Difference between revisions of "Mediawiki Install FC6"

From Aktivix
Jump to: navigation, search
(apache conf)
Line 1: Line 1:
 
See also [[MediaWiki_Install]]
 
See also [[MediaWiki_Install]]
  
The documention here is based on the FC6 mediawiki and having multiple wiki's running all on the same ip address, on different domain names, with all http port 80 requests redirected to port 443 and a [http://cacert.org/ CAcert cert] with all the domain names.
+
The documention here is based on the FC6 mediawiki and having multiple wiki's running all on the same ip address, on different domain names, with all http port 80 requests redirected to port 443 and a [http://cacert.org/ CAcert cert] containing all the domain names -- this isn't a common setup...
  
 
==Install==
 
==Install==
Line 60: Line 60:
 
== Site Install and Upgrade Script ==
 
== Site Install and Upgrade Script ==
  
Create this script /root/bin/mediawiki-install, which is based on [http://www.steverumberg.com/wiki/index.php/WikiHelp this document]:
+
Create the following script /root/bin/mediawiki-install, which is based on [http://www.steverumberg.com/wiki/index.php/WikiHelp this document]. This script uses elinks and  you can turn off the elinks cache bu adding these two lines to ~/.elinks
 +
 
 +
set document.cache.format.size = 0
 +
set document.cache.memory.size = 0
  
 
<pre>
 
<pre>

Revision as of 14:58, 24 January 2007

See also MediaWiki_Install

The documention here is based on the FC6 mediawiki and having multiple wiki's running all on the same ip address, on different domain names, with all http port 80 requests redirected to port 443 and a CAcert cert containing all the domain names -- this isn't a common setup...

Install

Fedora Core six has packaged mediawiki, and also seems to come with more apache packages that needed:

rpm -e mod_python mod_perl
yum install mediawiki mysql-server php-eaccelerator
chkconfig mysqld on
chkconfig httpd on
service mysqld start
service httpd start
mysqladmin -u root password 'new-password'

Then, following the wiki farm notes

elinks http://localhost/mediawiki/config/index.php

The fill in the following values (the rest can be the defaults):

Wiki name:             TestWiki1
Contact e-mail:        mediawiki @ aktivix.org
Admin username:        WikiSysop
Password:              *****
Password cobfirm:      *****
Shared memory caching: 
  * (X) eAccelerator
Database name:         testwiki1
DB username:           testwiki1user
DB password:           *****
DB password confirm:   *****
Superuser account:     root
Superuser password:    *****

Create a MySQL account for AdminSettings.php:

mysql -uroot -p mysql
mysql> GRANT ALL PRIVILEGES ON *.* TO 'wikiadmin'@'localhost'
  -> IDENTIFIED BY '****' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)

And move the sample file and then add the password to it:

cd /var/www/mediawiki
mv AdminSettings.sample AdminSettings.php

Then

cd /var/www/mediawiki
mv config/LocalSettings.php LocalSettings.php
chown root.root LocalSettings.php 
chmod 644 LocalSettings.php 

Then restart apache and the wiki should be working at http://localhost/mediawiki/

Site Install and Upgrade Script

Create the following script /root/bin/mediawiki-install, which is based on this document. This script uses elinks and you can turn off the elinks cache bu adding these two lines to ~/.elinks

set document.cache.format.size = 0
set document.cache.memory.size = 0
#!/bin/bash

# based on http://www.steverumberg.com/wiki/index.php/WikiHelp

BASE_DIR="/var/www"
MEDIAWIKI_FILES="/var/www/mediawiki"
HTTPD_VHOSTS_DIR="/etc/httpd/vhosts.d"

if [[ -z $1 ]]; then
  echo "The first argument should be the new wiki SERVER_NAME"
  exit
fi

WIKI_NAME="$1"
DATE=`date "+%Y-%m-%d"`

if [[ -d $BASE_DIR/$WIKI_NAME ]]; then
  echo "$WIKI_NAME exists, upgrading"
  echo ""
  UPGRADE="1"
fi

# make the directory for the site
if [[ -z $UPGRADE ]]; then
  mkdir $BASE_DIR/$WIKI_NAME
fi

# change to the sites directory
cd $BASE_DIR/$WIKI_NAME

if [[ -z $UPGRADE ]]; then
  #make some dirs 
  mkdir {images,config}
  # fix the ownership
  chown -R apache.apache {images,config}
fi

# create the sym link tree
for name in `ls $MEDIAWIKI_FILES`
do
  if [[ -e $name ]]; then
    echo "$name exists already, skipping" 
  else
    ln -s $MEDIAWIKI_FILES/$name
  fi
done

# remove the LocalSettings.php sym link
if [[ -L LocalSettings.php ]]; then
  rm LocalSettings.php
else
  if [[ -f LocalSettings.php ]]; then
    echo "LocalSettings.php already exists"
  else
    echo "LocalSettings.php doesn't exist"
  fi
fi

# copy over the installer
cd $BASE_DIR/$WIKI_NAME/config
if [[ -e index.php ]]; then
  echo "config/index.php already exists, skipping"
else
  cp $MEDIAWIKI_FILES/config/index.php .
fi

# create the apache config
if [[ -z $UPGRADE ]]; then
  HTTPD_CONF=$HTTPD_VHOSTS_DIR/$WIKI_NAME
(
cat <<EOF
# Editor: vim:syn=apache
# Mediawiki for $WIKI_NAME
# Installed on $DATE
# Generated by $0

