Linux - Applications: Difference between revisions
NickPGSmith (talk | contribs) (→Apache) |
NickPGSmith (talk | contribs) |
||
Line 8: | Line 8: | ||
php php-mbstring php-pear php-fpm | php php-mbstring php-pear php-fpm | ||
User directories: | User directories using mod_user_dir enabled in: | ||
* /etc/httpd/conf.d/userdir.conf | |||
and set SELinux/permissions: | |||
setsebool -P httpd_enable_homedirs 1 | setsebool -P httpd_enable_homedirs 1 | ||
chmod 711 /home/someuser | chmod 711 /home/someuser |
Revision as of 18:36, 11 May 2024
Apache HTTPD
- /etc/httpd/conf/httpd.conf
- /etc/httpd/conf.d/ssl.conf
- /etc/httpd/conf.d/proxy_ajp.conf to connect to Tomcat over AJP
PHP packages:
php php-mbstring php-pear php-fpm
User directories using mod_user_dir enabled in:
- /etc/httpd/conf.d/userdir.conf
and set SELinux/permissions:
setsebool -P httpd_enable_homedirs 1 chmod 711 /home/someuser chmod 755 /home/someuser/public_html
After updating certificate (and key) SELinux may not allow access. Fix with:
restorecon -v /etc/pki/tls/certs/www.smithnet.org.uk.cert.pem
Use Basic Auth to hide a specific directory with user validation:
<Directory "/var/www/html/protected"> AuthType Basic AuthName "Protected Area" AuthBasicProvider file AuthUserFile "/etc/httpd/passwords" Require valid-user </Directory>
Update user accounts with:
htpasswd /etc/httpd/passwords jblogs
HTTP/2
Enable (globally or in a virtual host):
Protocols h2 h2c http/1.1
Use curl to check protocol switching:
curl --http2 -v localhost ... < HTTP/1.1 101 Switching Protocols < Upgrade: h2c < Connection: Upgrade * Received 101 * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Connection state changed (MAX_CONCURRENT_STREAMS == 100)! < HTTP/2 200 ...
Mediawiki
- Install PHP, including php-pgsql driver and php-pecl-apcu object caching.
- Uncomment in /etc/httpd/conf.d/mediawiki.conf
Set SELinux:
setsebool -P httpd_read_user_content 1 setsebool -P httpd_can_network_connect 1 setsebool -P httpd_can_network_connect_db 1
- Run setup http://hostname/wiki
- Allow it to create DB user/schema
- Configuration: /var/www/wiki/LocalSettings.php
Customisations:
$wgServer = "http://www.smithnet.org.uk"; $wgEmergencyContact = "[email protected]"; $wgPasswordSender = "[email protected]"; $wgLogos = [ '1x' => "/images/smithnet_wiki.png", 'icon' => "/images/smithnet_wiki.png", ];
Icon is nominally 50×50 pixels if SVG, or 100×100 pixels if raster. The 1x version hould be 135px wide by up to ~155px tall.
Ensure file uploads are allowed, and add new allowed file types:
$wgEnableUploads = true; $wgFileExtensions = array_merge( $wgFileExtensions, [ 'pdf', 'ppt', 'jp2', 'doc', 'docx', 'xls', 'xlsx' ]
);
Extra Logging:
$wgShowExceptionDetails = true;
Math
The Math extension is now distributed in:
/var/www/wiki/extensions/Math
Add to configuration:
wfLoadExtension( 'Math' ); $wgDefaultUserOptions['math'] = 'mathml';
Update the database through the UI:
/wiki/mw-config/index.php
and check the Special:Version and Special:Math pages.
Access Control
Prevent anonymous users creating accounts:
$wgGroupPermissions['*']['createaccount'] = false;
Prevent anonymous editing:
$wgGroupPermissions['*']['edit'] = false;
Allow anonymous reading:
$wgGroupPermissions['*']['read'] = true;
Export/Import
Export all content as XML:
php /usr/share/mediawiki/maintenance/dumpBackup.php --full --conf /var/www/wiki/LocalSettings.php > dump.xml
or use the UI: Special pages -> Export pages.
After RPM upgrade, may need to update database schema:
/usr/share/mediawiki/maintenance/update.php
Or use the UI: Special pages -> Import pages. File uploading may be limited by PHP (/etc/php.ini):
upload_max_filesize = 25M
or HTTPD (0 is unlimited):
LimitRequestBody 0
Importing images from /wiki/images should be possible from the maintenance/importImages.php script, but this didn't recognise any images for me.
Tomcat
- /etc/tomcat/conf/server.xml (define required connectors)
- /etc/tomcat/conf/tomcat-users.xml
- Webapps deplyed to: /var/lib/tomcat/webapps
- tomcat-webapps
- tomcat-docs-webapps
- tomcat-admin-webapps