3801
Comment: Guida all'installazione
|
6510
Wiki configuration
|
Deletions are marked like this. | Additions are marked like this. |
Line 1: | Line 1: |
## page was renamed from Infrastructure/Wiki | |
Line 8: | Line 9: |
La wiki è gestita da MoinMoin 1.9 in esecuzione su FreeBSD 10.2 | La wiki è gestita da MoinMoin 1.9.8 in esecuzione su FreeBSD. |
Line 15: | Line 16: |
* una instanza di Nginx all'interno di una jail già configurato e in esecuzione. |
* una instanza di Nginx all'interno di una jail configurato e in esecuzione. |
Line 20: | Line 20: |
=== Installazione della jail === |
|
Line 69: | Line 71: |
{{{ | {{{#!highlight bash |
Line 71: | Line 73: |
uwsgi_flags="-T --ini /usr/local/www/unit/uwsgi.ini" | uwsgi_flags="-T --ini /usr/local/etc/uwsgi.ini" |
Line 75: | Line 77: |
{{{ | {{{#!highlight makefile |
Line 90: | Line 92: |
/usr/local/jails/unit_moinmoin/etc/periodic.conf {{{ daily_output="/dev/null" daily_status_security_output="/dev/null" weekly_output="/dev/null" monthly_output="/dev/null" }}} === Configurazione del reverse proxy nginx === /usr/local/jails/http-proxy/var/www/robots.txt {{{ User-agent: * Disallow: / }}} |
|
Line 91: | Line 109: |
{{{ | {{{#!highlight nginx |
Line 119: | Line 137: |
} }}} {{{#!highlight bash jexec http-proxy "ln -s ln -s /usr/local/etc/nginx/sites-available/wiki.unit.macaomilano.org.conf /usr/local/etc/nginx/sites-enabled/ |
location = /robots.txt { alias /var/www/robots.txt; } } }}} {{{#!highlight bash jexec http-proxy "ln -s /usr/local/etc/nginx/sites-available/wiki.unit.macaomilano.org.conf /usr/local/etc/nginx/sites-enabled/ |
Line 127: | Line 149: |
{{{#!highlight bash |
=== Installazione di moinmoin === {{{#!highlight bash jail -c unit_moinmoin |
Line 140: | Line 164: |
/usr/local/jails/unit_moinmoin/usr/local/www/unit/uwsgi.ini {{{ |
/usr/local/jails/unit_moinmoin/usr/local/etc/uwsgi.ini {{{#!highlight ini |
Line 159: | Line 183: |
=== Configurazione di MoinMoin === {{{#!highlight python # Wiki identity ---------------------------------------------------- # Site name, used by default for wiki name-logo [Unicode] sitename = u'Unit' # Wiki logo. You can use an image, text or both. [Unicode] # For no logo or text, use '' - the default is to show the sitename. # See also url_prefix setting below! logo_string = u'<img src="%s/common/moinmoin.png" alt="MoinMoin Logo">' % url_prefix_static # name of entry page / front page [Unicode], choose one of those: # a) if most wiki content is in a single language #page_front_page = u"MyStartingPage" # b) if wiki content is maintained in many languages page_front_page = u"FrontPage" # The interwiki name used in interwiki links #interwikiname = u'UntitledWiki' # Show the interwiki name (and link it to page_front_page) in the Theme, # nice for farm setups or when your logo does not show the wiki's name. #show_interwiki = 1 }}} ''(↓ da rivedere)'' {{{#!highlight python # Security ---------------------------------------------------------- # This is checked by some rather critical and potentially harmful actions, # like despam or PackageInstaller action: superuser = [u"crudo", ] # IMPORTANT: grant yourself admin rights! replace YourName with # your user name. See HelpOnAccessControlLists for more help. # All acl_rights_xxx options must use unicode [Unicode] acl_rights_before = u"crudo:read,write,delete,revert,admin EditorsGroup:read,write,delete,revert All:read" # The default (ENABLED) password_checker will keep users from choosing too # short or too easy passwords. If you don't like this and your site has # rather low security requirements, feel free to DISABLE the checker by: #password_checker = None # None means "don't do any password strength checks" # Link spam protection for public wikis (Uncomment to enable) # Needs a reliable internet connection. #from MoinMoin.security.antispam import SecurityPolicy }}} |
Wiki
Installazione
La wiki è gestita da MoinMoin 1.9.8 in esecuzione su FreeBSD. La seguente documentazione fa riferimento a tale configurazione, ciononostante il setup è facilmente riproducibile.
Si danno per scontati:
- un sistema host già in esecuzione;
- un filesystem pronto ad ospitare jail;
- una instanza di Nginx all'interno di una jail configurato e in esecuzione.
È consigliato avere uno snapshot aggiornato dell'archivio dei ports prima di procedere.
Installazione della jail
/etc/jail.conf
exec.start = "/bin/sh /etc/rc"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.clean; host.hostname = "$host.oikia.unit.macaomilano.org"; path = "/usr/local/jails/$host"; mount.fstab = "/etc/jail.fstab.d/$host.fstab"; http-proxy { interface = "re0"; ip4.addr = "re0|10.1.1.3/24"; $host = "http-proxy"; allow.mount.devfs; allow.mount.procfs; mount.devfs; mount.procfs; enforce_statfs = 1; } unit_moinmoin { interface = "re0"; ip4.addr = "re0|10.1.1.9/24"; $host = "unit_moinmoin"; allow.mount.devfs; allow.mount.procfs; mount.devfs; mount.procfs; enforce_statfs = 1; }
/etc/jail.fstab.d/unit_moinmoin.fstab
/usr/ports /usr/local/jails/unit_moinmoin/usr/ports nullfs ro 0 0
/usr/local/jails/unit_moinmoin/etc/rc.conf
/usr/local/jails/unit_moinmoin/etc/make.conf
/usr/local/jails/unit_moinmoin/etc/periodic.conf
daily_output="/dev/null" daily_status_security_output="/dev/null" weekly_output="/dev/null" monthly_output="/dev/null"
Configurazione del reverse proxy nginx
/usr/local/jails/http-proxy/var/www/robots.txt
User-agent: * Disallow: /
/usr/local/jails/http-proxy/usr/local/etc/nginx/sites-available/wiki.unit.macaomilano.org.conf
1 server {
2 listen 80;
3 server_name wiki.unit.macaomilano.org;
4 return 301 https://$server_name$request_uri;
5 }
6
7 server {
8 listen 443 ssl;
9 server_name wiki.unit.macaomilano.org;
10
11 access_log /var/log/nginx/wiki.unit.macaomilano.org-access.log;
12 error_log /var/log/nginx/wiki.unit.macaomilano.org-error.log error;
13
14 ssl on;
15 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
16 ssl_prefer_server_ciphers on;
17 ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
18 ssl_session_cache shared:SSL:5m;
19 ssl_session_timeout 5m;
20 ssl_dhparam /path/to/dhparam.pem;
21 ssl_certificate /path/to/unit.macaomilano.org-bundle.pem;
22 ssl_certificate_key /path/to/unit.macaomilano.org.key;
23
24 location / {
25 uwsgi_pass 10.1.1.9:9000;
26 include uwsgi_params;
27 }
28
29 location = /robots.txt {
30 alias /var/www/robots.txt;
31 }
32 }
Installazione di moinmoin
/usr/local/jails/unit_moinmoin/usr/local/etc/uwsgi.ini
1 jexec unit_moinmoin "service uwsgi start"
Configurazione di MoinMoin
1 # Wiki identity ----------------------------------------------------
2
3 # Site name, used by default for wiki name-logo [Unicode]
4 sitename = u'Unit'
5
6 # Wiki logo. You can use an image, text or both. [Unicode]
7 # For no logo or text, use '' - the default is to show the sitename.
8 # See also url_prefix setting below!
9 logo_string = u'<img src="%s/common/moinmoin.png" alt="MoinMoin Logo">' % url_prefix_static
10
11 # name of entry page / front page [Unicode], choose one of those:
12
13 # a) if most wiki content is in a single language
14 #page_front_page = u"MyStartingPage"
15
16 # b) if wiki content is maintained in many languages
17 page_front_page = u"FrontPage"
18
19 # The interwiki name used in interwiki links
20 #interwikiname = u'UntitledWiki'
21 # Show the interwiki name (and link it to page_front_page) in the Theme,
22 # nice for farm setups or when your logo does not show the wiki's name.
23 #show_interwiki = 1
(↓ da rivedere)
1 # Security ----------------------------------------------------------
2
3 # This is checked by some rather critical and potentially harmful actions,
4 # like despam or PackageInstaller action:
5 superuser = [u"crudo", ]
6
7 # IMPORTANT: grant yourself admin rights! replace YourName with
8 # your user name. See HelpOnAccessControlLists for more help.
9 # All acl_rights_xxx options must use unicode [Unicode]
10 acl_rights_before = u"crudo:read,write,delete,revert,admin EditorsGroup:read,write,delete,revert All:read"
11
12 # The default (ENABLED) password_checker will keep users from choosing too
13 # short or too easy passwords. If you don't like this and your site has
14 # rather low security requirements, feel free to DISABLE the checker by:
15 #password_checker = None # None means "don't do any password strength checks"
16
17 # Link spam protection for public wikis (Uncomment to enable)
18 # Needs a reliable internet connection.
19 #from MoinMoin.security.antispam import SecurityPolicy