「Install MediaWiki 1.35 on FreeBSD 12.2」修訂間的差異
跳至導覽
跳至搜尋
| (未顯示同一使用者於中間所作的 38 次修訂) | |||
| 行 1: | 行 1: | ||
| + | * 時間: 2020-12-30 |
||
| − | [[Category:FreeBSD]] |
||
| − | + | * 安裝 MediaWiki 1.35 在 FreeBSD 12.2 |
|
| + | ** FreeBSD 12.2 |
||
| − | |||
| + | ** Nginx 1.18.0 |
||
| − | = 安裝 MediaWiki 在 FreeBSD = |
||
| + | ** PHP 7.4.13 |
||
| − | |||
| + | ** MediaWiki 1.35.0 |
||
| − | 安裝時間: 2020-12-30 |
||
| + | ** SQLite 3.33.0 |
||
| − | |||
| − | == 安裝說明 == |
||
| − | |||
| − | 本站安裝的環境 |
||
| − | |||
| − | * FreeBSD 12.2 |
||
| − | * Nginx 1.18.0 |
||
| − | * PHP 7.4.13 |
||
| − | * MediaWiki 1.35.0 |
||
| − | * SQLite 3.33.0 |
||
| − | |||
| − | == 先決條件 == |
||
| − | |||
| − | * 網址 - 本站使用 <code>chevyne.at.tw</code> |
||
| − | * 網址的 [[TLS Certificates Primer|TLS憑證]] (申請中, 所以目前沒有HTTPS) |
||
| − | * 已完成 [[FreeBSD Post Install Steps|FreeBSD 安裝後步驟]] |
||
| − | |||
== 安裝套件 == |
== 安裝套件 == |
||
| − | |||
pkg install -y nginx mediawiki135-php74 git php74-pdo_sqlite php74-pecl-APCu php74-pecl-imagick php74-gd php74-openssl |
pkg install -y nginx mediawiki135-php74 git php74-pdo_sqlite php74-pecl-APCu php74-pecl-imagick php74-gd php74-openssl |
||
sysrc nginx_enable="YES" |
sysrc nginx_enable="YES" |
||
sysrc php_fpm_enable="YES" |
sysrc php_fpm_enable="YES" |
||
| − | |||
=== 配置 PHP === |
=== 配置 PHP === |
||
| − | |||
配置PHP,以使用unix domain socket而不是TCP/IP。 |
配置PHP,以使用unix domain socket而不是TCP/IP。 |
||
| − | 編輯 <code>/usr/local/etc/php-fpm.conf</code> 並更改listen指令: |
||
| + | 編輯 <code>/usr/local/etc/php-fpm.d/www.conf</code>,並更改listen指令: |
||
listen = /var/run/php-fpm.sock |
listen = /var/run/php-fpm.sock |
||
listen.owner = www |
listen.owner = www |
||
listen.group = www |
listen.group = www |
||
listen.mode = 0660 |
listen.mode = 0660 |
||
| − | |||
啟動 PHP |
啟動 PHP |
||
| − | |||
service php-fpm start |
service php-fpm start |
||
| + | === 網址與憑證 === |
||
| + | 網址 - <code>chevyne.at.tw</code> |
||
| + | TLS憑證 - [https://letsencrypt.org Let's Encrypt] 推薦使用的 ACME 客戶端 [[ACME Client Certbot Install Let's Encrypt CA in FreeDSB Nginx|Certbot]] |
||
| + | |||
| + | DH param |
||
| + | openssl dhparam 4096 -out /usr/local/etc/nginx/cert/dhparam.pem |
||
=== 測試 nginx & TLS === |
=== 測試 nginx & TLS === |
||
| + | 編輯 <code>/usr/local/etc/nginx/nginx.conf</code>,使用以下測試配置: |
||
| − | |||
| + | worker_processes auto; |
||
| − | 使用以下測試nginx配置: |
||
| − | |||
| − | worker_processes 1; |
||
events { |
events { |
||
| 行 57: | 行 40: | ||
listen [::]:80; |
listen [::]:80; |
||
server_name chevyne.at.tw; |
server_name chevyne.at.tw; |
||
| + | |||
return 301 https://$server_name$request_uri; |
return 301 https://$server_name$request_uri; |
||
} |
} |
||
server { |
server { |
||
| − | listen 443; |
+ | listen 443 ssl http2; |
| − | listen [::]:443; |
+ | listen [::]:443 ssl http2; |
| − | + | server_name chevyne.at.tw; |
|
| + | add_header Strict-Transport-Security "max-age=63072000" always; |
||
| − | ssl on; |
||
| − | ssl_certificate /usr/local/www/tls/chevyne.at.tw.crt; |
||
| − | ssl_certificate_key /usr/local/www/tls/chevyne.at.tw.key; |
