MediaWiki Install

From Aktivix
Jump to: navigation, search

MediaWiki Install notes

This site and the other wiki's running on this server are updated and installed using a few scripts.

The mediawiki-install install script is for setting up a new site and it will take you through the install process, opening links for the web based install interface, and it will generate all the Apache and MediaWiki config files and it will generate a cacert.org csr which includes all the ServerNames and ServerAliases that Apache is using. If you have the MySQL root password then it'll also create the database for you.

The mediawiki-update script is a lot simpler and doesn't require any user interaction, just run it after a new version of the code has been extracted and symlinked.

mediawiki-install

This script is used for installing sites:

#!/bin/bash
 
# based on http://www.steverumberg.com/wiki/index.php/WikiHelp
 
BASE_DIR="/var/www/mediawiki-vhosts"
MEDIAWIKI_FILES="/var/www/mediawiki"
MEDIAWIKI_EXTRA_FILES="/var/www/mediawiki-extra-files"
HTTPD_VHOSTS_SSL_DIR="/etc/httpd/vhosts-ssl.d"
HTTPD_VHOSTS_DIR="/etc/httpd/vhosts.d"
WIKI_NAME="$1"
DATE=`date "+%Y-%m-%d_%H-%M-%S"`
RSYNC="rsync -qa"
# cacert variables
CERTS_DIR="/etc/httpd/conf/certs"
CERTS_DIR_NEW="$CERTS_DIR/.$DATE"
HOST="mediawiki"
COMMONNAME="wiki.aktivix.org"
 
# check for input
if [[ -z $1 ]]; then
  echo "The first argument should be the new wiki SERVER_NAME"
  exit
fi
 
# if the base directory doesn't exist then create it
if [[ ! -d $BASE_DIR ]]; then
  mkdir -p $BASE_DIR
fi 
 
if [[ -d $BASE_DIR/$WIKI_NAME ]]; then
  echo "$WIKI_NAME exists, you may still want to run the web installer to upgrade"
  echo "but you need to agree to LocalSettings.php to be deleted for the"
  echo "web based upgrade to run, or you could use mediawiki-upgrade"
fi
 
# make the directory for the site
if [[ ! -d $BASE_DIR/$WIKI_NAME ]]; then 
  mkdir $BASE_DIR/$WIKI_NAME
fi
 
# change to the sites directory
cd $BASE_DIR/$WIKI_NAME
 
# create the images directory
if [[ ! -d images ]]; then
  mkdir images
fi
# chown images
chown -R apache.apache images
 
# create the config directory
if [[ ! -d config ]]; then
  mkdir config 
fi
# chown config
chown -R apache.apache config 
 
# copy the mediawiki files over
printf "Do you want to copy the files from $MEDIAWIKI_FILES? (y or return to skip): "
read RSYNC_FILES 
if [[ "$RSYNC_FILES" = "y" ]]; then
  $RSYNC --exclude 'config/' --exclude 'images/' --exclude 'favicon.ico' --exclude 'LocalSettings.php' --exclude 'AdminSettings.php' $MEDIAWIKI_FILES/ $BASE_DIR/$WIKI_NAME/ 
  if [[ ! -d skins/common ]]; then
    mkdir -p skins/common 
  fi
  $RSYNC $MEDIAWIKI_FILES/skins/common/ $BASE_DIR/$WIKI_NAME/skins/common/
fi
 
# copy the mediawiki extra files over
printf "Do you want to copy the files from $MEDIAWIKI_EXTRA_FILES? (y or return to skip): "
read RSYNC_EXTRA_FILES
if [[ "$RSYNC_EXTRA_FILES" = "y" ]]; then
  $RSYNC $MEDIAWIKI_EXTRA_FILES/ $BASE_DIR/$WIKI_NAME/
fi
 
# create a symlink for icons and favicon.ico 
if [[ ! -e icons ]]; then
  ln -s /var/www/icons
fi
if [[ ! -e favicon.ico ]]; then
  ln -s images/favicon.ico  
fi
 
