Linux - Applications: Difference between revisions
NickPGSmith (talk | contribs) |
NickPGSmith (talk | contribs) |
||
(13 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
== Apache == | == Apache HTTPD == | ||
* /etc/httpd/conf/httpd.conf | * /etc/httpd/conf/httpd.conf | ||
Line 8: | Line 8: | ||
php php-mbstring php-pear php-fpm | php php-mbstring php-pear php-fpm | ||
User directories using mod_user_dir enabled in: | |||
* /etc/httpd/conf.d/userdir.conf | |||
and set SELinux/permissions: | |||
setsebool -P httpd_enable_homedirs 1 | setsebool -P httpd_enable_homedirs 1 | ||
chmod 711 /home/someuser | chmod 711 /home/someuser | ||
Line 16: | Line 18: | ||
After updating certificate (and key) SELinux may not allow access. Fix with: | After updating certificate (and key) SELinux may not allow access. Fix with: | ||
restorecon -v /etc/pki/tls/certs/www.smithnet.org.uk.cert.pem | restorecon -v /etc/pki/tls/certs/www.smithnet.org.uk.cert.pem | ||
Use [https://httpd.apache.org/docs/2.4/mod/mod_auth_basic.html Basic Auth] to hide a specific directory with user validation: | |||
<Directory "/var/www/html/protected"> | |||
AuthType Basic | |||
AuthName "Protected Area" | |||
AuthBasicProvider file | |||
AuthUserFile "/etc/httpd/passwords" | |||
Require valid-user | |||
</Directory> | |||
Update user accounts with: | |||
htpasswd /etc/httpd/passwords jblogs | |||
=== HTTP/2 === | === HTTP/2 === | ||
Enable | Enable (globally or in a virtual host): | ||
Protocols h2 h2c http/1.1 | Protocols h2 h2c http/1.1 | ||
Line 35: | Line 49: | ||
< HTTP/2 200 | < HTTP/2 200 | ||
... | ... | ||
== Daedalus == | |||
[https://daedaluswallet.io/ Daedalus Wallet] directories used: | |||
* ~/.daedalus | |||
* ~/.local/share/Daedalus | |||
Main executable: | |||
* ~/.local/bin/daedalus-mainnet | |||
== Mediawiki == | == Mediawiki == | ||
Line 46: | Line 69: | ||
setsebool -P httpd_can_network_connect_db 1 | setsebool -P httpd_can_network_connect_db 1 | ||
* Run setup http://hostname/wiki | * Run setup http://hostname/wiki | ||
** Allow it to create DB user/schema | ** Allow it to create DB user/schema | ||
* Configuration: /var/www/wiki/LocalSettings.php | |||
* Configuration: / | |||
Customisations: | Customisations: | ||
Line 56: | Line 77: | ||
$wgEmergencyContact = "[email protected]"; | $wgEmergencyContact = "[email protected]"; | ||
$wgPasswordSender = "[email protected]"; | $wgPasswordSender = "[email protected]"; | ||
$ | $wgLogos = [ | ||
'1x' => "/images/smithnet_wiki.png", | |||
'icon' => "/images/smithnet_wiki.png", | |||
]; | |||
Icon is nominally 50×50 pixels if SVG, or 100×100 pixels if raster. The 1x version hould be 135px wide by up to ~155px tall. | |||
Ensure file uploads are allowed, and add new allowed file types: | |||
$wgEnableUploads = true; | $wgEnableUploads = true; | ||
$wgFileExtensions = array_merge( | |||
$wgFileExtensions, [ | |||
'pdf', 'ppt', 'jp2', 'doc', 'docx', 'xls', 'xlsx' | |||
] | |||
); | |||
Extra Logging: | Extra Logging: | ||
$wgShowExceptionDetails = true; | $wgShowExceptionDetails = true; | ||
=== Math === | |||
The [https://www.mediawiki.org/wiki/Extension:Math Math] extension is now distributed in: | |||
/var/www/wiki/extensions/Math | |||
Add to configuration: | |||
wfLoadExtension( 'Math' ); | |||
$wgDefaultUserOptions['math'] = 'mathml'; | |||
Update the database through the UI: | |||
/wiki/mw-config/index.php | |||
and check the Special:Version and Special:Math pages. | |||
=== Access Control === | |||
Prevent anonymous users creating accounts: | |||
$wgGroupPermissions['*']['createaccount'] = false; | |||
Prevent anonymous editing: | |||
$wgGroupPermissions['*']['edit'] = false; | |||
Allow anonymous reading: | |||
$wgGroupPermissions['*']['read'] = true; | |||
=== Export/Import === | === Export/Import === | ||
Line 69: | Line 124: | ||
Export all content as XML: | Export all content as XML: | ||
php /usr/share/mediawiki/maintenance/dumpBackup.php --full --conf /var/www/wiki/LocalSettings.php > dump.xml | php /usr/share/mediawiki/maintenance/dumpBackup.php --full --conf /var/www/wiki/LocalSettings.php > dump.xml | ||
or use the UI: Special pages -> Export pages. | |||
After RPM upgrade, may need to update database schema: | After RPM upgrade, may need to update database schema: | ||
/usr/share/mediawiki/maintenance/update.php | /usr/share/mediawiki/maintenance/update.php | ||
Or use the UI: Special pages -> Import pages. File uploading may be limited by PHP (/etc/php.ini): | |||
upload_max_filesize = 25M | |||
or HTTPD (0 is unlimited): | |||
LimitRequestBody 0 | |||
Importing images from /wiki/images should be possible from the [https://www.mediawiki.org/wiki/Manual:ImportImages.php maintenance/importImages.php] script, but this didn't recognise any images for me. | |||
== Tomcat == | == Tomcat == |
Latest revision as of 04:37, 15 May 2024
Apache HTTPD
- /etc/httpd/conf/httpd.conf
- /etc/httpd/conf.d/ssl.conf
- /etc/httpd/conf.d/proxy_ajp.conf to connect to Tomcat over AJP
PHP packages:
php php-mbstring php-pear php-fpm
User directories using mod_user_dir enabled in:
- /etc/httpd/conf.d/userdir.conf
and set SELinux/permissions:
setsebool -P httpd_enable_homedirs 1 chmod 711 /home/someuser chmod 755 /home/someuser/public_html
After updating certificate (and key) SELinux may not allow access. Fix with:
restorecon -v /etc/pki/tls/certs/www.smithnet.org.uk.cert.pem
Use Basic Auth to hide a specific directory with user validation:
<Directory "/var/www/html/protected"> AuthType Basic AuthName "Protected Area" AuthBasicProvider file AuthUserFile "/etc/httpd/passwords" Require valid-user </Directory>
Update user accounts with:
htpasswd /etc/httpd/passwords jblogs
HTTP/2
Enable (globally or in a virtual host):
Protocols h2 h2c http/1.1
Use curl to check protocol switching:
curl --http2 -v localhost ... < HTTP/1.1 101 Switching Protocols < Upgrade: h2c < Connection: Upgrade * Received 101 * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Connection state changed (MAX_CONCURRENT_STREAMS == 100)! < HTTP/2 200 ...
Daedalus
Daedalus Wallet directories used:
- ~/.daedalus
- ~/.local/share/Daedalus
Main executable:
- ~/.local/bin/daedalus-mainnet
Mediawiki
- Install PHP, including php-pgsql driver and php-pecl-apcu object caching.
- Uncomment in /etc/httpd/conf.d/mediawiki.conf
Set SELinux:
setsebool -P httpd_read_user_content 1 setsebool -P httpd_can_network_connect 1 setsebool -P httpd_can_network_connect_db 1
- Run setup http://hostname/wiki
- Allow it to create DB user/schema
- Configuration: /var/www/wiki/LocalSettings.php
Customisations:
$wgServer = "http://www.smithnet.org.uk"; $wgEmergencyContact = "[email protected]"; $wgPasswordSender = "[email protected]"; $wgLogos = [ '1x' => "/images/smithnet_wiki.png", 'icon' => "/images/smithnet_wiki.png", ];
Icon is nominally 50×50 pixels if SVG, or 100×100 pixels if raster. The 1x version hould be 135px wide by up to ~155px tall.
Ensure file uploads are allowed, and add new allowed file types:
$wgEnableUploads = true; $wgFileExtensions = array_merge( $wgFileExtensions, [ 'pdf', 'ppt', 'jp2', 'doc', 'docx', 'xls', 'xlsx' ]
);
Extra Logging:
$wgShowExceptionDetails = true;
Math
The Math extension is now distributed in:
/var/www/wiki/extensions/Math
Add to configuration:
wfLoadExtension( 'Math' ); $wgDefaultUserOptions['math'] = 'mathml';
Update the database through the UI:
/wiki/mw-config/index.php
and check the Special:Version and Special:Math pages.
Access Control
Prevent anonymous users creating accounts:
$wgGroupPermissions['*']['createaccount'] = false;
Prevent anonymous editing:
$wgGroupPermissions['*']['edit'] = false;
Allow anonymous reading:
$wgGroupPermissions['*']['read'] = true;
Export/Import
Export all content as XML:
php /usr/share/mediawiki/maintenance/dumpBackup.php --full --conf /var/www/wiki/LocalSettings.php > dump.xml
or use the UI: Special pages -> Export pages.
After RPM upgrade, may need to update database schema:
/usr/share/mediawiki/maintenance/update.php
Or use the UI: Special pages -> Import pages. File uploading may be limited by PHP (/etc/php.ini):
upload_max_filesize = 25M
or HTTPD (0 is unlimited):
LimitRequestBody 0
Importing images from /wiki/images should be possible from the maintenance/importImages.php script, but this didn't recognise any images for me.
Tomcat
- /etc/tomcat/conf/server.xml (define required connectors)
- /etc/tomcat/conf/tomcat-users.xml
- Webapps deplyed to: /var/lib/tomcat/webapps
- tomcat-webapps
- tomcat-docs-webapps
- tomcat-admin-webapps