MediawikiCIT - User contributions [en]

Main Page

2026-03-05T08:29:31Z

Dani:

<strong>MediaWiki has been installed.</strong>

Consult the [https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents User's Guide] for information on using the wiki software.

== Getting Started ==
# [[Mediawiki Setting Up Guide]]
# [[Mediawiki Additional Configuration]]
# [[Mediawiki Docker Migration Guide]]
# [[ERPNext Webshop Setup Guide]]
# [[Manufacturing v16 260125]]
# [[ERpnext Asset Management Procedure 260113 ]]
# [[260108 CGG- GitHub Administration Guide ]]
# [[ERPNext HR Module Outline ]]
# [[Controller Systems 251213-01 ]]
# [[Power Distribution Tree 251213 ]]
# [[Home ]]
# [[Standard Operating Procedure: Distributed Minute Taking & Task Ownership 251208 ]]
# [[OpenWebUI - 251128-justin ]]
# [[Comfac ERPNext Strategy Canvas (Expanded) ]]
# [[IT Purchase Requests 241126 ]]
# [[TrueNAS Business Plan: Project 251212 ]]
# [[ERPNEXT Payroll POC 251212 ]]
# [[Offline Malware Remediation & Data Recovery ]]
# [[TrueNAS Configuration Options & Scale Options 251130 ]]
# [[SOP: Network Troubleshooting & pfSense Monitoring 251130 ]]
# [[System Hardening Strategy: Win2Lin Migration & Infrastructure 251129 ]]
# [[IT IMPORTS PROCESSES ]]
# [[Skills and Competencies for IT Staff Trained in pfSense ]]
# [[pfSense Sales Training Material ]]
# [[Industrial Controllers and Water Utilities 251011 ]]
# [[Comfac Sales Knowledge Base ]]
# [[🌐 WordPress Website — *You Own Everything, Learn Everything* ]]
# [[Business Continuity ]]
# [[Using Frappe Wiki ]]
# [[Procedure: CC-Blast Data Breach Prevention ]]
# [[8D (Eight Discipline) Problem Solving Procedure ]]
# [[IT REQUEST (OP-ERP-ITR) - EDITED 250801 ]]
# [[Steps to Repair and OCR a Scanned or Corrupted PDF in Ubuntu ]]
# [[Projects in Process Report 251023 ]]
# [[SALES INVOICE TAX OUTPUT 250829 ]]
# [[2026 MIS IT KRA KPI Biz Plan ]]
# [[Tplink Mikrotik Equivalent ]]
# [[Google Drive and Shared Drive Training ]]
# [[Mailcow SOGo: Creating Filters for Events, Approvals, and Organizational Emails ]]
# [[Comparison: TrueNAS Mini X+ vs Dell Precision 3680 Tower (2025) ]]
# [[ERPNext Webshop Setup and Publishing Process ]]
# [[Excel Description Filler Tool 📝 ]]
# [[Biz Analysis Methodology 251109 ]]
# [[Comfac CRM – Customer Qualification & Conversion Process ]]
# [[Comfac GPU Scaling and AI Research Goals ]]
# [[Backblaze Drive Stats for Server and Storage Qualification ]]
# [[🧠 Process: Selecting and Installing the Right Ollama Model for Your Hardware ]]
# [[Partner Reseller Pricing 251109 ]]
# [[LibreOffice / Nextcloud Office – "Due Tasks" Conditional Formatting ]]
# [[pfSense CE → pfSense Plus Upgrade Guide ]]
# [[Introduction: Why Self-Host Your Email? ]]
# [[Spoof Timezone Extension – Setup Guide for Comfac Staff ]]
# [[Mailcow + Thunderbird Setup Guide (Email + Calendar) ]]
# [[Viber Focus-Stealing ]]
# [[Modern Guide: pfSense Captive Portal with FreeRADIUS & ACME ]]
# [[Frappe Links and References ]]

== For Users Only ==
* [[Private:Private Ngani]]
* [[Private:Private Nganipart2]]

== CIT-OJT Project Documentations ==

* [[OJTDocs: For OJTs only]]

== Need Help? ==
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Configuration_settings Configuration settings list]
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:FAQ MediaWiki FAQ]
* [https://lists.wikimedia.org/postorius/lists/mediawiki-announce.lists.wikimedia.org/ MediaWiki release mailing list]
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Localisation#Translation_resources Localise MediaWiki for your language]
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Combating_spam Learn how to combat spam on your wiki]
* [[Troubleshooting: Access & Permission Issues]]

Main Page

2026-03-05T08:09:45Z

Dani: /* CIT-OJT Project Documentations */

<strong>MediaWiki has been installed.</strong>

Consult the [https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents User's Guide] for information on using the wiki software.

== Getting Started ==
# [[Mediawiki Setting Up Guide]]
# [[Mediawiki Additional Configuration]]
# [[Mediawiki Docker Migration Guide]]
# [[ERPNext Webshop Setup Guide]]
# [[Manufacturing v16 260125]]
# [[ERpnext Asset Management Procedure 260113 ]]
# [[260108 CGG- GitHub Administration Guide ]]
# [[ERPNext HR Module Outline ]]
# [[Controller Systems 251213-01 ]]
# [[Power Distribution Tree 251213 ]]
# [[Home ]]
# [[Standard Operating Procedure: Distributed Minute Taking & Task Ownership 251208 ]]
# [[OpenWebUI - 251128-justin ]]
# [[Comfac ERPNext Strategy Canvas (Expanded) ]]
# [[IT Purchase Requests 241126 ]]
# [[TrueNAS Business Plan: Project 251212 ]]
# [[ERPNEXT Payroll POC 251212 ]]
# [[Offline Malware Remediation & Data Recovery ]]
# [[TrueNAS Configuration Options & Scale Options 251130 ]]
# [[SOP: Network Troubleshooting & pfSense Monitoring 251130 ]]
# [[System Hardening Strategy: Win2Lin Migration & Infrastructure 251129 ]]
# [[IT IMPORTS PROCESSES ]]
# [[Skills and Competencies for IT Staff Trained in pfSense ]]
# [[pfSense Sales Training Material ]]
# [[Industrial Controllers and Water Utilities 251011 ]]
# [[Comfac Sales Knowledge Base ]]
# [[🌐 WordPress Website — *You Own Everything, Learn Everything* ]]
# [[Business Continuity ]]
# [[Using Frappe Wiki ]]
# [[Procedure: CC-Blast Data Breach Prevention ]]
# [[8D (Eight Discipline) Problem Solving Procedure ]]
# [[IT REQUEST (OP-ERP-ITR) - EDITED 250801 ]]
# [[Steps to Repair and OCR a Scanned or Corrupted PDF in Ubuntu ]]
# [[Projects in Process Report 251023 ]]
# [[SALES INVOICE TAX OUTPUT 250829 ]]
# [[2026 MIS IT KRA KPI Biz Plan ]]
# [[Tplink Mikrotik Equivalent ]]
# [[Google Drive and Shared Drive Training ]]
# [[Mailcow SOGo: Creating Filters for Events, Approvals, and Organizational Emails ]]
# [[Comparison: TrueNAS Mini X+ vs Dell Precision 3680 Tower (2025) ]]
# [[ERPNext Webshop Setup and Publishing Process ]]
# [[Excel Description Filler Tool 📝 ]]
# [[Biz Analysis Methodology 251109 ]]
# [[Comfac CRM – Customer Qualification & Conversion Process ]]
# [[Comfac GPU Scaling and AI Research Goals ]]
# [[Backblaze Drive Stats for Server and Storage Qualification ]]
# [[🧠 Process: Selecting and Installing the Right Ollama Model for Your Hardware ]]
# [[Partner Reseller Pricing 251109 ]]
# [[LibreOffice / Nextcloud Office – "Due Tasks" Conditional Formatting ]]
# [[pfSense CE → pfSense Plus Upgrade Guide ]]
# [[Introduction: Why Self-Host Your Email? ]]
# [[Spoof Timezone Extension – Setup Guide for Comfac Staff ]]
# [[Mailcow + Thunderbird Setup Guide (Email + Calendar) ]]
# [[Viber Focus-Stealing ]]
# [[Modern Guide: pfSense Captive Portal with FreeRADIUS & ACME ]]
# [[Frappe Links and References ]]
# [[testing]]

