「Install MediaWiki 1.35 on FreeBSD 12.2」修訂間的差異
		
		
		
		
		
		跳至導覽
		跳至搜尋
		
				
		
		
	
| (未顯示同一使用者於中間所作的 9 次修訂) | |||
| 行 6: | 行 6: | ||
| ** MediaWiki 1.35.0 | ** MediaWiki 1.35.0 | ||
| ** SQLite 3.33.0 | ** SQLite 3.33.0 | ||
| − | == 先決條件 == | ||
| ⚫ | |||
| ⚫ | |||
| == 安裝套件 == | == 安裝套件 == | ||
|  pkg install -y nginx mediawiki135-php74 git php74-pdo_sqlite php74-pecl-APCu php74-pecl-imagick php74-gd php74-openssl |  pkg install -y nginx mediawiki135-php74 git php74-pdo_sqlite php74-pecl-APCu php74-pecl-imagick php74-gd php74-openssl | ||
| 行 16: | 行 13: | ||
| 配置PHP,以使用unix domain socket而不是TCP/IP。 | 配置PHP,以使用unix domain socket而不是TCP/IP。 | ||
| − | 編輯 <code>/usr/local/etc/php-fpm.conf</code>,並更改listen指令: | + | 編輯 <code>/usr/local/etc/php-fpm.d/www.conf</code>,並更改listen指令: | 
|  listen = /var/run/php-fpm.sock |  listen = /var/run/php-fpm.sock | ||
|  listen.owner = www |  listen.owner = www | ||
| 行 23: | 行 20: | ||
| 啟動 PHP | 啟動 PHP | ||
|  service php-fpm start |  service php-fpm start | ||
| + | === 網址與憑證 === | ||
| ⚫ | |||
| + | |||
| ⚫ | |||
| + | |||
| + | DH param | ||
| + |  openssl dhparam 4096 -out /usr/local/etc/nginx/cert/dhparam.pem | ||
| === 測試 nginx & TLS === | === 測試 nginx & TLS === | ||
| 編輯 <code>/usr/local/etc/nginx/nginx.conf</code>,使用以下測試配置: | 編輯 <code>/usr/local/etc/nginx/nginx.conf</code>,使用以下測試配置: | ||
| 行 36: | 行 40: | ||
|  		listen [::]:80; |  		listen [::]:80; | ||
|  		server_name chevyne.at.tw; |  		server_name chevyne.at.tw; | ||
| + | |||
| ⚫ | |||
|  		return 301 https://$server_name$request_uri; |  		return 301 https://$server_name$request_uri; | ||
|  	} |  	} | ||
|  	server { |  	server { | ||
| − |  		listen 443; | + |  		listen 443 ssl http2; | 
| − |  		listen [::]:443; | + |  		listen [::]:443 ssl http2; | 
| − | + |                 server_name chevyne.at.tw; | |
| ⚫ | |||
| ⚫ | |||
| − |  		ssl on; | ||
| + | |||
| ⚫ | |||
| − | + |                 ssl_certificate /usr/local/etc/letsencrypt/live/chevyne.at.tw/fullchain.pem; | |
| ⚫ | |||
| ⚫ | |||
| + |                 ssl_dhparam /usr/local/etc/nginx/cert/dhparam.pem; | ||
| − |  		ssl_ciphers ECDH+AESGCM:EDCH+AES256:ECDH+AES128:!MD5:!aNULL; | ||
| + | |||
| ⚫ | |||
| − | + |                 ssl_session_cache shared:le_nginx_SSL:10m; | |
| − | + |                 ssl_session_timeout 1440m; | |
| + |                 ssl_session_tickets off; | ||
| ⚫ | |||
| + | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| + | |||
| + |                 ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; | ||
| + | |||
| ⚫ | |||
| ⚫ | |||
|  		location / { |  		location / { | ||
| 行 67: | 行 77: | ||
| == 啟用 wiki == | == 啟用 wiki == | ||
| 一切正常後,建立 symlink: | 一切正常後,建立 symlink: | ||
| + |  mkdir /usr/local/www/wiki | ||
|  ln -s /usr/local/www/mediawiki /usr/local/www/wiki/w |  ln -s /usr/local/www/mediawiki /usr/local/www/wiki/w | ||
| 將下面加到 <code>nginx.conf</code> | 將下面加到 <code>nginx.conf</code> | ||
| 行 81: | 行 92: | ||
|  	} |  	} | ||
|  } |  } | ||
| + | 建立 SQLite 資料目錄 | ||
| + |  cd /usr/local/www | ||
| + |  mkdir data | ||
| + |  chmod a+w data | ||
| 現在連到 https://chevyne.at.tw/w 並完成安裝程序。 | 現在連到 https://chevyne.at.tw/w 並完成安裝程序。 | ||
| 行 106: | 行 121: | ||
|  		listen [::]:80; |  		listen [::]:80; | ||
|  		server_name chevyne.at.tw; |  		server_name chevyne.at.tw; | ||
| + | |||
| − |  		add_header Strict-Transport-Security "max-age=31536000"; | ||
|  		return 301 https://$server_name$request_uri; |  		return 301 https://$server_name$request_uri; | ||
|  	} |  	} | ||
|  	server { |  	server { | ||
| − |  		listen 443; | + |  		listen 443 ssl; | 
| − |  		listen [::]:443; | + |  		listen [::]:443 ssl; | 
| − | + |                 server_name chevyne.at.tw; | |
| + | |||
| − |  		add_header Strict-Transport-Security "max-age=31536000"; | ||
| ⚫ | |||
| + | |||
| ⚫ | |||
| + |                 ssl_certificate_key /usr/local/etc/letsencrypt/live/chevyne.at.tw/privkey.pem; | ||
| + |                 ssl_dhparam /usr/local/etc/nginx/cert/dhparam.pem; | ||
| + | |||
| ⚫ | |||
| ⚫ | |||
| + |                 ssl_session_tickets off; | ||
| + | |||
| ⚫ | |||
| ⚫ | |||
| + | |||
| + |                 ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384"; | ||
| ⚫ | |||
| − |  		ssl on; | ||
| ⚫ | |||
| − |  		ssl_certificate /etc/letsencrypt/live/chevyne.at.tw/fullchain.pem; | ||
| ⚫ | |||
| ⚫ | |||
| − |  		ssl_ciphers ECDH+AESGCM:EDCH+AES256:ECDH+AES128:!MD5:!aNULL; | ||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
| ⚫ | |||
|  		root /usr/local/www/wiki; |  		root /usr/local/www/wiki; | ||
於 2021年3月5日 (五) 15:34 的最新修訂
- 時間: 2020-12-30
- 安裝 MediaWiki 1.35 在 FreeBSD 12.2
- FreeBSD 12.2
- Nginx 1.18.0
- PHP 7.4.13
- MediaWiki 1.35.0
- SQLite 3.33.0
 