||
| − | ssl_session_cache shared:SSL:1m; |
||
| − | ssl_session_timeout 5m; |
||
| + | ssl_certificate /usr/local/etc/letsencrypt/live/chevyne.at.tw/fullchain.pem; |
||
| − | ssl_ciphers HIGH:!aNULL:!MD5; |
||
| + | ssl_certificate_key /usr/local/etc/letsencrypt/live/chevyne.at.tw/privkey.pem; |
||
| − | ssl_prefer_server_ciphers on; |
||
| + | ssl_dhparam /usr/local/etc/nginx/cert/dhparam.pem; |
||
| + | |||
| + | ssl_session_cache shared:le_nginx_SSL:10m; |
||
| + | ssl_session_timeout 1440m; |
||
| + | ssl_session_tickets off; |
||
| + | |||
| + | ssl_protocols TLSv1.2 TLSv1.3; |
||
| + | ssl_prefer_server_ciphers off; |
||
| + | |||
| + | ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; |
||
| + | |||
| + | ssl_stapling on; |
||
| + | ssl_stapling_verify on; |
||
location / { |
location / { |
||
| 行 79: | 行 72: | ||
} |
} |
||
} |
} |
||
| − | |||
啟動 nginx: |
啟動 nginx: |
||
| − | |||
service nginx start |
service nginx start |
||
| − | |||
確定一切正常。 |
確定一切正常。 |
||
| − | |||
== 啟用 wiki == |
== 啟用 wiki == |
||
| + | 一切正常後,建立 symlink: |
||
| − | |||
| + | mkdir /usr/local/www/wiki |
||
| − | 一切正常後,將下面加到 <code>nginx.conf</code> |
||
| + | ln -s /usr/local/www/mediawiki /usr/local/www/wiki/w |
||
| − | |||
| + | 將下面加到 <code>nginx.conf</code> |
||
location /w { |
location /w { |
||
root /usr/local/www/wiki; |
root /usr/local/www/wiki; |
||
| 行 102: | 行 92: | ||
} |
} |
||
} |
} |
||
| + | 建立 SQLite 資料目錄 |
||
| + | cd /usr/local/www |
||
| + | mkdir data |
||
| + | chmod a+w data |
||
| + | 現在連到 https://chevyne.at.tw/w 並完成安裝程序。 |
||
| + | |||
| + | 安裝程序將生成一個 <code>LocalSettings.php</code>文件。 |
||
| + | |||
| + | 將其複製到服務器: |
||
| + | scp LocalSettings.php chevyne.at.tw:/usr/local/www/mediawiki |
||
| + | ==啟用短網址== |
||
| + | 要啟用短URL,請使用以下 <code>nginx.conf</code> 配置: |
||
| + | worker_processes auto; |
||
| + | |||
| + | events { |
||
| + | worker_connections 1024; |
||
| + | } |
||
| + | |||
| + | http { |
||
| + | include mime.types; |
||
| + | default_type application/octet-stream; |
||
| + | |||
| + | sendfile on; |
||
| + | keepalive_timeout 65; |
||
| + | |||
| + | server { |
||
| + | listen 80; |
||
| + | listen [::]:80; |
||
| + | server_name chevyne.at.tw; |
||
| + | |||
| + | return 301 https://$server_name$request_uri; |
||
| + | } |
||
| + | |||
| + | server { |
||
| + | listen 443 ssl; |
||
| + | listen [::]:443 ssl; |
||
| + | server_name chevyne.at.tw; |
||
| + | |||
| + | add_header Strict-Transport-Security "max-age=63072000" always; |
||
| + | |||
| + | ssl_certificate /usr/local/etc/letsencrypt/live/chevyne.at.tw/fullchain.pem; |
||
| + | ssl_certificate_key /usr/local/etc/letsencrypt/live/chevyne.at.tw/privkey.pem; |
||
| + | ssl_dhparam /usr/local/etc/nginx/cert/dhparam.pem; |
||
| + | |||
| + | ssl_session_cache shared:le_nginx_SSL:10m; |
||
| + | ssl_session_timeout 1440m; |
||
| + | ssl_session_tickets off; |
||
| + | |||
| + | ssl_protocols TLSv1.2 TLSv1.3; |
||
| + | ssl_prefer_server_ciphers off; |
||
| + | |||
| + | ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; |
||
| + | |||
| + | ssl_stapling on; |
||
| + | ssl_stapling_verify on; |
||
| + | |||
| + | root /usr/local/www/wiki; |
||
| + | index index.php; |
||
| + | |||
| + | location / { |
||
| + | rewrite ^/$ https://chevyne.at.tw/wiki permanent; |
||
| + | } |
||
| + | |||
| + | location /w { |
||
| + | location ~ \.php$ { |
||
| + | try_files $uri =404; |
||
| + | fastcgi_split_path_info ^(.+\.php)(/.+)$; |
||
| + | fastcgi_pass unix:/var/run/php-fpm.sock; |
||
| + | fastcgi_index index.php; |
||
| + | fastcgi_param SCRIPT_FILENAME $request_filename; |
||
| + | include fastcgi_params; |
||
| + | } |
||
| + | } |
||
| + | |||
| + | location /w/images { |
||
| + | location ~ ^/w/images/thumb/(archive/)?[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ { |
||
| + | try_files $uri $uri/ @thumb; |
||
| + | } |
||
| + | } |
||
| + | location /w/images/deleted { |
||
| + | # Deny access to deleted images folder |
||
| + | deny all; |
||
| + | } |
||
| + | |||
| + | location /w/cache { deny all; } |
||
| + | location /w/languages { deny all; } |
||
| + | location /w/maintenance { deny all; } |
||
| + | location /w/serialized { deny all; } |
||
| + | location ~ /.(svn|git)(/|$) { deny all; } |
||
| + | location ~ /.ht { deny all; } |
||
| + | |||
| + | location /wiki { |
||
| + | include fastcgi_params; |
||
| + | fastcgi_param SCRIPT_FILENAME $document_root/w/index.php; |
||
| + | fastcgi_pass unix:/var/run/php-fpm.sock; |
||
| + | } |
||
| + | |||
| + | location @thumb { |
||
| + | rewrite ^/w/images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2; |
||
| + | rewrite ^/w/images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1; |
||
| + | include fastcgi_params; |
||
| + | fastcgi_param SCRIPT_FILENAME $document_root/w/thumb.php; |
||
| + | fastcgi_pass unix:/var/run/php-fpm.sock; |
||
| + | } |
||
| + | |||
| + | error_page 500 502 503 504 /50x.html; |
||
| + | location = /50x.html { |
||
| + | root /usr/local/www/nginx-dist; |
||
| + | } |
||
| + | } |
||
| + | } |
||
| + | 然後編輯 <code>LocalSettings.php</code> 以啟用短網址: |
||
| + | $wgScriptPath = "/w"; |
||
| + | $wgScriptExtension = ".php"; |
||
| + | $wgArticlePath = "/wiki/$1"; |
||
| + | $wgUsePathInfo = true; |
||
| + | 現在完成。 |
||
| + | == 參考連結 == |
||
| + | * [https://xw.is/wiki/Installing_Mediawiki_1.27_on_FreeBSD_11.1 Installing Mediawiki 1.27 on FreeBSD 11.1] |
||
| + | __NOTOC__ |
||
| + | [[Category:FreeBSD]] |
||
| + | [[Category:MediaWiki]] |
||
於 2021年3月5日 (五) 15:34 的最新修訂
- 時間: 2020-12-30
- 安裝 MediaWiki 1.35 在 FreeBSD 12.2
- FreeBSD 12.2
- Nginx 1.18.0
- PHP 7.4.13
- MediaWiki 1.35.0
- SQLite 3.33.0
安裝套件
pkg install -y nginx mediawiki135-php74 git php74-pdo_sqlite php74-pecl-APCu php74-pecl-imagick php74-gd php74-openssl sysrc nginx_enable="YES" sysrc php_fpm_enable="YES"
配置 PHP
配置PHP,以使用unix domain socket而不是TCP/IP。
編輯 /usr/local/etc/php-fpm.d/www.conf,並更改listen指令:
listen = /var/run/php-fpm.sock listen.owner = www listen.group = www listen.mode = 0660
啟動 PHP
service php-fpm start
網址與憑證
網址 - chevyne.at.tw
