Install Your Own Wiki with Mediawiki on RHEL/CentOS 7

Page content

− Install PostgreSQL 10 on CentOS 7
− Install the latest PHP

MediaWiki Prerequisites

Install PostgreSQL 10 on CentOS 7

Repo: https://yum.postgresql.org/10/redhat/rhel-7-x86_64/

Install PostgreSQL repository in your system

sudo rpm -Uvh https://yum.postgresql.org/10/redhat/rhel-7-x86_64/pgdg-centos10-10-2.noarch.rpm

Install PostgreSQL server & development shared library

sudo yum install postgresql10-server postgresql10 postgresql10-devel

Initialize it before using for the first time.

/usr/pgsql-10/bin/postgresql-10-setup initdb

By default, PostgreSQL does not allow password authentication. We will change that by editing its hostbased authentication (HBA) configuration.

Open the HBA configuration with your favorite text editor.

sudo vi /var/lib/pgsql/10/data/pg_hba.conf

Edit the corresponding lines to have:

host    all             all             127.0.0.1/32            md5
host    all             all             ::1/128                 md5

Save and exit. PostgreSQL is now configured to allow password authentication.

Start PostgreSQL server

To start PostgreSQL service, run:

systemctl start postgresql-10

To enable PostgreSQL on system startup, run:

systemctl enable postgresql-10

To check the status of PostgreSQL service, run:

systemctl status postgresql-10

PostgreSQL setup

we’ll create a database named wikidb, owned by a user named wikiuser. From the command-line, as the postgres user

sudo -i -u postgres

… perform the following steps.

createuser -S -D -R -P -E wikiuser 
# (then enter the password)
createdb -O wikiuser wikidb

-S The new user will not be a superuser. This is the default.
-D The new user will not be allowed to create databases. This is the default.
-R The new user will not be allowed to create new roles. This is the default.
-P If given, createuser will issue a prompt for the password of the new user. This is not necessary if you do not plan on using password authentication.
-E Encrypts the user’s password stored in the database. If not specified, the default password behavior is used.

Install the latest PHP

Install Remi repository

Source: https://www.if-not-true-then-false.com/2010/install-apache-php-on-fedora-centos-red-hat-rhel

Before we can actually install Remi Dependency, we need to enable the EPEL repository first. In Fedora it should be enabled by default, but under RHEL/CentOS 7 you will need to do:

# Install epel-release rpm
sudo rpm -Uvh https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# Install epel-release rpm package
sudo yum install epel-release
# Install remi-release rpm
sudo rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
# Install remi-release rpm package
sudo yum --enablerepo=remi install remi-release

Install Apache (httpd) Web server and PHP

Remi will not enabled by default, when you need it just do

sudo yum --enablerepo=remi,remi-php72 install httpd php php-common
sudo systemctl restart httpd.service

Install PHP modules

OPcache (php-opcache) – The Zend OPcache provides faster PHP execution through opcode caching and optimization.
APCu (php-pecl-apcu) – APCu userland caching
CLI (php-cli) – Command-line interface for PHP
PEAR (php-pear) – PHP Extension and Application Repository framework
PDO (php-pdo) – A database access abstraction module for PHP applications
MySQL (php-mysqlnd) – A module for PHP applications that use MySQL databases
PostgreSQL (php-pgsql) – A PostgreSQL database module for PHP
MongoDB (php-pecl-mongodb) – PHP MongoDB database driver
Redis (php-pecl-redis) – Extension for communicating with the Redis key-value store
Memcache (php-pecl-memcache) – Extension to work with the Memcached caching daemon
Memcached (php-pecl-memcached) – Extension to work with the Memcached caching daemon
GD (php-gd) – A module for PHP applications for using the gd graphics library
XML (php-xml) – A module for PHP applications which use XML
MBString (php-mbstring) – A module for PHP applications which need multi-byte string handling
MCrypt (php-mcrypt) – Standard PHP module provides mcrypt library support

sudo yum --enablerepo=remi,remi-php72 install php-pecl-apcu php-cli php-pear php-pdo php-mysqlnd php-pgsql php-pecl-mongodb php-pecl-memcache php-pecl-memcached php-gd php-mbstring php-mcrypt php-xml
sudo systemctl restart postgresql-10

Start Apache HTTP server (httpd) and autostart Apache HTTP server (httpd) on boot

sudo systemctl start httpd ## use restart after update
sudo systemctl enable httpd

Create test PHP page to check that Apache, PHP and PHP modules are working

Give to your current user read write access

sudo setfacl -Rm u:username:rwx /var/www

Edit a test.php page

vi /var/www/html/index.php

Add to that file a phpinfo() function to check your PHP settings.

<?php
    phpinfo();

Open the page http://localhost/test.php to see the result. If you encounter a 403 error message, read the below section.

Allow access to the web server

Source: https://www.security-helpzone.com/2017/02/20/centos-7-apache-2-4-resoudre-acces-403-forbidden/

By default SELinux prevented Apache from serving my files, even in read mode: hence a 403 error, forbidden access.

When you have finished installing Apache, ensures apache (through the apache group) has read-write access.

sudo chown -R apache:apache /var/www ## chown defines who owns the file

Modify permissions a little bit to ensure that read access is permitted to the general web directory, and all of the files and folders inside, so that pages can be served correctly

cd /var/www/html
## chmod defines who can do what
sudo find . -type d -exec chmod 0755 {} \;
sudo find . -type f -exec chmod 0644 {} \;

SELinux protects web services, check if SELinux is enabled.

sestatus

If SELinux is in “enforce” mode, then SELinux is enabled. To see if it’s a problem, turn it off, and then retest your URL.

sudo setenforce 0

If it works, allow Apache to serve web content:

sudo chcon -R -t httpd_sys_rw_content_t /var/www/

Enable SELinux again.

sudo setenforce 1

Enable Remote Connection to Apache HTTP Server (httpd)

To enable remote connection to Apache HTTP Server (httpd) open web server port (80) on Iptables Firewall. Follow the 2. from https://www.if-not-true-then-false.com/2010/install-apache-php-on-fedora-centos-red-hat-rhel/

Install MediaWiki

Check the MediaWiki version you want to install: https://releases.wikimedia.org/mediawiki

Download MediaWiki.

cd ~/Downloads
wget https://releases.wikimedia.org/mediawiki/1.32/mediawiki-1.32.2.tar.gz

Unpack the package.

tar xzf mediawiki-1.32.2.tar.gz

Move MediaWiki files to your webroot directory /var/www/html

mkdir /var/www/html/mediawiki
mv mediawiki-1.31.0-rc.0/* /var/www/html/mediawiki

Permit PHP to connect to PostgreSQL

Source: https://stackoverflow.com/questions/27749691/php-cant-connect-to-postgresql-on-centos-7

SELinux could block your database connection.

Make sure that you set the correct boolean to allow your web application to talk to the database:

sudo setsebool -P httpd_can_network_connect_db 1

Setup file uploads permissions

Reference: https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads

The following needs to be set in php.ini:

file_uploads = On

Set in LocalSettings.php, $wgEnableUploads to true:

$wgEnableUploads = true; # Enable uploads

Source: https://unix.stackexchange.com/questions/179389/mediawiki-error-file-upload-not-working

And set the proper security context type so that SELinux stops complaining.

sudo chcon -R -t httpd_sys_script_rw_t /var/www/html/wiki/images/

Don’t forget to set the directory back to the correct permissions.

sudo chmod 755 /var/www/html/wiki/images/

If I missed something, please let me know!