== For Users Only ==
* [[Private:Private Ngani]]
* [[Private:Private Nganipart2]]

== CIT-OJT Project Documentations ==

* [[OJTDocs: For OJTs only]]

== Need Help? ==
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Configuration_settings Configuration settings list]
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:FAQ MediaWiki FAQ]
* [https://lists.wikimedia.org/postorius/lists/mediawiki-announce.lists.wikimedia.org/ MediaWiki release mailing list]
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Localisation#Translation_resources Localise MediaWiki for your language]
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Combating_spam Learn how to combat spam on your wiki]
* [[Troubleshooting: Access & Permission Issues]]

For interns only

2026-03-05T08:07:49Z

Dani: Dani moved page For interns only to OJTDocs:For interns only

#REDIRECT [[OJTDocs:For interns only]]

Main Page

2026-03-05T08:04:23Z

Dani: /* CIT-OJT Project Documentations */

<strong>MediaWiki has been installed.</strong>

Consult the [https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents User's Guide] for information on using the wiki software.

== Getting Started ==
# [[Mediawiki Setting Up Guide]]
# [[Mediawiki Additional Configuration]]
# [[Mediawiki Docker Migration Guide]]
# [[ERPNext Webshop Setup Guide]]
# [[Manufacturing v16 260125]]
# [[ERpnext Asset Management Procedure 260113 ]]
# [[260108 CGG- GitHub Administration Guide ]]
# [[ERPNext HR Module Outline ]]
# [[Controller Systems 251213-01 ]]
# [[Power Distribution Tree 251213 ]]
# [[Home ]]
# [[Standard Operating Procedure: Distributed Minute Taking & Task Ownership 251208 ]]
# [[OpenWebUI - 251128-justin ]]
# [[Comfac ERPNext Strategy Canvas (Expanded) ]]
# [[IT Purchase Requests 241126 ]]
# [[TrueNAS Business Plan: Project 251212 ]]
# [[ERPNEXT Payroll POC 251212 ]]
# [[Offline Malware Remediation & Data Recovery ]]
# [[TrueNAS Configuration Options & Scale Options 251130 ]]
# [[SOP: Network Troubleshooting & pfSense Monitoring 251130 ]]
# [[System Hardening Strategy: Win2Lin Migration & Infrastructure 251129 ]]
# [[IT IMPORTS PROCESSES ]]
# [[Skills and Competencies for IT Staff Trained in pfSense ]]
# [[pfSense Sales Training Material ]]
# [[Industrial Controllers and Water Utilities 251011 ]]
# [[Comfac Sales Knowledge Base ]]
# [[🌐 WordPress Website — *You Own Everything, Learn Everything* ]]
# [[Business Continuity ]]
# [[Using Frappe Wiki ]]
# [[Procedure: CC-Blast Data Breach Prevention ]]
# [[8D (Eight Discipline) Problem Solving Procedure ]]
# [[IT REQUEST (OP-ERP-ITR) - EDITED 250801 ]]
# [[Steps to Repair and OCR a Scanned or Corrupted PDF in Ubuntu ]]
# [[Projects in Process Report 251023 ]]
# [[SALES INVOICE TAX OUTPUT 250829 ]]
# [[2026 MIS IT KRA KPI Biz Plan ]]
# [[Tplink Mikrotik Equivalent ]]
# [[Google Drive and Shared Drive Training ]]
# [[Mailcow SOGo: Creating Filters for Events, Approvals, and Organizational Emails ]]
# [[Comparison: TrueNAS Mini X+ vs Dell Precision 3680 Tower (2025) ]]
# [[ERPNext Webshop Setup and Publishing Process ]]
# [[Excel Description Filler Tool 📝 ]]
# [[Biz Analysis Methodology 251109 ]]
# [[Comfac CRM – Customer Qualification & Conversion Process ]]
# [[Comfac GPU Scaling and AI Research Goals ]]
# [[Backblaze Drive Stats for Server and Storage Qualification ]]
# [[🧠 Process: Selecting and Installing the Right Ollama Model for Your Hardware ]]
# [[Partner Reseller Pricing 251109 ]]
# [[LibreOffice / Nextcloud Office – "Due Tasks" Conditional Formatting ]]
# [[pfSense CE → pfSense Plus Upgrade Guide ]]
# [[Introduction: Why Self-Host Your Email? ]]
# [[Spoof Timezone Extension – Setup Guide for Comfac Staff ]]
# [[Mailcow + Thunderbird Setup Guide (Email + Calendar) ]]
# [[Viber Focus-Stealing ]]
# [[Modern Guide: pfSense Captive Portal with FreeRADIUS & ACME ]]
# [[Frappe Links and References ]]
# [[testing]]

== For Users Only ==
* [[Private:Private Ngani]]
* [[Private:Private Nganipart2]]

== CIT-OJT Project Documentations ==

* [[For interns only]]

== Need Help? ==
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Configuration_settings Configuration settings list]
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:FAQ MediaWiki FAQ]
* [https://lists.wikimedia.org/postorius/lists/mediawiki-announce.lists.wikimedia.org/ MediaWiki release mailing list]
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Localisation#Translation_resources Localise MediaWiki for your language]
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Combating_spam Learn how to combat spam on your wiki]
* [[Troubleshooting: Access & Permission Issues]]

Main Page

2026-03-05T07:37:36Z

Dani:

<strong>MediaWiki has been installed.</strong>

Consult the [https://www.mediawiki.org/wiki/Special:MyLanguage/Help:Contents User's Guide] for information on using the wiki software.

== Getting Started ==
# [[Mediawiki Setting Up Guide]]
# [[Mediawiki Additional Configuration]]
# [[Mediawiki Docker Migration Guide]]
# [[ERPNext Webshop Setup Guide]]
# [[Manufacturing v16 260125]]
# [[ERpnext Asset Management Procedure 260113 ]]
# [[260108 CGG- GitHub Administration Guide ]]
# [[ERPNext HR Module Outline ]]
# [[Controller Systems 251213-01 ]]
# [[Power Distribution Tree 251213 ]]
# [[Home ]]
# [[Standard Operating Procedure: Distributed Minute Taking & Task Ownership 251208 ]]
# [[OpenWebUI - 251128-justin ]]
# [[Comfac ERPNext Strategy Canvas (Expanded) ]]
# [[IT Purchase Requests 241126 ]]
# [[TrueNAS Business Plan: Project 251212 ]]
# [[ERPNEXT Payroll POC 251212 ]]
# [[Offline Malware Remediation & Data Recovery ]]
# [[TrueNAS Configuration Options & Scale Options 251130 ]]
# [[SOP: Network Troubleshooting & pfSense Monitoring 251130 ]]
# [[System Hardening Strategy: Win2Lin Migration & Infrastructure 251129 ]]
# [[IT IMPORTS PROCESSES ]]
# [[Skills and Competencies for IT Staff Trained in pfSense ]]
# [[pfSense Sales Training Material ]]
# [[Industrial Controllers and Water Utilities 251011 ]]
# [[Comfac Sales Knowledge Base ]]
# [[🌐 WordPress Website — *You Own Everything, Learn Everything* ]]
# [[Business Continuity ]]
# [[Using Frappe Wiki ]]
# [[Procedure: CC-Blast Data Breach Prevention ]]
# [[8D (Eight Discipline) Problem Solving Procedure ]]
# [[IT REQUEST (OP-ERP-ITR) - EDITED 250801 ]]
# [[Steps to Repair and OCR a Scanned or Corrupted PDF in Ubuntu ]]
# [[Projects in Process Report 251023 ]]
# [[SALES INVOICE TAX OUTPUT 250829 ]]
# [[2026 MIS IT KRA KPI Biz Plan ]]
# [[Tplink Mikrotik Equivalent ]]
# [[Google Drive and Shared Drive Training ]]
# [[Mailcow SOGo: Creating Filters for Events, Approvals, and Organizational Emails ]]
# [[Comparison: TrueNAS Mini X+ vs Dell Precision 3680 Tower (2025) ]]
# [[ERPNext Webshop Setup and Publishing Process ]]
# [[Excel Description Filler Tool 📝 ]]
# [[Biz Analysis Methodology 251109 ]]
# [[Comfac CRM – Customer Qualification & Conversion Process ]]
# [[Comfac GPU Scaling and AI Research Goals ]]
# [[Backblaze Drive Stats for Server and Storage Qualification ]]
# [[🧠 Process: Selecting and Installing the Right Ollama Model for Your Hardware ]]
# [[Partner Reseller Pricing 251109 ]]
# [[LibreOffice / Nextcloud Office – "Due Tasks" Conditional Formatting ]]
# [[pfSense CE → pfSense Plus Upgrade Guide ]]
# [[Introduction: Why Self-Host Your Email? ]]
# [[Spoof Timezone Extension – Setup Guide for Comfac Staff ]]
# [[Mailcow + Thunderbird Setup Guide (Email + Calendar) ]]
# [[Viber Focus-Stealing ]]
# [[Modern Guide: pfSense Captive Portal with FreeRADIUS & ACME ]]
# [[Frappe Links and References ]]
# [[testing]]

