Installing Media-Wiki on Nethserver

Hi there,

I just like to give my two cents because I am creating a new nethserver install (NS 7.6). I moved my old mediawiki software from Zentyal (Ubuntu) to nethserver. I am using the standard vhosts directory. What I did and worked:

yum install php-xml php-intl php-gd ImageMagick

ImageMagick is necessary if you like to use thumbnail creation.

Go to the Mediawiki homepage and download the stable package. You can do this by eather download the tar.gz to your PC and then upload it to you server (ftp, winscp, scp, rsync) or copy the link address of the file (right mouse click and copy the link).

If you copied to file the clipboard, you than can change to the installation directory into the root of your vhost directory (in vhost/domainX/., not vhost/domainX/mediawikiXXX/.) and download the file:

cd /var/lib/netzserver/vhost/domainX
wget -c https://releases.wikimedia.org/mediawiki/VERSION/mediawiki-VERSION.tar.gz

Then do:

tar xzvf mediawiki-VERSION.tar.gz
mv mediawiki-VERSION mediawi

Do yourself a favor because of future updates and do not use “mediawiki-VERSION” as folder name - versions change. If you know how, you can use symlinks (but this will require a configuration vhosts change).

Create a database, dbuser as usual. You’ll need the mysql root password which you will find per default in /root/.my.cnf. Please don’t use “password” in the next section, but change it to a real one :wink:

mysql -u root -p
# you will be prompted silently !!! for the root pass of mysql server
CREATE DATABASE mediawikidb;
CREATE USER 'mediawikidbuser'@'localhost' IDENTIFIED BY 'myFancyMediawikidbuserPassword';
GRANT ALL PRIVILEGES ON mediawikidb.* TO 'mediawikidbuser'@'localhost' WITH GRANT OPTION;

Configure your LocalSettings.php of MediaWiki.
There are many HowTo’s out there and on the main page of Mediawiki how to install it manually. This is not and cannot be part of this HowTo.

I am not using FTP. But you could use it. Because of that we change the user of the directory form ftp:apache to apache:apache. The sticky bit gives a little bit more security (we could only set it for directories, but it does not harm to set it globally).

cd /var/lib/nethserver/vhost
chown -R apache:apache domainX 
chmod -R +s domainX
cd domainX

Harden the directory access by removing rights to others (might break the usage of ftp?!):

find . -type f -exec chmod 2640 {} \;  
find . -type d -exec chmod 2750 {} \; 

For the virtualhost.conf I created a new key for vhosts called DirectoryMediawiki which creates the necessary entries.

vim /etc/e-smith/templates-custom/httpd/vhost-extra/55DirectoryMediawiki

{
    use esmith::ConfigDB;
    my $vdb = esmith::ConfigDB->open_ro('vhosts') || die("Can't open vhosts db");
    my $DirectoryMediawiki = $vdb->get_prop("$VhostName",'DirectoryMediawiki') || 'disabled';

    $OUT = '';
    $DOCROOT = "{{$DocumentRoot}}";
    $DOCROOT =~ tr/\{//d;
    $DOCROOT =~ tr/\}//d;
    $MYHOST = "{{$ServerName}}";
    $MYHOST =~ tr/\{//d;
    $MYHOST =~ tr/\}//d;

    if ($DirectoryMediawiki eq 'enabled') {
        $OUT .= <<MWINSTALL;
# 55DirectoryMediawiki
<Directory $DOCROOT>
    Options ExecCGI FollowSymLinks
    DirectoryIndex index.php
    AllowOverride All
    Require all granted
    DefaultType application/x-httpd-php
    RewriteEngine On
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.+)\$ /index.php?title=\$1 [L,QSA]
    RewriteCond %{HTTP_HOST} ^www.${MYHOST}\$ [NC]
    RewriteRule ^(.*) http://${MYHOST}\$1 [L,R\=301]
</Directory>
MWINSTALL
    } else {
         $OUT = '';
    }
}

Activate it with

 db vhosts setprop domainX DirectoryMediawiki enabled

Check with db vhosts show `domainX. Then reconfigure the files for testing:

 expand-template /etc/httpd/conf.d/virtualhosts.conf
 service httpd restart

For normal activation use:

 signal-event nethserver-httpd-update

My wiki is here: https://wiki.blue-it.org.

