X-Git-Url: https://iankelling.org/git/?a=blobdiff_plain;f=Mediawiki_Setup_Guide;h=ff7ee77a976dcc1fbc7e7a490847afb0a7f905d2;hb=ab8c0dee45e63d3216aace79c9d96bec53d9e28b;hp=a2dc13d76ab52eba54f000bb37eec0e992819363;hpb=36be2f22108098545ff35f189db1637102febcdb;p=mediawiki-setup

diff --git a/Mediawiki_Setup_Guide b/Mediawiki_Setup_Guide
index a2dc13d..ff7ee77 100644
--- a/Mediawiki_Setup_Guide
+++ b/Mediawiki_Setup_Guide
@@ -22,10 +22,10 @@
 '''Version Support'''
 
 Very minor adjustments needed for other distros. Help expand this list.
-* Mediawiki 1.28, updated as new versions are released
+* Mediawiki 1.28, 1.27 support is planned to be re-added.
 * Debian 8 + backports
 * Debian 8
-* Debian testing (last tested Aug 7, 2016)
+* Debian stretch
 
 Pre 5/2016 revisions ran Mediawiki 1.23, tested on Fedora 20 and Ubuntu 14.04.
 
@@ -35,6 +35,18 @@ Pre 5/2016 revisions ran Mediawiki 1.23, tested on Fedora 20 and Ubuntu 14.04.
 
 The most common route and the one taken by this site is buying a domain name from a site like namecheap, and a cheap vps from companies like linode or digital ocean. They have good getting started guides which mostly apply beyond their own sites.
 
+'''Install Certbot'''
+
+For debian jessie with backports:
+<source lang="bash">
+# if we have jessie-backports, we need to use it.
+if ! apt-get install -t jessie-backports certbot python-certbot-apache; then
+    apt-get install certbot python-certbot-apache
+fi
+</source>
+
+For other distros, follow instructions at [https://certbot.eff.org/ certbot.eff.org].
+
 '''Email Setup'''
 
 Setting up email can be an involved process, and this guide assumes that a some program (usually postfix or exim) is implementing a functional sendmail interface. Mediawiki uses email with to send password reminders or notifications, and this guide includes cronjobs for updating mediawiki and doing backups which will send mail in the case of an error. Email is also the recommended way to get notifications of package updates which require manual steps such as restarting of services.
@@ -58,7 +70,7 @@ export mwdescription="REPLACE_ME" # eg. Opinionated Free Software Wiki
 export wikiuser="REPLACE_ME"
 export wikipass=REPLACE_ME
 
-# root password for the mysql database
+# root & user password for the mysql database
 export dbpass=REPLACE_ME
 
 export mwdomain=REPLACE_ME # domain name. for this site, it's ofswiki.org
@@ -139,7 +151,7 @@ mw-clone() {
     local url=$1
     local original_pwd="$PWD"
     local name
-    local re='[^/]*/[^/]*$'
+    local re='[^/]*/[^/]*$' # last 2 parts of path
     [[ $url =~ $re ]] ||:
     target=$mw/${BASH_REMATCH[0]}
     if [[ ! -e $target/.git ]]; then
@@ -157,11 +169,10 @@ mw-clone() {
 }
 mw-ext () {
     local ext
-    for ext in "$@"; do
+    for ext; do
         mw-clone https://gerrit.wikimedia.org/r/p/mediawiki/extensions/$ext
-        if [[ -e $mw/ext/$ext/extension.json ]]; then
-            # new style extension. remove old style declaration
-            sed -i --follow-symlinks '#^require_once( "\\\$IP/extensions/\$ext/\$ext\.php" );#d' $mwc
+        if [[ -e $mw/extensions/$ext/extension.json ]]; then
+            # new style extension
             teeu $mwc <<EOF
 wfLoadExtension( '$ext' );
 EOF
@@ -223,8 +234,12 @@ if isdeb; then
     apt-get update
     DEBIAN_FRONTEND=noninteractive apt-get install -y imagemagick curl
     if apt-get install -s mediawiki &>/dev/null; then
-        # mediawiki is packaged in jessie backports.
-        DEBIAN_FRONTEND=noninteractive apt-get -y install php5-apcu mediawiki
+        apcu=php5-apcu
+        if apt-get install -s php7.0-apcu &>/dev/null; then
+            apcu=php7.0-apcu
+        fi
+        # mediawiki is packaged in jessie backports & stretch
+        DEBIAN_FRONTEND=noninteractive apt-get -y install $apcu mediawiki
     else
         # https://www.mediawiki.org/wiki/Manual:Installation_requirements
         if apt-get install -s php7.0 &>/dev/null; then
@@ -257,18 +272,26 @@ else
 fi
 
 
-# slightly different depending on if we already set the root pass
-if echo exit|mysql -u root -p"$dbpass"; then
-    # answer interactive prompts:
-    # mysql root pass, change pass? no, remove anon users? (default, yes)
-    # disallow remote root (default, yes), reload? (default, yes)
-    echo -e "$dbpass\nn\n\n\n\n" | mysql_secure_installation
-else
-    # I had 1 less newline at the start when doing ubuntu 14.04,
+# skip if we already set the root pass and are on pre-debian 9.
+if ! echo exit|mysql -uroot "-p$dbpass"; then
+    # Note: we set a root password here, but in debian 9+, it is ignored;
+    # only the local user root can login, and any password is accepted.
+    # We answer these interactive prompts:
+    # Enter current password for root (enter for none):
+    # Set root password? [Y/n]
+    # New password:
+    # Re-enter new password:
+    # Remove anonymous users? [Y/n]
+    # Disallow root login remotely? [Y/n]
+    # Remove test database and access to it? [Y/n]
+    # Reload privilege tables now? [Y/n]
+    # Note, I had 1 less newline at the start when doing ubuntu 14.04,
     # compared to debian 8, so can't say this is especially portable.
-    # It won't hurt if it fails.
     echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
 fi
+mysql -uroot "-p$dbpass" <<EOF
+GRANT ALL PRIVILEGES ON my_wiki.* TO 'wikiuser'@'localhost' IDENTIFIED BY '$dbpass';
+EOF
 </source>
 
