Mediawiki on CentOS 7

FirewallD

firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https
firewall-cmd --reload

#yum install policycoreutils-python
yum install epel-release

Nginx

yum install nginx

systemctl enable nginx
systemctl start nginx

vi /etc/nginx/conf.d/wiki.domain.com.conf

server {
    listen 80;
    server_name wiki.domain.com www.wiki.domain.com;

    # For Lets Encrypt, this needs to be served via HTTP
    location /.well-known/acme-challenge/ {
        root /usr/share/nginx/html; # Specify here where the challenge file is placed
    }

    # enforce https
    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl http2;
    server_name wiki.domain.com www.wiki.domain.com;

    ssl_certificate /etc/ssl/nginx/wiki.domain.com.crt;
    ssl_certificate_key /etc/ssl/nginx/wiki.domain.com.key;

    # Example SSL/TLS configuration. Please read into the manual of
    # nginx before applying these.
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers "-ALL:EECDH+AES256:EDH+AES256:AES256-SHA:EECDH+AES:EDH+AES:!ADH:!NULL:!aNULL:!eNULL:!EXPORT:!LOW:!MD5:!3DES:!PSK:!SRP:!DSS:!AESGCM:!RC4";
    ssl_dhparam /etc/ssl/nginx/dh4096.pem;
    ssl_prefer_server_ciphers on;
    keepalive_timeout    70;
    ssl_stapling on;
    ssl_stapling_verify on;

    root /usr/share/nginx/html/;

    #client_max_body_size 5m;
    client_max_body_size 100m;
    client_body_timeout 60;

    location / {
        try_files $uri $uri/ @rewrite;
    }

    location @rewrite {
        rewrite ^/(.*)$ /index.php?title=$1&$args;
    }

    location ^~ /maintenance/ {
        return 403;
    }

    location ~ \.php$ {
        include fastcgi_params;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_param HTTPS on;
        fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice

    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
        try_files $uri /index.php;
        expires max;
        log_not_found off;
    }

    location = /_.gif {
        expires max;
        empty_gif;
    }

    location ^~ /cache/ {
        deny all;
    }

    location /dumps {
        root /usr/share/nginx/html/local;
        autoindex on;
    }
}

systemctl restart nginx

PHP

yum install https://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum install php-fpm php-cli php-gd php-xml php-intl texlive php-xcache php-pgsql php-mbstring php-json php-openssl pcre

php --version

vi /etc/php.ini
cgi.fix_pathinfo=0

vi /etc/php-fpm.d/www.conf
listen = /var/run/php-fpm/php-fpm.sock
listen.owner = nginx
listen.group = nginx
listen.mode = 0660
user = nginx
group = nginx
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/bin:/usr/bin:/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

systemctl enable php-fpm
systemctl start php-fpm

vi /usr/share/nginx/html/info.php
<?php phpinfo(); ?>

HTTPS

mkdir /etc/ssl/nginx/
restorecon -Rv /etc/ssl/nginx/

openssl req -new -x509 -days 365 -nodes -out /etc/ssl/nginx/wiki.domain.com.crt -keyout /etc/ssl/nginx/wiki.domain.com.key -subj "/CN=wiki.domain.com"
openssl dhparam -out /etc/ssl/nginx/dh4096.pem 4096

PostgreSQL

yum install postgresql postgresql-server postgresql-contrib
postgresql-setup initdb
systemctl enable postgresql
systemctl start postgresql

vi /var/lib/pgsql/data/postgresql.conf
listen_addresses = 'localhost'
port = 5432

cat <<EOT > /var/lib/pgsql/data/pg_hba.conf
local all postgres trust
local all all md5
host all all 127.0.0.1/32 md5
host all all ::1/128 md5
EOT

passwd postgres

su - postgres
psql -d template1 -c "ALTER USER postgres WITH PASSWORD 'newpassword';"

createuser -S -D -R -P -E wikiuser #(then enter the password)
createdb -O wikiuser wikidb
exit

systemctl restart postgresql

semanage boolean -m --on httpd_can_network_connect_db

MediaWiki

wget https://releases.wikimedia.org/mediawiki/1.29/mediawiki-1.29.1.tar.gz
tar zxvf mediawiki-1.29.1.tar.gz
mv mediawiki-1.29.1/* /usr/share/nginx/html/
chown -R nginx:nginx /usr/share/nginx/html/*
chmod -R 0755 /usr/share/nginx/html/*
chmod 600 /usr/share/nginx/html/LocalSettings.php

semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/nginx/html'
restorecon -Rv '/usr/share/nginx/html'

systemctl restart php-fpm nginx; systemctl status php-fpm nginx

https://wiki.domain.com:20002/mw-config/index.php?page=Name
Name of wiki: wiki
Project namespace: Project
User rights profile: Private wiki
Settings for object caching: PHP object caching (APC, APCu, XCache or WinCache)

PostrgeSQL DB backup

pg_dump wikidb > wikidbdump2017_09_27.sql
pg_dumpall --globals > postgres_globals2017_09_27.sql

Issues

MediaWiki 1.29 internal error MediaWiki 1.29 requires at least PHP version 5.5.9, you are using PHP 5.4.16. Supported PHP versions Please consider upgrading your copy of PHP. PHP versions less than 5.5.0 are no longer supported by the PHP Group and will not receive security or bugfix updates. If for some reason you are unable to upgrade your PHP version, you will need to download an older version of MediaWiki from our website. See our compatibility page for details of which versions are compatible with prior versions of PHP. https://www.mediawiki.org/wiki/Compatibility#PHP

Links:
https://www.digitalocean.com/community/tutorials/how-to-install-mediawiki-on-centos-7
https://www.nginx.com/resources/wiki/start/topics/recipes/mediawiki/
https://www.rosehosting.com/blog/install-mediawiki-on-a-centos-7-vps/
https://www.mediawiki.org/wiki/Special:MyLanguage/Manual:Installing_MediaWiki