Cheers Axel

5 Likes

Thanks for your howto. It looks very useful

Thanks :slight_smile:

please could explain better this, I am sure that a lot of people needs it 
hourra for this tutorial and thank a lot

Hi Axel,

Very nice how-to.
I appreciate greatly.

- I did a vhhost: mediawiki with virtual host names: mediawiki.FQDN,www.mediawiki.FQDN without links to alias.
- I created a DNS entry with wildcard dns record: mediawiki.FQDN
- I didn’t use 55DirectoryMediawiki.

- I installed MediaWiki-1.31 LTS.

The only warning is:

Warning: The intl PECL extension is not available to handle Unicode normalization, falling back to slow pure-PHP implementation.
If you run a high-traffic site, you should read a little on Unicode normalization.
The environment has been checked. You can install MediaWiki.

and

Creating oathauth_users table ...done.
...oathauth_users table does not contain secret_reset field.

- After installation I did:

So far, all is working correctly.

Hoping that it is as secure as your.

Please tell me if I did something wrong.
- I am not sure about adding the vhost name: www.mediawiki.FQDN since the DNS wildcard should take care of it ???

Thank you so much for your great works,

Michel-André

Done :wink: - Sorry for the late reply, I had been very busy.

Cheers, Axel

Hi Michel-André,

that should do it. The warnings you should be able to eliminate with installing the necessary packages.

Concerning the www/non-www domain: I just saw, that I do not have the www-Alias in my virtualhost.conf. I have to dig into this later, because I am very busy in the moment.

Cheers, Axel

Hi Axel,

I am trying to install VirtualEditor in MediaWiki following https://www.howtoforge.com/tutorial/how-to-install-visualeditor-for-mediawiki-on-centos-7/.

When I go to my MediaWiki, I have a white page.

You have an idea?

Michel-André

Missing php dependencies, check httpd log error, included ssl logs

Exactly what came into my mind in the first place. The visual editor is an extension, so first check your (plain) mediawiki installation. You can disable your extension by simply disable it in your LocalSettings.php. Uncomment:

wfLoadExtension( ‘VisualEditor’ );
// wfLoadExtension( ‘VisualEditor’ );

Then test again and check then prerequisites of the install. I am sure, there is something missing.

My2cents to the HowTo: good, but the Howto recommends using “experimental” features. I would not use this on a production website. Or first work the “standard” features.

Good luck.

Hi Axel,

Thank you for your reply.

I followed: https://www.howtoforge.com/tutorial/how-to-install-visualeditor-for-mediawiki-on-centos-7/
I adapted for NethServer.

My MediaWiki is installed in: /var/lib/nethserver/vhost/mediawiki

Here is my LocalSettings.php: I disabled all other extensions.

#####  ***********************
# https://www.howtoforge.com/tutorial/how-to-install-visualeditor-for-mediawiki-on-centos-7/
wfLoadExtension( 'VisualEditor' );
 
// Enable by default for everybody
$wgDefaultUserOptions['visualeditor-enable'] = 1;

// Optional: Set VisualEditor as the default for anonymous users
// otherwise they will have to switch to VE
// $wgDefaultUserOptions['visualeditor-editor'] = "visualeditor";

// Don't allow users to disable it
$wgHiddenPrefs[] = 'visualeditor-enable';

// OPTIONAL: Enable VisualEditor's experimental code features
##### $wgDefaultUserOptions['visualeditor-enable-experimental'] = 1;

$wgVirtualRestConfig['modules']['parsoid'] = array(
 // URL to the Parsoid instance
 // Use port 8142 if you use the Debian package
 'url' => 'http://mediawiki.micronator-dev.org:8000',   ##### #####
 // Parsoid "domain", see below (optional)
 'domain' => 'mediawiki.micronator-dev.org',   ##### #####
 // Parsoid "prefix", see below (optional)
 'prefix' => 'mediawiki.micronator-dev.org'   ##### #####
);

If I go to http://mediawiki.micronator-dev.org:8000, I have:
image

In DNS of NethServer, I have
image

image

I added aliases for mail and www.
image

The redirection is valid for: https://www.mediawiki.micronator-dev.org/ and the certificate is up-to-date.

When I go to: http://mediawiki.micronator-dev.org I have a white page.

Is it possible that I need a redirection for port 8000 for the module Parsoid which is installed in /opt.

[root@tchana opt]# ls -als
total 4
0 drwxr-xr-x.  7 root root   82 15 janv. 11:55 .
0 dr-xr-xr-x. 17 root root  224 29 déc.  18:49 ..
4 drwxr-xr-x  14 root root 4096 15 janv. 12:12 parsoid
0 drwxr-xr-x.  7 root root   81 18 janv.  2019 puppetlabs
0 drwxr-xr-x   8 root root   84 29 déc.  19:08 remi
0 drwxr-xr-x   3 root root   27 29 déc.  19:15 rh
0 drwxr-xr-x   2 root root    6 11 janv. 13:54 VirtualEditor
[root@tchana opt]#

The VirtualEditor extension is in:

[root@tchana extensions]# ls -alsd VisualEditor/
4 drwxr-s--- 14 apache apache 4096 15 janv. 12:30 VisualEditor/
[root@tchana extensions]#

If I need another redirection, which FQDN should I use?

If I comment all VirtualEditor parameters, all is working well.

Thank you in advance,

Michel-André

Hi all,

According to:VisualEditor is not loading [RESOLVED] Problem is web-interface at git.wikimedia.org on Extension talk:VisualEditor

Tony Mach (talkcontribs)
Ok, VisualEditor is now running on my system!
And I found the problem:
If you download the VisualEditor via the web-interface at Query: Active Repositories then you will NOT get any submodules, like e.g. lib/ve/.
The problem is, that the web-interface for git at git.wikimedia.org can not handle git submodules. If you download an archive of VisualEditor (e.g. REL1_23) then lib/ve will be missing. If you try to access a submodule like lib/ve, then the web-interface will give you an error message.

  • I deleted VisualEditor sub-directory in the extensions directory of MediaWiki.
  • I downloaded a new VisualEditor tar.gz from: Extension:VisualEditor - MediaWiki
  • I copied it to the extensions sub-directory, extracted, and adjusted the right.
  • From the toplevel of the working tree, I ran: git submodule update --init
  • No more white page.

It is only half-solved because now, when I start VisualEditor, I receive the error:
“Error loading data from server: 500: docserver-http: HTTP 500”.

Michel-André

Hi all,

For the 500 error with VisualEditor, according to: Extension:VisualEditor - MediaWiki,

Parsoid over HTTPS
By default, Parsoid only supports HTTP connections. However, it’s easy to provide HTTPS Parsoid by using Stunnel, a utility which offers SSL wrapping for arbitrary sockets. Most Unix distributions have ‘stunnel’ or ‘stunnel4’ package available from the repository. First install stunnel:

It looks like VisualEditor need Stunnel installed.

Also, on that page:

If you are using Let’s Encrypt, you can use the following (replacing <domain> with the primary URL you have the certificate for):

● I will use the chain/privkey directly from /etc/pki/tls/ as they will always point to the right files when the certificate is updated.
● I will adjust:

cert = /etc/pki/tls/certs/chain.pem
key = /etc/pki/tls/private/privkey.pem

[parsoid]
accept  = 8143
connect = 8142

But for the ports, I am not sure as nodejs is listening on port: 8000


# netstat -plntu  | grep node
tcp6       0      0 :::8000                 :::*                    LISTEN      1238/node   
udp        0      0 0.0.0.0:59543           0.0.0.0:*                           2593/node   
udp        0      0 0.0.0.0:59823           0.0.0.0:*                           2593/node   
udp        0      0 0.0.0.0:51695           0.0.0.0:*                           2621/node   
#


 and also runs parsoid.

