MediaWiki Install
Jump to navigation
Jump to search
MediaWiki Install notes
This site and the other wiki's running on this server are updated and installed using a few scripts.
The mediawiki-install install script is for setting up a new site and it will take you through the install process, opening links for the web based install interface, and it will generate all the Apache and MediaWiki config files and it will generate a cacert.org csr which includes all the ServerNames and ServerAliases that Apache is using. If you have the MySQL root password then it'll also create the database for you.
The mediawiki-update script is a lot simpler and doesn't require any user interaction, just run it after a new version of the code has been extracted and symlinked.
mediawiki-install
This script is used for installing sites:
#!/bin/bash
# based on http://www.steverumberg.com/wiki/index.php/WikiHelp
BASE_DIR="/var/www/mediawiki-vhosts"
MEDIAWIKI_FILES="/var/www/mediawiki"
MEDIAWIKI_EXTRA_FILES="/var/www/mediawiki-extra-files"
HTTPD_VHOSTS_SSL_DIR="/etc/httpd/vhosts-ssl.d"
HTTPD_VHOSTS_DIR="/etc/httpd/vhosts.d"
WIKI_NAME="$1"
DATE=`date "+%Y-%m-%d_%H-%M-%S"`
RSYNC="rsync -qa"
# cacert variables
CERTS_DIR="/etc/httpd/conf/certs"
CERTS_DIR_NEW="$CERTS_DIR/.$DATE"
HOST="mediawiki"
COMMONNAME="wiki.aktivix.org"
# check for input
if [[ -z $1 ]]; then
echo "The first argument should be the new wiki SERVER_NAME"
exit
fi
# if the base directory doesn't exist then create it
if [[ ! -d $BASE_DIR ]]; then
mkdir -p $BASE_DIR
fi
if [[ -d $BASE_DIR/$WIKI_NAME ]]; then
echo "$WIKI_NAME exists, you may still want to run the web installer to upgrade"
echo "but you need to agree to LocalSettings.php to be deleted for the"
echo "web based upgrade to run, or you could use mediawiki-upgrade"
fi
# make the directory for the site
if [[ ! -d $BASE_DIR/$WIKI_NAME ]]; then
mkdir $BASE_DIR/$WIKI_NAME
fi
# change to the sites directory
cd $BASE_DIR/$WIKI_NAME
# create the images directory
if [[ ! -d images ]]; then
mkdir images
fi
# chown images
chown -R apache.apache images
# create the config directory
if [[ ! -d config ]]; then
mkdir config
fi
# chown config
chown -R apache.apache config
# copy the mediawiki files over
printf "Do you want to copy the files from $MEDIAWIKI_FILES? (y or return to skip): "
read RSYNC_FILES
if [[ "$RSYNC_FILES" = "y" ]]; then
$RSYNC --exclude 'config/' --exclude 'images/' --exclude 'favicon.ico' --exclude 'LocalSettings.php' --exclude 'AdminSettings.php' $MEDIAWIKI_FILES/ $BASE_DIR/$WIKI_NAME/
if [[ ! -d skins/common ]]; then
mkdir -p skins/common
fi
$RSYNC $MEDIAWIKI_FILES/skins/common/ $BASE_DIR/$WIKI_NAME/skins/common/
fi
# copy the mediawiki extra files over
printf "Do you want to copy the files from $MEDIAWIKI_EXTRA_FILES? (y or return to skip): "
read RSYNC_EXTRA_FILES
if [[ "$RSYNC_EXTRA_FILES" = "y" ]]; then
$RSYNC $MEDIAWIKI_EXTRA_FILES/ $BASE_DIR/$WIKI_NAME/
fi
# create a symlink for icons and favicon.ico
if [[ ! -e icons ]]; then
ln -s /var/www/icons
fi
if [[ ! -e favicon.ico ]]; then
ln -s images/favicon.ico
fi
# LocalSettings.php
if [[ -f LocalSettings.php ]]; then
printf "LocalSettings.php exists - back it up and regenerate it? (y or return to skip): "
read MV_LOCALSETTINGS
if [[ "$MV_LOCALSETTINGS" = "y" ]]; then
# backup old LocalSettings.php file
echo "When running the webbased installer you will need these values:"
grep wgDB LocalSettings.php
mv LocalSettings.php .LocalSettings.php.$DATE.bak
# delete the sym link to AdminSettings.php
if [[ -f AdminSettings.php ]]; then
rm AdminSettings.php
else
echo "AdminSettings.php didn't exist"
fi
fi
else
echo "LocalSettings.php didn't exist"
fi
# copy over the installer
cd $BASE_DIR/$WIKI_NAME/config
if [[ -e index.php ]]; then
echo "config/index.php already exists, skipping"
else
cp $MEDIAWIKI_FILES/config/index.php .
fi
if [[ -e LocalSettings.php ]]; then
echo "config/LocalSettings.php exists - this indicates that the last install didn't complete"
rm LocalSettings.php
fi
cd $BASE_DIR/$WIKI_NAME
# do you want the apache ssl config backed up?
HTTPD_SSL_CONF=$HTTPD_VHOSTS_SSL_DIR/$WIKI_NAME
if [[ -f $HTTPD_SSL_CONF ]]; then
printf "$HTTPD_SSL_CONF exists, do you want to back it up and regenerate it? (y or return to skip): "
read MV_HTTPD_SSL
if [[ "$MV_HTTPD_SSL" = "y" ]]; then
# backup old httpd.conf file
mv $HTTPD_SSL_CONF $HTTPD_VHOSTS_SSL_DIR/.$WIKI_NAME.$DATE.bak \
&& echo "$HTTPD_SSL_CONF has been moved to $HTTPD_VHOSTS_SSL_DIR/.$WIKI_NAME.$DATE.bak" \
|| echo "There was a problem moving $HTTPD_SSL_CONF to $HTTPD_VHOSTS_SSL_DIR/.$WIKI_NAME.$DATE.bak"
fi
fi
# do you want the apache config backed up?
HTTPD_CONF=$HTTPD_VHOSTS_DIR/$WIKI_NAME
if [[ -f $HTTPD_CONF ]]; then
printf "$HTTPD_CONF exists, do you want to back it up and regenerate it? (y or return to skip): "
read MV_HTTPD
if [[ "$MV_HTTPD" = "y" ]]; then
# backup old httpd.conf file
mv $HTTPD_CONF $HTTPD_VHOSTS_DIR/.$WIKI_NAME.$DATE.bak \
&& echo "$HTTPD_CONF has been moved to $HTTPD_VHOSTS_DIR/.$WIKI_NAME.$DATE.bak" \
|| echo "There was a problem moving $HTTPD_CONF to $HTTPD_VHOSTS_DIR/.$WIKI_NAME.$DATE.bak"
fi
fi
# if the apache ssl config doesn't exist then create it
if [[ ! -f $HTTPD_SSL_CONF ]]; then
# get Server_Alias'
echo "If you want any Server_Aliases please enter them now"
ALIAS=1 # bogus value to begin the loop
SERVER_ALIAS="" # sanitize
while [[ ! "$ALIAS" = "" ]]; do
printf "Server_Alias: "
read ALIAS
if [[ "$ALIAS" = "" ]]; then break; fi # end of input
if [[ "$SERVER_ALIAS" = "" ]]; then
SERVER_ALIAS="$ALIAS"
else
SERVER_ALIAS="$SERVER_ALIAS $ALIAS"
fi
done
# do we want the whole site password protected?
printf "Should the whole site be password protected? (y or return to skip): "
read HTAUTH
if [ "$HTAUTH" = "y" ]; then
# overwrite the existing htpasswd file?
if [[ -f .htpasswd ]]; then
printf "A .htpasswd file exists, do you want to delete it and recreate it? (y or return to skip): "
read RM_HTPASSWD_FILE
if [[ "$RM_HTPASSWD_FILE" = "y" ]]; then
shred -n 10 -u -z .htpasswd && echo ".htpasswd file shredded" || echo "There was a problem shredding the .htpasswd file"
fi
fi
# generate a new .htpasswd file, ask for the username
if [[ ! -f .htpasswd ]]; then
printf "Please enter the Username for access to the site: "
read HT_USERNAME
if [[ "$HT_USERNAME" ]]; then
# ask for the passwd
printf "Pleae enter the Password for access to the site: "
read HT_PASSWORD
if [[ "$HT_PASSWORD" ]]; then
htpasswd -nb $HT_USERNAME $HT_PASSWORD > .htpasswd \
&& echo ".htpasswd file created" \
|| echo "There was a problem creating the .htpasswd file"
else
echo "You didn't enter a Password!"
fi
else
echo "You didn't enter a Username!"
