RoE | Wiki

User Tools

Site Tools

Trace:
servers:nginx:dokuwiki

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
servers:nginx:dokuwiki [2022/05/14 04:24] Sean Rhoneservers:nginx:dokuwiki [2024/02/07 16:34] – [Server Block] Sean Rhone
Line 7: Line 7:
 ===== Prerequisites ===== ===== Prerequisites =====
  
-  * [[distros:opensuse_tumbleweed_server|openSUSE Tumbleweed]]+  * [[distros:fedora_server|Fedora Server]]
   * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]   * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]
   * [[servers:nginx:lets_encrypt|Let's Encrypt]]   * [[servers:nginx:lets_encrypt|Let's Encrypt]]
 +
 +====== Dependencies ======
 +
 +  * PHP Modules: gd sodium zip zlib xml
 +
 +  sudo dnf install php-gd php-sodium php-pecl-zip php-xml
  
 ====== Download Source ====== ====== Download Source ======
Line 15: Line 21:
 **** ****
  
-  sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/splitbrain/dokuwiki.git' '/srv/www/wiki' && sudo chown -R 'wwwrun':'www' '/srv/www/wiki' && sync+  sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/splitbrain/dokuwiki.git' '/var/www/wiki' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/wiki(/.*)?' && sudo restorecon -F -I -R '/var/www/wiki' && sudo chown -R 'nginx':'nginx' '/var/www/wiki' && sync
  
 ====== nginx + PHP-FPM Configuration ====== ====== nginx + PHP-FPM Configuration ======
Line 21: Line 27:
 ===== PHP-FPM Socket ===== ===== PHP-FPM Socket =====
  
-  * :!: [[https://github.com/splitbrain/dokuwiki/issues/3506|This report]] links to other reports of broken pages, and has a few different solutions. Disabling Pcre JIT fixes the rendering issue in this instance's case as of 2021/07/02 +  sudo -e '/etc/php-fpm.d/wiki.conf' && sudo systemctl restart 'php-fpm'
- +
-  sudo -e '/etc/php8/fpm/php-fpm.d/wiki.conf' && sudo systemctl restart 'php-fpm'+
  
 <code> <code>
 [wiki] [wiki]
-user = wwwrun 
-group = www 
  
-listen 127.0.0.1:9001 +; User/Group 
-listen.owner wwwrun +user nginx 
-listen.group www+group = nginx 
 + 
 +; Socket 
 +listen = /run/php-fpm/wiki.sock 
 +listen.acl_users nginx
 listen.allowed_clients = 127.0.0.1 listen.allowed_clients = 127.0.0.1
  
 +; Process Management
 pm = ondemand pm = ondemand
 pm.max_children = 4 pm.max_children = 4
 pm.process_idle_timeout = 30 pm.process_idle_timeout = 30
  
 +; Fedora php.ini Defaults
 +php_value[session.save_handler] = "files"
 +php_value[session.save_path] = "/var/lib/php/session"
 +
 +; General
 php_value[date.timezone] = "America/New_York" php_value[date.timezone] = "America/New_York"
-php_value[pcre.jit] = "0"</code>+;php_value[max_execution_time] = "200" 
 +;php_value[memory_limit] = "512M" 
 +;php_value[post_max_size] = "10M" 
 +;php_value[upload_max_filesize] = "10M" 
 +;php_value[max_file_uploads] = "100" 
 + 
 +; End</code>
  
 ===== FastCGI ===== ===== FastCGI =====
  
-  sudo -e '/etc/nginx/snippets.d/wiki.conf'+  sudo -e '/etc/nginx/default.d/wiki.conf'
  
 <code> <code>
Line 50: Line 68:
 location ~ \.(php|phar)(/.*)?$ { location ~ \.(php|phar)(/.*)?$ {
     fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;     fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
- 
     fastcgi_intercept_errors on;     fastcgi_intercept_errors on;
     fastcgi_index doku.php;     fastcgi_index doku.php;
     include fastcgi_params;     include fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     fastcgi_param PATH_INFO $fastcgi_path_info;     fastcgi_param PATH_INFO $fastcgi_path_info;
-    fastcgi_pass 127.0.0.1:9001;+    fastcgi_param HTTPS on; 
 +    fastcgi_pass unix:/run/php-fpm/wiki.sock;
 }</code> }</code>
  
