Mediawiki Install FC6

From Aktivix
Jump to navigation Jump to search

See also MediaWiki_Install

The documention here is based on the FC6 mediawiki and having multiple wiki's running all on the same ip address, on different domain names, with all http port 80 requests redirected to port 443 and a CAcert cert containing all the domain names -- this isn't a common setup...


Fedora Core six has packaged mediawiki, and also seems to come with more apache packages that needed:

rpm -e mod_python mod_perl
yum install mediawiki mysql-server php-eaccelerator
chkconfig mysqld on
chkconfig httpd on
service mysqld start
service httpd start
mysqladmin -u root password 'new-password'

Then, following the wiki farm notes

elinks http://localhost/mediawiki/config/index.php

The fill in the following values (the rest can be the defaults):

Wiki name:             TestWiki1
Contact e-mail:        mediawiki @
Admin username:        WikiSysop
Password:              *****
Password cobfirm:      *****
Shared memory caching: 
  * (X) eAccelerator
Database name:         testwiki1
DB username:           testwiki1user
DB password:           *****
DB password confirm:   *****
Superuser account:     root
Superuser password:    *****

Create a MySQL account for AdminSettings.php:

mysql -uroot -p mysql
mysql> GRANT ALL PRIVILEGES ON *.* TO 'wikiadmin'@'localhost'
Query OK, 0 rows affected (0.00 sec)

And move the sample file and then add the password to it:

cd /var/www/mediawiki
mv AdminSettings.sample AdminSettings.php


cd /var/www/mediawiki
mv config/LocalSettings.php LocalSettings.php
chown root.root LocalSettings.php 
chmod 644 LocalSettings.php 

Then restart apache and the wiki should be working at http://localhost/mediawiki/

Site Install and Upgrade Script

Create the following script /root/bin/mediawiki-install, which is based on this document. This script uses elinks and you can turn off the elinks cache bu adding these two lines to ~/.elinks

set document.cache.format.size = 0
set document.cache.memory.size = 0

# based on

DATE=`date "+%Y-%m-%d_%H-%M-%S"`

# check for input
if [[ -z $1 ]]; then
  echo "The first argument should be the new wiki SERVER_NAME"

# if the base directory doesn't exist then create it
if [[ ! -d $BASE_DIR ]]; then
  mkdir -p $BASE_DIR

if [[ -d $BASE_DIR/$WIKI_NAME ]]; then
  echo "$WIKI_NAME exists, you may still want to run the web installer to upgrade"
  echo "but you need to agree to LocalSettings.php to be deleted for the upgrade to run"

# make the directory for the site
if [[ ! -d $BASE_DIR/$WIKI_NAME ]]; then

# change to the sites directory

# create the images directory
if [[ ! -d images ]]; then
  mkdir images
  chown -R apache.apache images
# create the config directory
if [[ ! -d config ]]; then
  mkdir config
  chown -R apache.apache config

# create the sym link tree
for name in `ls $MEDIAWIKI_FILES`
  if [[ -e $name ]]; then
    # the file / sym link exists so do nothing
    # the file / sym link doesn't exist so create it
    ln -s $MEDIAWIKI_FILES/$name

# create a symlink for  
if [[ ! -e icons ]]; then
  ln -s /var/www/icons

# remove the LocalSettings.php sym link
if [[ -L LocalSettings.php ]]; then
  rm LocalSettings.php
  if [[ -f LocalSettings.php ]]; then
    printf "LocalSettings.php already exists do you want to back it up and regenerate it? (y or return to skip): "
    if [[ "$MV_LOCALSETTINGS" = "y" ]]; then
      # backup old LocalSettings.php file
      echo "When runningt he webbased installer you will need these values:"
      grep wgDB LocalSettings.php
      mv LocalSettings.php .LocalSettings.php.$DATE.bak
      # delete the sym link to AdminSettings.php
      if [[ -L AdminSettings.php ]]; then
        rm AdminSettings.php
        echo "AdminSettings.php isn't a symlink"
    echo "LocalSettings.php doesn't exist"

# copy over the installer
cd $BASE_DIR/$WIKI_NAME/config
if [[ -e index.php ]]; then
  echo "config/index.php already exists, skipping"
  cp $MEDIAWIKI_FILES/config/index.php .
if [[ -e LocalSettings.php ]]; then
  echo "config/LocalSettings.php this indicated that the last install didn't complete"
  rm LocalSettings.php


# do you want the apache config backed up?
if [[ -f $HTTPD_CONF ]]; then
  printf "$HTTPD_CONF exists, do you want to back it up and regenerate it? (y or return to skip): "
  read MV_HTTPD
  if [ "$MV_HTTPD" = "y" ]; then
    # backup old httpd.conf file