# LocalSettings.php
if [[ -f LocalSettings.php ]]; then
  printf "LocalSettings.php exists - back it up and regenerate it? (y or return to skip): "
  read MV_LOCALSETTINGS
  if [[ "$MV_LOCALSETTINGS" = "y" ]]; then
    # backup old LocalSettings.php file
    echo "When running the webbased installer you will need these values:"
    grep wgDB LocalSettings.php
    mv LocalSettings.php .LocalSettings.php.$DATE.bak
    # delete the sym link to AdminSettings.php
    if [[ -f AdminSettings.php ]]; then
      rm AdminSettings.php
    else
      echo "AdminSettings.php didn't exist"
    fi
  fi
else
  echo "LocalSettings.php didn't exist"
fi
 
# copy over the installer
cd $BASE_DIR/$WIKI_NAME/config
if [[ -e index.php ]]; then
  echo "config/index.php already exists, skipping"
else
  cp $MEDIAWIKI_FILES/config/index.php .
fi
if [[ -e LocalSettings.php ]]; then
  echo "config/LocalSettings.php exists - this indicates that the last install didn't complete"
  rm LocalSettings.php
fi
 
cd $BASE_DIR/$WIKI_NAME
 
# do you want the apache ssl config backed up?
HTTPD_SSL_CONF=$HTTPD_VHOSTS_SSL_DIR/$WIKI_NAME
if [[ -f $HTTPD_SSL_CONF ]]; then
  printf "$HTTPD_SSL_CONF exists, do you want to back it up and regenerate it? (y or return to skip): "
  read MV_HTTPD_SSL
  if [[ "$MV_HTTPD_SSL" = "y" ]]; then
    # backup old httpd.conf file
    mv $HTTPD_SSL_CONF $HTTPD_VHOSTS_SSL_DIR/.$WIKI_NAME.$DATE.bak \
      && echo "$HTTPD_SSL_CONF has been moved to $HTTPD_VHOSTS_SSL_DIR/.$WIKI_NAME.$DATE.bak" \
      || echo "There was a problem moving $HTTPD_SSL_CONF to $HTTPD_VHOSTS_SSL_DIR/.$WIKI_NAME.$DATE.bak"
  fi
fi
 
# do you want the apache config backed up?
HTTPD_CONF=$HTTPD_VHOSTS_DIR/$WIKI_NAME
if [[ -f $HTTPD_CONF ]]; then
  printf "$HTTPD_CONF exists, do you want to back it up and regenerate it? (y or return to skip): "
  read MV_HTTPD
  if [[ "$MV_HTTPD" = "y" ]]; then
    # backup old httpd.conf file
    mv $HTTPD_CONF $HTTPD_VHOSTS_DIR/.$WIKI_NAME.$DATE.bak \
      && echo "$HTTPD_CONF has been moved to $HTTPD_VHOSTS_DIR/.$WIKI_NAME.$DATE.bak" \
      || echo "There was a problem moving $HTTPD_CONF to $HTTPD_VHOSTS_DIR/.$WIKI_NAME.$DATE.bak"
  fi
fi
 
# if the apache ssl config doesn't exist then create it
if [[ ! -f $HTTPD_SSL_CONF ]]; then
  # get Server_Alias'
  echo "If you want any Server_Aliases please enter them now"
  ALIAS=1           # bogus value to begin the loop
  SERVER_ALIAS=""   # sanitize
  while [[ ! "$ALIAS" = "" ]]; do
    printf "Server_Alias: "
    read ALIAS 
    if [[ "$ALIAS" = "" ]]; then break; fi # end of input
    if [[ "$SERVER_ALIAS" = "" ]]; then
        SERVER_ALIAS="$ALIAS"
    else
        SERVER_ALIAS="$SERVER_ALIAS $ALIAS"
    fi
  done
 
