Setup a Project Wiki: Difference between revisions

From Research
Jump to navigation Jump to search
 
(64 intermediate revisions by 5 users not shown)
Line 1: Line 1:
Kingfisher is our wiki server. Check out the [http://wiki.iat.sfu.ca wiki index] to see existing wikis.
sr-hercules01 is our wiki server. Check out the [http://wiki.iat.sfu.ca wiki index] to see existing wikis.


== Add a Separate Instance of MediaWiki ==
== Add a New Instance of MediaWiki ==
# ssh root@kingfisher
<p>
# cd /srv/www/htwiki
To set the stage for a new wiki, the champion for this new wiki should provide a wiki-name, and be clear about the type of access they want.</p>
# tar -xzvf mediawiki-unconfiguredInstallation.tar.gz
# mv mediawiki $projectname


The go to the mediawiki setup website for your project:
<font color=red><YourHost></font> <font color=blue>~ #</font> '''ssh root@hercules'''
'''<nowiki>http://wiki.iat.sfu.ca/$projectname</nowiki>'''
<font color=red>sr-hercules01</font> <font color=blue>~ #</font> '''ssh 10.0.1.58'''
<font color=red>sr-hercules01</font> <font color=blue>~ #</font> '''newWiki -N $projectName [-R $sqlRootPassword]'''


Fill in the options appropriately with some special Configuration options to note:<br />


Leave the Sysop account name as WikiSysop; apply our strong password to this account.
Your wiki should be completely setup at: <nowiki>http://wiki.iat.sfu.ca/$projectname</nowiki>  I then usually go login to the wiki and check to see if I can edit for 100% assurance that everything is working :)


Make a separate database for each project:
'''A wikiSysOp account is created with a strong password unique to the wikis'''
* '''Database name''': wiki_$projectname
Seperate username for each project:
* '''DB username''': wiki_$projectname
Unique password:
# apg -m 9 -MNC


And no table prefix.
A log is kept at /var/log/newWiki.log


DB root password is again our strong password.
Most settings are kept in LocalSettings.php, which is Symlinked to a master which we use to control all wikis at once. Settings for customizing a single wiki should be made in InstanceLocalSettings.php, inside the wiki's directory.


''Note: When you click Install! it may fail. For me it has always failed if the username was too long (it must be at 16 characters or less)''
=== Access Restrictions ===
By default, our wikis are publicly viewable, but a user must login with their research account to edit pages.


If it worked, this will create the LocalSettings.php file which you then move to the correct place:
To customize access and viewing restrictions, look at this article on [https://www.mediawiki.org/wiki/User_rights Rights].
# cd $projectname
# mv config/LocalSettings.php .


Config should no longer be world writable:
Common tasks are listed below. Add them to '''InstanceLocalSettings.php''' (/var/www/localhost/htdocs/<wiki_name>/InstanceLocalSettings.php) to implement them, '''NOT''' the typical LocalSettings.php.
  # chmod a-w config


Your wiki should be completely setup at: <nowiki>http://wiki.iat.sfu.ca/$projectname</nowiki>


I then usually go login to the wiki and add to the main page: '''Wiki is configured correctly.''' for 100% assurance that everything is working :)
To restrict anonymous viewing:


To customize access and viewing restrictions, look at this article on [http://meta.wikimedia.org/wiki/Preventing_Access Preventing Access] (this version of mediawiki is 1.4).
<font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php'''
#Allow some special pages
$wgWhitelistRead = array("Special:UserLogin", "Special:UserLogout", "Special:PasswordReset", "MediaWiki:Common.css" );
#Restrict general Public from viewing all pages.
$wgGroupPermissions['*']['read']        = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['writeapi'] = false;
       
Disable even research users from reading. Members of "trusted" group can view (as can sysop)
<font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php'''
#Restrict wiki to only users in the trusted group.
$wgGroupPermissions['user']['read']          = false;
$wgGroupPermissions['user']['edit']          = false;
$wgGroupPermissions['trusted']['read']        = true;
$wgGroupPermissions['trusted']['edit']          = true;
$wgGroupPermissions['sysop']['read']            = true;
$wgGroupPermissions['sysop']['edit']            = true;


Record the database username & password, and who this wiki was created for in our 'MediaWiki on Kingfisher' file.
For a wiki requiring "trusted" group-membership (example:  Pain_Lab_Grads), it's a little crazy:
They have to '''attempt''' to log in first, and '''fail''' :-O  This will make a username entry in the wiki-database, which can '''only then''' be modified (by a WikiSysop) to add them to the "trusted" group.


== Add Sysop/Administrator User ==
Because the "Special pages" link and overview are restricted (to everyone), you may have to provide direct links to the specific (deeper) pages that you want; these may be helpful:<br>
Follow these steps to make a wiki account, a sysop account:
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:ListUsers<br>
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:UserRights<br>


Create the account, if you haven't done so already. Logout. Login as the WikiSysop user.


Navigate to '''Special Pages''' ->''' Make a user into a sysop''', or modify this link with your project name: <nowiki>http://wiki.iat.sfu.ca/$projectname/index.php/Special:Makesysop</nowiki>
To allow bans by account name in lieu of IP address:


Enter the username and set bureaucrat flag too.
<font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php'''
  # allows bans to be typed in by account name rather than IP
  $wgSysopUserBans=true;


== Customizing ==
== Customizing ==
All changes should be made to '''/srv/www/htwiki/'''''<project_name>'''''/LocalSettings.php'''.  In most cases the variable you want to adjust is already defined under includes/DefaultSettings.php, but this may be over-written during upgrades!!
==== sr-hercules01 (Wiki-city) ====
Typical examples are to enable or disable all file uploading:
All changes should be made to '''/var/www/localhost/htdocs'''''<project_name>'''''/InstanceLocalSettings.php'''.  In most cases the variable you want to adjust is already defined under includes/DefaultSettings.php, but this may be over-written during upgrades!!


$wgDisableUploads            = false;


$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'pdf', 'fls', 'swf', 'doc', 'jar' );
==== Tirpitz (Research wiki) ====
Things are Different on Tirpitz (tm) :-)<br>
<s>Changes are made on an NFS-mounted directory:  '''/home/projects/infrastructure/web_content/research.iat.sfu.ca/htdocs/wiki/'''</s>


After this, check the user/permissions on the $projectname/images directory.  Change:
Another gotcha can be that the file-extension is blacklisted (as in the case of 'exe').  In this case, edit LocalSettings.php to permit the file-type, '''and''' also un-BlackList it (settings in LocalSettings.php over-ride the same settings made elsewhere, like DefaultSettings.php):
<font color=red>tirpitz</font> <font color=blue>~ #</font> '''emacs -nw /home/projects/infrastructure/htdocs/wiki/LocalSettings.php <br>
          $wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'swf', 'pdf', 'exe', 'bin', 'dmg', 'reg', 'tbz2', 'zip' );
          /** Files with these extensions will never be allowed as uploads. */
          $wgFileBlacklist = array(
                  # HTML may contain cookie-stealing JavaScript and web bugs
                  'html', 'htm', 'js', 'jsb',
                  # PHP scripts may execute arbitrary code on the server
                  'php', 'phtml', 'php3', 'php4', 'phps',
                  # Other types that may be interpreted by some servers
                  'shtml', 'jhtml', 'pl', 'py', 'cgi',
                  # May contain harmful executables for Windows victims
                  'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
          #        'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );    <u>'''''temporarily''' uncomment for .exe uploads''</u>


  chown wwwrun:www images
=== Upload (filesize) Limits ===
Filesize limits can be tricky - Mediawiki just follows general apache and php limitations. When Mediawiki encounters a filesize limitation, it seems to (unhelpfully :-( ) fail silently; you'll usually just get a blank '''Upload file''' page again.  Let's increase these limits (tirpitz - our main Research wiki - used as an example):


