「Install MediaWiki 1.35 on FreeBSD 12.2」修訂間的差異
		
		
		
		
		
		跳至導覽
		跳至搜尋
		
				
		
		
	
| 行 9: | 行 9: | ||
| * 網址 - <code>chevyne.at.tw</code> | * 網址 - <code>chevyne.at.tw</code> | ||
| * TLS憑證 - [https://letsencrypt.org Let's Encrypt] 推薦使用的 ACME 客戶端 [[ACME Client Certbot Install Let's Encrypt CA in FreeDSB Nginx|Certbot]] | * TLS憑證 - [https://letsencrypt.org Let's Encrypt] 推薦使用的 ACME 客戶端 [[ACME Client Certbot Install Let's Encrypt CA in FreeDSB Nginx|Certbot]] | ||
| − | * 已完成 [[FreeBSD Post Install Steps|FreeBSD 安裝後步驟]] | ||
| == 安裝套件 == | == 安裝套件 == | ||
|  pkg install -y nginx mediawiki135-php74 git php74-pdo_sqlite php74-pecl-APCu php74-pecl-imagick php74-gd php74-openssl |  pkg install -y nginx mediawiki135-php74 git php74-pdo_sqlite php74-pecl-APCu php74-pecl-imagick php74-gd php74-openssl | ||
於 2021年1月27日 (三) 00:55 的修訂
- 時間: 2020-12-30
- 安裝 MediaWiki 1.35 在 FreeBSD 12.2
- FreeBSD 12.2
- Nginx 1.18.0
- PHP 7.4.13
- MediaWiki 1.35.0
- SQLite 3.33.0
 
先決條件
- 網址 - chevyne.at.tw
- TLS憑證 - Let's Encrypt 推薦使用的 ACME 客戶端 Certbot
安裝套件
pkg install -y nginx mediawiki135-php74 git php74-pdo_sqlite php74-pecl-APCu php74-pecl-imagick php74-gd php74-openssl sysrc nginx_enable="YES" sysrc php_fpm_enable="YES"
配置 PHP
配置PHP,以使用unix domain socket而不是TCP/IP。
編輯 /usr/local/etc/php-fpm.conf,並更改listen指令:
listen = /var/run/php-fpm.sock listen.owner = www listen.group = www listen.mode = 0660
啟動 PHP
service php-fpm start
測試 nginx & TLS
編輯 /usr/local/etc/nginx/nginx.conf,使用以下測試配置:
worker_processes auto;
events {
	worker_connections  1024;
}
http {
	server {
		listen 80;
		listen [::]:80;
		server_name chevyne.at.tw;
		add_header Strict-Transport-Security "max-age=31536000";
		return 301 https://$server_name$request_uri;
	}
	server {
		listen 443;
		listen [::]:443;
		server_name chevyne.at.tw;
		add_header Strict-Transport-Security "max-age=31536000";
		ssl on;
		ssl_certificate /usr/local/etc/letsencrypt/live/chevyne.at.tw/fullchain.pem;
		ssl_certificate_key /usr/local/etc/letsencrypt/live/chevyne.at.tw/privkey.pem;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_ciphers ECDH+AESGCM:EDCH+AES256:ECDH+AES128:!MD5:!aNULL;
		ssl_prefer_server_ciphers on;
		ssl_session_cache shared:SSL:10m;
		ssl_session_timeout 1h;
		ssl_stapling on;
		ssl_stapling_verify on;
		location / {
			root /usr/local/www/nginx;
			index index.html index.htm;
		}
	}
}
啟動 nginx:
service nginx start
確定一切正常。
啟用 wiki
一切正常後,建立 symlink:
ln -s /usr/local/www/mediawiki /usr/local/www/wiki/w
將下面加到 nginx.conf
location /w {
	root /usr/local/www/wiki;
	index index.php;
	location ~ \.php$ {
		try_files $uri =404;
		fastcgi_split_path_info ^(.+\.php)(/.+)$;
		fastcgi_pass unix:/var/run/php-fpm.sock;
		fastcgi_index index.php;
		fastcgi_param SCRIPT_FILENAME $request_filename;
		include fastcgi_params;
	}
}
現在連到 https://chevyne.at.tw/w 並完成安裝程序。
安裝程序將生成一個 LocalSettings.php文件。
將其複製到服務器:
scp LocalSettings.php chevyne.at.tw:/usr/local/www/mediawiki
啟用短網址
要啟用短URL,請使用以下 nginx.conf 配置:
worker_processes auto;
events {
	worker_connections 1024;
}
http {
	include mime.types;
	default_type application/octet-stream;
	sendfile on;
	keepalive_timeout 65;
	server {
		listen 80;
		listen [::]:80;
		server_name chevyne.at.tw;
		add_header Strict-Transport-Security "max-age=31536000";
		return 301 https://$server_name$request_uri;
	}
	server {
		listen 443;
		listen [::]:443;
		server_name chevyne.at.tw;
		add_header Strict-Transport-Security "max-age=31536000";
		ssl on;
		ssl_certificate /etc/letsencrypt/live/chevyne.at.tw/fullchain.pem;
		ssl_certificate_key /etc/letsencrypt/live/chevyne.at.tw/privkey.pem;
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
		ssl_ciphers ECDH+AESGCM:EDCH+AES256:ECDH+AES128:!MD5:!aNULL;
		ssl_prefer_server_ciphers on;
		ssl_session_cache shared:SSL:10m;
		ssl_session_timeout 1h;
		ssl_stapling on;
		ssl_stapling_verify on;
		root /usr/local/www/wiki;
		index index.php;
		location / {
			rewrite ^/$ https://chevyne.at.tw/wiki permanent;
		}
		location /w {
			location ~ \.php$ {
				try_files $uri =404;
				fastcgi_split_path_info ^(.+\.php)(/.+)$;
				fastcgi_pass unix:/var/run/php-fpm.sock;
				fastcgi_index index.php;
				fastcgi_param SCRIPT_FILENAME $request_filename;
				include fastcgi_params;
			}
		}
		location /w/images {
			location ~ ^/w/images/thumb/(archive/)?[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ {
				try_files $uri $uri/ @thumb;
			}
		}
		location /w/images/deleted {
			# Deny access to deleted images folder
			deny all;
		}
		location /w/cache       { deny all; }
		location /w/languages   { deny all; }
		location /w/maintenance { deny all; }
		location /w/serialized  { deny all; }
		location ~ /.(svn|git)(/|$) { deny all; }
		location ~ /.ht { deny all; }
		location /wiki {
			include fastcgi_params;
			fastcgi_param SCRIPT_FILENAME $document_root/w/index.php;
			fastcgi_pass unix:/var/run/php-fpm.sock;
		}
		location @thumb {
			rewrite ^/w/images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2;
			rewrite ^/w/images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ /w/thumb.php?f=$1&width=$2&archived=1;
			include fastcgi_params;
			fastcgi_param SCRIPT_FILENAME $document_root/w/thumb.php;
			fastcgi_pass unix:/var/run/php-fpm.sock;
		}
		error_page 500 502 503 504 /50x.html;
		location = /50x.html {
			root /usr/local/www/nginx-dist;
		}
	}
}
然後編輯 LocalSettings.php 以啟用短網址:
$wgScriptPath = "/w"; $wgScriptExtension = ".php"; $wgArticlePath = "/wiki/$1"; $wgUsePathInfo = true;
現在完成。