Development

Canasta: Download and setup > Hardened image

Table of contents

Hardened image ("Iron Bank Canasta")

The United States Department of Defense (DoD) publicly releases a hardened version of Canasta, which means it's been specially patched and vetted to be secure enough for internal use in the U.S. military. While it might be a version or two behind, it has been cleared of security vulnerabilities by the DoD.

The hardened version of Canasta (Iron Bank Canasta) has significant internal changes made, but aims to replicate the functionality offered by the standard release. Changes notably include, but not limited to:

Canasta 1.2.0, MediaWiki 1.35.8: registry1.dso.mil/ironbank/opensource/canastawiki/canasta:1.35.8

Repository: https://repo1.dso.mil/dsop/opensource/canastawiki/canasta

Disclaimer: The U.S. Department of Defense does not sponsor or endorse Canasta in any way, but is kind enough to make their hardened version of Canasta available to the public. Similarly, the Canasta Project does not offer any guarantees that Iron Bank Canasta will function the exact same way as standard Canasta. Neither the Canasta Project nor the DoD provides official support for Iron Bank Canasta.

Setup instructions

1. Create dso.mil account

Make an account on dso.mil below, which requires MFA or DoD Common Access Card but is open to the public.

https://login.dso.mil/register

2. Get credentials

Once signed in, access Registry 1 to retrieve your username and personal CLI secret for Docker login. (This is analogous to a personal access token on GitHub.)

https://registry1.dso.mil/

At top right, choose your profile > CLI secret > copy

3. Log in to dso.mil

In the terminal of your Docker environment, connect Docker with the registry:

docker login https://registry1.dso.mil/ 

The first time you run this, it will prompt for your username and password. Use the credentials from Step 2, with password='CLI secret' (i.e. the personal access token) from your user profile at https://registry1.dso.mil/.

4. Download Iron Bank images

Pull the images to your machine:

docker pull registry1.dso.mil/ironbank/opensource/canastawiki/canasta:1.35.6
docker pull registry1.dso.mil/ironbank/opensource/mariadb/mariadb:10.6.7

5. Switch to using these images

Change the image your orchestrator uses (by editing docker-compose.override.yml if you use our Docker Compose stack) to the following:

For instance, the docker-compose.override.yml file might look like this:

version: '3.7'
# The above version is the Docker Compose manifest's version, not the Canasta Docker Compose stack's version.
#
# --- Canasta Stack for Docker Compose ---
#
# If you need to make changes to the stack, make them here.
# Only edits to docker-compose.override.yml are officially supported by Canasta.
#
# Uncomment the commented services and add lines below them if you would like to make additional customizations to them.
services:
  db:
    image: registry1.dso.mil/ironbank/opensource/mariadb/mariadb:10.6.7
  web:
    image: registry1.dso.mil/ironbank/opensource/canastawiki/canasta:1.35.8
  #elasticsearch:
  #caddy:
  #varnish:

6. Additional setup

Additional considerations, such as Apache now using port 8080 instead of 80, should be made when adapting your wiki to using Iron Bank Canasta.

After initial setup

It will be necessary to repeat the above login steps for each new session to relogin.