Web Server: Difference between revisions
Jump to navigation
Jump to search
imported>Gsfr No edit summary |
imported>Gsfr |
||
| Line 87: | Line 87: | ||
sed -E -i -e 's/(\$wgAuthRemoteuserMailDomain =).*/\1 "stanford.edu";/' extensions/Auth_remoteuser.php | sed -E -i -e 's/(\$wgAuthRemoteuserMailDomain =).*/\1 "stanford.edu";/' extensions/Auth_remoteuser.php | ||
sed -E -i -e 's/(.*)static( function getCanonicalName.*)/\1\2/' extensions/Auth_remoteuser.php | sed -E -i -e 's/(.*)static( function getCanonicalName.*)/\1\2/' extensions/Auth_remoteuser.php | ||
## update stanfordmodern1: monospace code; slightly darker box background | |||
sed -E -i -e $'s!code {!& \\\n\tfont-family: monospace;!' skins/stanfordmodern1/main.css | |||
sed -E -i -e 's/f9f9f9/e5e5e5/g' skins/stanfordmodern1/main.css | |||
=== configure [http://www.mediawiki.org/wiki/Manual:Short_URL short URLs] === | === configure [http://www.mediawiki.org/wiki/Manual:Short_URL short URLs] === | ||
Revision as of 18:56, 23 April 2011
The web server is based on a standard FreeBSD 8.2 installation with the following additional configuration.
Apache, etc.
portmaster devel/git # disable everything but ICONV, CURL
# ftp/curl: disable IPV6, PROXY
portmaster net/rsync
portmaster www/apache22-worker-mpm # enable THREADS, SQLITE; disable IPV6, DAV, DAV_FS
# devel/apr1: enable SQLITE; disable IPV6, BDB, GDBM
# lang/python27: disable IPV6
portmaster www/mod_wsgi3
portmaster lang/php5-extensions # lang/php5: enable APACHE; disable IPV6
sed -E -i -e 's/(.*DirectoryIndex) (index.html)/\1 index.php \2/' /usr/local/etc/apache22/httpd.conf
cat << EOF >> /usr/local/etc/apache22/httpd.conf
<IfModule php5_module>
AddType application/x-httpd-php .php
AddType application/x-httpd-php-source .phps
</IfModule>
EOF
## by hand:
## update AllowOverride for DocumentRoot to 'AllowOverride Options FileInfo AuthConfig'
## update Options for DocumentRoot to 'Options FollowSymLinks'
WebAuth
portmaster security/krb5 # disable KRB5_DOC, WANT_HTML fetch -o /etc http://www.stanford.edu/dept/its/support/kerberos/dist/krb5.conf git clone git://git.eyrie.org/kerberos/webauth.git cd webauth ./autogen ./configure --disable-mod_webauthldap --with-krb5=/usr/local make make check # krb5, wa_keyring, xmalloc skipped; krb5-tgt ABORTED make install cp conf/stanford-webauth.conf /usr/local/etc/apache22/Includes # generate keytab on corn; http://webauth.stanford.edu/install-stanford.html ssh gsfr@corn 'wallet -f keytab.cniwww get keytab webauth/cniwww.stanford.edu' # scp keytab to /usr/local/etc/apache22/conf/webauth/keytab (must create conf/webauth) mkdir -p /usr/local/etc/apache22/conf/webauth; cd /usr/local/etc/apache22/conf/webauth scp gsfr@corn:keytab.cniwww keytab cd /usr/local/etc/apache22 openssl req -new -x509 -newkey rsa:2048 -nodes -days 3652 -keyout server.key -out server.crt # self-signed cert; common name is FQDN openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr # cert signing request (not required) sed -E -i -e 's!#(Include.*httpd-ssl.conf)!\1!' httpd.conf # enable ssl for apache sed -E -i -e 's!(WebAuth.* )(conf/webauth/[a-z_]+)!\1etc/apache22/\2!' Includes/stanford-webauth.conf /usr/local/etc/rc.d/apache22 start chgrp www conf/webauth chmod 775 conf/webauth chgrp www conf/webauth/keytab chmod 640 conf/webauth/keytab touch conf/webauth/keyring chgrp www conf/webauth/keyring chmod 660 conf/webauth/keyring
MediaWiki
