Difference between pages "Package:Whenjobs" and "Package:MediaWiki"

From Funtoo
(Difference between pages)
Jump to navigation Jump to search
 
m (Drobbins moved page Package:Mediawiki to Package:MediaWiki without leaving a redirect)
 
Line 1: Line 1:
{{Ebuild
{{Ebuild
|Summary=A cron daemon replacement that is powerful, yet simple.
|Summary=
|CatPkg=sys-process/whenjobs
|CatPkg=www-apps/mediawiki
|Maintainer=Golodhrim,
|Maintainer=
|Repository=Funtoo Overlay
|Repository=Funtoo Overlay
}}
}}
{{fancywarning|This document is a work in progress, as we are still investigating whenjobs for funtoo usage. For information about it see Funtoo tickets about [http://bugs.funtoo.org/browse/FL-316 whenjobs], [http://bugs.funtoo.org/browse/FL-337 initscript], [http://bugs.funtoo.org/browse/FL-338 User Feedback] and [http://bugs.funtoo.org/browse/FL-351 this document].}}
This page documents how to set up MediaWiki on Funtoo Linux, from a bare stage3 install with network connectivity. We will use Nginx, xcache and PHP-FPM, which will result in very good performance. We will also properly secure MediaWiki, and also cover some additional tips and tricks, focusing on spam reduction.
== What are whenjobs? ==


Whenjobs was written by Richard Jones from [http://www.redhat.com RedHat Linux]. Whenjobs is designed to be a cron daemon replacement with some improvements over normal cron-jobs. Further, we have added some improvements to Whenjobs. Whenjobs gives users a more simple syntax for jobs to run and, with Funtoo improvements, an effective user-management option for whenjobs -- that way we fixed the default behaviour of whenjobs to not been able to run as root and let us execute the daemon on a per-user basis by default.
== Portage Settings ==


=== Questions for help and testing ===
Add the following line to <tt>/etc/make.conf</tt>:


We would like to get your feedback to [http://bugs.funtoo.org/browse/FL-338 FL-338]. So, please test and report your experience with whenjobs.


== How to install whenjobs ==
<pre>
 
PHP_TARGETS="php5-4"
The installation of {{Package|sys-process/whenjobs}} is really easy, just merge it:
</pre>
 
<console>
###i## emerge -avt whenjobs
</console>
 
== How to get started ==
 
As mentioned above, we added a user-management feature. Also, whenjobs has a changed syntax compared to normal cronjobs -- we will discuss that now.
 
=== User management ===


The user management for whenjobs is done with a single file located at <tt>/etc/whenjobs.users.conf</tt>. Just add a user to that file by a comma seperated list like:
Add the following lines to <tt>/etc/portage/package.use/php</tt>:


<pre>
<pre>
root,user1,user2,user3
dev-lang/php curl exif fpm gd mysql mysqli sockets suhosin threads intl xmlreader xmlwriter
>=dev-php/xcache-2.0.0 php_targets_php5-4
</pre>
</pre>


where user1-user3 must be system-usernames, as they are checked. Please do not add any other lines to that file, as there is no way for comments in the file. In addition, adding other lines will break whenjobs -- you will not be able to start the daemon later. Currently, there is no initscript, but we are working on one and that initscript will then use that file in the same way.
== Emerge ==
 
=== whenjobs commands ===


There are some basic commands for whenjobs you should be aware of before we get to explain the script syntax for whenjobs:
Emerge xcache, and we'll also emerge metalog and postfix. This should pull in MySQL as well as php-5.4:
 
To edit/list a job script, use:


<console>
<console>
# ##i##whenjobs -e | --edit
# ##i##emerge --jobs xcache metalog postfix
# ##i##whenjobs -l | --list
</console>
</console>


in the above case we added both the short and long version in one line so please use either the '''-e''' or the '''--edit''' version as there is no piping done at that part. We will use the same syntax for further examples if there are multiple ways of calling the function we need.
== Start and Configure Services ==


Another import part is to set or get variables we want to set or set in whenjobs, that can be done with:
Time to configure MySQL with a root password, start it, secure it, and enable it to start at boot. We'll also start metalog and postfix:


<console>
<console>
to get a variable:
# ##i##emerge --config mysql
###i## whenjobs --get variable
# ##i##rc-update add mysql default
to set a variable or multiple varibles:
# ##i##rc-update add metalog default
###i## whenjobs --set variable=value [variable=value ...]
# ##i##rc-update add postfix default
and to display all set variables:
# ##i##rc
###i## whenjobs --variables
# ##i##mysql_secure_installation
</console>
</console>


Another important function in whenjobs is the way to start, stop and request the status of the per-user daemon:
== Database Setup ==
 
Now, let's create a database named <tt>mediawiki</tt> for use by MediaWiki, and a <tt>mediawiki@localhost</tt> user to access this database, using a password of <tt>wikifever</tt>:
 
<console>
<console>
# ##i##whenjobs --daemon-start
# ##i##mysql -u root -p
# ##i##whenjobs --daemon-stop
Enter password:
# ##i##whenjobs --daemon-status
Welcome to the MySQL monitor.  Commands end with ; or \g.
# ##i##whenjobs --daemon-restart
Your MySQL connection id is 7
</console>
Server version: 5.1.62-log Gentoo Linux mysql-5.1.62-r1


Finally we have the ability to inspect running jobs:
Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.
<console>
# ##i##whenjobs --jobs
# ##i##whenjobs --cancel serial
# ##i##whenjobs --start "name"
# ##i##whenjobs --tail serial
</console>


=== How to get started with whenjobs now ===
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.


First edit the above mentioned <tt>whenjobs.users.conf</tt> file if not already done and start a daemon on a per-user basis with
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.


<console>
mysql> ##i##create database mediawiki;
# ##i##whenjobs --daemon-start
Query OK, 1 row affected (0.01 sec)
</console>


Thats all for starting whenjobs and now we have time to write some whenjobs-scripts. We will use here some basic examples nothing for real time usage but it should be able to give you the impression on how to write your own scripts and use the variables in the later process. First we need to edit our whenjobs-script. This can be done by two ways:
mysql> ##i##grant index, create, select, insert, update, delete, alter, lock tables on mediawiki.* to 'mediawiki'@'localhost' identified by 'wikifever';
Query OK, 0 rows affected (0.01 sec)


<console>
mysql> ##i##\q
Version A) (manual way, not recommended)
Bye
# ##i##EDITOR ~/.whenjobs/jobs.ml
#  
Edit the file with the scripts you want to use and save it, but after that you need to upload it so that whenjobs knows about it
# ##i##whenjobs --upload
Version B) (automatically by whenjobs, recommended)
# ##i##whenjobs -e  | --edit
just save your script now and whenjobs will upload it automatically for you.
</console>
</console>


So far we are now fine with getting to the scripts, next let us add some basics. We will now start with a periodic call, like if we would like to check out load everyage every 10 minutes we would do it like this:
== Nginx Setup ==


{{fancywarning|A note aside, the scripts are real shell scripts, so parts beginning with a '''#''' are comments and parts without are the shell script commands that are executed!}}
We will use nginx as our Web server. Let's emerge it:


<source lang="ocaml">
<console>
every 10 minutes :
# ##i##emerge --jobs nginx
<<
</console>
  # Get the current load average.
  load=`awk '{print $1}' /proc/loadavg`
  whenjobs --set --type float load=$load
>>
</source>


The power of whenjobs comes in game when you would like to base on a variable you set somewhere else:
== User and Group ==


<source lang="ocaml">
When we run our wiki, we will run it as the <tt>docs</tt> user, for security. Let's set up a <tt>docs</tt> user and group:
when load >= 6 :
<<
  mail -s "ALERT: high load average: $load" MAILADDRESS < /dev/null
>>
</source>


That part will notify a user via email when his load average is greater or equal to 6, as when statements are "edge-triggered".
<console>
# ##i##groupadd docs
# ##i##useradd -g docs --home /home/docs docs
# ##i##install -d /home/docs
# ##i##chown -R docs:docs /home/docs
</console>


The '''--type''' switch above for setting a variable can be one of '''bool, int, float, string or unit'''
== Set up PHP ==


==== Periodic expressions ====
As our last major configuration step, we will configure the PHP FastCGI Process Manager by creating a <tt>/etc/php/fpm-php5.4/php-fpm.conf</tt> file with the following contents (existing contents can be deleted):


For periodic expressions you have to use the following syntax
<pre>
[global]
error_log = /var/log/php-fpm.log
log_level = notice


<source lang="ocaml">
[docs]
every <period> :
listen = /var/run/docs.php-fpm.socket
<<
listen.allowed_clients = 127.0.0.1
  # shell script
listen.owner = docs
>>
listen.group = nginx
</source>
listen.mode = 0660
user = docs
group = docs
pm = dynamic
pm.max_children = 16
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 2
pm.max_requests = 500
php_admin_value[open_basedir] = /home/docs/public_html:/tmp
php_admin_value[error_log] = /home/docs/php-errors.log
php_admin_value[disable_functions] = exec, system, shell_exec, passthru, popen, dl, curl_multi_exec, posix_getpwuid,
disk_total_space, disk_free_space, escapeshellcmd, escapeshellarg, eval, get_current_user, getmyuid, getmygid,
posix_getgrgid, parse_ini_file, proc_get-status, proc_nice, proc_terminate, suexec, pclose, virtual, set_time_limit, show_source
</pre>


where '''<period>''' is one of the following period expressions:
This configuration file tells PHP to use the <tt>docs</tt> user when running MediaWiki. '''Please note that the last line is very long - I have split it into 3 lines for readability on this wiki, but you should combine them into a single line in your configuration file. The line should start with <tt>php_admin_value[disable_functions]</tt> and end with <tt>show_source</tt>.


{| class="wikitable"
== Configure Nginx ==
! <period>
! Description
!
! Special <period>
! Description
|-
| second
| runs every second
|
| X seconds
| runs every X seconds
|-
| minute
| runs every minute
|
| X minutes
| runs every X minutes
|-
| hour
| runs every hour
|
| X hours
| runs every X hours
|-
| day
| runs every day, at midnight UTC
|
| X days
| runs every X days, at midnight UTC
|-
| week
| runs every week, on a Thursday at midnight UTC
|
| X weeks
| runs every X weeks, on a Thursday at midnight UTC
|-
| month
| runs every month, on the 1st at midnight UTC
|
| X months
| runs every X month, on the 1st at midnight UTC
|-
| year
| runs every year, on the 1/1 at midnight UTC
|
| X years
| runs every X years, on the 1/1 at midnight UTC
|-
| decade
| runs every 10 years
|
| X decades
| runs every X decades
|-
| century
| runs every 100 years
|
| X centuries
| runs every X centuries
|-
| millenium
| runs every 1000 years
|
| X millenia
| runs every X mellenia
|}


==== When expressions ====
Oh! Now we need to configure nginx to serve pages as the docs user. Assuming your site is named wiki.mysite.com, create a <tt>/etc/nginx/sites-available/wiki.mysite.com</tt> file with the following contents:


For dependent jobs you need to use the when-statements with the following syntax:
<pre>
server {
        listen 80;
        server_name wiki.mysite.com;


<source lang="ocaml">
        access_log /var/log/nginx/wiki.mysite.com.access.log main;
when <expr> :
        error_log /var/log/nginx/wiki.mysite.com.error.log error;
<<
       
  # shell script
        root /home/docs/public_html;
>>
        index index.html index.php;
</source>


where '''<expr>''' is a when expression. But don't forget the colon between periods expression or when expression and the shell script.
        # uncomment this if you want to htpasswd-protect your site while you set it up initially
        # auth_basic "Ninjas allowed only";
        # auth_basic_user_file /etc/nginx/docs.funtoo.org.htpasswd;


All in all you can say, that a when-expression is a job which runs, when the described conditions become true.
location ~* ^(.*)(install.php|LocalSettings.php|\.git) { deny all; }


{| class="wikitable"
location ~* \.php$ {
! <expr>
        #set $https "off";
! meaning
        #if ($scheme = https) { set $https "on"; }
!
        #fastcgi_param HTTPS $https;
! <expr>
! meaning
|-
| expr && expr
| boolean "and" of the two sub-expressions
|
| ! expr
| boolean negative of expr
|-
| expr <nowiki>||</nowiki> expr
| boolean "or" of the two sub-expressions
|
| expr + expr
| for numeric sub-expression, this performs addition, for strings it performs string concatenation, else it returns an error.
|-
| expr < expr
| evaluates sub-expressions and compares them with the operator
|
| expr - expr
| evaluates sub-expressions and if both are numeric uses operator on them else returns error
|-
| expr <= expr
| evaluates sub-expressions and compares them with the operator
|
| expr * expr
| evaluates sub-expressions and if both are numeric uses operator on them else returns error
|-
| expr == expr
| evaluates sub-expressions and compares them with the operator
|
| expr / expr
| evaluates sub-expressions and if both are numeric uses operator on them else returns error
|-
| expr >= expr
| evaluates sub-expressions and compares them with the operator
|
| expr mod expr
| evaluates sub-expressions and if both are numeric uses operator on them else returns error (infix operator)
|-
| expr > expr
| evaluates sub-expressions and compares them with the operator
|
| len expr
| returns the length of the string in expr
|-
| variable
| returns the value of named variable
|
| prev variable
| returns previous value of named variable
|-
| changes variable
| same as !(prev variabel == variable)
|
| increases variable
| same as prev variable < variable
|-
| decreases variable
| prev variable > variable
|
| reloaded ()
| do not use it, it does not what you want (manpage warning)
|-
| false
| constant equals always false
|
| true
| constant equals always true
|-
| "any string"
| empty string in boolean = false, else equals true
|
| N
| any integer, boolean 0=false, non-zero=true
|-
| N. | .N | N.N | N.NeN
| and floating point number, boolean 0=false, non-zero=true
|
|
|
|}


==== shell scripts ====
        try_files      $uri    @404;
        fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
        fastcgi_param  SERVER_SOFTWARE    nginx;
        fastcgi_param  QUERY_STRING      $query_string;
        fastcgi_param  REQUEST_METHOD    $request_method;
        fastcgi_param  CONTENT_TYPE      $content_type;
        fastcgi_param  CONTENT_LENGTH    $content_length;
        fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
        fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
        fastcgi_param  REQUEST_URI        $request_uri;
        fastcgi_param  DOCUMENT_URI      $document_uri;
        fastcgi_param  DOCUMENT_ROOT      $document_root;
        fastcgi_param  SERVER_PROTOCOL    $server_protocol;
        fastcgi_param  REMOTE_ADDR        $remote_addr;
        fastcgi_param  REMOTE_PORT        $remote_port;
        fastcgi_param  SERVER_ADDR        $server_addr;
        fastcgi_param  SERVER_PORT        $server_port;
        fastcgi_param  SERVER_NAME        wiki.mysite.com;


The code between '''<< ... >>''' is a simple shell script and is executed using $SHELL. If $SHELL is not set, it is executed with '''/bin/sh'''
        fastcgi_pass    unix:/var/run/docs.php-fpm.socket;
        fastcgi_index  index.php;
}


{| class="wikitable"
# this will secure the MediaWiki uploads against arbitrary PHP injection attacks:
! available variable
location /images/ {
! Description
        location ~.*\.(php)?$ {
|-
                deny all;
| $JOBNAME
        }
| The name of the job. If the job has been named explicitly, then that name is available through this variable, else it will be some implicit name like '''job$1'''.
}
|-
| $JOBSERIAL
| The serial number of the job. This is simply a variable that increments each time a job is run, and is unique to that run of the job.
|-
| $HOME, $LOGNAME etc
| these are available as normal
|}


The shell scripts run with its current directory set to an temporary directory, that is cleaned up automacically after the job exists. So you don't have to worry about cleaning them up later. If you would like to store some values permanently, save the files to a well-known directory, eg. $HOME, '''/var''' etc.


All shell scripts are executed as the ordinary user. They have no special privileges.
location @404 {
        return 404;
        break;
}


==== Job names ====
location / {
        try_files $uri $uri/ @mediawiki;
}


If you like to give a job a unique name use the following syntax:
location @mediawiki {
        rewrite ^/([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
}


<source lang="ocaml">
}
job "JOBNAME"
</pre>
every <period> :
<<
  # shell script
>>
</source>


==== OCAML expressions ====
== Enable Ngnix and PHP-FPM ==


You can also use OCAML expressions in the code. they are useful for factoring common code or strings, for example:
Now, let's enable nginx to serve our site, and also be sure to enable php-fpm:


<source lang="ocaml">
<console>
let prefix = "daily_"
# ##i##cd /etc/nginx/sites-enabled
# ##i##ln -s ../sites-available/wiki.mysite.com wiki.mysite.com
# ##i##rc-update add nginx default
# ##i##rc-update add php-fpm default
# ##i##rc
* Starting PHP FastCGI Process Manager ...                                                            [ ok ]
* Starting nginx ...                                                                                  [ ok ]
#
</console>


job (prefix ^ "virus_scan")
== Download MediaWiki ==
every day :
<<
  # shell script
>>


job (prefix ^ "disk_check")
We're getting close. Now, head to http://www.mediawiki.org/wiki/Download and copy the link address for the latest version of MediaWiki, currently 1.19.1 at the time this was written. Let's download the archive to <tt>/var/tmp</tt>:
every day :
<<
  # shell script
>>
</source>


===== initial value of variables =====
<console>
# ##i##cd /var/tmp
# ##i##wget http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.1.tar.gz
</console>


Variables are empty until they first get set, you can set a default starting value for a variable if you like with the following code
== Extract MediaWiki ==


<source lang="ocaml">
We now have all the Web, database and email infrastructure enabled that we need. Heading to the IP address of your server should result in a 404 - Not Found error in your Web browser. Time to extract and configure MediaWiki itself:
let () =
  Whentools.set_variable "variable" "value";
  Whentools.set_variable_int "counter" 0
</source>


===== Pre functions =====
<console>
# ##i##su docs
$ ##i##cd /var/tmp
$ ##i##tar xvf ./mediawiki-1.19.1.tar.gz
$ ##i##mv mediawiki-1.19.1 ~/public_html
</console>


You can let arrange to run a '''pre''' function before a job runs. This function may decide to not run the job. One possible usage for that is the that you only want to have one job at time from the same job to run:
== MediaWiki from GIT ==


<source lang="ocaml">
Alternatively, we can download the code from the git repository:
job "only one"
pre (Whentools.one ())
every <period> :
<<
  # shell script
>>
</source>


===== Post functions =====
<console>
# ##i##su docs
$ ##i##cd ~
$ ##i##git clone https://gerrit.wikimedia.org/r/p/mediawiki/core.git public_html
</console>


The same is for stuff after a job has run. This is handled by the '''post''' function.
Specific stable versions of MediaWiki are tracked using 'tags'. These are analogous to the tarball releases. We can see the versions available with:
<console>
$ ##i##cd public_html
$ ##i##git tag -l | sort -V
</console>


<source lang="ocaml">
To use a specific tag (1.19.1):
job "talk to me after finished"
<console>
post (Whentools.mailto "you@example.com")
$ ##i##git checkout 1.19.1
every <period> :
</console>
<<
  # shell script
>>
</source>


===== Basic available Whentools functions =====
== Initial Web Config ==


{| class="wikitable"
You will now be able to load the URL of your server in your Web browser and configure MediaWiki through the Web user interface. Complete the '''full''' installation process and be sure to specify that you are using XCache for caching. Once you go through this process, the Web installation process will provide you with a <tt>LocalSettings.php</tt> file, which you should place in <tt>/home/docs/public_html</tt>. The <tt>LocalSettings.php</tt> file can also be manually edited and used to enable MediaWiki features and extensions.
! function
! Description
|-
| style="vertical-align:top;"| whentools.mailto [~only_on_failure:true] [~from:from_address] email_address result
| This built-in post function sends the result of the script by email to the given email address.


If the optional "~only_on_failure:true" flag is set, then it is only sent out if the script failed.
== Tips and Tricks ==


If the optional "~from" flag is set, then the from address is set accordingly.  This is sometimes needed when sending mail.
=== ArticlePath ===


Note the "result" parameter is passed implicitly by the daemon. You do not need to add it.
By default, MediaWiki pages will have a URL of <tt>wiki.myserver.com/index.php?title=PageName</tt>. With a few minor tweaks, you can tell MediaWiki to use <tt>wiki.myserver.com/PageName</tt> instead. Here's how. Open up <tt>LocalSettings.php</tt> and search for the <tt>$wgScriptPath</tt> line. This part of the config will look like this:


Here are some examples of using the mailto function:
<pre>
$wgScriptPath      = "";
$wgScriptExtension  = ".php";
</pre>


<source lang="ocaml">
Change this part of the file to look like this:
job "ex.1"
post (Whentools.mailto "you@example.com")
every 10 seconds :
<<
  # shell script 1
>>


job "ex.2"
<pre>
post (Whentools.mailto ~only_on_failure:true "you@example.com")
$wgScriptPath      = "";
every 10 seconds :
$wgArticlePath      = "/$1";
<<
$wgUsePathInfo      = true;
  # shell script 2
$wgScriptExtension  = ".php";
>>
</pre>


let from = "me@example.com"
The old-style URLs will still work, but the shorter more intuitive URLs will now be used for all wiki links.
let to_addr = "you@example.com"


job "ex.3"
=== $wgSpamRegex ===
post (Whentools.mailto ~from to_addr)
every 10 seconds :
<<
  # shell script 3
>>
</source>
|-
| style="vertical-align:top;"| Whentools.max n
| This built-in pre function ensures that a maximum of n instances of the job are running.


It checks the list of running jobs, and if n or more instances are already running, then it returns "false", which ensures that the new job is not started.
You may find that your wiki is the target of spammers. The easiest way to combat spam is to set <tt>$wgSpamRegex</tt> in <tt>LocalSettings.php</tt>, like so:
|-
| style="vertical-align:top;"| Whentools.one ()
| This built-in pre function ensures that only one instance of the job is running. It is the same as calling: Whentools.max 1


|-
<pre>
| style="vertical-align:top;"| Whentools.set_variable name string
$wgSpamRegex = "/badword1|badword2|badword3/i"
| Set variable name to the string
</pre>
|-
| Whentools.set_variable_bool name b
| Set variable name to the boolean value b
|-
| style="vertical-align:top;"| Whentools.set_variable_int name i
| Set variable name to the integer value i
|-
| style="vertical-align:top;"| Whentools.set_variable_string name s
| Set variable name to the string value <s>.  This is the same as Whentools.set_variable
|-
| style="vertical-align:top;"| Whentools.set_variable_float name f
| Set variable name to the floating point value f
|}


For the preinfo passed to the pre functions and results for the post functions have a view in the manpage.
This will perform a case-insensitive match against the bad words and block anyone from saving edits that contain these words.


== Examples ==
=== DNS Blacklist ===


Finally here are some examples to which questions came up, hope you find them helpful for your first own tries... :)
MediaWiki also has the ability to consult a DNS blacklist to prevent known forum and wiki spam sites from performing any edits on your wiki. To enable this capability, add the following to <tt>LocalSettings.php</tt>:


<source lang="ocaml">
<pre>
every 1 minute :
$wgEnableDnsBlacklist = true;
<<
$wgDnsBlacklistUrls = array( 'xbl.spamhaus.org', 'opm.tornevall.org' );
  testtime=`date +%H%M`
</pre>
  whenjobs --set --type int test=${testtime}
  whenjobs --set --type int runtime=0016
>>


when test == 0017 :
You may notice a significant decrease in spam posts.
<<
  echo `date` >\> ~/test.log
>>


when test == runtime
=== $wgServer ===
<<
  whenjobs --get runtime >\> ~/test.log
>>
</source>


The above whenjobs have the need to run each day at a specific time, so we show you here two ways of doing it.
Here is an important tip -- the <tt>$wgServer</tt> variable in <tt>LocalSettings.php</tt> defines the URL of your MediaWiki installation. MediaWiki will encode this within its HTML replies, which means that the Web browser from which you are accessing MediaWiki must be able to reach your server using this address, or pages will not display. This is not a security feature in any way, but a configuration issue. For example, if <tt>$wgServer</tt> is set to <tt>10.0.1.128</tt>, then the only systems that will be able to access your MediaWiki installation are those for which <tt>10.0.1.128</tt> resolves to your MediaWiki installation.  The same is true of non-IP <tt>$wgServer</tt> entries like <tt>wiki.mysite.com</tt>. If you are setting up a test wiki, you may need a temporary entry in a desktop's <tt>/etc/hosts</tt> file so that it can interact with the wiki properly before DNS is set up.


First we define a variable test for whenjobs based on the date with the HHMM output what would for example result in 0017 for 12:17am and 1428 for 2:28pm. then in the first when expression we test if our variable equals 0017 and if yes it runs, the second version is to define a second variable called runtime and then do like the second test does a test for it based on comparing both variables.
=== $wgLogo ===
 
But now enough with that long doc, happy whenjobing for all of you... :)


If you want to change the wiki logo, edit <tt>LocalSettings.php</tt> and replace $wgLogo with the location of the image you want to use:


<pre>
$wgLogo = "image.png"
</pre>
{{fancynote| The above references the file <tt>image.png</tt> in the directory <tt>/home/docs/public_html</tt>}}
[[Category:Featured]]
[[Category:HOWTO]]
[[Category:HOWTO]]
[[Category:Labs]]
[[Category:Official Documentation]]
[[Category:Featured]]
[[Category:Ebuilds]]
[[Category:Ebuilds]]
{{EbuildFooter}}
{{EbuildFooter}}

Revision as of 18:57, June 24, 2014

MediaWiki

   Tip

We welcome improvements to this page. To edit this page, Create a Funtoo account. Then log in and then click here to edit this page. See our editing guidelines to becoming a wiki-editing pro.

This page documents how to set up MediaWiki on Funtoo Linux, from a bare stage3 install with network connectivity. We will use Nginx, xcache and PHP-FPM, which will result in very good performance. We will also properly secure MediaWiki, and also cover some additional tips and tricks, focusing on spam reduction.

Portage Settings

Add the following line to /etc/make.conf: 


PHP_TARGETS="php5-4"

Add the following lines to /etc/portage/package.use/php: 

dev-lang/php curl exif fpm gd mysql mysqli sockets suhosin threads intl xmlreader xmlwriter
>=dev-php/xcache-2.0.0 php_targets_php5-4

Emerge

Emerge xcache, and we'll also emerge metalog and postfix. This should pull in MySQL as well as php-5.4: 

root # emerge --jobs xcache metalog postfix

Start and Configure Services

Time to configure MySQL with a root password, start it, secure it, and enable it to start at boot. We'll also start metalog and postfix: 

root # emerge --config mysql
root # rc-update add mysql default
root # rc-update add metalog default
root # rc-update add postfix default
root # rc
root # mysql_secure_installation

Database Setup

Now, let's create a database named mediawiki for use by MediaWiki, and a mediawiki@localhost user to access this database, using a password of wikifever: 

root # mysql -u root -p
Enter password: 
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 7
Server version: 5.1.62-log Gentoo Linux mysql-5.1.62-r1

Copyright (c) 2000, 2011, Oracle and/or its affiliates. All rights reserved.

Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

mysql> create database mediawiki;
Query OK, 1 row affected (0.01 sec)

mysql> grant index, create, select, insert, update, delete, alter, lock tables on mediawiki.* to 'mediawiki'@'localhost' identified by 'wikifever';
Query OK, 0 rows affected (0.01 sec)

mysql> \q
Bye
root #

Nginx Setup

We will use nginx as our Web server. Let's emerge it: 

root # emerge --jobs nginx

User and Group

When we run our wiki, we will run it as the docs user, for security. Let's set up a docs user and group: 

root # groupadd docs
root # useradd -g docs --home /home/docs docs
root # install -d /home/docs
root # chown -R docs:docs /home/docs

Set up PHP

As our last major configuration step, we will configure the PHP FastCGI Process Manager by creating a /etc/php/fpm-php5.4/php-fpm.conf file with the following contents (existing contents can be deleted): 

[global]
error_log = /var/log/php-fpm.log
log_level = notice

[docs]
listen = /var/run/docs.php-fpm.socket
listen.allowed_clients = 127.0.0.1
listen.owner = docs
listen.group = nginx
listen.mode = 0660
user = docs
group = docs
pm = dynamic
pm.max_children = 16
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 2
pm.max_requests = 500
php_admin_value[open_basedir] = /home/docs/public_html:/tmp
php_admin_value[error_log] = /home/docs/php-errors.log
php_admin_value[disable_functions] = exec, system, shell_exec, passthru, popen, dl, curl_multi_exec, posix_getpwuid, 
 disk_total_space, disk_free_space, escapeshellcmd, escapeshellarg, eval, get_current_user, getmyuid, getmygid, 
 posix_getgrgid, parse_ini_file, proc_get-status, proc_nice, proc_terminate, suexec, pclose, virtual, set_time_limit, show_source

This configuration file tells PHP to use the docs user when running MediaWiki. Please note that the last line is very long - I have split it into 3 lines for readability on this wiki, but you should combine them into a single line in your configuration file. The line should start with php_admin_value[disable_functions] and end with show_source.

Configure Nginx

Oh! Now we need to configure nginx to serve pages as the docs user. Assuming your site is named wiki.mysite.com, create a /etc/nginx/sites-available/wiki.mysite.com file with the following contents: 

server {
        listen 80;
        server_name wiki.mysite.com;

        access_log /var/log/nginx/wiki.mysite.com.access.log main;
        error_log /var/log/nginx/wiki.mysite.com.error.log error;
        
        root /home/docs/public_html;
        index index.html index.php;

        # uncomment this if you want to htpasswd-protect your site while you set it up initially
        # auth_basic "Ninjas allowed only";
        # auth_basic_user_file /etc/nginx/docs.funtoo.org.htpasswd;

location ~* ^(.*)(install.php|LocalSettings.php|\.git) { deny all; }

location ~* \.php$ {
        #set $https "off"; 
        #if ($scheme = https) { set $https "on"; }
        #fastcgi_param HTTPS $https;

        try_files       $uri    @404;
        fastcgi_param   GATEWAY_INTERFACE  CGI/1.1;
        fastcgi_param   SERVER_SOFTWARE    nginx;
        fastcgi_param   QUERY_STRING       $query_string;
        fastcgi_param   REQUEST_METHOD     $request_method;
        fastcgi_param   CONTENT_TYPE       $content_type;
        fastcgi_param   CONTENT_LENGTH     $content_length;
        fastcgi_param   SCRIPT_FILENAME    $document_root$fastcgi_script_name;
        fastcgi_param   SCRIPT_NAME        $fastcgi_script_name;
        fastcgi_param   REQUEST_URI        $request_uri;
        fastcgi_param   DOCUMENT_URI       $document_uri;
        fastcgi_param   DOCUMENT_ROOT      $document_root;
        fastcgi_param   SERVER_PROTOCOL    $server_protocol;
        fastcgi_param   REMOTE_ADDR        $remote_addr;
        fastcgi_param   REMOTE_PORT        $remote_port;
        fastcgi_param   SERVER_ADDR        $server_addr;
        fastcgi_param   SERVER_PORT        $server_port;
        fastcgi_param   SERVER_NAME        wiki.mysite.com;

        fastcgi_pass    unix:/var/run/docs.php-fpm.socket;
        fastcgi_index   index.php;
}

# this will secure the MediaWiki uploads against arbitrary PHP injection attacks:
location /images/ {
        location ~.*\.(php)?$ {
                deny all;
        }
}


location @404 {
        return 404;
        break;
}

location / {
        try_files $uri $uri/ @mediawiki;
}

location @mediawiki {
        rewrite ^/([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
}

}

Enable Ngnix and PHP-FPM

Now, let's enable nginx to serve our site, and also be sure to enable php-fpm: 

root # cd /etc/nginx/sites-enabled
root # ln -s ../sites-available/wiki.mysite.com wiki.mysite.com
root # rc-update add nginx default
root # rc-update add php-fpm default
root # rc
 * Starting PHP FastCGI Process Manager ...                                                            [ ok ]
 * Starting nginx ...                                                                                  [ ok ]
root #

Download MediaWiki

We're getting close. Now, head to http://www.mediawiki.org/wiki/Download and copy the link address for the latest version of MediaWiki, currently 1.19.1 at the time this was written. Let's download the archive to /var/tmp: 

root # cd /var/tmp
root # wget http://download.wikimedia.org/mediawiki/1.19/mediawiki-1.19.1.tar.gz

Extract MediaWiki

We now have all the Web, database and email infrastructure enabled that we need. Heading to the IP address of your server should result in a 404 - Not Found error in your Web browser. Time to extract and configure MediaWiki itself: 

root # su docs
user $ cd /var/tmp
user $ tar xvf ./mediawiki-1.19.1.tar.gz
user $ mv mediawiki-1.19.1 ~/public_html

MediaWiki from GIT

Alternatively, we can download the code from the git repository: 

root # su docs
user $ cd ~
user $ git clone https://gerrit.wikimedia.org/r/p/mediawiki/core.git public_html

Specific stable versions of MediaWiki are tracked using 'tags'. These are analogous to the tarball releases. We can see the versions available with: 

user $ cd public_html
user $ git tag -l | sort -V

To use a specific tag (1.19.1): 

user $ git checkout 1.19.1

Initial Web Config

You will now be able to load the URL of your server in your Web browser and configure MediaWiki through the Web user interface. Complete the full installation process and be sure to specify that you are using XCache for caching. Once you go through this process, the Web installation process will provide you with a LocalSettings.php file, which you should place in /home/docs/public_html. The LocalSettings.php file can also be manually edited and used to enable MediaWiki features and extensions.

Tips and Tricks

ArticlePath

By default, MediaWiki pages will have a URL of wiki.myserver.com/index.php?title=PageName. With a few minor tweaks, you can tell MediaWiki to use wiki.myserver.com/PageName instead. Here's how. Open up LocalSettings.php and search for the $wgScriptPath line. This part of the config will look like this: 

$wgScriptPath       = "";
$wgScriptExtension  = ".php";

Change this part of the file to look like this: 

$wgScriptPath       = "";
$wgArticlePath      = "/$1";
$wgUsePathInfo      = true;
$wgScriptExtension  = ".php";

The old-style URLs will still work, but the shorter more intuitive URLs will now be used for all wiki links.

$wgSpamRegex

You may find that your wiki is the target of spammers. The easiest way to combat spam is to set $wgSpamRegex in LocalSettings.php, like so: 

$wgSpamRegex = "/badword1|badword2|badword3/i"

This will perform a case-insensitive match against the bad words and block anyone from saving edits that contain these words.

DNS Blacklist

MediaWiki also has the ability to consult a DNS blacklist to prevent known forum and wiki spam sites from performing any edits on your wiki. To enable this capability, add the following to LocalSettings.php: 

$wgEnableDnsBlacklist = true;
$wgDnsBlacklistUrls = array( 'xbl.spamhaus.org', 'opm.tornevall.org' );

You may notice a significant decrease in spam posts.

$wgServer

Here is an important tip -- the $wgServer variable in LocalSettings.php defines the URL of your MediaWiki installation. MediaWiki will encode this within its HTML replies, which means that the Web browser from which you are accessing MediaWiki must be able to reach your server using this address, or pages will not display. This is not a security feature in any way, but a configuration issue. For example, if $wgServer is set to 10.0.1.128, then the only systems that will be able to access your MediaWiki installation are those for which 10.0.1.128 resolves to your MediaWiki installation. The same is true of non-IP $wgServer entries like wiki.mysite.com. If you are setting up a test wiki, you may need a temporary entry in a desktop's /etc/hosts file so that it can interact with the wiki properly before DNS is set up.

If you want to change the wiki logo, edit LocalSettings.php and replace $wgLogo with the location of the image you want to use: 

$wgLogo = "image.png"
   Note
The above references the file image.png in the directory /home/docs/public_html


Retrieved from "https://www.funtoo.org/index.php?title=Package:Whenjobs&oldid=4435"