Sysadmin grodoudou wikizam 08062012

Session

• user : root
• host : grodoudou.seizam.com
• date : 08/06/12 16:08
• curpath : /root

Commands

 [email protected]# a2enmod rewrite
 [email protected]# a2enmod proxy
 [email protected]# a2enmod proxy_http
 [email protected]# /etc/init.d/apache2 restart

 [email protected]# cd /var/
 [email protected]# mkdir wikizam
 [email protected]# cd wikizam/
 [email protected]# mkdir versions
 [email protected]# mkdir versions/trunk

 [email protected]# ln -s /var/wikizam/versions/trunk/ deployed

• Edit /var/wikizam/_ServerSettings.php, see [1]

 [email protected]# chmod 700 _ServerSettings.php

 [email protected]# mkdir captcha
 [email protected]# apt-get install python-imaging
 [email protected]# python captcha.py --font=/usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf  --wordlist=/usr/share/dict/american-english --key=thekey --output=/var/wikizam/captcha/ --count=5000 --dirs=2 --v

• Edit /var/wikizam/maintenance.html, see [3]

 [email protected]# mv maintenance.html index.php
 [email protected]# mkdir maintenance
 [email protected]# mv index.php maintenance/

 [email protected]# chgrp -R www-data *
 [email protected]# chmod -R o-rwx *

 [email protected]# mkdir cache
 [email protected]# chgrp www-data cache
 [email protected]# chmod 770 cache/

 [email protected]# cd /root/

• Edit /root/update-and-deploy-wikizam-trunk.sh, see [4]

 [email protected]# chmod 550 update-and-deploy-wikizam-trunk.sh
 [email protected]# ./update-and-deploy-wikizam-trunk.sh

• Edit /etc/apache2/sites-available/seizam.com, see [6]

 [email protected]# mkdir /var/public-files

• Restore files by uploading archive with a command from the repository machine like scp -P 65422 /home/yannouk/backup-files/files.tar.gz [email protected]:/home/yannouk/ then untar and move files using commands like:
  • [email protected]# cd /home/yannouk/
  • [email protected]# tar -zxvf files.tar.gz
  • [email protected]# mv /home/yannouk/var/www/files/* /var/public-files/

 [email protected]# chgrp -R www-data /var/public-files/
 [email protected]# chmod -R 750 /var/public-files/

 [email protected]# a2ensite seizam.com
 [email protected]# a2dissite default
 [email protected]# mv /etc/apache2/sites-enabled/seizam.com /etc/apache2/sites-enabled/010-seizam.com

 [email protected]# /etc/init.d/apache2 restart

• Start Mediawiki web installer accesing it from /mw-config url
• Edit /etc/apache2/sites-enabled/010-seizam.com, see [11]

 [email protected]# /etc/init.d/apache2 reload

• Edit /var/wikizam/_ServerSettings.php, using some LocalSettings.php value, see [12]
• Edit /etc/php5/apache2/php.ini, see [13]

 [email protected]# /etc/init.d/apache2 restart

Files

• [1] Edit /var/wikizam/_ServerSettings.php

• [3] Edit /var/wikizam/maintenance.html

--- old	2012-06-08 17:02:21.000000000 +0200
+++ new	2012-06-08 17:02:48.000000000 +0200
@@ -0,0 +1,5 @@
+<html>
+<body>
+Maintenance in progress...
+</body>
+</html>

• [4] Edit /root/update-and-deploy-wikizam-trunk.sh

#!/bin/sh

echo "Updating /var/wikizam/versions/trunk/ with git trunk and deploy it"
echo "------------------------------------------------------------------"

echo "Downloading WikiZam trunk release from Seizam Git..."
cd /root/seizam-git/seizamcore
git checkout master
git pull origin master

echo "Graceful stopping Apache2..."
/etc/init.d/apache2 graceful-stop

echo "Displaying maintenance message..."
rm /var/wikizam/deployed
ln -s /var/wikizam/maintenance /var/wikizam/deployed

