FreeBSD 13.2 Jail Local Mediawiki Nginx MySQL: Difference between revisions

From CompleteNoobs
Jump to navigation Jump to search
(Created page with "==Hosting a Local Wiki in a FreeBSD Jail== View the FreeBSD 13.2 Jails page to setup a jail in freebsd This tut will will assume you have: * Jail setup at path '''/pods/mediawiki''' * Allowed Jail IP through Firewall * copied over your '''resolv.conf''' to jail ===jail.conf=== Create a configuration file for your jail. The following example assumes you're using the jail utility provided by FreeBSD: Edit '''/etc/jail.conf''' and add the followi...")
 
Line 200: Line 200:


<pre>
<pre>
user www www;


worker_processes  1;
worker_processes  1;
Line 245: Line 246:
<div class="mw-collapsible-content">
<div class="mw-collapsible-content">
the key components of the file:
the key components of the file:
:    '''user www www;''': specifies the user and group that the Nginx worker processes will run as. In this case, both the user and group are set to www.


:    '''worker_processes 1;''': This directive sets the number of worker processes, which handle incoming connections and process requests. In this case, it's set to 1, meaning only one worker process will handle requests.
:    '''worker_processes 1;''': This directive sets the number of worker processes, which handle incoming connections and process requests. In this case, it's set to 1, meaning only one worker process will handle requests.

Revision as of 11:07, 10 May 2023

Hosting a Local Wiki in a FreeBSD Jail

View the FreeBSD 13.2 Jails page to setup a jail in freebsd This tut will will assume you have:

  • Jail setup at path /pods/mediawiki
  • Allowed Jail IP through Firewall
  • copied over your resolv.conf to jail

jail.conf

Create a configuration file for your jail. The following example assumes you're using the jail utility provided by FreeBSD:

Edit /etc/jail.conf and add the following jail configuration:

If /etc/jail.conf does not exist, create it with touch /etc/jail.conf

$EDITOR /etc/jail.conf 

localwiki {
  host.hostname = "local.wiki";
  ip4.addr = "re0|192.168.0.33";
  path = "/pods/mediawiki";
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";
  exec.clean;
  mount.devfs;
}
  • Replace
    • localwiki to what you would like your jail called
    • host.hostname = "<the_host_name_for_jail>";
    • ip4.addr = <ip_address_for_jail_to_use>;
      • "re0|192.168.0.33" where 're0' is my Network Interface Card (NIC).
      • You can find your Network Interface Card (NIC) by running the command ifconfig.
      • 192.168.0.33 is the IP address I want to assign to the jail within the 192.168.0.0/24 subnet of my network.
    • path = "</path/to/jail>";
      • The path where the jail resides (e.g., "/pods/mediawiki").
  • NOTES (this was not needed):
    • allow.sysvipc: Allows System V IPC primitives to be used within the jail. This might be necessary for some PHP extensions or applications that rely on shared memory.
    • allow.raw_sockets: Allows raw sockets to be used within the jail. This might be required for certain PHP functions or extensions that use raw socket communication.

Login to jail and Install required packages

  • Start jail localwiki and login

sudo jail -c localwiki

sudo jexec localwiki /bin/sh

  • Initialize pkg

pkg update

  • Install packages

pkg install nginx mediawiki139-php82-1.39.3 py39-pygments mysql80-server unzip

Check for the latest packages required (info here):

The package names might have changed due to newer versions being available. You can search for the latest package names using the pkg search command.

