Ikiwiki Configuration

1. Current Configuration

1.1. Required Packages

  1. ikiwiki
  2. gcc
  3. libc6-dev
  4. libtimedate-perl
  5. libcgi-formbuilder-perl
  6. libcgi-session-perl
  7. libxml-writer-perl

1.2. Setup

  1. Enable cgi module for apache.
  2. Enable authnz_ldap module for apache.
  3. Enable ikiwiki-plinth conf for apache.

1.3. Apache2 Conf

Ikiwiki sites are hosted under /ikiwiki, and can be read publicly. To edit, the user can log in using HTTP auth, which is redirected to /ikiwiki-auth.

Currently, LDAP is used for both authentication and authorization. When we are able to use client certs for authentication, then LDAP will be used only for authorization.

Alias /ikiwiki /var/www/ikiwiki
Alias /ikiwiki-auth /var/www/ikiwiki
AddHandler cgi-script .cgi

<Location /ikiwiki>
    Options +ExecCGI

<Location /ikiwiki-auth>
    Options +ExecCGI

    AuthType basic
    AuthName "FreedomBox Login"
    AuthBasicProvider ldap
    AuthLDAPUrl "ldap:///ou=users,dc=thisbox?uid"
    AuthLDAPGroupAttribute memberUid
    AuthLDAPGroupAttributeIsDN off
    Require ldap-group cn=admin,ou=groups,dc=thisbox
    Require ldap-group cn=wiki,ou=groups,dc=thisbox

1.4. Setup Automators

  1. plinth-wiki.setup
  2. plinth-blog.setup

These are similar to the default setup automators that come with ikiwiki, with the following changes:

  1. Site name and admin name are given as arguments.
  2. Git is selected as the rcs.
  3. Adjust dirs and urls.
  4. Enable httpauth plugin.