Difference between revisions of "Mediawiki installation"

From Biowikifarm Metawiki
Jump to: navigation, search
(File uploading and Mime types)
Line 441: Line 441:
 
There are also $wgMimeTypeBlacklist and $wgFileBlacklist for file extensions and MIME types that are never allowed for security reasons, even if added to <code>$wgFileExtensions</code>. If needed for special purposes and considered safe, they can be commented out in these blacklists in LocalSettings.php.
 
There are also $wgMimeTypeBlacklist and $wgFileBlacklist for file extensions and MIME types that are never allowed for security reasons, even if added to <code>$wgFileExtensions</code>. If needed for special purposes and considered safe, they can be commented out in these blacklists in LocalSettings.php.
  
If there is still the error message "The file is corrupt or has an incorrect extension. Please check the file and upload again", the reason can be that the file you want to upload has a MIME type for which only certain file extensions are allowed in /includes/mime.types and has an extension not listed there. If considered safe, the extension can be added in that file. The mime type can be determined with the command <code>file -i ''filename''</code>.
+
If there is still the error message "The file is corrupt or has an incorrect extension. Please check the file and upload again", the reason can be that the file you want to upload has a MIME type for which only certain file extensions are allowed in /includes/mime.types and has an extension not listed there. If considered safe, the extension can be added in that file. The mime type can be determined with the command <code>file -i ''filename''</code>. '''Note:''' Files that are changed manually are then excluded from svn update. To drop own changes and get back to the svn version delete the file and then run svn update (see above).
  
 
==Securing MediaWiki==
 
==Securing MediaWiki==

Revision as of 15:03, 20 October 2009

An overview and record of strategies to install mediawiki the first time, and maintain and upgrade it.

See also Debian installation for the underlying server.


First time MediaWiki installation

The first installation was made under mediawiki 1.14. We decided to directly follow the Wikipedia versions by checking out the Trunk revisions. Following [1]:

mkdir /usr/share/mediawiki; cd /usr/share/mediawiki
# Checking out head revision for main and extensions
svn checkout http://svn.wikimedia.org/svnroot/mediawiki/trunk/phase3
svn checkout http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions
apt-get install imagemagick

Notes: "phase3" contains the main application, "extensions" the extension code. (Alternative for a more fixed version would be: svn checkout http://svn.wikimedia.org/svnroot/mediawiki/branches/REL1_13/phase3).

Also, for testing subversion updates, we checkout the wiki a second time into a staging folder:

mkdir /usr/share/mediawikistaging; cd /usr/share/mediawikistaging
svn checkout http://svn.wikimedia.org/svnroot/mediawiki/trunk/phase3
svn checkout http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions

We want to run multiple mediawiki instances on one server. We created a special, "mixed" form of linking, where the LocalSettings.php, the config and image folder are local, and the rest is linked, following instructions here (an alternative method would probably create problems with the maintenance scripts). Later we detected a page probably equivalent to our method (its source?) which may be helpful if problems should arise (but we did not use it yet). We created this mixed linked/local for a "/var/www/wiki-template" folder:

md /var/www/wiki-template; cd /var/www/wiki-template/
# it is important not to add any further "/" anywhere:
ln -s /usr/share/mediawiki/phase3/* .
rm -rf config
cp -vpRP /usr/share/mediawiki/phase3/config .
rm -rf images ## may have changed since, check
cp -vpRP /usr/share/mediawiki/phase3/images .

For installation, we need to make the config folder writable by the webserver, for media files some folders within images need to be writable. Also we renamed "images" to "media"

cd /var/www/wiki-template/; chmod 755 config
mv images media
chmod 777 media
cd /var/www/wiki-template/media/; mkdir archive; mkdir thumb; mkdir temp
chmod 755 archive; chmod 755 thumb; chmod 755 temp

To enable the display of svn revision numbers on Special:Version pages (as can be seen on the Wikimedia foundation wikis), one also must create a .svn link in each wiki folder from pointing to .svn in phase3.

Change Owner of media folder; NOT DONE, seems to be not necessary: (user "www-data" = apache user, confirmed to be present on Debian and most parts of apache run under this, ps -ef): chown www-data: media/


Email: Setting up the email functions requires either a local server, or for external server setting $wgSMTP. It also first requires to install the Mail.php functionality:

apt-get install php-mail php-net-smtp

then add to LocalSettings.php:

ini_set("include_path", ".:$IP:$IP/includes:$IP/languages:/usr/share/php/:/usr/share/php/PEAR/");
$wgSMTP = array(
'host'     => "160.45.63.40",
'IDHost'   => "bgbm.org",
'port'     => 25,
'auth'     => true,
'username' => "xxx123",
'password' => "xxx123xxx123xxx123"
);

Cloning a new wiki

Any code above needs to be run only the first time. From then on, the template can be reused to clone instances (where "NEW-WIKI" is replaced with the name for your wiki):

cd /var/www/; cp -r wiki-template NEW-Wiki
cd /var/www/NEW-Wiki; chmod a+w config; chmod a+w media

followed by the install process in a web browser (http://..../NEW-Wiki/config/index.php)

Short note for later installs: do not forget to set localhost:8088 with port and UTF-8 character set. Add root superuser, the wikiuser has very limited rights (table insert to delete, create temp tables only, not including create table privileges).

Full notes for settings made on the web forms of the MediaWiki installation: For the DPG (society of phytopathologists in Germany): Name=DPG, contact email gh, language de, License: Creative Commons, choose non-commercial, share-alike, Admin name: WikiSysop, (password noted separate), caching memcached 127.0.0.1:11211, email options left default (or user-to-user disabled), DB config: MySQL, localhost:8088 (the port on which we operate mysql), databasename: pmedwiki, user name wikiuser, (password noted separate). adding root credentials so that wikiuser and tables can be created (wikiuser has insufficient rights). No database table prefix (originally we DID use prefixes and a single db, however, that prevents to ever use the single-sign-on mechanism...), engine=InnoDB, character set changed to UTF-8. Click Install, move LocalSettings.php to the parent directory, remove the config folder:

cd /var/www/NEW-Wiki/; mv config/LocalSettings.php .; rm -rf config

For each wiki add to the virtual host configuration (e.g. to /etc/apache2/sites-available/default):

Alias /NEW-Wiki-VIRTUAL /var/www/NEW-WIKI/index.php

and restart Apache2 gracefully:

 /usr/sbin/apache2ctl -k graceful
 # or not graceful: /usr/sbin/apache2ctl -k restart

For each wiki using ShortURLs, the robot.txt must be updated.

Some extensions need execution of a sql command for each db (where "DBNAME" and "DBUSER" are replaced with actual db name and user) (ls /var/www/NEW-Wiki/extensions/*.sql):

 mysql -u USER -p DBNAME < /usr/share/mediawiki/extensions/ConfirmAccount/ConfirmAccount.sql
 mysql -u USER -p DBNAME < /usr/share/mediawiki/extensions/OpenID/openid_table.sql
 echo "CREATE VIEW dpl_clview AS SELECT IFNULL(cl_from, page_id) AS cl_from, IFNULL(cl_to, ) AS cl_to, cl_sortkey FROM page LEFT OUTER JOIN categorylinks ON page_id=cl_from;" | mysql -u USER -p DBNAME

Similar tables would be needed for the OAI (OpenArchiveInitiative) extension. The documentation is very poor so that THIS IS NOT YET APPLIED AND THE EXTENSION DISABLED FOR THE TIME BEING! ARE ALL TABLES COVERED BELOW?

 mysql -u USER -p DBNAME < /usr/share/mediawiki/extensions/OAI/oaiaudit_table.sql  
 mysql -u USER -p DBNAME < /usr/share/mediawiki/extensions/OAI/oaiharvest_table.sql  
 mysql -u USER -p DBNAME < /usr/share/mediawiki/extensions/OAI/oaiuser_table.sql  
 mysql -u USER -p DBNAME < /usr/share/mediawiki/extensions/OAI/update_table.sql
 

To simplify the setup, we have extracted the common settings from LocalSettings.php into a file called MediaWikiCommonSettings.php directly in the www-root. Usually, because of the manual change to MediaWikiCommonSettings.php, we manually modify a template LocalSettings.php from any wiki and use it instead of the one created by the install process.

Note: virtual wiki path in lower case is preferable, because it helps to highlight the page title (having Title-Case)!

Notes: Using "commons" for image is problematic because easily confused with wikipedia (and the desirable WP interwiki link). "Media" is bad because existing "media:" prefix. Currently, we use m script and openmedia rewrite path inside species-id as a media repository.

Configuration after setup

  • Logo changed in each LocalSettings
  • Short_URL see: http://www.mediawiki.org/wiki/Manual:Short_URL
  • Timezone settings added: ( #Set Default Timezone: // $wgLocaltimezone="Europe/Berlin"; // $wgLocalTZoffset = +120; // putenv("TZ=$wgLocaltimezone");)
  • Security information on preventing editing by anonymous users and user-creation options under Preventing_Access; we added following to MediaWikiCommonSettings.php:
$wgEnableUploads  = true; # (Make sure the php.ini settings are correct, see above)
$wgMaxImageArea = 5e7; # Default is 1.25e7.
  # (support thumb generation for large line drawings which may only be 1.4 MB but larger 5000 px)
# Disable anonymous editing
$wgGroupPermissions['*']['edit'] = false;
# Prevent new user registrations except by sysops
$wgGroupPermissions['*']['createaccount'] = false;

(Perhaps see also a blog describing this method). A better method than limiting creation to sysops it the ConfirmAccount extension, which we installed (see extensions below).


Enabling extensions

The first part, establishing the symbolic links, must be done once for the subversion-managed mediawiki installation. Normally further actions are necessary (LocalSettings.php) for each wiki, but we perform them centrally in MediaWikiCommonSettings.php. Yet some db-specific actions are necessary for some extensions, see at the end. Most extensions are already available through the subversion download. Symbolic links are created to enable selected extensions, initially for:

cd /usr/share/mediawiki/phase3/extensions
ln -s ../../extensions/CategoryTree
ln -s ../../extensions/CentralAuth
ln -s ../../extensions/CentralNotice
ln -s ../../extensions/CharInsert
ln -s ../../extensions/Cite
ln -s ../../extensions/ConfirmAccount
ln -s ../../extensions/ConfirmEdit
ln -s ../../extensions/CrossNamespaceLinks
ln -s ../../extensions/DismissableSiteNotice
ln -s ../../extensions/DynamicPageList
ln -s ../../extensions/ExpandTemplates
ln -s ../../extensions/FlaggedRevs
ln -s ../../extensions/Gadgets
ln -s ../../extensions/GoogleMaps
ln -s ../../extensions/intersection
ln -s ../../extensions/Interwiki
ln -s ../../extensions/ImageMap
ln -s ../../extensions/inputbox
# No longer used (now using MediaFunctions): ln -s /usr/share/mediawiki/NonSvnExtensions/ImageSizeInfoFunctions
ln -s /usr/share/mediawiki/NonSvnExtensions/LinkedImage
# NOT: MakeBot, Makesysop, both now core functionality (although still listed as extension in en/de wikipedia)
ln -s ../../extensions/MathStatFunctions
ln -s ../../extensions/MediaFunctions
ln -s ../../extensions/MultiUpload
ln -s ../../extensions/MWSearch
ln -s /usr/share/mediawiki/NonSvnExtensions/IdentificationTool
ln -s ../../extensions/OAI
ln -s ../../extensions/OpenID
ln -s ../../extensions/Oversight
ln -s ../../extensions/PasswordReset
ln -s ../../extensions/ParserFunctions
ln -s /usr/share/mediawiki/NonSvnExtensions/RawFile
ln -s ../../extensions/Renameuser
ln -s ../../extensions/ReplaceText
ln -s ../../extensions/SemanticMediaWiki
ln -s ../../extensions/SharedUserRights
# Following two not in subversion:
ln -s /usr/share/mediawiki/NonSvnExtensions/ShibbolethAuthentication
ln -s /usr/share/mediawiki/NonSvnExtensions/SQL2Wiki
ln -s ../../extensions/StringFunctions
ln -s ../../extensions/SyntaxHighlight_GeSHi
ln -s ../../extensions/TitleKey
ln -s ../../extensions/TreeAndMenu


This is further necessary to self-written extensions such as:

ln -s /usr/share/mediawiki/NonSvnExtensions/IdentificationTool
ln -s /usr/share/mediawiki/NonSvnExtensions/MetadataHarvester

Only for Key to Nature the following special extensions are linked in:

cd /usr/share/mediawiki/phase3/extensions
ln -s /usr/share/mediawiki/NonSvnExtensions/AddScriptCss
ln -s /usr/share/mediawiki/NonSvnExtensions/StubManager
ln -s /usr/share/mediawiki/NonSvnExtensions/VideoFlash


SyntaxHighlight needs an additional checkout from a different source:

cd /usr/share/mediawiki/extensions/SyntaxHighlight_GeSHi
svn checkout http://geshi.svn.sourceforge.net/svnroot/geshi/trunk/geshi-1.0.X/src/ geshi

