Here I try and document each small step that it took to stand up a new Federated Wiki service using co-op cloud 
. This example will also use caddy, nextcloud, keycloak, and a second wiki farm instance for a Login to View branch on the initial farm.
.
Set up a new machine and get its IP. We used hetzner for this project.
SSH into that IP, we set up an alternate user than root. Unfortunately I didn't capture that process, but we made it our typical `wc-admin`
Open the co-op cloud docs if more context would be helpful: New Operators Tutorial some of what is below is taken directly from that guide
Install Docker
# docker install convenience script wget -O- https://get.docker.com | bash
I needed sudo password
Go and find it in our nextcloud password app
add user to docker group `sudo usermod -aG docker $USER`
exit and re-login to load the group `exit` `ssh <server-domain>`
back on the server, setup swarm `docker swarm init` `docker network create -d overlay proxy`
now you can exit and start using abra `exit`
Go set up DNS records. Your entries in your DNS provider setup might look like the following: `@ 1800 IN A 116.203.211.204` `*. 1800 IN A 116.203.211.204` Where 116.203.211.204 can be replaced with the IP address of your server.
.
I skipped the above and plan to use `/etc/hosts` for testing, since for this project I am doing a nigration from one machine to another for the same domains, so I can't just set up the records to point to the new machine right away. My `/etc/hosts` had the following entries added:
#5.78.124.192 relocalizecreativity.net #5.78.124.192 wiki.relocalizecreativity.net #5.78.124.192 cloud.relocalizecreativity.net #5.78.124.192 auth.relocalizecreativity.net #5.78.124.192 private.relocalizecreativity.net
These can be uncommented to make them work.
.
The above didn't really work ultimately, using /etc/hosts. you need to be able to use DNS records if using caddy with on-demand TLS... so the solution is to set up temporary DNS records, create the abra apps with the names and domains that you will ultimately want, and then go and temporary edit the configs to temporary DOMAINS you can test on, before changing them back to do a migration.
Install abra
curl https://install.abra.coopcloud.tech | bash
Also, run this line into your terminal so you have immediate access to abra on the current terminal.
export PATH=$PATH:$HOME/.local/bin
Got WARNING: /home/wc-admin/.local/bin/ is not in $PATH! If you want to run abra by just typing abra you should add it to your $PATH! To do that run:
echo PATH=$PATH:/home/wc-admin/.local/bin >> /home/wc-admin/.bashrc
abra installed to /home/wc-admin/.local/bin/abra test your installation is working by running "abra" on your command-line run `abra autocomplete -h` to see how to set up command-line autocompletion
After reading the help I ran `abra autocomplete bash`
# Run the following commands to install auto-completion sudo mkdir /etc/bash_completion.d/ sudo cp /home/wc-admin/.abra/autocompletion/bash /etc/bash_completion.d/abra echo "source /etc/bash_completion.d/abra" >> ~/.bashrc # To test, run the following: "abra app <hit tab key>" - you should see command completion!
Now you can connect abra with your server. In my case I am running abra server-side, so the following command is slightly different than what is given in the operators guide.
Web proxy setup! The operator's guide uses traefik, but we've been using caddy for wiki because of it's on-demand TLS.
abra app new caddy # then choose default # then choose domain caddy.relocalizecreativity.net # is what I went with
Configure caddy
abra app config caddy.relocalizecreativity.net
Choose an email for lets encrypt, then uncomment as follows to set up an ASK endpoint for caddys on-demand TLS:
# TLS "ask" from filesystem COMPOSE_FILE="$COMPOSE_FILE:compose.ask-filesystem.yml" #ASK_VOLUME=fedwiki_data #or: ASK_VOLUME_BIND=/opt/fedwiki
# Before we deploy caddy, lets create wiki's bind mount directory, as will be expected, otherwise caddy won't converge when the directory doesn't exist. sudo mkdir /opt/fedwiki sudo chown 1000:1000 /opt/fedwiki
Now it is time to deploy your app:
abra app deploy caddy.relocalizecreativity.net
I will also just make the other new directories now that I expect to use later too. Because of hour our caddy tld-ask service works, only domains that exist in out wiki directory will be given TLS certificates.
mkdir /opt/fedwiki/relocalizecreativity.net mkdir /opt/fedwiki/wiki.relocalizecreativity.net mkdir /opt/fedwiki/cloud.relocalizecreativity.net mkdir /opt/fedwiki/auth.relocalizecreativity.net mkdir /opt/fedwiki/private.relocalizecreativity.net
# since we are using "colc.cc" as a temporary domain for testing, I will also create all the same directories for it too mkdir /opt/fedwiki/colc.cc mkdir /opt/fedwiki/wiki.colc.cc mkdir /opt/fedwiki/cloud.colc.cc mkdir /opt/fedwiki/auth.colc.cc mkdir /opt/fedwiki/private.colc.cc
Now lets work towards deploying Federated Wiki!
abra app new -S federatedwiki # the -S generates wiki's cookie secret
Then let's configure this FedWiki app
abra app config relocalizecreativity.net
I realized the wiki recipe is now a little out of data and I should do this update CoC recipe
I also turned on "insecure" in the root farm because that's what Marc has.
abra app deploy relocalizecreativity.net # this will create the new wiki folder with the default config.json
I copied Marc's current wiki config over its below, with secrets changed: ```json { "admin": "fc9cb6d6287d14ae83ef1bsdfsdfdsf4aa6ecf9282a646101a49b25ba8776", "farm": true, "cookieSecret": "asflkjqpweosdfsdfsfdpeogdjgbpdofigh", "secure_cookie": false, "security_type": "friends", "allowed": "*" } ```
We will do the above all over again, but for a "private", Login to View system
abra app new -S federatedwiki # the -S generates wiki's cookie secret
# to make a private domain, i first add a new compose file in the abra recipes folder by duplicating compose.lib.yml and naming it compose.lib-private.yml # where these files are stored ~/.abra/recipes/federatedwiki/ # the only edit I made was to line #7 changing it to be: - "fedwiki-private_lib:/home/node/lib" # and also on line 10 fedwiki-private_lib:
abra app config private.relocalizecreativity.net # change the DOMAIN to temporary domain for testing private.colc.cc # change FEDWIKI_VOLUME to /opt/fedwiki-private # uncomment oauth2 support # uncomment persistent lib volume and refer to new private lib compose file created about by adding "-private" after lib.
# Before we deploy the private fedwiki, lets create its new bind mount directory, as will be expected, otherwise the deploy won't converge when the directory doesn't exist. (you might need sudo password) sudo mkdir /opt/fedwiki-private sudo chown 1000:1000 /opt/fedwiki-private
Before we can configure the new private wiki, we will need a new keycloak app, for its oauth2 URL etc.
# new keycloak app, make sure to save to secrets abra app new keycloak -S
# I need to temporarily change the DOMAIN in the config to use auth.colc.cc abra app config auth.relocalizecreativity.net
abra app deploy auth.relocalizecreativity.net
if wiki seems to keep stealing caddy's attention and using specialty domains like auth, or cloud, for other services being run. consider temporarily undepolying the wiki apps until those services are working
At this point I realized there is a new wiki version, so I might try and learn how to upgrade the recipe then upgrade the currently running apps
# Some keycloak settings I changed Realm Settings > Login > remember me > ON