Web Server: Difference between revisions
Jump to navigation
Jump to search
imported>Gsfr No edit summary |
imported>Lmperry No edit summary |
||
| (8 intermediate revisions by one other user not shown) | |||
| Line 1: | Line 1: | ||
The web server is based on a | The web server is based on a Ubuntu 12.04 server machine with the following additional configuration. | ||
== Apache, etc. == | == Apache, etc. == | ||
## Install packages | |||
apt-get install apache2 php5 libapache2-mod-wsgi libapache2-webauth mysql-server php5-mysql php5-gd | |||
## Configure | |||
## update AllowOverride for DocumentRoot to 'AllowOverride All' | |||
## update Options for DocumentRoot to 'Options FollowSymLinks' | |||
vim /etc/apache2/sites-enabled/000-default | |||
vim /etc/apache2/sites-enabled/default-ssl | |||
== WebAuth == | |||
## Apache config for webauth | |||
echo 'WebAuthLoginURL https://weblogin.stanford.edu/login/' >> /etc/apache2/conf.d/webauth | |||
echo 'WebAuthWebKdcURL https://weblogin.stanford.edu/webkdc-service/' >> /etc/apache2/conf.d/webauth | |||
echo 'WebAuthWebKdcPrincipal service/webkdc@stanford.edu' >> /etc/apache2/conf.d/webauth | |||
a2enmod webauth | |||
service apache2 restart | |||
## generate keytab on corn; http://webauth.stanford.edu/install-stanford.html | |||
ssh gsfr@corn 'wallet -f keytab.cniwww get keytab webauth/cniwww.stanford.edu' | |||
## scp keytab to /usr/local/etc/apache22/conf/webauth/keytab (must create conf/webauth) | |||
mkdir -p /usr/local/etc/apache22/conf/webauth | |||
chown www:www !$ | |||
scp gsfr@corn:keytabs/keytab.cniwww !$/keytab | |||
chmod 640 !$ | |||
# | |||
mkdir -p /usr/local/etc/apache22/conf/webauth | |||
scp gsfr@corn:keytab.cniwww keytab | |||
cd /usr/local/etc/apache22 | cd /usr/local/etc/apache22 | ||
openssl req -new -x509 -newkey rsa:2048 -nodes -days 3652 -keyout server.key -out server.crt # self-signed cert; common name is FQDN | openssl req -new -x509 -newkey rsa:2048 -nodes -days 3652 -keyout server.key -out server.crt # self-signed cert; common name is FQDN | ||
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr # cert signing request (not required) | openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr # cert signing request (not required) | ||
chmod 400 server.key | |||
sed -E -i -e 's!#(Include.*httpd-ssl.conf)!\1!' httpd.conf | sed -E -i "" -e 's!#(Include.*httpd-ssl.conf)!\1!' httpd.conf | ||
sed -E -i -e 's!(WebAuth.* )(conf/webauth/[a-z_]+)!\1etc/apache22/\2!' Includes/stanford-webauth.conf | sed -E -i "" -e 's!(WebAuth.* )(conf/webauth/[a-z_]+)!\1etc/apache22/\2!' Includes/stanford-webauth.conf | ||
sed -E -i "" -e 's!(WebAuth.* )(conf/webauth/[a-z_]+)!\1etc/apache22/\2!' Includes/stanford-ldap.conf | |||
service apache2 restart | |||
== MediaWiki == | == MediaWiki (OLD) == | ||
portmaster lang/php5-extensions | portmaster lang/php5-extensions | ||
| Line 87: | Line 64: | ||
sed -E -i -e 's/(\$wgAuthRemoteuserMailDomain =).*/\1 "stanford.edu";/' extensions/Auth_remoteuser.php | sed -E -i -e 's/(\$wgAuthRemoteuserMailDomain =).*/\1 "stanford.edu";/' extensions/Auth_remoteuser.php | ||
sed -E -i -e 's/(.*)static( function getCanonicalName.*)/\1\2/' extensions/Auth_remoteuser.php | sed -E -i -e 's/(.*)static( function getCanonicalName.*)/\1\2/' extensions/Auth_remoteuser.php | ||
## update stanfordmodern1: monospace code; slightly darker box background | |||
sed -E -i -e $'s!code {!& \\\n\tfont-family: monospace;!' skins/stanfordmodern1/main.css | |||
sed -E -i -e 's/f9f9f9/e5e5e5/g' skins/stanfordmodern1/main.css | |||
=== configure [http://www.mediawiki.org/wiki/Manual:Short_URL short URLs] === | === configure [http://www.mediawiki.org/wiki/Manual:Short_URL short URLs] === | ||
Latest revision as of 20:47, 15 January 2014
The web server is based on a Ubuntu 12.04 server machine with the following additional configuration.
Apache, etc.
## Install packages apt-get install apache2 php5 libapache2-mod-wsgi libapache2-webauth mysql-server php5-mysql php5-gd ## Configure ## update AllowOverride for DocumentRoot to 'AllowOverride All' ## update Options for DocumentRoot to 'Options FollowSymLinks' vim /etc/apache2/sites-enabled/000-default vim /etc/apache2/sites-enabled/default-ssl
WebAuth
## Apache config for webauth echo 'WebAuthLoginURL https://weblogin.stanford.edu/login/' >> /etc/apache2/conf.d/webauth echo 'WebAuthWebKdcURL https://weblogin.stanford.edu/webkdc-service/' >> /etc/apache2/conf.d/webauth echo 'WebAuthWebKdcPrincipal service/webkdc@stanford.edu' >> /etc/apache2/conf.d/webauth a2enmod webauth service apache2 restart
## generate keytab on corn; http://webauth.stanford.edu/install-stanford.html ssh gsfr@corn 'wallet -f keytab.cniwww get keytab webauth/cniwww.stanford.edu' ## scp keytab to /usr/local/etc/apache22/conf/webauth/keytab (must create conf/webauth) mkdir -p /usr/local/etc/apache22/conf/webauth chown www:www !$ scp gsfr@corn:keytabs/keytab.cniwww !$/keytab chmod 640 !$ cd /usr/local/etc/apache22 openssl req -new -x509 -newkey rsa:2048 -nodes -days 3652 -keyout server.key -out server.crt # self-signed cert; common name is FQDN openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr # cert signing request (not required) chmod 400 server.key sed -E -i "" -e 's!#(Include.*httpd-ssl.conf)!\1!' httpd.conf sed -E -i "" -e 's!(WebAuth.* )(conf/webauth/[a-z_]+)!\1etc/apache22/\2!' Includes/stanford-webauth.conf sed -E -i "" -e 's!(WebAuth.* )(conf/webauth/[a-z_]+)!\1etc/apache22/\2!' Includes/stanford-ldap.conf service apache2 restart
MediaWiki (OLD)
portmaster lang/php5-extensions ## place a recent copy of MediaWiki in /usr/local/www/apache22/data/cniwiki ## get Stanford Modern skin: http://www.stanford.edu/dept/its/communications/webservices/wiki/index.php/Stanford_Modern_MediaWiki_Skin cd /usr/local/www/apache22/data/cniwiki fetch -o extensions http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/Auth_remoteuser/Auth_remoteuser.php cp -a ~/MWSkin_StanfordModern/stanfordmodern1* skins/ chown -R root:wheel . chmod a+w config ## set up wiki in browser; warning re session.save_path is fine mv config/LocalSettings.php . chmod 600 LocalSettings.php rm -r config sed -E -i -e 's/(^\$wgDefaultSkin =) .*/\1 "stanfordmodern1";/' LocalSettings.php sed -E -i -e 's/(\$wgAuthRemoteuserMailDomain =).*/\1 "stanford.edu";/' extensions/Auth_remoteuser.php sed -E -i -e 's/(.*)static( function getCanonicalName.*)/\1\2/' extensions/Auth_remoteuser.php ## update stanfordmodern1: monospace code; slightly darker box background sed -E -i -e $'s!code {!& \\\n\tfont-family: monospace;!' skins/stanfordmodern1/main.css sed -E -i -e 's/f9f9f9/e5e5e5/g' skins/stanfordmodern1/main.css
configure short URLs
## add these lines to LocalSettings.php below $wgScriptPath $wgArticlePath = "/wiki/$1"; $wgUsePathInfo = true; echo "Alias /wiki /usr/local/www/apache22/data/cniwiki/index.php" > /usr/local/etc/apache22/Includes/mediawiki.conf /usr/local/etc/rc.d/apache22 graceful cat << EOF >> /usr/local/www/apache22/data/robots.txt User-agent: * Disallow: /cniwiki/ Disallow: /wiki/Special:Search Disallow: /wiki/Special:Random EOF
set default timezone
echo >> LocalSettings.php echo "## Set Default Timezone" >> LocalSettings.php echo "\$wgLocaltimezone = \"America/Los_Angeles\";" >> LocalSettings.php echo "\$oldtz = getenv(\"TZ\");" >> LocalSettings.php echo "putenv(\"TZ=\$wgLocaltimezone\");" >> LocalSettings.php echo "# Versions before 1.7.0 used \$wgLocalTZoffset as hours." >> LocalSettings.php echo "# After 1.7.0 offset as minutes" >> LocalSettings.php echo "\$wgLocalTZoffset = date(\"Z\") / 60;" >> LocalSettings.php echo "putenv(\"TZ=\$oldtz\");" >> LocalSettings.php
WebAuth for editing (OR see below)
## https://techcommons.stanford.edu/topics/mediawiki/anonymous-read-webauth-editing-mediawiki fetch https://github.com/mistermarco/mediawiki-webauth/raw/master/login.php fetch -o extensions/WebAuth.php https://github.com/mistermarco/mediawiki-webauth/raw/master/extensions/WebAuth.php ## comment lines 3-5 in login.php related to Stanford's common code base echo "<Files login.php>" >> .htaccess echo "AuthType WebAuth" >> .htaccess echo "Require valid-user" >> .htaccess echo "</Files>" >> .htaccess echo >> LocalSettings.php echo "## Require WebAuth login for editing" >> LocalSettings.php echo "require_once('extensions/WebAuth.php');" >> LocalSettings.php
WebAuth for viewing (OR see above)
## https://techcommons.stanford.edu/topics/mediawiki/mediawiki-installation-instructions echo "AuthType WebAuth" >> .htaccess echo "Require valid-user" >> .htaccess echo >> LocalSettings.php echo "## Require WebAuth login for viewing" >> LocalSettings.php echo "\$wgGroupPermissions['*']['createaccount'] = false;" >> LocalSettings.php echo "\$wgGroupPermissions['*']['read'] = false;" >> LocalSettings.php echo "\$wgGroupPermissions['*']['edit'] = false;" >> LocalSettings.php echo "require_once('extensions/Auth_remoteuser.php');" >> LocalSettings.php echo "\$wgAuth = new Auth_remoteuser();" >> LocalSettings.php
make one WebAuth login a wiki admin
## log into wiki to trigger account creation sqlite3 -header data/wikidb.sqlite SELECT * FROM user; # find user_id of intended admin (probably 2) SELECT * FROM user_groups; UPDATE user_groups SET ug_user=2 WHERE ug_user=1; SELECT * FROM user_groups; # double-check on wiki user list in browser DELETE FROM user WHERE user_id=1; # delete "WikiSysop" user .quit
upgrading MediaWiki
tar xvzf ~/mediawiki-1.16.4.tar.gz -C /usr/local/www/apache22/data/cniwiki --strip-components=1 cd /usr/local/www/apache22/data/cniwiki/maintenance/ php update.php cd /usr/local/www/apache22/data/cniwiki/ chown -R root:wheel . chown www LocalSettings.php chown -R www:www data chown -R www:www images chown root:wheel images/.htaccess images/README