Wiki

Installazione

La wiki è gestita da MoinMoin 1.9.8 in esecuzione su FreeBSD. La seguente documentazione fa riferimento a tale configurazione, ciononostante il setup è facilmente riproducibile.

Si danno per scontati:

• un sistema host già in esecuzione;
• un filesystem pronto ad ospitare jail;
• una instanza di Nginx all'interno di una jail configurato e in esecuzione.

È consigliato avere uno snapshot aggiornato dell'archivio dei ports prima di procedere.

Installazione della jail

   1 zfs create /usr/local/jails/unit_moinmoin
   2 cd /usr/local/jails/unit_moinmoin
   3 fetch -q -o - ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/10.2-RELEASE/base.txz | tar xpf -
   4 mkdir -p usr/ports var/ports/packages var/ports/distfiles var/ports/obj
   5 echo "nameserver 10.1.1.1" > etc/resolv.conf

/etc/jail.conf

exec.start = "/bin/sh /etc/rc";
exec.stop  = "/bin/sh /etc/rc.shutdown";
exec.clean;

host.hostname = "$host.oikia.unit.macaomilano.org";

path = "/usr/local/jails/$host";
mount.fstab = "/etc/jail.fstab.d/$host.fstab";

http-proxy {
  interface = "re0";
  ip4.addr  = "re0|10.1.1.3/24";
  $host = "http-proxy";
  allow.mount.devfs;
  allow.mount.procfs;
  mount.devfs;
  mount.procfs;
  enforce_statfs = 1;
}

unit_moinmoin {
  interface = "re0";
  ip4.addr  = "re0|10.1.1.9/24";
  $host = "unit_moinmoin";
  allow.mount.devfs;
  allow.mount.procfs;
  mount.devfs;
  mount.procfs;
  enforce_statfs = 1;
}

/etc/jail.fstab.d/unit_moinmoin.fstab

/usr/ports /usr/local/jails/unit_moinmoin/usr/ports nullfs ro 0 0

/usr/local/jails/unit_moinmoin/etc/rc.conf

uwsgi_enable="YES"
uwsgi_flags="-T --ini /usr/local/etc/uwsgi.ini"

/usr/local/jails/unit_moinmoin/etc/make.conf

CFLAGS = -O2 -pipe
MAKE_JOBS_NUMBER = 4

WRKDIRPREFIX=   /var/ports/obj
DISTDIR=        /var/ports/distfiles
PACKAGES=       /var/ports/packages

DEFAULT_VERSIONS=python=2.7 ssl=libressl

OPTIONS_UNSET+= DEBUG DOCS EXAMPLES TESTS NLS IPV6

lang_perl5.20_UNSET += PERL_64BITINT

Configurazione del reverse proxy nginx

/usr/local/jails/http-proxy/var/www/robots.txt

User-agent: *
Disallow: /

/usr/local/jails/http-proxy/usr/local/etc/nginx/sites-available/wiki.unit.macaomilano.org.conf

server {
  listen      80;
  server_name wiki.unit.macaomilano.org;
  return      301 https://$server_name$request_uri;
}

server {
  listen 443 ssl;
  server_name wiki.unit.macaomilano.org;

  access_log /var/log/nginx/wiki.unit.macaomilano.org-access.log;
  error_log  /var/log/nginx/wiki.unit.macaomilano.org-error.log error;

  ssl on;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  ssl_session_cache shared:SSL:5m;
  ssl_session_timeout 5m;
  ssl_dhparam /path/to/dhparam.pem;
  ssl_certificate /path/to/unit.macaomilano.org-bundle.pem;
  ssl_certificate_key /path/to/unit.macaomilano.org.key;

  location / {
    uwsgi_pass 10.1.1.9:9000;
    include uwsgi_params;
  }

  location = /robots.txt {
    alias /var/www/robots.txt;
  }
}

   1 jexec http-proxy "ln -s /usr/local/etc/nginx/sites-available/wiki.unit.macaomilano.org.conf /usr/local/etc/nginx/sites-enabled/
   2 jexec http-proxy service nginx reload
   3 

Installazione di moinmoin

   1 jail -c unit_moinmoin
   2 jexec unit_moinmoin csh
   3 cd /usr/ports/www/uwsgi
   4 make config-recursive
   5 make install clean
   6 cd /usr/ports/www/moinmoin
   7 make config-recursive
   8 make install
   9 make MOINTYPE=WSGI MOINDEST=/usr/local/www/unit instance
  10 exit

/usr/local/jails/unit_moinmoin/usr/local/etc/uwsgi.ini

[uwsgi]
socket = 10.1.1.9:9000
chmod-socket = 660

chdir = /usr/local/www/unit
wsgi-file = moin.wsgi

master
workers = 2
max-requests = 200
harakiri = 30
die-on-term

   1 jexec unit_moinmoin "service uwsgi start"