portmaster lang/php5-extensions ## place a recent copy of MediaWiki in /usr/local/www/apache22/data/cniwiki ## get Stanford Modern skin: http://www.stanford.edu/dept/its/communications/webservices/wiki/index.php/Stanford_Modern_MediaWiki_Skin cd /usr/local/www/apache22/data/cniwiki fetch -o extensions http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/Auth_remoteuser/Auth_remoteuser.php cp -a ~/MWSkin_StanfordModern/stanfordmodern1* skins/ chown -R root:wheel . chmod a+w config ## set up wiki in browser; warning re session.save_path is fine mv config/LocalSettings.php . chmod 600 LocalSettings.php rm -r config sed -E -i -e 's/(^\$wgDefaultSkin =) .*/\1 "stanfordmodern1";/' LocalSettings.php sed -E -i -e 's/(\$wgAuthRemoteuserMailDomain =).*/\1 "stanford.edu";/' extensions/Auth_remoteuser.php sed -E -i -e 's/(.*)static( function getCanonicalName.*)/\1\2/' extensions/Auth_remoteuser.php ## update stanfordmodern1: monospace code; slightly darker box background sed -E -i -e $'s!code {!& \\\n\tfont-family: monospace;!' skins/stanfordmodern1/main.css sed -E -i -e 's/f9f9f9/e5e5e5/g' skins/stanfordmodern1/main.css
configure short URLs
## add these lines to LocalSettings.php below $wgScriptPath $wgArticlePath = "/wiki/$1"; $wgUsePathInfo = true; echo "Alias /wiki /usr/local/www/apache22/data/cniwiki/index.php" > /usr/local/etc/apache22/Includes/mediawiki.conf /usr/local/etc/rc.d/apache22 graceful cat << EOF >> /usr/local/www/apache22/data/robots.txt User-agent: * Disallow: /cniwiki/ Disallow: /wiki/Special:Search Disallow: /wiki/Special:Random EOF
set default timezone
echo >> LocalSettings.php echo "## Set Default Timezone" >> LocalSettings.php echo "\$wgLocaltimezone = \"America/Los_Angeles\";" >> LocalSettings.php echo "\$oldtz = getenv(\"TZ\");" >> LocalSettings.php echo "putenv(\"TZ=\$wgLocaltimezone\");" >> LocalSettings.php echo "# Versions before 1.7.0 used \$wgLocalTZoffset as hours." >> LocalSettings.php echo "# After 1.7.0 offset as minutes" >> LocalSettings.php echo "\$wgLocalTZoffset = date(\"Z\") / 60;" >> LocalSettings.php echo "putenv(\"TZ=\$oldtz\");" >> LocalSettings.php
WebAuth for editing (OR see below)
## https://techcommons.stanford.edu/topics/mediawiki/anonymous-read-webauth-editing-mediawiki fetch https://github.com/mistermarco/mediawiki-webauth/raw/master/login.php fetch -o extensions/WebAuth.php https://github.com/mistermarco/mediawiki-webauth/raw/master/extensions/WebAuth.php ## comment lines 3-5 in login.php related to Stanford's common code base echo "<Files login.php>" >> .htaccess echo "AuthType WebAuth" >> .htaccess echo "Require valid-user" >> .htaccess echo "</Files>" >> .htaccess echo >> LocalSettings.php echo "## Require WebAuth login for editing" >> LocalSettings.php echo "require_once('extensions/WebAuth.php');" >> LocalSettings.php
WebAuth for viewing (OR see above)
## https://techcommons.stanford.edu/topics/mediawiki/mediawiki-installation-instructions echo "AuthType WebAuth" >> .htaccess echo "Require valid-user" >> .htaccess echo >> LocalSettings.php echo "## Require WebAuth login for viewing" >> LocalSettings.php echo "\$wgGroupPermissions['*']['createaccount'] = false;" >> LocalSettings.php echo "\$wgGroupPermissions['*']['read'] = false;" >> LocalSettings.php echo "\$wgGroupPermissions['*']['edit'] = false;" >> LocalSettings.php echo "require_once('extensions/Auth_remoteuser.php');" >> LocalSettings.php echo "\$wgAuth = new Auth_remoteuser();" >> LocalSettings.php
make one WebAuth login a wiki admin
## log into wiki to trigger account creation sqlite3 -header data/wikidb.sqlite SELECT * FROM user; # find user_id of intended admin (probably 2) SELECT * FROM user_groups; UPDATE user_groups SET ug_user=2 WHERE ug_user=1; SELECT * FROM user_groups; # double-check on wiki user list in browser DELETE FROM user WHERE user_id=1; # delete "WikiSysop" user .quit
upgrading MediaWiki
tar xvzf ~/mediawiki-1.16.4.tar.gz -C /usr/local/www/apache22/data/cniwiki --strip-components=1 cd /usr/local/www/apache22/data/cniwiki/maintenance/ php update.php cd /usr/local/www/apache22/data/cniwiki/ chown -R root:wheel . chown www LocalSettings.php chown -R www:www data chown -R www:www images chown root:wheel images/.htaccess images/README