TLS憑證 - Let's Encrypt 推薦使用的 ACME 客戶端 Certbot
DH param
openssl dhparam 4096 -out /usr/local/etc/nginx/cert/dhparam.pem
測試 nginx & TLS
編輯 /usr/local/etc/nginx/nginx.conf,使用以下測試配置:
worker_processes auto;
events {
worker_connections 1024;
}
http {
server {
listen 80;
listen [::]:80;
server_name chevyne.at.tw;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name chevyne.at.tw;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_certificate /usr/local/etc/letsencrypt/live/chevyne.at.tw/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/chevyne.at.tw/privkey.pem;
ssl_dhparam /usr/local/etc/nginx/cert/dhparam.pem;
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_stapling on;
ssl_stapling_verify on;
location / {
root /usr/local/www/nginx;
index index.html index.htm;
}
}
}
啟動 nginx:
service nginx start
確定一切正常。
啟用 wiki
一切正常後,建立 symlink:
mkdir /usr/local/www/wiki ln -s /usr/local/www/mediawiki /usr/local/www/wiki/w
將下面加到 nginx.conf
location /w {
root /usr/local/www/wiki;
index index.php;
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
}
建立 SQLite 資料目錄
cd /usr/local/www mkdir data chmod a+w data
現在連到 https://chevyne.at.tw/w 並完成安裝程序。
安裝程序將生成一個 LocalSettings.php文件。
將其複製到服務器:
scp LocalSettings.php chevyne.at.tw:/usr/local/www/mediawiki
啟用短網址
要啟用短URL,請使用以下 nginx.conf 配置:
worker_processes auto;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
listen [::]:80;
server_name chevyne.at.tw;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name chevyne.at.tw;
add_header Strict-Transport-Security "max-age=63072000" always;
ssl_certificate /usr/local/etc/letsencrypt/live/chevyne.at.tw/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/chevyne.at.tw/privkey.pem;
ssl_dhparam /usr/local/etc/nginx/cert/dhparam.pem;
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
ssl_stapling on;
ssl_stapling_verify on;
root /usr/local/www/wiki;
index index.php;
location / {
rewrite ^/$ https://chevyne.at.tw/wiki permanent;
}
location /w {
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $request_filename;
include fastcgi_params;
}
}
location /w/images {
location ~ ^/w/images/thumb/(archive/)?[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ {
try_files $uri $uri/ @thumb;
}
}
location /w/images/deleted {
# Deny access to deleted images folder
deny all;
}
location /w/cache { deny all; }
location /w/languages { deny all; }
location /w/maintenance { deny all; }
location /w/serialized { deny all; }
location ~ /.(svn|git)(/|$) { deny all; }
location ~ /.ht { deny all; }
location /wiki {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/w/index.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
}
location @thumb {
rewrite ^/w/images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2;
rewrite ^/w/images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root/w/thumb.php;
fastcgi_pass unix:/var/run/php-fpm.sock;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
}
}
然後編輯 LocalSettings.php 以啟用短網址:
$wgScriptPath = "/w"; $wgScriptExtension = ".php"; $wgArticlePath = "/wiki/$1"; $wgUsePathInfo = true;
現在完成。