Installing Media-Wiki on Nethserver

Done :wink: - Sorry for the late reply, I had been very busy.

Cheers, Axel

Hi Michel-André,

that should do it. The warnings you should be able to eliminate with installing the necessary packages.

Concerning the www/non-www domain: I just saw, that I do not have the www-Alias in my virtualhost.conf. I have to dig into this later, because I am very busy in the moment.

Cheers, Axel

Hi Axel,

I am trying to install VirtualEditor in MediaWiki following https://www.howtoforge.com/tutorial/how-to-install-visualeditor-for-mediawiki-on-centos-7/.

When I go to my MediaWiki, I have a white page.

You have an idea?

Michel-André

Missing php dependencies, check httpd log error, included ssl logs

Exactly what came into my mind in the first place. The visual editor is an extension, so first check your (plain) mediawiki installation. You can disable your extension by simply disable it in your LocalSettings.php. Uncomment:

wfLoadExtension( ‘VisualEditor’ );
// wfLoadExtension( ‘VisualEditor’ );

Then test again and check then prerequisites of the install. I am sure, there is something missing.

My2cents to the HowTo: good, but the Howto recommends using “experimental” features. I would not use this on a production website. Or first work the “standard” features.

Good luck.

Hi Axel,

Thank you for your reply.

I followed: https://www.howtoforge.com/tutorial/how-to-install-visualeditor-for-mediawiki-on-centos-7/
I adapted for NethServer.

My MediaWiki is installed in: /var/lib/nethserver/vhost/mediawiki

Here is my LocalSettings.php: I disabled all other extensions.

#####  ***********************
# https://www.howtoforge.com/tutorial/how-to-install-visualeditor-for-mediawiki-on-centos-7/
wfLoadExtension( 'VisualEditor' );
 
// Enable by default for everybody
$wgDefaultUserOptions['visualeditor-enable'] = 1;

// Optional: Set VisualEditor as the default for anonymous users
// otherwise they will have to switch to VE
// $wgDefaultUserOptions['visualeditor-editor'] = "visualeditor";

// Don't allow users to disable it
$wgHiddenPrefs[] = 'visualeditor-enable';

// OPTIONAL: Enable VisualEditor's experimental code features
##### $wgDefaultUserOptions['visualeditor-enable-experimental'] = 1;

$wgVirtualRestConfig['modules']['parsoid'] = array(
 // URL to the Parsoid instance
 // Use port 8142 if you use the Debian package
 'url' => 'http://mediawiki.micronator-dev.org:8000',   ##### #####
 // Parsoid "domain", see below (optional)
 'domain' => 'mediawiki.micronator-dev.org',   ##### #####
 // Parsoid "prefix", see below (optional)
 'prefix' => 'mediawiki.micronator-dev.org'   ##### #####
);

If I go to http://mediawiki.micronator-dev.org:8000, I have:
image

In DNS of NethServer, I have
image

image

I added aliases for mail and www.
image

The redirection is valid for: https://www.mediawiki.micronator-dev.org/ and the certificate is up-to-date.

When I go to: http://mediawiki.micronator-dev.org I have a white page.

Is it possible that I need a redirection for port 8000 for the module Parsoid which is installed in /opt.

[root@tchana opt]# ls -als
total 4
0 drwxr-xr-x.  7 root root   82 15 janv. 11:55 .
0 dr-xr-xr-x. 17 root root  224 29 déc.  18:49 ..
4 drwxr-xr-x  14 root root 4096 15 janv. 12:12 parsoid
0 drwxr-xr-x.  7 root root   81 18 janv.  2019 puppetlabs
0 drwxr-xr-x   8 root root   84 29 déc.  19:08 remi
0 drwxr-xr-x   3 root root   27 29 déc.  19:15 rh
0 drwxr-xr-x   2 root root    6 11 janv. 13:54 VirtualEditor
[root@tchana opt]#

The VirtualEditor extension is in:

[root@tchana extensions]# ls -alsd VisualEditor/
4 drwxr-s--- 14 apache apache 4096 15 janv. 12:30 VisualEditor/
[root@tchana extensions]#

If I need another redirection, which FQDN should I use?

If I comment all VirtualEditor parameters, all is working well.

Thank you in advance,

Michel-André

Hi all,

According to:https://www.mediawiki.org/wiki/Topic:S0poaiobqk61ztwv

Tony Mach (talkcontribs)
Ok, VisualEditor is now running on my system!
And I found the problem:
If you download the VisualEditor via the web-interface at http://git.wikimedia.org/branches/mediawiki%2Fextensions%2FVisualEditor.git then you will NOT get any submodules, like e.g. lib/ve/.
The problem is, that the web-interface for git at git.wikimedia.org can not handle git submodules. If you download an archive of VisualEditor (e.g. REL1_23) then lib/ve will be missing. If you try to access a submodule like lib/ve, then the web-interface will give you an error message.

  • I deleted VisualEditor sub-directory in the extensions directory of MediaWiki.
  • I downloaded a new VisualEditor tar.gz from: https://www.mediawiki.org/wiki/Extension:VisualEditor
  • I copied it to the extensions sub-directory, extracted, and adjusted the right.
  • From the toplevel of the working tree, I ran: git submodule update --init
  • No more white page.

It is only half-solved because now, when I start VisualEditor, I receive the error:
Error loading data from server: 500: docserver-http: HTTP 500”.

Michel-André

Hi all,

For the 500 error with VisualEditor, according to: https://www.mediawiki.org/wiki/Extension:VisualEditor#Linking_with_Parsoid_in_private_wikis,

Parsoid over HTTPS
By default, Parsoid only supports HTTP connections. However, it’s easy to provide HTTPS Parsoid by using Stunnel, a utility which offers SSL wrapping for arbitrary sockets. Most Unix distributions have ‘stunnel’ or ‘stunnel4’ package available from the repository. First install stunnel:

It looks like VisualEditor need Stunnel installed.

Also, on that page:

If you are using Let’s Encrypt, you can use the following (replacing <domain> with the primary URL you have the certificate for):

● I will use the chain/privkey directly from /etc/pki/tls/ as they will always point to the right files when the certificate is updated.
● I will adjust:

cert = /etc/pki/tls/certs/chain.pem
key = /etc/pki/tls/private/privkey.pem

[parsoid]
accept  = 8143
connect = 8142

But for the ports, I am not sure as nodejs is listening on port: 8000

# netstat -plntu  | grep node
tcp6       0      0 :::8000                 :::*                    LISTEN      1238/node   
udp        0      0 0.0.0.0:59543           0.0.0.0:*                           2593/node   
udp        0      0 0.0.0.0:59823           0.0.0.0:*                           2593/node   
udp        0      0 0.0.0.0:51695           0.0.0.0:*                           2621/node   
#

… and also runs parsoid.

# ps aux  | grep -i node
root      1239  0.0  0.9 985128 36748 ?        Ssl  11:04   0:02 /usr/bin/node /opt/parsoid/bin/server.js
root      2623  0.0  1.8 1306716 70752 ?       Sl   11:04   0:08 /usr/bin/node /opt/parsoid node_modules/service-runner/service-runner.js
root      2668  0.0  1.7 1306892 66724 ?       Sl   11:05   0:07 /usr/bin/node /opt/parsoid node_modules/service-runner/service-runner.js
root     13370  0.0  0.0 112736   996 pts/1    S+   13:48   0:00 grep --color=auto -i node
#

For sure Parsoid is running…

# ps aux | grep parsoid
root      1239  0.0  0.9 985128 36748 ?        Ssl  11:04   0:02 /usr/bin/node /opt/parsoid/bin/server.js
root      2623  0.0  1.8 1306716 70732 ?       Sl   11:04   0:08 /usr/bin/node /opt/parsoid/node_modules/service-runner/service-runner.js
root      2668  0.0  1.7 1306892 66716 ?       Sl   11:05   0:06 /usr/bin/node /opt/parsoid/node_modules/service-runner/service-runner.js
root     12100  0.0  0.0 112736   980 pts/1    S+   13:25   0:00 grep --color=auto parsoid

…but listen to no port:

# netstat -plntu  | grep -i parsoid
#

I saw from: HOWTO: Use SSL/port 465 in smarthost, that saitobenkei installed Stunnel but it was for a smtp connection which is not exactly what I need.

My question is:
How to adjust /etc/stunnel/stunnel.conf?

output=/var/log/stunnel

[smtp-tls-wrapper]
accept=127.0.0.1:11125
client=yes
connect=Your.ISP.SMTP.Server:465

I think that it will be easy to adjust from initd to systemd, as the file saitobenkei is using will be OK to use in /etc/systemd/system/stunnel.service.