  • mysql80-server
    • pkg search mysql | grep server
    • mysql80-server is still the highest version number
  • py38-pygments
    • pkg search pygments
    • A higher version is available: py39-pygments
  • Mediawiki
    • pkg search mediawiki

Installing mediawiki from pkg will also install the php extensions required for mediawiki to work 

pkg install mediawiki139-php82-1.39.3
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Updating database digests format: 100%
The following 49 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	ca_root_nss: 3.89
	curl: 8.0.1
	cyrus-sasl: 2.1.28
	groff: 1.22.4_4
	hidapi: 0.13.1
	icu: 72.1,1
	indexinfo: 0.3.1
	libargon2: 20190702
	libcbor: 0.10.2
	libcjson: 1.7.15_1
	libedit: 3.1.20221030,1
	libevent: 2.1.12
	libfido2: 1.13.0
	libiconv: 1.17
	libidn2: 2.3.4
	liblz4: 1.9.4,1
	libnghttp2: 1.52.0
	libpaper: 1.1.28
	libpsl: 0.21.2_2
	libssh2: 1.10.0_1,3
	libunistring: 1.1
	libunwind: 20211201_1
	libxml2: 2.10.4
	mediawiki139-php82: 1.39.3
	mysql80-client: 8.0.32
	oniguruma: 6.9.8_1
	openldap26-client: 2.6.4
	pcre2: 10.42
	perl5: 5.32.1_3
	php82: 8.2.4
	php82-ctype: 8.2.4
	php82-dom: 8.2.4
	php82-fileinfo: 8.2.4
	php82-filter: 8.2.4
	php82-iconv: 8.2.4
	php82-intl: 8.2.4
	php82-mbstring: 8.2.4
	php82-mysqli: 8.2.4
	php82-readline: 8.2.4
	php82-session: 8.2.4
	php82-sockets: 8.2.4
	php82-xml: 8.2.4
	php82-xmlreader: 8.2.4
	php82-zlib: 8.2.4
	protobuf: 3.21.12,1
	psutils: 1.17_5
	readline: 8.2.0
	uchardet: 0.0.8
	zstd: 1.5.4

Number of packages to be installed: 49

The process will require 582 MiB more space.
88 MiB to be downloaded.

Start Nginx on FreeBSD and configure it to point to MediaWik

  • Mediawiki when installed with pkg will install in path /usr/local/www/mediawiki

To start Nginx on FreeBSD and configure it to point to MediaWiki installed in /usr/local/www/mediawiki, follow these steps:

Enable Nginx by adding the following line to the /etc/rc.conf file

sysrc nginx_enable="YES"

Start Nginx using the service command

service nginx start

  • can now test by visiting your jails IP on a web browser - should see 'Welcome to nginx' page
    • Note: use http and not https

Enable and Start php-fpm

sysrc php_fpm_enable="YES"

service php-fpm start

Make sure the PHP-FPM pool is using the Unix socket /var/run/php-fpm.sock. Open the PHP-FPM configuration file:

$EDITOR /usr/local/etc/php-fpm.d/www.conf

Look for the listen directive in the configuration file. If it's set to an IP address and port (e.g., listen = 127.0.0.1:9000), change it to use the Unix socket /var/run/php-fpm.sock: 

listen = /var/run/php-fpm.sock
In the same configuration file, ensure that the listen.owner, listen.group, and listen.mode directives are set as follows:
listen.owner = www
listen.group = www
listen.mode = 0660

These settings ensure that Nginx can access the PHP-FPM Unix socket.

Save the configuration file and exit the editor.
Restart PHP-FPM to apply the changes:

service php-fpm restart

Check if the /var/run/php-fpm.sock file is now present:

ls -l /var/run/php-fpm.sock

Create a new Nginx server block configuration file for your MediaWiki site.

  • /usr/local/etc/nginx/nginx.conf is already backed up in /usr/local/etc/nginx/nginx.conf-dist

$EDITOR /usr/local/etc/nginx/nginx.conf

Add the following server block configuration to the file:
user www www;

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    server {
    listen       80;
    server_name  localhost;

    root   /usr/local/www/mediawiki;
    index  index.php;

    location / {
        try_files $uri $uri/ @mediawiki;
    }

    location @mediawiki {
        rewrite ^/([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   unix:/var/run/php-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}
}

