
Each namespace has a corresponding discussion namespace (odd numbered ID).
User Groups and Permissions#
Custom user groups:
- intern: Access to Intern and Person namespaces
- ET: Access to ET_intern namespace
- LUC: Access to LaUCh_intern namespace
These groups have the same base permissions as standard users (move pages, edit, upload, etc.) plus access to their respective restricted namespaces.
Spam Prevention#
QuestyCaptcha is configured to prevent automated spam:
- Challenges users with questions about HTW and StuRa
- Triggered on: edit, create, createtalk, addurl, createaccount, badlogin
- Questions are specific to local knowledge (e.g., “Welche Anzahl an Referaten hat unser StuRa geschaffen?”)
Extensions#
The following extensions are installed:
- Lockdown: Restricts namespace access by user group
- ContributionScores: Statistics of contributions by user
- UserMerge: Merge and delete user accounts (for spam cleanup)
- Interwiki: Use interwiki links (e.g., Wikipedia references)
- Cite: Reference system (footnotes)
- ConfirmEdit/QuestyCaptcha: CAPTCHA challenges
Deployment#
See the main README for deployment methods.
Initial Installation#
Using nixos-anywhere:
nix run github:nix-community/nixos-anywhere -- --flake .#wiki --target-host root@141.56.51.13Using container tarball:
nix build .#containers-wiki
scp result/tarball/nixos-system-x86_64-linux.tar.xz root@proxmox-host:/var/lib/vz/template/cache/
pct create 113 /var/lib/vz/template/cache/nixos-system-x86_64-linux.tar.xz \
--hostname wiki \
--net0 name=eth0,bridge=vmbr0,ip=141.56.51.13/24,gw=141.56.51.254 \
--memory 2048 \
--cores 2 \
--rootfs local-lvm:10 \
--unprivileged 1 \
--features nesting=1
pct start 113Updates#
# From local machine
nixos-rebuild switch --flake .#wiki --target-host root@141.56.51.13
# Or use auto-generated script
nix run .#wiki-updatePost-Deployment Steps#
After deploying for the first time:
Set admin password:
echo "your-secure-password" > /var/lib/mediawiki/mediawiki-password chmod 600 /var/lib/mediawiki/mediawiki-passwordSet database password:
echo "your-db-password" > /var/lib/mediawiki/mediawiki-dbpassword chmod 600 /var/lib/mediawiki/mediawiki-dbpasswordAccess the web interface:
https://wiki.htw.stura-dresden.deComplete initial setup:
- Log in with admin credentials
- Configure additional settings via Special:Version
- Set up main page
Configure namespace permissions:
- Add users to
intern,ET, orLUCgroups via Special:UserRights - Verify namespace restrictions work correctly
- Test that non-members cannot access restricted namespaces
- Add users to
Add users to appropriate groups:
- Navigate to Special:UserRights
- Select user
- Add to: intern, ET, LUC, sysop, bureaucrat (as needed)
Upload logo and favicon (optional):
- Place files in
/var/lib/mediawiki/images/ - Files:
logo.png,logo.svg,favicon.png
- Place files in
Integration with Proxy#
The central proxy at 141.56.51.1 handles:
- SNI routing: Routes HTTPS traffic for wiki.htw.stura-dresden.de
- HTTP routing: Routes HTTP traffic and redirects to HTTPS
- ACME challenges: Forwards certificate verification requests
This host manages its own ACME certificates. Apache httpd handles TLS termination.
Troubleshooting#
Locale warnings#
When accessing the container with pct enter, you may see:
sh: warning: setlocale: LC_CTYPE: cannot change locale (en_US.UTF-8): No such file or directory
sh: warning: setlocale: LC_COLLATE: cannot change locale (en_US.UTF-8): No such file or directoryThis is a known issue and can be safely ignored. It only affects the interactive shell environment, not the running services. Regular SSH access provides a proper shell with correct locale settings.
Database connection issues#
If MediaWiki cannot connect to the database:
# Check MariaDB status
systemctl status mysql
# Check database exists
mysql -u root -e "SHOW DATABASES;"
# Check user permissions
mysql -u root -e "SHOW GRANTS FOR 'mediawiki'@'localhost';"
# View MediaWiki logs
journalctl -u mediawiki -fSolution: Ensure the database password in /var/lib/mediawiki/mediawiki-dbpassword matches the database user password.
Extension loading problems#
If extensions are not working:
# Check extension files exist
ls -l /nix/store/*-mediawiki-extensions/
# View PHP errors
tail -f /var/log/httpd/error_log
# Test MediaWiki configuration
php /var/lib/mediawiki/maintenance/checkSetup.phpSolution: Verify extensions are properly defined in the configuration and compatible with the MediaWiki version.
ImageMagick configuration#
If image uploads or thumbnails fail:
# Check ImageMagick installation
which convert
/run/current-system/sw/bin/convert --version
# Test image conversion
/run/current-system/sw/bin/convert input.png -resize 100x100 output.png
# Check MediaWiki image directory permissions
ls -ld /var/lib/mediawiki/images/Solution: Ensure ImageMagick path is set correctly ($wgImageMagickConvertCommand) and the images directory is writable.
Namespace permission issues#
If users can access restricted namespaces:
# Check Lockdown extension is loaded
grep -i lockdown /var/lib/mediawiki/LocalSettings.php
# Verify user group membership
# Log in as admin and check Special:UserRights
# Check namespace permission configuration
grep -A 5 "wgNamespacePermissionLockdown" /var/lib/mediawiki/LocalSettings.phpSolution: Verify the Lockdown extension is installed and $wgNamespacePermissionLockdown is configured correctly for each restricted namespace.
ACME certificate issues#
If HTTPS is not working:
# Check ACME certificate status
systemctl status acme-wiki.htw.stura-dresden.de
# View ACME logs
journalctl -u acme-wiki.htw.stura-dresden.de -f
# Check Apache HTTPS configuration
httpd -t -D DUMP_VHOSTSSolution: Ensure DNS points to proxy (141.56.51.1) and the proxy forwards ACME challenges to this host.
Files and Directories#
- MediaWiki data:
/var/lib/mediawiki/ - Password file:
/var/lib/mediawiki/mediawiki-password - DB password file:
/var/lib/mediawiki/mediawiki-dbpassword - Images:
/var/lib/mediawiki/images/ - LocalSettings:
/var/lib/mediawiki/LocalSettings.php(generated) - Extensions:
/nix/store/.../mediawiki-extensions/ - Database: MariaDB stores data in
/var/lib/mysql/
Network#
- Interface: eth0 (LXC container)
- IP: 141.56.51.13/24
- Gateway: 141.56.51.254
- Firewall: Ports 80, 443 allowed
Configuration Details#
- Time zone: Europe/Berlin
- Table prefix: sturawiki
- Emergency contact: wiki@stura.htw-dresden.de
- Password sender: wiki@stura.htw-dresden.de
- External images: Allowed
- File uploads: Enabled
- Email notifications: Enabled (user talk, watchlist)
Automatic Maintenance#
- Auto-upgrade: Enabled (system automatically updates)
- Auto-reboot: Allowed (system may reboot for updates)
- Store optimization: Automatic
- Garbage collection: Automatic
See Also#
- Main README - Deployment methods and architecture
- Proxy README - How the central proxy routes traffic
- MediaWiki Documentation
- NixOS MediaWiki Options
- Extension:Lockdown
- Extension:QuestyCaptcha