Web Server

The web server is based on a Ubuntu 12.04 server machine with the following additional configuration.

## Install packages
apt-get install apache2 php5 libapache2-mod-wsgi libapache2-webauth mysql-server php5-mysql php5-gd 

## Configure

## update AllowOverride for DocumentRoot to 'AllowOverride All'
## update Options for DocumentRoot to 'Options FollowSymLinks'
vim /etc/apache2/sites-enabled/000-default
vim /etc/apache2/sites-enabled/default-ssl

## Apache config for webauth
echo 'WebAuthLoginURL  https://weblogin.stanford.edu/login/' >> /etc/apache2/conf.d/webauth
echo 'WebAuthWebKdcURL https://weblogin.stanford.edu/webkdc-service/' >> /etc/apache2/conf.d/webauth
echo 'WebAuthWebKdcPrincipal service/webkdc@stanford.edu' >> /etc/apache2/conf.d/webauth
a2enmod webauth
service apache2 restart

## generate keytab on corn; http://webauth.stanford.edu/install-stanford.html
ssh gsfr@corn 'wallet -f keytab.cniwww get keytab webauth/cniwww.stanford.edu'

## scp keytab to /usr/local/etc/apache22/conf/webauth/keytab (must create conf/webauth)
mkdir -p /usr/local/etc/apache22/conf/webauth
chown www:www !$
scp gsfr@corn:keytabs/keytab.cniwww !$/keytab
chmod 640 !$

cd /usr/local/etc/apache22
openssl req -new -x509 -newkey rsa:2048 -nodes -days 3652 -keyout server.key -out server.crt    # self-signed cert; common name is FQDN
openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr                     # cert signing request (not required)
chmod 400 server.key

sed -E -i "" -e 's!#(Include.*httpd-ssl.conf)!\1!' httpd.conf
sed -E -i "" -e 's!(WebAuth.* )(conf/webauth/[a-z_]+)!\1etc/apache22/\2!' Includes/stanford-webauth.conf
sed -E -i "" -e 's!(WebAuth.* )(conf/webauth/[a-z_]+)!\1etc/apache22/\2!' Includes/stanford-ldap.conf

service apache2 restart

portmaster lang/php5-extensions

## place a recent copy of MediaWiki in /usr/local/www/apache22/data/cniwiki
## get Stanford Modern skin: http://www.stanford.edu/dept/its/communications/webservices/wiki/index.php/Stanford_Modern_MediaWiki_Skin

cd /usr/local/www/apache22/data/cniwiki
fetch -o extensions http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions/Auth_remoteuser/Auth_remoteuser.php
cp -a ~/MWSkin_StanfordModern/stanfordmodern1* skins/
chown -R root:wheel .
chmod a+w config

## set up wiki in browser; warning re session.save_path is fine
mv config/LocalSettings.php .
chmod 600 LocalSettings.php
rm -r config

sed -E -i -e 's/(^\$wgDefaultSkin =) .*/\1 "stanfordmodern1";/' LocalSettings.php
sed -E -i -e 's/(\$wgAuthRemoteuserMailDomain =).*/\1 "stanford.edu";/' extensions/Auth_remoteuser.php
sed -E -i -e 's/(.*)static( function getCanonicalName.*)/\1\2/' extensions/Auth_remoteuser.php

## update stanfordmodern1: monospace code; slightly darker box background
sed -E -i -e $'s!code {!& \\\n\tfont-family: monospace;!' skins/stanfordmodern1/main.css
sed -E -i -e 's/f9f9f9/e5e5e5/g' skins/stanfordmodern1/main.css

## add these lines to LocalSettings.php below $wgScriptPath
$wgArticlePath      = "/wiki/$1";
$wgUsePathInfo      = true;

echo "Alias /wiki /usr/local/www/apache22/data/cniwiki/index.php" > /usr/local/etc/apache22/Includes/mediawiki.conf
/usr/local/etc/rc.d/apache22 graceful

cat << EOF >> /usr/local/www/apache22/data/robots.txt
User-agent: *
Disallow: /cniwiki/
Disallow: /wiki/Special:Search
Disallow: /wiki/Special:Random
EOF

echo >> LocalSettings.php
echo "## Set Default Timezone" >> LocalSettings.php
echo "\$wgLocaltimezone = \"America/Los_Angeles\";" >> LocalSettings.php
echo "\$oldtz = getenv(\"TZ\");" >> LocalSettings.php
echo "putenv(\"TZ=\$wgLocaltimezone\");" >> LocalSettings.php
echo "# Versions before 1.7.0 used \$wgLocalTZoffset as hours." >> LocalSettings.php
echo "# After 1.7.0 offset as minutes" >> LocalSettings.php
echo "\$wgLocalTZoffset = date(\"Z\") / 60;" >> LocalSettings.php
echo "putenv(\"TZ=\$oldtz\");" >> LocalSettings.php

## https://techcommons.stanford.edu/topics/mediawiki/anonymous-read-webauth-editing-mediawiki

fetch https://github.com/mistermarco/mediawiki-webauth/raw/master/login.php
fetch -o extensions/WebAuth.php https://github.com/mistermarco/mediawiki-webauth/raw/master/extensions/WebAuth.php

## comment lines 3-5 in login.php related to Stanford's common code base

echo "<Files login.php>" >> .htaccess
echo "AuthType WebAuth" >> .htaccess
echo "Require valid-user" >> .htaccess
echo "</Files>" >> .htaccess

echo >> LocalSettings.php
echo "## Require WebAuth login for editing" >> LocalSettings.php
echo "require_once('extensions/WebAuth.php');" >> LocalSettings.php

## https://techcommons.stanford.edu/topics/mediawiki/mediawiki-installation-instructions

echo "AuthType WebAuth" >> .htaccess
echo "Require valid-user" >> .htaccess

echo >> LocalSettings.php
echo "## Require WebAuth login for viewing" >> LocalSettings.php
echo "\$wgGroupPermissions['*']['createaccount']   = false;" >> LocalSettings.php
echo "\$wgGroupPermissions['*']['read']            = false;" >> LocalSettings.php
echo "\$wgGroupPermissions['*']['edit']            = false;" >> LocalSettings.php
echo "require_once('extensions/Auth_remoteuser.php');" >> LocalSettings.php
echo "\$wgAuth = new Auth_remoteuser();" >> LocalSettings.php

## log into wiki to trigger account creation
sqlite3 -header data/wikidb.sqlite
SELECT * FROM user;                                 # find user_id of intended admin (probably 2)
SELECT * FROM user_groups;
UPDATE user_groups SET ug_user=2 WHERE ug_user=1;
SELECT * FROM user_groups;                          # double-check on wiki user list in browser
DELETE FROM user WHERE user_id=1;                   # delete "WikiSysop" user
.quit

tar xvzf ~/mediawiki-1.16.4.tar.gz -C /usr/local/www/apache22/data/cniwiki --strip-components=1
cd /usr/local/www/apache22/data/cniwiki/maintenance/
php update.php

cd /usr/local/www/apache22/data/cniwiki/
chown -R root:wheel .
chown www LocalSettings.php
chown -R www:www data
chown -R www:www images 
chown root:wheel images/.htaccess images/README