{"id":839,"date":"2017-09-27T21:54:17","date_gmt":"2017-09-27T14:54:17","guid":{"rendered":"https:\/\/trichev.com\/blog\/?p=839"},"modified":"2017-09-28T02:23:16","modified_gmt":"2017-09-27T19:23:16","slug":"mediawiki-on-centos-7","status":"publish","type":"post","link":"https:\/\/trichev.com\/blog\/2017\/09\/27\/mediawiki-on-centos-7\/","title":{"rendered":"Mediawiki on CentOS 7"},"content":{"rendered":"<p><strong>FirewallD<\/strong><\/p>\n<p><code>firewall-cmd --permanent --add-service=http<br \/>\nfirewall-cmd --permanent --add-service=https<br \/>\nfirewall-cmd --reload<\/code><\/p>\n<p><code>#yum install policycoreutils-python<br \/>\nyum install epel-release<\/code><\/p>\n<p><strong>Nginx<\/strong><\/p>\n<p><code>yum install nginx<\/code><\/p>\n<p><code>systemctl enable nginx<br \/>\nsystemctl start nginx<\/code><\/p>\n<pre><code>vi \/etc\/nginx\/conf.d\/wiki.domain.com.conf\r\n\r\nserver {\r\n    listen 80;\r\n    server_name wiki.domain.com www.wiki.domain.com;\r\n\r\n    # For Lets Encrypt, this needs to be served via HTTP\r\n    location \/.well-known\/acme-challenge\/ {\r\n        root \/usr\/share\/nginx\/html; # Specify here where the challenge file is placed\r\n    }\r\n\r\n    # enforce https\r\n    location \/ {\r\n        return 301 https:\/\/$server_name$request_uri;\r\n    }\r\n}\r\n\r\nserver {\r\n    listen 443 ssl http2;\r\n    server_name wiki.domain.com www.wiki.domain.com;\r\n\r\n    ssl_certificate \/etc\/ssl\/nginx\/wiki.domain.com.crt;\r\n    ssl_certificate_key \/etc\/ssl\/nginx\/wiki.domain.com.key;\r\n\r\n    # Example SSL\/TLS configuration. Please read into the manual of\r\n    # nginx before applying these.\r\n    ssl_session_timeout 5m;\r\n    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\r\n    ssl_ciphers \"-ALL:EECDH+AES256:EDH+AES256:AES256-SHA:EECDH+AES:EDH+AES:!ADH:!NULL:!aNULL:!eNULL:!EXPORT:!LOW:!MD5:!3DES:!PSK:!SRP:!DSS:!AESGCM:!RC4\";\r\n    ssl_dhparam \/etc\/ssl\/nginx\/dh4096.pem;\r\n    ssl_prefer_server_ciphers on;\r\n    keepalive_timeout    70;\r\n    ssl_stapling on;\r\n    ssl_stapling_verify on;\r\n\r\n    root \/usr\/share\/nginx\/html\/;\r\n\r\n    #client_max_body_size 5m;\r\n    client_max_body_size 100m;\r\n    client_body_timeout 60;\r\n\r\n    location \/ {\r\n        try_files $uri $uri\/ @rewrite;\r\n    }\r\n\r\n    location @rewrite {\r\n        rewrite ^\/(.*)$ \/index.php?title=$1&amp;$args;\r\n    }\r\n\r\n    location ^~ \/maintenance\/ {\r\n        return 403;\r\n    }\r\n\r\n    location ~ \\.php$ {\r\n        include fastcgi_params;\r\n        fastcgi_pass unix:\/var\/run\/php-fpm\/php-fpm.sock;\r\n        fastcgi_param HTTPS on;\r\n        fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice\r\n\r\n    }\r\n\r\n    location ~* \\.(js|css|png|jpg|jpeg|gif|ico)$ {\r\n        try_files $uri \/index.php;\r\n        expires max;\r\n        log_not_found off;\r\n    }\r\n\r\n    location = \/_.gif {\r\n        expires max;\r\n        empty_gif;\r\n    }\r\n\r\n    location ^~ \/cache\/ {\r\n        deny all;\r\n    }\r\n\r\n    location \/dumps {\r\n        root \/usr\/share\/nginx\/html\/local;\r\n        autoindex on;\r\n    }\r\n}<\/code><\/pre>\n<p><code>systemctl restart nginx<\/code><\/p>\n<p><strong>PHP<\/strong><\/p>\n<p><code>yum install https:\/\/rpms.remirepo.net\/enterprise\/remi-release-7.rpm<br \/>\nyum install php-fpm php-cli php-gd php-xml php-intl texlive php-xcache php-pgsql php-mbstring php-json php-openssl pcre<\/code><\/p>\n<p><code>php --version<\/code><\/p>\n<p><code>vi \/etc\/php.ini<br \/>\ncgi.fix_pathinfo=0<\/code><\/p>\n<pre><code>vi \/etc\/php-fpm.d\/www.conf\r\nlisten = \/var\/run\/php-fpm\/php-fpm.sock\r\nlisten.owner = nginx\r\nlisten.group = nginx\r\nlisten.mode = 0660\r\nuser = nginx\r\ngroup = nginx\r\nenv[HOSTNAME] = $HOSTNAME\r\nenv[PATH] = \/usr\/local\/bin:\/usr\/bin:\/bin\r\nenv[TMP] = \/tmp\r\nenv[TMPDIR] = \/tmp\r\nenv[TEMP] = \/tmp<\/code><\/pre>\n<p><code>systemctl enable php-fpm<br \/>\nsystemctl start php-fpm<\/code><\/p>\n<pre><code>vi \/usr\/share\/nginx\/html\/info.php\r\n&lt;?php phpinfo(); ?&gt;<\/code><\/pre>\n<p><strong>HTTPS<\/strong><\/p>\n<p><code>mkdir \/etc\/ssl\/nginx\/<br \/>\nrestorecon -Rv \/etc\/ssl\/nginx\/<\/code><\/p>\n<p><code>openssl req -new -x509 -days 365 -nodes -out \/etc\/ssl\/nginx\/wiki.domain.com.crt -keyout \/etc\/ssl\/nginx\/wiki.domain.com.key -subj \"\/CN=wiki.domain.com\"<br \/>\nopenssl dhparam -out \/etc\/ssl\/nginx\/dh4096.pem 4096<\/code><\/p>\n<p><strong>PostgreSQL<\/strong><\/p>\n<p><code>yum install postgresql postgresql-server postgresql-contrib<\/code><br \/>\n<code>postgresql-setup initdb<br \/>\nsystemctl enable postgresql<br \/>\nsystemctl start postgresql<\/code><\/p>\n<pre><code>vi \/var\/lib\/pgsql\/data\/postgresql.conf\r\nlisten_addresses = 'localhost'\r\nport = 5432\r\n\r\ncat &lt;&lt;EOT &gt; \/var\/lib\/pgsql\/data\/pg_hba.conf\r\nlocal all postgres trust\r\nlocal all all md5\r\nhost all all 127.0.0.1\/32 md5\r\nhost all all ::1\/128 md5\r\nEOT\r\n\r\npasswd postgres\r\n\r\nsu - postgres\r\npsql -d template1 -c \"ALTER USER postgres WITH PASSWORD 'newpassword';\"\r\n\r\ncreateuser -S -D -R -P -E wikiuser #(then enter the password)\r\ncreatedb -O wikiuser wikidb\r\nexit\r\n\r\nsystemctl restart postgresql\r\n\r\nsemanage boolean -m --on httpd_can_network_connect_db<\/code><\/pre>\n<p><strong>MediaWiki<\/strong><\/p>\n<p><code>wget https:\/\/releases.wikimedia.org\/mediawiki\/1.29\/mediawiki-1.29.1.tar.gz<br \/>\ntar zxvf mediawiki-1.29.1.tar.gz<br \/>\nmv mediawiki-1.29.1\/* \/usr\/share\/nginx\/html\/<br \/>\nchown -R nginx:nginx \/usr\/share\/nginx\/html\/*<br \/>\nchmod -R 0755 \/usr\/share\/nginx\/html\/*<br \/>\nchmod 600 \/usr\/share\/nginx\/html\/LocalSettings.php<\/code><\/p>\n<pre><code>semanage fcontext -a -t httpd_sys_rw_content_t '\/usr\/share\/nginx\/html'\r\nrestorecon -Rv '\/usr\/share\/nginx\/html'\r\n\r\nsystemctl restart php-fpm nginx; systemctl status php-fpm nginx\r\n<\/code><\/pre>\n<p>\nhttps:\/\/wiki.domain.com:20002\/mw-config\/index.php?page=Name<br \/>\nName of wiki: wiki<br \/>\nProject namespace: Project<br \/>\nUser rights profile: Private wiki<br \/>\nSettings for object