This page summarizes our Wiki.js on-prem deployment with PostgreSQL, Nginx reverse proxy, and Let’s Encrypt HTTPS, plus the final docker-compose.yml, nginx config, and the commands we used to verify everything.
¶ Architecture
wiki.manin.site → Public IP (A record)¶ Folder layout (host)
/home/admin/containers/wikijs
├── docker-compose.yml
└── nginx/
└── conf.d/
└── wiki.conf
## Backup disk mounted on host:
/backup
## Mounted inside Wiki.js container:
/backup
docker-compose.ymlNote: Replace the password with a strong one.
services:
db:
image: postgres:15
container_name: wikijs-db
restart: unless-stopped
environment:
POSTGRES_DB: wikijs
POSTGRES_USER: wikijs
POSTGRES_PASSWORD: CHANGE_ME_STRONG
volumes:
- db-data:/var/lib/postgresql/data
wikijs:
image: requarks/wiki:2
container_name: wikijs
restart: unless-stopped
depends_on:
- db
environment:
DB_TYPE: postgres
DB_HOST: db
DB_PORT: 5432
DB_USER: wikijs
DB_PASS: CHANGE_ME_STRONG
DB_NAME: wikijs
expose:
- "3000"
volumes:
- /mnt/backup:/backup
nginx:
image: nginx:alpine
container_name: wikijs-nginx
restart: unless-stopped
depends_on:
- wikijs
ports:
- "80:80"
- "443:443"
volumes:
- ./nginx/conf.d:/etc/nginx/conf.d:ro
- certbot-www:/var/www/certbot
- letsencrypt:/etc/letsencrypt
certbot:
image: certbot/certbot:latest
container_name: wikijs-certbot
volumes:
- certbot-www:/var/www/certbot
- letsencrypt:/etc/letsencrypt
command: >
sh -c "while :; do
certbot renew --webroot -w /var/www/certbot --quiet;
sleep 12h;
done"
volumes:
db-data:
certbot-www:
letsencrypt:
Nginx config: nginx/conf.d/wiki.conf
server {
listen 80;
server_name wiki.manin.site;
location /.well-known/acme-challenge/ {
root /var/www/certbot;
try_files $uri =404;
}
location / {
return 301 https://$host$request_uri;
}
}
¶ HTTPS (443): reverse proxy to Wiki.js
server {
listen 443 ssl;
http2 on;
server_name wiki.manin.site;
ssl_certificate /etc/letsencrypt/live/wiki.manin.site/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/wiki.manin.site/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
# for screenshots / videos
client_max_body_size 500m;
location / {
proxy_pass http://wikijs:3000;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 300s;
proxy_send_timeout 300s;
}
}
¶ HTTPS (Let’s Encrypt) — initial issuance (one-time)
Run from the compose directory:
cd /home/admin/containers/wikijs
docker compose run --rm --entrypoint certbot certbot \
certonly --webroot -w /var/www/certbot \
-d wiki.manin.site \
--email yasen@manin.site \
--agree-tos --no-eff-email
Backup configuration
In Wiki.js → Admin → Storage → Local File System:
Path: /backup
Sync direction: Push to target
Create daily backups: enabled
Host permissions (Wiki.js typically runs as UID 1000 inside container):
sudo mkdir -p /mnt/backup
sudo chown -R 1000:1000 /mnt/backup
sudo chmod 750 /mnt/backup
Commands used to check & troubleshoot
Check containers and ports
cd /home/admin/containers/wikijs
docker compose ps
docker ps --format "table {{.Names}}\t{{.Ports}}"
View logs
docker compose logs -f wikijs
docker compose logs -f nginx
docker compose logs -f certbot
docker compose logs -f db
Validate and reload Nginx
docker compose exec nginx nginx -t
docker compose exec nginx nginx -s reload
Verify certificate files exist inside Nginx container
docker compose exec nginx ls -la /etc/letsencrypt/live
docker compose exec nginx ls -la /etc/letsencrypt/live/wiki.manin.site
Verify Wiki.js can write to /backup
docker exec -it wikijs sh -lc "ls -la /backup && touch /backup/_write_test && ls -la /backup/_write_test"
Verify DB role exists (if needed)
docker exec -it wikijs-db psql -U postgres -c "\du"
docker exec -it wikijs-db psql -U postgres -c "\l"
Result
Wiki.js is accessible at: https://wiki.manin.site
Nginx handles HTTPS on 443
HTTP on 80 redirects to HTTPS
Wiki.js app stays internal on 3000
Backups are written to /backup (host: /backup)
Certbot renews certificates automatically