# if the apache config doesn't exist then create it
if [[ ! -f $HTTPD_CONF ]]; then
  # get Server_Alias'
  echo "If you want any Server_Aliases please enter them now"
  ALIAS=1           # bogus value to begin the loop
  SERVER_ALIAS=""   # sanitize
  while [ ! "$ALIAS" = "" ]; do
    printf "Server_Alias: "
    read ALIAS
    if [ "$ALIAS" = "" ]; then break; fi # end of input
    if [ "$SERVER_ALIAS" = "" ]; then

cat <<EOF
# Editor: vim:syn=apache
# Mediawiki for $WIKI_NAME
# Installed on $DATE
# Generated by $0

<VirtualHost *:443>
  ServerName $WIKI_NAME
  ServerAlias $SERVER_ALIAS
  ServerSignature Off
  UseCanonicalName On
  CustomLog logs/$WIKI_NAME-ssl_access_log combined
  ErrorLog logs/$WIKI_NAME-ssl_error_log
  SSLEngine on
  SSLCipherSuite HIGH
  SSLProtocol all -SSLv2
  SSLCertificateFile /etc/httpd/conf/certs/mediawiki_cert.pem
  SSLCertificateKeyFile /etc/httpd/conf/certs/mediawiki_privatekey.pem
  DocumentRoot "$BASE_DIR/$WIKI_NAME"
  <Directory "$BASE_DIR/$WIKI_NAME">
    DirectoryIndex index.php
    AddType 'image/x-icon' .ico
    AddHandler php5-script .php
    AddType text/html .php
    SSLOptions +StdEnvVars
    AllowOverride None
    order allow,deny
    allow from all
  <Directory "$BASE_DIR/$WIKI_NAME/images">
    Options Indexes
    RemoveHandler .php
    AllowOverride None
    order allow,deny
    allow from all
  <Directory "$BASE_DIR/$WIKI_NAME/skins">
    Options Indexes
    RemoveHandler .php
    AllowOverride None
    order allow,deny
    allow from all
  <Location $BASE_DIR/$WIKI_NAME/config>
    Order deny,allow
    Deny from all
    Allow from
  <Location $BASE_DIR/$WIKI_NAME/includes>
    Deny from all
  <Location $BASE_DIR/$WIKI_NAME/languages>
    Deny from all
  <Location $BASE_DIR/$WIKI_NAME/maintenance>
    Deny from all
  <Location $BASE_DIR/$WIKI_NAME/math>
    Deny from all
  Include conf/error-docs.conf
  Include conf/mediawiki-rewrite.conf

# restart apache
/etc/init.d/httpd restart

# open the web based installer
printf "Open the webbased installer using elinks? (y or return to skip): "
if [ "$WEB_INSTALLER" = "y" ]; then
  elinks https://$WIKI_NAME/config/index.php

# move the new config file into place 
# and munge it  
if [[ -f config/LocalSettings.php ]]; then
# change some lines and delete the ?> at the end of the file
sed '
s/^\$wgScript           = "\$wgScriptPath\/index.php";/$wgScript           = "\/index.php";/
s/^\$wgScriptPath       = "";/$wgScriptPath       = "";/
s/^\$wgScriptPath       = "\/mediawiki";/$wgScriptPath       = "";/
s/^\$wgRedirectScript   = "\$wgScriptPath\/redirect.php";/$wgRedirectScript   = "\/redirect.php";/
s/^\$wgArticlePath      = "\$wgScript?title=\$1";/$wgArticlePath      = "\/$1";/
s/^\$wgArticlePath      = "\$wgScript\/\$1";/$wgArticlePath      = "\/$1";/
s/^\$wgStylePath        = "\$wgScriptPath\/skins";/$wgStylePath        = "\/skins";/
s/^\$wgLogo             = "\$wgStylePath\/common\/images\/wiki.png";/$wgLogo             = "$wgStylePath\/wiki.png";/
s/^\$wgUploadPath       = "\$wgScriptPath\/images";/$wgUploadPath       = "\/images";/
s/^\$wgEnableUploads       = false;/$wgEnableUploads       = true;/
' config/LocalSettings.php > LocalSettings.php
# add some more rules to the end of the file
cat <<EOF
# No anonymous editing allowed -
\$wgGroupPermissions['*']['edit'] = false;

# allow users to be banned
\$wgSysopUserBans = true;

# spambot
\$wgSpamRegex=""; # this filter is omitted from this page since it prevents it from being edited!

# Mediawiki for $WIKI_NAME
# Installed on $DATE
# Generated by $0
# Don't manually edit this file since an upgrade will overwrite it!