Suitable permissions for '''image/s''' would be '''755'''.
<font color=red>hostname</font> <font color=blue>~ #</font> '''emacs -nw /etc/php/cgi-php5/php.ini'''
          memory_limit "128M"
          file_uploads "On"
          post_max_size "25M"
          upload_max_filesize "25M"
 
 
=== Adding an RSS Feed ===
 
Some users have made the request for an RSS feed.  This functionality comes prepackaged with the wiki software and all you need to do is add /index.php?title=Special:Recentchanges&feed=rss to the wiki url.  For example, with the Memory Association Machine wiki, this code snippet was added to the bottom of the splash page, as well as an RSS graphic associated with the link:
 
http ://wiki.iat.sfu.ca/Memory_Association_Machine/index.php?title=Special:Recentchanges&feed=rss http ://research.iat.sfu.ca/images/rss.gif
 
Note that I have added a space after the "http"s to force the syntax rather than show the actual link.
 
==Reset Passwords on MediaWiki==
 
 
'''Determine User Name:'''
 
To find out all the users in a particular Wiki, to isolate the actual user name of person you want to change the password for:
 
<font color=red>mysql</font><font color=blue>></font> '''use wiki_databasename; SELECT * FROM user;'''
 
 
'''Determine ID:'''
 
To find out the user_id of a particular user (necessary to generate hash):
 
<font color=red>mysql</font><font color=blue>></font> '''SELECT user_id, user_name from user WHERE user_name="UserName";'''
 
 
'''Reset Password:'''
 
Command to reset User password in mySQL:
 
<font color=red>mysql</font><font color=blue>></font> '''UPDATE user SET user_password=md5(concat(<user_id>,'-',md5('newpassword'))) where user_name=�UserName�;
'''
 
== Remove a wiki ==
 
webapp-config is used to create the wikis.
 
Use webapp-config -li to see installs, then webapp-config -C -d $projectName to remove it.  Then remove the directory in the localhost/htdocs directory when you are sure you have gotten everything you want.

Latest revision as of 21:43, 13 November 2014

sr-hercules01 is our wiki server. Check out the wiki index to see existing wikis.

Add a New Instance of MediaWiki

To set the stage for a new wiki, the champion for this new wiki should provide a wiki-name, and be clear about the type of access they want.

<YourHost> ~ # ssh root@hercules
sr-hercules01 ~ # ssh 10.0.1.58
sr-hercules01 ~ # newWiki -N $projectName [-R $sqlRootPassword]


Your wiki should be completely setup at: http://wiki.iat.sfu.ca/$projectname I then usually go login to the wiki and check to see if I can edit for 100% assurance that everything is working :)

A wikiSysOp account is created with a strong password unique to the wikis

A log is kept at /var/log/newWiki.log

Most settings are kept in LocalSettings.php, which is Symlinked to a master which we use to control all wikis at once. Settings for customizing a single wiki should be made in InstanceLocalSettings.php, inside the wiki's directory.

Access Restrictions

By default, our wikis are publicly viewable, but a user must login with their research account to edit pages.

To customize access and viewing restrictions, look at this article on Rights.

Common tasks are listed below. Add them to InstanceLocalSettings.php (/var/www/localhost/htdocs/<wiki_name>/InstanceLocalSettings.php) to implement them, NOT the typical LocalSettings.php.


To restrict anonymous viewing:

sr-hercules01 wiki_name # vim InstanceLocalSettings.php

#Allow some special pages
$wgWhitelistRead = array("Special:UserLogin", "Special:UserLogout", "Special:PasswordReset", "MediaWiki:Common.css" );

#Restrict general Public from viewing all pages.
$wgGroupPermissions['*']['read']        = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['writeapi'] = false;
       

Disable even research users from reading. Members of "trusted" group can view (as can sysop)

sr-hercules01 wiki_name # vim InstanceLocalSettings.php
#Restrict wiki to only users in the trusted group.
$wgGroupPermissions['user']['read']           = false;
$wgGroupPermissions['user']['edit']           = false;
$wgGroupPermissions['trusted']['read']        = true;
$wgGroupPermissions['trusted']['edit']          = true;
$wgGroupPermissions['sysop']['read']            = true;
$wgGroupPermissions['sysop']['edit']            = true;

For a wiki requiring "trusted" group-membership (example: Pain_Lab_Grads), it's a little crazy: They have to attempt to log in first, and fail :-O This will make a username entry in the wiki-database, which can only then be modified (by a WikiSysop) to add them to the "trusted" group.

Because the "Special pages" link and overview are restricted (to everyone), you may have to provide direct links to the specific (deeper) pages that you want; these may be helpful:
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:ListUsers
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:UserRights


To allow bans by account name in lieu of IP address:


sr-hercules01 wiki_name # vim InstanceLocalSettings.php
 # allows bans to be typed in by account name rather than IP
 $wgSysopUserBans=true;

Customizing

sr-hercules01 (Wiki-city)

All changes should be made to /var/www/localhost/htdocs<project_name>/InstanceLocalSettings.php. In most cases the variable you want to adjust is already defined under includes/DefaultSettings.php, but this may be over-written during upgrades!!


Tirpitz (Research wiki)

Things are Different on Tirpitz (tm) :-)
Changes are made on an NFS-mounted directory: /home/projects/infrastructure/web_content/research.iat.sfu.ca/htdocs/wiki/

Another gotcha can be that the file-extension is blacklisted (as in the case of 'exe'). In this case, edit LocalSettings.php to permit the file-type, and also un-BlackList it (settings in LocalSettings.php over-ride the same settings made elsewhere, like DefaultSettings.php):

tirpitz ~ # emacs -nw /home/projects/infrastructure/htdocs/wiki/LocalSettings.php 
$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'swf', 'pdf', 'exe', 'bin', 'dmg', 'reg', 'tbz2', 'zip' ); /** Files with these extensions will never be allowed as uploads. */ $wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ); # 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ); temporarily uncomment for .exe uploads

Upload (filesize) Limits

Filesize limits can be tricky - Mediawiki just follows general apache and php limitations. When Mediawiki encounters a filesize limitation, it seems to (unhelpfully :-( ) fail silently; you'll usually just get a blank Upload file page again. Let's increase these limits (tirpitz - our main Research wiki - used as an example):

hostname ~ # emacs -nw /etc/php/cgi-php5/php.ini
         memory_limit "128M"
         file_uploads "On"
         post_max_size "25M"
         upload_max_filesize "25M"


Adding an RSS Feed

Some users have made the request for an RSS feed. This functionality comes prepackaged with the wiki software and all you need to do is add /index.php?title=Special:Recentchanges&feed=rss to the wiki url. For example, with the Memory Association Machine wiki, this code snippet was added to the bottom of the splash page, as well as an RSS graphic associated with the link:

http ://wiki.iat.sfu.ca/Memory_Association_Machine/index.php?title=Special:Recentchanges&feed=rss http ://research.iat.sfu.ca/images/rss.gif

Note that I have added a space after the "http"s to force the syntax rather than show the actual link.

Reset Passwords on MediaWiki

Determine User Name:

To find out all the users in a particular Wiki, to isolate the actual user name of person you want to change the password for:

mysql> use wiki_databasename; SELECT * FROM user;


Determine ID:

To find out the user_id of a particular user (necessary to generate hash):

mysql> SELECT user_id, user_name from user WHERE user_name="UserName";


Reset Password:

Command to reset User password in mySQL:

mysql> UPDATE user SET user_password=md5(concat(<user_id>,'-',md5('newpassword'))) where user_name=�UserName�;

Remove a wiki

webapp-config is used to create the wikis.

Use webapp-config -li to see installs, then webapp-config -C -d $projectName to remove it. Then remove the directory in the localhost/htdocs directory when you are sure you have gotten everything you want.