「Install MediaWiki 1.35 on FreeBSD 12.2」修訂間的差異

出自ChevyneWiki
跳至導覽 跳至搜尋
 
(未顯示同一使用者於中間所作的 14 次修訂)
行 1: 行 1:
[[Category:FreeBSD]]
 
[[Category:MediaWiki]]
 
 
* 時間: 2020-12-30
 
* 時間: 2020-12-30
 
* 安裝 MediaWiki 1.35 在 FreeBSD 12.2
 
* 安裝 MediaWiki 1.35 在 FreeBSD 12.2
行 8: 行 6:
 
** MediaWiki 1.35.0
 
** MediaWiki 1.35.0
 
** SQLite 3.33.0
 
** SQLite 3.33.0
== 先決條件 ==
 
* 網址 - <code>chevyne.at.tw</code>
 
* TLS憑證 - [https://letsencrypt.org Let's Encrypt] 推薦使用的 ACME 客戶端 [[Let's Encrypt Client Certbot Install|Certbot]]
 
* 已完成 [[FreeBSD Post Install Steps|FreeBSD 安裝後步驟]]
 
 
== 安裝套件 ==
 
== 安裝套件 ==
 
pkg install -y nginx mediawiki135-php74 git php74-pdo_sqlite php74-pecl-APCu php74-pecl-imagick php74-gd php74-openssl
 
pkg install -y nginx mediawiki135-php74 git php74-pdo_sqlite php74-pecl-APCu php74-pecl-imagick php74-gd php74-openssl
行 19: 行 13:
 
配置PHP,以使用unix domain socket而不是TCP/IP。
 
配置PHP,以使用unix domain socket而不是TCP/IP。
   
編輯 <code>/usr/local/etc/php-fpm.conf</code>,並更改listen指令:
+
編輯 <code>/usr/local/etc/php-fpm.d/www.conf</code>,並更改listen指令:
 
listen = /var/run/php-fpm.sock
 
listen = /var/run/php-fpm.sock
 
listen.owner = www
 
listen.owner = www
行 26: 行 20:
 
啟動 PHP
 
啟動 PHP
 
service php-fpm start
 
service php-fpm start
  +
=== 網址與憑證 ===
 
網址 - <code>chevyne.at.tw</code>
  +
 
TLS憑證 - [https://letsencrypt.org Let's Encrypt] 推薦使用的 ACME 客戶端 [[ACME Client Certbot Install Let's Encrypt CA in FreeDSB Nginx|Certbot]]
  +
  +
DH param
  +
openssl dhparam 4096 -out /usr/local/etc/nginx/cert/dhparam.pem
 
=== 測試 nginx & TLS ===
 
=== 測試 nginx & TLS ===
 
編輯 <code>/usr/local/etc/nginx/nginx.conf</code>,使用以下測試配置:
 
編輯 <code>/usr/local/etc/nginx/nginx.conf</code>,使用以下測試配置:
行 39: 行 40:
 
listen [::]:80;
 
listen [::]:80;
 
server_name chevyne.at.tw;
 
server_name chevyne.at.tw;
  +
add_header Strict-Transport-Security "max-age=31536000";
 
 
return 301 https://$server_name$request_uri;
 
return 301 https://$server_name$request_uri;
 
}
 
}
 
server {
 
server {
listen 443;
+
listen 443 ssl http2;
listen [::]:443;
+
listen [::]:443 ssl http2;
server_name chevyne.at.tw;
+
server_name chevyne.at.tw;
add_header Strict-Transport-Security "max-age=31536000";
 
 
 
 
add_header Strict-Transport-Security "max-age=63072000" always;
ssl on;
 