  # do we want the whole site password protected?
  printf "Should the whole site be password protected? (y or return to skip): "
  read HTAUTH 
  if [ "$HTAUTH" = "y" ]; then
    # overwrite the existing htpasswd file?
    if [[ -f .htpasswd ]]; then 
      printf "A .htpasswd file exists, do you want to delete it and recreate it? (y or return to skip): "
      read RM_HTPASSWD_FILE 
      if [[ "$RM_HTPASSWD_FILE" = "y" ]]; then
        shred -n 10 -u -z .htpasswd && echo ".htpasswd file shredded" || echo "There was a problem shredding the .htpasswd file"
      fi
    fi
    # generate a new .htpasswd file, ask for the username
    if [[ ! -f .htpasswd ]]; then 
      printf "Please enter the Username for access to the site: "
      read HT_USERNAME
      if [[ "$HT_USERNAME" ]]; then
        # ask for the passwd 
        printf "Pleae enter the Password for access to the site: "
        read HT_PASSWORD
        if [[ "$HT_PASSWORD" ]]; then
          htpasswd -nb $HT_USERNAME $HT_PASSWORD > .htpasswd \
            && echo ".htpasswd file created" \
            || echo "There was a problem creating the .htpasswd file"  
        else
          echo "You didn't enter a Password!"  
        fi
      else
        echo "You didn't enter a Username!"  
      fi
    fi
  fi
 
(
cat <<EOF
# Mediawiki for $WIKI_NAME
# Installed on $DATE
# Generated by $0
 
<VirtualHost *:443>
  ServerName $WIKI_NAME
EOF
) > $HTTPD_SSL_CONF
 
if [[ $SERVER_ALIAS ]]; then
 
(
cat <<EOF
  ServerAlias $SERVER_ALIAS
EOF
) >> $HTTPD_SSL_CONF
 
fi
 
(
cat <<EOF
  ServerSignature Off
  UseCanonicalName On
  CustomLog logs/$WIKI_NAME-ssl_access_log combined
  ErrorLog logs/$WIKI_NAME-ssl_error_log
  SSLEngine on
  SSLCipherSuite HIGH
  SSLProtocol all -SSLv2
  SSLCertificateFile $CERTS_DIR/$HOST-cert.pem
  SSLCertificateKeyFile $CERTS_DIR/$HOST-privatekey.pem
  DocumentRoot "$BASE_DIR/$WIKI_NAME"
  <Directory "$BASE_DIR/$WIKI_NAME">
    DirectoryIndex index.php
    AddType 'image/x-icon' .ico
    AddHandler php5-script .php
    AddType text/html .php
    SSLOptions +StdEnvVars
    AllowOverride None
EOF
) >> $HTTPD_SSL_CONF
 
# check if we have a .htpasswd file
if [[ -f .htpasswd ]]; then
 
(   
cat <<EOF
    AuthUserFile /var/www/mediawiki-vhosts/$WIKI_NAME/.htpasswd
    AuthType Basic
    AuthName "$WIKI_NAME is a private site"
    require valid-user
    order allow,deny
    allow from all
EOF
) >> $HTTPD_SSL_CONF
 
else
 
(
cat <<EOF
    order allow,deny
    allow from all
EOF
) >> $HTTPD_SSL_CONF
 
fi
 
(
cat <<EOF
  </Directory>
  <Directory "$BASE_DIR/$WIKI_NAME/images">
    Options Indexes
    RemoveHandler .php
    AllowOverride None
    order allow,deny
    allow from all
  </Directory>
  <Location /config>
    Order deny,allow
    Deny from all
    Include conf/allow-hosts.conf 
  </Location>
  <Location /includes>
    Deny from all
  </Location>
  <Location /languages>
    Deny from all
  </Location>
  <Location /maintenance>
    Deny from all
  </Location>
  <Location /math>
    Deny from all
  </Location>
  Include conf/error-docs.conf
  Include conf/mediawiki-rewrite.conf
</VirtualHost>
 
