helmo created this task. helmo added a project: Wikibase-Containers. Restricted Application added a subscriber: Aklapper. Restricted Application added a project: Wikidata.
TASK DESCRIPTION I've not found a single source of truth about securing access to the wikibase data via https. I did search quite a bit and read alot on https://addshore.com I was expecting a section in the main README file as it's pretty much the norm these days. Setting up a proxy vhost was not a problem, but getting the applications to work is. For one the main mediawiki search box would stubbornly try to connect to port 80, which my browser refuses because the rest of the page used port 443. After some digging I found a way to resolve that in LocalSettings.php. An issue with the wqds-updater service is however still bugging me and could very well be related to this. I've tried to ask that on stackoverflow.com <https://stackoverflow.com/questions/62816363/why-does-the-query-service-in-my-wikibase-installed-through-docker-not-contain-c?noredirect=1#comment112078559_62816363> and via Telegram. Here's a first draft of such a section that might fit in master/README.md <https://github.com/wmde/wikibase-docker/blob/master/README.md>. It clearly needs work as my setup is not fully functional yet. SSL --- There are multiple ways to get wikibase behind an SSL enabled address. Example proxy statements to add to an Apache vhost, (make sure mod_proxy_http is enabled) <VirtualHost *:443> ServerName api.example.com ... ProxyRequests Off ProxyPass /.well-known/acme-challenge "!" ProxyPreserveHost On ProxyPass / http://127.0.0.1:8181/ max=100 ProxyPassReverse / http://127.0.01:8181/ ... <VirtualHost *:443> ServerName query.example.com ... ProxyRequests Off ProxyPass /.well-known/acme-challenge "!" ProxyPreserveHost On ProxyPass / http://127.0.0.1:8182/ max=100 ProxyPassReverse / http://127.0.01:8182/ ... When you setup a proxy in front of it you have to add extra variables to the docker-compose.yml file. In the quickstatements section: services: quickstatements: environment: 'WB_PUBLIC_HOST_AND_PORT=https://api.example.com:443 - WB_PUBLIC_SCHEME_HOST_AND_PORT=https://api.example.com:443 And an extra alias in the wikibase section: services: wikibase: networks: default: aliases: - wikibase.svc - api.example.com And you need to update the LocalSettings.php to have: $wgServer = "https://api.example.com"; # And possibly also $_SERVER['HTTPS'] = 'on'; TASK DETAIL https://phabricator.wikimedia.org/T260328 EMAIL PREFERENCES https://phabricator.wikimedia.org/settings/panel/emailpreferences/ To: helmo Cc: Aklapper, helmo, Samantha_Alipio_WMDE, Akuckartz, darthmon_wmde, Jelabra, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, _jensen, rosalieper, Scott_WUaS, Asahiko, despens, Wikidata-bugs, aude, Addshore, Mbch331
_______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs