Setup a Project Wiki: Difference between revisions

From Research
Jump to navigation Jump to search
 
(48 intermediate revisions by 5 users not shown)
Line 1: Line 1:
Kingfisher is our wiki server. Check out the [http://wiki.iat.sfu.ca wiki index] to see existing wikis.
sr-hercules01 is our wiki server. Check out the [http://wiki.iat.sfu.ca wiki index] to see existing wikis.


== Add a Separate Instance of MediaWiki ==
== Add a New Instance of MediaWiki ==
<p>
<p>
To set the stage for a new wiki, the champion for this new wiki should provide a wiki-name, and be clear about the type of access they want.</p>
To set the stage for a new wiki, the champion for this new wiki should provide a wiki-name, and be clear about the type of access they want.</p>


  <font color=red>hostname</font> <font color=blue>~ #</font> '''ssh root@kingfisher'''
  <font color=red><YourHost></font> <font color=blue>~ #</font> '''ssh root@hercules'''
  <font color=red>hostname</font> <font color=blue>~ #</font> '''cd /srv/www/htwiki'''
  <font color=red>sr-hercules01</font> <font color=blue>~ #</font> '''ssh 10.0.1.58'''
  <font color=red>hostname</font> <font color=blue>~ #</font> '''tar -xzvf mediawiki-unconfiguredInstallation.tar.gz'''
  <font color=red>sr-hercules01</font> <font color=blue>~ #</font> '''newWiki -N $projectName [-R $sqlRootPassword]'''
<font color=red>hostname</font> <font color=blue>~ #</font> '''mv mediawiki '''''$projectname'''''


The go to the mediawiki setup website for your project:
'''<nowiki>http://wiki.iat.sfu.ca/</nowiki>'''''$projectname''


Fill in the options appropriately with some special Configuration options to note:<br />
Your wiki should be completely setup at: <nowiki>http://wiki.iat.sfu.ca/$projectname</nowiki> I then usually go login to the wiki and check to see if I can edit for 100% assurance that everything is working :)


Leave the Sysop account name as WikiSysop; apply our strong password to this account.
'''A wikiSysOp account is created with a strong password unique to the wikis'''


Make a separate database for each project:
A log is kept at /var/log/newWiki.log
* '''Database name''': wiki_$projectname
Seperate username for each project:
* '''DB username''': wiki_$projectname
Unique password:
<font color=red>hostname</font> <font color=blue>~ #</font> '''apg -m 9 -MNC'''
*more '''apg''' info [[Linux Tips and Tools|here]]


And no table prefix.
Most settings are kept in LocalSettings.php, which is Symlinked to a master which we use to control all wikis at once. Settings for customizing a single wiki should be made in InstanceLocalSettings.php, inside the wiki's directory.


DB root password is again our strong password.
=== Access Restrictions ===
By default, our wikis are publicly viewable, but a user must login with their research account to edit pages.


''Note: When you click Install! it may fail. For me it has always failed if the username was too long (it must be at 16 characters or less)''
To customize access and viewing restrictions, look at this article on [https://www.mediawiki.org/wiki/User_rights Rights].


If it worked, this will create the LocalSettings.php file which you then move to the correct place:
Common tasks are listed below. Add them to '''InstanceLocalSettings.php''' (/var/www/localhost/htdocs/<wiki_name>/InstanceLocalSettings.php) to implement them, '''NOT''' the typical LocalSettings.php.
<font color=red>hostname</font> <font color=blue>htwiki #</font> '''cd $projectname'''
<font color=red>hostname</font> <font color=blue>''wiki_name'' #</font> '''mv config/LocalSettings.php ./'''


Config should no longer be world writable:
<font color=red>hostname</font> <font color=blue>~ #</font> '''chmod a-w config'''


Your wiki should be completely setup at: <nowiki>http://wiki.iat.sfu.ca/$projectname</nowiki>
To restrict anonymous viewing:


I then usually go login to the wiki and add to the main page: '''Wiki is configured correctly.''' for 100% assurance that everything is working :)
<font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php'''
#Allow some special pages
$wgWhitelistRead = array("Special:UserLogin", "Special:UserLogout", "Special:PasswordReset", "MediaWiki:Common.css" );
#Restrict general Public from viewing all pages.
$wgGroupPermissions['*']['read']        = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['writeapi'] = false;
       