Other questions are:
EDITED: 2020-01-20_13h38 HAE
● Why VisualEditor can starts correctly when I create a new file :smile: but gives HTTP 500 when I want to save it?
● When I edit a file, VisualEditor does’t start :angry:?

Thank you for any suggestion,

Michel-André


Hi all,

I have this in a log file:

Jan 19 01:32:59 server-name node: {"name":"parsoid","hostname":"server-name/domain-name","pid":2621,"level":60,"err":{"message":"","name":"lib/index.js","stack":"AccessDeniedError: Your wiki requires a logged-in account to access the API.\n at AccessDeniedError (/opt/parsoid/lib/mw/ApiRequest.js:214:3)\n at ConfigRequest._handleJSON (/opt/parsoid/lib/mw/ApiRequest.js:920:13)\n at ConfigRequest.ApiRequest._logWarningsAndHandleJSON (/opt/parsoid/lib/mw/ApiRequest.js:447:7)\n at ConfigRequest.ApiRequest._handleBody (/opt/parsoid/lib/mw/ApiRequest.js:483:7)\n at ConfigRequest.ApiRequest._requestCB (/opt/parsoid/lib/mw/ApiRequest.js:420:8)\n at Request.request [as _callback] (/opt/parsoid/lib/mw/ApiRequest.js:332:35)\n at Request.self.callback (/opt/parsoid/node_modules/request/request.js:185:22)\n at emitTwo (events.js:106:13)\n at Request.emit (events.js:191:7)\n at Request.<anonymous> (/opt/parsoid/node_modules/request/request.js:1157:10)\n at emitOne (events.js:96:13)\n at Request.emit (events.js:188:7)\n at IncomingMessage.<anonymous> (/opt/parsoid/node_modules/request/request.js:1079:12)\n at IncomingMessage.g (events.js:292:16)\n at emitNone (events.js:91:20)\n at IncomingMessage.emit (events.js:185:7)\n at endReadableNT (_stream_readable.js:978:12)\n at _combinedTickCallback (internal/process/next_tick.js:80:11)\n at process._tickCallback (internal/process/next_tick.js:104:9)","httpStatus":401,"levelPath":"fatal/request"},"msg":"Your wiki requires a logged-in account to access the API.","time":"2020-01-19T06:32:59.867Z","v":0}

What user should I create? // AccessDeniedError: Your wiki requires a logged-in account to access the API.

Michel-André

Hi, Michel. Check if this works (it’s a bit old but who knows):
https://phabricator.wikimedia.org/T60398

If your wiki requires login, then the wiki api.php page, which parsoid needs, also requires login. There is no way to specify a username+password to parsoid so it can access this page. That is what you see in the error message.

Parsoid forwards cookies to the API and disables caching if a cookie is set. The VisualEditor extension for example supports forwarding cookies to Parsoid for private wikis, see their settings.

Parsoid should not have access to sensitive information like passwords.

all I have to do is adding

$wgVisualEditorParsoidPrefix = 'localhost';
$wgVisualEditorParsoidForwardCookies = true;

Also check https://www.mediawiki.org/wiki/Extension:VisualEditor#Linking_with_Parsoid_in_private_wikis

Hi dnutan,

Thank you very much for yout reply.

$wgVisualEditorParsoidPrefix = ‘localhost’;
$wgVisualEditorParsoidForwardCookies = true;

I tried it in LocalSettings.php. I tried 127.0.0.1, 10.10.10.75, domain-name, etc… , but still the same error.

Do I have to put it somewhere else?

I am now looking at: https://www.mediawiki.org/wiki/API:Login to try to get an API token for Parsoid.

Michel-André

I don’t know (haven’t used mediawiki + visual editor). Maybe the parameters are no longer valid. The second link shall be more useful.

Thank you again.

I created the user “parsoid”. I installed the requested NetworkAuth extension:

  1. Using the NetworkAuth extension

The forwarding of cookies (and the enabling of $wgSessionsInObjectCache and the forwardCookies property) can be avoided by adding a user (which may be called parsoid ) to the wiki and then add the NetworkAuth extension to the wiki with the configuration in “LocalSettings.php” file:

I put the required lines in LocalSettings.php.

require_once "$IP/extensions/NetworkAuth/NetworkAuth.php";
$wgNetworkAuthUsers[] = [
	'iprange' => [ '127.0.0.1' ],
	'user'    => 'parsoid'
];

Same problem…

It’s been quite a while and lot of googling and still not working.

