Documentation

Seitenumbruch

Management Summary

Musterfirma has organizational wikis.

The organization wikis vary in size, some have a size of only a few pages. About 5 wikis have a much larger size. All model company wikis have a total of about 400 users.

The following procedure has been defined:

  • Users are currently managed by SAML. In addition, access to the individual wikis should be controlled via SAML.
Seitenumbruch

Server Infrastructure

Server environment

Server Server name URL Configuration
Production System rz14.musterfirma.local https://wiki.musterfirma.de/ Ubuntu 16.04.

8 CPUs

32 GB RAM

Development System rz14.musterfirma.local https://wiki-a.musterfirma.de Ubuntu 16.04.

8 CPUs

32 GB RAM

Setup BlueSpice pro with WikiFarm

BlueSpice pro Services:

Services for the operation of BlueSpice pro:
  • Webserver (Apache) with PHP
  • Database (MariaDB)
Additonal Services:
Service required for
NodeJS/Parsoid VisualEditor
NodeJS/PhantomJS generating screenshots (e.g. recent changes)
Java Application Server (Jetty)/ Tomcat PDF export
Java Application Server (Jetty)/ VisualDiff compare versions of a page
Java Application Server (Jetty)/ TeX math formulas
Search Server (ElasticSearch) search
SVG-Renderer (Inkscape) .svg
Python/Pygmentize syntax highlighting source code in pages

Scheme Docker Container

drawio: Aufbau des Dockercontainers
Seitenumbruch

Production Wiki

History / Important Deployments

Protocol by Horst Schreiber
First installation 2017-04-02
Update to current codebase 3.0.0 2018-11-26
Update to 3.0.1 2019-03-27
Update


Access

Remote Access VPN -> SSH
ID a_exNNNNN
Username for SSH ICA\a_exNNNNN


Installed programs (applications)

URL https://wiki.musterfirma.de
Domains
  • wiki.musterfirma.de
  • wikidocs.musterfirma.de
Server name rz14.musterfirma.local
Operating System Ubuntu 16.04.
BlueSpice Version 3.0.1 pro WikiFarm
MediaWiki Version 1.31.1
Deployment package Docker
Path to Docker files /data/bluespice/bluespice
Authentication SAML.php
Notes Group assignment to instances in 099-AdditionalPermissions.php


Please note for updates

Since it is currently not possible to set the permissions properly, the delete permission has been withdrawn from the editor DefaultSettings.php.


Docker

Starting Docker

docker run -d -v /data/bluespice/certificates:/etc/apache2/ssl  -v 
/data/bluespice/bluespice/099-AdditionalPermissions.php:/var/www/bluespice/w/settings.d/099-
    AdditionalPermissions.php -v 
/data/bluespice/database:/var/lib/mysql -v 
/data/bluespice/elasticsearch:/var/lib/elasticsearch -v 
/data/bluespice/bluespice:/opt/bluespice-docker -v /data/bluespice/backup:/backup -v 
/data/backups-mediawiki:/import -e "TZ=Europe/musterfirma"  -lCE -t -p 80:80 -p 443:443 -p 8000:8000 
    -p 8001:8001 1d85e6a800e9

Docker IP

cat /etc/doc ker/daemon.json
{
        "bip": "172.19.10.1/24",
        "fixed-cidr": "172.19.10.1/24"
}


Backup / Cronjobs

Cronjobs

runJobs daily

Backup

BackupDatabases daily


Services

Database

Programm MariaDB
Version 10.1.37

PHP

Version 7.0.30

Jetty

Version 9

Caching

opcache
memcached

Webserver

Programm Apache
Version 2.4.18
Seitenumbruch

Development Wiki

History / Important Deployments

Protocol by Sarah Naumann
First Installation 2018-11-26
Update to 3.0.1 2019-03-26
Update

Access

Remote Access VPN -> SSH
ID a_exNNNNN
Username for SSH ICA\a_exNNNNN

Installed programs (applications)

URL https://wiki.musterfirma.de
Domains
  • wiki.musterfirma.de
  • wikidoc.musterfirma.de
Server Name rz17.musterfirma.local
Operating System Ubuntu 16.04.
BlueSpice Version 3.0.1 pro WikiFarm
MediaWiki Version 1.31.1
Deployment Package Docker
Path to Docker files /data/bluespice/bluespice
Authentication SAML.php
Notes Group assignment to instances in 099-AdditionalPermissions.php

Please note for updates

Since it is currently not possible to set the permissions properly, the delete permission has been withdrawn from the editor DefaultSettings.php.

Docker

Starting Docker

docker run -d -v /data/bluespice/certificates:/etc/apache2/ssl  -v 
/data/bluespice/bluespice/099-AdditionalPermissions.php:/var/www/bluespice/w/settings.d/
	099-AdditionalPermissions.php -v 
/data/bluespice/database:/var/lib/mysql -v 
/data/bluespice/elasticsearch:/var/lib/elasticsearch -v 
/data/bluespice/bluespice:/opt/bluespice-docker -v /data/bluespice/backup:/backup -v 
/data/backups-mediawiki:/import -e "TZ=Europe/Berlin"  -lCE -t -p 80:80 -p 443:443 
	-p 8000:8000 -p 8001:8001 1d85e6a800e9

Docker IP

cat /etc/doc ker/daemon.json
{
        "bip": "172.19.10.1/24",
        "fixed-cidr": "172.19.10.1/24"
}

Backup / Cronjobs

Cronjobs

runJobs daily

Backup

BackupDatabases daily

Services

Database

Programm MariaDB
Version 10.1.37

PHP

Version 7.0.30

Jetty

Version 9

Caching

opcache
memcached

Webserver

Programm Apache
Version 2.4.18
Seitenumbruch

Authentication and Security Levels

SAML/Prod

The following domains are all connected to SAML:

  • wiki.musterfirma.de = Main Instance = WikiFarm Management
  • wiki.Musterfirma.de redirects to wiki.musterfirma.de/Musterfirma = Musterfirma Wiki
  • wikidocs.Musterfirma.de redirects to wiki.musterfirma.de/Musterfirma with local login


Security levels of wikis

* = (all) = applies to every visitor of the wiki, including those who do not log in.

Public

permissions
user group login required sys admin wiki maintain admin editor reader
[...]_Admin x x x x x
* --- --- --- x x

Protected

permissions
user group login required sys admin wiki maintain admin editor reader
[...]_Admin x x x x x
[...]_Editeren x --- --- x x
* --- --- --- --- x

Private

permissions
user group login required sys admin wiki maintain admin editor reader
[...]_Admin x x x x x
[...]_Editeren x --- --- x x
[...]_Lezen x --- --- --- x
* --- --- --- --- ---

Admin

permissions
user group login required sys admin wiki maintain admin editor reader
[...]_Admin x x x x x
* --- --- --- --- ---


URL

If the URL of a wiki does not exist (or there is a letter error because of case-sensitivity), the user is currently redirected to the farm management. Depending on the authorization level, the user might not have access. It is possible to redirect the user to a page of another instance. However, this can only be done once. Redirects always link to the same instance. On the target page you could, for example, store an overview of operating wikis.

Anhänge

Diskussionen