EOF
) >> $HTTPD_SSL_CONF
 
# restart apache
/etc/init.d/httpd restart 
fi
 
# do we want the site to be available via port 80?
if [[ -f .htpasswd ]]; then
  # the site has a .htpasswd file therefore we don't want a port 80 VirtualHost since
  # we are not going to transmit unencrypted passwords
  # rm the port 80 virtual host if it exists
  if [[ -f $HTTPD_CONF ]]; then
    rm $HTTPD_CONF && echo "$HTTPD_CONF was deleted because this is a password protected site" || echo "there was a problem deleting $HTTPD_CONF"
  fi 
else
 if [[ -f $HTTPD_CONF ]]; then
   printf "$HTTPD_CONF doesn't exist, do you this wiki to be available read-only, unencrypted? (y or return to skip): "
   read HTTPD_80
   if [[ "$HTTPD_80" = "y" ]]; then
     # get Server_Alias'
     SERVER_ALIAS=`grep -h ServerAlias $HTTPD_VHOSTS_SSL_DIR/$HTTPD_SSL_CONF | sed  s/ServerAlias//g `
 
(
cat <<EOF
# Mediawiki for $WIKI_NAME
# Installed on $DATE
# Generated by $0
 
<VirtualHost *:80>
  ServerName $WIKI_NAME
EOF
) > $HTTPD_CONF
 
if [[ $SERVER_ALIAS ]]; then
 
(
cat <<EOF
  ServerAlias $SERVER_ALIAS
EOF
) >> $HTTPD_CONF
 
fi
 
(
cat <<EOF
  ServerSignature Off
  UseCanonicalName On
  CustomLog logs/$WIKI_NAME-_access_log combined
  ErrorLog logs/$WIKI_NAME-_error_log
  DocumentRoot "$BASE_DIR/$WIKI_NAME"
  <Directory "$BASE_DIR/$WIKI_NAME">
    DirectoryIndex index.php
    AddType 'image/x-icon' .ico
    AddHandler php5-script .php
    AddType text/html .php
    SSLOptions +StdEnvVars
    AllowOverride None
    order allow,deny
    allow from all
  </Directory>
  <Directory "$BASE_DIR/$WIKI_NAME/images">
    Options Indexes
    RemoveHandler .php
    AllowOverride None
    order allow,deny
    allow from all
  </Directory>
  <Location /config>
    Order deny,allow
    Deny from all
    Include conf/allow-hosts.conf 
  </Location>
  <Location /includes>
    Deny from all
  </Location>
  <Location /languages>
    Deny from all
  </Location>
  <Location /maintenance>
    Deny from all
  </Location>
  <Location /math>
    Deny from all
  </Location>
  Include conf/error-docs.conf
  Include conf/mediawiki-rewrite.conf
</VirtualHost>
EOF
) >> $HTTPD_CONF
 
    # restart apache
    /etc/init.d/httpd restart 
    fi
  fi
fi
 
 
# open the web based installer
printf "Open the webbased installer using elinks? (y or return to skip): "
read WEB_INSTALLER 
if [[ "$WEB_INSTALLER" = "y" ]]; then
  elinks https://$WIKI_NAME/config/index.php 
fi
 
# move the new config file into place 
# and munge it  
if [[ -f config/LocalSettings.php ]]; then
# change some lines and delete the ?> at the end of the file
# not all these lines are now needed
sed '
s/^\$wgScript           = "\$wgScriptPath\/index.php";/$wgScript           = "\/index.php";/
s/^\$wgScriptPath       = "";/$wgScriptPath       = "";/
s/^\$wgScriptPath       = "\/mediawiki";/$wgScriptPath       = "";/
s/^\$wgRedirectScript   = "\$wgScriptPath\/redirect.php";/$wgRedirectScript   = "\/redirect.php";/
s/^\$wgArticlePath      = "\$wgScript?title=\$1";/$wgArticlePath      = "\/$1";/
s/^\$wgArticlePath      = "\$wgScript\/\$1";/$wgArticlePath      = "\/$1";/
s/^\$wgStylePath        = "\$wgScriptPath\/skins";/$wgStylePath        = "\/skins";/
s/^\$wgLogo             = "\$wgStylePath\/common\/images\/wiki.png";/$wgLogo             = "\/images\/wiki.png";/
s/^\$wgUploadPath       = "\$wgScriptPath\/images";/$wgUploadPath       = "\/images";/
s/^\$wgEnableUploads       = false;/$wgEnableUploads       = true;/
/^\?>$/d
' config/LocalSettings.php > LocalSettings.php 
# add some more rules to the end of the file
(
cat <<EOF
# file types for uploads
\$wgUploadSizeWarning = 6000 * 3000;
\$wgMimeDetectorCommand = "file -bi";
\$wgFileExtensions = array( 'avi', 'mp3', 'rm', 'mpg', 'mpeg', 'mp4', 'svg', 'png', 'gif', 'jpg', 'jpeg', 'pdf', 'rtf', 'doc', 'txt', 'ppt', 'odp', 'odc', 'odf', 'odg', 'odi', 'odif', 'odm', 'ods', 'odt', 'otc', 'otf', 'otg', 'oth', 'oti', 'otp', 'ots', 'ott', 'psd', 'ai', 'eps', 'tif');
 
# Config for nice URL's
\$wgScript           = "/index.php";
\$wgRedirectScript   = "/redirect.php";
\$wgArticlePath      = "/\$1";
 
# Logo
\$wgLogo             = "/images/wiki.png";
 
# No anonymous editing allowed -
\$wgGroupPermissions['*']['edit'] = false;
 
# allow users to be banned
\$wgSysopUserBans = true;
 
# spambot
\$wgSpamRegex="/overflow:.*auto|display:.*none|wifiguide.org/";
 
# Mediawiki for $WIKI_NAME
# Installed on $DATE
# Generated by $0
# Don't manually edit this file since an upgrade will overwrite it!
 
?>
EOF
) >> LocalSettings.php
 
else
  echo "Something might have gone wrong, no $BASE_DIR/$WIKI_NAME/config/LocalSettings.php file was generated"
fi
 
# delete the installer
rm -rf config/
 
# reinstate the AdminSettings.php symlink
if [[ -e AdminSettings.php ]]; then
  echo "AdminSettings.php exists already"
else
  cp -a $MEDIAWIKI_EXTRA_FILES/AdminSettings.php .
fi
 
# generate a csr
printf "Generate a new cacert.org cert? (y or return to skip): "
read CACERT_GEN 
if [[ "$CACERT_GEN" = "y" ]]; then
 
  # http://wiki.cacert.org/wiki/VhostTaskForce#head-5868dc7fb125370f7ae8931cd77f03aeb966ad53
 
  # be safe about permissions
  LASTUMASK=`umask`
  umask 077
 
  # if the certs directory doesn't exist then create it
  if [[ ! -d $CERTS_DIR_NEW ]]; then
    mkdir -p $CERTS_DIR_NEW 
  fi
 
  # create a config file for openssl
  CONFIG=`mktemp -q /tmp/openssl-conf.XXXXXXXX`
  if [[ ! $? -eq 0 ]]; then
      echo "Could not create temporary config file. exiting"
      exit 1
  fi
 
  # get the ServerNames
  SERVER_NAMES=`grep -h ServerName $HTTPD_VHOSTS_SSL_DIR/* | sed  s/ServerName//g `
  for name in $SERVER_NAMES
    do
      if [[ "$SANAMES" = "" ]]; then
          SANAMES="DNS:$name"
      else
          SANAMES="$SANAMES, DNS:$name"
      fi
  done
 
  # get the ServerAliases 
  SERVER_ALIASES=`grep -h ServerAlias $HTTPD_VHOSTS_SSL_DIR/* | sed  s/ServerAlias//g `
  for name in $SERVER_ALIASES
    do
      if [[ "$SANAMES" = "" ]]; then
          SANAMES="DNS:$name"
      else
          SANAMES="$SANAMES, DNS:$name"
      fi
  done
 