# ps aux  | grep -i node
root      1239  0.0  0.9 985128 36748 ?        Ssl  11:04   0:02 /usr/bin/node /opt/parsoid/bin/server.js
root      2623  0.0  1.8 1306716 70752 ?       Sl   11:04   0:08 /usr/bin/node /opt/parsoid node_modules/service-runner/service-runner.js
root      2668  0.0  1.7 1306892 66724 ?       Sl   11:05   0:07 /usr/bin/node /opt/parsoid node_modules/service-runner/service-runner.js
root     13370  0.0  0.0 112736   996 pts/1    S+   13:48   0:00 grep --color=auto -i node
#

For sure Parsoid is running


# ps aux | grep parsoid
root      1239  0.0  0.9 985128 36748 ?        Ssl  11:04   0:02 /usr/bin/node /opt/parsoid/bin/server.js
root      2623  0.0  1.8 1306716 70732 ?       Sl   11:04   0:08 /usr/bin/node /opt/parsoid/node_modules/service-runner/service-runner.js
root      2668  0.0  1.7 1306892 66716 ?       Sl   11:05   0:06 /usr/bin/node /opt/parsoid/node_modules/service-runner/service-runner.js
root     12100  0.0  0.0 112736   980 pts/1    S+   13:25   0:00 grep --color=auto parsoid


but listen to no port:

# netstat -plntu  | grep -i parsoid
#

I saw from: HOWTO: Use SSL/port 465 in smarthost, that saitobenkei installed Stunnel but it was for a smtp connection which is not exactly what I need.

My question is:
How to adjust /etc/stunnel/stunnel.conf?

output=/var/log/stunnel

[smtp-tls-wrapper]
accept=127.0.0.1:11125
client=yes
connect=Your.ISP.SMTP.Server:465

I think that it will be easy to adjust from initd to systemd, as the file saitobenkei is using will be OK to use in /etc/systemd/system/stunnel.service.

Other questions are:
EDITED: 2020-01-20_13h38 HAE
● Why VisualEditor can starts correctly when I create a new file :smile: but gives HTTP 500 when I want to save it?
● When I edit a file, VisualEditor does’t start :angry:?

Thank you for any suggestion,

Michel-André


Hi all,

I have this in a log file:

Jan 19 01:32:59 server-name node: {"name":"parsoid","hostname":"server-name/domain-name","pid":2621,"level":60,"err":{"message":"","name":"lib/index.js","stack":"AccessDeniedError: Your wiki requires a logged-in account to access the API.\n at AccessDeniedError (/opt/parsoid/lib/mw/ApiRequest.js:214:3)\n at ConfigRequest._handleJSON (/opt/parsoid/lib/mw/ApiRequest.js:920:13)\n at ConfigRequest.ApiRequest._logWarningsAndHandleJSON (/opt/parsoid/lib/mw/ApiRequest.js:447:7)\n at ConfigRequest.ApiRequest._handleBody (/opt/parsoid/lib/mw/ApiRequest.js:483:7)\n at ConfigRequest.ApiRequest._requestCB (/opt/parsoid/lib/mw/ApiRequest.js:420:8)\n at Request.request [as _callback] (/opt/parsoid/lib/mw/ApiRequest.js:332:35)\n at Request.self.callback (/opt/parsoid/node_modules/request/request.js:185:22)\n at emitTwo (events.js:106:13)\n at Request.emit (events.js:191:7)\n at Request.<anonymous> (/opt/parsoid/node_modules/request/request.js:1157:10)\n at emitOne (events.js:96:13)\n at Request.emit (events.js:188:7)\n at IncomingMessage.<anonymous> (/opt/parsoid/node_modules/request/request.js:1079:12)\n at IncomingMessage.g (events.js:292:16)\n at emitNone (events.js:91:20)\n at IncomingMessage.emit (events.js:185:7)\n at endReadableNT (_stream_readable.js:978:12)\n at _combinedTickCallback (internal/process/next_tick.js:80:11)\n at process._tickCallback (internal/process/next_tick.js:104:9)","httpStatus":401,"levelPath":"fatal/request"},"msg":"Your wiki requires a logged-in account to access the API.","time":"2020-01-19T06:32:59.867Z","v":0}

