RoE | Wiki

User Tools

Site Tools

Trace:
servers:nginx:dokuwiki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
servers:nginx:dokuwiki [2022/05/14 04:24] Sean Rhoneservers:nginx:dokuwiki [2024/02/07 15:06] Sean Rhone
Line 7: Line 7:
 ===== Prerequisites ===== ===== Prerequisites =====
  
-  * [[distros:opensuse_tumbleweed_server|openSUSE Tumbleweed]]+  * [[distros:ubuntu_server|Ubuntu Server]]
   * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]   * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]
   * [[servers:nginx:lets_encrypt|Let's Encrypt]]   * [[servers:nginx:lets_encrypt|Let's Encrypt]]
 +
 +  * [[servers:nginx:dokuwiki?rev=1706786642|Previous Fedora Server revision]]
 +
 +====== Dependencies ======
 +
 +  * https://www.dokuwiki.org/install:php
 +  * PHP Modules: gd sodium zip xml mbstring intl bz2
 +
 +  sudo apt install php8.2-gd php8.2-zip php8.2-xml php8.2-mbstring php8.2-intl php8.2-bz2
  
 ====== Download Source ====== ====== Download Source ======
Line 15: Line 24:
 **** ****
  
-  sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/splitbrain/dokuwiki.git' '/srv/www/wiki' && sudo chown -R 'wwwrun':'www' '/srv/www/wiki' && sync+  sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/splitbrain/dokuwiki.git' '/var/www/wiki' && sudo chown -R 'www-data':'www-data' '/var/www/wiki' && sync
  
 ====== nginx + PHP-FPM Configuration ====== ====== nginx + PHP-FPM Configuration ======
Line 21: Line 30:
 ===== PHP-FPM Socket ===== ===== PHP-FPM Socket =====
  
-  * :!: [[https://github.com/splitbrain/dokuwiki/issues/3506|This report]] links to other reports of broken pages, and has a few different solutions. Disabling Pcre JIT fixes the rendering issue in this instance's case as of 2021/07/02 +  sudo -e '/etc/php/8.2/fpm/pool.d/wiki.conf' && sudo systemctl restart 'php8.2-fpm'
- +
-  sudo -e '/etc/php8/fpm/php-fpm.d/wiki.conf' && sudo systemctl restart 'php-fpm'+
  
 <code> <code>
 [wiki] [wiki]
-user = wwwrun 
-group = www 
  
-listen = 127.0.0.1:9001 +; User/Group 
-listen.owner wwwrun +user = www-data 
-listen.group = www+group = www-data 
 + 
 +; Socket 
 +listen = /run/php/wiki.sock 
 +listen.acl_users www-data 
 +listen.acl_groups = www-data
 listen.allowed_clients = 127.0.0.1 listen.allowed_clients = 127.0.0.1
  
 +; Process Management
 pm = ondemand pm = ondemand
 pm.max_children = 4 pm.max_children = 4
 pm.process_idle_timeout = 30 pm.process_idle_timeout = 30
  
 +; Ubuntu php.ini Defaults
 +php_value[session.save_handler] = "files"
 +php_value[session.save_path] = "/var/lib/php/session"
 +
 +; DokuWiki Recommendations
 +php_value[output_buffering] = "Off"
 +
 +; General
 php_value[date.timezone] = "America/New_York" php_value[date.timezone] = "America/New_York"
-php_value[pcre.jit] = "0"</code>+;php_value[max_execution_time] = "200" 
 +;php_value[memory_limit] = "512M" 
 +;php_value[post_max_size] = "10M" 
 +;php_value[upload_max_filesize] = "10M" 
 +;php_value[max_file_uploads] = "100" 
 + 
 +; End</code>
  
 ===== FastCGI ===== ===== FastCGI =====
  
-  sudo -e '/etc/nginx/snippets.d/wiki.conf'+  sudo -e '/etc/nginx/snippets/wiki.conf'
  