 ===== Server Block ====== ===== Server Block ======
 +
 +  * 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs
  
   sudo -e '/etc/nginx/vhosts.d/wiki.conf' && sudo systemctl reload 'nginx' && sync   sudo -e '/etc/nginx/vhosts.d/wiki.conf' && sudo systemctl reload 'nginx' && sync
Line 67: Line 87:
     listen '443' 'ssl' 'http2';     listen '443' 'ssl' 'http2';
     server_name 'wiki.realmofespionage.xyz';     server_name 'wiki.realmofespionage.xyz';
-    root '/srv/www/wiki';+    root '/var/www/wiki';
     index 'doku.php';     index 'doku.php';
  
-    include 'snippets.d/wiki.conf'; +    include '/etc/nginx/default.d/wiki.conf'; 
-    include 'snippets.d/headers.conf';+    include '/etc/nginx/default.d/headers.conf';
  
     client_max_body_size '10M';     client_max_body_size '10M';
  
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:" always;+#    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:" always
 +#    add_header Content-Security-Policy "default-src 'self';
  
 #    access_log  /var/log/nginx/wiki-access.log; #    access_log  /var/log/nginx/wiki-access.log;
Line 102: Line 123:
 }</code> }</code>
  
-====== AppArmor ======+====== Initial Setup ======
  
-  * https://bugzilla.suse.com/show_bug.cgi?id=1178655 +  * :!TODO: https://www.dokuwiki.org/rewrite
-  * Need to audit what permissions are needed, and then allow them ((this is similar to servers:games:trinitycore_3.3.5#service with SELinux)) +
-  * This was necessary as of 2022/05/14 with PHP8 +
- +
-===== Rule Build ===== +
- +
-  * https://wiki.realmofespionage.xyz/install.php +
-  * :!: Run ''aa-complain'', visit the set-up URL above, and do as-much set-up as possible in order to cover everything +
- +
-  sudo aa-complain '/etc/apparmor.d/php-fpm' +
- +
-===== Audit ===== +
- +
-**** +
- +
-  sudo aa-logprof +
- +
-===== Enforce ===== +
- +
-**** +
- +
-  sudo aa-enforce '/etc/apparmor.d/php-fpm' +
- +
-====== Initial Setup ======+
  
   * https://wiki.realmofespionage.xyz/install.php   * https://wiki.realmofespionage.xyz/install.php
Line 133: Line 131:
 ====== Settings ====== ====== Settings ======
  
-===== Code Box Click Issue =====+===== Plugins =====
  
-  * https://github.com/nicolasprigent/Dokuwiki-Copycode-plugin +  * https://www.dokuwiki.org/plugin:searchindex
-  * https://github.com/splitbrain/dokuwiki/issues/3357+
  
 ===== Template Style Settings ===== ===== Template Style Settings =====
Line 153: Line 150:
 ===== URL Rewrite ===== ===== URL Rewrite =====
  
-  * Admin -> Configuration Settings +  * Admin -> Configuration Settings -> DokuWiki -> Advanced -> userewrite 
-  * Set **Use nice URLs** to **.htaccess**+ 
 +  .htaccess
  
 ===== Double-hyphen Convert Disable ===== ===== Double-hyphen Convert Disable =====
Line 160: Line 158:
   * This prevents -- from becoming a – (long hyphen), which breaks some command's syntax   * This prevents -- from becoming a – (long hyphen), which breaks some command's syntax
  
-  echo '--      --' | sudo tee '/srv/www/wiki/conf/entities.local.conf' > '/dev/null' && sudo chown 'wwwrun':'www' '/srv/www/wiki/conf/entities.local.conf'+  echo '--      --' | sudo tee '/var/www/wiki/conf/entities.local.conf' > '/dev/null' && sudo chown 'nginx':'nginx' '/var/www/wiki/conf/entities.local.conf' && sync
  
