X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=Mediawiki_Setup_Guide;h=d50aa7c4a92bcde92a8718c893c4c1d216fd20be;hb=7391e9331d5cd4341550c763b25b77774860063a;hp=74ca3a8100106eef68d0cfc3abfe0cb7614ad7eb;hpb=26831bf52ab8a90dc2a3556ec91aa010dd93c530;p=mediawiki-setup
diff --git a/Mediawiki_Setup_Guide b/Mediawiki_Setup_Guide
index 74ca3a8..d50aa7c 100644
--- a/Mediawiki_Setup_Guide
+++ b/Mediawiki_Setup_Guide
@@ -6,24 +6,23 @@
* Good recommendations. Official docs mostly avoid recommendations among a myriad of possibilities
* Closely references & supplements official documentation
+* Automatic security updates
* Explicit automation support wherever practical
-* Used to setup this site (style optional)
-* Contributions welcome and will be updated/tested on this very site!
+* Used to setup this site (style is optional)
* Support for multiple gnu/linux distros
-* Holistic scope (backups, server setup), but sections stand on their own
-* Explicit support for production & local testing instance. Additions for production like https and web analytics.
-* Edits to this page are closely monitored by the original author.
+* Holistic scope (backups, server setup), but sections are independent
+* Code blocks are [https://en.wikipedia.org/wiki/Idempotent idempotent]
+* Edits to this page are tested on this site and reviewed by the main author.
'''Assumptions'''
-* Self hosting, single GNU/Linux system with Bash shell
-* Root shell is assumed throughout
-* Code blocks are [https://en.wikipedia.org/wiki/Idempotent idempotent]
+* Self hosting, single GNU/Linux system with root Bash shell
+
'''Version Support'''
Very minor adjustments needed for other distros. Help expand this list.
-* Mediawiki 1.27 & 1.28
+* Mediawiki 1.28, updated as new versions are released
* Debian 8 + backports
* Debian 8
* Debian testing (last tested Aug 7, 2016)
@@ -36,6 +35,14 @@ Pre 5/2016 revisions ran Mediawiki 1.23, tested on Fedora 20 and Ubuntu 14.04.
The most common route and the one taken by this site is buying a domain name from a site like namecheap, and a cheap vps from companies like linode or digital ocean. They have good getting started guides which mostly apply beyond their own sites.
+'''Install Certbot'''
+
+For debian jessie with backports:
+
+For other distros, follow instructions at [https://certbot.eff.org/ certbot.eff.org].
+
'''Email Setup'''
Setting up email can be an involved process, and this guide assumes that a some program (usually postfix or exim) is implementing a functional sendmail interface. Mediawiki uses email with to send password reminders or notifications, and this guide includes cronjobs for updating mediawiki and doing backups which will send mail in the case of an error. Email is also the recommended way to get notifications of package updates which require manual steps such as restarting of services.
@@ -59,7 +66,7 @@ export mwdescription="REPLACE_ME" # eg. Opinionated Free Software Wiki
export wikiuser="REPLACE_ME"
export wikipass=REPLACE_ME
-# root password for the mysql database
+# root & user password for the mysql database
export dbpass=REPLACE_ME
export mwdomain=REPLACE_ME # domain name. for this site, it's ofswiki.org
@@ -78,8 +85,7 @@ EOF
# The rest of this section will work fine with no changes.
-# git branch for mediawiki + extensions.
-# This guide has only been tested with 1_28.
+# git branch for mediawiki + extensions. See intro for supported versions.
# branch names: https://git.wikimedia.org/branches/mediawiki%2Fcore.git
export mw_branch=REL1_28
@@ -141,7 +147,7 @@ mw-clone() {
local url=$1
local original_pwd="$PWD"
local name
- local re='[^/]*/[^/]*$'
+ local re='[^/]*/[^/]*$' # last 2 parts of path
[[ $url =~ $re ]] ||:
target=$mw/${BASH_REMATCH[0]}
if [[ ! -e $target/.git ]]; then
@@ -159,11 +165,10 @@ mw-clone() {
}
mw-ext () {
local ext
- for ext in "$@"; do
+ for ext; do
mw-clone https://gerrit.wikimedia.org/r/p/mediawiki/extensions/$ext
- if [[ -e $mw/ext/$ext/extension.json ]]; then
- # new style extension. remove old style declaration
- sed -i --follow-symlinks '#^require_once( "\\\$IP/extensions/\$ext/\$ext\.php" );#d' $mwc
+ if [[ -e $mw/extensions/$ext/extension.json ]]; then
+ # new style extension
teeu $mwc </dev/null; then
# mediawiki is packaged in jessie backports.
DEBIAN_FRONTEND=noninteractive apt-get -y install php5-apcu mediawiki
@@ -259,18 +264,26 @@ else
fi
-# slightly different depending on if we already set the root pass
-if echo exit|mysql -u root -p"$dbpass"; then
- # answer interactive prompts:
- # mysql root pass, change pass? no, remove anon users? (default, yes)
- # disallow remote root (default, yes), reload? (default, yes)
- echo -e "$dbpass\nn\n\n\n\n" | mysql_secure_installation
-else
- # I had 1 less newline at the start when doing ubuntu 14.04,
+# skip if we already set the root pass
+if ! echo exit|mysql -uroot "-p$dbpass"; then
+ # Note: we set a root password here, but in debian 9+, it is ignored;
+ # only the local user root can login, and a password is silently ignored.