 <code> <code>
Line 50: Line 75:
 location ~ \.(php|phar)(/.*)?$ { location ~ \.(php|phar)(/.*)?$ {
     fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;     fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
- 
     fastcgi_intercept_errors on;     fastcgi_intercept_errors on;
     fastcgi_index doku.php;     fastcgi_index doku.php;
     include fastcgi_params;     include fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     fastcgi_param PATH_INFO $fastcgi_path_info;     fastcgi_param PATH_INFO $fastcgi_path_info;
-    fastcgi_pass 127.0.0.1:9001;+    fastcgi_param HTTPS on; 
 +    fastcgi_pass unix:/run/php/wiki.sock;
 }</code> }</code>
  
 ===== Server Block ====== ===== Server Block ======
  
-  sudo -e '/etc/nginx/vhosts.d/wiki.conf' && sudo systemctl reload 'nginx' && sync+  * 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs 
 + 
 +  sudo -e '/etc/nginx/sites-available/wiki.conf'
  
 <code> <code>
Line 67: Line 94:
     listen '443' 'ssl' 'http2';     listen '443' 'ssl' 'http2';
     server_name 'wiki.realmofespionage.xyz';     server_name 'wiki.realmofespionage.xyz';
-    root '/srv/www/wiki';+    root '/var/www/wiki';
     index 'doku.php';     index 'doku.php';
  
-    include 'snippets.d/wiki.conf'; +    include '/etc/nginx/snippets/wiki.conf'; 
-    include 'snippets.d/headers.conf';+    include '/etc/nginx/snippets/headers.conf';
  
     client_max_body_size '10M';     client_max_body_size '10M';
  
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:" always;+#    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:" always;
  
 #    access_log  /var/log/nginx/wiki-access.log; #    access_log  /var/log/nginx/wiki-access.log;
Line 102: Line 129:
 }</code> }</code>
  
-====== AppArmor ====== +==== Enable =====
- +
-  * https://bugzilla.suse.com/show_bug.cgi?id=1178655 +
-  * Need to audit what permissions are needed, and then allow them ((this is similar to servers:games:trinitycore_3.3.5#service with SELinux)) +
-  * This was necessary as of 2022/05/14 with PHP8 +
- +
-===== Rule Build ===== +
- +
-  * https://wiki.realmofespionage.xyz/install.php +
-  * :!: Run ''aa-complain'', visit the set-up URL above, and do as-much set-up as possible in order to cover everything +
- +
-  sudo aa-complain '/etc/apparmor.d/php-fpm' +
- +
-===== Audit =====+
  
 **** ****
  
-  sudo aa-logprof+  sudo ln --symbolic --force '/etc/nginx/sites-available/wiki.conf' '/etc/nginx/sites-enabled/wiki.conf' && sudo systemctl reload 'nginx' && sync
  
-===== Enforce =====+====== Initial Setup ======
  
-**** +  :!: TODO: https://www.dokuwiki.org/rewrite
- +
-  sudo aa-enforce '/etc/apparmor.d/php-fpm' +
- +
-====== Initial Setup ======+
  
   * https://wiki.realmofespionage.xyz/install.php   * https://wiki.realmofespionage.xyz/install.php
Line 133: Line 143:
 ====== Settings ====== ====== Settings ======
  
-===== Code Box Click Issue =====+===== Plugins =====
  
-  * https://github.com/nicolasprigent/Dokuwiki-Copycode-plugin +  * https://www.dokuwiki.org/plugin:searchindex
-  * https://github.com/splitbrain/dokuwiki/issues/3357+
  
 ===== Template Style Settings ===== ===== Template Style Settings =====
Line 153: Line 162:
 ===== URL Rewrite ===== ===== URL Rewrite =====
  
-  * Admin -> Configuration Settings +  * Admin -> Configuration Settings -> DokuWiki -> Advanced -> userewrite 
-  * Set **Use nice URLs** to **.htaccess**+ 
 +  .htaccess
  
 ===== Double-hyphen Convert Disable ===== ===== Double-hyphen Convert Disable =====
Line 160: Line 170:
   * This prevents -- from becoming a – (long hyphen), which breaks some command's syntax   * This prevents -- from becoming a – (long hyphen), which breaks some command's syntax
  
