Skip to content

Instantly share code, notes, and snippets.

@spinpx

spinpx/0doc.org

Last active November 24, 2023 15:13
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save spinpx/c46ea0b24157ca5f731f to your computer and use it in GitHub Desktop.
Save spinpx/c46ea0b24157ca5f731f to your computer and use it in GitHub Desktop.
Download ZIP
Steps of setting a gollum wiki website #Ruby #Deploy
Raw
0doc.org

Gollum

  • install gollum
  • test gollum
gollum --host localhost --port 4483 --base-path wiki

Proxy

  • enable proxy
sudo a2enmod proxy  
sudo a2enmod proxy_http
  • edit /etc/apache2/sites-available/000-default.conf
ProxyPreserveHost On
ProxyRequests Off
ProxyPass /wiki http://localhost:4483/wiki/ 
ProxyPassReverse /wiki http://localhost:4483/wiki/
  • restart apache
sudo service apache2 restart
sudo /etc/init.d/apache2 reload

Puma

bundle exec puma -C config.rb
bundle exec  puma -e production -b tcp://127.0.0.1:4483

PAM

apt-get install libpam0g-dev

SSL

a2enmod ssl
a2enmod headers
  • setup you ssl configuration in apache
  • redirect 443 port to localhost, similar to configuration in port 80
  • redirect all request port 80 to port 443
Redirect permanent /wiki https://xxx.com/wiki
  • Add X-Forwarded-Proto option
RequestHeader set X-Forwarded-Proto "https"
Raw
config.ru
#!/usr/bin/env ruby
# coding: utf-8
require 'rubygems'
require 'gollum/app'
require 'omniauth'
require 'omniauth-github'
require './om-pam'
require 'json'
GITHUB = {}
GITHUB['id'] = ''
GITHUB['secret'] = ''
GITHUB['redict_url'] = ''
use Rack::Session::Cookie, :key => 'rack.session',
:path => '/',
:expire_after => 2592000,
:secret => '*********'
use OmniAuth::Builder do
configure do |config|
config.path_prefix = ''
config.full_host = ''
config.form_css = File.read('./form.css')
end
provider :github, GITHUB['id'], GITHUB['secret'], {
:scope => 'user'
}
provider :login
end
class OmniAuthSetGollumAuthor
def initialize(app)
@app = app
end
def call(env)
request = Rack::Request.new(env)
session = env['rack.session']
if session
user_author = session['gollum.author']
end
# Setting authentication information and redirect to previously intended location
if request.path =~ /^\/auth\/[^\/]+\/callback/
if env['omniauth.auth']
nickname = env['omniauth.auth'][:info][:nickname] || 'Anonymous'
name = env['omniauth.auth'][:info][:name] || nickname
email = env['omniauth.auth'][:info][:email]
if email.nil?
email = name + '@test.com'
end
if env['omniauth.auth'][:provider] == 'github'
File.open('users/fail', 'a') { |f| f.puts "#{nickname}, #{Time.now}" }
return [401, {}, ['Authentication failure. Please contact XXXX.']]
end
session['gollum.author'] = {
:name => nickname,
:email => email,
:group => 'shtech'
}
return_to = session[:return_to]
# session.delete(:return_to)
if return_to.nil?
return_to = '/'
end
return [302, {'Location' => return_to}, []]
end
return [401, {}, ['Authentication failure. Please contact XXXX.']]
end
if request.path =~ /^\/auth\/failure/
return [401, {}, ['Authentication failure.']]
end
# Check whether we are authorized, if not redirect.
if request.path =~ /^\/(((edit|create|revert|delete|upload|rename|push|adduser)\/)|(latest_changes|preview|uploadFile))/
author = session['gollum.author']
if (author.nil?
session[:return_to] = request.fullpath
return [302, {'Location' => '/auth/login'}, []]
end
end
if request.path =~ /^\/login$/
return [302, {'Location' => '/auth/login'}, []]
end
if request.path =~ /^\/logout$/
if session['gollum.author']
session.delete 'gollum.author'
end
if user_author
user_author = nil
end
return [302, {'Location' => '/'}, []]
end
@app.call(env)
end
end
use OmniAuthSetGollumAuthor
gollum_path = File.expand_path(File.dirname(__FILE__))
Precious::App.set(:gollum_path, gollum_path)
Precious::App.set(:default_markup, :markdown)
Precious::App.set(:wiki_options, {
:mathjax => true,
:h1_title => true,
:live_preview => false,
:allow_uploads => true,
:css => true,
:universal_toc => false,
:user_icons => 'gravatar'
})
Gollum::Page::FORMAT_NAMES = {
:markdown => "Markdown",
:org => "Org-mode",
:asciidoc => "AsciiDoc"
}
map "/" do
run Precious::App
end
Raw
om-pam.rb
require "rpam"
require "omniauth"
module OmniAuth
module Strategies
class LOGIN
include OmniAuth::Strategy
option :fields, [:username]
option :uid_field, :username
def request_phase
OmniAuth::Form.build(
:title => (options[:title] || "Wiki Authentication"),
:url => callback_path
) do |field|
field.text_field 'Username', 'username'
field.password_field 'Password', 'password'
field.button "Sign In"
field.html '<div style="margin-top: 10px; text-align: center;"><a href="/wiki/auth/github">Login with Github</a></div>'
end.to_response
end
def callback_phase
return fail!(:missing_credentials) if missing_credentials?
rpam_opts = Hash.new
if options['service']
rpam_opts['service'] = options['service']
end
unless Rpam.auth(request['username'], request['password'], rpam_opts)
File.open('users/fail2', 'a') { |f| f.puts "#{request['username']}, #{Time.now}" }
return fail!(:invalid_credentials)
end
super
end
def missing_credentials?
request['username'].nil? or request['username'].empty? or request['password'].nil? or request['password'].empty?
end # missing_credentials?
uid do
request['username']
end
info do
info = {
'nickname' => uid,
'name' => uid
}
if options['domain']
info['email'] = "#{uid}@#{options['domain']}"
end
info
end
end
end
end
OmniAuth.config.add_camelization 'login', 'LOGIN'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment