Complete Install and Setup Guide for Dokuwiki
Date: 2-1-13
Goal: Create a secure production level wiki using Dokuwiki. I will be creating this server as a Virtual Machine using VirtualBox as my host software. This guide does not cover how to setup a virtualbox host. I am assuming that you already have a virtualbox host setup to place a virtual image on. Please use google to find a guide, if you dont have a VM host.
Requirements and Software
This section outlines the required software and host hardware for this build. Feel free to download and pre-stage the required software.
Base Host Requirements
This outlines the base host requirements before we start. The final server can live on a USB flash drive for storage, but should be run from a SATA connection.
Physical Host Hardware Requirements:
- VirtualBox Host 1)
- Hard Drive: Min 16GB
- Memory: 512MB
- Processor: 1
- Internet Access
Base Software:
- Ubuntu server ISO http://www.ubuntu.com/download/server
- VirtualBox USB addons2) https://www.virtualbox.org/wiki/Downloads
Base Expected skills
I use "vim" and "putty" alot when working with linux. I am going to include a very base vim guide but further reading would be recommended.
Base Vim Commands | |
Action | Command |
---|---|
i | Edit |
esc | Exits edit mode |
: | Activate Menu |
w | Write/Save |
q | Quit/Close |
wq | Save and Close |
/ | Search |
Google Search and download:
- VirtualBox
- Virtualbox usb addon
- Ubuntu Server ISO
Save those 3 files the the virtual host machine.
Install Base Server
- Open VirtualBox and Create a new Virtual Machine(VM)
- give it a name: LCARS
- Choose the Operating System Type: Linux
- Choose the version: Ubuntu
- Set the memory size for the VM: 768MB
- Create a new virtual hard drive.
- Set the type to Virtual Box(default)
- Change the size to 16GB(your choice)
- When prompted for the install media choose the Ubuntu ISO.
- (There will be a lot of message windows. Read then click the check box to ignore. Contunue)
- Leave the defaults for the language selection.
- Choose a hostname: LCARS(your choise)
- Enter your name: (John W. Smith)
- Create a username: jsmith
- Create a password for jsmith
- No directory encryption needed
- Verify that the time zone is correct
- for the next windows leave the settings at default unless you want to change them
- At the automatic update I choose “Install Security Updates Automatically”
- When you are prompted to pick your services only choose “OpenSSH Server”(we will add the others as needed)
- —lots of server thinking here—
- Choose yes to install the Boot loader
- Your base installation is finished!
- Reboot
- (Optional) – Shutdown server to take snapshot for future roll back if needed.
- Change the network adapter to bridged mode. machine>devices>Network Adapters> change NAT to Bridged.
- Login to server after reboot
Install Guest additions
- First check the update source lists for missing servers
sudo apt-get update
- Then update the server:
sudo apt-get upgrade
- Now install dkms
sudo apt-get install dkms
- Then update the linux-headers
sudo apt-get install linux-headers-3.2.0-29-generic-pae
- Insert the VBoxGuestAdditions.iso into the virtual CD drive.
- From host virtualbox computer highlight correct virtual server
- Select storage from the details window
- Under the IDE controller select the "cd" icon
- At the right of the Storage Tree under Attributes again click the "cd" icon.
- finally click "choose a virtual CD/DVD disk file…"
- Browse for the ISO image and then click ok
- In the Guest virtual machine change to the directory where the iso was mounted to(usally this is /media/cdrom)
sudo mount /dev/cdrom /media/cdrom
- cd /media/cdrom
sudo sh ./VboxLinuxAdditions.run
- The Windows Ststem drivers will fail because we are runing in headless mode
Secure the Server
- Enable setup firewall
sudo apt-get install ufw sudo ufw enable sudo ufw ufw status verbose sudo ufw allow ssh sudo ufw allow http
- Protect shared memory
sudo vim /etc/fstab
- Add the following line to the document.
tmpfs /dev/shm tmpfs defaults,noexec,nosuid 0 0
- Protect SSH
sudo vim /etc/sshd/sshd_config
- Change PermitRootLogin to NO
PermitRootLogin no
- Only allow admin users to use “su”
- Create an admin group
sudo groupadd admin
- Add your self to the admin group
sudo usermod -a -G admin jsmith
- Restrict access to /bin/su to admin group members
sudo dpkg-statoverride –-update –add root admin 4750 /bin/su
- Check changed permissions
ls -lh /bin/su
- Do not permit source routing of incoming packets
sudo sysctl -w net.ipv4.conf.all.accept_source_route=0
sudo sysctl -w net.ipv4.conf.default.accept_source_route=0
- Install DenyHosts to avoid ssh attacks
sudo apt-get install denyhosts
Install Software
- Install Apache2, PHP5, and then restart Apache2
sudo apt-get install apache2 sudo apt-get install php5 sudo service apache2 restart
- Check that server is up by going to different computer and navigate to http://%serverIPaddress%
- web files are at /var/www/
Configure Apache2
- In terminal:
cd /etc/apache2/ sudo vim httpd.conf
- In vim add the following line:
DirectoryIndex /dokuwiki/doku.php
- Save and Restart Apache.
sudo service apache2 restart
Configure PHP
Set Max file Upload Size
- Modify the following php settings:
- upload_max_filesize = 800M
- post_max_size = 800M
- In terminal enter:
sudo vim /etc/php5/apache2php.ini
- In vim search for "post_max_size"
: /post_max_size = 800M : /upload_max_filesize = 800M
- Edit that line to desired file size.
- Save and Restart Apache.
sudo service apache2 restart
For more info read this:
Install Dokuwiki
- First google dokuwiki web site. Locate and copy the download link to the latest version
- Now in putty run the following:
cd /var/www sudo wget http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2012-10-13.tgz
- Unpack the archive
sudo tar xvf dokuwiki-2012-10-13.tgz sudo mv dokuwiki-2012-10-13 dokuwiki
- Set permissions to wiki folders
sudo chown -R www-data:www-data /var/www/dokuwiki
Move the old tgz file to safe place on computer
sudo mv dokuwiki-2012-10-13.tgz /home/jsmith sudo service apache2 restart
Now is a great time to take another VM snapshot
Setup Wiki
- Open web browser
- Give wiki a name: “Knowledge Base”
- Fill out the rest of the fields.
- Change Initial ACL policy to Desired setting. I chose “Closed”
- Pick your content license. I chose “None”
- Create the wiki admin account: sudokuwiki
- (su is linux admin command and dokuwiki is well this wiki. So su+dokuwiki= cool word pun)
- Review settings and click save.
- Continue to main Wiki site.
- In putty type the following
sudo rm /var/www/dokuwiki/install.php sudo vim /etc/apache2/sites-availiable/default
- For the root directories set AllowOverride all
DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride all </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride all Order allow,deny allow from all </Directory>
- Sign into wiki as super user
- You should now see the start page. It is blank. Click the “pencil” on the right side of the page to Create the page.
- Give the start page a title.
- Save it
Congratulations You now have a fully working Dokuwiki!!!
Secure Dokuwiki
The next step is to secure the dokuwiki.
Enable HTTPS/SSL
- Install and enable SSL:
sudo a2enmod ssl
sudo service apache2 restart
- Create the server encryption keys:
cd /etc/apache2
sudo openssl genrsa -des3 -out server.key 1024
- Use this set of keys to create a certificate request:
sudo openssl req -new -key server.key -out server.csr
- When asked to input data, use your imagination to create something appropriate.
Be sure to write down your passphrase.
- Use this request to create your self-signed certificate:
sudo openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
- Install the key and certificate:
sudo cp server.crt /etc/ssl/certs/
sudo cp server.key /etc/ssl/private/
- Open the “defaults” file for editing:
cd /etc/apache2/sites-available
sudo vim default-ssl
- This file is basically set up but you will want to uncomment the SSLOptions line and also change the SSLCertificate lines to reflect the location and name of your new information.
SSLEngine on SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire SSLCertificateFile /etc/ssl/certs/server.crt SSLCertificateKeyFile /etc/ssl/private/server.key
- The port 443 is enabled when you use SSL so that is ready to go.
- Enable the default SSL site:
sudo a2ensite default-ssl
- If you do not enable the default-ssl you will get this error: “ssl_error_rx_record_too_long apache”
- Restart Apache.
sudo service apache2 restart
Test HTTPS access: https://lcars/dokuwiki/doku.php
Source
Enable Rewrite
- First is to enable apache2 mod "rewrite" by typing:
sudo a2enmod rewrite
- Then modify the .htaccess.dist file found in the root of the dokuwiki directory
cd /var/www/dokuwiki
ls -a
sudo vim .htaccess.dist
- Make sure the following lines are uncommented.
- Code:
RewriteEngine on RewriteBase /dokuwiki RewriteRule ^_media/(.*) lib/exe/fetch.php?media=$1 [QSA,L] RewriteRule ^_detail/(.*) lib/exe/detail.php?media=$1 [QSA,L] RewriteRule ^_export/([^/]+)/(.*) doku.php?do=export_$1&id=$2 [QSA,L] RewriteRule ^$ doku.php [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule (.*) doku.php?id=$1 [QSA,L] RewriteRule ^index.php$ doku.php
Manage Wiki
Logical Volume Manager
One of the great things about LVM is that you never run out of space. If it seems as if you are about to do so, you just add a new "physical volume" to your "volume group", add that to your "logical volume", and resize the file system. In effect, it's as if you have a partition that spans multiple drives.
It would of course be a good idea to back things up before you do this. But sometimes we don't have that option, do we?
Our existing volume group is "lcars", and our existing logical volume is "root". All of this of course needs to be done using the "sudo" command.
A little hint first: You can (and probably should) give the "-t" (test) option to each LVM command first, to make sure it's going to do what you want. Then I hit up arow (history) and delete the "-t" option, so I make sure I'm running that same command.
Presumend Assumptions
- The previous parts of this guide have been followed
- A Brand New Hard Drive is being added to the system
- All commands require sudo.
Expand the LVM
- Add the new disk to the machine
- Locate the new disk by entering the following command
sudo fdisk -l
- This will display the availiable disks. Mine is /dev/sdb
- Now to format and activate the disk
- Enter the following line to select the correct disk:
sudo fdisk /dev/sdb
- A special prompt has appeared and we will enter the following commands:
- n = create new partition
- p = creates primary partition
- 1 = makes partition the first on the disk
- Push enter twice to accept the default first cylinder and last cylinder.
- To prepare the partition to be used by LVM use the following two commands.
- t = change partition type
- 8e = changes to LVM partition type
- Verify and write the information to the hard drive.
- p = view partition setup so we can review before writing changes to disk
- w = write changes to disk
- Enter the code below to create a LVM physical volume on the partition we just created.
sudo pvcreate /dev/sdb1
- Add the physical volume to the volume group:
sudo vgextend lcars /dev/sdb1
- Check your work:
sudo vgdisplay lcars
- Note the free space we now have.
- Extend the logical volume:
sudo lvresize -l 99%VG /dev/lcars/root
- The "-l 99%VG" says to resize to use all of the space in the volume group assigned to this logical volume. The argument can be given many ways. See "man lvcreate".
- Check our work:
sudo lvdisplay
- Now we are ready to resize the filesystem:
sudo resize2fs /dev/lcars/root
- To confirm the expansion, enter:
df -ls
- The top line should display the added free space.
- Done!
Sources: