Linux - Applications: Difference between revisions

From Smithnet Wiki
Jump to navigation Jump to search
Line 8: Line 8:
   php php-mbstring php-pear php-fpm
   php php-mbstring php-pear php-fpm


User directories:
User directories using mod_user_dir enabled in:
* /etc/httpd/conf.d/userdir.conf


and set SELinux/permissions:
  setsebool -P httpd_enable_homedirs 1
  setsebool -P httpd_enable_homedirs 1
  chmod 711 /home/someuser
  chmod 711 /home/someuser

Revision as of 18:36, 11 May 2024

Apache HTTPD

  • /etc/httpd/conf/httpd.conf
  • /etc/httpd/conf.d/ssl.conf
  • /etc/httpd/conf.d/proxy_ajp.conf to connect to Tomcat over AJP

PHP packages:

 php php-mbstring php-pear php-fpm

User directories using mod_user_dir enabled in:

  • /etc/httpd/conf.d/userdir.conf

and set SELinux/permissions:

setsebool -P httpd_enable_homedirs 1
chmod 711 /home/someuser
chmod 755 /home/someuser/public_html

After updating certificate (and key) SELinux may not allow access. Fix with:

restorecon -v /etc/pki/tls/certs/www.smithnet.org.uk.cert.pem

Use Basic Auth to hide a specific directory with user validation:

   <Directory "/var/www/html/protected">
       AuthType Basic
       AuthName "Protected Area"
       AuthBasicProvider file
       AuthUserFile "/etc/httpd/passwords"
       Require valid-user
   </Directory>

Update user accounts with:

htpasswd /etc/httpd/passwords jblogs

HTTP/2

Enable (globally or in a virtual host):

Protocols h2 h2c http/1.1

Use curl to check protocol switching:

curl --http2 -v localhost
...
< HTTP/1.1 101 Switching Protocols
< Upgrade: h2c
< Connection: Upgrade
* Received 101
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 200
...

Mediawiki

  • Install PHP, including php-pgsql driver and php-pecl-apcu object caching.
  • Uncomment in /etc/httpd/conf.d/mediawiki.conf

Set SELinux:

setsebool -P httpd_read_user_content 1
setsebool -P httpd_can_network_connect 1
setsebool -P httpd_can_network_connect_db 1
  • Run setup http://hostname/wiki
    • Allow it to create DB user/schema
  • Configuration: /var/www/wiki/LocalSettings.php

Customisations:

$wgServer           = "http://www.smithnet.org.uk";
$wgEmergencyContact = "[email protected]";
$wgPasswordSender   = "[email protected]";
$wgLogos = [
        '1x' => "/images/smithnet_wiki.png",
        'icon' => "/images/smithnet_wiki.png",
];

Icon is nominally 50×50 pixels if SVG, or 100×100 pixels if raster. The 1x version hould be 135px wide by up to ~155px tall.

Ensure file uploads are allowed, and add new allowed file types:

$wgEnableUploads = true;
$wgFileExtensions = array_merge(
   $wgFileExtensions, [
       'pdf', 'ppt', 'jp2', 'doc', 'docx', 'xls', 'xlsx'
   ]

);

Extra Logging:

$wgShowExceptionDetails = true;

Math

The Math extension is now distributed in:

/var/www/wiki/extensions/Math

Add to configuration:

wfLoadExtension( 'Math' );
$wgDefaultUserOptions['math'] = 'mathml';

Update the database through the UI:

/wiki/mw-config/index.php

and check the Special:Version and Special:Math pages.

Access Control

Prevent anonymous users creating accounts:

$wgGroupPermissions['*']['createaccount'] = false;

Prevent anonymous editing:

$wgGroupPermissions['*']['edit'] = false;

Allow anonymous reading:

$wgGroupPermissions['*']['read'] = true;

Export/Import

Export all content as XML:

php /usr/share/mediawiki/maintenance/dumpBackup.php --full --conf /var/www/wiki/LocalSettings.php > dump.xml

or use the UI: Special pages -> Export pages.

After RPM upgrade, may need to update database schema:

/usr/share/mediawiki/maintenance/update.php

Or use the UI: Special pages -> Import pages. File uploading may be limited by PHP (/etc/php.ini):

upload_max_filesize = 25M

or HTTPD (0 is unlimited):

LimitRequestBody 0

Importing images from /wiki/images should be possible from the maintenance/importImages.php script, but this didn't recognise any images for me.

Tomcat

  • /etc/tomcat/conf/server.xml (define required connectors)
  • /etc/tomcat/conf/tomcat-users.xml
  • Webapps deplyed to: /var/lib/tomcat/webapps
    • tomcat-webapps
    • tomcat-docs-webapps
    • tomcat-admin-webapps