Both sides previous revisionPrevious revisionNext revision | Previous revision |
servers:nginx:dokuwiki [2022/05/14 04:24] – Sean Rhone | servers:nginx:dokuwiki [2024/02/07 16:37] (current) – [Server Block] Sean Rhone |
---|
===== Prerequisites ===== | ===== Prerequisites ===== |
| |
* [[distros:opensuse_tumbleweed_server|openSUSE Tumbleweed]] | * [[distros:fedora_server|Fedora Server]] |
* [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]] | * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]] |
* [[servers:nginx:lets_encrypt|Let's Encrypt]] | * [[servers:nginx:lets_encrypt|Let's Encrypt]] |
| |
| ====== Dependencies ====== |
| |
| * PHP Modules: gd sodium zip zlib xml |
| |
| sudo dnf install php-gd php-sodium php-pecl-zip php-xml |
| |
====== Download Source ====== | ====== Download Source ====== |
**** | **** |
| |
sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/splitbrain/dokuwiki.git' '/srv/www/wiki' && sudo chown -R 'wwwrun':'www' '/srv/www/wiki' && sync | sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/splitbrain/dokuwiki.git' '/var/www/wiki' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/wiki(/.*)?' && sudo restorecon -F -I -R '/var/www/wiki' && sudo chown -R 'nginx':'nginx' '/var/www/wiki' && sync |
| |
====== nginx + PHP-FPM Configuration ====== | ====== nginx + PHP-FPM Configuration ====== |
===== PHP-FPM Socket ===== | ===== PHP-FPM Socket ===== |
| |
* :!: [[https://github.com/splitbrain/dokuwiki/issues/3506|This report]] links to other reports of broken pages, and has a few different solutions. Disabling Pcre JIT fixes the rendering issue in this instance's case as of 2021/07/02 | sudo -e '/etc/php-fpm.d/wiki.conf' && sudo systemctl restart 'php-fpm' |
| |
sudo -e '/etc/php8/fpm/php-fpm.d/wiki.conf' && sudo systemctl restart 'php-fpm' | |
| |
<code> | <code> |
[wiki] | [wiki] |
user = wwwrun | |
group = www | |
| |
listen = 127.0.0.1:9001 | ; User/Group |
listen.owner = wwwrun | user = nginx |
listen.group = www | group = nginx |
| |
| ; Socket |
| listen = /run/php-fpm/wiki.sock |
| listen.acl_users = nginx |
listen.allowed_clients = 127.0.0.1 | listen.allowed_clients = 127.0.0.1 |
| |
| ; Process Management |
pm = ondemand | pm = ondemand |
pm.max_children = 4 | pm.max_children = 4 |
pm.process_idle_timeout = 30 | pm.process_idle_timeout = 30 |
| |
| ; Fedora php.ini Defaults |
| php_value[session.save_handler] = "files" |
| php_value[session.save_path] = "/var/lib/php/session" |
| |
| ; General |
php_value[date.timezone] = "America/New_York" | php_value[date.timezone] = "America/New_York" |
php_value[pcre.jit] = "0"</code> | ;php_value[max_execution_time] = "200" |
| ;php_value[memory_limit] = "512M" |
| ;php_value[post_max_size] = "10M" |
| ;php_value[upload_max_filesize] = "10M" |
| ;php_value[max_file_uploads] = "100" |
| |
| ; End</code> |
| |
===== FastCGI ===== | ===== FastCGI ===== |
| |
sudo -e '/etc/nginx/snippets.d/wiki.conf' | sudo -e '/etc/nginx/default.d/wiki.conf' |
| |
<code> | <code> |
location ~ \.(php|phar)(/.*)?$ { | location ~ \.(php|phar)(/.*)?$ { |
fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$; | fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$; |
| |
fastcgi_intercept_errors on; | fastcgi_intercept_errors on; |
fastcgi_index doku.php; | fastcgi_index doku.php; |
include fastcgi_params; | include fastcgi_params; |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
fastcgi_param PATH_INFO $fastcgi_path_info; | fastcgi_param PATH_INFO $fastcgi_path_info; |
fastcgi_pass 127.0.0.1:9001; | fastcgi_param HTTPS on; |
| fastcgi_pass unix:/run/php-fpm/wiki.sock; |
}</code> | }</code> |
| |
listen '443' 'ssl' 'http2'; | listen '443' 'ssl' 'http2'; |
server_name 'wiki.realmofespionage.xyz'; | server_name 'wiki.realmofespionage.xyz'; |
root '/srv/www/wiki'; | root '/var/www/wiki'; |
index 'doku.php'; | index 'doku.php'; |
| |
include 'snippets.d/wiki.conf'; | include '/etc/nginx/default.d/wiki.conf'; |
include 'snippets.d/headers.conf'; | include '/etc/nginx/default.d/headers.conf'; |
| |
client_max_body_size '10M'; | client_max_body_size '10M'; |
}</code> | }</code> |
| |
====== AppArmor ====== | ====== Initial Setup ====== |
| |
* https://bugzilla.suse.com/show_bug.cgi?id=1178655 | * :!: TODO: https://www.dokuwiki.org/rewrite |
