Alpine Linux - User contributions [en]

MediaWiki

2024-11-03T15:39:17Z

Nino: Oversight from previous edit

[https://www.mediawiki.org/wiki/MediaWiki MediaWiki] is a popular free web-based wiki software application developed by and used on all projects of the Wikimedia Foundation, as well as on many other wiki websites worldwide. It is written in the PHP programming language with a backend database.

== Install lighttpd, PHP, and postgresql ==

{{Cmd|apk add curl lighttpd php php-dom php-json php-pgsql php-cgi php-mbstring php-xml php-ctype php-fileinfo php-iconv php-zlib php-gd php-session php-intl imagemagick diffutils}}

Install extra packages

{{Cmd|apk add postgresql postgresql-client openrc}}

== Installing and configuring MediaWiki ==

Create a folder named {{Path|mediawiki}}

{{Cmd|mkdir -p /usr/share/webapps/}}

Download the [https://www.mediawiki.org/wiki/MediaWiki latest version]. At the time of writing it is 1.42.3

{{Cmd|cd /usr/share/webapps/
curl https://releases.wikimedia.org/mediawiki/1.42/mediawiki-1.42.3.tar.gz >mw.tar.gz}}

Unpack the archive, rename the folder and delete the tarball afterwards

{{Cmd|tar zxvf mw.tar.gz
mv mediawiki-1.42.3 mediawiki
rm mw.tar.gz}}

Change the folder permissions

{{Cmd|chown -R lighttpd /usr/share/webapps/}}

Crate a symlink to the {{Path|mediawiki}} folder

{{Cmd|ln -s /usr/share/webapps/mediawiki/ /var/www/localhost/htdocs/mediawiki}}

Edit lighttpd.conf and uncomment '''include "mod_fastcgi.conf"'''

{{Cmd|vi /etc/lighttpd/lighttpd.conf}}

== Starting ==

{{Cmd|rc-service postgresql setup
rc-service postgresql start && rc-update add postgresql default
rc-service lighttpd start && rc-update add lighttpd default}}

== Config your wiki ==

Install the wiki accessing

<nowiki>http://WEBSERVER_IP_ADDRESS/mediawiki/mw-config/index.php</nowiki>

When you finish, press "Install MediaWiki" button, and that's all. :)
You have MediaWiki working. To access go to <nowiki>http://WEBSERVER_IP_ADDRESS/mediawiki</nowiki> and enjoy!

=See Also=
*[[Converting mediawiki database from postgresql to mysql/mariadb]]

[[Category:SQL]]

MediaWiki

2024-11-03T15:38:38Z

Nino: Update mediawiki version and add missing requirement

[https://www.mediawiki.org/wiki/MediaWiki MediaWiki] is a popular free web-based wiki software application developed by and used on all projects of the Wikimedia Foundation, as well as on many other wiki websites worldwide. It is written in the PHP programming language with a backend database.

== Install lighttpd, PHP, and postgresql ==

{{Cmd|apk add curl lighttpd php php-dom php-json php-pgsql php-cgi php-mbstring php-xml php-ctype php-fileinfo php-iconv php-zlib php-gd php-session php-intl imagemagick diffutils}}

Install extra packages

{{Cmd|apk add postgresql postgresql-client openrc}}

== Installing and configuring MediaWiki ==

Create a folder named {{Path|mediawiki}}

{{Cmd|mkdir -p /usr/share/webapps/}}

Download the [https://www.mediawiki.org/wiki/MediaWiki latest version]. At the time of writing it is 1.42.3

{{Cmd|cd /usr/share/webapps/
curl https://releases.wikimedia.org/mediawiki/1.42/mediawiki-1.42.3.tar.gz >mw.tar.gz}}

Unpack the archive, rename the folder and delete the tarball afterwards

{{Cmd|tar zxvf mw.tar.gz
mv mediawiki-1.35.1 mediawiki
rm mw.tar.gz}}

Change the folder permissions

{{Cmd|chown -R lighttpd /usr/share/webapps/}}

Crate a symlink to the {{Path|mediawiki}} folder

{{Cmd|ln -s /usr/share/webapps/mediawiki/ /var/www/localhost/htdocs/mediawiki}}

Edit lighttpd.conf and uncomment '''include "mod_fastcgi.conf"'''

{{Cmd|vi /etc/lighttpd/lighttpd.conf}}

== Starting ==

{{Cmd|rc-service postgresql setup
rc-service postgresql start && rc-update add postgresql default
rc-service lighttpd start && rc-update add lighttpd default}}

== Config your wiki ==

Install the wiki accessing

<nowiki>http://WEBSERVER_IP_ADDRESS/mediawiki/mw-config/index.php</nowiki>

When you finish, press "Install MediaWiki" button, and that's all. :)
You have MediaWiki working. To access go to <nowiki>http://WEBSERVER_IP_ADDRESS/mediawiki</nowiki> and enjoy!

=See Also=
*[[Converting mediawiki database from postgresql to mysql/mariadb]]

[[Category:SQL]]

Talk:Nginx as reverse proxy with acme (letsencrypt)

2024-05-26T21:30:20Z

Nino:

acme-client is no longer in the repos - looks like its been replaced with acmetool. I assume by the same author? I'm nowhere near experienced enough to refactor this page BUT the user guide (hlandau.github.io/acme/userguide) is pretty good, you set it up like so:

acmetool quickstart

and then:

acmetool want example.com voidlinux.org

(With your domains, d'uh!) is a great way to get going - I found the proxy version worked quite well with just a few adjustments from the guides here. Hopefully someone with experience will fix this up. Alpine/nGinX is a blazing fast way to proxy HTTP/HTTPS to my hodge-podge of servers.[[User:Marcdraco|Marcdraco]] ([[User talk:Marcdraco|talk]]) 13:27, 24 May 2019 (UTC)

Note that acme-client is now back in the repos, but it's a port of the OpenBSD fork (https://git.wolfsden.cz/acme-client-portable/about/) so the options on the page don't exists. Here's the man page: https://man.openbsd.org/acme-client.1[[User:Nino|Nino]] ([[User talk:Nino|talk]]) 21:30, 26 May 2024 (UTC)

Nginx as reverse proxy with acme (letsencrypt)

2024-05-26T21:01:32Z

Nino: /* SSL configuration */ Replace a dead link by a relevant one

== Introduction ==

This setup will allow you to have multiple servers/containers accessible via a single IP address with the added benefit of a centralized generation of [https://letsencrypt.org/ letsencrypt] certificates and secure https (according to '''ssllabs ssltest'''). Be aware that you first need to setup a regular HTTP server in order to be able to generate your HTTPS certificates and keys. After you have generated them, you can then add your HTTPS host based configuration.

See the [[Nginx|NGINX]] page for general information about Nginx, starting/stopping the service etc.

== Installation ==

For this howto, we need three tools: [[Nginx|NGINX]], {{pkg|acme-client}} and {{pkg|openssl}} (to generate [https://wiki.openssl.org/index.php/Diffie-Hellman_parameters Diffie–Hellman Parameters]).

{{Cmd|apk update
apk add nginx acme-client openssl}}

== Setup ==

=== NGINX HTTP ===

==== Global configuration ====

First step is to refactor our global <code>nginx.conf</code>. Its target at a low traffic http server, to increase performance make changes at top level.
{{Cat|/etc/nginx/nginx.conf|<nowiki># /etc/nginx/nginx.conf

user nginx;
worker_processes 1; # use "auto" to use all available cores (high performance)

# Configures default error logger.
error_log /var/log/nginx/error.log warn; # Log warn, error, crit, alert, emerg

events {
# The maximum number of simultaneous connections that can be opened by a worker process.
worker_connections 1024; # increase if you need more connections
}

http {
# server_names_hash_bucket_size controls the maximum length
# of a virtual host entry (ie the length of the domain name).
server_names_hash_bucket_size 64; # controls the maximum length of a virtual host entry (ie domain name)
server_tokens off; # hide who we are, don't show nginx version to clients
sendfile off; # can cause issues

# nginx will find this file in the config directory set at nginx build time
# Includes mapping of file name extensions to MIME types of responses
include mime.types;

# fallback in case we can't determine a type
default_type application/octet-stream;

# buffering causes issues, disable it
# increase buffer size. still useful even when buffering is off
proxy_buffering off;
proxy_buffer_size 4k;

# allow the server to close the connection after a client stops responding. Frees up socket-associated memory.
reset_timedout_connection on;

# Specifies the main log format.
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

# Sets the path, format, and configuration for a buffered log write.
# Buffer log writes to speed up IO, or disable them altogether
access_log /var/log/nginx/access.log main buffer=16k;
#access_log off;

# include virtual hosts configs
include conf.d/*.conf;
}
</nowiki>}}

==== SSL configuration ====

Configure a file with all SSL-parameters that we can include in the virtual hosts configs later on.<br>
The security settings are inspired by the [https://ssl-config.mozilla.org/#server=nginx&version=1.16.1&config=modern&openssl=1.1.1k&guideline=5.7 Mozilla SSL Configuration Generator]. Please also read https://hstspreload.org for details about HSTS.
{{Cat|/etc/nginx/conf.d/ssl-params.inc|<nowiki># secure nginx, see https://ssl-config.mozilla.org

ssl_protocols TLSv1.3
ssl_prefer_server_ciphers off;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;

# https://hstspreload.org
add_header Strict-Transport-Security "max-age=63072000" always;
# By default, HSTS header is not added to subdomain requests. If you have subdomains and want
# HSTS to apply to all of them, you should add the includeSubDomains variable like this:
#add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;

add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
</nowiki>}}

==== Per site configuration files (conf.d) ====

Since Alpine v3.5, we ship '''NGINX''' with a <code>default.conf</code> within the {{path|/etc/nginx/conf.d}} directory.

To add support for another website, you can add files with the '''.conf''' extension to this directory:

{{Cat|/etc/nginx/conf.d/alpinelinux.org.conf|<nowiki>
server {
listen 80;
server_name alpinelinux.org;

location / {
include conf.d/proxy_set_header.inc;
proxy_pass http://downstream_http_server_host;
}
}
</nowiki>}}

==== Common configuration includes ====

If you need to setup multiple proxy setups, you can include duplicated data such as shown below:

{{Cat|/etc/nginx/conf.d/proxy_set_header.inc|<nowiki>proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
</nowiki>}}

=== acme-client ===
To allow '''NGINX''' to support https, we need to add certificates and support for ACME (Automatic Certificate Management Environment) responses.

==== ACME responses ====

{{Cat|/etc/nginx/conf.d/acme.inc|<nowiki># Allow access to the ACME Challenge for Let's Encrypt
location ^~ /.well-known/acme-challenge {
allow all;
alias /var/www/acme;
}
</nowiki>}}

And add this to your proxy configuration:
{{Cat|/etc/nginx/conf.d/alpinelinux.org.conf|<nowiki>server {
listen 80;
server_name alpinelinux.org;
include conf.d/acme.inc;

location / {
include conf.d/proxy_set_header.inc;
proxy_pass http://downstream_http_server_host;
}
}
</nowiki>}}

==== Automatic generation of certificates ====

Create the following file:
{{Cat|/etc/periodic/weekly/acme-client|<nowiki>#!/bin/sh

hosts="alpinelinux.org"

for host in $hosts; do
acme-client -a https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf -Nnmv $host && renew=1
done

[ "$renew" = 1 ] && rc-service nginx reload
</nowiki>}}

Make it executable:
chmod +x /etc/periodic/weekly/acme-client

This script will run weekly to verify whether one of your certificates is outdated and renew them when needed.

If you have several domains, you can add them to the '''hosts=''' variable with a space between each domain. This will create a separate certificate and key for each:
<pre>
hosts="alpinelinux.org example.com foo.org bar.io"
</pre>

==== Initial generation of keys and certificates ====

To create your initial certificates and keys, you have to run this manually the first time:

{{Cmd|/etc/periodic/weekly/acme-client}}

Watch the output and see if all goes well. When it's finished, you should have files in:

/etc/ssl/acme/alpinelinux.nl/fullchain.pem
/etc/ssl/acme/private/alpinelinux.org/privkey.pem

=== NGINX HTTPS ===

==== Per site HTTPS configuration ====

Add the following below the previous HTTP configuration:

{{Cat|/etc/nginx/conf.d/alpinelinux.org.conf|<nowiki>
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name alpinelinux.org
ssl on;
ssl_certificate /etc/ssl/acme/alpinelinux.org/fullchain.pem;
ssl_certificate_key /etc/ssl/acme/private/alpinelinux.org/privkey.pem;

include /etc/nginx/conf.d/ssl-params.inc; # SSL parameters

location / {
include conf.d/proxy_set_header.inc;
proxy_pass http://downstream_http_server_host;
}
}
</nowiki>}}

=== Redirect HTTP to HTTPS ===

==== Shared configuration ====

Create the following file:

{{Cat|/etc/nginx/conf.d/redirect_http.inc|<nowiki>
location / {
return 301 https://$host$request_uri;
}
</nowiki>}}

==== Update host configuration ====

{{Cat|/etc/nginx/conf.d/alpinelinux.org.conf|<nowiki>
server {
listen 80;
server_name alpinelinux.org;
include conf.d/acme.inc;
include conf.d/redirect_http.inc;
}
</nowiki>}}

=== Complete host example with IPv6 support ===

{{Cat|/etc/nginx/conf.d/alpinelinux.org.conf|<nowiki>
server {
listen 80;
listen [::]:80;
server_name alpinelinux.org;
include conf.d/acme.inc;
include conf.d/redirect_http.inc;
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name alpinelinux.org;
ssl on;
ssl_certificate /etc/ssl/acme/alpinelinux.org/fullchain.pem;
ssl_certificate_key /etc/ssl/acme/private/alpinelinux.org/privkey.pem;

include /etc/nginx/conf.d/ssl-params.inc; # SSL parameters

location / {
include conf.d/proxy_set_header.inc;
proxy_pass http://downstream_http_server_host;
}
}
</nowiki>}}

[[Category:Authentication]]
[[Category:Networking]]
[[Category:Web Server]]

Nginx

2018-06-17T12:39:09Z

Nino: /* Controlling nginx */ Testing configuration before starting nginx will fail with `[emerg] open() "/run/nginx/nginx.pid" failed (2: No such file or directory)`

[https://nginx.org/en/ Nginx] (engine x) is an HTTP and reverse proxy server, a mail proxy server, and a generic TCP/UDP proxy server

== Installation ==
Nginx package is available in the Alpine Linux repositories. To install it run:

{{Cmd|apk update
apk add nginx}}

Creating new user and group 'www' for nginx
{{Cmd|adduser -D -g 'www' www}}

Create a directory for html files
{{Cmd|mkdir /www
chown -R www:www /var/lib/nginx
chown -R www:www /www
}}

== Configuration ==
You may want to make backup of original nginx.conf file before writting your own
{{Cmd|mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.orig}}

Configuring Nginx to listen to port 80 and process .html or .htm files
{{Cmd|vi /etc/nginx/nginx.conf}}
<pre>
user www;
worker_processes auto; # it will be determinate automatically by the number of core

error_log /var/log/nginx/error.log warn;
#pid /var/run/nginx.pid; # it permit you to use /etc/init.d/nginx reload|restart|stop|start

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
access_log /var/log/nginx/access.log;
keepalive_timeout 3000;
server {
listen 80;
root /www;
index index.html index.htm;
server_name localhost;
client_max_body_size 32m;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/lib/nginx/html;
}
}
}
</pre>

== Sample page ==
{{Cmd|vi /www/index.html}}
<pre>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<title>HTML5</title>
</head>
<body>
Server is online
</body>
</html>
</pre>

== Controlling nginx ==

=== Start Nginx ===
After the installation Nginx is not running. To start Nginx, use ''start''.
{{Cmd|rc-service nginx start}}

You will get a feedback about the status.
<pre>
* Caching service dependencies ... [ ok ]
* /run/nginx: creating directory
* /run/nginx: correcting owner
* Starting nginx ... [ ok ]
</pre>

=== Test configuration ===
When you've made any changes to your nginx configuration files, you should check it for errors before restarting/reloading nginx.<br>
This will check for any duplicate configuration, syntax errors etc. To do this, run:
{{Cmd|nginx -t}}

You will get a feedback if it failed or not. If everything is fine, you'll see the following and can then move ahead to reload the nginx server.
<pre>
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
</pre>

=== Reload and Restart Nginx ===
Changes made in the configuration file will not be applied until the command to reload configuration is sent to nginx or it is restarted.<br>
Reloading will do a "hot reload" of the configuration without server downtime. It will start the new worker processes with a new configuration and gracefully shutdown the old worker processes. If you have pending requests, then these will be handled by the old worker processes before it dies, so it's an extremely graceful way to reload configs.
If you want to reload the web server, use ''reload''.
{{Cmd|rc-service nginx reload}}
If you want to restart the web server, use ''restart''.
{{Cmd|rc-service nginx restart}}

=== Stop Nginx ===
If you want to stop the web server, use ''stop''.
{{Cmd|rc-service nginx stop}}

=== Runlevel ===
Normally you want to start the web server when the system is launching. This is done by adding Nginx to the needed runlevel.
{{Cmd|rc-update add nginx default}}

Now Nginx should start automatically when you boot your machine next time. To test that run:
{{cmd|reboot}}

To make sure that Nginx is started run:
{{cmd|<nowiki>ps aux | grep nginx</nowiki>}}

You should get something like this:
<pre>
263 root 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
264 www 0:00 nginx: worker process
310 root 0:00 grep nginx
</pre>

== Testing Nginx ==
This section is assuming that nginx is running and sample html page "/www/index.html" is created. Launch a web browser and point it to your web server.
You should get:
<pre>Server is online</pre>

== Troubleshooting ==
If Nginx is not started check Nginx log file
{{cmd|less /var/log/nginx/error.log}}

Make sure that configuration file does not contain errors. Edit the file in case there are any errors.
{{cmd|nginx -t
vi /etc/nginx/nginx.conf}}

== Nginx with PHP ==

[[Nginx_with_PHP#Nginx_with_PHP|Setting Up Nginx with PHP]] <br>
[[Nginx_as_reverse_proxy_with_acme_(letsencrypt)|Setting Up Nginx as Reverse Proxy with acme (Let's Encrypt)]]

[[Category:Server]]
[[Category:Web Server]]