FreeBSD 13.2 Jail Local Mediawiki Nginx MySQL

From CompleteNoobs
Jump to navigation Jump to search
Please Select a Licence from the LICENCE_HEADERS page
 And place at top of your page
 If no Licence is Selected/Appended, Default will be CC0

Default Licence IF there is no Licence placed below this notice! When you edit this page, you agree to release your contribution under the CC0 Licence

LICENCE: More information about the cc0 licence can be found here:
https://creativecommons.org/share-your-work/public-domain/cc0

The person who associated a work with this deed has dedicated the work to the public domain by waiving all of his or her rights to the work worldwide under copyright law, including all related and neighboring rights, to the extent allowed by law.

You can copy, modify, distribute and perform the work, even for commercial purposes, all without asking permission.

Licence:

Statement of Purpose

The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work").

Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others.

For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights.

1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following: 

   the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work;
   moral rights retained by the original author(s) and/or performer(s);
   publicity and privacy rights pertaining to a person's image or likeness depicted in a Work;
   rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below;
   rights protecting the extraction, dissemination, use and reuse of data in a Work;
   database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and
   other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof.

2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose.

3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose.

4. Limitations and Disclaimers. 

   No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.
   Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
   Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work.
   Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work.

Hosting a Local Wiki in a FreeBSD Jail

View the FreeBSD 13.2 Jails page to setup a jail in freebsd This tut will will assume you have:

  • Jail setup at path /pods/mediawiki
  • Allowed Jail IP through Firewall
  • copied over your resolv.conf to jail

jail.conf

Create a configuration file for your jail. The following example assumes you're using the jail utility provided by FreeBSD:

Edit /etc/jail.conf and add the following jail configuration:

If /etc/jail.conf does not exist, create it with touch /etc/jail.conf

$EDITOR /etc/jail.conf 

localwiki {
  host.hostname = "local.wiki";
  ip4.addr = "re0|192.168.0.33";
  path = "/pods/mediawiki";
  exec.start = "/bin/sh /etc/rc";
  exec.stop = "/bin/sh /etc/rc.shutdown";
  exec.clean;
  mount.devfs;
}
  • Replace
    • localwiki to what you would like your jail called
    • host.hostname = "<the_host_name_for_jail>";
    • ip4.addr = <ip_address_for_jail_to_use>;
      • "re0|192.168.0.33" where 're0' is my Network Interface Card (NIC).
      • You can find your Network Interface Card (NIC) by running the command ifconfig.
      • 192.168.0.33 is the IP address I want to assign to the jail within the 192.168.0.0/24 subnet of my network.
    • path = "</path/to/jail>";
      • The path where the jail resides (e.g., "/pods/mediawiki").
  • NOTES (this was not needed):
    • allow.sysvipc: Allows System V IPC primitives to be used within the jail. This might be necessary for some PHP extensions or applications that rely on shared memory.
    • allow.raw_sockets: Allows raw sockets to be used within the jail. This might be required for certain PHP functions or extensions that use raw socket communication.

Login to jail and Install required packages

  • Start jail localwiki and login

sudo jail -c localwiki

sudo jexec localwiki /bin/sh

  • Initialize pkg

pkg update

  • Install packages

pkg install nginx mediawiki139-php82-1.39.3 py39-pygments mysql80-server unzip

Check for the latest packages required (info here):

The package names might have changed due to newer versions being available. You can search for the latest package names using the pkg search command.

  • mysql80-server
    • pkg search mysql | grep server
    • mysql80-server is still the highest version number
  • py38-pygments
    • pkg search pygments
    • A higher version is available: py39-pygments
  • Mediawiki
    • pkg search mediawiki

Installing mediawiki from pkg will also install the php extensions required for mediawiki to work 

pkg install mediawiki139-php82-1.39.3
Updating FreeBSD repository catalogue...
FreeBSD repository is up to date.
All repositories are up to date.
Updating database digests format: 100%
The following 49 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
	ca_root_nss: 3.89
	curl: 8.0.1
	cyrus-sasl: 2.1.28
	groff: 1.22.4_4
	hidapi: 0.13.1
	icu: 72.1,1
	indexinfo: 0.3.1
	libargon2: 20190702
	libcbor: 0.10.2
	libcjson: 1.7.15_1
	libedit: 3.1.20221030,1
	libevent: 2.1.12
	libfido2: 1.13.0
	libiconv: 1.17
	libidn2: 2.3.4
	liblz4: 1.9.4,1
	libnghttp2: 1.52.0
	libpaper: 1.1.28
	libpsl: 0.21.2_2
	libssh2: 1.10.0_1,3
	libunistring: 1.1
	libunwind: 20211201_1
	libxml2: 2.10.4
	mediawiki139-php82: 1.39.3
	mysql80-client: 8.0.32
	oniguruma: 6.9.8_1
	openldap26-client: 2.6.4
	pcre2: 10.42
	perl5: 5.32.1_3
	php82: 8.2.4
	php82-ctype: 8.2.4
	php82-dom: 8.2.4
	php82-fileinfo: 8.2.4
	php82-filter: 8.2.4
	php82-iconv: 8.2.4
	php82-intl: 8.2.4
	php82-mbstring: 8.2.4
	php82-mysqli: 8.2.4
	php82-readline: 8.2.4
	php82-session: 8.2.4
	php82-sockets: 8.2.4
	php82-xml: 8.2.4
	php82-xmlreader: 8.2.4
	php82-zlib: 8.2.4
	protobuf: 3.21.12,1
	psutils: 1.17_5
	readline: 8.2.0
	uchardet: 0.0.8
	zstd: 1.5.4

Number of packages to be installed: 49

The process will require 582 MiB more space.
88 MiB to be downloaded.

Start Nginx on FreeBSD and configure it to point to MediaWik

  • Mediawiki when installed with pkg will install in path /usr/local/www/mediawiki

To start Nginx on FreeBSD and configure it to point to MediaWiki installed in /usr/local/www/mediawiki, follow these steps:

Enable Nginx by adding the following line to the /etc/rc.conf file

sysrc nginx_enable="YES"

Start Nginx using the service command

service nginx start

  • can now test by visiting your jails IP on a web browser - should see 'Welcome to nginx' page
    • Note: use http and not https

Enable and Start php-fpm

sysrc php_fpm_enable="YES"

service php-fpm start

Make sure the PHP-FPM pool is using the Unix socket /var/run/php-fpm.sock. Open the PHP-FPM configuration file:

$EDITOR /usr/local/etc/php-fpm.d/www.conf

Look for the listen directive in the configuration file. If it's set to an IP address and port (e.g., listen = 127.0.0.1:9000), change it to use the Unix socket /var/run/php-fpm.sock: 

listen = /var/run/php-fpm.sock
In the same configuration file, ensure that the listen.owner, listen.group, and listen.mode directives are set as follows:
  • If you see these lines already in /usr/local/etc/php-fpm.d/www.conf make sure to remove the ; comment from the start of the line.
listen.owner = www
listen.group = www
listen.mode = 0660

These settings ensure that Nginx can access the PHP-FPM Unix socket.

Save the configuration file and exit the editor.
Restart PHP-FPM to apply the changes:

service php-fpm restart

Check if the /var/run/php-fpm.sock file is now present:

ls -l /var/run/php-fpm.sock

Create a new Nginx server block configuration file for your MediaWiki site.

  • /usr/local/etc/nginx/nginx.conf is already backed up in /usr/local/etc/nginx/nginx.conf-dist

$EDITOR /usr/local/etc/nginx/nginx.conf

Add the following server block configuration to the file:
user www www;

worker_processes  1;

events {
    worker_connections  1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout  65;

    server {
    listen       80;
    server_name  localhost;

    root   /usr/local/www/mediawiki;
    index  index.php;

    location / {
        try_files $uri $uri/ @mediawiki;
    }

    location @mediawiki {
        rewrite ^/([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass   unix:/var/run/php-fpm.sock;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}
}

Explanation: /usr/local/etc/nginx/nginx.conf Content:

the key components of the file:

user www www;: specifies the user and group that the Nginx worker processes will run as. In this case, both the user and group are set to www.
worker_processes 1;: This directive sets the number of worker processes, which handle incoming connections and process requests. In this case, it's set to 1, meaning only one worker process will handle requests.
events { worker_connections 1024; }: This block configures the event-driven processing model. The worker_connections directive sets the maximum number of simultaneous connections that each worker process can handle. In this case, it's set to 1024.
  • The http block contains the main configuration settings for HTTP(S) servers. Within this block:
include mime.types;: Includes the MIME types configuration file, which maps file extensions to their respective MIME types.
default_type application/octet-stream;: Sets the default MIME type for files that don't match any of the defined MIME types.
sendfile on;: Enables the use of the sendfile() system call for more efficient file transfers.
keepalive_timeout 65;: Sets the timeout for keep-alive connections, which allows multiple requests to be sent over a single connection.
  • The server block defines the configuration for a specific virtual server. Within this block:
listen 80;: Specifies that the server listens on port 80 (the default HTTP port) for incoming connections.
server_name localhost;: Sets the server name to "localhost" for this configuration.
root /usr/local/www/mediawiki;: Sets the root directory for the Mediawiki website.
index index.php;: Sets the default index file for directory requests.
  • The location blocks configure how Nginx handles different types of requests:
The first location block attempts to serve the requested URI as a file or a directory. If that fails, it falls back to the @mediawiki named location.
The @mediawiki location block rewrites the request URI to pass it to Mediawiki's index.php script with the appropriate query parameters.
The location ~ \.php$ block processes PHP files by passing them to the FastCGI server (PHP-FPM) using a Unix domain socket (unix:/var/run/php-fpm.sock). The fastcgi_param and include fastcgi_params; directives configure FastCGI settings.
Test the Nginx configuration:

nginx -t

If the configuration test is successful, reload Nginx to apply the changes:

service nginx reload

Now you should be able to access your MediaWiki installation by visiting your domain name or IP address in your browser. But Wait there's more, need to setup the MySQL database.

Setting up MySQL

Set up the MySQL server and create a database for MediaWiki on FreeBSD:

Initialize the MySQL server

/usr/local/libexec/mysqld --initialize --user=mysql --datadir=/var/db/mysql

Explanation of the command and its options:

  • /usr/local/libexec/mysqld: The full path to the MySQL server binary on FreeBSD.
  • --initialize: This option initializes the data directory and creates the system tables required for the MySQL server to function properly.
  • --user=mysql: Specifies the system user that the MySQL server will run as. On FreeBSD, the default user for the MySQL server is mysql. This option ensures that the created files and directories have the proper ownership.
  • --datadir=/var/db/mysql: Specifies the data directory for the MySQL server. The data directory is where the server stores its databases, tables, and related files. On FreeBSD, the default location for the MySQL data directory is /var/db/mysql.

Output should be something like this: 

# /usr/local/libexec/mysqld --initialize --user=mysql --datadir=/var/db/mysql
2023-05-01T18:17:53.389205Z 0 [System] [MY-013169] [Server] /usr/local/libexec/mysqld (mysqld 8.0.32) initializing of server in progress as process 2170
mysqld: Error on delete of '/var/db/mysql/auto.cnf' (OS errno 2 - No such file or directory)
2023-05-01T18:17:53.458035Z 0 [Warning] [MY-010107] [Server] World-writable config file '/var/db/mysql/auto.cnf' has been removed.
2023-05-01T18:17:53.471999Z 1 [System] [MY-013576] [InnoDB] InnoDB initialization has started.
2023-05-01T18:17:54.808131Z 1 [System] [MY-013577] [InnoDB] InnoDB initialization has ended.
2023-05-01T18:17:58.661498Z 6 [Note] [MY-010454] [Server] A temporary password is generated for root@localhost: q17mjt8qnl:I

This will create the necessary system tables and set up the initial MySQL data directory structure. The output will also display a temporary password for the root user, which you will need to use when running mysql_secure_installation. Make sure to note this temporary password, as you will be prompted to change it during the mysql_secure_installation process.