* Need to audit what permissions are needed, and then allow them ((this is similar to servers:games:trinitycore_3.3.5#service with SELinux)) | |
* This was necessary as of 2022/05/14 with PHP8 | |
| |
===== Rule Build ===== | |
| |
* https://wiki.realmofespionage.xyz/install.php | |
* :!: Run ''aa-complain'', visit the set-up URL above, and do as-much set-up as possible in order to cover everything | |
| |
sudo aa-complain '/etc/apparmor.d/php-fpm' | |
| |
===== Audit ===== | |
| |
**** | |
| |
sudo aa-logprof | |
| |
===== Enforce ===== | |
| |
**** | |
| |
sudo aa-enforce '/etc/apparmor.d/php-fpm' | |
| |
====== Initial Setup ====== | |
| |
* https://wiki.realmofespionage.xyz/install.php | * https://wiki.realmofespionage.xyz/install.php |
====== Settings ====== | ====== Settings ====== |
| |
===== Code Box Click Issue ===== | ===== Plugins ===== |
| |
* https://github.com/nicolasprigent/Dokuwiki-Copycode-plugin | * https://www.dokuwiki.org/plugin:searchindex |
* https://github.com/splitbrain/dokuwiki/issues/3357 | |
| |
===== Template Style Settings ===== | ===== Template Style Settings ===== |
===== URL Rewrite ===== | ===== URL Rewrite ===== |
| |
* Admin -> Configuration Settings | * Admin -> Configuration Settings -> DokuWiki -> Advanced -> userewrite |
* Set **Use nice URLs** to **.htaccess** | |
| .htaccess |
| |
===== Double-hyphen Convert Disable ===== | ===== Double-hyphen Convert Disable ===== |
* This prevents -- from becoming a – (long hyphen), which breaks some command's syntax | * This prevents -- from becoming a – (long hyphen), which breaks some command's syntax |
| |
echo '-- --' | sudo tee '/srv/www/wiki/conf/entities.local.conf' > '/dev/null' && sudo chown 'wwwrun':'www' '/srv/www/wiki/conf/entities.local.conf' | echo '-- --' | sudo tee '/var/www/wiki/conf/entities.local.conf' > '/dev/null' && sudo chown 'nginx':'nginx' '/var/www/wiki/conf/entities.local.conf' && sync |
| |
====== Services ====== | ====== Services ====== |
<code> | <code> |
[Service] | [Service] |
User=wwwrun | User=nginx |
Group=www | Group=nginx |
Type=oneshot | Type=oneshot |
ExecStart='/usr/bin/git' -C '/srv/www/wiki' pull origin 'master' | ExecStart='/usr/bin/git' -C '/var/www/wiki' pull origin 'master' |
ExecStartPost='/usr/bin/sync'</code> | ExecStartPost='/usr/bin/touch' '/var/www/wiki/conf/local.php' |
| ExecStartPost='/usr/bin/sync' |
| |
| # End</code> |
| |
==== Timer ==== | ==== Timer ==== |
| |
* Every day at ''01:00:00'' | * Every day at ''00:30:00'' |
| |
sudo -e '/etc/systemd/system/wiki-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-up.timer' --now && sudo systemctl start 'wiki-up' && sudo systemctl status 'wiki-up' -l | sudo -e '/etc/systemd/system/wiki-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-up.timer' --now && sudo systemctl start 'wiki-up' && sudo systemctl status 'wiki-up' -l |
| |
[Timer] | [Timer] |
OnCalendar=*-*-* 01:00:00 | OnCalendar=*-*-* 00:30:00 |
Persistent=true | Persistent=true |
| |
[Install] | [Install] |
WantedBy=timers.target</code> | WantedBy=timers.target |
| |
| # End</code> |
| |
===== Maintenance ===== | ===== Maintenance ===== |
<code> | <code> |
[Service] | [Service] |
User=wwwrun | User=nginx |
Group=www | Group=nginx |
Type=oneshot | Type=oneshot |
WorkingDirectory=/srv/www/wiki | WorkingDirectory=/var/www/wiki |
ExecStart='/usr/bin/git' -C '/srv/www/wiki' gc --aggressive --prune='all' | ExecStart='/usr/bin/git' -C '/var/www/wiki' gc --aggressive --prune='all' |
ExecStart='/usr/bin/git' -C '/srv/www/wiki' fsck --full --strict | ExecStart='/usr/bin/git' -C '/var/www/wiki' fsck --full --strict |
#ExecStart='/usr/bin/bash' -c "find '/srv/www/wiki/data'/{attic,cache,locks,media_attic}/ -type 'f' -mtime +'90' -delete" | #ExecStart='/usr/bin/bash' -c "find '/var/www/wiki/data'/{attic,cache,locks,media_attic}/ -type 'f' -mtime +'90' -delete" |
ExecStart='/usr/bin/bash' -c "find '/srv/www/wiki/data'/{attic,cache,index,locks,media,media_attic,media_meta,meta,pages,tmp}/ -mindepth '1' -type 'd' -empty -delete" | ExecStart='/usr/bin/bash' -c "find '/var/www/wiki/data'/{attic,cache,index,locks,media,media_attic,media_meta,meta,pages,tmp}/ -mindepth '1' -type 'd' -empty -delete" |
ExecStart='/usr/bin/php' '/srv/www/wiki/bin/indexer.php' --clear | ExecStart='/usr/bin/php' '/var/www/wiki/bin/indexer.php' --clear |
ExecStartPost='/usr/bin/sync'</code> | ExecStartPost='/usr/bin/sync' |