== For Users Only ==
* [[Private:Private Ngani]]
* [[Private:Private Nganipart2]]

== CIT-OJT Project Documentations ==

== Need Help? ==
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Configuration_settings Configuration settings list]
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:FAQ MediaWiki FAQ]
* [https://lists.wikimedia.org/postorius/lists/mediawiki-announce.lists.wikimedia.org/ MediaWiki release mailing list]
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Localisation#Translation_resources Localise MediaWiki for your language]
* [https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Combating_spam Learn how to combat spam on your wiki]
* [[Troubleshooting: Access & Permission Issues]]

Mediawiki Additional Configuration

2026-03-05T00:33:47Z

Dani:

== MediaWiki Additional Configuration Guide ==

<div style="font-size: 100%;">
'''''This guide covers advanced configuration options for your MediaWiki installation, including logos, permissions, email, private namespaces, and two-factor authentication.'''''

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Prerequisites:''' Complete the '''[[MediaWiki Docker Setup Guide]]''' before proceeding with this configuration.
</div>

== Advanced Configuration ==

=== Part 1: Customizing Your Wiki's Appearance ===

'''1. Upload Your Logo Files'''

Before configuring logos, you need to upload your logo images to the wiki's images folder.

'''Step A: Prepare Your Logo Files'''

Create logo images in these sizes:
* '''Small logo (50x50 pixels):''' For favicon and small displays - save as <code>yourlogo-50.svg</code> or <code>yourlogo-50.png</code>
* '''Large logo (160x160 pixels):''' For the main wiki logo - save as <code>yourlogo-160.svg</code> or <code>yourlogo-160.png</code>

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Tip:''' SVG format is recommended because it scales cleanly at any size. PNG is also acceptable.
</div>

'''Step B: Copy Logo Files to the Server'''

First, you need to upload files to the Docker volume:

<syntaxhighlight lang="bash" style="font-size: 85%;">
# Create a temporary container to access the images volume
docker run -d --name temp-mediawiki \
-v 230912_images:/var/www/html/images \
mediawiki sleep 3600

# Copy your logo files into the container
docker cp ~/Downloads/yourlogo-50.svg temp-mediawiki:/var/www/html/images/
docker cp ~/Downloads/yourlogo-160.svg temp-mediawiki:/var/www/html/images/

# Fix permissions
docker exec temp-mediawiki chown 33:33 /var/www/html/images/yourlogo-50.svg
docker exec temp-mediawiki chown 33:33 /var/www/html/images/yourlogo-160.svg

# Remove the temporary container
docker stop temp-mediawiki
docker rm temp-mediawiki
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Note:''' Replace <code>yourlogo-50.svg</code> and <code>yourlogo-160.svg</code> with your actual filename. Adjust the path <code>~/Downloads/</code> if your files are saved elsewhere.
</div>

'''2. Configure Logo and Favicon in LocalSettings.php'''

Open your LocalSettings.php file:

<syntaxhighlight lang="bash" style="font-size: 85%;">
sudo nano /opt/stacks/mediawiki/LocalSettings.php
</syntaxhighlight>

Find the existing <code>$wgLogos</code> section and replace it with:

<syntaxhighlight lang="php" style="font-size: 85%;">
$wgLogos = [
'1x' => "$wgResourceBasePath/images/yourlogo-160.svg",
'icon' => "$wgResourceBasePath/images/yourlogo-50.svg",
];

$wgFavicon = "$wgResourceBasePath/images/yourlogo-50.svg";
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''What this does:'''
* <code>'1x'</code> sets your main wiki logo (shown in the corner)
* <code>'icon'</code> sets the smaller icon version
* <code>$wgFavicon</code> sets the browser tab icon
</div>

Save and exit.

=== Part 2: Customizing the Wiki Skin (Theme) ===

'''3. Configure the Modern Vector Skin'''

Open LocalSettings.php and find <code>$wgDefaultSkin</code>. Replace it with this configuration block:

<syntaxhighlight lang="php" style="font-size: 85%;">
# Use the modern Vector 2022 skin by default
$wgDefaultSkin = "vector-2022";

# Make existing users see the new skin too
$wgVectorDefaultSkinVersionForExistingAccounts = "2";

# Make the skin work well on mobile devices
$wgVectorResponsive = true;

# Enable appearance customization options for users
$wgVectorFeatureFlags = [
'VectorAppearance' => [
'logged_in' => true,
'logged_out' => true,
],
];
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''What this does:'''
* Sets the modern Vector skin as default
* Makes it responsive for mobile/tablet viewing
* Allows users to customize appearance settings
</div>

Save and exit.

=== Part 3: Setting Up Email and SMTP ===

This allows your wiki to send password reset emails, notifications, and user-to-user messages.

'''4. Configure Email Settings'''

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Important:''' This configuration uses environment variables to keep sensitive credentials out of LocalSettings.php. You will need to configure both your <code>.env</code> file and <code>docker-compose.yml</code>.
</div>

'''Step A: Set Up the .env File'''

Create or edit your <code>.env</code> file at <code>/opt/stacks/mediawiki/.env</code> and add your SMTP credentials:

<syntaxhighlight lang="bash" style="font-size: 85%;">
# SMTP Configuration
SMTP_HOST=mail.comfac-it.com
SMTP_PORT=587
SMTP_USER=your-email@comfac-it.com
SMTP_PASS=your_smtp_password_here
</syntaxhighlight>

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Warning:''' Never commit your <code>.env</code> file to version control. Add it to <code>.gitignore</code>.
</div>

'''Step B: Pass Environment Variables in docker-compose.yml'''

Ensure your <code>docker-compose.yml</code> passes the SMTP variables into the MediaWiki container:

<syntaxhighlight lang="yaml" style="font-size: 85%;">
services:
mediawiki:
image: mediawiki
container_name: mediawiki
restart: always
ports:
- "${MEDIAWIKI_PORT}:80"
depends_on:
- database
volumes:
- ./230912_images:/var/www/html/images
- /opt/stacks/mediawiki/extensions:/var/www/html/extensions
- /opt/stacks/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php:ro
environment:
- SMTP_HOST=${SMTP_HOST}
- SMTP_PORT=${SMTP_PORT}
- SMTP_USER=${SMTP_USER}
- SMTP_PASS=${SMTP_PASS}
</syntaxhighlight>

'''Step C: Add Email Configuration to LocalSettings.php'''

