I have the following configuration, that is working like a charm:
-
wiki/LocalSettings.php
-
$wgServer = "https://wiki.example.org"; ... ## Parsoid ---- wfLoadExtension( 'ParsoidBatchAPI' ); $wgVirtualRestConfig['modules']['parsoid'] = array( 'url' => 'http://127.0.0.1:8142', ); $wgSessionsInObjectCache = true; $wgVirtualRestConfig['modules']['parsoid']['forwardCookies'] = true;
-
/etc/mediawiki/parsoid/config.yaml
-
worker_heartbeat_timeout: 300000 logging: level: info services: - module: ../src/lib/index.js entrypoint: apiServiceWorker conf: #localsettings: /etc/mediawiki/parsoid/settings.js mwApis: - uri: 'https://wiki.example.org/api.php' #- uri: 'https://another-wiki-instance.example.org/api.php' serverPort: 8142 serverInterface: '127.0.0.1'
I'm confused of then next sentence from the section Parsoid over HTTPS:
Setting up such a configuration allows you to avoid the security implications of transmitting parsoid cookies in cleartext.
So my question is:
Is the above configuration secure enough while only ports 80 and 443 are open into the firewall? And if the answer is "yes" - could we add a clarification note like the follow into the bottom of the section Parsoid over HTTPS?
You do not need to setup stunnel4 when the Parsoid service is on the same server as the MediaWiki instance.