<VirtualHost *:443>
  ServerName $WIKI_NAME
  ServerSignature Off
  UseCanonicalName On
  CustomLog logs/$WIKI_NAME-ssl_access_log combined
  ErrorLog logs/$WIKI_NAME-ssl_error_log
  SSLEngine on
  SSLCipherSuite HIGH
  SSLProtocol all -SSLv2
  SSLCertificateFile /etc/httpd/conf/server.pem
  SSLCertificateKeyFile /etc/httpd/conf/privatekey.pem
  DocumentRoot "$BASE_DIR/$WIKI_NAME"
  <Directory "$BASE_DIR/$WIKI_NAME">
    DirectoryIndex index.php
    AddType 'image/x-icon' .ico
    AddHandler php5-script .php
    AddType text/html .php
    SSLOptions +StdEnvVars
    AllowOverride None
    order allow,deny
    allow from all
  </Directory>
  <Directory "$BASE_DIR/$WIKI_NAME/images">
    Options Indexes
    RemoveHandler .php
    AllowOverride None
    order allow,deny
    allow from all
  </Directory>
  <Directory "$BASE_DIR/$WIKI_NAME/skins">
    Options Indexes
    RemoveHandler .php
    AllowOverride None
    order allow,deny
    allow from all
  </Directory>
  <Location $BASE_DIR/$WIKI_NAME/config>
    Order deny,allow
    Deny from all
    Allow from 127.0.0.1
  </Location>
  <Location $BASE_DIR/$WIKI_NAME/includes>
    Deny from all
  </Location>
  <Location $BASE_DIR/$WIKI_NAME/languages>
    Deny from all
  </Location>
  <Location $BASE_DIR/$WIKI_NAME/maintenance>
    Deny from all
  </Location>
  <Location $BASE_DIR/$WIKI_NAME/math>
    Deny from all
  </Location>
  Include conf/error-docs.conf
  RewriteEngine on
  RewriteRule ^/(images|skins|uploads|config|icons|error)/ - [L]
  RewriteRule ^/(favicon\.ico|robots\.txt)$ - [L]
  RewriteRule ^/(.*) /index.php/$1 [QSA]
</VirtualHost>

EOF
) > $HTTPD_CONF
fi

# service restart httpd 
# elinks https://$WIKI_NAME/config/index.php
# mv config/LocalSettings.php .
# rm config/index.php

Apache Configuration

The following things were changed from the defaults in /etc/httpd/conf/httpd.conf

# remove some modules
LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
#LoadModule authn_file_module modules/mod_authn_file.so
#LoadModule authn_alias_module modules/mod_authn_alias.so
#LoadModule authn_anon_module modules/mod_authn_anon.so
#LoadModule authn_dbm_module modules/mod_authn_dbm.so
#LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
#LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
#LoadModule authz_dbm_module modules/mod_authz_dbm.so
#LoadModule authz_default_module modules/mod_authz_default.so
#LoadModule ldap_module modules/mod_ldap.so
#LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
#LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
#LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
#LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
#LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
#LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
#LoadModule info_module modules/mod_info.so
#LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
#LoadModule actions_module modules/mod_actions.so
#LoadModule speling_module modules/mod_speling.so
#LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
#LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
#LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
#LoadModule suexec_module modules/mod_suexec.so
#LoadModule disk_cache_module modules/mod_disk_cache.so
#LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so

UseCanonicalName On 

# don't log ip's
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat "0.0.0.0 %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined


#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml

And in /etc/httpd/conf.d/php.conf

#AddHandler php5-script .php
#AddType text/html .php

#DirectoryIndex index.php

Create a new file that can be included for error documents, /etc/httpd/conf/error-docs.conf

# Editor: vim:syn=apache

Alias /error/ "/var/www/error/"
<IfModule mod_negotiation.c>
  <IfModule mod_include.c>
    <Directory "/var/www/error">
        AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow,deny
        Allow from all
        LanguagePriority en es de fr
        ForceLanguagePriority Prefer Fallback
    </Directory>
    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
    ErrorDocument 410 /error/HTTP_GONE.html.var
    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
  </IfModule>
</IfModule>


And an apache conf file for including the VirtualHosts, /etc/httpd/conf.d/vhosts.conf

# Editor: vim:syn=apache

NameVirtualHost *:80
<VirtualHost>
  ServerName wiki.aktivix.org
  ServerSignature Off
  UseCanonicalName Off
  AddDefaultCharset UTF-8
  ScriptAlias / "/var/www/cgi-bin/index.pl/"
  <Directory "/var/www/cgi-bin">
    AllowOverride None
    Options ExecCGI
    Order allow,deny
    Allow from all
  </Directory>
</VirtualHost>

NameVirtualHost *:443
Include vhosts.d/*

And the whole VirtualHost in /etc/httpd/conf.d/ssl.conf was commented out.

Redirect script

Create this as /var/www/cgi-bin/index.pl to redirect port 80 requests to port 443:

#!/usr/bin/perl -wT 

# Redirect all http requests to https
my $server_name = "$ENV{'SERVER_NAME'}";
my $location = "";
my $path_info = "$ENV{'PATH_INFO'}";

# for some sites we need an extra redirect if www is missed off
if ($server_name eq "sheffieldagainstwar.org.uk") {
  $server_name = "https://www.sheffieldagainstwar.org.uk";
}
else {
  $server_name = "$ENV{'SERVER_NAME'}";
}

# construct the url and redirect
$location = "https://" . "$server_name" . "$path_info";
print qq~Location: $location

~;

1;

General FC6 configuration

This server isn't doing anything apart from media wiki so some things can be turned off:

/sbin/chkconfig bluetooth off
/sbin/chkconfig cups off
/sbin/chkconfig firstboot off
/sbin/chkconfig isdn off
/sbin/chkconfig netfs off
/sbin/chkconfig nfslock off
/sbin/chkconfig portmap off