caching: PHP object caching (APC, APCu, XCache or WinCache)<\/p>\n<p><strong>PostrgeSQL DB backup<\/strong><\/p>\n<p><code>pg_dump wikidb &gt; wikidbdump2017_09_27.sql<br \/>\npg_dumpall --globals &gt; postgres_globals2017_09_27.sql<\/code><\/p>\n<p><strong>Issues<\/strong><\/p>\n<p>MediaWiki 1.29 internal error MediaWiki 1.29 requires at least PHP version 5.5.9, you are using PHP 5.4.16. Supported PHP versions Please consider upgrading your copy of PHP. PHP versions less than 5.5.0 are no longer supported by the PHP Group and will not receive security or bugfix updates. If for some reason you are unable to upgrade your PHP version, you will need to download an older version of MediaWiki from our website. See our compatibility page for details of which versions are compatible with prior versions of PHP. <a href=\"https:\/\/www.mediawiki.org\/wiki\/Compatibility#PHP\">https:\/\/www.mediawiki.org\/wiki\/Compatibility#PHP<\/a><\/p>\n<p>Links:<br \/>\n<a href=\"https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-install-mediawiki-on-centos-7\">https:\/\/www.digitalocean.com\/community\/tutorials\/how-to-install-mediawiki-on-centos-7<\/a><br \/>\n<a href=\"https:\/\/www.nginx.com\/resources\/wiki\/start\/topics\/recipes\/mediawiki\/\">https:\/\/www.nginx.com\/resources\/wiki\/start\/topics\/recipes\/mediawiki\/<\/a><br \/>\n<a href=\"https:\/\/www.rosehosting.com\/blog\/install-mediawiki-on-a-centos-7-vps\/\">https:\/\/www.rosehosting.com\/blog\/install-mediawiki-on-a-centos-7-vps\/<\/a><br \/>\n<a href=\"https:\/\/www.mediawiki.org\/wiki\/Special:MyLanguage\/Manual:Installing_MediaWiki\">https:\/\/www.mediawiki.org\/wiki\/Special:MyLanguage\/Manual:Installing_MediaWiki<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FirewallD firewall-cmd &#8211;permanent &#8211;add-service=http firewall-cmd &#8211;permanent &#8211;add-service=https firewall-cmd &#8211;reload #yum install policycoreutils-python yum install epel-release Nginx yum install nginx systemctl enable nginx systemctl start nginx vi \/etc\/nginx\/conf.d\/wiki.domain.com.conf server { listen 80; server_name wiki.domain.com www.wiki.domain.com; # For Lets Encrypt, this needs to be served via HTTP location \/.well-known\/acme-challenge\/ { root \/usr\/share\/nginx\/html; # Specify here where the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[231],"tags":[212,216,32,259,251,250,260,14,11],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts\/839"}],"collection":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/comments?post=839"}],"version-history":[{"count":7,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts\/839\/revisions"}],"predecessor-version":[{"id":846,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/posts\/839\/revisions\/846"}],"wp:attachment":[{"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/media?parent=839"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/categories?post=839"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trichev.com\/blog\/wp-json\/wp\/v2\/tags?post=839"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}