beginner question: Turnkey Mediawiki cannot be reached (403)

[Bauerranger]

Hello everyone, I am a beginner with proxmox and have just started about a week ago. I have a Lenovo Thinkcentre that I want to set up as a homeserver, and just to play around and learn stuff. But right at the beginning I ran into an issue I can't solve. Installing and setting up proxmox seems to have worked fine. I can log into the proxmox frontend, download templates, set up vms and containers, log onto them and use the consoles/terminals. I have set up a turnkey linux mediawiki container from the template provided by proxmox. Using the console of the container I can run all commands and check all installed packages. There doesn't seem to be anything missing that is mentioned in every tutorial.

However, when I try to call the wiki in my browser (http://ip-of-the-server/mediawiki/) I get a 403 error code. And I can't get my head around why I would get this error.

Things I have tried is
- restarting the container
- restarting the server
- reinstalling the template
- setting up the container again several times
- follow each step of every tutorial I could find

From what I can tell after a thorough internet search it seems to be some permission issue. What's confusing me is that I have set up a dokuwiki from a template as well at some point. That one worked absolutely fine, no issues at all, just a 2 minutes workflow. From what I can tell, dokuwiki and mediawiki are both based on a lamp stack, so there shouldn't be any major differences in the installations, right? Anybody got any suggestions what could be the reason and how to fix it?

Thanks in advance!

 

[UdoB]

403 error code

This comes probably from the successfully reachable webserver. (Apache? Nginx?) "403" = "Forbidden" --> https://en.wikipedia.org/wiki/HTTP_403

Maybe the default installation allows access from "localhost" only? I don't know the details of Turnkey, so that's all I can say...

 

[JeremyDavis]

Hi,

My name is Jeremy and I'm the lead dev with TurnKey.

[...] I have set up a turnkey linux mediawiki container from the template provided by proxmox. Using the console of the container I can run all commands and check all installed packages. There doesn't seem to be anything missing that is mentioned in every tutorial.

However, when I try to call the wiki in my browser (http://ip-of-the-server/mediawiki/) I get a 403 error code. And I can't get my head around why I would get this error.

I assume that you have run through the first boot scripts? They should appear in the NoVNC window when the container first starts. Although personally I set a static IP and log in via SSH.

Either way, there will be a number of questions, including the mediawiki "admin" user password etc. One of those questions is to set a domain. Mediawiki will redirect to the domain you set - so whatever you use needs to resolve to your server's IP. If you don't have a domain, then for testing purposes you can use the IP as the "domain" (there are other workarounds that I won't go into now).

If you need to run through the questions again to do that, then manually run:

/usr/lib/inithooks/bin/mediawiki.py

Once you have set a domain, then browse to "domain" (e.g. for testing the IP).

Mediawiki is served on the webroot (so no /mediawiki on the end). Mediawiki will also auto redirect http to https. Initially your browser will give you a security warning about a self signed certificate but you can click through that and you should be able to access Mediawiki

From what I can tell after a thorough internet search it seems to be some permission issue. What's confusing me is that I have set up a dokuwiki from a template as well at some point. That one worked absolutely fine, no issues at all, just a 2 minutes workflow. From what I can tell, dokuwiki and mediawiki are both based on a lamp stack, so there shouldn't be any major differences in the installations, right? Anybody got any suggestions what could be the reason and how to fix it?

I doubt it's permissions related. Although if you gave it a domain that you don't own/control and/or one that doesn't resolve to your server, then it's not your server giving the 403 - it's the server that is hosting the domain you set (I hope that makes sense).

Assuming that you tried the TurnKey Dokuwiki server, then yes they are both built on top of our LAMP stack. But Dokuwiki is a much more simple app that does not require a domain set, nor https. If you need http, then IIRC mediawiki can be configured to use that instead, but it still needs some sort of "domain".

Thanks in advance!

Hopefully that is of some help?

If not and/or you want some more info, please let me know and I'll reply ASAP.

Also apologies if I come across a bit terse. It's been a long day and I've had enough of it all...

 

[Bauerranger]

@JeremyDavis Wow, thanks for that concise answer! And thanks for taking the time to explain the steps!

Unfortunately, I run into an error with your suggested solution. And the error message is confusing to me. You said that I should run the initial boot scripts. So I removed the old ct and set up a fresh and new one. You said that

Either way, there will be a number of questions, including the mediawiki "admin" user password etc. One of those questions is to set a domain. Mediawiki will redirect to the domain you set - so whatever you use needs to resolve to your server's IP. If you don't have a domain, then for testing purposes you can use the IP as the "domain" (there are other workarounds that I won't go into now).

