Mediawiki Install FC6

From Aktivix
Revision as of 00:52, 24 November 2010 by Upyxyjujynu (Talk | contribs)

Jump to: navigation, search

See also MediaWiki_Install

The documention here is based on the FC6 mediawiki and having multiple wiki's running all on the same ip address, on different domain names, with all http port 80 requests redirected to port 443 and a CAcert cert containing all the domain names -- this isn't a common setup...

Install

Fedora Core six has packaged mediawiki, and also seems to come with more apache packages that needed:

rpm -e mod_python mod_perl
yum install mediawiki mysql-server php-eaccelerator
chkconfig mysqld on
chkconfig httpd on
service mysqld start
service httpd start
mysqladmin -u root password 'new-password'

Then, following the wiki farm notes

<pre> elinks http://localhost/mediawiki/config/index.php </pre>

The fill in the following values (the rest can be the defaults):

Wiki name:             TestWiki1
Contact e-mail:        mediawiki @ aktivix.org
Admin username:        WikiSysop
Password:              *****
Password cobfirm:      *****
Shared memory caching: 
  * (X) eAccelerator
Database name:         testwiki1
DB username:           testwiki1user
DB password:           *****
DB password confirm:   *****
Superuser account:     root
Superuser password:    *****

Create a MySQL account for AdminSettings.php:

mysql -uroot -p mysql
mysql> GRANT ALL PRIVILEGES ON *.* TO 'wikiadmin'@'localhost'
  -> IDENTIFIED BY '****' WITH GRANT OPTION;
Query OK, 0 rows affected (0.00 sec)

And move the sample file and then add the password to it:

cd /var/www/mediawiki
mv AdminSettings.sample AdminSettings.php

Then

cd /var/www/mediawiki
mv config/LocalSettings.php LocalSettings.php
chown root.root LocalSettings.php 
chmod 644 LocalSettings.php 

Then restart apache and the wiki should be working at http://localhost/mediawiki/

Site Install and Upgrade Script

Create the following script /root/bin/mediawiki-install, which is based on this document. This script uses elinks and you can turn off the elinks cache bu adding these two lines to ~/.elinks

set document.cache.format.size = 0
set document.cache.memory.size = 0

<pre>

  1. !/bin/bash
  1. based on http://www.steverumberg.com/wiki/index.php/WikiHelp

BASE_DIR="/var/www/mediawiki-vhosts" MEDIAWIKI_FILES="/var/www/mediawiki" HTTPD_VHOSTS_DIR="/etc/httpd/vhosts.d" WIKI_NAME="$1" DATE=`date "+%Y-%m-%d_%H-%M-%S"`

  1. check for input

if -z $1 ; then

 echo "The first argument should be the new wiki SERVER_NAME"
 exit

fi

  1. if the base directory doesn't exist then create it

if ! -d $BASE_DIR ; then

 mkdir -p $BASE_DIR

fi

if -d $BASE_DIR/$WIKI_NAME ; then

 echo "$WIKI_NAME exists, you may still want to run the web installer to upgrade"
 echo "but you need to agree to LocalSettings.php to be deleted for the upgrade to run"

fi

  1. make the directory for the site

if ! -d $BASE_DIR/$WIKI_NAME ; then

 mkdir $BASE_DIR/$WIKI_NAME

fi

  1. change to the sites directory

cd $BASE_DIR/$WIKI_NAME

  1. create the images directory

if ! -d images ; then

 mkdir images
 chown -R apache.apache images

fi

  1. create the config directory

if ! -d config ; then

 mkdir config
 chown -R apache.apache config

fi

  1. create the sym link tree

for name in `ls $MEDIAWIKI_FILES` do

 if  -e $name ; then
   # the file / sym link exists so do nothing
   :;
 else
   # the file / sym link doesn't exist so create it
   ln -s $MEDIAWIKI_FILES/$name
 fi

done

  1. create a symlink for

if ! -e icons ; then

 ln -s /var/www/icons

fi

  1. remove the LocalSettings.php sym link

if -L LocalSettings.php ; then

 rm LocalSettings.php

else

 if  -f LocalSettings.php ; then
   printf "LocalSettings.php already exists do you want to back it up and regenerate it? (y or return to skip): "
   read MV_LOCALSETTINGS
   if  "$MV_LOCALSETTINGS" = "y" ; then
     # backup old LocalSettings.php file
     echo "When runningt he webbased installer you will need these values:"
     grep wgDB LocalSettings.php
     mv LocalSettings.php .LocalSettings.php.$DATE.bak
     # delete the sym link to AdminSettings.php
     if  -L AdminSettings.php ; then
       rm AdminSettings.php
     else
       echo "AdminSettings.php isn't a symlink"
     fi
   fi
 else
   echo "LocalSettings.php doesn't exist"
 fi

fi

  1. copy over the installer

cd $BASE_DIR/$WIKI_NAME/config if -e index.php ; then

 echo "config/index.php already exists, skipping"

else

 cp $MEDIAWIKI_FILES/config/index.php .

fi if -e LocalSettings.php ; then

 echo "config/LocalSettings.php this indicated that the last install didn't complete"
 rm LocalSettings.php

fi

cd $BASE_DIR/$WIKI_NAME

  1. do you want the apache config backed up?

HTTPD_CONF=$HTTPD_VHOSTS_DIR/$WIKI_NAME if -f $HTTPD_CONF ; then

 printf "$HTTPD_CONF exists, do you want to back it up and regenerate it? (y or return to skip): "
 read MV_HTTPD
 if [ "$MV_HTTPD" = "y" ]; then
   # backup old httpd.conf file
   mv $HTTPD_CONF $HTTPD_VHOSTS_DIR/.$WIKI_NAME.$DATE.bak
 fi

fi

  1. if the apache config doesn't exist then create it

if ! -f $HTTPD_CONF ; then

 # get Server_Alias'
 echo "If you want any Server_Aliases please enter them now"
 ALIAS=1           # bogus value to begin the loop
 SERVER_ALIAS=""   # sanitize
 while [ ! "$ALIAS" = "" ]; do
   printf "Server_Alias: "
   read ALIAS
   if [ "$ALIAS" = "" ]; then break; fi # end of input
   if [ "$SERVER_ALIAS" = "" ]; then
       SERVER_ALIAS="$ALIAS"
   else
       SERVER_ALIAS="$SERVER_ALIAS $ALIAS"
   fi
 done

( cat <<EOF

  1. Editor: vim:syn=apache
  2. Mediawiki for $WIKI_NAME
  3. Installed on $DATE
  4. Generated by $0

<VirtualHost *:443>

 ServerName $WIKI_NAME
 ServerAlias $SERVER_ALIAS
 ServerSignature Off
 UseCanonicalName On
 CustomLog logs/$WIKI_NAME-ssl_access_log combined
 ErrorLog logs/$WIKI_NAME-ssl_error_log
 SSLEngine on
 SSLCipherSuite HIGH
 SSLProtocol all -SSLv2
 SSLCertificateFile /etc/httpd/conf/certs/mediawiki_cert.pem
 SSLCertificateKeyFile /etc/httpd/conf/certs/mediawiki_privatekey.pem
 DocumentRoot "$BASE_DIR/$WIKI_NAME"
 <Directory "$BASE_DIR/$WIKI_NAME">
   DirectoryIndex index.php
   AddType 'image/x-icon' .ico
   AddHandler php5-script .php
   AddType text/html .php
   SSLOptions +StdEnvVars
   AllowOverride None
   order allow,deny
   allow from all
 </Directory>
 <Directory "$BASE_DIR/$WIKI_NAME/images">
   Options Indexes
   RemoveHandler .php
   AllowOverride None
   order allow,deny
   allow from all
 </Directory>
 <Directory "$BASE_DIR/$WIKI_NAME/skins">
   Options Indexes
   RemoveHandler .php
   AllowOverride None
   order allow,deny
   allow from all
 </Directory>
 <Location $BASE_DIR/$WIKI_NAME/config>
   Order deny,allow
   Deny from all
   Allow from 127.0.0.1
 </Location>
 <Location $BASE_DIR/$WIKI_NAME/includes>
   Deny from all
 </Location>
 <Location $BASE_DIR/$WIKI_NAME/languages>
   Deny from all
 </Location>
 <Location $BASE_DIR/$WIKI_NAME/maintenance>
   Deny from all
 </Location>
 <Location $BASE_DIR/$WIKI_NAME/math>
   Deny from all
 </Location>
 Include conf/error-docs.conf
 Include conf/mediawiki-rewrite.conf

</VirtualHost>

EOF ) > $HTTPD_CONF

  1. restart apache

/etc/init.d/httpd restart fi

  1. open the web based installer

printf "Open the webbased installer using elinks? (y or return to skip): " read WEB_INSTALLER if [ "$WEB_INSTALLER" = "y" ]; then