# Config File Generation
cat <<EOF > $CONFIG
# -------------- BEGIN custom openssl.cnf -----
 HOME                    = $CERTS_DIR_NEW
 oid_section             = new_oids
 [ new_oids ]
 [ req ]
 default_days            = 730
 default_keyfile         = $CERTS_DIR_NEW/${HOST}-privatekey.pem
 distinguished_name      = req_distinguished_name
 encrypt_key             = no
 string_mask             = nombstr
 req_extensions          = v3_req 
 [ req_distinguished_name ]
 commonName              = Common Name (eg, YOUR name)
 commonName_default      = $COMMONNAME
 commonName_max          = 64
 [ v3_req ]
EOF
 
  if [[ ! "$SANAMES" = "" ]]; then
      echo "subjectAltName = $SANAMES" >> $CONFIG
  fi
 
  echo "# -------------- END custom openssl.cnf -----" >> $CONFIG
 
  echo "Running OpenSSL..."
  openssl req -batch -config $CONFIG -newkey rsa:2048 -out ${CERTS_DIR_NEW}/${HOST}-csr.pem
 
  echo "Copy the following Certificate Request and paste into CAcert website to obtain a Certificate."
  echo "When you receive your certificate, you save it to"
  echo "${CERTS_DIR_NEW}/${HOST}-cert.pem"
  echo
  cat ${CERTS_DIR_NEW}/${HOST}-csr.pem
  echo
  echo The Certificate request is also available in ${CERTS_DIR_NEW}/${HOST}-csr.pem
  echo The Private Key is stored in ${CERTS_DIR_NEW}/${HOST}-privatekey.pem
  echo These will all need moving to ${CERTS_DIR}, like this:
  echo mv ${CERTS_DIR_NEW}/\* ${CERTS_DIR}/ 
  echo
 
  rm $CONFIG
 
  #restore umask
  umask $LASTUMASK
fi
 
echo "Now test your wiki! https://$WIKI_NAME/"

mediawiki-upgrade

Download the latest release from http://www.mediawiki.org/ into /var/www/ and then extract it, delete the mediawiki symlink and link to the new directory, for example:

cd /var/www/
wget http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.0.tar.gz
tar -zxvf mediawiki-1.15.0.tar.gz 
rm mediawiki
ln -s mediawiki-1.15.0 mediawiki

The run the upgrade script:

#!/bin/bash
 
BASE_DIR="/var/www/mediawiki-vhosts"
MEDIAWIKI_FILES="/var/www/mediawiki"
WIKIS=`ls $BASE_DIR`
 
# rsync the files
for name in $WIKIS
  do
    echo ""
    echo "Updating the files for $name"
    rsync -aq --exclude favicon.ico --exclude images --exclude config --exclude LocalSettings.php --exclude AdminSettings.php /var/www/mediawiki/ $BASE_DIR/$name/
done
 
# run the database upgrade
for name in $WIKIS
  do
    cd $BASE_DIR/$name/maintenance
    echo ""
    echo "Updating the database for $name"
    php update.php
    echo "Updating the links tables for $name"
    php refreshLinks.php
done

mediawiki-rewrite.conf

This bit of Apache configuration is Included into the port 443 and port 80 VirtualHosts:

# Allow rewriting URLs
RewriteEngine On
 
# Logins
RewriteCond %{SERVER_PORT} !443
RewriteRule ^/Special:UserLogin(.*) https://%{SERVER_NAME}/Special:UserLogin$1 [R,L]
RewriteRule ^/Spezial:Anmelden(.*) https://%{SERVER_NAME}/Spezial:Anmelden$1 [R,L]
 
RewriteCond %{SERVER_PORT} !443
RewriteCond %{QUERY_STRING} ^(.*)title=Spezial:Anmelden [OR]
RewriteCond %{QUERY_STRING} ^(.*)title=Special:UserLogin [OR]
RewriteCond %{QUERY_STRING} ^(.*)title=Special:Userlogin
RewriteRule ^/(.*) https://%{SERVER_NAME}/index.php?%{QUERY_STRING} [L,R]
 
# Static files
RewriteCond %{REQUEST_URI} !^/(config|skins|images|icons|error)/
RewriteCond %{REQUEST_URI} !^/(index|redirect|api|opensearch_desc|profileinfo|redirect|thumb|trackback).php
RewriteCond %{REQUEST_URI} !^/favicon.ico
RewriteCond %{REQUEST_URI} !^/robots.txt
RewriteRule ^/(.*) /index.php/$1 [L]