From Funtoo
Revision as of 18:57, 24 June 2014 by Drobbins (Talk | contribs)

Jump to: navigation, search


Source Repository:Gentoo Portage Tree



This page documents how to set up MediaWiki on Funtoo Linux, from a bare stage3 install with network connectivity. We will use Nginx, xcache and PHP-FPM, which will result in very good performance. We will also properly secure MediaWiki, and also cover some additional tips and tricks, focusing on spam reduction.

Portage Settings

Add the following line to /etc/make.conf:


Add the following lines to /etc/portage/package.use/php:

dev-lang/php curl exif fpm gd mysql mysqli sockets suhosin threads intl xmlreader xmlwriter
>=dev-php/xcache-2.0.0 php_targets_php5-4


Emerge xcache, and we'll also emerge metalog and postfix. This should pull in MySQL as well as php-5.4:

# emerge --jobs xcache metalog postfix

Start and Configure Services

Time to configure MySQL with a root password, start it, secure it, and enable it to start at boot. We'll also start metalog and postfix:

# emerge --config mysql
# rc-update add mysql default
# rc-update add metalog default
# rc-update add postfix default
# rc
# mysql_secure_installation

Database Setup

Now, let's create a database named mediawiki for use by MediaWiki, and a mediawiki@localhost user to access this database, using a password of wikifever:

# mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.1.62-log Gentoo Linux mysql-5.1.62-r1

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database mediawiki;
Query OK, 1 row affected (0.01 sec)

mysql> grant index, create, select, insert, update, delete, alter, lock tables on mediawiki.* to 'mediawiki'@'localhost' identified by 'wikifever';
Query OK, 0 rows affected (0.01 sec)

mysql> \q

Nginx Setup

We will use nginx as our Web server. Let's emerge it:

# emerge --jobs nginx

User and Group

When we run our wiki, we will run it as the docs user, for security. Let's set up a docs user and group:

# groupadd docs
# useradd -g docs --home /home/docs docs
# install -d /home/docs
# chown -R docs:docs /home/docs

Set up PHP

As our last major configuration step, we will configure the PHP FastCGI Process Manager by creating a /etc/php/fpm-php5.4/php-fpm.conf file with the following contents (existing contents can be deleted):

error_log = /var/log/php-fpm.log
log_level = notice

listen = /var/run/docs.php-fpm.socket
listen.allowed_clients =
listen.owner = docs = nginx
listen.mode = 0660
user = docs
group = docs
pm = dynamic
pm.max_children = 16
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 2
pm.max_requests = 500
php_admin_value[open_basedir] = /home/docs/public_html:/tmp
php_admin_value[error_log] = /home/docs/php-errors.log
php_admin_value[disable_functions] = exec, system, shell_exec, passthru, popen, dl, curl_multi_exec, posix_getpwuid, 
 disk_total_space, disk_free_space, escapeshellcmd, escapeshellarg, eval, get_current_user, getmyuid, getmygid, 
 posix_getgrgid, parse_ini_file, proc_get-status, proc_nice, proc_terminate, suexec, pclose, virtual, set_time_limit, show_source

This configuration file tells PHP to use the docs user when running MediaWiki. Please note that the last line is very long - I have split it into 3 lines for readability on this wiki, but you should combine them into a single line in your configuration file. The line should start with php_admin_value[disable_functions] and end with show_source.

Configure Nginx

Oh! Now we need to configure nginx to serve pages as the docs user. Assuming your site is named, create a /etc/nginx/sites-available/ file with the following contents:

server {
        listen 80;

        access_log /var/log/nginx/ main;
        error_log /var/log/nginx/ error;
        root /home/docs/public_html;
        index index.html index.php;

        # uncomment this if you want to htpasswd-protect your site while you set it up initially
        # auth_basic "Ninjas allowed only";
        # auth_basic_user_file /etc/nginx/;

location ~* ^(.*)(install.php|LocalSettings.php|\.git) { deny all; }

location ~* \.php$ {
        #set $https "off"; 
        #if ($scheme = https) { set $https "on"; }
        #fastcgi_param HTTPS $https;

        try_files       $uri    @404;
        fastcgi_param   GATEWAY_INTERFACE  CGI/1.1;
        fastcgi_param   SERVER_SOFTWARE    nginx;
        fastcgi_param   QUERY_STRING       $query_string;
        fastcgi_param   REQUEST_METHOD     $request_method;
        fastcgi_param   CONTENT_TYPE       $content_type;
        fastcgi_param   CONTENT_LENGTH     $content_length;
        fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
        fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
        fastcgi_param   REQUEST_URI        $request_uri;
        fastcgi_param   DOCUMENT_URI       $document_uri;
        fastcgi_param   DOCUMENT_ROOT      $document_root;
        fastcgi_param   SERVER_PROTOCOL    $server_protocol;
        fastcgi_param   REMOTE_ADDR        $remote_addr;
        fastcgi_param   REMOTE_PORT        $remote_port;
        fastcgi_param   SERVER_ADDR        $server_addr;
        fastcgi_param   SERVER_PORT        $server_port;
        fastcgi_param   SERVER_NAME;

        fastcgi_pass    unix:/var/run/docs.php-fpm.socket;
        fastcgi_index   index.php;

