Web Server: Difference between revisions

From CNI Wiki
Jump to navigation Jump to search
Newer edit →
imported>Gsfr
imported>Gsfr
Created page with "The web server is based on a standard FreeBSD 8.2 installation with the following additional configuration. == Apache, etc. == portmaster devel/git ..."
 
imported>Gsfr
No edit summary
Line 68: Line 68:
  portmaster lang/php5-extensions
  portmaster lang/php5-extensions
   
   
  # place a recent copy of MediaWiki in /usr/local/www/apache22/data/wiki
  # place a recent copy of MediaWiki in /usr/local/www/apache22/data/cniwiki
  # get Auth_remoteuser extension from http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER
  # get Auth_remoteuser extension from http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER
  # https://techcommons.stanford.edu/topics/mediawiki/mediawiki-installation-instructions
  # https://techcommons.stanford.edu/topics/mediawiki/mediawiki-installation-instructions
   
   
  cd /usr/local/www/apache22/data/wiki
  cd /usr/local/www/apache22/data/cniwiki
  cp ~/Auth_remoteuser/Auth_remoteuser.php extensions/
  cp ~/Auth_remoteuser/Auth_remoteuser.php extensions/
  cp -R ~/MWSkin_StanfordModern/stanfordmodern1* skins/
  cp -R ~/MWSkin_StanfordModern/stanfordmodern1* skins/
Line 86: Line 86:
  sed -E -i '' -e 's/(\$wgAuthRemoteuserMailDomain =).*/\1 "stanford.edu";/' extensions/Auth_remoteuser.php
  sed -E -i '' -e 's/(\$wgAuthRemoteuserMailDomain =).*/\1 "stanford.edu";/' extensions/Auth_remoteuser.php
  sed -E -i '' -e 's/(.*)static( function getCanonicalName.*)/\1\2/' extensions/Auth_remoteuser.php
  sed -E -i '' -e 's/(.*)static( function getCanonicalName.*)/\1\2/' extensions/Auth_remoteuser.php
=== configure [http://www.mediawiki.org/wiki/Manual:Short_URL short URLs] ===
## add these lines to LocalSettings.php below $wgScriptPath
$wgArticlePath      = "/wiki/$1";
$wgUsePathInfo      = true;
echo "Alias /wiki /usr/local/www/apache22/data/cniwiki/index.php" > /usr/local/etc/apache22/Includes/mediawiki.conf
/usr/local/etc/rc.d/apache22 graceful
cat << EOF >> /usr/local/www/apache22/data/robots.txt
User-agent: *
Disallow: /cniwiki/
Disallow: /wiki/Special:Search
Disallow: /wiki/Special:Random
EOF


=== set default timezone ===
=== set default timezone ===
Line 135: Line 150:
  .quit
  .quit


=== short URLs ===
=== upgrading MediaWiki ===
Set up [http://www.mediawiki.org/wiki/Manual:Short_URL short URLs] according to the "Recommended how-to guide (setup used on Wikipedia)".
tar xvzf ~/mediawiki-1.16.4.tar.gz -C /usr/local/www/apache22/data/cniwiki --strip-components=1
cd /usr/local/www/apache22/data/cniwiki/maintenance/
php update.php
chown -R root:wheel .
chown www LocalSettings.php
chown -R www:www data
chown -R www:www images
chown root:wheel images/.htaccess images/README

Revision as of 04:48, 21 April 2011

The web server is based on a standard FreeBSD 8.2 installation with the following additional configuration.

Apache, etc.

portmaster devel/git                                # disable everything but ICONV, CURL
                                                    # ftp/curl: disable IPV6, PROXY
portmaster net/rsync

portmaster www/apache22-worker-mpm                  # enable THREADS, SQLITE; disable IPV6, DAV, DAV_FS
                                                    # devel/apr1: enable SQLITE; disable IPV6, BDB, GDBM
                                                    # lang/python27: disable IPV6
portmaster www/mod_wsgi3
portmaster lang/php5-extensions                     # lang/php5: enable APACHE; disable IPV6


sed -E -i  -e 's/(.*DirectoryIndex) (index.html)/\1 index.php \2/' /usr/local/etc/apache22/httpd.conf

cat << EOF >> /usr/local/etc/apache22/httpd.conf

<IfModule php5_module>
    AddType application/x-httpd-php .php
    AddType application/x-httpd-php-source .phps
</IfModule>
EOF

## by hand, update AllowOverride for DocumentRoot to 'AllowOverride Options AuthConfig'


WebAuth

portmaster security/krb5                            # disable KRB5_DOC, WANT_HTML
fetch -o /etc/krb5.conf http://www.stanford.edu/dept/its/support/kerberos/dist/krb5.conf

git clone git://git.eyrie.org/kerberos/webauth.git
cd webauth
./autogen
./configure --disable-mod_webauthldap --with-krb5=/usr/local
make
make check                                          # krb5, wa_keyring, xmalloc skipped; krb5-tgt ABORTED
make install
cp conf/stanford-webauth.conf /usr/local/etc/apache22/Includes

# generate keytab on corn; http://webauth.stanford.edu/install-stanford.html
ssh gsfr@corn 'wallet -f keytab.cniwww get keytab webauth/cniwww.stanford.edu'
# scp keytab to /usr/local/etc/apache22/conf/webauth/keytab (must create conf/webauth)
mkdir -p /usr/local/etc/apache22/conf/webauth; cd /usr/local/etc/apache22/conf/webauth
scp gsfr@corn:keytab.cniwww keytab

cd /usr/local/etc/apache22
openssl req -new -x509 -newkey rsa:2048 -nodes -days 3652 -keyout server.key -out server.crt    # self-signed cert; common name is FQDN
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr                     # cert signing request (not required)

sed -E -i  -e 's!#(Include.*httpd-ssl.conf)!\1!' httpd.conf      # enable ssl for apache
sed -E -i  -e 's!(WebAuth.* )(conf/webauth/[a-z_]+)!\1etc/apache22/\2!' Includes/stanford-webauth.conf