Disable even research users from reading. Members of "trusted" group can view (as can sysop)
<font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php'''
#Restrict wiki to only users in the trusted group.
$wgGroupPermissions['user']['read']          = false;
$wgGroupPermissions['user']['edit']          = false;
$wgGroupPermissions['trusted']['read']        = true;
$wgGroupPermissions['trusted']['edit']          = true;
$wgGroupPermissions['sysop']['read']            = true;
$wgGroupPermissions['sysop']['edit']            = true;


To customize access and viewing restrictions, look at this article on [http://meta.wikimedia.org/wiki/Preventing_Access Preventing Access] (this version of mediawiki is 1.4). It's probably always a good idea to prohibit anonymous edits; add these lines to LocalSettings.php:
For a wiki requiring "trusted" group-membership (example:  Pain_Lab_Grads), it's a little crazy:
They have to '''attempt''' to log in first, and '''fail''' :-O This will make a username entry in the wiki-database, which can '''only then''' be modified (by a WikiSysop) to add them to the "trusted" group.


<font color=red>hostname</font> <font color=blue>''wiki_name'' #</font> '''emacs -nw LocalSettings.php'''
Because the "Special pages" link and overview are restricted (to everyone), you may have to provide direct links to the specific (deeper) pages that you want; these may be helpful:<br>
          # Entirely disable Anonymous Edits in Wiki versions 1.4 and before
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:ListUsers<br>
          $wgWhitelistEdit = true;
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:UserRights<br>


Record the database username & password, and who this wiki was created for in our 'MediaWiki on Kingfisher' file.


== Add Sysop/Administrator User ==
To allow bans by account name in lieu of IP address:
Follow these steps to make a wiki account, a sysop account:


Create the account, if you haven't done so already. Logout. Login as the WikiSysop user.
 
<font color=red>sr-hercules01</font> <font color=blue>''wiki_name'' #</font> '''vim InstanceLocalSettings.php'''
Navigate to '''Special Pages''' ->''' Make a user into a sysop''', or modify this link with your project name: <nowiki>http://wiki.iat.sfu.ca/$projectname/index.php/Special:Makesysop</nowiki>
  # allows bans to be typed in by account name rather than IP
 
  $wgSysopUserBans=true;
Enter the username and set bureaucrat flag too.


== Customizing ==
== Customizing ==
=== Permitted Upload File Extensions ===
==== sr-hercules01 (Wiki-city) ====
All changes should be made to '''/srv/www/htwiki/'''''<project_name>'''''/LocalSettings.php'''.  In most cases the variable you want to adjust is already defined under includes/DefaultSettings.php, but this may be over-written during upgrades!!
All changes should be made to '''/var/www/localhost/htdocs'''''<project_name>'''''/InstanceLocalSettings.php'''.  In most cases the variable you want to adjust is already defined under includes/DefaultSettings.php, but this may be over-written during upgrades!!
Typical examples are to enable or disable all file uploading:
 
<font color=red>hostname</font> <font color=blue>~ #</font> '''emacs -nw /srv/www/htwiki/'''''<project_name>'''''/LocalSettings.php'''
          $wgDisableUploads            = false;
          $wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'pdf', 'fls', 'swf', 'doc', 'jar', 'dmg' );


After this, check the user/permissions on the $projectname/images directory.  Change:


<font color=red>hostname</font> <font color=blue>htwiki #</font> '''chown wwwrun:www images'''
==== Tirpitz (Research wiki) ====
Things are Different on Tirpitz (tm) :-)<br>
<s>Changes are made on an NFS-mounted directory:  '''/home/projects/infrastructure/web_content/research.iat.sfu.ca/htdocs/wiki/'''</s>


Suitable permissions for '''images/''' would be '''755'''
Another gotcha can be that the file-extension is blacklisted (as in the case of 'exe').  In this case, edit LocalSettings.php to permit the file-type, '''and''' also un-BlackList it (settings in LocalSettings.php over-ride the same settings made elsewhere, like DefaultSettings.php):
 