Open LocalSettings.php and add the following section after the extensions block:

<syntaxhighlight lang="php" style="font-size: 85%;">
/*-------------------------------------------
EMAIL & SMTP CONFIGURATION
-------------------------------------------*/

# Enable email features
$wgEnableEmail = true;
$wgEnableUserEmail = true;
$wgEmailAuthentication = true;

# Enable email notifications for talk pages and watchlist
$wgEnotifUserTalk = true;
$wgEnotifWatchlist = true;

# Set your wiki's email addresses
$wgEmergencyContact = "your-email@comfac-it.com";
$wgPasswordSender = "your-email@comfac-it.com";

# SMTP configuration — credentials loaded from environment variables
$wgSMTP = [
'host' => getenv('SMTP_HOST'), # e.g. mail.comfac-it.com
'IDHost' => 'comfac-it.com', # Your mail domain
'port' => getenv('SMTP_PORT'), # 587 for TLS
'auth' => true,
'username' => getenv('SMTP_USER'), # Your SMTP username
'password' => getenv('SMTP_PASS'), # Your SMTP password
'secure' => 'tls'
];

# Additional email settings
$wgUserEmailUseReplyTo = true;
$wgAllowHTMLEmail = true;

# Enable password reset via email
$wgPasswordResetRoutes = [
'username' => true,
'email' => true,
];

# Password reset links expire after 24 hours
$wgNewPasswordExpiry = 86400;

# ================================
# ALLOWED EMAIL DOMAINS
# ================================

# Users can register/use these email domains
$wgAllowedEmailDomains = [
'gmail.com',
'comfac.net',
'comfac-it.com',
];
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''What this does:'''
* Uses <code>getenv()</code> to read SMTP credentials from Docker environment variables at runtime
* Keeps passwords out of <code>LocalSettings.php</code> and version control
* <code>IDHost</code> is set to your mail domain (<code>comfac-it.com</code>)
* Restricts user email registration to approved domains only
</div>

Save and exit.

=== Part 4: Permission System (Who Can Do What) ===

'''5. Create a Clean Permission Structure'''

Open LocalSettings.php and replace the permissions section with:

<syntaxhighlight lang="php" style="font-size: 85%;">
/*-------------------------------------------
CLEAN PERMISSION SYSTEM
----------------------------------------- */

# Anonymous users
$wgGroupPermissions['*']['read'] = true;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createaccount'] = false;

# Allow bureaucrats/admins to create accounts
$wgGroupPermissions['bureaucrat']['createaccount'] = true;

# Logged-in users (view only)
$wgGroupPermissions['user']['read'] = true;
$wgGroupPermissions['user']['edit'] = false;

# Editor group
$wgGroupPermissions['editor']['read'] = true;
$wgGroupPermissions['editor']['edit'] = true;
$wgGroupPermissions['editor']['upload'] = true;
$wgGroupPermissions['editor']['reupload'] = true;

# Sysop (admin)
$wgGroupPermissions['sysop']['read'] = true;
$wgGroupPermissions['sysop']['edit'] = true;
$wgGroupPermissions['sysop']['protect'] = true;
$wgGroupPermissions['sysop']['userrights'] = true;
$wgGroupPermissions['sysop']['createaccount'] = true;
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''What this permission structure means:'''
* '''Anonymous visitors:''' Can only read pages
* '''Logged-in users:''' Can only read pages (no editing)
* '''Editors:''' Can read, edit, and upload files (assigned by admins)
* '''Sysops (Admins):''' Full control over the wiki
</div>

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''How to assign the Editor role:'''

After restarting your wiki, log in as an admin and go to:
* '''Special:UserRights''' (or click '''Special Pages''' → '''User and rights section''')
* Enter a username
* Check the '''editor''' box
* Click '''Save user groups'''
</div>

Save and exit.

=== Part 5: Creating a Private Namespace ===

'''6. Configure the Private Namespace'''

Open LocalSettings.php and add this section after your extensions:

<syntaxhighlight lang="php" style="font-size: 85%;">
/*-------------------------------------------
PRIVATE NAMESPACE (RESTRICTED ACCESS)
----------------------------------------- */

# Load the Lockdown extension
wfLoadExtension( 'Lockdown' );

# Define namespace IDs (must be unique)
define("NS_PRIVATE", 3000);
define("NS_PRIVATE_TALK", 3001);

# Register the namespace names
$wgExtraNamespaces[NS_PRIVATE] = "Private";
$wgExtraNamespaces[NS_PRIVATE_TALK] = "Private_talk";

# Only logged-in users, editors, and admins can READ
$wgNamespacePermissionLockdown[NS_PRIVATE]['read'] = ['user', 'editor', 'sysop'];

# Only editors and admins can EDIT
$wgNamespacePermissionLockdown[NS_PRIVATE]['edit'] = ['editor', 'sysop'];
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''How to use the Private namespace:'''

To create a private page, use this format: <code>Private:YourPageName</code>

Example: <code>Private:Company_Policies</code>

Anonymous users and non-logged-in visitors will get an access denied message.
</div>

Save and exit.

=== Part 6: Additional Recommended Extensions ===

'''7. Enable Additional Extensions'''

Open LocalSettings.php and expand your extensions section:

<syntaxhighlight lang="php" style="font-size: 85%;">
/*-------------------------------------------
ADDITIONAL RECOMMENDED EXTENSIONS
----------------------------------------- */

# Content organization
wfLoadExtension( 'CategoryTree' );
wfLoadExtension( 'ImageMap' );

# User experience
wfLoadExtension( 'Echo' );
wfLoadExtension( 'Thanks' );
wfLoadExtension( 'DiscussionTools' );

# Content features
wfLoadExtension( 'TemplateData' );
wfLoadExtension( 'TemplateStyles' );
wfLoadExtension( 'Poem' );

# File handling
wfLoadExtension( 'PdfHandler' );
wfLoadExtension( 'MultimediaViewer' );

# Moderation & security
wfLoadExtension( 'ConfirmEdit' );
wfLoadExtension( 'SpamBlacklist' );
wfLoadExtension( 'TitleBlacklist' );
wfLoadExtension( 'CiteThisPage' );
wfLoadExtension( 'AbuseFilter' );
wfLoadExtension( 'LoginNotify' );
</syntaxhighlight>

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Note:''' If you get an error about a missing extension after restarting, comment out that line by adding <code>#</code> at the beginning.
</div>

Save and exit.

=== Part 7: Enable File Uploads ===

'''8. Configure Upload Settings'''

Open LocalSettings.php and update the upload settings:

<syntaxhighlight lang="php" style="font-size: 85%;">
# Enable file uploads
$wgEnableUploads = true;
$wgUseImageMagick = true;
$wgImageMagickConvertCommand = "/usr/bin/convert";
$wgUseInstantCommons = false;

# Allow these file types to be uploaded
$wgFileExtensions = ['png','gif','jpg','jpeg','webp','svg','pdf','doc','docx','xls','xlsx'];

# Allow SVG files with embedded titles
$wgAllowTitleInSVG = true;
$wgSVGConverter = 'ImageMagick';
</syntaxhighlight>

Save and exit.

=== Part 8: Two-Factor Authentication for Administrators ===

'''9. Install the OATHAuth Extension'''

First, check if the extension already exists:

<syntaxhighlight lang="bash" style="font-size: 85%;">
ls /opt/stacks/mediawiki/extensions/ | grep -i oath
</syntaxhighlight>

If you don't see <code>OATHAuth</code>, install it:

<syntaxhighlight lang="bash" style="font-size: 85%;">
cd /opt/stacks/mediawiki/extensions
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth.git
sudo chown -R 33:33 OATHAuth
</syntaxhighlight>

'''10. Configure OATHAuth for Admins Only'''

Open LocalSettings.php and add:

<syntaxhighlight lang="php" style="font-size: 85%;">
/*-------------------------------------------
TWO-FACTOR AUTHENTICATION (ADMINS ONLY)
----------------------------------------- */

# Load the OATHAuth extension
wfLoadExtension( 'OATHAuth' );

# REQUIRE 2FA for administrators (sysops) only
$wgOATHRequiredForGroups = ['sysop'];

# Optional: Also require 2FA for bureaucrats
# $wgOATHRequiredForGroups = ['sysop', 'bureaucrat'];

# Allow TOTP - works with Google Authenticator, Authy, etc.
$wgOATHAuthModules = [
'totp' => [
'class' => 'MediaWiki\\Extension\\OATHAuth\\Module\\TOTP',
],
];
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''What this does:'''
* Requires 2FA only for users in the <code>sysop</code> (administrator) group
* Regular users and editors do NOT need 2FA
* Uses TOTP method (compatible with most authenticator apps)
</div>

Save and exit.

=== Part 9: Apply All Changes ===

'''11. Update the Database and Restart'''

<syntaxhighlight lang="bash" style="font-size: 85%;">
# Update database to recognize new extensions and namespaces
docker exec -it mediawiki php maintenance/update.php --quick

# Restart MediaWiki to apply all changes
cd /opt/stacks/mediawiki
docker compose restart
</syntaxhighlight>

Wait about 30 seconds for the containers to fully restart.

== Setting Up Two-Factor Authentication ==

'''12. Set Up 2FA for Administrator Accounts'''

'''Step A: Install an Authenticator App (If Not Already Installed)'''

On your phone or tablet, install one of these apps:
* '''Google Authenticator''' (iOS/Android)
* '''Microsoft Authenticator''' (iOS/Android)
* '''Authy''' (iOS/Android)
* '''1Password''' (if you use a password manager)

'''Step B: Enable 2FA on Your Admin Account'''

# Log in to MediaWiki as an administrator
# Click on your username in the top-right corner
# Click '''Preferences'''
# Click the '''Two-factor authentication''' tab (or '''OATH''' tab)
# Click '''Manage''' and '''Add an authenticator app'''
# You'll see a QR code on the screen

'''Step C: Scan the QR Code'''

# Open your authenticator app on your phone
# Tap the "+" or "Add account" button
# Scan the QR code shown on your screen
# The app will add an entry like "MediaWiki - YourUsername"
# You'll see a 6-digit code that changes every 30 seconds

'''Step D: Verify the Setup'''

# Enter the 6-digit code from your authenticator app into the MediaWiki form
# You'll also see '''scratch codes''' (recovery codes) - SAVE THESE SAFELY!
# Click '''Confirm''' or '''Enable'''

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''CRITICAL - Save Your Recovery Codes!'''

Write down or securely save your recovery codes. If you lose access to your phone, these codes are the ONLY way to regain access to your account. Each recovery code can only be used once.
</div>

'''13. Test Two-Factor Authentication'''

# Log out of your MediaWiki account
# Log back in with your username and password
# You'll now see a screen asking for a '''Two-factor authentication token'''
# Open your authenticator app and enter the current 6-digit code
# Click '''Continue''' or '''Log in'''

== Verification Checklist ==

'''14. Test Your Configuration'''

'''Logo & Skin'''
* Your custom logo appears in the top-left corner and as the favicon
* The modern Vector 2022 skin is active

'''Permissions'''
# Log out and confirm you can only read pages
# Log in as a regular user and confirm you cannot edit
# Log in as admin and assign the "editor" role via '''Special:UserRights'''
# Confirm the editor can now edit pages

'''Email'''
# Click "Forgot password?" on the login page
# Enter your username or email and verify you receive the reset email

'''Private Namespace'''
# Create a page like <code>Private:Test</code>
# Log out and confirm anonymous users cannot access it
# Log in as a regular user and confirm you can view it
# Check that only editors and admins can edit it

'''File Uploads'''
# Log in as an editor or admin
# Go to '''Special:Upload'''
# Try uploading an image file and verify it appears on the page

'''Two-Factor Authentication'''
# Verify all admins have set up 2FA
# Test login process with 2FA code
# Verify recovery codes are saved securely

== Managing Two-Factor Authentication ==

'''If an Admin Loses Access to Their Phone:'''

# At the 2FA prompt, enter one of the saved recovery codes
# Once logged in, go to '''Preferences''' → '''Two-factor authentication'''
# Disable 2FA, then re-enable it with a new QR code
# Generate new recovery codes

'''If Recovery Codes Are Also Lost:'''

Another administrator needs to disable 2FA for that account:

<syntaxhighlight lang="bash" style="font-size: 85%;">
# Run this command to disable 2FA for a specific user
docker exec -it mediawiki php maintenance/run.php OATHAuth:deleteUser --user="USERNAME"
</syntaxhighlight>

Replace <code>USERNAME</code> with the actual username.

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Security Tip:''' Create at least two administrator accounts so one admin can help recover another's account if needed.
</div>

== Troubleshooting ==

'''Email not sending?'''
* Verify SMTP credentials are correct in your <code>.env</code> file
* Check <code>SMTP_HOST</code>, <code>SMTP_PORT</code>, <code>SMTP_USER</code>, <code>SMTP_PASS</code> values
* Ensure environment variables are passed correctly in <code>docker-compose.yml</code>
* Check container logs: <code>docker compose logs -f mediawiki</code>

'''Logo not appearing?'''
* Verify files were copied correctly: <code>docker exec mediawiki ls -la /var/www/html/images/</code>
* Hard refresh your browser: <code>Ctrl + Shift + R</code> (Windows/Linux) or <code>Cmd + Shift + R</code> (Mac)
* Check the exact filenames in LocalSettings.php match the uploaded files

'''Private namespace not working?'''
* Ensure Lockdown extension is installed: <code>ls /opt/stacks/mediawiki/extensions/Lockdown</code>
* Run database update: <code>docker exec -it mediawiki php maintenance/update.php --quick</code>
* Restart containers: <code>docker compose restart</code>

'''2FA prompt not appearing for admins:'''
* Verify the OATHAuth configuration in LocalSettings.php
* Run: <code>docker exec -it mediawiki php maintenance/update.php</code>
* Restart containers and clear your browser cache

'''Authenticator codes not working:'''
* Verify your phone's time is set to automatic (not manual)
* Time synchronization is critical for TOTP to work
* Try syncing time in your authenticator app settings

== Maintenance Tasks ==

'''Regular Backups'''

<syntaxhighlight lang="bash" style="font-size: 85%;">
#!/bin/bash
# Save as /opt/scripts/backup-mediawiki.sh

BACKUP_DIR="/opt/backups/mediawiki"
DATE=$(date +%Y%m%d_%H%M%S)

mkdir -p $BACKUP_DIR

# Backup database
docker exec mediawiki-db mysqldump -u root -pyour_root_password my_wiki > $BACKUP_DIR/db_$DATE.sql

# Backup LocalSettings.php
cp /opt/stacks/mediawiki/LocalSettings.php $BACKUP_DIR/LocalSettings_$DATE.php

# Backup images
docker run --rm -v 230912_images:/data -v $BACKUP_DIR:/backup alpine tar czf /backup/images_$DATE.tar.gz -C /data .

echo "Backup completed: $DATE"
</syntaxhighlight>

'''Updating MediaWiki'''

<syntaxhighlight lang="bash" style="font-size: 85%;">
# Pull the latest MediaWiki image
docker pull mediawiki:latest

# Restart with the new image
cd /opt/stacks/mediawiki
docker compose down
docker compose up -d

# Update the database schema
docker exec -it mediawiki php maintenance/update.php

# Clear the cache
docker exec -it mediawiki php maintenance/rebuildLocalisationCache.php
</syntaxhighlight>

== Summary ==

You've successfully configured advanced features for your MediaWiki installation:

✓ Custom logos and modern Vector 2022 theme
<br>
✓ Email notifications via SMTP (environment-variable-secured credentials)
<br>
✓ Multi-level permission system (Anonymous, User, Editor, Sysop)
<br>
✓ Private namespace for confidential content
<br>
✓ Additional professional extensions
<br>
✓ File upload capabilities
<br>
✓ Two-factor authentication for administrators
<br>
✓ Enhanced security hardening

'''''Your MediaWiki installation is now fully configured and production-ready!'''''