echo "Starting Apache2..."
/etc/init.d/apache2 start

echo "Updating trunk..."
rm -R /var/wikizam/versions/trunk/*
cp -R /root/seizam-git/seizamcore/WikiZam/* /var/wikizam/versions/trunk

echo "Using _ServerSettings.php as the config file..."
rm /var/wikizam/versions/trunk/ServerSettings.php
cp /var/wikizam/_ServerSettings.php /var/wikizam/versions/trunk/ServerSettings.php

echo "Setting file rights and ownership..."
chgrp -R www-data /var/wikizam/versions/trunk/*
chmod -R o-rwx /var/wikizam/versions/trunk/*
chmod -R g+rx /var/wikizam/versions/trunk/*

echo "Running update.php script, can take a while..."
cd /var/wikizam/versions/trunk
php maintenance/update.php --quick

echo "Graceful stopping Apache2..."
/etc/init.d/apache2 graceful-stop

echo "Removing maintenance message..."
rm /var/wikizam/deployed
ln -s /var/wikizam/versions/trunk/ /var/wikizam/deployed

echo "Starting Apache2..."
/etc/init.d/apache2 start

echo "END"
cd /root

• [6] Edit /etc/apache2/sites-available/seizam.com

--- old	2012-06-08 17:33:19.000000000 +0200
+++ new	2012-06-08 17:45:22.000000000 +0200
@@ -0,0 +1,88 @@
+<VirtualHost *:80>
+
+	ServerAdmin [email protected]
+
+	ServerName grodoudou.seizam.com
+	ServerAlias www.seizam.com
+
+       # Allow / encoded as %xx value in url (compatibility with some browsers)
+       AllowEncodedSlashes On
+
+       # Ensure that htaccess cannot deactivate PHP
+       php_admin_flag engine on
+
+	DocumentRoot /var/www
+
+        <Directory />
+                Options None
+                AllowOverride None
+                Order Deny,Allow
+                Deny from all
+        </directory>
+
+	<Directory /var/wikizam>
+		Options FollowSymLinks MultiViews
+		AllowOverride None
+		Order allow,deny
+		allow from all
+	</directory>
+
+	<Directory /var/public-files>
+                Options Indexes FollowSymLinks MultiViews
+                AllowOverride None
+                Order allow,deny
+                allow from all
+        </directory>
+
+	# Entrance for Electronic Payment back interface (EPTBack).The
+        # bank needs a static .php file with many parameters (phone/mail
+        # them to change adress). WikiZam needs a special page
+        # (index.php?title=Special:EPTBack). Mod_rewrite creates a proxy
+        # to map bank's needs to WikiZam needs. Flags: P (Proxy, use
+        # mod_proxy), NE (No Escape [for %]), QSA (Query String Added
+        # [Passes Query from request to target])
+        <IfModule mod_rewrite.c>
+        	RewriteEngine On
+        	RewriteRule ^/eptback.php http://www.seizam.com:80/index.php?title=Special:ElectronicPayment&action=EPTBack [P,NE,QSA]
+        </ifmodule>
+
+        <IfModule mod_alias.c>
+
+               # Our public files folder
+                Alias /files    /var/public-files
+
+                # Default apache2 mod_alias directive, wich enable access to system icons
+                # (need to be repeted here, if not the last / alias override it)
+                Alias /icons    /usr/share/apache2/icons  
+
+                # Main aliases to put wikizam at root, as seen on mediawiki.org/wiki/Manual:Short_URL
+                #Alias /extensions      /var/wikizam/deployed/extensions
+                #Alias /resources       /var/wikizam/deployed/resources
+                #Alias /favicon.ico     /var/wikizam/deployed/favicon.ico
+                Alias /mw-config       /var/wikizam/deployed/mw-config
+                Alias /skins            /var/wikizam/deployed/skins
+                Alias /robots.txt       /var/wikizam/deployed/robots.txt
+                ScriptAlias /img_auth.php       /var/wikizam/deployed/img_auth.php/
+                ScriptAlias /load.php           /var/wikizam/deployed/load.php/
+                ScriptAlias /api.php            /var/wikizam/deployed/api.php/
+                ScriptAlias /                   /var/wikizam/deployed/index.php/
+
+        </ifmodule>
+
+        # Configuring php for seizam
+        <IfModule mod_php5.c>
+
+                # Maximum number of files that can be uploaded via a single request
+                php_value max_file_uploads 1
+
+                # 200 Mb max for file uploads
+                php_value upload_max_filesize 200M
+                php_value post_max_size 200M
+
+                # Need to be larger than upload_max_filesize
+                php_value memory_limit 256M
+
+                # 10 minutes input time (needed for big uploads)
+                php_value max_input_time 600
+
+        </ifmodule>
+
+
+	ErrorLog ${APACHE_LOG_DIR}/error.log
+
+	# Possible values include: debug, info, notice, warn, error, crit,
+	# alert, emerg.
+	LogLevel warn
+
+	CustomLog ${APACHE_LOG_DIR}/access.log combined
+
+</virtualhost>
+