  <font color=red>hostname</font> <font color=blue>htwiki #</font> '''chmod 755 images/'''
<font color=red>tirpitz</font> <font color=blue>~ #</font> '''emacs -nw /home/projects/infrastructure/htdocs/wiki/LocalSettings.php <br>
          $wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'swf', 'pdf', 'exe', 'bin', 'dmg', 'reg', 'tbz2', 'zip' );
          /** Files with these extensions will never be allowed as uploads. */
          $wgFileBlacklist = array(
                  # HTML may contain cookie-stealing JavaScript and web bugs
                  'html', 'htm', 'js', 'jsb',
                  # PHP scripts may execute arbitrary code on the server
                  'php', 'phtml', 'php3', 'php4', 'phps',
                  # Other types that may be interpreted by some servers
                  'shtml', 'jhtml', 'pl', 'py', 'cgi',
                  # May contain harmful executables for Windows victims
                  'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );
          #        'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' );    <u>'''''temporarily''' uncomment for .exe uploads''</u>


=== Upload (filesize) Limits ===
=== Upload (filesize) Limits ===
Line 84: Line 99:
           post_max_size "25M"
           post_max_size "25M"
           upload_max_filesize "25M"
           upload_max_filesize "25M"
=== Adding an RSS Feed ===
Some users have made the request for an RSS feed.  This functionality comes prepackaged with the wiki software and all you need to do is add /index.php?title=Special:Recentchanges&feed=rss to the wiki url.  For example, with the Memory Association Machine wiki, this code snippet was added to the bottom of the splash page, as well as an RSS graphic associated with the link:
http ://wiki.iat.sfu.ca/Memory_Association_Machine/index.php?title=Special:Recentchanges&feed=rss http ://research.iat.sfu.ca/images/rss.gif
Note that I have added a space after the "http"s to force the syntax rather than show the actual link.
==Reset Passwords on MediaWiki==
'''Determine User Name:'''
To find out all the users in a particular Wiki, to isolate the actual user name of person you want to change the password for:
<font color=red>mysql</font><font color=blue>></font> '''use wiki_databasename; SELECT * FROM user;'''
'''Determine ID:'''
To find out the user_id of a particular user (necessary to generate hash):
<font color=red>mysql</font><font color=blue>></font> '''SELECT user_id, user_name from user WHERE user_name="UserName";'''
'''Reset Password:'''
Command to reset User password in mySQL:
<font color=red>mysql</font><font color=blue>></font> '''UPDATE user SET user_password=md5(concat(<user_id>,'-',md5('newpassword'))) where user_name=�UserName�;
'''
== Remove a wiki ==
webapp-config is used to create the wikis.
Use webapp-config -li to see installs, then webapp-config -C -d $projectName to remove it.  Then remove the directory in the localhost/htdocs directory when you are sure you have gotten everything you want.

Latest revision as of 21:43, 13 November 2014

sr-hercules01 is our wiki server. Check out the wiki index to see existing wikis.

Add a New Instance of MediaWiki

To set the stage for a new wiki, the champion for this new wiki should provide a wiki-name, and be clear about the type of access they want.

<YourHost> ~ # ssh root@hercules
sr-hercules01 ~ # ssh 10.0.1.58
sr-hercules01 ~ # newWiki -N $projectName [-R $sqlRootPassword]


Your wiki should be completely setup at: http://wiki.iat.sfu.ca/$projectname I then usually go login to the wiki and check to see if I can edit for 100% assurance that everything is working :)

A wikiSysOp account is created with a strong password unique to the wikis

A log is kept at /var/log/newWiki.log

Most settings are kept in LocalSettings.php, which is Symlinked to a master which we use to control all wikis at once. Settings for customizing a single wiki should be made in InstanceLocalSettings.php, inside the wiki's directory.

Access Restrictions

By default, our wikis are publicly viewable, but a user must login with their research account to edit pages.

To customize access and viewing restrictions, look at this article on Rights.

Common tasks are listed below. Add them to InstanceLocalSettings.php (/var/www/localhost/htdocs/<wiki_name>/InstanceLocalSettings.php) to implement them, NOT the typical LocalSettings.php.


To restrict anonymous viewing:

sr-hercules01 wiki_name # vim InstanceLocalSettings.php

#Allow some special pages
$wgWhitelistRead = array("Special:UserLogin", "Special:UserLogout", "Special:PasswordReset", "MediaWiki:Common.css" );

#Restrict general Public from viewing all pages.
$wgGroupPermissions['*']['read']        = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['writeapi'] = false;
       

Disable even research users from reading. Members of "trusted" group can view (as can sysop)

sr-hercules01 wiki_name # vim InstanceLocalSettings.php
#Restrict wiki to only users in the trusted group.
$wgGroupPermissions['user']['read']           = false;
$wgGroupPermissions['user']['edit']           = false;
$wgGroupPermissions['trusted']['read']        = true;
$wgGroupPermissions['trusted']['edit']          = true;
$wgGroupPermissions['sysop']['read']            = true;
$wgGroupPermissions['sysop']['edit']            = true;

For a wiki requiring "trusted" group-membership (example: Pain_Lab_Grads), it's a little crazy: They have to attempt to log in first, and fail :-O This will make a username entry in the wiki-database, which can only then be modified (by a WikiSysop) to add them to the "trusted" group.