fi
fi
fi
(
cat <<EOF
# Mediawiki for $WIKI_NAME
# Installed on $DATE
# Generated by $0
<VirtualHost *:443>
ServerName $WIKI_NAME
EOF
) > $HTTPD_SSL_CONF
if [[ $SERVER_ALIAS ]]; then
(
cat <<EOF
ServerAlias $SERVER_ALIAS
EOF
) >> $HTTPD_SSL_CONF
fi
(
cat <<EOF
ServerSignature Off
UseCanonicalName On
CustomLog logs/$WIKI_NAME-ssl_access_log combined
ErrorLog logs/$WIKI_NAME-ssl_error_log
SSLEngine on
SSLCipherSuite HIGH
SSLProtocol all -SSLv2
SSLCertificateFile $CERTS_DIR/$HOST-cert.pem
SSLCertificateKeyFile $CERTS_DIR/$HOST-privatekey.pem
DocumentRoot "$BASE_DIR/$WIKI_NAME"
<Directory "$BASE_DIR/$WIKI_NAME">
DirectoryIndex index.php
AddType 'image/x-icon' .ico
AddHandler php5-script .php
AddType text/html .php
SSLOptions +StdEnvVars
AllowOverride None
EOF
) >> $HTTPD_SSL_CONF
# check if we have a .htpasswd file
if [[ -f .htpasswd ]]; then
(
cat <<EOF
AuthUserFile /var/www/mediawiki-vhosts/$WIKI_NAME/.htpasswd
AuthType Basic
AuthName "$WIKI_NAME is a private site"
require valid-user
order allow,deny
allow from all
EOF
) >> $HTTPD_SSL_CONF
else
(
cat <<EOF
order allow,deny
allow from all
EOF
) >> $HTTPD_SSL_CONF
fi
(
cat <<EOF
</Directory>
<Directory "$BASE_DIR/$WIKI_NAME/images">
Options Indexes
RemoveHandler .php
AllowOverride None
order allow,deny
allow from all
</Directory>
<Location /config>
Order deny,allow
Deny from all
Include conf/allow-hosts.conf
</Location>
<Location /includes>
Deny from all
</Location>
<Location /languages>
Deny from all
</Location>
<Location /maintenance>
Deny from all
</Location>
<Location /math>
Deny from all
</Location>
Include conf/error-docs.conf
Include conf/mediawiki-rewrite.conf
</VirtualHost>
EOF
) >> $HTTPD_SSL_CONF
# restart apache
/etc/init.d/httpd restart
fi
# do we want the site to be available via port 80?
if [[ -f .htpasswd ]]; then
# the site has a .htpasswd file therefore we don't want a port 80 VirtualHost since
# we are not going to transmit unencrypted passwords
# rm the port 80 virtual host if it exists
if [[ -f $HTTPD_CONF ]]; then
rm $HTTPD_CONF && echo "$HTTPD_CONF was deleted because this is a password protected site" || echo "there was a problem deleting $HTTPD_CONF"
fi
else
if [[ -f $HTTPD_CONF ]]; then
printf "$HTTPD_CONF doesn't exist, do you this wiki to be available read-only, unencrypted? (y or return to skip): "
read HTTPD_80
if [[ "$HTTPD_80" = "y" ]]; then
# get Server_Alias'
SERVER_ALIAS=`grep -h ServerAlias $HTTPD_VHOSTS_SSL_DIR/$HTTPD_SSL_CONF | sed s/ServerAlias//g `
(
cat <<EOF
# Mediawiki for $WIKI_NAME
# Installed on $DATE
# Generated by $0
<VirtualHost *:80>
ServerName $WIKI_NAME
EOF
) > $HTTPD_CONF
if [[ $SERVER_ALIAS ]]; then
(
cat <<EOF
ServerAlias $SERVER_ALIAS
EOF
) >> $HTTPD_CONF
fi
(
cat <<EOF
ServerSignature Off
UseCanonicalName On
CustomLog logs/$WIKI_NAME-_access_log combined
ErrorLog logs/$WIKI_NAME-_error_log
DocumentRoot "$BASE_DIR/$WIKI_NAME"
<Directory "$BASE_DIR/$WIKI_NAME">
DirectoryIndex index.php
AddType 'image/x-icon' .ico
AddHandler php5-script .php
AddType text/html .php
SSLOptions +StdEnvVars
AllowOverride None
order allow,deny
allow from all
</Directory>
<Directory "$BASE_DIR/$WIKI_NAME/images">
Options Indexes
RemoveHandler .php
AllowOverride None
order allow,deny
allow from all
</Directory>
<Location /config>
Order deny,allow
Deny from all
Include conf/allow-hosts.conf
</Location>
<Location /includes>
Deny from all
</Location>
<Location /languages>
Deny from all
</Location>
<Location /maintenance>
Deny from all
</Location>
<Location /math>
Deny from all
</Location>
Include conf/error-docs.conf
Include conf/mediawiki-rewrite.conf
</VirtualHost>
EOF
) >> $HTTPD_CONF
# restart apache
/etc/init.d/httpd restart
fi
fi
fi
# open the web based installer
printf "Open the webbased installer using elinks? (y or return to skip): "
read WEB_INSTALLER
if [[ "$WEB_INSTALLER" = "y" ]]; then
elinks https://$WIKI_NAME/config/index.php
fi