-  echo '--      --' | sudo tee '/srv/www/wiki/conf/entities.local.conf' > '/dev/null' && sudo chown 'wwwrun':'www' '/srv/www/wiki/conf/entities.local.conf'+  echo '--      --' | sudo tee '/var/www/wiki/conf/entities.local.conf' > '/dev/null' && sudo chown 'nginx':'nginx' '/var/www/wiki/conf/entities.local.conf' && sync
  
 ====== Services ====== ====== Services ======
Line 172: Line 182:
 <code> <code>
 [Service] [Service]
-User=wwwrun +User=nginx 
-Group=www+Group=nginx
 Type=oneshot Type=oneshot
-ExecStart='/usr/bin/git' -C '/srv/www/wiki' pull origin 'master' +ExecStart='/usr/bin/git' -C '/var/www/wiki' pull origin 'master
-ExecStartPost='/usr/bin/sync'</code>+ExecStartPost='/usr/bin/touch' '/var/www/wiki/conf/local.php
 +ExecStartPost='/usr/bin/sync' 
 + 
 +# End</code>
  
 ==== Timer ==== ==== Timer ====
  
-  * Every day at ''01:00:00''+  * Every day at ''00:30:00''
  
   sudo -e '/etc/systemd/system/wiki-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-up.timer' --now && sudo systemctl start 'wiki-up' && sudo systemctl status 'wiki-up' -l   sudo -e '/etc/systemd/system/wiki-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-up.timer' --now && sudo systemctl start 'wiki-up' && sudo systemctl status 'wiki-up' -l
Line 191: Line 204:
  
 [Timer] [Timer]
-OnCalendar=*-*-* 01:00:00+OnCalendar=*-*-* 00:30:00
 Persistent=true Persistent=true
  
 [Install] [Install]
-WantedBy=timers.target</code>+WantedBy=timers.target 
 + 
 +# End</code>
  
 ===== Maintenance ===== ===== Maintenance =====
Line 209: Line 224:
 <code> <code>
 [Service] [Service]
-User=wwwrun +User=nginx 
-Group=www+Group=nginx
 Type=oneshot Type=oneshot
-WorkingDirectory=/srv/www/wiki +WorkingDirectory=/var/www/wiki 
-ExecStart='/usr/bin/git' -C '/srv/www/wiki' gc --aggressive --prune='all' +ExecStart='/usr/bin/git' -C '/var/www/wiki' gc --aggressive --prune='all' 
-ExecStart='/usr/bin/git' -C '/srv/www/wiki' fsck --full --strict +ExecStart='/usr/bin/git' -C '/var/www/wiki' fsck --full --strict 
-#ExecStart='/usr/bin/bash' -c "find '/srv/www/wiki/data'/{attic,cache,locks,media_attic}/ -type 'f' -mtime +'90' -delete" +#ExecStart='/usr/bin/bash' -c "find '/var/www/wiki/data'/{attic,cache,locks,media_attic}/ -type 'f' -mtime +'90' -delete" 
-ExecStart='/usr/bin/bash' -c "find '/srv/www/wiki/data'/{attic,cache,index,locks,media,media_attic,media_meta,meta,pages,tmp}/ -mindepth '1' -type 'd' -empty -delete" +ExecStart='/usr/bin/bash' -c "find '/var/www/wiki/data'/{attic,cache,index,locks,media,media_attic,media_meta,meta,pages,tmp}/ -mindepth '1' -type 'd' -empty -delete" 
-ExecStart='/usr/bin/php' '/srv/www/wiki/bin/indexer.php' --clear +ExecStart='/usr/bin/php' '/var/www/wiki/bin/indexer.php' --clear 
-ExecStartPost='/usr/bin/sync'</code>+ExecStartPost='/usr/bin/sync' 
 + 
 +# End</code>
  
 ==== Timer ==== ==== Timer ====
  
-  * ''01'' day of every month at ''01:20:00''+  * ''01'' day of every month at ''01:00:00''
  
   sudo -e '/etc/systemd/system/wiki-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-m.timer' --now   sudo -e '/etc/systemd/system/wiki-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-m.timer' --now
Line 231: Line 248:
  
 [Timer] [Timer]
-OnCalendar=*-*-01 01:20:00+OnCalendar=*-*-01 01:00:00
 Persistent=true Persistent=true
  
