Wiki

Installazione

La wiki è gestita da MoinMoin 1.9.8 in esecuzione su FreeBSD 10.2. La seguente documentazione fa riferimento a tale configurazione, ciononostante il setup è facilmente riproducibile.

Si danno per scontati:

È consigliato avere uno snapshot aggiornato dell'archivio dei ports prima di procedere.

Installazione della jail

   1 zfs create antigone/usr/local/jails/unit_moinmoin
   2 cd /usr/local/jails/unit_moinmoin
   3 fetch -q -o - ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/10.2-RELEASE/base.txz | tar xpf -
   4 mkdir -p usr/ports var/ports/packages var/ports/distfiles var/ports/obj
   5 echo "nameserver 10.1.1.1" > etc/resolv.conf

/etc/jail.conf 

exec.start = "/bin/sh /etc/rc";
exec.stop  = "/bin/sh /etc/rc.shutdown";
exec.clean;

host.hostname = "$host.oikia.unit.macaomilano.org";

path = "/usr/local/jails/$host";
mount.fstab = "/etc/jail.fstab.d/$host.fstab";

http-proxy {
  interface = "re0";
  ip4.addr  = "re0|10.1.1.3/24";
  $host = "http-proxy";
  allow.mount.devfs;
  allow.mount.procfs;
  mount.devfs;
  mount.procfs;
  enforce_statfs = 1;
}

unit_moinmoin {
  interface = "re0";
  ip4.addr  = "re0|10.1.1.9/24";
  $host = "unit_moinmoin";
  allow.mount.devfs;
  allow.mount.procfs;
  mount.devfs;
  mount.procfs;
  enforce_statfs = 1;
}

/etc/jail.fstab.d/unit_moinmoin.fstab 

/usr/ports /usr/local/jails/unit_moinmoin/usr/ports nullfs ro 0 0

/usr/local/jails/unit_moinmoin/etc/rc.conf 

   1 uwsgi_enable="YES"
   2 uwsgi_flags="-T --ini /usr/local/etc/uwsgi.ini"

/usr/local/jails/unit_moinmoin/etc/make.conf 

   1 CFLAGS = -O2 -pipe
   2 MAKE_JOBS_NUMBER = 4
   3 
   4 WRKDIRPREFIX=   /var/ports/obj
   5 DISTDIR=        /var/ports/distfiles
   6 PACKAGES=       /var/ports/packages
   7 
   8 DEFAULT_VERSIONS=python=2.7 ssl=libressl
   9 
  10 OPTIONS_UNSET+= DEBUG DOCS EXAMPLES TESTS NLS IPV6
  11 
  12 lang_perl5.20_UNSET += PERL_64BITINT

/usr/local/jails/unit_moinmoin/etc/periodic.conf 

daily_output="/dev/null"
daily_status_security_output="/dev/null"
weekly_output="/dev/null"
monthly_output="/dev/null"

Configurazione del reverse proxy nginx

/usr/local/jails/http-proxy/var/www/robots.txt 

User-agent: *
Disallow: /

/usr/local/jails/http-proxy/usr/local/etc/nginx/sites-available/wiki.unit.macaomilano.org.conf 

   1 server {
   2   listen      80;
   3   server_name wiki.unit.macaomilano.org;
   4   return      301 https://$server_name$request_uri;
   5 }
   6 
   7 server {
   8   listen 443 ssl;
   9   server_name wiki.unit.macaomilano.org;
  10 
  11   access_log /var/log/nginx/wiki.unit.macaomilano.org-access.log;
  12   error_log  /var/log/nginx/wiki.unit.macaomilano.org-error.log error;
  13 
  14   ssl on;
  15   ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  16   ssl_prefer_server_ciphers on;
  17   ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
  18   ssl_session_cache shared:SSL:5m;
  19   ssl_session_timeout 5m;
  20   ssl_dhparam /path/to/dhparam.pem;
  21   ssl_certificate /path/to/unit.macaomilano.org-bundle.pem;
  22   ssl_certificate_key /path/to/unit.macaomilano.org.key;
  23 
  24   location / {
  25     uwsgi_pass 10.1.1.9:9000;
  26     include uwsgi_params;
  27   }
  28 
  29   location = /robots.txt {
  30     alias /var/www/robots.txt;
  31   }
  32 }


   1 jexec http-proxy "ln -s /usr/local/etc/nginx/sites-available/wiki.unit.macaomilano.org.conf /usr/local/etc/nginx/sites-enabled/
   2 jexec http-proxy service nginx reload
   3

Installazione di moinmoin

   1 jail -c unit_moinmoin
   2 jexec unit_moinmoin tzselect
   3 jexec unit_moinmoin csh
   4 cd /usr/ports/www/uwsgi
   5 make config-recursive
   6 make install clean
   7 cd /usr/ports/www/moinmoin
   8 make config-recursive
   9 make install
  10 make MOINTYPE=WSGI MOINDEST=/usr/local/www/unit instance
  11 exit

/usr/local/jails/unit_moinmoin/usr/local/etc/uwsgi.ini 

   1 [uwsgi]
   2 socket = 10.1.1.9:9000
   3 chmod-socket = 660
   4 
   5 chdir = /usr/local/www/unit
   6 wsgi-file = moin.wsgi
   7 
   8 master
   9 workers = 2
  10 max-requests = 200
  11 harakiri = 30
  12 die-on-term


   1 jexec unit_moinmoin "service uwsgi start"

Configurazione di MoinMoin

   1     # Wiki identity ----------------------------------------------------
   2 
   3     # Site name, used by default for wiki name-logo [Unicode]
   4     sitename = u'Unit'
   5 
   6     # Wiki logo. You can use an image, text or both. [Unicode]
   7     # For no logo or text, use '' - the default is to show the sitename.
   8     # See also url_prefix setting below!
   9     logo_string = u'<img src="%s/common/moinmoin.png" alt="MoinMoin Logo">' % url_prefix_static
  10 
  11     # name of entry page / front page [Unicode], choose one of those:
  12 
  13     # a) if most wiki content is in a single language
  14     #page_front_page = u"MyStartingPage"
  15 
  16     # b) if wiki content is maintained in many languages
  17     page_front_page = u"FrontPage"
  18 
  19     # The interwiki name used in interwiki links
  20     #interwikiname = u'UntitledWiki'
  21     # Show the interwiki name (and link it to page_front_page) in the Theme,
  22     # nice for farm setups or when your logo does not show the wiki's name.
  23     #show_interwiki = 1

(↓ da rivedere) 

   1     # Security ----------------------------------------------------------
   2 
   3     # This is checked by some rather critical and potentially harmful actions,
   4     # like despam or PackageInstaller action:
   5     superuser = [u"crudo", ]
   6 
   7     # IMPORTANT: grant yourself admin rights! replace YourName with
   8     # your user name. See HelpOnAccessControlLists for more help.
   9     # All acl_rights_xxx options must use unicode [Unicode]
  10     acl_rights_before = u"crudo:read,write,delete,revert,admin EditorsGroup:read,write,delete,revert All:read"
  11 
  12     # The default (ENABLED) password_checker will keep users from choosing too
  13     # short or too easy passwords. If you don't like this and your site has
  14     # rather low security requirements, feel free to DISABLE the checker by:
  15     #password_checker = None # None means "don't do any password strength checks"
  16 
  17     # Link spam protection for public wikis (Uncomment to enable)
  18     # Needs a reliable internet connection.
  19     #from MoinMoin.security.antispam import SecurityPolicy