• [11] Edit /etc/apache2/sites-enabled/010-seizam.com

--- old	2012-06-11 14:45:51.000000000 +0200
+++ new	2012-06-11 14:46:07.000000000 +0200
@@ -57,3 +57,3 @@
                 #Alias /favicon.ico     /var/wikizam/deployed/favicon.ico
-                Alias /mw-config        /var/wikizam/deployed/mw-config 
+                #Alias /mw-config       /var/wikizam/deployed/mw-config 
 		 Alias /skins            /var/wikizam/deployed/skins

• [12] Edit /var/wikizam/_ServerSettings.php

<?php
# Following settings are normally found in LocalSettings.
# To increase security and ease migration, server related settings have been moved here.
#
# See includes/DefaultSettings.php for all configurable settings
# and their default values, but don't forget to make changes in _this_
# file, not there.
#
# Further documentation for configuration settings may be found at:
# http://www.mediawiki.org/wiki/Manual:Configuration_settings

# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
	exit;
}

# The URL base path to the directory containing the wiki;
# defaults for all runtime URL paths are based off of this.
# For more information on customizing the URLs please see:
# http://www.mediawiki.org/wiki/Manual:Short_URL
$wgScriptPath = "";
$wgArticlePath = "/$1";
$wgUsePathInfo = true;
$wgScriptExtension = ".php";

# Mail
$wgEmergencyContact = "[email protected]";
$wgPasswordSender = "[email protected]";

# Database settings
$wgDBtype = "mysql";
$wgDBserver = "localhost";
$wgDBname = "wikidb";
$wgDBuser = "wikiuser";
$wgDBpassword = "A_SECRET_STRING";

## Shared memory settings
$wgMainCacheType    = CACHE_ACCEL;
$wgMemCachedServers = array();
$wgSessionsInMemcached = true;
$wgCacheDirectory = "/var/wikizam/cache";

# MySQL specific settings
$wgDBprefix = "";

## If you use ImageMagick (or any other shell command) on a
## Linux server, this will need to be set to the name of an
## available UTF-8 locale
$wgShellLocale = "en_GB.utf8";

# Used to generate random string
$wgSecretKey = "A_SECRET_STRING"; // set MW web installer, yannouk 11.6.2012

# Used to secure the web installer
$wgUpgradeKey = "A_SECRET_STRING"; // set MW web installer, yannouk 11.6.2012

# Where are stored user files
$wgUploadPath = "$wgScriptPath/img_auth.php";
$wgUploadDirectory = '/var/szfiles';

# Mail sending
$wgSMTP = array(
        'host' => 'ssl://smtp.gmail.com',
        'IDHost' => 'seizam.com',
        'port' => 465,
        'username' => '[email protected]',
        'password' => 'A_SECRET_STRING',
        'auth' => true
     );

