Table of Contents
Dokuwiki configuration for a Small Site
I wanted a place to write both public and private notes for setting things up, documenting my configs, and blogging. I used Dokuwiki for work a long time ago, and appreciated its simplicity - no database, everything is file-based. It's easy to set up and back up. It was good for the shadow IT server I had access to back in 20xx.
Hope this helps for anyone who needs it.
This is a two-host design, assuming a front-end proxy server redirecting to a purpose-built wiki server.
If running a single caddy server, you would replace the reverse_proxy block in the front-end config with the php_fastcgi and file_server blocks from the backend config.
High level
- Configure DNS A, AAAA and CAA records as needed.
- Install PHP-FPM / php-xml, and modify its config to permit the caddy user.
- Install Caddy where needed, and customize/apply the config.
- Install dokuwiki.
- Connect to the web interface and configure the admin panel.
Note: Details of the PHP-FPM and dokuwiki locations may change depending on distro.
DNS configuration
Obviously you need a domain name for public access. You need DNS configured before you stand up the front-facing Caddy instance, so it can fetch certificates.
- Add A and AAAA records for your wiki's domain
- Add CAA record:
0 issue “letsencrypt.org”and0 issue “sectigo.com”
PHP-FPM configuration
- Install php-fpm and php-xml
- Modify
/etc/php-fpm.d/www.sock. Setlisten.acl_usersto includecaddy.
Caddy configuration
Two caddy servers: One local to serve the wiki, and the public-facing one for public access, TLS and so on.
- Modify caddyfiles as directed at the top of each example.
- Write the caddyfiles. Can write to
/etc/caddy/Caddyfileor to/etc/caddy/Caddyfile.d/wiki.caddyfileif the include directive is in the root Caddyfile. - Create
/var/log/caddyand chown to thecaddyuser. - Start the services.
I used AI to refine the Caddyfile. The header settings are suggested from Claude. I recommend learning what everything does, but it should be good to copy/paste after making the necessary changes.
Local caddyfile:
# Edit:
# - Listener port if needed
# - Root directory, if it is different based on distro
# - IPs in not_from_global directive, if used
# - The php socket, depending on the distro used
# Local origin Caddyfile — run on the wiki host
:8080 {
# bind to a specific internal address (optional)
#bind 192.168.1.10
# Protect sensitive paths
@forbidden {
path /.ht* /conf/* /data/* /bin/* /inc/* /vendor/*
}
respond @forbidden 403
# Only allow requests from the global proxy IP
@from_global remote_ip 2001:db8::1 192.168.1.1
respond @from_global
# Deny others
#@not_from_global not remote_ip 10.10.0.1
respond @not_from_global 403
header {
# minimal headers for origin (public-facing Caddy will add HSTS)
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
}
##### Add this block to replace the reverse_proxy config in the front-end, if using one server
root * /var/www/dokuwiki
file_server
# PHP handling via unix socket
php_fastcgi unix//run/php-fpm/www.sock
##### end block
log {
output file /var/log/caddy/docs.access.log {
roll_size 10mb
roll_keep 5
roll_keep_for 720h
}
}
}
Frontend caddyfile:
# Edit:
# - Domain name
# - IPs in the @install_blocked section to include your public IP addresses
# for first configuration
# - Backend IP address
wiki.example.com {
encode gzip zstd
# Security headers
header {
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
X-Content-Type-Options "nosniff"
X-Frame-Options "DENY"
Referrer-Policy "strict-origin-when-cross-origin"
Permissions-Policy "camera=(), microphone=(),geolocation=(), payment=(), usb=(), interest-cohort=()"
Content-Security-Policy "default-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline'; frame-ancestors 'none'; base-uri 'self'; form-action 'self'"
}
# Block sensitive files (edge defense)
@forbidden {
path /.ht* /conf/* /data/* /bin/* /inc/* /vendor/*
}
respond @forbidden 403
@install_blocked {
path /install.php
not remote_ip 2001:db8::1 127.0.0.1
}
respond @install_blocked 403
##### Replace this block with portions of the local file if running a single server
# Main proxy to local origin (keepalive/reuse)
# IPv6 addresses need to be in brackets when matched with a port or as a URL
reverse_proxy [2001:db8::2]:8080
##### end block
# Optional: limit request body size (protect against large uploads)
request_body {
max_size 50mb
}
# Optional logging (adjust to your logging system)
log {
output file /var/log/caddy/caddy-docs.log {
roll_size 10mb
roll_keep 5
roll_keep_for 720h
}
}
}
SELinux Config
If you are running on Fedora or some other system with SELinux, you may need:
sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/dokuwiki(/data|/conf|/lib/(plugins|tpl))(/.*)?" sudo restorecon -R /var/www/dokuwiki
SELinux is whack.
Dokuwiki Installation
Note: It is STRONGLY recommended to use the packages from https://www.dokuwiki.org. Distro packages vary, and sometimes install an open wiki by default that doesn't have the installer to help bootstrapping.
- Extract dokuwiki to
/var/www/dokuwiki - Change permissions so caddy can read:
chmod -R caddy /var/www/dokuwiki - Create and chown to caddy
/var/log/caddyas well - Go to the site and the install will prompt (may need to create a page).
- Disable user registration unless needed
- Delete install.php after inital run
Post Install - Config changes
- Set
useheadingto Always - Set
userewriteto DokuWiki Internal - Set
disableactions> Old revisions to disabled. If this is more of a personal blog or doc source, you probably only care about the latest revision. - Set
breadcrumbson and turn thetraceto 0.
Dokuwiki Backup
To backup, take a copy/zip of the entire /var/www/dokuwiki/ directory, omitting or first deleting:
data/cache/, data/tmp/, data/locks/, data/index/
This page is AI-2H.