Update environment configuration

_sources/canasta/getMediawikiSettings.php

@@ -54,6 +54,8 @@ public function execute() {
 			$config = MediaWikiServices::getInstance()->getMainConfig();
 			if ( $config->has( $variableName ) ) {
 				$return = $config->get( $variableName );
+			} else if ( getenv( $variableName ) ) {
+				$return = getenv( $variableName );
 			} else { // the last chance to fetch a value from global variable
 				$return = $GLOBALS[$variableName] ?? '';
 			}

_sources/scripts/run-all.sh

@@ -99,31 +99,14 @@ cd "$MW_HOME" || exit
 
 ########## Run maintenance scripts ##########
 echo "Checking for LocalSettings..."
-if [ -e "$MW_VOLUME/config/LocalSettings.php" ]; then
-  settingsPath="$MW_VOLUME/config/LocalSettings.php"
-elif [ -e "$MW_VOLUME/config/CommonSettings.php" ]; then
-  settingsPath="$MW_VOLUME/config/CommonSettings.php"
-fi
-
-if [ -e $settingsPath ]; then
-  if ! grep -q "\$wgDBtype" "$settingsPath"; then
-    echo "\$wgDBtype = \"$wgDBtype\";" >> $settingsPath
-  if ! grep -q "\$wgDBserver" "$settingsPath"; then
-    echo "\$wgDBserver = \"$wgDBserver\";" >> $settingsPath
-  if ! grep -q "\$wgDBname" "$settingsPath"; then
-    echo "\$wgDBname = \"$wgDBname\";" >> $settingsPath
-  if ! grep -q "\$wgDBuser" "$settingsPath"; then
-    echo "\$wgDBuser = \"$wgDBuser\";" >> $settingsPath
-  if ! grep -q "\$wgDBpassword" "$settingsPath"; then
-    echo "\$wgDBpassword = \"$wgDBpassword\";" >> $settingsPath
+if [ -e "$MW_VOLUME/config/LocalSettings.php" ] || [ -e "$MW_VOLUME/config/CommonSettings.php" ]; then
   # Run auto-update
   run_autoupdate
   if [ -e "$MW_VOLUME/config/wikis.yaml" ]; then
     config_subdir_wikis
     create_storage_dirs
   fi
 fi
-
 echo "Starting services..."
 
 # Run maintenance scripts in background.
@@ -159,9 +142,5 @@ exec /usr/sbin/apachectl -DFOREGROUND
 # Replace placeholders in the Caddyfile template with actual values
 sed -e "s/\${DOMAIN}/$DOMAIN/g" /etc/caddy/Caddyfile.template > /etc/caddy/Caddyfile
 
-# Copy provided certificate and key
-cp "$CERT_PATH" /etc/caddy/cert.crt
-cp "$KEY_PATH" /etc/caddy/private.key
-
 # Start Caddy in the foreground
 caddy run --config /etc/caddy/Caddyfile

config/.gitignore

@@ -0,0 +1,7 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore
+!composer.local.json
+!default.vcl
+!SettingsTemplate.php

config/SettingsTemplate.php

@@ -0,0 +1,8 @@
+<?php
+// If not running MediaWiki, exit
+if ( !defined( 'MEDIAWIKI' ) ) {
+	exit;
+}
+#$wgServer = "https://localhost";
+#$wgSitename = ;
+#$wgMetaNamespace = ;

config/composer.local.json

@@ -0,0 +1,11 @@
+{
+	"require": {
+	},
+	"extra": {
+		"merge-plugin": {
+			"include": [
+
+			]
+		}
+	}
+}

