MediaWiki on AWS User Guide
Overview
This image runs MediaWiki, the free and open source wiki engine that powers Wikipedia and tens of thousands of knowledge bases, intranets and documentation sites. MediaWiki is delivered as a production LAMP application so a complete collaborative wiki is running within minutes of launch.
MediaWiki runs as a PHP 8.3 application under php-fpm, served by nginx on port 80 with clean short URLs. A MariaDB database stores every page, revision and uploaded file. The MediaWiki application code lives under /var/www/mediawiki, and the wiki database lives at /var/lib/mysql, which is a dedicated, independently resizable EBS data volume that survives instance replacement. Systemd manages MariaDB, the PHP FastCGI workers and nginx, starting them on boot and restarting them on failure.
MediaWiki secures its wiki with its own administrator login. On the first boot of every deployed instance a one shot service generates a fresh MariaDB password and a fresh administrator password, both unique to that instance, creates the wiki administrator account, writes a fresh LocalSettings.php with new secret keys, and pins the wiki to the instance address, so two instances launched from the same Amazon Machine Image never share credentials. The administrator password is written to /root/mediawiki-aws-credentials.txt with mode 0600 so that only the root user can read it.
Prerequisites
Before you deploy this image you need:
- An Amazon Web Services account where you can launch EC2 instances
- IAM permissions to launch instances, create security groups, and subscribe to AWS Marketplace products
- An EC2 key pair in the target Region for SSH access to the instance
- A VPC and subnet in the target Region, with a security group allowing inbound port 22 from your management network and port 80 for the wiki
- The AWS CLI (version 2) installed locally if you plan to deploy from the command line
Step 1: Launch the Instance from the AWS Marketplace
Sign in to the AWS Management Console, open the EC2 service, and select Launch instance. Under Application and OS Images choose AWS Marketplace AMIs and search for MediaWiki. Select the cloudimg listing and choose Select, then Continue on the subscription summary.
Pick an instance type of t3.medium or larger. Choose your EC2 key pair under Key pair (login). Under Network settings select your VPC and subnet, and either create or select a security group that opens port 22 from your management network and port 80 for the wiki. Leave the root volume at the default size or larger.
Select Launch instance. First boot initialisation takes a few seconds after the instance state becomes Running and the status checks pass, while the per instance database and administrator passwords are generated and the wiki schema is created.
Step 2: Launch the Instance from the AWS CLI
The following block launches an instance from the cloudimg MediaWiki Marketplace AMI into an existing subnet and security group. Replace <ami-id> with the AMI ID shown on the Marketplace listing, <key-name> with your EC2 key pair name, <subnet-id> with your subnet ID, and <security-group-id> with a security group that opens ports 22 and 80 as described above.
aws ec2 run-instances \
--image-id <ami-id> \
--instance-type t3.medium \
--key-name <key-name> \
--subnet-id <subnet-id> \
--security-group-ids <security-group-id> \
--tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=mediawiki}]'
When the instance reaches the Running state and its status checks pass, note its public IP address or DNS name from the EC2 console or with aws ec2 describe-instances.
Step 3: Connect to Your Instance
Connect over SSH using your key pair and the login user for your operating system variant.
| OS variant | SSH login user |
|---|---|
| Ubuntu 24.04 | ubuntu |
ssh -i <key-name>.pem ubuntu@<public-ip>
Step 4: Retrieve the Administrator Password
The MediaWiki administrator password is unique to your instance and was generated on first boot. Read it as root:
sudo cat /root/mediawiki-aws-credentials.txt
The file lists the wiki URL, the administrator login (Admin) and the generated password. Keep this password somewhere safe.
Step 5: Sign In to the Wiki
The wiki is served on port 80 by nginx through php-fpm. In a browser, go to:
http://<instance-public-ip>/
Sign in as Admin with the password from the credentials file. You land on the wiki main page, with the Read, Edit and View history tabs, the search box, and the Tools sidebar.
Step 6: Confirm MediaWiki Is Running
Over SSH, confirm the database, the PHP FastCGI workers and the nginx proxy are active and that the wiki answers:
sudo systemctl is-active mariadb php8.3-fpm nginx
curl -s -o /dev/null -w 'api.php HTTP %{http_code}\n' 'http://127.0.0.1/api.php?action=query&meta=siteinfo&format=json'
You should see all three services reported as active and the MediaWiki Action API answering 200. MariaDB listens on loopback only and is never exposed publicly; only nginx on port 80 is reachable from outside the instance.
