Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision |
servers:nginx:dokuwiki [2022/07/15 15:58] – Logs Sean Rhone | servers:nginx:dokuwiki [2024/02/07 16:34] – [Server Block] Sean Rhone |
---|
* [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]] | * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]] |
* [[servers:nginx:lets_encrypt|Let's Encrypt]] | * [[servers:nginx:lets_encrypt|Let's Encrypt]] |
| |
| ====== Dependencies ====== |
| |
| * PHP Modules: gd sodium zip zlib xml |
| |
| sudo dnf install php-gd php-sodium php-pecl-zip php-xml |
| |
====== Download Source ====== | ====== Download Source ====== |
**** | **** |
| |
sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/splitbrain/dokuwiki.git' '/var/www/wiki' && sudo chown -R 'nginx':'nginx' '/var/www/wiki' && sudo restorecon -F -I -R '/var/www/wiki' && sync | sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/splitbrain/dokuwiki.git' '/var/www/wiki' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/wiki(/.*)?' && sudo restorecon -F -I -R '/var/www/wiki' && sudo chown -R 'nginx':'nginx' '/var/www/wiki' && sync |
| |
====== nginx + PHP-FPM Configuration ====== | ====== nginx + PHP-FPM Configuration ====== |
| |
===== PHP-FPM Socket ===== | ===== PHP-FPM Socket ===== |
| |
* :!: [[https://github.com/splitbrain/dokuwiki/issues/3506|This report]] links to other reports of broken pages, and has a few different solutions. Disabling Pcre JIT fixes the rendering issue in this instance's case as of 2021/07/02, but doesn't seem to be necessary as of 2022/07/15 | |
| |
sudo -e '/etc/php-fpm.d/wiki.conf' && sudo systemctl restart 'php-fpm' | sudo -e '/etc/php-fpm.d/wiki.conf' && sudo systemctl restart 'php-fpm' |
<code> | <code> |
[wiki] | [wiki] |
| |
| ; User/Group |
user = nginx | user = nginx |
group = nginx | group = nginx |
| |
| ; Socket |
listen = /run/php-fpm/wiki.sock | listen = /run/php-fpm/wiki.sock |
listen.acl_users = nginx | listen.acl_users = nginx |
listen.allowed_clients = 127.0.0.1 | listen.allowed_clients = 127.0.0.1 |
| |
| ; Process Management |
pm = ondemand | pm = ondemand |
pm.max_children = 4 | pm.max_children = 4 |
pm.process_idle_timeout = 30 | pm.process_idle_timeout = 30 |
| |
| ; Fedora php.ini Defaults |
| php_value[session.save_handler] = "files" |
| php_value[session.save_path] = "/var/lib/php/session" |
| |
| ; General |
php_value[date.timezone] = "America/New_York" | php_value[date.timezone] = "America/New_York" |
;php_value[pcre.jit] = "0" | ;php_value[max_execution_time] = "200" |
php_value[session.save_handler] = files | ;php_value[memory_limit] = "512M" |
php_value[session.save_path] = /var/lib/php/session</code> | ;php_value[post_max_size] = "10M" |
| ;php_value[upload_max_filesize] = "10M" |
| ;php_value[max_file_uploads] = "100" |
| |
| ; End</code> |
| |
===== FastCGI ===== | ===== FastCGI ===== |
location ~ \.(php|phar)(/.*)?$ { | location ~ \.(php|phar)(/.*)?$ { |
fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$; | fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$; |
| |
fastcgi_intercept_errors on; | fastcgi_intercept_errors on; |
fastcgi_index doku.php; | fastcgi_index doku.php; |
include fastcgi_params; | include fastcgi_params; |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
fastcgi_param PATH_INFO $fastcgi_path_info; | fastcgi_param PATH_INFO $fastcgi_path_info; |
fastcgi_pass unix:/run/php-fpm/wiki.sock; | fastcgi_param HTTPS on; |
| fastcgi_pass unix:/run/php-fpm/wiki.sock; |
}</code> | }</code> |
| |
===== Server Block ====== | ===== Server Block ====== |
| |
| * 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs |
| |
sudo -e '/etc/nginx/vhosts.d/wiki.conf' && sudo systemctl reload 'nginx' && sync | sudo -e '/etc/nginx/vhosts.d/wiki.conf' && sudo systemctl reload 'nginx' && sync |
index 'doku.php'; | index 'doku.php'; |
| |
include 'default.d/wiki.conf'; | include '/etc/nginx/default.d/wiki.conf'; |
include 'default.d/headers.conf'; | include '/etc/nginx/default.d/headers.conf'; |
| |
client_max_body_size '10M'; | client_max_body_size '10M'; |
| |
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:" always; | # add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data:" always; |
| # add_header Content-Security-Policy "default-src 'self'; |
| |
# access_log /var/log/nginx/wiki-access.log; | # access_log /var/log/nginx/wiki-access.log; |
| |
====== Initial Setup ====== | ====== Initial Setup ====== |
| |
| * :!: TODO: https://www.dokuwiki.org/rewrite |
| |
* https://wiki.realmofespionage.xyz/install.php | * https://wiki.realmofespionage.xyz/install.php |
| |
====== Settings ====== | ====== Settings ====== |
| |
| ===== Plugins ===== |
| |
| * https://www.dokuwiki.org/plugin:searchindex |
| |
===== Template Style Settings ===== | ===== Template Style Settings ===== |
===== URL Rewrite ===== | ===== URL Rewrite ===== |
| |
* Admin -> Configuration Settings | * Admin -> Configuration Settings -> DokuWiki -> Advanced -> userewrite |
* Set **Use nice URLs** to **.htaccess** | |
| .htaccess |
| |
===== Double-hyphen Convert Disable ===== | ===== Double-hyphen Convert Disable ===== |
* This prevents -- from becoming a – (long hyphen), which breaks some command's syntax | * This prevents -- from becoming a – (long hyphen), which breaks some command's syntax |
| |
echo '-- --' | sudo tee '/var/www/wiki/conf/entities.local.conf' > '/dev/null' && sudo chown 'nginx':'nginx' '/var/www/wiki/conf/entities.local.conf' && sudo restorecon -F -I -R '/var/www/wiki/conf/entities.local.conf' && sync | echo '-- --' | sudo tee '/var/www/wiki/conf/entities.local.conf' > '/dev/null' && sudo chown 'nginx':'nginx' '/var/www/wiki/conf/entities.local.conf' && sync |
| |
====== Logs ====== | |
| |
===== Enable ===== | |
| |
* Uncomment ''access_log'' and ''error_log'' | |
| |
sudo -e '/etc/nginx/vhosts.d/wiki.conf' && sudo systemctl reload 'nginx' && sync | |
| |
===== Logs ===== | |
| |
sudo -e '/var/log/nginx/wiki-access.log' | |
| |
sudo -e '/var/log/nginx/wiki-error.log' | |
| |
===== Disable ===== | |
| |
* Comment ''access_log'' and ''error_log'' | |
| |
sudo -e '/etc/nginx/vhosts.d/wiki.conf' && sudo systemctl reload 'nginx' && sudo rm '/var/log/nginx/wiki-access.log' '/var/log/nginx/wiki-error.log' && sync | |
| |
====== Services ====== | ====== Services ====== |
Type=oneshot | Type=oneshot |
ExecStart='/usr/bin/git' -C '/var/www/wiki' pull origin 'master' | ExecStart='/usr/bin/git' -C '/var/www/wiki' pull origin 'master' |
ExecStartPost='/usr/bin/sync'</code> | ExecStartPost='/usr/bin/touch' '/var/www/wiki/conf/local.php' |
| ExecStartPost='/usr/bin/sync' |
| |
| # End</code> |
| |
==== Timer ==== | ==== Timer ==== |
| |
* Every day at ''01:00:00'' | * Every day at ''00:30:00'' |
| |
sudo -e '/etc/systemd/system/wiki-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-up.timer' --now && sudo systemctl start 'wiki-up' && sudo systemctl status 'wiki-up' -l | sudo -e '/etc/systemd/system/wiki-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-up.timer' --now && sudo systemctl start 'wiki-up' && sudo systemctl status 'wiki-up' -l |
| |
[Timer] | [Timer] |
OnCalendar=*-*-* 01:00:00 | OnCalendar=*-*-* 00:30:00 |
Persistent=true | Persistent=true |
| |
[Install] | [Install] |
WantedBy=timers.target</code> | WantedBy=timers.target |
| |
| # End</code> |
| |
===== Maintenance ===== | ===== Maintenance ===== |
ExecStart='/usr/bin/bash' -c "find '/var/www/wiki/data'/{attic,cache,index,locks,media,media_attic,media_meta,meta,pages,tmp}/ -mindepth '1' -type 'd' -empty -delete" | ExecStart='/usr/bin/bash' -c "find '/var/www/wiki/data'/{attic,cache,index,locks,media,media_attic,media_meta,meta,pages,tmp}/ -mindepth '1' -type 'd' -empty -delete" |
ExecStart='/usr/bin/php' '/var/www/wiki/bin/indexer.php' --clear | ExecStart='/usr/bin/php' '/var/www/wiki/bin/indexer.php' --clear |
ExecStartPost='/usr/bin/sync'</code> | ExecStartPost='/usr/bin/sync' |
| |