# move the new config file into place
# and munge it
if [[ -f config/LocalSettings.php ]]; then
# change some lines and delete the ?> at the end of the file
# not all these lines are now needed
sed '
s/^\$wgScript = "\$wgScriptPath\/index.php";/$wgScript = "\/index.php";/
s/^\$wgScriptPath = "";/$wgScriptPath = "";/
s/^\$wgScriptPath = "\/mediawiki";/$wgScriptPath = "";/
s/^\$wgRedirectScript = "\$wgScriptPath\/redirect.php";/$wgRedirectScript = "\/redirect.php";/
s/^\$wgArticlePath = "\$wgScript?title=\$1";/$wgArticlePath = "\/$1";/
s/^\$wgArticlePath = "\$wgScript\/\$1";/$wgArticlePath = "\/$1";/
s/^\$wgStylePath = "\$wgScriptPath\/skins";/$wgStylePath = "\/skins";/
s/^\$wgLogo = "\$wgStylePath\/common\/images\/wiki.png";/$wgLogo = "\/images\/wiki.png";/
s/^\$wgUploadPath = "\$wgScriptPath\/images";/$wgUploadPath = "\/images";/
s/^\$wgEnableUploads = false;/$wgEnableUploads = true;/
/^\?>$/d
' config/LocalSettings.php > LocalSettings.php
# add some more rules to the end of the file
(
cat <<EOF
# file types for uploads
\$wgUploadSizeWarning = 6000 * 3000;
\$wgMimeDetectorCommand = "file -bi";
\$wgFileExtensions = array( 'avi', 'mp3', 'rm', 'mpg', 'mpeg', 'mp4', 'svg', 'png', 'gif', 'jpg', 'jpeg', 'pdf', 'rtf', 'doc', 'txt', 'ppt', 'odp', 'odc', 'odf', 'odg', 'odi', 'odif', 'odm', 'ods', 'odt', 'otc', 'otf', 'otg', 'oth', 'oti', 'otp', 'ots', 'ott', 'psd', 'ai', 'eps', 'tif');
# Config for nice URL's
\$wgScript = "/index.php";
\$wgRedirectScript = "/redirect.php";
\$wgArticlePath = "/\$1";
# Logo
\$wgLogo = "/images/wiki.png";
# No anonymous editing allowed -
\$wgGroupPermissions['*']['edit'] = false;
# allow users to be banned
\$wgSysopUserBans = true;
# spambot
\$wgSpamRegex="/overflow:.*auto|display:.*none|wifiguide.org/";
# Mediawiki for $WIKI_NAME
# Installed on $DATE
# Generated by $0
# Don't manually edit this file since an upgrade will overwrite it!
?>
EOF
) >> LocalSettings.php
else
echo "Something might have gone wrong, no $BASE_DIR/$WIKI_NAME/config/LocalSettings.php file was generated"
fi
# delete the installer
rm -rf config/
# reinstate the AdminSettings.php symlink
if [[ -e AdminSettings.php ]]; then
echo "AdminSettings.php exists already"
else
cp -a $MEDIAWIKI_EXTRA_FILES/AdminSettings.php .
fi
# generate a csr
printf "Generate a new cacert.org cert? (y or return to skip): "
read CACERT_GEN
if [[ "$CACERT_GEN" = "y" ]]; then
# http://wiki.cacert.org/wiki/VhostTaskForce#head-5868dc7fb125370f7ae8931cd77f03aeb966ad53
# be safe about permissions
LASTUMASK=`umask`
umask 077
# if the certs directory doesn't exist then create it
if [[ ! -d $CERTS_DIR_NEW ]]; then
mkdir -p $CERTS_DIR_NEW
fi
# create a config file for openssl
CONFIG=`mktemp -q /tmp/openssl-conf.XXXXXXXX`
if [[ ! $? -eq 0 ]]; then
echo "Could not create temporary config file. exiting"
exit 1
fi
# get the ServerNames
SERVER_NAMES=`grep -h ServerName $HTTPD_VHOSTS_SSL_DIR/* | sed s/ServerName//g `
for name in $SERVER_NAMES
do
if [[ "$SANAMES" = "" ]]; then
SANAMES="DNS:$name"
else
SANAMES="$SANAMES, DNS:$name"
fi
done
# get the ServerAliases
SERVER_ALIASES=`grep -h ServerAlias $HTTPD_VHOSTS_SSL_DIR/* | sed s/ServerAlias//g `
for name in $SERVER_ALIASES
do
if [[ "$SANAMES" = "" ]]; then
SANAMES="DNS:$name"
else
SANAMES="$SANAMES, DNS:$name"
fi
done
# Config File Generation
cat <<EOF > $CONFIG
# -------------- BEGIN custom openssl.cnf -----
HOME = $CERTS_DIR_NEW
oid_section = new_oids
[ new_oids ]
[ req ]
default_days = 730
default_keyfile = $CERTS_DIR_NEW/${HOST}-privatekey.pem
distinguished_name = req_distinguished_name
encrypt_key = no
string_mask = nombstr
req_extensions = v3_req
[ req_distinguished_name ]
commonName = Common Name (eg, YOUR name)
commonName_default = $COMMONNAME
commonName_max = 64
[ v3_req ]
EOF
if [[ ! "$SANAMES" = "" ]]; then
echo "subjectAltName = $SANAMES" >> $CONFIG
fi
echo "# -------------- END custom openssl.cnf -----" >> $CONFIG
echo "Running OpenSSL..."