 [Install] [Install]
-WantedBy=timers.target</code>+WantedBy=timers.target 
 + 
 +# End</code>
  
 ===== Backup ===== ===== Backup =====
Line 244: Line 263:
  
   * :!: The extra ''ExecStart''s are additional backup locations that expect [[servers:vsftpd|vsftpd]]   * :!: The extra ''ExecStart''s are additional backup locations that expect [[servers:vsftpd|vsftpd]]
-  * TODO: Figure out Keybase and set a path here 
  
   mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/wiki-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/wiki-fb.service'   mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/wiki-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/wiki-fb.service'
Line 251: Line 269:
 [Service] [Service]
 Type=oneshot Type=oneshot
-WorkingDirectory=/srv/www/wiki +WorkingDirectory=/var/www/wiki 
-ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/home/CHANGEME/backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' +ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' 
-#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/srv/ftp/nas1/espionage724/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' +#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/srv/ftp/nas1/espionage724/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' 
-#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/srv/ftp/nas2/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' +#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/srv/ftp/nas2/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' 
-#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/run/user/1000/keybase/kbfs/private/espionage724/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' +ExecStartPost='/usr/bin/sync' 
-ExecStartPost='/usr/bin/sync'</code>+ 
 +# End</code>
  
 ==== Timer ==== ==== Timer ====
  
-  * Every day at ''01:50:00''+  * Every day at ''01:30:00''
  
   sudo -e '/etc/systemd/system/wiki-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-fb.timer' --now && sudo systemctl start 'wiki-fb' && sudo systemctl status 'wiki-fb' -l   sudo -e '/etc/systemd/system/wiki-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-fb.timer' --now && sudo systemctl start 'wiki-fb' && sudo systemctl status 'wiki-fb' -l
Line 269: Line 288:
  
 [Timer] [Timer]
-OnCalendar=*-*-* 01:50:00+OnCalendar=*-*-* 01:30:00
 Persistent=true Persistent=true
  
 [Install] [Install]
-WantedBy=timers.target</code>+WantedBy=timers.target 
 + 
 +# End</code>
  
 ====== Backup ====== ====== Backup ======
Line 285: Line 306:
 **** ****
  
-  cd '/srv/www/wiki' && sudo tar -cvzf ~/'dokuwiki-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && cd ~ && sync+  cd '/var/www/wiki' && sudo tar -cvzf ~/'dokuwiki-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && cd ~ && sync
  
 ===== Client ===== ===== Client =====
Line 323: Line 344:
 **** ****
  
-  ls ~/'dokuwiki-files-'*'.tar.gz' && sudo rm -Rf '/srv/www/wiki/data/pages' '/srv/www/wiki/data/meta' '/srv/www/wiki/data/media' '/srv/www/wiki/data/media_meta' '/srv/www/wiki/data/attic' '/srv/www/wiki/data/media_attic' '/srv/www/wiki/conf'+  ls ~/'dokuwiki-files-'*'.tar.gz' && sudo rm -Rf '/var/www/wiki/data/pages' '/var/www/wiki/data/meta' '/var/www/wiki/data/media' '/var/www/wiki/data/media_meta' '/var/www/wiki/data/attic' '/var/www/wiki/data/media_attic' '/var/www/wiki/conf'
  
 ==== Restore Folders ==== ==== Restore Folders ====
Line 329: Line 350:
 **** ****
  
-  cd '/srv/www/wiki' && sudo tar -xvzf ~/'dokuwiki-files-'*'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && sudo chown -R 'wwwrun':'www' '/srv/www/wiki' && cd ~ && sync+  cd '/var/www/wiki' && sudo tar -xvzf ~/'dokuwiki-files-'*'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && sudo restorecon -F -I -R '/var/www/wiki' && sudo chown -R 'nginx':'nginx' '/var/www/wiki' && cd ~ && sync
  
 ==== Start nginx ==== ==== Start nginx ====
/var/www/wiki/data/pages/servers/nginx/dokuwiki.txt · Last modified: 2024/02/07 16:37 by Sean Rhone