Server: web.zoid.lan (10.168.1.169) | Debian 13 (trixie) | nginx + certbot
Internet → UDR (Port Forward 80+443) → nginx (10.168.1.169) → Wiki.js (localhost:3000)
- Intern:
http://web.zoid.lan → Wiki.js (HTTP, Port 80)
- Extern:
https://wiki.zoid.rocks → Wiki.js (HTTPS, Port 443, Let's Encrypt)
- HTTP→HTTPS Redirect: Alle Anfragen auf
wiki.zoid.rocks werden auf HTTPS umgeleitet
| Setting |
Wert |
| OS |
Debian GNU/Linux 13 (trixie) |
| nginx |
Standard-Paket (Debian) |
| certbot |
4.0.0 |
| SSL-Provider |
Let's Encrypt |
| Domain |
wiki.zoid.rocks → 185.68.251.213 |
| Extern |
Intern |
Ziel |
| TCP 80 |
10.168.1.169:80 |
HTTP (ACME Challenge + Redirect) |
| TCP 443 |
10.168.1.169:443 |
HTTPS (Wiki.js) |
user www-data;
worker_processes auto;
worker_cpu_affinity auto;
pid /run/nginx.pid;
error_log /var/log/nginx/error.log;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
server_tokens off; # Keine nginx-Version preisgeben
include /etc/nginx/mime.types;
default_type application/octet-stream;
# SSL-Grundeinstellungen
ssl_protocols TLSv1.2 TLSv1.3; # Kein SSLv3, TLS 1.0/1.1
ssl_prefer_server_ciphers off;
access_log /var/log/nginx/access.log;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
# --- HTTPS (Port 443) ---
server {
server_name web.zoid.lan wiki.zoid.rocks;
location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/wiki.zoid.rocks/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.zoid.rocks/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
# --- HTTP (Port 80) → HTTPS Redirect ---
server {
if ($host = wiki.zoid.rocks) {
return 301 https://$host$request_uri;
}
listen 80;
server_name web.zoid.lan wiki.zoid.rocks;
return 404; # managed by Certbot
}
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html;
server_name _;
location / {
try_files $uri $uri/ =404;
}
}
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
| Setting |
Wert |
| Aussteller |
Let's Encrypt (E8) |
| Domain |
wiki.zoid.rocks |
| Gültig von |
15.04.2026 |
| Gültig bis |
14.07.2026 (90 Tage) |
| Zertifikat |
/etc/letsencrypt/live/wiki.zoid.rocks/fullchain.pem |
| Key |
/etc/letsencrypt/live/wiki.zoid.rocks/privkey.pem |
| Auto-Renewal |
✅ certbot systemd-Timer |
certbot renew --dry-run # Test-Lauf
certbot renew # Echter Renew
nginx -s reload # Nginx neu laden
version: '3'
services:
wiki:
image: requarks/wiki:2
container_name: wiki
restart: unless-stopped
ports:
- "3000:3000"
- "3443:3443"
environment:
- DB_TYPE=postgres
- DB_HOST=db
- DB_PORT=5432
- DB_NAME=wiki
- DB_USER=wiki
- DB_PASS=wiki123
volumes:
- wiki-data:/wiki
depends_on:
- db
db:
image: postgres:15
container_name: wiki-db
restart: unless-stopped
environment:
- POSTGRES_DB=wiki
- POSTGRES_USER=wiki
- POSTGRES_PASSWORD=wiki123
volumes:
- wiki-db:/var/lib/postgresql/data
volumes:
wiki-data:
wiki-db:
-- DB: wiki | Tabelle: settings | Key: host
SELECT value FROM settings WHERE key = 'host';
-- Ergebnis: {"v": "https://wiki.zoid.rocks"}
# Nginx
nginx -t # Konfiguration testen
nginx -s reload # Konfiguration neu laden
systemctl status nginx # Service-Status
# Certbot
certbot certificates # Zertifikate anzeigen
certbot renew --dry-run # Renew testen
systemctl list-timers # Auto-Renew Timer prüfen
# Docker
cd /opt/wikijs
docker compose up -d # Wiki starten
docker compose restart # Wiki neustarten
docker logs wiki --tail 50 # Logs anzeigen
# Wiki.js DB
docker exec -it wiki-wiki-db-1 psql -U postgres -d wiki
Erstellt von ⚡ Charls am 15.04.2026