config/default.vcl

@@ -0,0 +1,149 @@
+vcl 4.0;
+
+# Borrowed from mediawiki.org/wiki/Manual:Varnish_caching
+# and modified for Canasta
+
+backend default {
+    .host = "web";
+    .port = "80";
+    .first_byte_timeout = 120s; 
+    .connect_timeout = 30s; 
+    .between_bytes_timeout = 120s;
+}
+
+acl purge {
+    "web";
+}
+
+# vcl_recv is called whenever a request is received 
+sub vcl_recv {
+    # Serve objects up to 2 minutes past their expiry if the backend
+    # is slow to respond.
+    # set req.grace = 120s;
+
+    set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
+
+    set req.backend_hint= default;
+
+    # This uses the ACL action called "purge". Basically if a request to
+    # PURGE the cache comes from anywhere other than localhost, ignore it.
+    if (req.method == "PURGE") {
+        if (!client.ip ~ purge) {
+            return (synth(405, "Not allowed."));
+        } else {
+            return (purge);
+        }
+    }
+
+    # Pass sitemaps
+    if (req.url ~ "\.xml(\.gz)?$") {
+        return (pass);
+    }
+
+    # Pass images
+    if (req.url ~ "/w/images/") {
+        return(pass);
+    }
+
+    # Pass parsoid
+    if (req.url ~ "/w/rest.php/") {
+        return(pass);
+    }
+
+    # Pass API
+    if (req.url ~ "/w/api.php") {
+        return(pass);
+    }
+
+    call mobile_detect;
+
+    # Pass requests from logged-in users directly.
+    # Only detect cookies with "session" and "Token" in file name, otherwise nothing get cached.
+    if (req.http.Authorization || req.http.Cookie ~ "([sS]ession|Token)=") {
+        return (pass);
+    } /* Not cacheable by default */
+
+    # Pass anything other than GET and HEAD directly.
+    if (req.method != "GET" && req.method != "HEAD") {
+        return (pass);
+    } /* We only deal with GET and HEAD by default */
+
+    # Force lookup if the request is a no-cache request from the client.
+    if (req.http.Cache-Control ~ "no-cache") {
+        ban(req.url);
+    }
+
+    # normalize Accept-Encoding to reduce vary
+    if (req.http.Accept-Encoding) {
+        if (req.http.User-Agent ~ "MSIE 6") {
+        unset req.http.Accept-Encoding;
+        } elsif (req.http.Accept-Encoding ~ "gzip") {
+        set req.http.Accept-Encoding = "gzip";
+        } elsif (req.http.Accept-Encoding ~ "deflate") {
+        set req.http.Accept-Encoding = "deflate";
+        } else {
+        unset req.http.Accept-Encoding;
+        }
+    }
+
+    return (hash);
+}
+
+sub vcl_pipe {
+        # Note that only the first request to the backend will have
+        # X-Forwarded-For set.  If you use X-Forwarded-For and want to
+        # have it set for all requests, make sure to have:
+        # set req.http.connection = "close";
+
+        # This is otherwise not necessary if you do not do any request rewriting.
+
+        set req.http.connection = "close";
+}
+
+# Called if the cache has a copy of the page.
+sub vcl_hit {
+        if (!obj.ttl > 0s) {
+            return (pass);
+        }
+}
+
+# Called after a document has been successfully retrieved from the backend.
+sub vcl_backend_response {
+        # Don't cache 50x responses
+        if (beresp.status == 500 || beresp.status == 502 || beresp.status == 503 || beresp.status == 504) {
+            set beresp.uncacheable = true;
+            return (deliver);
+        }
+
+       if (beresp.ttl < 48h) {
+          set beresp.ttl = 48h;
+        }       
+
+        if (!beresp.ttl > 0s) {
+          set beresp.uncacheable = true;
+          return (deliver);
+        }
+
+        if (beresp.http.Set-Cookie) {
+          set beresp.uncacheable = true;
+          return (deliver);
+        }
+
+        if (beresp.http.Authorization && !beresp.http.Cache-Control ~ "public") {
+          set beresp.uncacheable = true;
+          return (deliver);
+        }
+
+        return (deliver);
+}
+
+sub mobile_detect {
+    set req.http.X-Device = "pc";
+
+    if ( (req.http.User-Agent ~ "(?i)(mobi|240x240|240x320|320x320|alcatel|android|audiovox|bada|benq|blackberry|cdm-|compal-|docomo|ericsson|hiptop|htc[-_]|huawei|ipod|kddi-|kindle|meego|midp|mitsu|mmp\/|mot-|motor|ngm_|nintendo|opera.m|palm|panasonic|philips|phone|playstation|portalmmm|sagem-|samsung|sanyo|sec-|semc-browser|sendo|sharp|silk|softbank|symbian|teleca|up.browser|vodafone|webos)"
+            || req.http.User-Agent ~ "^(?i)(lge?|sie|nec|sgh|pg)-" || req.http.Accept ~ "vnd.wap.wml")
+        && req.http.User-Agent !~ "(SMART-TV.*SamsungBrowser)" )
+    {
+        set req.http.X-Device = "mobile";
+    }
+}