| |
| # End</code> |
| |
==== Timer ==== | ==== Timer ==== |
| |
* ''01'' day of every month at ''01:20:00'' | * ''01'' day of every month at ''01:00:00'' |
| |
sudo -e '/etc/systemd/system/wiki-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-m.timer' --now | sudo -e '/etc/systemd/system/wiki-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-m.timer' --now |
| |
[Timer] | [Timer] |
OnCalendar=*-*-01 01:20:00 | OnCalendar=*-*-01 01:00:00 |
Persistent=true | Persistent=true |
| |
[Install] | [Install] |
WantedBy=timers.target</code> | WantedBy=timers.target |
| |
| # End</code> |
| |
===== Backup ===== | ===== Backup ===== |
| |
* :!: The extra ''ExecStart''s are additional backup locations that expect [[servers:vsftpd|vsftpd]] | * :!: The extra ''ExecStart''s are additional backup locations that expect [[servers:vsftpd|vsftpd]] |
* TODO: Figure out Keybase and set a path here | |
| |
mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/wiki-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/wiki-fb.service' | mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/wiki-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/wiki-fb.service' |
[Service] | [Service] |
Type=oneshot | Type=oneshot |
WorkingDirectory=/srv/www/wiki | WorkingDirectory=/var/www/wiki |
ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/home/CHANGEME/backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' | ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' |
#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/srv/ftp/nas1/espionage724/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' | #ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/srv/ftp/nas1/espionage724/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' |
#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/srv/ftp/nas2/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' | #ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/srv/ftp/nas2/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' |
#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/run/user/1000/keybase/kbfs/private/espionage724/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' | ExecStartPost='/usr/bin/sync' |
ExecStartPost='/usr/bin/sync'</code> | |
| # End</code> |
| |
==== Timer ==== | ==== Timer ==== |
| |
* Every day at ''01:50:00'' | * Every day at ''01:30:00'' |
| |
sudo -e '/etc/systemd/system/wiki-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-fb.timer' --now && sudo systemctl start 'wiki-fb' && sudo systemctl status 'wiki-fb' -l | sudo -e '/etc/systemd/system/wiki-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-fb.timer' --now && sudo systemctl start 'wiki-fb' && sudo systemctl status 'wiki-fb' -l |
| |
[Timer] | [Timer] |
OnCalendar=*-*-* 01:50:00 | OnCalendar=*-*-* 01:30:00 |
Persistent=true | Persistent=true |
| |
[Install] | [Install] |
WantedBy=timers.target</code> | WantedBy=timers.target |
| |
| # End</code> |
| |
====== Backup ====== | ====== Backup ====== |
**** | **** |
| |
cd '/srv/www/wiki' && sudo tar -cvzf ~/'dokuwiki-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && cd ~ && sync | cd '/var/www/wiki' && sudo tar -cvzf ~/'dokuwiki-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && cd ~ && sync |
| |
===== Client ===== | ===== Client ===== |
**** | **** |
| |
ls ~/'dokuwiki-files-'*'.tar.gz' && sudo rm -Rf '/srv/www/wiki/data/pages' '/srv/www/wiki/data/meta' '/srv/www/wiki/data/media' '/srv/www/wiki/data/media_meta' '/srv/www/wiki/data/attic' '/srv/www/wiki/data/media_attic' '/srv/www/wiki/conf' | ls ~/'dokuwiki-files-'*'.tar.gz' && sudo rm -Rf '/var/www/wiki/data/pages' '/var/www/wiki/data/meta' '/var/www/wiki/data/media' '/var/www/wiki/data/media_meta' '/var/www/wiki/data/attic' '/var/www/wiki/data/media_attic' '/var/www/wiki/conf' |
| |
==== Restore Folders ==== | ==== Restore Folders ==== |
**** | **** |
| |
cd '/srv/www/wiki' && sudo tar -xvzf ~/'dokuwiki-files-'*'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && sudo chown -R 'wwwrun':'www' '/srv/www/wiki' && cd ~ && sync | cd '/var/www/wiki' && sudo tar -xvzf ~/'dokuwiki-files-'*'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && sudo restorecon -F -I -R '/var/www/wiki' && sudo chown -R 'nginx':'nginx' '/var/www/wiki' && cd ~ && sync |
| |
==== Start nginx ==== | ==== Start nginx ==== |