) >> LocalSettings.php

  echo "Something must have gone wrong, no $BASE_DIR/$WIKI_NAME/config/LocalSettings.php file was generated"

# delete the installer
rm -rf config/

# reinstate the AdminSettings.php symlink
if [[ -e AdminSettings.php ]]; then
  echo "AdminSettings.php exists already"
  ln -s $BASE_DIR/AdminSettings.php

# generate a csr

echo "Now test your wiki! https://$WIKI_NAME/"

Apache Configuration

The following things were changed from the defaults in /etc/httpd/conf/httpd.conf

# remove some modules
LoadModule auth_basic_module modules/
LoadModule auth_digest_module modules/
#LoadModule authn_file_module modules/
#LoadModule authn_alias_module modules/
#LoadModule authn_anon_module modules/
#LoadModule authn_dbm_module modules/
#LoadModule authn_default_module modules/
LoadModule authz_host_module modules/
LoadModule authz_user_module modules/
LoadModule authz_owner_module modules/
#LoadModule authz_groupfile_module modules/
#LoadModule authz_dbm_module modules/
#LoadModule authz_default_module modules/
#LoadModule ldap_module modules/
#LoadModule authnz_ldap_module modules/
#LoadModule include_module modules/
LoadModule log_config_module modules/
#LoadModule logio_module modules/
LoadModule env_module modules/
#LoadModule ext_filter_module modules/
LoadModule mime_magic_module modules/
LoadModule expires_module modules/
LoadModule deflate_module modules/
LoadModule headers_module modules/
#LoadModule usertrack_module modules/
LoadModule setenvif_module modules/
LoadModule mime_module modules/
#LoadModule dav_module modules/
LoadModule status_module modules/
LoadModule autoindex_module modules/
#LoadModule info_module modules/
#LoadModule dav_fs_module modules/
LoadModule vhost_alias_module modules/
LoadModule negotiation_module modules/
LoadModule dir_module modules/
#LoadModule actions_module modules/
#LoadModule speling_module modules/
#LoadModule userdir_module modules/
LoadModule alias_module modules/
LoadModule rewrite_module modules/
LoadModule proxy_module modules/
#LoadModule proxy_balancer_module modules/
#LoadModule proxy_ftp_module modules/
LoadModule proxy_http_module modules/
LoadModule proxy_connect_module modules/
LoadModule cache_module modules/
#LoadModule suexec_module modules/
#LoadModule disk_cache_module modules/
#LoadModule file_cache_module modules/
#LoadModule mem_cache_module modules/
LoadModule cgi_module modules/

UseCanonicalName On 

# don't log ip's
#LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
LogFormat " %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined

#AddType text/html .shtml
#AddOutputFilter INCLUDES .shtml

And in /etc/httpd/conf.d/php.conf

#AddHandler php5-script .php
#AddType text/html .php

#DirectoryIndex index.php

Create a new file that can be included for error documents, /etc/httpd/conf/error-docs.conf

# Editor: vim:syn=apache

Alias /error/ "/var/www/error/"
<IfModule mod_negotiation.c>
  <IfModule mod_include.c>
    <Directory "/var/www/error">
        AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow,deny
        Allow from all
        LanguagePriority en es de fr
        ForceLanguagePriority Prefer Fallback
    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
    ErrorDocument 410 /error/HTTP_GONE.html.var
    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

And one for the Rewrite rules, /etc/httpd/mediawiki-rewrite.conf

# Editor: vim:syn=apache

# Allow rewriting URLs
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/(config|skins|images|icons|error)/
RewriteCond %{REQUEST_URI} !^/(index|redirect|api|opensearch_desc|profileinfo|redirect|thumb|trackback).php
RewriteCond %{REQUEST_URI} !^/favicon.ico
RewriteCond %{REQUEST_URI} !^/robots.txt
RewriteRule ^/(.*) /index.php/$1 [L]

And an apache conf file for including the VirtualHosts, /etc/httpd/conf.d/vhosts.conf

# Editor: vim:syn=apache

NameVirtualHost *:80
  ServerSignature Off
  UseCanonicalName Off
  AddDefaultCharset UTF-8
  ScriptAlias / "/var/www/cgi-bin/"
  <Directory "/var/www/cgi-bin">
    AllowOverride None
    Options ExecCGI
    Order allow,deny
    Allow from all

NameVirtualHost *:443
Include vhosts.d/*

And the whole VirtualHost in /etc/httpd/conf.d/ssl.conf was commented out.

Redirect script

Create this as /var/www/cgi-bin/ to redirect port 80 requests to port 443:

#!/usr/bin/perl -wT 

# Redirect all http requests to https
my $server_name = "$ENV{'SERVER_NAME'}";
my $location = "";
my $path_info = "$ENV{'PATH_INFO'}";
my $https = "on";

# for some sites we need an extra redirect if www is missed off
if ($server_name eq "") {
  $server_name = "";
if ($server_name eq "") {
  $server_name = "";
  $https = "";
if ($server_name eq "") {
  $server_name = "";
  $https = "";
if ($server_name eq "") {
  $server_name = "";
if ($server_name eq "") {
  $server_name = "";
else {
  $server_name = "$ENV{'SERVER_NAME'}";

# construct the url and redirect
if ($https) {
  $location = "https://" . "$server_name" . "$path_info";
} else {
  $location = "http://" . "$server_name" . "$path_info";
print qq~Location: $location



General FC6 configuration

This server isn't doing anything apart from media wiki so some things can be turned off:

/sbin/chkconfig bluetooth off
/sbin/chkconfig cups off
/sbin/chkconfig firstboot off
/sbin/chkconfig isdn off
/sbin/chkconfig netfs off
/sbin/chkconfig nfslock off
/sbin/chkconfig portmap off