# this will secure the MediaWiki uploads against arbitrary PHP injection attacks:
location /images/ {
        location ~.*\.(php)?$ {
                deny all;

location @404 {
        return 404;

location / {
        try_files $uri $uri/ @mediawiki;

location @mediawiki {
        rewrite ^/([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;


Enable Ngnix and PHP-FPM

Now, let's enable nginx to serve our site, and also be sure to enable php-fpm:

# cd /etc/nginx/sites-enabled
# ln -s ../sites-available/
# rc-update add nginx default
# rc-update add php-fpm default
# rc
 * Starting PHP FastCGI Process Manager ...                                                            [ ok ]
 * Starting nginx ...                                                                                  [ ok ]

Download MediaWiki

We're getting close. Now, head to and copy the link address for the latest version of MediaWiki, currently 1.19.1 at the time this was written. Let's download the archive to /var/tmp:

# cd /var/tmp
# wget

Extract MediaWiki

We now have all the Web, database and email infrastructure enabled that we need. Heading to the IP address of your server should result in a 404 - Not Found error in your Web browser. Time to extract and configure MediaWiki itself:

# su docs
$ cd /var/tmp
$ tar xvf ./mediawiki-1.19.1.tar.gz
$ mv mediawiki-1.19.1 ~/public_html

MediaWiki from GIT

Alternatively, we can download the code from the git repository:

# su docs
$ cd ~
$ git clone public_html

Specific stable versions of MediaWiki are tracked using 'tags'. These are analogous to the tarball releases. We can see the versions available with:

$ cd public_html
$ git tag -l | sort -V

To use a specific tag (1.19.1):

$ git checkout 1.19.1

Initial Web Config

You will now be able to load the URL of your server in your Web browser and configure MediaWiki through the Web user interface. Complete the full installation process and be sure to specify that you are using XCache for caching. Once you go through this process, the Web installation process will provide you with a LocalSettings.php file, which you should place in /home/docs/public_html. The LocalSettings.php file can also be manually edited and used to enable MediaWiki features and extensions.

Tips and Tricks


By default, MediaWiki pages will have a URL of With a few minor tweaks, you can tell MediaWiki to use instead. Here's how. Open up LocalSettings.php and search for the $wgScriptPath line. This part of the config will look like this:

$wgScriptPath       = "";
$wgScriptExtension  = ".php";

Change this part of the file to look like this:

$wgScriptPath       = "";
$wgArticlePath      = "/$1";
$wgUsePathInfo      = true;
$wgScriptExtension  = ".php";

The old-style URLs will still work, but the shorter more intuitive URLs will now be used for all wiki links.


You may find that your wiki is the target of spammers. The easiest way to combat spam is to set $wgSpamRegex in LocalSettings.php, like so:

$wgSpamRegex = "/badword1|badword2|badword3/i"

This will perform a case-insensitive match against the bad words and block anyone from saving edits that contain these words.

DNS Blacklist

MediaWiki also has the ability to consult a DNS blacklist to prevent known forum and wiki spam sites from performing any edits on your wiki. To enable this capability, add the following to LocalSettings.php:

$wgEnableDnsBlacklist = true;
$wgDnsBlacklistUrls = array( '', '' );

You may notice a significant decrease in spam posts.


Here is an important tip -- the $wgServer variable in LocalSettings.php defines the URL of your MediaWiki installation. MediaWiki will encode this within its HTML replies, which means that the Web browser from which you are accessing MediaWiki must be able to reach your server using this address, or pages will not display. This is not a security feature in any way, but a configuration issue. For example, if $wgServer is set to, then the only systems that will be able to access your MediaWiki installation are those for which resolves to your MediaWiki installation. The same is true of non-IP $wgServer entries like If you are setting up a test wiki, you may need a temporary entry in a desktop's /etc/hosts file so that it can interact with the wiki properly before DNS is set up.

If you want to change the wiki logo, edit LocalSettings.php and replace $wgLogo with the location of the image you want to use:

$wgLogo = "image.png"
Note: The above references the file image.png in the directory /home/docs/public_html