Because the "Special pages" link and overview are restricted (to everyone), you may have to provide direct links to the specific (deeper) pages that you want; these may be helpful:
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:ListUsers
http://wiki.iat.sfu.ca/<your_particular_wiki>/index.php/?title=Special:UserRights


To allow bans by account name in lieu of IP address:


sr-hercules01 wiki_name # vim InstanceLocalSettings.php
 # allows bans to be typed in by account name rather than IP
 $wgSysopUserBans=true;

Customizing

sr-hercules01 (Wiki-city)

All changes should be made to /var/www/localhost/htdocs<project_name>/InstanceLocalSettings.php. In most cases the variable you want to adjust is already defined under includes/DefaultSettings.php, but this may be over-written during upgrades!!


Tirpitz (Research wiki)

Things are Different on Tirpitz (tm) :-)
Changes are made on an NFS-mounted directory: /home/projects/infrastructure/web_content/research.iat.sfu.ca/htdocs/wiki/

Another gotcha can be that the file-extension is blacklisted (as in the case of 'exe'). In this case, edit LocalSettings.php to permit the file-type, and also un-BlackList it (settings in LocalSettings.php over-ride the same settings made elsewhere, like DefaultSettings.php):

tirpitz ~ # emacs -nw /home/projects/infrastructure/htdocs/wiki/LocalSettings.php 
$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'swf', 'pdf', 'exe', 'bin', 'dmg', 'reg', 'tbz2', 'zip' ); /** Files with these extensions will never be allowed as uploads. */ $wgFileBlacklist = array( # HTML may contain cookie-stealing JavaScript and web bugs 'html', 'htm', 'js', 'jsb', # PHP scripts may execute arbitrary code on the server 'php', 'phtml', 'php3', 'php4', 'phps', # Other types that may be interpreted by some servers 'shtml', 'jhtml', 'pl', 'py', 'cgi', # May contain harmful executables for Windows victims 'exe', 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ); # 'scr', 'dll', 'msi', 'vbs', 'bat', 'com', 'pif', 'cmd', 'vxd', 'cpl' ); temporarily uncomment for .exe uploads

Upload (filesize) Limits

Filesize limits can be tricky - Mediawiki just follows general apache and php limitations. When Mediawiki encounters a filesize limitation, it seems to (unhelpfully :-( ) fail silently; you'll usually just get a blank Upload file page again. Let's increase these limits (tirpitz - our main Research wiki - used as an example):

hostname ~ # emacs -nw /etc/php/cgi-php5/php.ini
         memory_limit "128M"
         file_uploads "On"
         post_max_size "25M"
         upload_max_filesize "25M"


Adding an RSS Feed

Some users have made the request for an RSS feed. This functionality comes prepackaged with the wiki software and all you need to do is add /index.php?title=Special:Recentchanges&feed=rss to the wiki url. For example, with the Memory Association Machine wiki, this code snippet was added to the bottom of the splash page, as well as an RSS graphic associated with the link:

http ://wiki.iat.sfu.ca/Memory_Association_Machine/index.php?title=Special:Recentchanges&feed=rss http ://research.iat.sfu.ca/images/rss.gif

Note that I have added a space after the "http"s to force the syntax rather than show the actual link.

Reset Passwords on MediaWiki

Determine User Name:

To find out all the users in a particular Wiki, to isolate the actual user name of person you want to change the password for:

mysql> use wiki_databasename; SELECT * FROM user;


Determine ID:

To find out the user_id of a particular user (necessary to generate hash):

mysql> SELECT user_id, user_name from user WHERE user_name="UserName";


Reset Password:

Command to reset User password in mySQL:

mysql> UPDATE user SET user_password=md5(concat(<user_id>,'-',md5('newpassword'))) where user_name=�UserName�;

Remove a wiki

webapp-config is used to create the wikis.

Use webapp-config -li to see installs, then webapp-config -C -d $projectName to remove it. Then remove the directory in the localhost/htdocs directory when you are sure you have gotten everything you want.