The CentralAuth extension needs to create the following tables a single time (file CentralAuth/central-auth.sql, stored here for immediate repetition, but may be obsolete with software updates):

CREATE TABLE globalnames (gn_name varchar(255) binary not null, primary key (gn_name)) TYPE=InnoDB; CREATE TABLE localnames (ln_wiki varchar(255) binary not null, ln_name varchar(255) binary not null, primary key (ln_wiki, ln_name), key (ln_name, ln_wiki)) TYPE=InnoDB; CREATE TABLE globaluser (gu_id int auto_increment, gu_name varchar(255) binary, gu_enabled varchar(14) not null, gu_enabled_method enum('opt-in', 'batch', 'auto', 'admin'), gu_home_db varchar(255) binary, gu_email varchar(255) binary, gu_email_authenticated char(14) binary, gu_salt varchar(16) binary, gu_password tinyblob, gu_locked bool not null default 0, gu_hidden bool not null default 0, gu_registration varchar(14) binary, gu_password_reset_key tinyblob, gu_password_reset_expiration varchar(14) binary, gu_auth_token varbinary(32) NULL, primary key (gu_id), unique key (gu_name), key (gu_email)) TYPE=InnoDB; CREATE TABLE localuser (lu_wiki varchar(255) binary not null, lu_name varchar(255) binary not null, lu_attached_timestamp varchar(14) binary, lu_attached_method enum ('primary', 'empty', 'mail', 'password', 'admin', 'new', 'login'), primary key (lu_wiki, lu_name), key (lu_name, lu_wiki)) TYPE=InnoDB; CREATE TABLE global_user_groups (gug_user int(11) not null, gug_group varchar(255) not null, PRIMARY KEY (gug_user,gug_group), KEY (gug_user), key (gug_group)) TYPE=InnoDB; CREATE TABLE global_group_permissions (ggp_group varchar(255) not null, ggp_permission varchar(255) not null, PRIMARY KEY (ggp_group, ggp_permission), KEY (ggp_group), KEY (ggp_permission)) TYPE=InnoDB;


In LocalSettings/CommonSettings, add the following corresponding code at the end (requires updating!):

# EXTENSIONS:
# MakeBot, MakeSysop are still listed in en/de wikipedia, but obsolete, now in core!
$wgUseAjax = true; // needed for CategoryTree
require_once("$IP/extensions/CategoryTree/CategoryTree.php");
#### DISABLED: (configuration problems) #####require_once("$IP/extensions/CentralAuth/CentralAuth.php");
 ##this needs configuration of http://www.mediawiki.org/wiki/Manual:%24wgConf, which must occurs after the specific settings, see
require_once("$IP/extensions/CharInsert/CharInsert.php");
require_once("$IP/extensions/Cite/SpecialCite.php"); 

# ConfirmAccount needs email enabled! Otherwise users can't get their passwords...
#### DISABLED #####require_once("$IP/extensions/ConfirmAccount/SpecialConfirmAccount.php");
 $wgMakeUserPageFromBio = true; // Set the person's bio as their userpage?
 $wgAutoUserBioText = ; // Text to add to bio pages if the above option is on
 $wgAutoWelcomeNewUsers = true;
 $wgUseRealNamesOnly = false; // Make the username of the real name? DEFAULT was true
 $wgConfirmAccountRejectAge = 30 * 24 * 3600; // 1 month = How long after accounts have been requested/held before they count as 'rejected'
 $wgAccountRequestThrottle = 5; // How many requests can an IP make at once; DEFAULT was 1, but this is for firewalled users
 $wgAccountRequestMinWords = 3; // Minimum biography specs (original was 50)
 $wgAccountRequestToS = false; // Show ToS checkbox
 $wgAccountRequestExtraInfo = true; // Show confirmation info fields
 # If set, will add  to userpages for auto-categories.
 # The sortkey will be made be replacing the first element of this array
 # (regexp) with the second. Set this variable to false to avoid sortkey use.
 $wgConfirmAccountSortkey = true;
 $wgConfirmAccountSortkey = array( '/^(.+) ([^ ]+)$/', '$2, $1' );  // this will do Warning: Default sort key "firstname, lastname" overrides earlier default sort key "sortkey".
 # If ConfirmEdit is installed and set to trigger for createaccount, inject catpchas for requests too?
 $wgConfirmAccountCaptchas = false; // DEFAULT was true, but this seems redundant
 $wgAllowAccountRequestFiles = false; // Default was false
 # $wgGroupPermissions['*']['createaccount'] = false;
 # $wgGroupPermissions['bureaucrat']['confirmaccount'] = true; 
 # $wgGroupPermissions['bureaucrat']['requestips'] = true; // This right has the request IP show when confirming accounts
 $wgConfirmAccountNotice = true; // Show notice for open requests to admins? Cached, but may still be expensive for thousands of requests.
require_once("$IP/extensions/ConfirmEdit/ConfirmEdit.php" );
 # ConfirmEdit configuration:
 $wgGroupPermissions['*'            ]['skipcaptcha'] = false;
 $wgGroupPermissions['user'         ]['skipcaptcha'] = false;
 $wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;
 $wgGroupPermissions['bot'          ]['skipcaptcha'] = true; 
 $wgGroupPermissions['sysop'        ]['skipcaptcha'] = true;
 $wgCaptchaTriggers['edit']          = false; 
 $wgCaptchaTriggers['create']        = false; 
 $wgCaptchaTriggers['addurl']        = false; 
 $wgCaptchaTriggers['createaccount'] = true;
 $wgCaptchaTriggers['badlogin']      = true;
require_once("$IP/extensions/CentralNotice/CentralNotice.php");
require_once("$IP/extensions/CrossNamespaceLinks/SpecialCrossNamespaceLinks.php");
require_once("$IP/extensions/DismissableSiteNotice/DismissableSiteNotice.php");
#add DynamicPageList Extension, used e.g. for automatic event listing on key2nature. See also: http://semeb.com/dpldemo/
require_once("$IP/extensions/DynamicPageList/DynamicPageList2.php"); 
### enabling FlaggedRevs requires many further actions (sql)!
 ### include_once("$IP/extensions/FlaggedRevs/FlaggedRevs.php");
require_once("$IP/extensions/ExpandTemplates/ExpandTemplates.php");
require_once("$IP/extensions/Gadgets/Gadgets.php"); 

## GoogleMapsExtension: This may have to be moved to individual wikis or secondary commons files, since it is URL dependend
 ## Key for http://www.phytopathology.net/: 
 $wgGoogleMapsKey = "ABQIAAAAtIv2htpKQclAQPE21vjSBBSL1aXnaBCy0UI5nOCX2jho6QpXrBTEjwGjkp6B0qEgN34MXgC9JE17Ag";
## GoogleMaps temporarily disabled again, it adds huge amounts of JavaScript to each page!
## xyyfafxy<xykeopkfdrequire_once("$IP/extensions/GoogleMaps/GoogleMaps.php"); 

include_once("$IP/extensions/IdentificationTool/IdentificationTool.php"); /* OUR OWN EXTENSION */
require_once("$IP/extensions/ImageMap/ImageMap.php");
require_once("$IP/extensions/inputbox/inputbox.php");
### DISABLED, undocumented usage, unclear whether conflicting with full DynamicPageList:
  ### require_once("$IP/extensions/intersection/DynamicPageList.php");
require_once("$IP/extensions/Interwiki/SpecialInterwiki.php");
 $wgGroupPermissions['*']['interwiki'] = false;
 $wgGroupPermissions['sysop']['interwiki'] = true;
 # an additional user group is possible, bureaucrats can assign this:
 # $wgGroupPermissions['interwiki']['interwiki'] = true;
include_once("$IP/extensions/LinkedImage/LinkedImage.php");
require_once("$IP/extensions/MathStatFunctions/MathStatFunctions.php");
require_once("$IP/extensions/MultiUpload/SpecialMultipleUpload.php");
### DISABLED, SQL ADDITIONS NEEDED, NO DOCUMENTATION ON USE: 
  ### require_once("$IP/extensions/OAI/OAIRepo.php");
### OpenID: DISABLED! The libraries are installed, the sql executed, but when enabling and navigating to special pages an error occurs
  ### require_once("$IP/extensions/OpenID/OpenID.setup.php"); 

