Project Date: August 2025
Domain: wiki.leifbehrens.de
Hosting Environment: Self-managed Linux VPS (Apache2 Reverse Proxy, Docker)
Focus Area: Cybersecurity-oriented knowledge management
Deployment Method: Docker Compose
Primary Features: HTTPS-only access, Git-based version control, public guest access (read-only)
Status: Operational and actively maintained
I wanted a reliable way to document my technical projects and cybersecurity learning progress in a structured knowledge base.
After evaluating several platforms, I chose Wiki.js because it is lightweight, modern, and supports version control integration (e.g., GitHub) to keep documentation synchronized and backed up.
- Host Wiki.js on my own infrastructure for full control.
- Use Docker for clean deployment and easier updates.
- Access it via my domain leifbehrens.de with a valid Let's Encrypt certificate.
- Enforce HTTPS for all traffic, redirecting any HTTP requests automatically.
- Keep the service internally isolated while exposing only the necessary ports via Apache as a reverse proxy.
- Server Preparation
- Created a dedicated Linux user specifically for running the Wiki.js container.
- Installed Docker and Docker Compose on the server.
- Granted Docker permissions to this user so it could run Docker commands without sudo, improving usability while maintaining separation from other services.
- Docker Setup
- Created a
docker-compose.yml and .env file to manage environment variables and container configuration.
- Configured Wiki.js to run on a private Docker network (bridge mode), preventing direct internet exposure.
- Defined services in docker-compose.yml for:
- Database container (PostgreSQL) with a dedicated volume for persistent storage.
- Wiki.js application container linked to the database.
- Persistent volumes for both the database and Wiki.js configuration.
- Verified local access to the Wiki.js setup page via container networking before moving to the reverse proxy setup.
- Firewall & Security
- Restricted container communication to a custom Docker bridge network, ensuring Wiki.js is isolated from direct internet access.
- Testing & Troubleshooting:
- After starting the Wiki.js container with Docker Compose, an attempt to access it locally via
curl http://127.0.0.1:3000 failed, no response was received.
- Verified that the container was running and reachable internally, but the firewall was blocking local bridge network traffic.
- Temporarily disabled the firewall for testing, confirmed the container responded, and then re-enabled the firewall.
- Created new firewall rules specifically for the Wiki.js Docker bridge network, allowing local traffic without opening it to the public internet.
- Result: Local access via
curl worked as expected, and external requests remained restricted.
- Apache Reverse Proxy & HTTPS
- Created an Apache Virtual Host for
wiki.leifbehrens.de.
- Configured reverse proxy rules to forward incoming requests from Apache to the internal Wiki.js container running on the private Docker bridge network.
- Obtained and installed a Let's Encrypt certificate using Certbot for secure HTTPS access.
- Configured automatic redirection so that all HTTP (port 80) traffic is redirected to HTTPS (port 443).
- Tested and verified the configuration by ensuring that the site was reachable via
https://wiki.leifbehrens.de with a valid certificate and proper redirect behavior.
- Completed the Wiki.js initial setup through the web interface after confirming HTTPS functionality.
- GitHub Sync & Permissions Setup
- Generated a dedicated SSH key for the Wiki.js Git backend to securely connect with GitHub.
- Added the public key to a private GitHub repository containing my Wiki.js content.
- Synced existing pages from my local Wiki.js instance (running on a Raspberry Pi) to this GitHub repository.
- Pulled the repository into the new publicly hosted Wiki.js instance at wiki.leifbehrens.de, ensuring all content was synced.
- Adjusted guest user permissions to allow public read access to selected pages, matching the configuration from the local Wiki.js setup.
- The Wiki is now publicly available at https://wiki.leifbehrens.de with a secure HTTPS-only configuration in place.
- Access to the underlying container and supporting services is tightly restricted, ensuring a minimal attack surface.
- Content updates are fully synchronized with GitHub, allowing seamless edits from any location.
- Containerizing Wiki.js with Docker simplifies setup, maintenance, and potential migrations.
- A reverse proxy combined with precise firewall rules provides strong security without sacrificing accessibility.
- Integrating version control via GitHub enables effortless content management, rollback capabilities, and collaboration potential.