openssl req -batch -config $CONFIG -newkey rsa:2048 -out ${CERTS_DIR_NEW}/${HOST}-csr.pem
echo "Copy the following Certificate Request and paste into CAcert website to obtain a Certificate."
echo "When you receive your certificate, you save it to"
echo "${CERTS_DIR_NEW}/${HOST}-cert.pem"
echo
cat ${CERTS_DIR_NEW}/${HOST}-csr.pem
echo
echo The Certificate request is also available in ${CERTS_DIR_NEW}/${HOST}-csr.pem
echo The Private Key is stored in ${CERTS_DIR_NEW}/${HOST}-privatekey.pem
echo These will all need moving to ${CERTS_DIR}, like this:
echo mv ${CERTS_DIR_NEW}/\* ${CERTS_DIR}/
echo
rm $CONFIG
#restore umask
umask $LASTUMASK
fi
echo "Now test your wiki! https://$WIKI_NAME/"
mediawiki-upgrade
Download the latest release from http://www.mediawiki.org/ into /var/www/ and then extract it, delete the mediawiki symlink and link to the new directory, for example:
cd /var/www/
wget http://download.wikimedia.org/mediawiki/1.15/mediawiki-1.15.0.tar.gz
tar -zxvf mediawiki-1.15.0.tar.gz
rm mediawiki
ln -s mediawiki-1.15.0 mediawiki
The run the upgrade script:
#!/bin/bash
BASE_DIR="/var/www/mediawiki-vhosts"
MEDIAWIKI_FILES="/var/www/mediawiki"
WIKIS=`ls $BASE_DIR`
# rsync the files
for name in $WIKIS
do
echo ""
echo "Updating the files for $name"
rsync -aq --exclude favicon.ico --exclude images --exclude config --exclude LocalSettings.php --exclude AdminSettings.php /var/www/mediawiki/ $BASE_DIR/$name/
done
# run the database upgrade
for name in $WIKIS
do
cd $BASE_DIR/$name/maintenance
echo ""
echo "Updating the database for $name"
php update.php
echo "Updating the links tables for $name"
php refreshLinks.php
done
mediawiki-rewrite.conf
This bit of Apache configuration is Included into the port 443 and port 80 VirtualHosts:
# Allow rewriting URLs
RewriteEngine On
# Logins
RewriteCond %{SERVER_PORT} !443
RewriteRule ^/Special:UserLogin(.*) https://%{SERVER_NAME}/Special:UserLogin$1 [R,L]
RewriteRule ^/Spezial:Anmelden(.*) https://%{SERVER_NAME}/Spezial:Anmelden$1 [R,L]
RewriteCond %{SERVER_PORT} !443
RewriteCond %{QUERY_STRING} ^(.*)title=Spezial:Anmelden [OR]
RewriteCond %{QUERY_STRING} ^(.*)title=Special:UserLogin [OR]
RewriteCond %{QUERY_STRING} ^(.*)title=Special:Userlogin
RewriteRule ^/(.*) https://%{SERVER_NAME}/index.php?%{QUERY_STRING} [L,R]
# Static files
RewriteCond %{REQUEST_URI} !^/(config|skins|images|icons|error)/
RewriteCond %{REQUEST_URI} !^/(index|redirect|api|opensearch_desc|profileinfo|redirect|thumb|trackback).php
RewriteCond %{REQUEST_URI} !^/favicon.ico
RewriteCond %{REQUEST_URI} !^/robots.txt
RewriteRule ^/(.*) /index.php/$1 [L]