require_once("$IP/extensions/ParserFunctions/ParserFunctions.php");
## Allow Sysops to reset passwords:
require_once("$IP/extensions/PasswordReset/PasswordReset.php");
 $wgGroupPermissions['sysop']['passwordreset']   = true;
require_once("$IP/extensions/RawFile/RawFile.php");
require_once("$IP/extensions/Renameuser/SpecialRenameuser.php" );
include_once("$IP/extensions/ReplaceText/ReplaceText.php");
### NOT YET ENABLED: SEMANTIC MEDIA WIKI. See http://semantic-mediawiki.org/wiki/Help:Installation
 ### require_once("$IP/extensions//SemanticMediaWiki/includes/SMW_Settings.php");
 ### enableSemantics('example.org'); # where example.org should be replaced by your server's name (or IP address). 
include_once("$IP/extensions/SQL2Wiki/SQL2Wiki.php");
### NOT YET ENABLED: ShibbolethAuthentication, folder linked, not yet tested or activated
require_once("$IP/extensions/StringFunctions/StringFunctions.php");
require_once("$IP/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.php");
### DO NOT ENABLE TitleKey without a good reason. Without it being installed, searching for articles DOES work case-insensitive already. No further explanations could be found.

Additional actions for some extensions:

  • CharInsert requires after standard installation to create/edit MediaWiki:Edittools
    • Good templates are found (but respect the license!) at en.wikipedia or de.wikipedia.
    • The english WP uses a mixture of direct use and Javascript; it requires also MediaWiki:Edittools.js
    • The place where MediaWiki:Edittools.js is being activated needs still to be found! TODO!
  • ConfirmAccount needs sql commands for each db; details under cloning wikis above.
  • OpenID requires the openidenabled.com 2.x libraries. Debian 4 support those only as backports, so make sure the repository has been added (see above). Then issue apt-get install python-openid. Additional sql code is needed; details under cloning wikis above.
  • (Cite may also need additional action, although the mentioned cite layout file is already present. Nothing done so far, needs testing)
  • (Sitenotice: It is possible to set one in LocalSettings.php, but better method is MediaWiki:Sitenotice)
  • Todo:
    • FlaggedRevs has a number of things to do, not yet done
    • install lucene (links on MWSearch page), add and install MWSearch extension

Note: according to testing by Evolaris, the CentralNotice extension is slowing down the Wiki functionality significantly, by loading <script type="text/javascript" src="http://smorgasbord.local/trunk/index.php/Special:NoticeLoader"></script> from external sites. We may want to disable this function again. the function occurs on both KeyToNature and the JKI installations. Note that, although the en and de Wikipedias themselves use the extension, the script does not appear there!!!

WYSIWIG-editor integration (FCKeditor, FAILED!!!)

Note: Integration and SVN setup of FCKEditor have changed a lot, and some information refers to older version with separate svn checkout. In never versions, the checkout is integrated. The older version did not work for us, the newer could be tested around 2009-03, but due to its desire to hide all template, reference, etc. information from users in a non-intutitive way (templates just become a colored T, very likely to be deleted by normal, non-programmer persons) it was considered unusable. The audience of FCKEditor for mediawiki seem to be more programmers than normal users.

Check: http://www.mediawiki.org/wiki/Extension:FCKeditor_(by_FCKeditor_and_Wikia)

Open Questions

  • TODO: Quiz: the building tool adopted by Wikiversity! This one comes close to identification tools!


  • Install and test Extension:CentralAuth. The special tables are created in wikidb, and a variant for CommonSettings2.php exists in the root. However, configuring the wgConfig variable remained unclear for a config with with prefixed tables for multiple wikis in a single database. Could not get it to work...
    • CentralAuth is confirmed not to work at present when multiple wikis are kept in a single DB, separated by table prefixes.
    • Instead we configured one Wiki-database to manage the users from all Wikis (using the localsettings variable $wgSharedDB). This provides single identity, although not single sign-on.
    • If we fail to get this running, drop the tables again: DROP TABLE globalnames; DROP TABLE localnames; DROP TABLE globaluser; DROP TABLE localuser; DROP TABLE global_user_groups; DROP TABLE global_group_permissions;
  • GoogleMapsExtension
  • Configure Gadgets Extension, extension is running but no gadgets are active yet (wikED would be nice).
  • MWSearch (NEEDS LUCENE FIRST)
  • TitleKey (probably not necessary when MWSearch is active, Article name search is case-insensitive)
  • OAI (installation problems, sql queries remained unclear)
  • SemanticMediaWiki (no sql queries needed)
  • Under Review, potential security thread: SQL2Wiki
  • Not activated: LdapAuthentication' (http://www.mediawiki.org/wiki/Extension:LDAP_Authentication)
  • Considered: DataTable', Glossary (both currently not in subversion-extensions), PDF Export,
  • Intersection has been disabled again, lack of usage documentation, may conflict with DynamicPageList (Same php file name, same tag??). They have similar purposes, but Intersection is used on WikiNews, DynamicPageList not.
    • Update: Intersection/DynamicPageList is documented here, the names are just confusing!

