DokuWiki

It's better when it's simple

User Tools

Site Tools

Trace:
install:centos

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
install:centos [2016-03-16 14:36] – [Firewall Rules] 24.78.88.211install:centos [2023-04-27 16:18] (current) – fix 96.225.177.69
Line 1: Line 1:
 ===== CentOS ===== ===== CentOS =====
-CentOS 7.x +CentOS 7.x with firewallcmd
 ==== Firewall Rules  ==== ==== Firewall Rules  ====
 Incoming traffic on port 80 may be blocked by default. If so, we must create a permanent firewall rule to accept incoming traffic to our DokuWiki website. Incoming traffic on port 80 may be blocked by default. If so, we must create a permanent firewall rule to accept incoming traffic to our DokuWiki website.
   sudo firewall-cmd --permanent --zone=public --add-service=http    sudo firewall-cmd --permanent --zone=public --add-service=http 
-  sudo firewall-cmd --reload   +  sudo firewall-cmd --reload  
  
 ==== Apache ==== ==== Apache ====
-Ensure apache service always starts on boot.+ Ensure apache service always starts on boot. 
   sudo systemctl enable httpd.service     sudo systemctl enable httpd.service  
-mod_rewrite must be enabled so the .htaccess file which locks down the ///data// directory can be executed.+mod_rewrite must be enabled so the .htaccess file which locks down the ///data// directory can be executed. 
  
-Add the following line to a new .conf file and restart apache to load the mod_rewrite module+mod_rewrite is enabled by default on CentOS 7.x, if you need to re-enable it add the following line to a new .conf file and restart apache to load the mod_rewrite module
   echo LoadModule rewrite_module modules/mod_rewrite.so > /etc/httpd/conf.d/addModule-mod_rewrite.conf   echo LoadModule rewrite_module modules/mod_rewrite.so > /etc/httpd/conf.d/addModule-mod_rewrite.conf
   sudo systemctl restart httpd.service   sudo systemctl restart httpd.service
Line 24: Line 23:
 CentOS comes with SELinux enabled by default which prevents the apache user from writing to the Document Root and sub directories. CentOS comes with SELinux enabled by default which prevents the apache user from writing to the Document Root and sub directories.
  
-Option 1 +=== Option 1 === 
-We will now modify SELinux to monitor apache in permissive mode. This allows apache to read/write to directories required by DokuWiki and maintains safety by not disabling SELinux. +Switch SELinux to permissive mode, only for the httpd(Apache) service. This will leave SELinux enforcing for the rest of the system. This is the easier solution, but arguably also the less safe, as SELinux does not provide any protection for httpd.
  
   sudo yum install policycoreutils-python   sudo yum install policycoreutils-python
Line 31: Line 30:
  
  
-Option 2 +=== Option 2 === 
-Modify context (conf & data directories)+Modify SELinux context (conf & data directories) 
 + 
 +  sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/dokuwiki/conf(/.*)?" (Try adding -h option if it doesn't work) 
 +  sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/dokuwiki/data(/.*)?" 
 +  sudo restorecon -Rv /var/www/html/dokuwiki/conf 
 +  sudo restorecon -Rv /var/www/html/dokuwiki/data 
 + 
 +Using the Wiki Upgrade Plugin & the Extension Manager \\ 
 +To use the Wiki Upgrade Plugin & the Extension Manager with option 2 you also have to grant apache access to the network, otherwise you will get the error : **Could not connect Permission denied** 
 + 
 +  sudo setsebool -P httpd_can_network_connect on 
 +  
 +check with ''getsebool -a | grep httpd_can_network_connect'' 
 + 
 +Allowing apache to send mail using postfix \\ 
 +If you get error : **open /etc/postfix/main.cf: Permission denied** in /var/log/maillog, you have to grant apache to send e-mails: 
 + 
 +  sudo setsebool -P httpd_can_sendmail on 
 + 
 +check with ''getsebool -a | grep httpd_can_sendmail'' 
 + 
 +Additionally you need to modify the SElinux context for the extension manager: 
 +  sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/dokuwiki/lib/plugins(/.*)?" 
 +  sudo restorecon -Rv /var/www/html/dokuwiki/lib/plugins 
 +  sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/dokuwiki/lib/tpl(/.*)?" 
 +  sudo restorecon -Rv /var/www/html/dokuwiki/lib/tpl 
 + 
 +When using the Wiki Upgrade Plugin, temporary access is needed for all dokuwiki directories, follow the steps below to accomplish this: 
 +  - Change the SElinux context for the dokuwiki folder:<code> 
 +sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/dokuwiki(/.*)?" 
 +sudo restorecon -Rv /var/www/html/dokuwiki</code> 
 +  - Use the wiki upgrade plugin to perform the upgrade 
 +  - Remove the SElinux context from the dokuwiki folder:<code> 
 +sudo semanage fcontext --delete "/var/www/html/dokuwiki(/.*)?" 
 +sudo restorecon -Rv /var/www/html/dokuwiki</code>
  
-  sudo chcon -Rv --type=httpd_sys_rw_content_t /var/www/html/dokuwiki/conf +=== Troubleshooting ===
-  sudo chcon -Rv --type=httpd_sys_rw_content_t /var/www/html/dokuwiki/data +
-   +
-  sudo semanage fcontext -a -t httpd_sys_rw_content_t /var/www/html/dokuwiki/conf +
-  sudo semanage fcontext -a -t httpd_sys_rw_content_t /var/www/html/dokuwiki/data +
-  sudo restorecon -v /var/www/html/dokuwiki/conf +
-  sudo restorecon -v /var/www/html/dokuwiki/data+
  
 +If a HTTP 500 error code is returned, maybe the SELinux context of the files in the /var/www/dokuwiki directory is incorrect. The required context appears to be "httpd_sys_content_t"
install/centos.1458135398.txt.gz · Last modified: 2016-03-16 14:36 by 24.78.88.211
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

Global DokuWiki Links