# FancyCaptcha with ConfirmEdit
$wmgCaptchaStorageClass = 'CaptchaCacheStore'; // use cache instead of session, so cookies not needed, but cache required
$wmgCaptchaSecret = "A_SECRET_STRING"; // set while main setup, yannouk 8.6.2012
$wmgCaptchaDirectory = "/var/wikizam/captcha"; 
$wmgCaptchaDirectoryLevels = 2; // To break into subdirectories
# Generate images using something like:
//  python captcha.py --font=/usr/share/fonts/truetype/freefont/FreeSans.ttf --wordlist=/usr/share/dict/words --key=a_secret_key --output=./default_images/ --count=50 --dirs=1

# Configure regexps that will trigger a captcha
// Possibly a broken spambot, or a spambot being tested before a real run.
// Hitting lots of wikis in late June 2006
$wmgCaptchaRegexes[] = '/\b\d{22,28}\b/';
// Somebody's been repeatedly hitting some user talk pages and other arts
// with this; February 2007
$wmgCaptchaRegexes[] = '/\{\{indefblockeduser\}\}/';
// Mystery proxy bot
// http://en.wikipedia.org/w/index.php?title=Killamanjaro&diff=prev&oldid=168037317
$wmgCaptchaRegexes[] = '/^[a-z0-9]{5,}$/m';
// 'XRumer' spambot
// adds non-real links
// http://meta.wikimedia.org/wiki/User:Cometstyles/XRumer
// http://meta.wikimedia.org/wiki/User:Jorunn/tracks
// (added 2008-05-08 -- brion)
$wmgCaptchaRegexes[] = '/<a +href/i';
// https://bugzilla.wikimedia.org/show_bug.cgi?id=14544
// 2008-07-05
$wmgCaptchaRegexes[] = '/\b(?i:anontalk\.com)\b/';

/* Electronic Payment : CIC configuration vars */
# Settings
# TPE Settings
# Warning !! CMCIC_Config contains the key, you have to protect this file with all the mechanism available in your development environment.
# You may for instance put this file in another directory and/or change its name.

define("CMCIC_CLE", "A_SECRET_STRING");
define("CMCIC_TPE", "A_SECRET_STRING");
define("CMCIC_VERSION", "3.0");
define("CMCIC_SERVEUR", "https://ssl.paiement.cic-banques.fr/test/");
define("CMCIC_CODESOCIETE", "seizamsarl");
define("CMCIC_URLOK", "http://www.seizam.com/Special:ElectronicPayment/success");
define("CMCIC_URLKO", "http://www.seizam.com/Special:ElectronicPayment/fail");

$wgCMCIC_config = array('key' => CMCIC_CLE,
 'ept' => CMCIC_TPE,
 'version' => CMCIC_VERSION,
 'server' => CMCIC_SERVEUR,
 'companyCode' => CMCIC_CODESOCIETE,
 'urlOK' => CMCIC_URLOK,
 'urlKO' => CMCIC_URLKO);

# Production Settings (toggling debug msg OFF)
# Php error displayed
error_reporting(0);

# Stack trace not displayed
$wgShowExceptionDetails = false;

# SQL error not displayed
$wgShowSQLErrors = false;
$wgDebugDumpSql = false;

# ResourceLoader Production mode
$wgResourceLoaderDebug = false;

• [13] Edit /etc/php5/apache2/php.ini

--- old	2012-06-11 17:56:48.000000000 +0200
+++ new	2012-06-11 18:33:00.000000000 +0200
@@ -449,3 +449,4 @@
 ; http://php.net/max-input-time
-max_input_time = 60
+; This limit include the time used for an upload
+max_input_time = 400
 
@@ -460,3 +461,4 @@
 ; http://php.net/memory-limit
-memory_limit = 128M
+; Need to be larger than upload_max_filesize
+memory_limit = 256M
 
@@ -730,3 +732,3 @@
 ; http://php.net/post-max-size
-post_max_size = 8M
+post_max_size = 200M
 
@@ -881,6 +883,6 @@
 ; http://php.net/upload-max-filesize
-upload_max_filesize = 2M
+upload_max_filesize = 200M
 
 ; Maximum number of files that can be uploaded via a single request
-max_file_uploads = 20
+max_file_uploads = 1