  +
ssl_certificate /usr/local/etc/letsencrypt/live/chevyne.at.tw/fullchain.pem;
 
ssl_certificate_key /usr/local/etc/letsencrypt/live/chevyne.at.tw/privkey.pem;
+
ssl_certificate /usr/local/etc/letsencrypt/live/chevyne.at.tw/fullchain.pem;
 
ssl_certificate_key /usr/local/etc/letsencrypt/live/chevyne.at.tw/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
  +
ssl_dhparam /usr/local/etc/nginx/cert/dhparam.pem;
ssl_ciphers ECDH+AESGCM:EDCH+AES256:ECDH+AES128:!MD5:!aNULL;
 
  +
ssl_prefer_server_ciphers on;
 
ssl_session_cache shared:SSL:10m;
+
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1h;
+
ssl_session_timeout 1440m;
  +
ssl_session_tickets off;
ssl_stapling on;
 
  +
ssl_stapling_verify on;
 
 
ssl_protocols TLSv1.2 TLSv1.3;
 
ssl_prefer_server_ciphers off;
  +
  +
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
  +
 
ssl_stapling on;
 
ssl_stapling_verify on;
 
 
 
location / {
 
location / {
行 70: 行 77:
 
== 啟用 wiki ==
 
== 啟用 wiki ==
 
一切正常後,建立 symlink:
 
一切正常後,建立 symlink:
  +
mkdir /usr/local/www/wiki
 
ln -s /usr/local/www/mediawiki /usr/local/www/wiki/w
 
ln -s /usr/local/www/mediawiki /usr/local/www/wiki/w
 
將下面加到 <code>nginx.conf</code>
 
將下面加到 <code>nginx.conf</code>
行 84: 行 92:
 
}
 
}
 
}
 
}
  +
建立 SQLite 資料目錄
  +
cd /usr/local/www
  +
mkdir data
  +
chmod a+w data
 
現在連到 https://chevyne.at.tw/w 並完成安裝程序。
 
現在連到 https://chevyne.at.tw/w 並完成安裝程序。
   
行 109: 行 121:
 
listen [::]:80;
 
listen [::]:80;
 
server_name chevyne.at.tw;
 
server_name chevyne.at.tw;
  +
add_header Strict-Transport-Security "max-age=31536000";
 
 
return 301 https://$server_name$request_uri;
 
return 301 https://$server_name$request_uri;
 
}
 
}
 
 
 
server {
 
server {
listen 443;
+
listen 443 ssl;
listen [::]:443;
+
listen [::]:443 ssl;
server_name chevyne.at.tw;
+
server_name chevyne.at.tw;
  +
add_header Strict-Transport-Security "max-age=31536000";
 
 
add_header Strict-Transport-Security "max-age=63072000" always;
  +
 
ssl_certificate /usr/local/etc/letsencrypt/live/chevyne.at.tw/fullchain.pem;
  +
ssl_certificate_key /usr/local/etc/letsencrypt/live/chevyne.at.tw/privkey.pem;
  +
ssl_dhparam /usr/local/etc/nginx/cert/dhparam.pem;
  +
 
ssl_session_cache shared:le_nginx_SSL:10m;
 
ssl_session_timeout 1440m;
  +
ssl_session_tickets off;
  +
 
ssl_protocols TLSv1.2 TLSv1.3;
 
ssl_prefer_server_ciphers off;
  +
  +
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
 
 
 
ssl_stapling on;
ssl on;
 
 
ssl_stapling_verify on;
ssl_certificate /etc/letsencrypt/live/chevyne.at.tw/fullchain.pem;
 
ssl_certificate_key /etc/letsencrypt/live/chevyne.at.tw/privkey.pem;
 
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 
ssl_ciphers ECDH+AESGCM:EDCH+AES256:ECDH+AES128:!MD5:!aNULL;
 
ssl_prefer_server_ciphers on;
 
ssl_session_cache shared:SSL:10m;
 
ssl_session_timeout 1h;
 
ssl_stapling on;
 
ssl_stapling_verify on;
 
 
 
 
root /usr/local/www/wiki;
 
root /usr/local/www/wiki;
行 191: 行 209:
 
$wgUsePathInfo = true;
 
$wgUsePathInfo = true;
 
現在完成。
 
現在完成。
== 啟用移動支持 ==
 
確定已安裝 wget:
 
pkg install -y wget
 
確定具有 mediawiki extensions 的權限:
 
chown root:staff /usr/local/www/mediawiki/extensions
 
chmod g+w /usr/local/www/mediawiki/extensions
 
下載 [https://www.mediawiki.org/wiki/Extension:MobileFrontend MobileFrontend] 並解壓縮:
 
wget https://extdist.wmflabs.org/dist/extensions/MobileFrontend-REL1_35-1421405.tar.gz
 
tar -xzf MobileFrontend-REL1_35-1421405.tar.gz -C /usr/local/www/mediawiki/extensions
 
編輯 <code>LocalSettings.php</code> 以啟用(將其加在後面):
 
wfLoadExtension('MobileFrontend');
 
$wgMFAutodetectMobileView = true;
 
 
== 參考連結 ==
 
== 參考連結 ==
 
* [https://xw.is/wiki/Installing_Mediawiki_1.27_on_FreeBSD_11.1 Installing Mediawiki 1.27 on FreeBSD 11.1]
 
* [https://xw.is/wiki/Installing_Mediawiki_1.27_on_FreeBSD_11.1 Installing Mediawiki 1.27 on FreeBSD 11.1]
  +
__NOTOC__
 
[[Category:FreeBSD]]
 
[[Category:MediaWiki]]

於 2021年3月5日 (五) 15:34 的最新修訂

  • 時間: 2020-12-30
  • 安裝 MediaWiki 1.35 在 FreeBSD 12.2
    • FreeBSD 12.2
    • Nginx 1.18.0
    • PHP 7.4.13
    • MediaWiki 1.35.0
    • SQLite 3.33.0

安裝套件

pkg install -y nginx mediawiki135-php74 git php74-pdo_sqlite php74-pecl-APCu php74-pecl-imagick php74-gd php74-openssl
sysrc nginx_enable="YES"
sysrc php_fpm_enable="YES"

配置 PHP

配置PHP,以使用unix domain socket而不是TCP/IP。

編輯 /usr/local/etc/php-fpm.d/www.conf,並更改listen指令:

listen = /var/run/php-fpm.sock
listen.owner = www
listen.group = www
listen.mode = 0660

啟動 PHP

service php-fpm start

網址與憑證

網址 - chevyne.at.tw

TLS憑證 - Let's Encrypt 推薦使用的 ACME 客戶端 Certbot

DH param

openssl dhparam 4096 -out /usr/local/etc/nginx/cert/dhparam.pem

測試 nginx & TLS

編輯 /usr/local/etc/nginx/nginx.conf,使用以下測試配置:

worker_processes auto;

events {
	worker_connections  1024;
}

http {
	server {
		listen 80;
		listen [::]:80;
		server_name chevyne.at.tw;

		return 301 https://$server_name$request_uri;
	}
	server {
		listen 443 ssl http2;
		listen [::]:443 ssl http2;
               server_name chevyne.at.tw;

               add_header Strict-Transport-Security "max-age=63072000" always;

               ssl_certificate /usr/local/etc/letsencrypt/live/chevyne.at.tw/fullchain.pem;
               ssl_certificate_key /usr/local/etc/letsencrypt/live/chevyne.at.tw/privkey.pem;
               ssl_dhparam /usr/local/etc/nginx/cert/dhparam.pem;

               ssl_session_cache shared:le_nginx_SSL:10m;
               ssl_session_timeout 1440m;
               ssl_session_tickets off;

               ssl_protocols TLSv1.2 TLSv1.3;
               ssl_prefer_server_ciphers off;

               ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

               ssl_stapling        on;
               ssl_stapling_verify on;

		location / {
			root /usr/local/www/nginx;
			index index.html index.htm;
		}
	}
}