/usr/local/etc/rc.d/apache22 start

chgrp www conf/webauth
chmod 775 conf/webauth

chgrp www conf/webauth/keytab
chmod 640 conf/webauth/keytab

touch     conf/webauth/keyring
chgrp www conf/webauth/keyring
chmod 660 conf/webauth/keyring


MediaWiki

portmaster lang/php5-extensions

# place a recent copy of MediaWiki in /usr/local/www/apache22/data/cniwiki
# get Auth_remoteuser extension from http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER
# https://techcommons.stanford.edu/topics/mediawiki/mediawiki-installation-instructions

cd /usr/local/www/apache22/data/cniwiki
cp ~/Auth_remoteuser/Auth_remoteuser.php extensions/
cp -R ~/MWSkin_StanfordModern/stanfordmodern1* skins/
chown -R root:wheel .
chmod a+w config

# set up wiki in browser; warning re session.save_path is fine
mv config/LocalSettings.php .
chmod 600 LocalSettings.php
rm -r config

sed -E -i  -e 's/(^\$wgDefaultSkin =) .*/\1 "stanfordmodern1";/' LocalSettings.php
sed -E -i  -e 's/(\$wgAuthRemoteuserMailDomain =).*/\1 "stanford.edu";/' extensions/Auth_remoteuser.php
sed -E -i  -e 's/(.*)static( function getCanonicalName.*)/\1\2/' extensions/Auth_remoteuser.php

configure short URLs

## add these lines to LocalSettings.php below $wgScriptPath
$wgArticlePath      = "/wiki/$1";
$wgUsePathInfo      = true;

echo "Alias /wiki /usr/local/www/apache22/data/cniwiki/index.php" > /usr/local/etc/apache22/Includes/mediawiki.conf
/usr/local/etc/rc.d/apache22 graceful

cat << EOF >> /usr/local/www/apache22/data/robots.txt
User-agent: *
Disallow: /cniwiki/
Disallow: /wiki/Special:Search
Disallow: /wiki/Special:Random
EOF

set default timezone

echo >> LocalSettings.php
echo "## Set Default Timezone" >> LocalSettings.php
echo "\$wgLocaltimezone = \"America/Los_Angeles\";" >> LocalSettings.php
echo "\$oldtz = getenv(\"TZ\");" >> LocalSettings.php
echo "putenv(\"TZ=\$wgLocaltimezone\");" >> LocalSettings.php
echo "# Versions before 1.7.0 used \$wgLocalTZoffset as hours." >> LocalSettings.php
echo "# After 1.7.0 offset as minutes" >> LocalSettings.php
echo "\$wgLocalTZoffset = date(\"Z\") / 60;" >> LocalSettings.php
echo "putenv(\"TZ=\$oldtz\");" >> LocalSettings.php

WebAuth for editing (OR see below)

fetch https://github.com/mistermarco/mediawiki-webauth/raw/master/login.php
fetch -o extensions/WebAuth.php https://github.com/mistermarco/mediawiki-webauth/raw/master/extensions/WebAuth.php

## comment lines 3-5 in login.php related to Stanford's common code base

echo "<Files login.php>" >> .htaccess
echo "AuthType WebAuth" >> .htaccess
echo "Require valid-user" >> .htaccess
echo "</Files>" >> .htaccess

echo >> LocalSettings.php
echo "## Require WebAuth login for editing" >> LocalSettings.php
echo "require_once('extensions/WebAuth.php');" >> LocalSettings.php

WebAuth for viewing (OR see above)

echo "AuthType WebAuth" >> .htaccess
echo "Require valid-user" >> .htaccess

echo >> LocalSettings.php
echo "## Require WebAuth login for viewing" >> LocalSettings.php
echo "\$wgGroupPermissions['*']['createaccount']   = false;" >> LocalSettings.php
echo "\$wgGroupPermissions['*']['read']            = false;" >> LocalSettings.php
echo "\$wgGroupPermissions['*']['edit']            = false;" >> LocalSettings.php
echo "require_once('extensions/Auth_remoteuser.php');" >> LocalSettings.php
echo "\$wgAuth = new Auth_remoteuser();" >> LocalSettings.php

make one WebAuth login a wiki admin

## log into wiki to trigger account creation
sqlite3 -header data/wikidb.sqlite
SELECT * FROM user;                                 # find user_id of intended admin (probably 2)
SELECT * FROM user_groups;
UPDATE user_groups SET ug_user=2 WHERE ug_user=1;
SELECT * FROM user_groups;                          # double-check on wiki user list in browser
DELETE FROM user WHERE user_id=1;                   # delete "WikiSysop" user
.quit

upgrading MediaWiki

tar xvzf ~/mediawiki-1.16.4.tar.gz -C /usr/local/www/apache22/data/cniwiki --strip-components=1
cd /usr/local/www/apache22/data/cniwiki/maintenance/
php update.php

chown -R root:wheel .
chown www LocalSettings.php
chown -R www:www data
chown -R www:www images 
chown root:wheel images/.htaccess images/README
Retrieved from "http://cni.su.domains/wiki/index.php?title=Web_Server&oldid=1095"