public/bastille_templates
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Template for mediawiki

Browse Source
This commit is contained in:
Erik Gustafson
2022-04-02 19:42:16 +02:00
parent 5a9330ff18
commit 82a5758c55
7 changed files with 406 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
mediawiki/Bastillefile
View File

@ -1 +1,24 @@
ARG WEBSITE.NAME=mediawiki
ARG WEBSITE.PORT=80
ARG DB.HOST=localhost
ARG DB.PORT=3306
ARG DB.DB=mediawiki
ARG DB.USER=mediawiki
ARG DB.PASSWORD=mediawiki
ARG SITE.ADDRESS=http://${JAIL_IP}:${WEBSITE.PORT}
ARG SITE.SECRET_KEY="; die("Secret key missing"); $a="
INCLUDE public/nginx-php
PKG mediawiki137-php80
PKG git
PKG ImageMagick7-nox11
CP nginx_site/mediawiki.conf /usr/local/etc/nginx/sites-enabled/${WEBSITE.NAME}.conf
RENDER /usr/local/etc/nginx/sites-enabled/${WEBSITE.NAME}.conf
CP LocalSettings.php /usr/local/www/mediawiki/LocalSettings.php
RENDER /usr/local/www/mediawiki/LocalSettings.php
SERVICE nginx reload

152
mediawiki/LocalSettings.php Normal file
View File

@ -0,0 +1,152 @@
<?php
# This file was automatically generated by the MediaWiki 1.37.1
# installer. If you make manual changes, please keep track in case you
# need to recreate them later.
#
# See includes/DefaultSettings.php for all configurable settings
# and their default values, but don't forget to make changes in _this_
# file, not there.
#
# Further documentation for configuration settings may be found at:
# https://www.mediawiki.org/wiki/Manual:Configuration_settings
# Protect against web entry
if ( !defined( 'MEDIAWIKI' ) ) {
exit;
}
## Uncomment this to disable output compression
# $wgDisableOutputCompression = true;
$wgSitename = "${WEBSITE.NAME}";
## The URL base path to the directory containing the wiki;
## defaults for all runtime URL paths are based off of this.
## For more information on customizing the URLs
## (like /w/index.php/Page_title to /wiki/Page_title) please see:
## https://www.mediawiki.org/wiki/Manual:Short_URL
$wgScriptPath = "";
## The protocol and server name to use in fully-qualified URLs
$wgServer = "${SITE_ADDRESS}";
## The URL path to static resources (images, scripts, etc.)
$wgResourceBasePath = $wgScriptPath;
## The URL paths to the logo. Make sure you change this from the default,
## or else you'll overwrite your logo when you upgrade!
$wgLogos = [ '1x' => "$wgResourceBasePath/resources/assets/wiki.png" ];
## UPO means: this is also a user preference option
$wgEnableEmail = true;
$wgEnableUserEmail = true; # UPO
$wgEmergencyContact = "apache@🌻.invalid";
$wgPasswordSender = "apache@🌻.invalid";
$wgEnotifUserTalk = false; # UPO
$wgEnotifWatchlist = false; # UPO
$wgEmailAuthentication = true;
## Database settings
$wgDBtype = "mysql";
$wgDBserver = "${DB.HOST}";
$wgDBname = "${DB.DB}";
$wgDBuser = "${DB.USER}";
$wgDBpassword = "${DB.PASSWORD}";
# MySQL specific settings
$wgDBprefix = "";
# MySQL table options to use during installation or update
$wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
# Shared database table
# This has no effect unless $wgSharedDB is also set.
$wgSharedTables[] = "actor";
## Shared memory settings
$wgMainCacheType = CACHE_NONE;
$wgMemCachedServers = [];
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
$wgEnableUploads = false;
$wgUseImageMagick = true;
$wgImageMagickConvertCommand = "/usr/local/bin/convert";
# InstantCommons allows wiki to use images from https://commons.wikimedia.org
$wgUseInstantCommons = false;
# Periodically send a pingback to https://www.mediawiki.org/ with basic data
# about this MediaWiki instance. The Wikimedia Foundation shares this data
# with MediaWiki developers to help guide future development efforts.
$wgPingback = false;
## If you use ImageMagick (or any other shell command) on a
## Linux server, this will need to be set to the name of an
## available UTF-8 locale. This should ideally be set to an English
## language locale so that the behaviour of C library functions will
## be consistent with typical installations. Use $wgLanguageCode to
## localise the wiki.
$wgShellLocale = "C.UTF-8";
# Site language code, should be one of the list in ./languages/data/Names.php
$wgLanguageCode = "en-gb";
# Time zone
$wgLocaltimezone = "UTC";
## Set $wgCacheDirectory to a writable directory on the web server
## to make your wiki go slightly faster. The directory should not
## be publicly accessible from the web.
#$wgCacheDirectory = "$IP/cache";
$wgSecretKey = "${SITE.SECRET_KEY}";
# Changing this will log out all existing sessions.
$wgAuthenticationTokenVersion = "1";
# Site upgrade key. Must be set to a string (default provided) to turn on the
# web installer while LocalSettings.php is in place
#$wgUpgradeKey = "ee098ac0832bbd5e";
## For attaching licensing metadata to pages, and displaying an
## appropriate copyright notice / icon. GNU Free Documentation
## License and Creative Commons licenses are supported so far.
$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright
$wgRightsUrl = "";
$wgRightsText = "";
$wgRightsIcon = "";
# Path to the GNU diff3 utility. Used for conflict resolution.
$wgDiff3 = "/usr/bin/diff3";
# The following permissions were set based on your choice in the installer
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['edit'] = false;
## Default skin: you can change the default skin. Use the internal symbolic
## names, e.g. 'vector' or 'monobook':
$wgDefaultSkin = "vector";
# Enabled skins.
# The following skins were automatically enabled:
wfLoadSkin( 'MonoBook' );
wfLoadSkin( 'Timeless' );
wfLoadSkin( 'Vector' );
# Enabled extensions. Most of the extensions are enabled by adding
# wfLoadExtension( 'ExtensionName' );
# to LocalSettings.php. Check specific extension documentation for more details.
# The following extensions were automatically enabled:
wfLoadExtension( 'CodeEditor' );
wfLoadExtension( 'VisualEditor' );
wfLoadExtension( 'WikiEditor' );
# End of automatically generated settings.
# Add more configuration options below.