== Next Steps ==

Your wiki is now fully configured! You can:

* Create user accounts and assign roles via '''Special:UserRights'''
* Start creating content in the main namespace
* Create private documentation in the <code>Private:</code> namespace
* Customize the main page by editing '''MediaWiki:Mainpage'''
* Explore '''Special:SpecialPages''' to discover all available features
* Set up automatic backups (see Maintenance Tasks above)
* Configure SSL/HTTPS if not already done
* Install additional extensions from https://www.mediawiki.org/wiki/Category:Extensions

'''''For additional help, visit the official MediaWiki documentation at''''' https://www.mediawiki.org/

Mediawiki Additional Configuration

2026-03-05T00:25:25Z

Dani:

== MediaWiki Additional Configuration Guide ==

<div style="font-size: 100%;">
'''''This guide covers advanced configuration options for your MediaWiki installation, including logos, permissions, email, private namespaces, and two-factor authentication.'''''

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Prerequisites:''' Complete the '''[[MediaWiki Docker Setup Guide]]''' before proceeding with this configuration.
</div>

== Advanced Configuration ==

=== Part 1: Customizing Your Wiki's Appearance ===

'''1. Upload Your Logo Files'''

Before configuring logos, you need to upload your logo images to the wiki's images folder.

'''Step A: Prepare Your Logo Files'''

Create logo images in these sizes:
* '''Small logo (50x50 pixels):''' For favicon and small displays - save as <code>yourlogo-50.svg</code> or <code>yourlogo-50.png</code>
* '''Large logo (160x160 pixels):''' For the main wiki logo - save as <code>yourlogo-160.svg</code> or <code>yourlogo-160.png</code>

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Tip:''' SVG format is recommended because it scales cleanly at any size. PNG is also acceptable.
</div>

'''Step B: Copy Logo Files to the Server'''

First, you need to upload files to the Docker volume:

<syntaxhighlight lang="bash" style="font-size: 85%;">
# Create a temporary container to access the images volume
docker run -d --name temp-mediawiki \
-v 230912_images:/var/www/html/images \
mediawiki sleep 3600

# Copy your logo files into the container
docker cp ~/Downloads/yourlogo-50.svg temp-mediawiki:/var/www/html/images/
docker cp ~/Downloads/yourlogo-160.svg temp-mediawiki:/var/www/html/images/

# Fix permissions
docker exec temp-mediawiki chown 33:33 /var/www/html/images/yourlogo-50.svg
docker exec temp-mediawiki chown 33:33 /var/www/html/images/yourlogo-160.svg

# Remove the temporary container
docker stop temp-mediawiki
docker rm temp-mediawiki
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Note:''' Replace <code>yourlogo-50.svg</code> and <code>yourlogo-160.svg</code> with your actual filename. Adjust the path <code>~/Downloads/</code> if your files are saved elsewhere.
</div>

'''2. Configure Logo and Favicon in LocalSettings.php'''

Open your LocalSettings.php file:

<syntaxhighlight lang="bash" style="font-size: 85%;">
sudo nano /opt/stacks/mediawiki/LocalSettings.php
</syntaxhighlight>

Find the existing <code>$wgLogos</code> section and replace it with:

<syntaxhighlight lang="php" style="font-size: 85%;">
$wgLogos = [
'1x' => "$wgResourceBasePath/images/yourlogo-160.svg",
'icon' => "$wgResourceBasePath/images/yourlogo-50.svg",
];

$wgFavicon = "$wgResourceBasePath/images/yourlogo-50.svg";
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''What this does:'''
* <code>'1x'</code> sets your main wiki logo (shown in the corner)
* <code>'icon'</code> sets the smaller icon version
* <code>$wgFavicon</code> sets the browser tab icon
</div>

Save and exit.

=== Part 2: Customizing the Wiki Skin (Theme) ===

'''3. Configure the Modern Vector Skin'''

Open LocalSettings.php and find <code>$wgDefaultSkin</code>. Replace it with this configuration block:

<syntaxhighlight lang="php" style="font-size: 85%;">
# Use the modern Vector 2022 skin by default
$wgDefaultSkin = "vector-2022";

# Make existing users see the new skin too
$wgVectorDefaultSkinVersionForExistingAccounts = "2";

# Make the skin work well on mobile devices
$wgVectorResponsive = true;

# Enable appearance customization options for users
$wgVectorFeatureFlags = [
'VectorAppearance' => [
'logged_in' => true,
'logged_out' => true,
],
];
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''What this does:'''
* Sets the modern Vector skin as default
* Makes it responsive for mobile/tablet viewing
* Allows users to customize appearance settings
</div>

Save and exit.

=== Part 3: Setting Up Email and SMTP ===

This allows your wiki to send password reset emails, notifications, and user-to-user messages.

'''4. Configure Email Settings'''

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Important:''' This configuration uses environment variables to keep sensitive credentials out of LocalSettings.php. You will need to configure both your <code>.env</code> file and <code>docker-compose.yml</code>.
</div>

'''Step A: Set Up the .env File'''

Create or edit your <code>.env</code> file at <code>/opt/stacks/mediawiki/.env</code> and add your SMTP credentials:

<syntaxhighlight lang="bash" style="font-size: 85%;">
# SMTP Configuration
SMTP_HOST=mail.comfac-it.com
SMTP_PORT=587
SMTP_USER=your-email@comfac-it.com
SMTP_PASS=your_smtp_password_here
</syntaxhighlight>

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Warning:''' Never commit your <code>.env</code> file to version control. Add it to <code>.gitignore</code>.
</div>

'''Step B: Pass Environment Variables in docker-compose.yml'''

Ensure your <code>docker-compose.yml</code> passes the SMTP variables into the MediaWiki container:

<syntaxhighlight lang="yaml" style="font-size: 85%;">
services:
mediawiki:
image: mediawiki
container_name: mediawiki
restart: always
ports:
- "${MEDIAWIKI_PORT}:80"
depends_on:
- database
volumes:
- ./230912_images:/var/www/html/images
- /opt/stacks/mediawiki/extensions:/var/www/html/extensions
- /opt/stacks/mediawiki/LocalSettings.php:/var/www/html/LocalSettings.php:ro
environment:
- SMTP_HOST=${SMTP_HOST}
- SMTP_PORT=${SMTP_PORT}
- SMTP_USER=${SMTP_USER}
- SMTP_PASS=${SMTP_PASS}
</syntaxhighlight>

'''Step C: Add Email Configuration to LocalSettings.php'''

Open LocalSettings.php and add the following section after the extensions block:

<syntaxhighlight lang="php" style="font-size: 85%;">
/*-------------------------------------------
EMAIL & SMTP CONFIGURATION
-------------------------------------------*/

# Enable email features
$wgEnableEmail = true;
$wgEnableUserEmail = true;
$wgEmailAuthentication = true;

# Enable email notifications for talk pages and watchlist
$wgEnotifUserTalk = true;
$wgEnotifWatchlist = true;

# Set your wiki's email addresses
$wgEmergencyContact = "your-email@comfac-it.com";
$wgPasswordSender = "your-email@comfac-it.com";

# SMTP configuration — credentials loaded from environment variables
$wgSMTP = [
'host' => getenv('SMTP_HOST'), # e.g. mail.comfac-it.com
'IDHost' => 'comfac-it.com', # Your mail domain
'port' => getenv('SMTP_PORT'), # 587 for TLS
'auth' => true,
'username' => getenv('SMTP_USER'), # Your SMTP username
'password' => getenv('SMTP_PASS'), # Your SMTP password
'secure' => 'tls'
];

# Additional email settings
$wgUserEmailUseReplyTo = true;
$wgAllowHTMLEmail = true;

# Enable password reset via email
$wgPasswordResetRoutes = [
'username' => true,
'email' => true,
];

# Password reset links expire after 24 hours
$wgNewPasswordExpiry = 86400;

# ================================
# ALLOWED EMAIL DOMAINS
# ================================

# Users can register/use these email domains
$wgAllowedEmailDomains = [
'gmail.com',
'comfac.net',
'comfac-it.com',
];
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''What this does:'''
* Uses <code>getenv()</code> to read SMTP credentials from Docker environment variables at runtime
* Keeps passwords out of <code>LocalSettings.php</code> and version control
* <code>IDHost</code> is set to your mail domain (<code>comfac-it.com</code>)
* Restricts user email registration to approved domains only
</div>

Save and exit.