Importing Data

The Web interface under Special:Import will create extra revisions (in addition to those imported) designating the importing user. If you don't want to document who did a transfer, it may therefore be desirable to use the command-line version (see below). For the web import it may be desirable to create a special "Import-User" so that the name better documents authorship than using a normal username during upload of the xml file. Important creates two revisions for each page: Revision 1 is the imported revision, Revision 2 is the revision documenting the import process. If the imported data alone document this (e.g. when they already are using Import-User and an appropriate comment), it is possible to delete the second revisions in the database (assuming Import-User has ID=4):

Delete FROM PREFIX_revision 
  WHERE PREFIX_revision.rev_user=4 AND PREFIX_revision.rev_minor_edit=1;
--Then need to fix the latest revision stored in page:
UPDATE PREFIX_revision AS R2 INNER JOIN 
  (PREFIX_page LEFT JOIN PREFIX_revision AS R1 ON PREFIX_page.page_latest=R1.rev_id) 
  ON R2.rev_page=PREFIX_page.page_id 
  SET page_latest=R2.rev_id WHERE R1.rev_id Is Null


Import from commandline: transfer the xml file to the server, and execute (example):

cd /var/www/v-species/n; php ./maintenance/importDump.php /var/www/v-species/n/TheFile.xml --conf ./LocalSettings.php
php ./maintenance/rebuildall.php --conf ./LocalSettings.php

(After import at least rebuildrecentchanges is necessary, or rebuildall - the latter may be very slow.)

Backup/Restore

For just the database see: http://www.mediawiki.org/wiki/Manual:Backing_up_a_wiki. A more complete script can be found here: http://www.mediawiki.org/wiki/User:Flominator/Backup_MW - this also backups the folder with uploads (media). Based on that source, adapted scripts were created, execute as:

cd /var/backups/scripts/; ./backup-mw.sh

The additional backup-mw.php script can potentially be used within www to directly create and download a copy of the mediawiki. We are testing this as a measure to build trust.

In addition, to create an xml dump, make sure a link to AdminSettings.php exists in the current wiki folder and the maintenance folder is temporarily copied, then run, e.g.:

cd /var/www/v-k2n/w/maintenance # replace path with actual wiki path
php dumpBackup.php --full > /var/backups/wikis/k2n-full.xml
php dumpBackup.php --logs > /var/backups/wikis/k2n-logs.xml

(Note: --logs may not yet be working under version 1.12, it works in 1.14)

To restore such a xml-dump, remove tables and create new tables with default values in mysql, then:

cd /var/www/WIKINAME;  # (replace path with actual wiki path!)
php ./maintenance/importDump.php /var/backups/wikis/k2n-full.xml --conf ./LocalSettings.php
php ./maintenance/rebuildrecentchanges.php --conf ./LocalSettings.php    # absolutely necessary
## If backlinks etc. do not work, or extensions had to be disabled, use (Very slow!!!!):
php ./maintenance/rebuildall.php  --quick --conf ./LocalSettings.php

Notes: In our experience, some extensions may create problems during reimport. We found GoogleMaps and DynamicPageList to cause importDump to abort. After disabling these two extensions, the import worked correctly. However, all DPL pages are then still cached without proper DPL rendering even after re-enabling both extensions. Running rebuildall.php fixed this.

Example restore for testing of the wikimediafoundation commons xml-dump:

cd /var/www/wmf-commons; php ./maintenance/importDump.php  /mnt/wpTest/commonswiki-pages-articles.xml  --conf ./LocalSettings.php

Maintenance scripts

(see http://www.mediawiki.org/wiki/Manual:Maintenance_scripts)

In /usr/share/mediawiki/phase3/ copy AdminSettings.sample to AdminSettings.php, create a new user wikiadmin for mysql with localhost only, and edit AdminSettings.php accordingly. Then, for each wiki, in /var/www/wikifolder/, a symlink must be created linking to /usr/share/mediawiki/phase3/AdminSettings.php. Since we have a symlinked installation, installations scripts must run like:

php /var/www/wikifolder/maintenance/rebuildall.php   --conf /var/www/wikifolder/LocalSettings.php
php /var/www/wikifolder/maintenance/importImages.php --conf /var/www/wikifolder/LocalSettings.php /var/www/wikifolder/media/newimages .jpg .png .svg

Rebuild all is necessary after external text, sql, or xml imports.