Explanation: /usr/local/etc/nginx/nginx.conf Content:

the key components of the file:

user www www;: specifies the user and group that the Nginx worker processes will run as. In this case, both the user and group are set to www.
worker_processes 1;: This directive sets the number of worker processes, which handle incoming connections and process requests. In this case, it's set to 1, meaning only one worker process will handle requests.
events { worker_connections 1024; }: This block configures the event-driven processing model. The worker_connections directive sets the maximum number of simultaneous connections that each worker process can handle. In this case, it's set to 1024.
  • The http block contains the main configuration settings for HTTP(S) servers. Within this block:
include mime.types;: Includes the MIME types configuration file, which maps file extensions to their respective MIME types.
default_type application/octet-stream;: Sets the default MIME type for files that don't match any of the defined MIME types.
sendfile on;: Enables the use of the sendfile() system call for more efficient file transfers.
keepalive_timeout 65;: Sets the timeout for keep-alive connections, which allows multiple requests to be sent over a single connection.
  • The server block defines the configuration for a specific virtual server. Within this block:
listen 80;: Specifies that the server listens on port 80 (the default HTTP port) for incoming connections.
server_name localhost;: Sets the server name to "localhost" for this configuration.
root /usr/local/www/mediawiki;: Sets the root directory for the Mediawiki website.
index index.php;: Sets the default index file for directory requests.
  • The location blocks configure how Nginx handles different types of requests:
The first location block attempts to serve the requested URI as a file or a directory. If that fails, it falls back to the @mediawiki named location.
The @mediawiki location block rewrites the request URI to pass it to Mediawiki's index.php script with the appropriate query parameters.
The location ~ \.php$ block processes PHP files by passing them to the FastCGI server (PHP-FPM) using a Unix domain socket (unix:/var/run/php-fpm.sock). The fastcgi_param and include fastcgi_params; directives configure FastCGI settings.
Test the Nginx configuration:

nginx -t

If the configuration test is successful, reload Nginx to apply the changes:

service nginx reload

Now you should be able to access your MediaWiki installation by visiting your domain name or IP address in your browser. But Wait there's more, need to setup the MySQL database.

Setting up MySQL

Set up the MySQL server and create a database for MediaWiki on FreeBSD:

Initialize the MySQL server

/usr/local/libexec/mysqld --initialize --user=mysql --datadir=/var/db/mysql

Explanation of the command and its options:

  • /usr/local/libexec/mysqld: The full path to the MySQL server binary on FreeBSD.
  • --initialize: This option initializes the data directory and creates the system tables required for the MySQL server to function properly.
  • --user=mysql: Specifies the system user that the MySQL server will run as. On FreeBSD, the default user for the MySQL server is mysql. This option ensures that the created files and directories have the proper ownership.
  • --datadir=/var/db/mysql: Specifies the data directory for the MySQL server. The data directory is where the server stores its databases, tables, and related files. On FreeBSD, the default location for the MySQL data directory is /var/db/mysql.

Output should be something like this: 

# /usr/local/libexec/mysqld --initialize --user=mysql --datadir=/var/db/mysql
2023-05-01T18:17:53.389205Z 0 [System] [MY-013169] [Server] /usr/local/libexec/mysqld (mysqld 8.0.32) initializing of server in progress as process 2170
mysqld: Error on delete of '/var/db/mysql/auto.cnf' (OS errno 2 - No such file or directory)
2023-05-01T18:17:53.458035Z 0 [Warning] [MY-010107] [Server] World-writable config file '/var/db/mysql/auto.cnf' has been removed.
2023-05-01T18:17:53.471999Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2023-05-01T18:17:54.808131Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2023-05-01T18:17:58.661498Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: q17mjt8qnl:I

This will create the necessary system tables and set up the initial MySQL data directory structure. The output will also display a temporary password for the root user, which you will need to use when running mysql_secure_installation. Make sure to note this temporary password, as you will be prompted to change it during the mysql_secure_installation process.

