install:centos
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
install:centos [2017-09-26 14:26] – [Firewall Rules] 194.44.209.147 | install:centos [2023-04-27 16:18] (current) – fix 96.225.177.69 | ||
---|---|---|---|
Line 1: | Line 1: | ||
===== CentOS ===== | ===== CentOS ===== | ||
CentOS 7.x with firewallcmd | CentOS 7.x with firewallcmd | ||
- | |||
==== Firewall Rules ==== | ==== Firewall Rules ==== | ||
Incoming traffic on port 80 may be blocked by default. If so, we must create a permanent firewall rule to accept incoming traffic to our DokuWiki website. | Incoming traffic on port 80 may be blocked by default. If so, we must create a permanent firewall rule to accept incoming traffic to our DokuWiki website. | ||
Line 8: | Line 7: | ||
==== Apache ==== | ==== Apache ==== | ||
- | Ensure apache service always starts on boot. | + | Ensure apache service always starts on boot. |
sudo systemctl enable httpd.service | sudo systemctl enable httpd.service | ||
mod_rewrite must be enabled so the .htaccess file which locks down the ///data// directory can be executed. | mod_rewrite must be enabled so the .htaccess file which locks down the ///data// directory can be executed. | ||
Line 24: | Line 23: | ||
CentOS comes with SELinux enabled by default which prevents the apache user from writing to the Document Root and sub directories. | CentOS comes with SELinux enabled by default which prevents the apache user from writing to the Document Root and sub directories. | ||
- | Option 1 | + | === Option 1 === |
Switch SELinux to permissive mode, only for the httpd(Apache) service. This will leave SELinux enforcing for the rest of the system. This is the easier solution, but arguably also the less safe, as SELinux does not provide any protection for httpd. | Switch SELinux to permissive mode, only for the httpd(Apache) service. This will leave SELinux enforcing for the rest of the system. This is the easier solution, but arguably also the less safe, as SELinux does not provide any protection for httpd. | ||
Line 31: | Line 30: | ||
- | Option 2 | + | === Option 2 === |
Modify SELinux context (conf & data directories) | Modify SELinux context (conf & data directories) | ||
- | | + | sudo semanage fcontext -a -t httpd_sys_rw_content_t |
- | sudo chcon -Rv --type=httpd_sys_rw_content_t / | + | sudo semanage fcontext -a -t httpd_sys_rw_content_t |
- | | + | sudo restorecon -Rv / |
- | sudo semanage fcontext -a -t httpd_sys_rw_content_t / | + | sudo restorecon -Rv / |
- | sudo restorecon -v / | + | |
- | sudo restorecon -v / | + | |
- | + | Using the Wiki Upgrade Plugin & the Extension Manager \\ | |
- | For option 2: Using the Wiki Upgrade Plugin & the Extension Manager \\ | + | To use the Wiki Upgrade Plugin & the Extension Manager with option 2 you also have to grant apache access to the network, otherwise you will get the error : **Could not connect Permission denied** |
- | To use the Wiki Upgrade Plugin & the Extension Manager with option 2 you also have to grand apache access to the network, otherwise you will get the error : **Could not connect Permission denied** | + | |
sudo setsebool -P httpd_can_network_connect on | sudo setsebool -P httpd_can_network_connect on | ||
check with '' | check with '' | ||
- | | + | |
- | Troubleshooting: | + | Allowing apache to send mail using postfix \\ |
+ | If you get error : **open / | ||
+ | |||
+ | sudo setsebool -P httpd_can_sendmail on | ||
+ | |||
+ | check with '' | ||
+ | |||
+ | Additionally you need to modify the SElinux context for the extension manager: | ||
+ | sudo semanage fcontext -a -t httpd_sys_rw_content_t "/ | ||
+ | sudo restorecon -Rv / | ||
+ | sudo semanage fcontext -a -t httpd_sys_rw_content_t "/ | ||
+ | sudo restorecon -Rv / | ||
+ | |||
+ | When using the Wiki Upgrade Plugin, temporary access is needed for all dokuwiki directories, | ||
+ | - Change the SElinux context for the dokuwiki folder:< | ||
+ | sudo semanage fcontext -a -t httpd_sys_rw_content_t "/ | ||
+ | sudo restorecon -Rv / | ||
+ | - Use the wiki upgrade plugin to perform the upgrade | ||
+ | - Remove the SElinux context from the dokuwiki folder:< | ||
+ | sudo semanage fcontext --delete "/ | ||
+ | sudo restorecon -Rv / | ||
+ | |||
+ | === Troubleshooting === | ||
If a HTTP 500 error code is returned, maybe the SELinux context of the files in the / | If a HTTP 500 error code is returned, maybe the SELinux context of the files in the / |
install/centos.1506428806.txt.gz · Last modified: 2017-09-26 14:26 by 194.44.209.147