 elinks https://$WIKI_NAME/config/index.php

fi

  1. move the new config file into place
  2. and munge it

if -f config/LocalSettings.php ; then

  1. change some lines and delete the ?> at the end of the file

sed ' s/^\$wgScript = "\$wgScriptPath\/index.php";/$wgScript = "\/index.php";/ s/^\$wgScriptPath = "";/$wgScriptPath = "";/ s/^\$wgScriptPath = "\/mediawiki";/$wgScriptPath = "";/ s/^\$wgRedirectScript = "\$wgScriptPath\/redirect.php";/$wgRedirectScript = "\/redirect.php";/ s/^\$wgArticlePath = "\$wgScript?title=\$1";/$wgArticlePath = "\/$1";/ s/^\$wgArticlePath = "\$wgScript\/\$1";/$wgArticlePath = "\/$1";/ s/^\$wgStylePath = "\$wgScriptPath\/skins";/$wgStylePath = "\/skins";/ s/^\$wgLogo = "\$wgStylePath\/common\/images\/wiki.png";/$wgLogo = "$wgStylePath\/wiki.png";/ s/^\$wgUploadPath = "\$wgScriptPath\/images";/$wgUploadPath = "\/images";/ s/^\$wgEnableUploads = false;/$wgEnableUploads = true;/ /^\?>$/d ' config/LocalSettings.php > LocalSettings.php

  1. add some more rules to the end of the file

( cat <<EOF

  1. No anonymous editing allowed -

\$wgGroupPermissions['*']['edit'] = false;

  1. allow users to be banned

\$wgSysopUserBans = true;

  1. spambot

\$wgSpamRegex=""; # this filter is omitted from this page since it prevents it from being edited!

  1. Mediawiki for $WIKI_NAME
  2. Installed on $DATE
  3. Generated by $0
  4. Don't manually edit this file since an upgrade will overwrite it!

?> EOF ) >> LocalSettings.php

else

 echo "Something must have gone wrong, no $BASE_DIR/$WIKI_NAME/config/LocalSettings.php file was generated"

fi

  1. delete the installer

rm -rf config/

  1. reinstate the AdminSettings.php symlink

if -e AdminSettings.php ; then

 echo "AdminSettings.php exists already"

else

 ln -s $BASE_DIR/AdminSettings.php

fi

  1. generate a csr

echo "Now test your wiki! https://$WIKI_NAME/" </pre>

Apache Configuration

The following things were changed from the defaults in /etc/httpd/conf/httpd.conf

<pre>

  1. remove some modules

LoadModule auth_basic_module modules/mod_auth_basic.so LoadModule auth_digest_module modules/mod_auth_digest.so

  1. LoadModule authn_file_module modules/mod_authn_file.so
  2. LoadModule authn_alias_module modules/mod_authn_alias.so
  3. LoadModule authn_anon_module modules/mod_authn_anon.so
  4. LoadModule authn_dbm_module modules/mod_authn_dbm.so
  5. LoadModule authn_default_module modules/mod_authn_default.so

LoadModule authz_host_module modules/mod_authz_host.so LoadModule authz_user_module modules/mod_authz_user.so LoadModule authz_owner_module modules/mod_authz_owner.so

  1. LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
  2. LoadModule authz_dbm_module modules/mod_authz_dbm.so
  3. LoadModule authz_default_module modules/mod_authz_default.so
  4. LoadModule ldap_module modules/mod_ldap.so
  5. LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
  6. LoadModule include_module modules/mod_include.so

LoadModule log_config_module modules/mod_log_config.so

  1. LoadModule logio_module modules/mod_logio.so

LoadModule env_module modules/mod_env.so

  1. LoadModule ext_filter_module modules/mod_ext_filter.so

LoadModule mime_magic_module modules/mod_mime_magic.so LoadModule expires_module modules/mod_expires.so LoadModule deflate_module modules/mod_deflate.so LoadModule headers_module modules/mod_headers.so

  1. LoadModule usertrack_module modules/mod_usertrack.so

LoadModule setenvif_module modules/mod_setenvif.so LoadModule mime_module modules/mod_mime.so

  1. LoadModule dav_module modules/mod_dav.so

LoadModule status_module modules/mod_status.so LoadModule autoindex_module modules/mod_autoindex.so

  1. LoadModule info_module modules/mod_info.so
  2. LoadModule dav_fs_module modules/mod_dav_fs.so

LoadModule vhost_alias_module modules/mod_vhost_alias.so LoadModule negotiation_module modules/mod_negotiation.so LoadModule dir_module modules/mod_dir.so

  1. LoadModule actions_module modules/mod_actions.so
  2. LoadModule speling_module modules/mod_speling.so
  3. LoadModule userdir_module modules/mod_userdir.so

LoadModule alias_module modules/mod_alias.so LoadModule rewrite_module modules/mod_rewrite.so LoadModule proxy_module modules/mod_proxy.so

  1. LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
  2. LoadModule proxy_ftp_module modules/mod_proxy_ftp.so

LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule proxy_connect_module modules/mod_proxy_connect.so LoadModule cache_module modules/mod_cache.so