+ # We answer these interactive prompts:
+ # Enter current password for root (enter for none):
+ # Set root password? [Y/n]
+ # New password:
+ # Re-enter new password:
+ # Remove anonymous users? [Y/n]
+ # Disallow root login remotely? [Y/n]
+ # Remove test database and access to it? [Y/n]
+ # Reload privilege tables now? [Y/n]
+ # Note, I had 1 less newline at the start when doing ubuntu 14.04,
# compared to debian 8, so can't say this is especially portable.
- # It won't hurt if it fails.
echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
fi
+mysql -uroot "-p$dbpass" <
@@ -302,6 +315,8 @@ fi
# git branch -r
git checkout -f origin/$mw_branch
git clean -ffxd
+# apply librejs patch
+curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
# Get the php libraries wmf uses. Based on:
# https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
if [[ ! -e vendor/.git ]]; then
@@ -314,12 +329,12 @@ cd ..
# Drop any previous database which may have been installed while testing.
# If upgrading, we should have a db backup which will get restored.
# https://www.mediawiki.org/wiki/Manual:Upgrading
-mysql -u root -p$dbpass <<'EOF' ||:
+mysql -uroot "-p$dbpass" <<'EOF' ||:
drop database my_wiki;
exit
EOF
php $mw/maintenance/install.php --pass $wikipass --scriptpath /w \
- --dbuser root --dbpass $dbpass "$mwdescription" "$wikiuser"
+ --dbuser wikiuser --dbpass $dbpass "$mwdescription" "$wikiuser"
teeu $mwc <<'EOF'
# lock down the wiki to only the initial owner until anti-spam measures are put in place
# limit edits to registered users
@@ -379,14 +394,11 @@ the apache config.
temp=$(mktemp -d)
cd $temp
git_site=https://iankelling.org/git
-git clone $git_site/acme-tiny-wrapper
l=$mw/../../logs
mkdir -p $l
-acme-tiny-wrapper/acme-tiny-wrapper -t $mwdomain
-
git clone $git_site/basic-https-conf
-{ cat <\n $(< $line)\n";
done
-} | basic-https-conf/apache-site -r ${mw%/*} - $mwdomain
cd
rm -rf $temp
@@ -438,7 +449,7 @@ teeu $mwc<
-Settings I recommend which are different than the defaults.
+Settings asked by the gui setup which are different than the install script defaults. They different because the defaults are the most compatible and unobtrusive.
-''' [[mediawikiwiki:CheckUser|Extension:CheckUser]]: Get ip addresses from inside mediawiki so you can ban users'''
-
-On <= 1.27, requires special install steps or we can get into a bad state. Add a sleep like the default of update.php to avoid errors.
-
-mw-ext CheckUser
-if [[ -e $mw/extensions/CheckUser/install.php ]]; then
- sudo -u $apache_user php $mw/extensions/CheckUser/install.php; sleep 1
-fi
-
-
-
'''[[mediawikiwiki:Extension:Wikidiff2|Extension:Wikidiff2]]: Faster and international character supported page diffs'''
I used packaged version since this is a c++ and probably not very tied to the Mediawiki version. This isn't packaged in fedora, haven't gotten around to testing and adding the code to compile it for fedora.
@@ -633,6 +646,8 @@ There is no current list of package depencies so I took dependencies from mediaw
''' [[mediawikiwiki:Extension:SpamBlacklist|Extension:SpamBlacklist]]: Import/create IP blacklists, mainly for spam'''
+Comes with MediaWiki.
+
mw-ext SpamBlacklist
if ! grep -F '$wgSpamBlacklistFiles = array(' $mwc &>/dev/null; then
@@ -651,6 +666,8 @@ fi
''' [[mediawikiwiki:Extension:TitleBlacklist|Extension:TitleBlacklist]]: Anti-spam '''
+Comes with Mediawiki.
+
mw-ext TitleBlacklist
if ! grep -F '$wgTitleBlacklistSources = array(' $mwc &>/dev/null; then
@@ -671,6 +688,8 @@ fi
''' [[mediawikiwiki:Extension:WikiEditor|Extension:WikiEditor]]: Editing box extras and a fast preview tab '''
+Comes with MediaWiki.
+
mw-ext WikiEditor
teeu $mwc <<'EOF'
@@ -708,9 +727,9 @@ $wgGroupPermissions['sysop']['abusefilter-revert'] = true;
EOF
-'''[[mediawikiwiki:Extension:ConfirmEdit|Extension:ConfirmEdit]]: Custom Captcha'''
+'''[[mediawikiwiki:Extension:ConfirmEdit|Extension:ConfirmEdit]]: Custom Captcha.'''
-Uses captchaArray defined in mw_vars.
+Uses captchaArray defined in mw_vars. Comes with MediaWiki.
mw-ext ConfirmEdit
@@ -853,25 +872,19 @@ x("MediaWiki:Sidebar", """* navigation
# remove side panel
# helpfull doc: https://www.mediawiki.org/wiki/Manual:Interface/Sidebar
x("mediawiki:Common.css", """/* adjust sidebar to just be home link and up top */
+/* adjust sidebar to just be home link and up top */
/* panel width increased to fit full wiki name. */
+/* selectors other than final id are for increasing priority of rule */
div#mw-panel { top: 10px; padding-top: 0em; width: 20em }
div#footer, #mw-head-base, div#content { margin-left: 1em; }
#left-navigation { margin-left: 1em; }
/* logo, and toolbar hidden */
-#p-logo, #p-tb.portal {
+#p-logo, div#mw-navigation div#mw-panel #p-tb {
display:none;
}
-/* make the font size smaller for the misc stuff */
-#p-personal {
- font-size: 0.8em;
-}
-
-#footer-info {
- font-size: 0.8em;
-}
div#mw-content-text {
max-width: 720px;
}
@@ -965,7 +978,7 @@ ssh $o root@$mwdomain <
@@ -986,22 +999,31 @@ s=/etc/cron.daily/mediawiki_update
dd of=$s<<'EOF'
#!/bin/bash
source ~/mw_vars
-cd $mw
-for dir in extensions/* skins/* $mw; do
- [[ -d $dir ]] || continue
+update() {
+ dir=$1
+ cd $mw
+ [[ -d $dir ]] || return 1
cd $dir
branch=$(git describe --all)
branch=${branch#remotes/}
git fetch --all -q
new_head=$(git rev-parse $branch)
log=$(git log HEAD..$new_head)
- if [[ $log ]]; then
- pwd
- echo "$log"
+ if [[ ! $log ]]; then
+ return 1
fi
- git checkout -q $new_head
+ pwd
+ echo "$log"
+ git checkout -qf $new_head
cd $mw
+ return 0
+}
+for dir in extensions/* skins/* vendor; do
+ update "$dir" ||:
done
+if update .; then
+ curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
+fi
php $mw/maintenance/update.php -q --quick
EOF
@@ -1035,26 +1057,27 @@ Mediawiki.org has pages for ~5200 extensions. Mediawiki maintains ~700 extension
Here are brief descriptions of extensions that are part of distributions and why they were rejected for this wiki.
{| class="wikitable"
+ |+
+ | '''Footnote''' || deprecated in newer versions
|+
| '''InputBox''' || Add html forms to pages. Can't imagine using it. Would install if I did.
|+
- | '''Pdfhandler''' || Gallery of pages from a pdf file. Can't imagine using it. Would install if I did.
+ | '''LocalisationUpdate'''|| update localization only. I'm fine updating all of mediawiki, there aren't many updates.
|+
- | '''Footnote''' || deprecated in newer versions
+ | '''NewestPages''' || A page creation history that doesn't expire like recent-changes. Meh
|+
| '''NewUserNotif''' || Send me a notification when a user registers. Seems like an excessive notification.
|+
- | '''NewestPages''' || A page creation history that doesn't expire like recent-changes. Meh
+ | '''Openid''' || Poor UI. 2 pages & 2 links which is confusing & ugly.
+ |+
+ | '''Pdfhandler''' || Gallery of pages from a pdf file. Can't imagine using it. Would install if I did.
|+
| '''RSSReader''' || Embed an rss feed. Can't imagine using it. Would install if I did.
|+
- | '''Openid''' || Poor UI. 2 pages & 2 links which is confusing & ugly.
+ | '''Semantic''' || Seems like a lot of trouble around analyzing kinds of data which my wiki will not have.
|+
| '''Validator''' || dependency of of semantic
|+
- | '''Semantic''' || Seems like a lot of trouble around analyzing kinds of data which my wiki will not have.
- |+
- | '''wikicalendar''' || Make a calendar of events etc. Can't imagine using it. Would install if I did.
|}
== Misc Notes ==
@@ -1102,7 +1125,5 @@ This means the code is compatible with gplv3.
== todo list for this page ==
-* Check if there are any new default extensions 1.28 which I haven't evaluated.
-* Test for any new config values set by the 1.28 gui install method.
* Get Visual editor extension.
* Don't require registration for edits