安裝套件
pkg install -y nginx mediawiki135-php74 git php74-pdo_sqlite php74-pecl-APCu php74-pecl-imagick php74-gd php74-openssl sysrc nginx_enable="YES" sysrc php_fpm_enable="YES"
配置 PHP
配置PHP,以使用unix domain socket而不是TCP/IP。
編輯 /usr/local/etc/php-fpm.d/www.conf,並更改listen指令:
listen = /var/run/php-fpm.sock listen.owner = www listen.group = www listen.mode = 0660
啟動 PHP
service php-fpm start
網址與憑證
網址 - chevyne.at.tw
TLS憑證 - Let's Encrypt 推薦使用的 ACME 客戶端 Certbot
DH param
openssl dhparam 4096 -out /usr/local/etc/nginx/cert/dhparam.pem
測試 nginx & TLS
編輯 /usr/local/etc/nginx/nginx.conf,使用以下測試配置:
worker_processes auto;
events {
	worker_connections  1024;
}
http {
	server {
		listen 80;
		listen [::]:80;
		server_name chevyne.at.tw;
		return 301 https://$server_name$request_uri;
	}
	server {
		listen 443 ssl http2;
		listen [::]:443 ssl http2;
               server_name chevyne.at.tw;
               add_header Strict-Transport-Security "max-age=63072000" always;
               ssl_certificate /usr/local/etc/letsencrypt/live/chevyne.at.tw/fullchain.pem;
               ssl_certificate_key /usr/local/etc/letsencrypt/live/chevyne.at.tw/privkey.pem;
               ssl_dhparam /usr/local/etc/nginx/cert/dhparam.pem;
               ssl_session_cache shared:le_nginx_SSL:10m;
               ssl_session_timeout 1440m;
               ssl_session_tickets off;
               ssl_protocols TLSv1.2 TLSv1.3;
               ssl_prefer_server_ciphers off;
               ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
               ssl_stapling        on;
               ssl_stapling_verify on;
		location / {
			root /usr/local/www/nginx;
			index index.html index.htm;
		}
	}
}
啟動 nginx:
service nginx start
確定一切正常。
啟用 wiki
一切正常後,建立 symlink:
mkdir /usr/local/www/wiki ln -s /usr/local/www/mediawiki /usr/local/www/wiki/w
將下面加到 nginx.conf
location /w {
	root /usr/local/www/wiki;
	index index.php;
	location ~ \.php$ {
		try_files $uri =404;
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		fastcgi_pass unix:/var/run/php-fpm.sock;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME $request_filename;
		include fastcgi_params;
	}
}
建立 SQLite 資料目錄
cd /usr/local/www mkdir data chmod a+w data
現在連到 https://chevyne.at.tw/w 並完成安裝程序。
安裝程序將生成一個 LocalSettings.php文件。
將其複製到服務器:
scp LocalSettings.php chevyne.at.tw:/usr/local/www/mediawiki
啟用短網址
要啟用短URL,請使用以下 nginx.conf 配置:
worker_processes auto;
events {
	worker_connections 1024;
}
http {
	include mime.types;
	default_type application/octet-stream;
	sendfile on;
	keepalive_timeout 65;
	server {
		listen 80;
		listen [::]:80;
		server_name chevyne.at.tw;
		return 301 https://$server_name$request_uri;
	}
	server {
		listen 443 ssl;
		listen [::]:443 ssl;
               server_name chevyne.at.tw;
               add_header Strict-Transport-Security "max-age=63072000" always;
               ssl_certificate /usr/local/etc/letsencrypt/live/chevyne.at.tw/fullchain.pem;
               ssl_certificate_key /usr/local/etc/letsencrypt/live/chevyne.at.tw/privkey.pem;
               ssl_dhparam /usr/local/etc/nginx/cert/dhparam.pem;
               ssl_session_cache shared:le_nginx_SSL:10m;
               ssl_session_timeout 1440m;
               ssl_session_tickets off;
               ssl_protocols TLSv1.2 TLSv1.3;
               ssl_prefer_server_ciphers off;
               ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384";
               ssl_stapling        on;
               ssl_stapling_verify on;
		root /usr/local/www/wiki;
		index index.php;
		location / {
			rewrite ^/$ https://chevyne.at.tw/wiki permanent;
		}
		location /w {
			location ~ \.php$ {
				try_files $uri =404;
				fastcgi_split_path_info ^(.+\.php)(/.+)$;
				fastcgi_pass unix:/var/run/php-fpm.sock;
				fastcgi_index index.php;
				fastcgi_param SCRIPT_FILENAME $request_filename;
				include fastcgi_params;
			}
		}
		location /w/images {
			location ~ ^/w/images/thumb/(archive/)?[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ {
				try_files $uri $uri/ @thumb;
			}
		}
		location /w/images/deleted {
			# Deny access to deleted images folder
			deny all;
		}
		location /w/cache       { deny all; }
		location /w/languages   { deny all; }
		location /w/maintenance { deny all; }
		location /w/serialized  { deny all; }
		location ~ /.(svn|git)(/|$) { deny all; }
		location ~ /.ht { deny all; }
		location /wiki {
			include fastcgi_params;
			fastcgi_param SCRIPT_FILENAME $document_root/w/index.php;
			fastcgi_pass unix:/var/run/php-fpm.sock;
		}
		location @thumb {
			rewrite ^/w/images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2;
			rewrite ^/w/images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1;
			include fastcgi_params;
			fastcgi_param SCRIPT_FILENAME $document_root/w/thumb.php;
			fastcgi_pass unix:/var/run/php-fpm.sock;
		}
		error_page 500 502 503 504 /50x.html;
		location = /50x.html {
			root /usr/local/www/nginx-dist;
		}
	}
}
然後編輯 LocalSettings.php 以啟用短網址:
$wgScriptPath = "/w"; $wgScriptExtension = ".php"; $wgArticlePath = "/wiki/$1"; $wgUsePathInfo = true;
現在完成。