Step 7: Create and Edit Pages
To create a page, search for its title and choose to create it, or browse to http://<instance-public-ip>/wiki/Your_Page_Title and select Create. To change an existing page, open it and choose the Edit tab. Write in the familiar wikitext markup, with == headings ==, '''bold''', ''italics'' and [[internal links]], then add an edit summary and Save changes.
Every save is recorded as a revision. Open the View history tab of any page to see every change, compare two revisions with a side by side diff, and restore an earlier version. Use Recent changes in the sidebar to watch activity across the whole wiki, and add pages to your watchlist to follow the ones you care about.
Step 8: Special Pages and the Installed Version
MediaWiki ships a rich set of special pages for administering the wiki. Browse to Special:SpecialPages for the full index, Special:RecentChanges for activity, Special:ListUsers and Special:UserRights to manage accounts and permissions, and Special:Upload to add files. Special:Version lists the installed MediaWiki, PHP, database and extension versions for your instance.
Step 9: Use the Action API
Every wiki operation is also available programmatically through the MediaWiki Action API on the same port 80 at /api.php. For example, fetch the site information to confirm API access by browsing to the following URL, replacing <instance-public-ip> with your instance address:
http://<instance-public-ip>/api.php?action=query&meta=siteinfo&siprop=general&format=json
To make authenticated API calls (for bots or integrations), create a dedicated bot password under Special:BotPasswords while signed in as the administrator, and use the returned credentials with the action=login then action=clientlogin token flow. Treat bot passwords like passwords and scope each one to the minimum rights its integration needs.
Step 10: Short URLs and a Custom Domain
This image is configured with clean short URLs, so articles are served at /wiki/Page_Title rather than /index.php?title=Page_Title. The article path and the canonical server URL are set in /var/www/mediawiki/LocalSettings.php. First boot pins the canonical server URL ($wgServer) to your instance public IP, which is why the wiki is reachable immediately.
When you put the wiki behind a custom domain or a load balancer, edit /var/www/mediawiki/LocalSettings.php and set $wgServer to your domain, for example $wgServer = "https://wiki.example.com";, then reload php-fpm so the change takes effect:
sudo systemctl reload php8.3-fpm
Point the domain's DNS A record at the instance public IP and browse to your domain.
Step 11: The Data Volume
The wiki database lives on a dedicated EBS volume mounted at /var/lib/mysql. This keeps the database off the operating system disk and lets you resize or snapshot it independently. Confirm the mount with:
df -h /var/lib/mysql
To grow the database store, expand the EBS volume in the AWS console, then grow the filesystem on the instance with sudo resize2fs on the underlying device. Because the database is on its own volume, you can snapshot it for backup or detach and reattach it to a replacement instance.
Step 12: Enable HTTPS
The wiki is served over plain HTTP on port 80 by nginx. For production use, place it behind TLS. Obtain a certificate for your domain (for example with a managed certificate on an Application Load Balancer in front of the instance, or with Certbot installed on the instance), then configure nginx to listen on 443 with your certificate and proxy to php-fpm exactly as the bundled site does for port 80. Set $wgServer to your https:// URL in LocalSettings.php as shown in Step 10, and restrict the security group so ports 80 and 443 are reachable only from the networks that need the wiki.
Step 13: Backup and Maintenance
Back up MediaWiki by snapshotting the /var/lib/mysql EBS volume, which captures the entire wiki database, and by keeping a copy of /var/www/mediawiki/LocalSettings.php, which holds the database credentials and the secret keys, together with the contents of /var/www/mediawiki/images, which holds uploaded files. You can also take a logical dump of the database with mysqldump over the loopback socket. Apply operating system security updates with sudo apt-get update && sudo apt-get upgrade and reboot when a new kernel is installed; MariaDB, php-fpm and nginx start automatically on boot. Upgrade MediaWiki itself by replacing the application code under /var/www/mediawiki with a newer release and running sudo -u www-data php /var/www/mediawiki/maintenance/update.php --quick after backing up the database.
Support
This image is published and supported by cloudimg. Support covers deployment, user and rights management, extensions and skins, the Action API, short URL and custom domain configuration, database tuning, TLS and scaling. Contact cloudimg through the support channel listed on the AWS Marketplace listing.
All product and company names are trademarks or registered trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.