Enable the MySQL server to start automatically when the jail boots by appending the following line to the jail's rc.conf file. Make sure to use >> to append the configuration without overwriting the existing content:

sysrc mysql_enable="YES"

Start the MySQL server

service mysql-server start

Secure the MySQL installation by running the security script. You'll be prompted to set the root password and answer a series of questions to secure the installation:

mysql_secure_installation

Log in to the MySQL server using the root user and the password you set during the security script:

mysql -u root -p

Once logged in, create a new user and database for MediaWiki:

CREATE USER 'username'@'localhost' IDENTIFIED BY 'passwd';

CREATE DATABASE my_wiki_db;

GRANT ALL ON my_wiki_db.* TO 'username'@'localhost';

FLUSH PRIVILEGES;

quit;

Replace username, passwd, and my_wiki_db with the desired username, password, and database name.

Now you should have a working MySQL server and a database ready for your MediaWiki installation. Proceed with configuring MediaWiki to use this database.


Configure Mediawiki

Visit the IP address of your jail in a web browser using http and NOT https (we have not setup and ssl certs)

You will now find yourself on the mediawiki setup landing page.

MediaWiki 1.39.3 LocalSettings.php not found. Please complete the installation and download LocalSettings.php.

Click complete the installation

Language Page

Just pick a language mate

Welcome to MediaWiki!

read and click Continue

Connect to database - going to need the details from when you created the database.

Database host:localhost
Database name:my_wiki_db
Database table prefix (no hyphens): LEAVE BLANK
Database username:username
Database password:passwd

Replace: my_wiki_db, username and passwd with your Database Name, Database Username and Database Password you setup in the MySQL stage.

Database Settings

Database account for web access
[x]Use the same account as for installation
Leave ticked

Name

Name of wiki:LocalWiki
Project namespace:
[x]Same as the wiki name:
[ ]Project
[ ]Other (specify)
Administrator account Will be the admin account on the wiki.
CLICK I'm bored already, just install the wiki.

At the end you would of downloaded a file called LocalSettings.php

Now lets send it to the mediawiki jail.

In my case the jail is running on a headless nuc home server and i have the file on a ubuntu laptop so:

1. Send LocalSettings.php to home server scp Downloads/LocalSetting.php <user>@<home_server_IP>:/usr/home/<user>/
2. Send to mediawiki directory in jail cp LocalSettings.php /pods/mediawiki/usr/local/www/mediawiki/
  • Do Not Refresh the Web Page or you will Redownload LocalSettings.php
  • Revisit your jails IP in web browser and you should see your wiki up and running.

Add Extensions to Mediawiki

Youtube

https://www.mediawiki.org/wiki/Extension:YouTube

wget https://extdist.wmflabs.org/dist/extensions/YouTube-REL1_39-f272bb3.tar.gz

tar -xzf YouTube-REL1_39-f272bb3.tar.gz -C /var/www/html/mediawiki/extensions/

  • FreeBSD

fetch https://extdist.wmflabs.org/dist/extensions/YouTube-REL1_39-f272bb3.tar.gz

tar -xzf YouTube-REL1_39-f272bb3.tar.gz -C /usr/local/www/mediawiki/extensions/

  • Append to LocalSettings.php

wfLoadExtension( 'YouTube' );


  • Defaults width=640 pixels height=385 pixels
  • Change defaults <youtube width="800" height="400">wB4gvSgYmfY</youtube>

Syntax highlighting

We have already Installed pygments

Add to LocalSettings:
wfLoadExtension( 'SyntaxHighlight_GeSHi' );

Importing a mediawiki xml dump to your localwiki

fetch https://xml.completenoobs.com/xmlDumps/01_05_23.Noobs/01_05_23.Noobs.xml

php /usr/local/www/mediawiki/maintenance/importDump.php --conf /usr/local/www/mediawiki/LocalSettings.php 01_05_23.Noobs.xml

php /usr/local/www/mediawiki/maintenance/rebuildrecentchanges.php && php /usr/local/www/mediawiki/maintenance/initSiteStats.php && php /usr/local/www/mediawiki/maintenance/rebuildall.php


Visit Jails IP Address on web browser

A Basic local wiki should be run and running

Retrieved from "http:///noobs/index.php?title=FreeBSD_13.2_Jail_Local_Mediawiki_Nginx_MySQL&oldid=407"