Enable the MySQL server to start automatically when the jail boots by appending the following line to the jail's rc.conf file. Make sure to use >> to append the configuration without overwriting the existing content:

sysrc mysql_enable="YES"

Start the MySQL server

service mysql-server start

Secure the MySQL installation by running the security script. You'll be prompted to set the root password and answer a series of questions to secure the installation:

mysql_secure_installation

Log in to the MySQL server using the root user and the password you set during the security script:

mysql -u root -p

Once logged in, create a new user and database for MediaWiki:

CREATE USER 'username'@'localhost' IDENTIFIED BY 'passwd';

CREATE DATABASE my_wiki_db;

GRANT ALL ON my_wiki_db.* TO 'username'@'localhost';

FLUSH PRIVILEGES;

quit;

Replace username, passwd, and my_wiki_db with the desired username, password, and database name.

Now you should have a working MySQL server and a database ready for your MediaWiki installation. Proceed with configuring MediaWiki to use this database.


Configure Mediawiki

Visit the IP address of your jail in a web browser using http and NOT https (we have not setup and ssl certs)

You will now find yourself on the mediawiki setup landing page.

MediaWiki 1.39.3 LocalSettings.php not found. Please complete the installation and download LocalSettings.php.

Click complete the installation

Language Page

Just pick a language mate

Welcome to MediaWiki!

read and click Continue

Connect to database - going to need the details from when you created the database.

Database host:localhost
Database name:my_wiki_db
Database table prefix (no hyphens): LEAVE BLANK
Database username:username
Database password:passwd

Replace: my_wiki_db, username and passwd with your Database Name, Database Username and Database Password you setup in the MySQL stage.

Database Settings

Database account for web access
[x]Use the same account as for installation
Leave ticked

Name

Name of wiki:LocalWiki
Project namespace:
[x]Same as the wiki name:
[ ]Project
[ ]Other (specify)
Administrator account Will be the admin account on the wiki.
CLICK I'm bored already, just install the wiki.

At the end you would of downloaded a file called LocalSettings.php

Now lets send it to the mediawiki jail.

In my case the jail is running on a headless nuc home server and i have the file on a ubuntu laptop so:

1. Send LocalSettings.php to home server scp Downloads/LocalSetting.php <user>@<home_server_IP>:/usr/home/<user>/
2. Send to mediawiki directory in jail cp LocalSettings.php /pods/mediawiki/usr/local/www/mediawiki/
  • Do Not Refresh the Web Page or you will Redownload LocalSettings.php
  • Revisit your jails IP in web browser and you should see your wiki up and running.

Add Extensions to Mediawiki

Youtube

https://www.mediawiki.org/wiki/Extension:YouTube

wget https://extdist.wmflabs.org/dist/extensions/YouTube-REL1_39-f272bb3.tar.gz

tar -xzf YouTube-REL1_39-f272bb3.tar.gz -C /var/www/html/mediawiki/extensions/

  • FreeBSD

fetch https://extdist.wmflabs.org/dist/extensions/YouTube-REL1_39-f272bb3.tar.gz

tar -xzf YouTube-REL1_39-f272bb3.tar.gz -C /usr/local/www/mediawiki/extensions/

  • Append to LocalSettings.php

wfLoadExtension( 'YouTube' );


  • Defaults width=640 pixels height=385 pixels
  • Change defaults <youtube width="800" height="400">wB4gvSgYmfY</youtube>

Syntax highlighting

We have already Installed pygments

Add to LocalSettings:
wfLoadExtension( 'SyntaxHighlight_GeSHi' );

Importing a mediawiki xml dump to your localwiki

fetch https://xml.completenoobs.com/xmlDumps/01_05_23.Noobs/01_05_23.Noobs.xml

php /usr/local/www/mediawiki/maintenance/importDump.php --conf /usr/local/www/mediawiki/LocalSettings.php 01_05_23.Noobs.xml

php /usr/local/www/mediawiki/maintenance/rebuildrecentchanges.php && php /usr/local/www/mediawiki/maintenance/initSiteStats.php && php /usr/local/www/mediawiki/maintenance/rebuildall.php


Visit Jails IP Address on web browser

A Basic local wiki should be run and running

Retrieved from "http:///noobs/index.php?title=FreeBSD_13.2_Jail_Local_Mediawiki_Nginx_MySQL&oldid=408"