Michel-André

was the service restarted?

[root@tchana extensions]# systemctl status parsoid
● parsoid.service - Mediawiki Parsoid web service on node.js
   Loaded: loaded (/etc/systemd/system/parsoid.service; enabled; vendor preset: disabled)
   Active: active (running) since lun. 2020-01-20 10:27:40 EST; 6h ago
     Docs: http://www.mediawiki.org/wiki/Parsoid
 Main PID: 1240 (node)
   CGroup: /system.slice/parsoid.service
           ├─1240 /usr/bin/node /opt/parsoid/bin/server.js
           ├─2621 /usr/bin/node /opt/parsoid/node_modules/service-runner/service-runner.j...
           └─2637 /usr/bin/node /opt/parsoid/node_modules/service-runner/service-runner.j...

janv. 20 16:33:40 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...%
janv. 20 16:33:40 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...d
janv. 20 16:34:01 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...%
janv. 20 16:34:01 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...d
janv. 20 16:34:35 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...%
janv. 20 16:34:35 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...d
janv. 20 16:34:52 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...%
janv. 20 16:34:52 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...d
janv. 20 16:35:37 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...%
janv. 20 16:35:37 tchana.micronator-dev.org node[1240]: {"name":"parsoid","hostname":"tc...d
Hint: Some lines were ellipsized, use -l to show in full.
[root@tchana extensions]#

Michel-André

What is that?

Michel-André

That the service is not enabled/started at install time.
https://www.freedesktop.org/wiki/Software/systemd/Preset/

Regarding VisualEditor here’s another guide, don’t know if you’ll have more luck:
https://sevo44.ru/mediawiki-c-visualeditor-na-centos-7/

I was looking at that page and use google translator.

They are using nginx.

Michel-André

Was hoping that maybe the parsoid and VisualEditor config could bring some light.

Hi all,

At last, I have VisualEditor fully FONCTIONNAL.

I followed and adapted: https://crashlaker.github.io/articles/2018-05/mediawiki.

I am using Mediawiki-1.28.2: image

Parsoid: 0.8.0 / 2017-10-24
VisualEditor: 0.1.0 (93528b7) / 25 octobre 2016 à 16:23
node: v6.17.1

The article says:

rpm -Uvh http://rpms.remirepo.net/enterprise/remi-release-7.rpm
yum -y install yum-utils
yum-config-manager --enable remi-php72
yum -y install php php-opcache
yum -y install php-mysqlnd php-pdo
yum -y install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring php-soap curl curl-devel
systemctl restart httpd

But since I am on NethServer-7.6.1810 and using PHP Collection and PHP-7.2, I did:

# yum -y install php72-php-gd php72-php-ldap php72-php-odbc php72-php-pear php72-php-xml php72-php-xmlrpc php72-php-mbstring php72-php-soap curl curl-devel

I used VisualEditor for MediaWiki-1.28

# git clone https://gerrit.wikimedia.org/r/p/mediawiki/extensions/VisualEditor.git --branch REL1_28
# cd VisualEditor
# git submodule update --init

For the firewall:

# config set fw_parsoid service status enabled TCPPort 8000 access green,red
# signal-event firewall-adjust
# cat /etc/shorewall/rules | grep 8000
ACCEPT  loc     $FW     tcp     8000
ACCEPT  net     $FW     tcp     8000
#

Using https, when I want to open VisualEditor, I received:

"(curl error: 7) Couldn't connect to server"

When I connect to http, I received:

Error 500

● In NethServer, I took out: “Nécessite une connexion SSL cryptée” -> “need a crypted connection”.

● In LocatSettings.php, I took out the https and used only http:

$wgServer = "http://www.mediawiki.micronator-dev.org";

Then everything start functionning correctly.

I will start all over again with MediaWiki-1.31LTS and keep you updated,

Michel-André

Hi all,

Nothing is finished until the paper work is done!

I rebooted the server with MediaWiki-1.28.
I cannot login any more to MediaWiki with http.

I had to change LocalSettings and use https:

$wgServer = "https://www.mediawiki.micronator-dev.org";

Everhing is again working correctly.

In NethServer, I didn’t have to enable “Require SSL encrypted connection”.
If I enable it, I receive “Error 404”

Any suggestion?

Michel-André