=== Part 4: Permission System (Who Can Do What) ===

'''5. Create a Clean Permission Structure'''

Open LocalSettings.php and replace the permissions section with:

<syntaxhighlight lang="php" style="font-size: 85%;">
/*-------------------------------------------
CLEAN PERMISSION SYSTEM
----------------------------------------- */

# Anonymous users
$wgGroupPermissions['*']['read'] = true;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createaccount'] = false;

# Allow bureaucrats/admins to create accounts
$wgGroupPermissions['bureaucrat']['createaccount'] = true;

# Logged-in users (view only)
$wgGroupPermissions['user']['read'] = true;
$wgGroupPermissions['user']['edit'] = false;

# Editor group
$wgGroupPermissions['editor']['read'] = true;
$wgGroupPermissions['editor']['edit'] = true;
$wgGroupPermissions['editor']['upload'] = true;
$wgGroupPermissions['editor']['reupload'] = true;

# Sysop (admin)
$wgGroupPermissions['sysop']['read'] = true;
$wgGroupPermissions['sysop']['edit'] = true;
$wgGroupPermissions['sysop']['protect'] = true;
$wgGroupPermissions['sysop']['userrights'] = true;
$wgGroupPermissions['sysop']['createaccount'] = true;
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''What this permission structure means:'''
* '''Anonymous visitors:''' Can only read pages
* '''Logged-in users:''' Can only read pages (no editing)
* '''Editors:''' Can read, edit, and upload files (assigned by admins)
* '''Sysops (Admins):''' Full control over the wiki
</div>

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''How to assign the Editor role:'''

After restarting your wiki, log in as an admin and go to:
* '''Special:UserRights''' (or click '''Special Pages''' → '''User rights management''')
* Enter a username
* Check the '''editor''' box
* Click '''Save user groups'''
</div>

Save and exit.

=== Part 5: Creating a Private Namespace ===

'''6. Configure the Private Namespace'''

Open LocalSettings.php and add this section after your extensions:

<syntaxhighlight lang="php" style="font-size: 85%;">
/*-------------------------------------------
PRIVATE NAMESPACE (RESTRICTED ACCESS)
----------------------------------------- */

# Load the Lockdown extension
wfLoadExtension( 'Lockdown' );

# Define namespace IDs (must be unique)
define("NS_PRIVATE", 3000);
define("NS_PRIVATE_TALK", 3001);

# Register the namespace names
$wgExtraNamespaces[NS_PRIVATE] = "Private";
$wgExtraNamespaces[NS_PRIVATE_TALK] = "Private_talk";

# Only logged-in users, editors, and admins can READ
$wgNamespacePermissionLockdown[NS_PRIVATE]['read'] = ['user', 'editor', 'sysop'];

# Only editors and admins can EDIT
$wgNamespacePermissionLockdown[NS_PRIVATE]['edit'] = ['editor', 'sysop'];
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''How to use the Private namespace:'''

To create a private page, use this format: <code>Private:YourPageName</code>

Example: <code>Private:Company_Policies</code>

Anonymous users and non-logged-in visitors will get an access denied message.
</div>

Save and exit.

=== Part 6: Additional Recommended Extensions ===

'''7. Enable Additional Extensions'''

Open LocalSettings.php and expand your extensions section:

<syntaxhighlight lang="php" style="font-size: 85%;">
/*-------------------------------------------
ADDITIONAL RECOMMENDED EXTENSIONS
----------------------------------------- */

# Content organization
wfLoadExtension( 'CategoryTree' );
wfLoadExtension( 'ImageMap' );

# User experience
wfLoadExtension( 'Echo' );
wfLoadExtension( 'Thanks' );
wfLoadExtension( 'DiscussionTools' );

# Content features
wfLoadExtension( 'TemplateData' );
wfLoadExtension( 'TemplateStyles' );
wfLoadExtension( 'Poem' );

# File handling
wfLoadExtension( 'PdfHandler' );
wfLoadExtension( 'MultimediaViewer' );

# Moderation & security
wfLoadExtension( 'ConfirmEdit' );
wfLoadExtension( 'SpamBlacklist' );
wfLoadExtension( 'TitleBlacklist' );
wfLoadExtension( 'CiteThisPage' );
wfLoadExtension( 'AbuseFilter' );
wfLoadExtension( 'LoginNotify' );
</syntaxhighlight>

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Note:''' If you get an error about a missing extension after restarting, comment out that line by adding <code>#</code> at the beginning.
</div>

Save and exit.

=== Part 7: Enable File Uploads ===

'''8. Configure Upload Settings'''

Open LocalSettings.php and update the upload settings:

<syntaxhighlight lang="php" style="font-size: 85%;">
# Enable file uploads
$wgEnableUploads = true;
$wgUseImageMagick = true;
$wgImageMagickConvertCommand = "/usr/bin/convert";
$wgUseInstantCommons = false;

# Allow these file types to be uploaded
$wgFileExtensions = ['png','gif','jpg','jpeg','webp','svg','pdf','doc','docx','xls','xlsx'];

# Allow SVG files with embedded titles
$wgAllowTitleInSVG = true;
$wgSVGConverter = 'ImageMagick';
</syntaxhighlight>

Save and exit.

=== Part 8: Two-Factor Authentication for Administrators ===

'''9. Install the OATHAuth Extension'''

First, check if the extension already exists:

<syntaxhighlight lang="bash" style="font-size: 85%;">
ls /opt/stacks/mediawiki/extensions/ | grep -i oath
</syntaxhighlight>

If you don't see <code>OATHAuth</code>, install it:

<syntaxhighlight lang="bash" style="font-size: 85%;">
cd /opt/stacks/mediawiki/extensions
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/OATHAuth.git
sudo chown -R 33:33 OATHAuth
</syntaxhighlight>

'''10. Configure OATHAuth for Admins Only'''

Open LocalSettings.php and add:

<syntaxhighlight lang="php" style="font-size: 85%;">
/*-------------------------------------------
TWO-FACTOR AUTHENTICATION (ADMINS ONLY)
----------------------------------------- */

# Load the OATHAuth extension
wfLoadExtension( 'OATHAuth' );

# REQUIRE 2FA for administrators (sysops) only
$wgOATHRequiredForGroups = ['sysop'];

# Optional: Also require 2FA for bureaucrats
# $wgOATHRequiredForGroups = ['sysop', 'bureaucrat'];

# Allow TOTP - works with Google Authenticator, Authy, etc.
$wgOATHAuthModules = [
'totp' => [
'class' => 'MediaWiki\\Extension\\OATHAuth\\Module\\TOTP',
],
];
</syntaxhighlight>

<div style="background-color: #f8f9fa; border-left: 4px solid #3498db; padding: 12px; margin: 15px 0; font-size: 90%;">
'''What this does:'''
* Requires 2FA only for users in the <code>sysop</code> (administrator) group
* Regular users and editors do NOT need 2FA
* Uses TOTP method (compatible with most authenticator apps)
</div>

Save and exit.

=== Part 9: Apply All Changes ===

'''11. Update the Database and Restart'''

<syntaxhighlight lang="bash" style="font-size: 85%;">
# Update database to recognize new extensions and namespaces
docker exec -it mediawiki php maintenance/update.php --quick

# Restart MediaWiki to apply all changes
cd /opt/stacks/mediawiki
docker compose restart
</syntaxhighlight>

Wait about 30 seconds for the containers to fully restart.