So, in my case I entered 192.168.2.142 to which I get the error message "MediaWiki Domain is required." which I don't understand at all.

Also apologies if I come across a bit terse. It's been a long day and I've had enough of it all...

No worries! Your message was really helpful and I appreciate the time you invested. And actually, I feel that my issue is so basic that I am sort of too afraid to admit that I have no idea. I'm afraid of sounding stupid.

 

[Bauerranger]

This comes probably from the successfully reachable webserver. (Apache? Nginx?) "403" = "Forbidden" --> https://en.wikipedia.org/wiki/HTTP_403

Maybe the default installation allows access from "localhost" only? I don't know the details of Turnkey, so that's all I can say...

Yes, which is why I suggested that it was a permission issue all along. I get a 403, not a 404. The server is there, I am talking to it. But it refuses to answer.

 

[JeremyDavis]

@JeremyDavis Wow, thanks for that concise answer! And thanks for taking the time to explain the steps!

You're welcome

Unfortunately, I run into an error with your suggested solution. And the error message is confusing to me. You said that I should run the initial boot scripts. So I removed the old ct and set up a fresh and new one. You said that

So, in my case I entered 192.168.2.142 to which I get the error message "MediaWiki Domain is required." which I don't understand at all.

Apologies if it wasn't clear, but you access the TurnKey first boot initialization scripts via a terminal - not via a browser pointed at your server.

Let me break it down a bit more:

When you first boot a TurnKey server, you will need to wait a minute or 2 for the non-interactive scripts to run first (they do stuff like generate the self-signed SSL/TLS cert, set web app random secrets, etc). Then the interactive ones will start. After initialization is complete, future boots will be faster.

Then open a terminal to your server - either a NoVNC window within Proxmox web UI (probably best for newbs) or an SSH client (on your local PC - my usual preference, although I use both). Note that firstboot scripts won't show if you connect from the PVE CLI (i.e.

pct enter VMID

).

I use the OpenSSH CLI client (pre-installed on Linux & MacOS - installable on older Windows versions and should be pre-installed on newer ones - but may need to be enabled?) There are other SSH client options too, e.g. PuTTy, WinSFTP (Windows only), etc. To log in via OpenSSH:

ssh root@192.168.2.142

Use the password you set when creating the container. If you are using an SSH keypair instead, you may need to specify the private key location. Note that if authentication via SSH fails (e.g. wrong password) then you will be locked out for ~10 mins. Either wait or use the NoVNC window.

No worries! Your message was really helpful and I appreciate the time you invested. And actually, I feel that my issue is so basic that I am sort of too afraid to admit that I have no idea. I'm afraid of sounding stupid.

Glad my message was helpful. I get feeling stupid, but try not to because we all started with no idea. Linux knowledge isn't something humans are born with!

 

[Bauerranger]

Apologies if it wasn't clear, but you access the TurnKey first boot initialization scripts via a terminal - not via a browser pointed at your server.

Let me break it down a bit more:

When you first boot a TurnKey server, you will need to wait a minute or 2 for the non-interactive scripts to run first (they do stuff like generate the self-signed SSL/TLS cert, set web app random secrets, etc). Then the interactive ones will start. After initialization is complete, future boots will be faster.

So... The first attached screenshot is not from the non-interactive scripts that run first? I am using the proxmox frontend console to first start the container (the other screenshot).

EDIT:
I just got what must have confused you in my last post! When I wrote

Unfortunately, I run into an error with your suggested solution. And the error message is confusing to me. You said that I should run the initial boot scripts. So I removed the old ct and set up a fresh and new one. You said that
So, in my case I entered 192.168.2.142 to which I get the error message "MediaWiki Domain is required." which I don't understand at all.

I was talking about entering the IP when prompted for a domain. (which then gave me the error message in screenshot one which confused me)

 

[JeremyDavis]

Thanks for the clarification and apologies for my misunderstanding.

Like George Bernard Shaw said:

The single biggest problem in communication is the illusion that it has taken place.

Yes, the first screenshot is certainly the first boot scripts so you are all over it. I was under the impression that an IP would "just work" (it used to and I wasn't aware it no longer did).

I'll have to have a closer look at the Mediawiki appliance myself ASAP and report back. But to ensure that it doesn't get forgotten, I've opened an issue on our tracker.

I'm a bit snowed under at the moment, so in the meantime you could workaround that by adding a hosts entry to your local PC?