 ====== Services ====== ====== Services ======
Line 172: Line 170:
 <code> <code>
 [Service] [Service]
-User=wwwrun +User=nginx 
-Group=www+Group=nginx
 Type=oneshot Type=oneshot
-ExecStart='/usr/bin/git' -C '/srv/www/wiki' pull origin 'master' +ExecStart='/usr/bin/git' -C '/var/www/wiki' pull origin 'master
-ExecStartPost='/usr/bin/sync'</code>+ExecStartPost='/usr/bin/touch' '/var/www/wiki/conf/local.php
 +ExecStartPost='/usr/bin/sync' 
 + 
 +# End</code>
  
 ==== Timer ==== ==== Timer ====
  
-  * Every day at ''01:00:00''+  * Every day at ''00:30:00''
  
   sudo -e '/etc/systemd/system/wiki-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-up.timer' --now && sudo systemctl start 'wiki-up' && sudo systemctl status 'wiki-up' -l   sudo -e '/etc/systemd/system/wiki-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-up.timer' --now && sudo systemctl start 'wiki-up' && sudo systemctl status 'wiki-up' -l
Line 191: Line 192:
  
 [Timer] [Timer]
-OnCalendar=*-*-* 01:00:00+OnCalendar=*-*-* 00:30:00
 Persistent=true Persistent=true
  
 [Install] [Install]
-WantedBy=timers.target</code>+WantedBy=timers.target 
 + 
 +# End</code>
  
 ===== Maintenance ===== ===== Maintenance =====
Line 209: Line 212:
 <code> <code>
 [Service] [Service]
-User=wwwrun +User=nginx 
-Group=www+Group=nginx
 Type=oneshot Type=oneshot
-WorkingDirectory=/srv/www/wiki +WorkingDirectory=/var/www/wiki 
-ExecStart='/usr/bin/git' -C '/srv/www/wiki' gc --aggressive --prune='all' +ExecStart='/usr/bin/git' -C '/var/www/wiki' gc --aggressive --prune='all' 
-ExecStart='/usr/bin/git' -C '/srv/www/wiki' fsck --full --strict +ExecStart='/usr/bin/git' -C '/var/www/wiki' fsck --full --strict 
-#ExecStart='/usr/bin/bash' -c "find '/srv/www/wiki/data'/{attic,cache,locks,media_attic}/ -type 'f' -mtime +'90' -delete" +#ExecStart='/usr/bin/bash' -c "find '/var/www/wiki/data'/{attic,cache,locks,media_attic}/ -type 'f' -mtime +'90' -delete" 
-ExecStart='/usr/bin/bash' -c "find '/srv/www/wiki/data'/{attic,cache,index,locks,media,media_attic,media_meta,meta,pages,tmp}/ -mindepth '1' -type 'd' -empty -delete" +ExecStart='/usr/bin/bash' -c "find '/var/www/wiki/data'/{attic,cache,index,locks,media,media_attic,media_meta,meta,pages,tmp}/ -mindepth '1' -type 'd' -empty -delete" 
-ExecStart='/usr/bin/php' '/srv/www/wiki/bin/indexer.php' --clear +ExecStart='/usr/bin/php' '/var/www/wiki/bin/indexer.php' --clear 
-ExecStartPost='/usr/bin/sync'</code>+ExecStartPost='/usr/bin/sync' 
 + 
 +# End</code>
  
 ==== Timer ==== ==== Timer ====
  
-  * ''01'' day of every month at ''01:20:00''+  * ''01'' day of every month at ''01:00:00''
  
   sudo -e '/etc/systemd/system/wiki-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-m.timer' --now   sudo -e '/etc/systemd/system/wiki-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-m.timer' --now
Line 231: Line 236:
  
 [Timer] [Timer]
-OnCalendar=*-*-01 01:20:00+OnCalendar=*-*-01 01:00:00
 Persistent=true Persistent=true
  
 [Install] [Install]
-WantedBy=timers.target</code>+WantedBy=timers.target 
 + 
 +# End</code>
  
 ===== Backup ===== ===== Backup =====
Line 244: Line 251:
  
   * :!: The extra ''ExecStart''s are additional backup locations that expect [[servers:vsftpd|vsftpd]]   * :!: The extra ''ExecStart''s are additional backup locations that expect [[servers:vsftpd|vsftpd]]
-  * TODO: Figure out Keybase and set a path here 
  
   mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/wiki-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/wiki-fb.service'   mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/wiki-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/wiki-fb.service'
Line 251: Line 257:
 [Service] [Service]
 Type=oneshot Type=oneshot
-WorkingDirectory=/srv/www/wiki +WorkingDirectory=/var/www/wiki 
-ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/home/CHANGEME/backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' +ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' 
-#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/srv/ftp/nas1/espionage724/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' +#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/srv/ftp/nas1/espionage724/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' 
-#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/srv/ftp/nas2/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' +#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/srv/ftp/nas2/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' 
-#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/run/user/1000/keybase/kbfs/private/espionage724/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' +ExecStartPost='/usr/bin/sync' 
-ExecStartPost='/usr/bin/sync'</code>+ 
 +# End</code>
  
 ==== Timer ==== ==== Timer ====
  
-  * Every day at ''01:50:00''+  * Every day at ''01:30:00''
  
   sudo -e '/etc/systemd/system/wiki-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-fb.timer' --now && sudo systemctl start 'wiki-fb' && sudo systemctl status 'wiki-fb' -l   sudo -e '/etc/systemd/system/wiki-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-fb.timer' --now && sudo systemctl start 'wiki-fb' && sudo systemctl status 'wiki-fb' -l
Line 269: Line 276:
  
 [Timer] [Timer]
-OnCalendar=*-*-* 01:50:00+OnCalendar=*-*-* 01:30:00
 Persistent=true Persistent=true
  
 [Install] [Install]
-WantedBy=timers.target</code>+WantedBy=timers.target 
 + 
 +# End</code>
  
 ====== Backup ====== ====== Backup ======
Line 285: Line 294:
 **** ****
  
-  cd '/srv/www/wiki' && sudo tar -cvzf ~/'dokuwiki-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && cd ~ && sync+  cd '/var/www/wiki' && sudo tar -cvzf ~/'dokuwiki-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && cd ~ && sync
  
 ===== Client ===== ===== Client =====
Line 323: Line 332:
 **** ****
  
-  ls ~/'dokuwiki-files-'*'.tar.gz' && sudo rm -Rf '/srv/www/wiki/data/pages' '/srv/www/wiki/data/meta' '/srv/www/wiki/data/media' '/srv/www/wiki/data/media_meta' '/srv/www/wiki/data/attic' '/srv/www/wiki/data/media_attic' '/srv/www/wiki/conf'+  ls ~/'dokuwiki-files-'*'.tar.gz' && sudo rm -Rf '/var/www/wiki/data/pages' '/var/www/wiki/data/meta' '/var/www/wiki/data/media' '/var/www/wiki/data/media_meta' '/var/www/wiki/data/attic' '/var/www/wiki/data/media_attic' '/var/www/wiki/conf'
  
 ==== Restore Folders ==== ==== Restore Folders ====
Line 329: Line 338:
 **** ****
  
-  cd '/srv/www/wiki' && sudo tar -xvzf ~/'dokuwiki-files-'*'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && sudo chown -R 'wwwrun':'www' '/srv/www/wiki' && cd ~ && sync+  cd '/var/www/wiki' && sudo tar -xvzf ~/'dokuwiki-files-'*'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && sudo restorecon -F -I -R '/var/www/wiki' && sudo chown -R 'nginx':'nginx' '/var/www/wiki' && cd ~ && sync
  
 ==== Start nginx ==== ==== Start nginx ====
/var/www/wiki/data/pages/servers/nginx/dokuwiki.txt · Last modified: 2024/02/07 16:37 by Sean Rhone