Tiki Wiki CMS Groupware on Ubuntu 24.04 on Azure User Guide
Overview
Tiki Wiki CMS Groupware is the Free/Libre/Open Source web application with the most built in features: a wiki, a content management system, forums, file galleries, trackers (structured data and forms), blogs and articles, all in one integrated package with no plugins to install. It is a popular choice for team knowledge bases, intranets, documentation sites and community portals where a single platform is preferred over assembling several tools.
The cloudimg image installs Tiki 29.2 "Bellatrix" served by nginx and PHP 8.3 FPM, with a bundled MariaDB database, on a hardened, fully patched Ubuntu 24.04 LTS base. Your wiki content and the database live on a dedicated Azure data disk. Every VM generates its own administrator password and its own database password on first boot, so no two deployments share a credential. Backed by 24/7 cloudimg support.
What is included:
- Tiki 29.2 served by nginx and PHP 8.3 FPM, managed by systemd
- A bundled MariaDB database, listening on loopback only
- A per VM
adminaccount and a per VM database password, generated on first boot and recorded in a root only file - A dedicated Azure data disk at
/dataholding the MariaDB data directory and Tiki's uploads - Starter wiki content so the site renders immediately: a HomePage, a Playground page and a Documentation page
mariadb.service,php8.3-fpm.serviceandnginx.serviceas systemd units, enabled and active
Security posture of this image:
- The Tiki browser installer (
tiki-install.php) is removed and locked. On a default Tiki, whoever reaches the installer first can take over the site; on this image that route does not exist. - There is no default administrator password. Tiki's documented
admin/admindefault is never present at any point, and is proven not to authenticate. - PHP refuses to serve Tiki at all until the first boot credential rotation has succeeded, so the appliance fails closed rather than serving on a build time secret.
Prerequisites
- An Azure subscription and permission to create VMs
- An SSH key pair for the
azureuseraccount - Inbound TCP
80open to the addresses you want to serve, and22for administration
Step 1 - Deploy from the Azure Marketplace
Search the Azure Marketplace for Tiki Wiki CMS Groupware on Ubuntu 24.04 LTS by cloudimg, select the plan, and create the VM. Standard_B2s is the recommended size. Allow inbound 80 and 22 in the networking step.
Step 2 - Deploy from the Azure CLI
az vm create \
--resource-group my-resource-group \
--name my-tiki-vm \
--image cloudimg:tiki-ubuntu-24-04:default:latest \
--size Standard_B2s \
--admin-username azureuser \
--generate-ssh-keys \
--public-ip-sku Standard
az vm open-port --resource-group my-resource-group --name my-tiki-vm --port 80 --priority 1001
Step 3 - Connect to your VM
ssh azureuser@<vm-public-ip>
Step 4 - Confirm the services are running
Tiki is served by three units: MariaDB holds the content, PHP 8.3 FPM runs Tiki, and nginx serves it on port 80. tiki-firstboot.service is a one shot unit that generates this VM's credentials.
for u in mariadb php8.3-fpm nginx tiki-firstboot; do printf '%-18s %s\n' "$u" "$(systemctl is-active $u)"; done
ss -tlnp | grep -E ':80|:3306'
All four report active, nginx listens on :80, and MariaDB listens only on 127.0.0.1:3306.

Step 5 - Retrieve your administrator password
Every VM generates its own administrator password and its own database password on first boot. They are written to a root only file:
sudo cat /root/tiki-credentials.txt
sudo stat -c '%a %U:%G %n' /root/tiki-credentials.txt
The file is mode 600, owned root:root. TIKI_ADMIN_PASSWORD is the password for the admin account.

Step 6 - Confirm the stack and the health endpoint
php -r 'echo "PHP ".PHP_VERSION;'; echo
mariadb --version | sed 's/,.*//'
curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1/healthz
curl -s http://127.0.0.1/ | grep -o '<title>[^<]*</title>'
/healthz returns 200 (it is an unauthenticated static endpoint intended for Azure Load Balancer probes), and the front page title confirms Tiki is rendering.

Step 7 - Verify the security posture
This image closes the Tiki installer takeover route and ships no default credential. You can verify all of it yourself:
curl -s -o /dev/null -w '%{http_code}\n' http://127.0.0.1/tiki-install.php
ls /var/www/tiki/db/lock
ls /var/www/tiki/tiki-install.php 2>&1 | tail -1
mariadb --protocol=socket -uroot -N -B -e 'SELECT @@bind_address;'
The installer returns 404 and its file is absent, the db/lock file is present (Tiki's own mechanism for disabling the installer), and the database is bound to loopback only.

Step 8 - Open Tiki in your browser
Browse to http://<vm-public-ip>/. The starter HomePage renders immediately.

Step 9 - Sign in as the administrator
Click Log in in the top right, then sign in with the username admin and the TIKI_ADMIN_PASSWORD from Step 5.
Change the password after your first sign in from My Account, and set the site's sender email from the admin panel if you intend to send notifications.
Step 10 - Create and edit wiki pages
Open the Playground page from the HomePage and click Edit. The editor gives you Tiki's full wiki toolbar, and every save keeps a numbered revision so nothing is ever lost.

To see every page and its revision history, go to Wiki -> List Pages.

Step 11 - Turn features on from the admin panel
Tiki ships with far more features than are enabled by default. Open Settings -> Control Panels to enable only what you need: trackers, forums, file galleries, blogs, articles and more.

Step 12 - Confirm your content lives on the dedicated disk
The MariaDB data directory and Tiki's uploads are on the Azure data disk, not the OS disk, so they survive a resize and can be snapshotted independently.
findmnt -no SOURCE,TARGET /data
findmnt -no TARGET /var/lib/mysql
readlink -f /var/www/tiki/files
df -h /data | tail -1
/var/lib/mysql is bind mounted from /data/mysql, and Tiki's files, storage and temp directories resolve under /data/tiki.
Maintenance
Apply Tiki schema updates after an upgrade. The browser installer is removed on this appliance, so schema changes are applied from the console:
sudo -u www-data php /var/www/tiki/console.php database:update
Clear the cache after changing preferences directly in the database:
sudo -u www-data php /var/www/tiki/console.php cache:clear
Back up your site. Everything that matters is on /data: the database and the uploads. Snapshot the data disk, or dump the database:
sudo mariadb-dump --single-transaction tiki | gzip > ~/tiki-backup.sql.gz
Operating system updates are delivered by Ubuntu's unattended upgrades, which remain enabled on this image.
Support
cloudimg provides 24/7 support for this image. Contact support@cloudimg.co.uk.
Tiki Wiki CMS Groupware is licensed under the GNU Lesser General Public License version 2.1. The complete corresponding source for Tiki and for every bundled library is available from the Tiki project at https://tiki.org and, for the exact release packaged here, from https://sourceforge.net/projects/tikiwiki/files/Tiki_29.x_Bellatrix/29.2/. cloudimg will also provide the corresponding source of any LGPL component in this image on written request to support@cloudimg.co.uk for as long as the image is distributed. The image does not include the optional Kaltura API client that upstream bundles, because it is licensed under the GNU Affero General Public License.