Rarely, the SVN upgrading of Mediawiki may require an upgrade of the database structures. Again, the update.php must be called with symlink-compatible syntax. Examples:

cd /var/www/metawiki; php ./maintenance/update.php  --quick --conf ./LocalSettings.php
cd /var/www/testwiki; php ./maintenance/update.php  --quick --conf ./LocalSettings.php
cd /var/www/v-k2n/w;  php ./maintenance/update.php  --quick --conf ./LocalSettings.php
cd /var/www/v-k2n/it;  php ./maintenance/update.php  --quick --conf ./LocalSettings.php
cd /var/www/v-lias/w;  php ./maintenance/update.php  --quick --conf ./LocalSettings.php
cd /var/www/v-phytomed/w; php ./maintenance/update.php  --quick --conf ./LocalSettings.php
cd /var/www/v-phytopathology/w; php ./maintenance/update.php  --quick --conf ./LocalSettings.php
cd /var/www/v-rosaceae/w;  php ./maintenance/update.php  --quick --conf ./LocalSettings.php
cd /var/www/v-species/n;   php ./maintenance/update.php  --quick --conf ./LocalSettings.php
cd /var/www/v-species/o;   php ./maintenance/update.php  --quick --conf ./LocalSettings.php
cd /var/www/v-species/w;   php ./maintenance/update.php  --quick --conf ./LocalSettings.php
cd /var/www/v-workbench/w; php ./maintenance/update.php  --quick --conf ./LocalSettings.php


Table corruption: rebuildall.php may report that a table, especially searchindex (which is MyISAM even if other tables are InnoDB) is corrupt and needs to be repaired. In phpmyadmin, open a sql window for the affected database, and issue: truncate table searchindex;. Running rebuildall.php afterwards concluded the repair in a case we had.

MediaWiki configuration tips

Configuring MediaWiki:Sidebar: New options July 2008, see [2]

It may be useful to copy the contents of http://en.wikipedia.org/wiki/MediaWiki:Common.css and http://en.wikipedia.org/wiki/MediaWiki:Monobook.css into the Mediawiki:Common.css and MediaWiki:Monobook.css pages of each Wiki where you may want to use copied things e.g. templates from wikipedia.


MediaWiki upgrading

To upgrade Mediawiki first run the update on the staging version (= testwiki, http://biowikifarm.net/test):

cd /usr/share/mediawikistaging/; svn update phase3 extensions
# Optionally add other updates:
apt-get update
apt-get upgrade
cd /usr/share/; svn update phpmyadmin-dev

After testing and verifying functionality, also update the production version (where "-r52502" indicates to update precisely to revision 52502; this should always be the value of the tested revision from staging / test wiki!):

cd /usr/share/mediawiki; svn update phase3 extensions  -r52502

Occasionally the database structure may have to be upgraded; see Maintenance scripts above.

File uploading and Mime types

Uploading files with extensions and Content types (MIME types) usually not allowed on wikis: The default of normally allowed extensions is listed $wgFileExtensions in /includes/DefaultSettings.php (which should never be edited). To allow additional extensions override $wgFileExtensions in LocalSettings.php.

There are also $wgMimeTypeBlacklist and $wgFileBlacklist for file extensions and MIME types that are never allowed for security reasons, even if added to $wgFileExtensions. If needed for special purposes and considered safe, they can be commented out in these blacklists in LocalSettings.php.

If there is still the error message "The file is corrupt or has an incorrect extension. Please check the file and upload again", the reason can be that the file you want to upload has a MIME type for which only certain file extensions are allowed in /includes/mime.types and has an extension not listed there. If considered safe, the extension can be added in that file. The mime type can be determined with the command file -i filename. Note: Files that are changed manually are then excluded from svn update. To drop own changes and get back to the svn version delete the file and then run svn update (see above).

Securing MediaWiki

See http://www.mediawiki.org/w/index.php?title=Manual:Security

Logging/Debugging

For debugging, you may enable logging of debug and error messages:

  1. create a log-file somewhere
 touch /var/www/v-k2n/w/log.txt
 chmod 777 /var/www/v-k2n/w/log.txt
  1. edit LocalSettings.php and add the following line after the line including the DefaultSettings.php:
 $wgDebugLogFile = "/var/www/v-k2n/w/log.txt";

Note, that the logfile will get quite big pretty fast, so you should switch on the logging only for short periods of time, and delete the logfile after you're done.