90
mediawiki/nginx_site/mediawiki.conf Normal file
View File

@ -0,0 +1,90 @@
server {
listen ${WEBSITE.PORT};
root /usr/local/www/${WEBSITE.NAME};
index index.php;
# Location for wiki's entry points
location ~ ^/(index|load|api|thumb|opensearch_desc|rest|img_auth)\.php$ {
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
# include the fastcgi_param setting
include fastcgi_params;
# SCRIPT_FILENAME parameter is used for PHP FPM determining
# the script name. If it is not set in fastcgi_params file,
# i.e. /etc/nginx/fastcgi_params or in the parent contexts,
# please comment off following line:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
# Images
location /images {
# Separate location for images/ so .php execution won't apply
}
location /images/deleted {
# Deny access to deleted images folder
deny all;
}
# MediaWiki assets (usually images)
location ~ ^/resources/(assets|lib|src) {
try_files $uri 404;
add_header Cache-Control "public";
expires 7d;
}
# Assets, scripts and styles from skins and extensions
location ~ ^/(skins|extensions)/.+\.(css|js|gif|jpg|jpeg|png|svg|wasm)$ {
try_files $uri 404;
add_header Cache-Control "public";
expires 7d;
}
# Favicon
location = /favicon.ico {
alias /images/6/64/Favicon.ico;
add_header Cache-Control "public";
expires 7d;
}
# License and credits files
location ~ ^/(COPYING|CREDITS)$ {
default_type text/plain;
}
## Uncomment the following code if you wish to use the installer/updater
## installer/updater
location /mw-config/ {
# Do this inside of a location so it can be negated
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
}
}
# Handling for Mediawiki REST API, see [[mw:API:REST_API]]
location /rest.php/ {
try_files $uri $uri/ /rest.php?$query_string;
}
## Uncomment the following code for handling image authentication
## Also add "deny all;" in the location for /w/images above
#location /w/img_auth.php/ {
# try_files $uri $uri/ /w/img_auth.php?$query_string;
#}
# Allow robots.txt in case you have one
location = /robots.txt {
}
# Explicit access to the root website, redirect to main page (adapt as needed)
location = / {
return 301 /index.php;
}
# Every other entry point will be disallowed.
# Add specific rules for other entry points/images as needed above this
location / {
return 404;
}
}

7
nginx-php/Bastillefile Normal file
View File

@ -0,0 +1,7 @@
INCLUDE public/nginx
CMD cp /usr/local/etc/php.ini-production /usr/local/etc/php.ini
SYSRC php_fpm_enable=YES
SERVICE php-fpm start

8
nginx/Bastillefile Normal file
View File

@ -0,0 +1,8 @@
PKG nginx
CMD mkdir /usr/local/etc/nginx/sites-enabled
CP nginx.conf /usr/local/etc/nginx/nginx.conf
SYSRC nginx_enable=YES
SERVICE nginx start

123
nginx/nginx.conf Normal file
View File

@ -0,0 +1,123 @@
#user nobody;
worker_processes 1;
# This default error log path is compiled-in to make sure configuration parsing
# errors are logged somewhere, especially during unattended boot when stderr
# isn't normally logged anywhere. This path will be touched on every nginx
# start regardless of error log location configured here. See
# https://trac.nginx.org/nginx/ticket/147 for more info.
#
#error_log /var/log/nginx/error.log;
#
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# server {
# listen 80;
# server_name localhost;
#
# #charset koi8-r;
#
# #access_log logs/host.access.log main;
#
# location / {
# root /usr/local/www/nginx;
# index index.html index.htm;
# }
#
# #error_page 404 /404.html;
#
# # redirect server error pages to the static page /50x.html
# #
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# root /usr/local/www/nginx-dist;
# }
#
# # proxy the PHP scripts to Apache listening on 127.0.0.1:80
# #
# #location ~ \.php$ {
# # proxy_pass http://127.0.0.1;
# #}
#
# # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
# #
# #location ~ \.php$ {
# # root html;
# # fastcgi_pass 127.0.0.1:9000;
# # fastcgi_index index.php;
# # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# # include fastcgi_params;
# #}
#
# # deny access to .htaccess files, if Apache's document root
# # concurs with nginx's one
# #
# #location ~ /\.ht {
# # deny all;
# #}
# }
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443 ssl;
# server_name localhost;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
include sites-enabled/*.conf;
}

3
setup.sh Executable file
View File

@ -0,0 +1,3 @@
#!/bin/sh
set -e
ln -s $PWD /usr/local/bastille/templates/public