== Setting Up Two-Factor Authentication ==

'''12. Set Up 2FA for Administrator Accounts'''

'''Step A: Install an Authenticator App (If Not Already Installed)'''

On your phone or tablet, install one of these apps:
* '''Google Authenticator''' (iOS/Android)
* '''Microsoft Authenticator''' (iOS/Android)
* '''Authy''' (iOS/Android)
* '''1Password''' (if you use a password manager)

'''Step B: Enable 2FA on Your Admin Account'''

# Log in to MediaWiki as an administrator
# Click on your username in the top-right corner
# Click '''Preferences'''
# Click the '''Two-factor authentication''' tab (or '''OATH''' tab)
# Click '''Manage''' and '''Add an authenticator app'''
# You'll see a QR code on the screen

'''Step C: Scan the QR Code'''

# Open your authenticator app on your phone
# Tap the "+" or "Add account" button
# Scan the QR code shown on your screen
# The app will add an entry like "MediaWiki - YourUsername"
# You'll see a 6-digit code that changes every 30 seconds

'''Step D: Verify the Setup'''

# Enter the 6-digit code from your authenticator app into the MediaWiki form
# You'll also see '''scratch codes''' (recovery codes) - SAVE THESE SAFELY!
# Click '''Confirm''' or '''Enable'''

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''CRITICAL - Save Your Recovery Codes!'''

Write down or securely save your recovery codes. If you lose access to your phone, these codes are the ONLY way to regain access to your account. Each recovery code can only be used once.
</div>

'''13. Test Two-Factor Authentication'''

# Log out of your MediaWiki account
# Log back in with your username and password
# You'll now see a screen asking for a '''Two-factor authentication token'''
# Open your authenticator app and enter the current 6-digit code
# Click '''Continue''' or '''Log in'''

== Verification Checklist ==

'''14. Test Your Configuration'''

'''Logo & Skin'''
* Your custom logo appears in the top-left corner and as the favicon
* The modern Vector 2022 skin is active

'''Permissions'''
# Log out and confirm you can only read pages
# Log in as a regular user and confirm you cannot edit
# Log in as admin and assign the "editor" role via '''Special:UserRights'''
# Confirm the editor can now edit pages

'''Email'''
# Click "Forgot password?" on the login page
# Enter your username or email and verify you receive the reset email

'''Private Namespace'''
# Create a page like <code>Private:Test</code>
# Log out and confirm anonymous users cannot access it
# Log in as a regular user and confirm you can view it
# Check that only editors and admins can edit it

'''File Uploads'''
# Log in as an editor or admin
# Go to '''Special:Upload'''
# Try uploading an image file and verify it appears on the page

'''Two-Factor Authentication'''
# Verify all admins have set up 2FA
# Test login process with 2FA code
# Verify recovery codes are saved securely

== Managing Two-Factor Authentication ==

'''If an Admin Loses Access to Their Phone:'''

# At the 2FA prompt, enter one of the saved recovery codes
# Once logged in, go to '''Preferences''' → '''Two-factor authentication'''
# Disable 2FA, then re-enable it with a new QR code
# Generate new recovery codes

'''If Recovery Codes Are Also Lost:'''

Another administrator needs to disable 2FA for that account:

<syntaxhighlight lang="bash" style="font-size: 85%;">
# Run this command to disable 2FA for a specific user
docker exec -it mediawiki php maintenance/run.php OATHAuth:deleteUser --user="USERNAME"
</syntaxhighlight>

Replace <code>USERNAME</code> with the actual username.

<div style="background-color: #fff3cd; border-left: 4px solid #ffc107; padding: 12px; margin: 15px 0; font-size: 90%;">
'''Security Tip:''' Create at least two administrator accounts so one admin can help recover another's account if needed.
</div>

== Troubleshooting ==

'''Email not sending?'''
* Verify SMTP credentials are correct in your <code>.env</code> file
* Check <code>SMTP_HOST</code>, <code>SMTP_PORT</code>, <code>SMTP_USER</code>, <code>SMTP_PASS</code> values
* Ensure environment variables are passed correctly in <code>docker-compose.yml</code>
* Check container logs: <code>docker compose logs -f mediawiki</code>

'''Logo not appearing?'''
* Verify files were copied correctly: <code>docker exec mediawiki ls -la /var/www/html/images/</code>
* Hard refresh your browser: <code>Ctrl + Shift + R</code> (Windows/Linux) or <code>Cmd + Shift + R</code> (Mac)
* Check the exact filenames in LocalSettings.php match the uploaded files

'''Private namespace not working?'''
* Ensure Lockdown extension is installed: <code>ls /opt/stacks/mediawiki/extensions/Lockdown</code>
* Run database update: <code>docker exec -it mediawiki php maintenance/update.php --quick</code>
* Restart containers: <code>docker compose restart</code>

'''2FA prompt not appearing for admins:'''
* Verify the OATHAuth configuration in LocalSettings.php
* Run: <code>docker exec -it mediawiki php maintenance/update.php</code>
* Restart containers and clear your browser cache

'''Authenticator codes not working:'''
* Verify your phone's time is set to automatic (not manual)
* Time synchronization is critical for TOTP to work
* Try syncing time in your authenticator app settings

== Maintenance Tasks ==

'''Regular Backups'''

<syntaxhighlight lang="bash" style="font-size: 85%;">
#!/bin/bash
# Save as /opt/scripts/backup-mediawiki.sh

BACKUP_DIR="/opt/backups/mediawiki"
DATE=$(date +%Y%m%d_%H%M%S)

mkdir -p $BACKUP_DIR

# Backup database
docker exec mediawiki-db mysqldump -u root -pyour_root_password my_wiki > $BACKUP_DIR/db_$DATE.sql

# Backup LocalSettings.php
cp /opt/stacks/mediawiki/LocalSettings.php $BACKUP_DIR/LocalSettings_$DATE.php

# Backup images
docker run --rm -v 230912_images:/data -v $BACKUP_DIR:/backup alpine tar czf /backup/images_$DATE.tar.gz -C /data .

echo "Backup completed: $DATE"
</syntaxhighlight>

'''Updating MediaWiki'''

<syntaxhighlight lang="bash" style="font-size: 85%;">
# Pull the latest MediaWiki image
docker pull mediawiki:latest

# Restart with the new image
cd /opt/stacks/mediawiki
docker compose down
docker compose up -d

# Update the database schema
docker exec -it mediawiki php maintenance/update.php

# Clear the cache
docker exec -it mediawiki php maintenance/rebuildLocalisationCache.php
</syntaxhighlight>

== Summary ==

You've successfully configured advanced features for your MediaWiki installation:

✓ Custom logos and modern Vector 2022 theme
<br>
✓ Email notifications via SMTP (environment-variable-secured credentials)
<br>
✓ Multi-level permission system (Anonymous, User, Editor, Sysop)
<br>
✓ Private namespace for confidential content
<br>
✓ Additional professional extensions
<br>
✓ File upload capabilities
<br>
✓ Two-factor authentication for administrators
<br>
✓ Enhanced security hardening

'''''Your MediaWiki installation is now fully configured and production-ready!'''''

== Next Steps ==

Your wiki is now fully configured! You can:

* Create user accounts and assign roles via '''Special:UserRights'''
* Start creating content in the main namespace
* Create private documentation in the <code>Private:</code> namespace
* Customize the main page by editing '''MediaWiki:Mainpage'''
* Explore '''Special:SpecialPages''' to discover all available features
* Set up automatic backups (see Maintenance Tasks above)
* Configure SSL/HTTPS if not already done
* Install additional extensions from https://www.mediawiki.org/wiki/Category:Extensions

'''''For additional help, visit the official MediaWiki documentation at''''' https://www.mediawiki.org/