  1. LoadModule suexec_module modules/mod_suexec.so
  2. LoadModule disk_cache_module modules/mod_disk_cache.so
  3. LoadModule file_cache_module modules/mod_file_cache.so
  4. LoadModule mem_cache_module modules/mod_mem_cache.so

LoadModule cgi_module modules/mod_cgi.so

UseCanonicalName On

  1. don't log ip's
  2. LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

LogFormat "0.0.0.0 %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined


  1. AddType text/html .shtml
  2. AddOutputFilter INCLUDES .shtml

</pre>

And in /etc/httpd/conf.d/php.conf

<pre>

  1. AddHandler php5-script .php
  2. AddType text/html .php
  1. DirectoryIndex index.php

</pre>

Create a new file that can be included for error documents, /etc/httpd/conf/error-docs.conf

<pre>

  1. Editor: vim:syn=apache

Alias /error/ "/var/www/error/" <IfModule mod_negotiation.c>

 <IfModule mod_include.c>
   <Directory "/var/www/error">
       AllowOverride None
       Options IncludesNoExec
       AddOutputFilter Includes html
       AddHandler type-map var
       Order allow,deny
       Allow from all
       LanguagePriority en es de fr
       ForceLanguagePriority Prefer Fallback
   </Directory>
   ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
   ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
   ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
   ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
   ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
   ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
   ErrorDocument 410 /error/HTTP_GONE.html.var
   ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
   ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
   ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
   ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
   ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
   ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
   ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
   ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
   ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
   ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var
 </IfModule>

</IfModule> </pre>

And one for the Rewrite rules, /etc/httpd/mediawiki-rewrite.conf

<pre>

  1. Editor: vim:syn=apache
  1. Allow rewriting URLs

RewriteEngine On RewriteCond %{REQUEST_URI} !^/(config|skins|images|icons|error)/ RewriteCond %{REQUEST_URI} !^/(index|redirect|api|opensearch_desc|profileinfo|redirect|thumb|trackback).php RewriteCond %{REQUEST_URI} !^/favicon.ico RewriteCond %{REQUEST_URI} !^/robots.txt RewriteRule ^/(.*) /index.php/$1 [L] </pre>

And an apache conf file for including the VirtualHosts, /etc/httpd/conf.d/vhosts.conf

<pre>

  1. Editor: vim:syn=apache

NameVirtualHost *:80 <VirtualHost>

 ServerName wiki.aktivix.org
 ServerSignature Off
 UseCanonicalName Off
 AddDefaultCharset UTF-8
 ScriptAlias / "/var/www/cgi-bin/index.pl/"
 <Directory "/var/www/cgi-bin">
   AllowOverride None
   Options ExecCGI
   Order allow,deny
   Allow from all
 </Directory>

</VirtualHost>

NameVirtualHost *:443 Include vhosts.d/* </pre>

And the whole VirtualHost in /etc/httpd/conf.d/ssl.conf was commented out.

Redirect script

Create this as /var/www/cgi-bin/index.pl to redirect port 80 requests to port 443:

<pre>

  1. !/usr/bin/perl -wT
  1. Redirect all http requests to https

my $server_name = "$ENV{'SERVER_NAME'}"; my $location = ""; my $path_info = "$ENV{'PATH_INFO'}"; my $https = "on";

  1. for some sites we need an extra redirect if www is missed off

if ($server_name eq "sheffieldagainstwar.org.uk") {

 $server_name = "www.sheffieldagainstwar.org.uk";

} if ($server_name eq "sheffieldsocialforum.org.uk") {

 $server_name = "www.sheffieldsocialforum.org";
 $https = "";

} if ($server_name eq "www.sheffieldsocialforum.org.uk") {

 $server_name = "www.sheffieldsocialforum.org";
 $https = "";

} if ($server_name eq "www.en.wiki.in-no.org") {

 $server_name = "en.wiki.in-no.org";

} if ($server_name eq "www.de.wiki.in-no.org") {

 $server_name = "de.wiki.in-no.org";

} else {

 $server_name = "$ENV{'SERVER_NAME'}";

}

  1. construct the url and redirect

if ($https) {

 $location = "https://" . "$server_name" . "$path_info";

} else {

 $location = "http://" . "$server_name" . "$path_info";

} print qq~Location: $location

~;

1; </pre>

General FC6 configuration

This server isn't doing anything apart from media wiki so some things can be turned off:

/sbin/chkconfig bluetooth off
/sbin/chkconfig cups off
/sbin/chkconfig firstboot off
/sbin/chkconfig isdn off
/sbin/chkconfig netfs off
/sbin/chkconfig nfslock off
/sbin/chkconfig portmap off