'''Version Support'''
Very minor adjustments needed for other distros. Help expand this list.
-* Mediawiki 1.28, updated as new versions are released
+* Mediawiki 1.28, 1.27 support is planned to be re-added.
* Debian 8 + backports
* Debian 8
-* Debian testing (last tested Aug 7, 2016)
+* Debian stretch
Pre 5/2016 revisions ran Mediawiki 1.23, tested on Fedora 20 and Ubuntu 14.04.
For debian jessie with backports:
<source lang="bash">
-apt-get install --install-suggests jessie-backports certbot
+# if we have jessie-backports, we need to use it.
+if ! apt-get install -t jessie-backports certbot python-certbot-apache; then
+ apt-get install certbot python-certbot-apache
+fi
</source>
+
For other distros, follow instructions at [https://certbot.eff.org/ certbot.eff.org].
'''Email Setup'''
export wikiuser="REPLACE_ME"
export wikipass=REPLACE_ME
-# root password for the mysql database
+# root & user password for the mysql database
export dbpass=REPLACE_ME
export mwdomain=REPLACE_ME # domain name. for this site, it's ofswiki.org
apt-get update
DEBIAN_FRONTEND=noninteractive apt-get install -y imagemagick curl
if apt-get install -s mediawiki &>/dev/null; then
- # mediawiki is packaged in jessie backports.
- DEBIAN_FRONTEND=noninteractive apt-get -y install php5-apcu mediawiki
+ apcu=php5-apcu
+ if apt-get install -s php7.0-apcu &>/dev/null; then
+ apcu=php7.0-apcu
+ fi
+ # mediawiki is packaged in jessie backports & stretch
+ DEBIAN_FRONTEND=noninteractive apt-get -y install $apcu mediawiki
else
# https://www.mediawiki.org/wiki/Manual:Installation_requirements
if apt-get install -s php7.0 &>/dev/null; then
fi
-# slightly different depending on if we already set the root pass
-if echo exit|mysql -u root -p"$dbpass"; then
- # answer interactive prompts:
- # mysql root pass, change pass? no, remove anon users? (default, yes)
- # disallow remote root (default, yes), reload? (default, yes)
- echo -e "$dbpass\nn\n\n\n\n" | mysql_secure_installation
-else
- # I had 1 less newline at the start when doing ubuntu 14.04,
+# skip if we already set the root pass and are on pre-debian 9.
+if ! echo exit|mysql -uroot "-p$dbpass"; then
+ # Note: we set a root password here, but in debian 9+, it is ignored;
+ # only the local user root can login, and any password is accepted.
+ # We answer these interactive prompts:
+ # Enter current password for root (enter for none):
+ # Set root password? [Y/n]
+ # New password:
+ # Re-enter new password:
+ # Remove anonymous users? [Y/n]
+ # Disallow root login remotely? [Y/n]
+ # Remove test database and access to it? [Y/n]
+ # Reload privilege tables now? [Y/n]
+ # Note, I had 1 less newline at the start when doing ubuntu 14.04,
# compared to debian 8, so can't say this is especially portable.
- # It won't hurt if it fails.
echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
fi
+mysql -uroot "-p$dbpass" <<EOF
+GRANT ALL PRIVILEGES ON my_wiki.* TO 'wikiuser'@'localhost' IDENTIFIED BY '$dbpass';
+EOF
</source>
# Drop any previous database which may have been installed while testing.
# If upgrading, we should have a db backup which will get restored.
# https://www.mediawiki.org/wiki/Manual:Upgrading
-mysql -u root -p$dbpass <<'EOF' ||:
+mysql -uroot "-p$dbpass" <<'EOF' ||:
drop database my_wiki;
exit
EOF
php $mw/maintenance/install.php --pass $wikipass --scriptpath /w \
- --dbuser root --dbpass $dbpass "$mwdescription" "$wikiuser"
+ --dbuser wikiuser --dbpass $dbpass "$mwdescription" "$wikiuser"
teeu $mwc <<'EOF'
# lock down the wiki to only the initial owner until anti-spam measures are put in place
# limit edits to registered users
the apache config.
<source lang="bash">
-temp=$(mktemp -d)
-cd $temp
-git_site=https://iankelling.org/git
l=$mw/../../logs
mkdir -p $l
-
-git clone $git_site/basic-https-conf
-basic-https-conf/web-conf -r ${mw%/*} - apache2 $mwdomain <<EOF
+temp=$(mktemp -d)
+cd $temp
+# for me, this repo is on the same server and apache needs a sec after restarting
+sleep 1
+git clone https://iankelling.org/git/basic-https-conf
+{ cat <<EOF
ServerAdmin $mw_email
RewriteEngine On
# make the site's root url go to our main page
| while read line; do
echo -e "<Directory ${line%/.htaccess}>\n $(< $line)\n</Directory>";
done
+} | basic-https-conf/web-conf -r ${mw%/*} - apache2 $mwdomain
cd
rm -rf $temp
</source>
# Make the toolbox go into the drop down.
cd $mw/skins/Vector
if ! git remote show ian-kelling &>/dev/null; then
- git remote add ian-kelling https://iankelling.org/git/forks/Vector
+ git remote add ian-kelling https://iankelling.org/git/mediawiki-sidebar-patch
fi
git fetch ian-kelling
git checkout ian-kelling/${mw_branch}-toolbox-in-dropdown
set -e
chmod -R g+w $mw/images
chgrp -R www-data $mw/images
-mysql -u root -p$dbpass my_wiki < /tmp/wiki_db_restore/wiki_db_backup
+mysql -uroot "-p$dbpass" my_wiki < /tmp/wiki_db_restore/wiki_db_backup
php $mw/maintenance/update.php
EOF
</source>
* Get Visual editor extension.
* Don't require registration for edits
+* Take a look at the new debian mediawiki package's apache conf
+* For perf, translate extensions allow/deny directives, and set AllowOverride None in apache.conf