啟動 nginx:

service nginx start

確定一切正常。

啟用 wiki

一切正常後,建立 symlink:

mkdir /usr/local/www/wiki
ln -s /usr/local/www/mediawiki /usr/local/www/wiki/w

將下面加到 nginx.conf

location /w {
	root /usr/local/www/wiki;
	index index.php;
	location ~ \.php$ {
		try_files $uri =404;
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		fastcgi_pass unix:/var/run/php-fpm.sock;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME $request_filename;
		include fastcgi_params;
	}
}

建立 SQLite 資料目錄

cd /usr/local/www
mkdir data
chmod a+w data

現在連到 https://chevyne.at.tw/w 並完成安裝程序。

安裝程序將生成一個 LocalSettings.php文件。

將其複製到服務器:

 scp LocalSettings.php chevyne.at.tw:/usr/local/www/mediawiki

啟用短網址

要啟用短URL,請使用以下 nginx.conf 配置:

worker_processes auto;

events {
	worker_connections 1024;
}

http {
	include mime.types;
	default_type application/octet-stream;

	sendfile on;
	keepalive_timeout 65;

	server {
		listen 80;
		listen [::]:80;
		server_name chevyne.at.tw;

		return 301 https://$server_name$request_uri;
	}

	server {
		listen 443 ssl;
		listen [::]:443 ssl;
               server_name chevyne.at.tw;

               add_header Strict-Transport-Security "max-age=63072000" always;

               ssl_certificate /usr/local/etc/letsencrypt/live/chevyne.at.tw/fullchain.pem;
               ssl_certificate_key /usr/local/etc/letsencrypt/live/chevyne.at.tw/privkey.pem;
               ssl_dhparam /usr/local/etc/nginx/cert/dhparam.pem;

               ssl_session_cache shared:le_nginx_SSL:10m;
               ssl_session_timeout 1440m;
               ssl_session_tickets off;

               ssl_protocols TLSv1.2 TLSv1.3;
               ssl_prefer_server_ciphers off;

               ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";

               ssl_stapling        on;
               ssl_stapling_verify on;

		root /usr/local/www/wiki;
		index index.php;

		location / {
			rewrite ^/$ https://chevyne.at.tw/wiki permanent;
		}

		location /w {
			location ~ \.php$ {
				try_files $uri =404;
				fastcgi_split_path_info ^(.+\.php)(/.+)$;
				fastcgi_pass unix:/var/run/php-fpm.sock;
				fastcgi_index index.php;
				fastcgi_param SCRIPT_FILENAME $request_filename;
				include fastcgi_params;
			}
		}

		location /w/images {
			location ~ ^/w/images/thumb/(archive/)?[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ {
				try_files $uri $uri/ @thumb;
			}
		}
		location /w/images/deleted {
			# Deny access to deleted images folder
			deny all;
		}

		location /w/cache       { deny all; }
		location /w/languages   { deny all; }
		location /w/maintenance { deny all; }
		location /w/serialized  { deny all; }
		location ~ /.(svn|git)(/|$) { deny all; }
		location ~ /.ht { deny all; }

		location /wiki {
			include fastcgi_params;
			fastcgi_param SCRIPT_FILENAME $document_root/w/index.php;
			fastcgi_pass unix:/var/run/php-fpm.sock;
		}

		location @thumb {
			rewrite ^/w/images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2;
			rewrite ^/w/images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1;
			include fastcgi_params;
			fastcgi_param SCRIPT_FILENAME $document_root/w/thumb.php;
			fastcgi_pass unix:/var/run/php-fpm.sock;
		}

		error_page 500 502 503 504 /50x.html;
		location = /50x.html {
			root /usr/local/www/nginx-dist;
		}
	}
}

然後編輯 LocalSettings.php 以啟用短網址:

$wgScriptPath = "/w";
$wgScriptExtension = ".php";
$wgArticlePath = "/wiki/$1";
$wgUsePathInfo = true;

現在完成。

參考連結