 
@@ -300,8 +323,8 @@ fi
 # git branch -r
 git checkout -f origin/$mw_branch
 git clean -ffxd
-# add some librejs support:
-curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-librejs-patch;hb=HEAD" | bash
+# apply librejs patch
+curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
 # Get the php libraries wmf uses. Based on:
 # https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
 if [[ ! -e vendor/.git ]]; then
@@ -314,12 +337,12 @@ cd ..
 # Drop any previous database which may have been installed while testing.
 # If upgrading, we should have a db backup which will get restored.
 # https://www.mediawiki.org/wiki/Manual:Upgrading
-mysql -u root -p$dbpass <<'EOF' ||:
+mysql -uroot "-p$dbpass" <<'EOF' ||:
 drop database my_wiki;
 exit
 EOF
 php $mw/maintenance/install.php --pass $wikipass --scriptpath /w \
-    --dbuser root --dbpass $dbpass "$mwdescription" "$wikiuser"
+    --dbuser wikiuser --dbpass $dbpass "$mwdescription" "$wikiuser"
 teeu $mwc <<'EOF'
 # lock down the wiki to only the initial owner until anti-spam measures are put in place
 # limit edits to registered users
@@ -376,16 +399,13 @@ Here, we use some scripts automate setting up the Let 's Encrypt cert and
 the apache config.
 
 <source lang="bash">
-temp=$(mktemp -d)
-cd $temp
-git_site=https://iankelling.org/git
-git clone $git_site/acme-tiny-wrapper
 l=$mw/../../logs
 mkdir -p $l
-
-acme-tiny-wrapper/acme-tiny-wrapper -t $mwdomain
-
-git clone $git_site/basic-https-conf
+temp=$(mktemp -d)
+cd $temp
+# for me, this repo is on the same server and apache needs a sec after restarting
+sleep 1
+git clone https://iankelling.org/git/basic-https-conf
 { cat <<EOF
 ServerAdmin $mw_email
 RewriteEngine On
@@ -398,7 +418,7 @@ find -L $(readlink -f $mw) -name .htaccess \
     | while read line; do
     echo -e "<Directory ${line%/.htaccess}>\n $(< $line)\n</Directory>";
 done
-} | basic-https-conf/apache-site -r ${mw%/*} - $mwdomain
+} | basic-https-conf/web-conf -r ${mw%/*} - apache2 $mwdomain
 cd
 rm -rf $temp
 </source>
@@ -502,7 +522,7 @@ EOF
 # Make the toolbox go into the drop down.
 cd $mw/skins/Vector
 if ! git remote show ian-kelling &>/dev/null; then
-    git remote add ian-kelling https://iankelling.org/git/forks/Vector
+    git remote add ian-kelling https://iankelling.org/git/mediawiki-sidebar-patch
 fi
 git fetch ian-kelling
 git checkout ian-kelling/${mw_branch}-toolbox-in-dropdown
@@ -861,25 +881,19 @@ x("MediaWiki:Sidebar", """* navigation
 # remove side panel
 # helpfull doc: https://www.mediawiki.org/wiki/Manual:Interface/Sidebar
 x("mediawiki:Common.css", """/* adjust sidebar to just be home link and up top  */
+/* adjust sidebar to just be home link and up top  */
 /* panel width increased to fit full wiki name. */
+/* selectors other than final id are for increasing priority of rule */
 div#mw-panel { top: 10px; padding-top: 0em; width: 20em }
 div#footer, #mw-head-base, div#content { margin-left: 1em; }
 #left-navigation { margin-left: 1em; }
 
 
 /* logo, and toolbar hidden */
-#p-logo, #p-tb.portal {
+#p-logo, div#mw-navigation div#mw-panel #p-tb {
    display:none;
 }
 
-/* make the font size smaller for the misc stuff */
-#p-personal {
-   font-size: 0.8em;
-}
-
-#footer-info {
-   font-size: 0.8em;
-}
 div#mw-content-text {
     max-width: 720px;
 }
@@ -973,7 +987,7 @@ ssh $o root@$mwdomain <<EOF
 set -e
 chmod -R g+w $mw/images
 chgrp -R www-data $mw/images
-mysql -u root -p$dbpass my_wiki < /tmp/wiki_db_restore/wiki_db_backup
+mysql -uroot "-p$dbpass" my_wiki < /tmp/wiki_db_restore/wiki_db_backup
 php $mw/maintenance/update.php
 EOF
 </source>
@@ -1017,7 +1031,7 @@ for dir in extensions/* skins/* vendor; do
     update "$dir" ||:
 done
 if update .; then
-    curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-librejs-patch;hb=HEAD" | bash
+    curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
 fi
 php $mw/maintenance/update.php -q --quick
 EOF
@@ -1122,3 +1136,5 @@ This means the code is compatible with gplv3.
 
 * Get Visual editor extension.
 * Don't require registration for edits
+* Take a look at the new debian mediawiki package's apache conf
+* For perf, translate extensions allow/deny directives, and set AllowOverride None in apache.conf