| # End</code> |
| |
==== Timer ==== | ==== Timer ==== |
| |
* ''01'' day of every month at ''01:20:00'' | * ''01'' day of every month at ''01:00:00'' |
| |
sudo -e '/etc/systemd/system/wiki-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-m.timer' --now | sudo -e '/etc/systemd/system/wiki-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-m.timer' --now |
| |
[Timer] | [Timer] |
OnCalendar=*-*-01 01:20:00 | OnCalendar=*-*-01 01:00:00 |
Persistent=true | Persistent=true |
| |
[Install] | [Install] |
WantedBy=timers.target</code> | WantedBy=timers.target |
| |
| # End</code> |
| |
===== Backup ===== | ===== Backup ===== |
| |
* :!: The extra ''ExecStart''s are additional backup locations that expect [[servers:vsftpd|vsftpd]] | * :!: The extra ''ExecStart''s are additional backup locations that expect [[servers:vsftpd|vsftpd]] |
* TODO: Figure out Keybase and set a path here | |
| |
mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/wiki-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/wiki-fb.service' | mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/wiki-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/wiki-fb.service' |
Type=oneshot | Type=oneshot |
WorkingDirectory=/var/www/wiki | WorkingDirectory=/var/www/wiki |
ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/home/CHANGEME/backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' | ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' |
#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/srv/ftp/nas1/espionage724/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' | #ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/srv/ftp/nas1/espionage724/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' |
#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/srv/ftp/nas2/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' | #ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/srv/ftp/nas2/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"' |
ExecStartPost='/usr/bin/sync'</code> | ExecStartPost='/usr/bin/sync' |
| |
=== Keybase === | # End</code> |
| |
* https://book.keybase.io/docs/files/details#mountpoints | |
* :!: TODO: This doesn't work; can't immediately copy root:root file to that KBFS folder so it needs to be owned by that user, but the entire script is ran as-root. Create entirely different script? | |
| |
<code> | |
#ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/run/user/1000/keybase/kbfs/private/espionage724/Servers/Scheduled Backups/dokuwiki-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "data/pages" "data/meta" "data/media" "data/media_meta" "data/attic" "data/media_attic" "conf"'</code> | |
| |
==== Timer ==== | ==== Timer ==== |
| |
* Every day at ''01:50:00'' | * Every day at ''01:30:00'' |
| |
sudo -e '/etc/systemd/system/wiki-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-fb.timer' --now && sudo systemctl start 'wiki-fb' && sudo systemctl status 'wiki-fb' -l | sudo -e '/etc/systemd/system/wiki-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'wiki-fb.timer' --now && sudo systemctl start 'wiki-fb' && sudo systemctl status 'wiki-fb' -l |
| |
[Timer] | [Timer] |
OnCalendar=*-*-* 01:50:00 | OnCalendar=*-*-* 01:30:00 |
Persistent=true | Persistent=true |
| |
[Install] | [Install] |
WantedBy=timers.target</code> | WantedBy=timers.target |
| |
| # End</code> |
| |
====== Backup ====== | ====== Backup ====== |
**** | **** |
| |
cd '/var/www/wiki' && sudo tar -xvzf ~/'dokuwiki-files-'*'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && sudo chown -R 'nginx':'nginx' '/var/www/wiki' && sudo restorecon -F -I -R '/var/www/wiki' && cd ~ && sync | cd '/var/www/wiki' && sudo tar -xvzf ~/'dokuwiki-files-'*'.tar.gz' 'data/pages' 'data/meta' 'data/media' 'data/media_meta' 'data/attic' 'data/media_attic' 'conf' && sudo restorecon -F -I -R '/var/www/wiki' && sudo chown -R 'nginx':'nginx' '/var/www/wiki' && cd ~ && sync |
| |
==== Start nginx ==== | ==== Start nginx ==== |