What user should I create? // AccessDeniedError: Your wiki requires a logged-in account to access the API.

Michel-André

Hi, Michel. Check if this works (it’s a bit old but who knows):
https://phabricator.wikimedia.org/T60398

If your wiki requires login, then the wiki api.php page, which parsoid needs, also requires login. There is no way to specify a username+password to parsoid so it can access this page. That is what you see in the error message.

Parsoid forwards cookies to the API and disables caching if a cookie is set. The VisualEditor extension for example supports forwarding cookies to Parsoid for private wikis, see their settings.

Parsoid should not have access to sensitive information like passwords.

all I have to do is adding

$wgVisualEditorParsoidPrefix = 'localhost';
$wgVisualEditorParsoidForwardCookies = true;

Also check Extension:VisualEditor - MediaWiki

Hi dnutan,

Thank you very much for yout reply.

$wgVisualEditorParsoidPrefix = ‘localhost’;
$wgVisualEditorParsoidForwardCookies = true;

I tried it in LocalSettings.php. I tried 127.0.0.1, 10.10.10.75, domain-name, etc
 , but still the same error.

Do I have to put it somewhere else?

I am now looking at: API:Login - MediaWiki to try to get an API token for Parsoid.

Michel-André

I don’t know (haven’t used mediawiki + visual editor). Maybe the parameters are no longer valid. The second link shall be more useful.

Thank you again.

I created the user “parsoid”. I installed the requested NetworkAuth extension:

  1. Using the NetworkAuth extension

The forwarding of cookies (and the enabling of $wgSessionsInObjectCache and the forwardCookies property) can be avoided by adding a user (which may be called parsoid ) to the wiki and then add the NetworkAuth extension to the wiki with the configuration in “LocalSettings.php” file:

I put the required lines in LocalSettings.php.

require_once "$IP/extensions/NetworkAuth/NetworkAuth.php";
$wgNetworkAuthUsers[] = [
	'iprange' => [ '127.0.0.1' ],
	'user'    => 'parsoid'
];

Same problem


It’s been quite a while and lot of googling and still not working.

Michel-André

was the service restarted?

[root@tchana extensions]# systemctl status parsoid
● parsoid.service - Mediawiki Parsoid web service on node.js
   Loaded: loaded (/etc/systemd/system/parsoid.service; enabled; vendor preset: disabled)
   Active: active (running) since lun. 2020-01-20 10:27:40 EST; 6h ago
     Docs: http://www.mediawiki.org/wiki/Parsoid
 Main PID: 1240 (node)
   CGroup: /system.slice/parsoid.service
           ├─1240 /usr/bin/node /opt/parsoid/bin/server.js
           ├─2621 /usr/bin/node /opt/parsoid/node_modules/service-runner/service-runner.j...
           └─2637 /usr/bin/node /opt/parsoid/node_modules/service-runner/service-runner.j...

janv. 20 16:33:40 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...%
janv. 20 16:33:40 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...d
janv. 20 16:34:01 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...%
janv. 20 16:34:01 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...d
janv. 20 16:34:35 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...%
janv. 20 16:34:35 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...d
janv. 20 16:34:52 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...%
janv. 20 16:34:52 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...d
janv. 20 16:35:37 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...%
janv. 20 16:35:37 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...d
Hint: Some lines were ellipsized, use -l to show in full.
[root@tchana extensions]#

Michel-André

What is that?

Michel-André