Differences

This shows you the differences between two versions of the page.

--- install:openbsd [2020-05-10 00:41] – OpenBSD is somewhat different and manual. More detail required. bwalzer
+++ install:openbsd [2023-09-09 14:11] (current) – Include a better httpd(8) configuration fiwswe
@@ Line 3: / Line 3: @@
 =====Installation from the package=====
-To install [[:DokuWiki]] using the OpenBSD packages use the [[https://www.openbsd.org/faq/faq15.html|package manager]]:
+To install [[:DokuWiki]] using the [[https://openbsd.org|OpenBSD]] packages use the [[https://www.openbsd.org/faq/faq15.html|package manager]]:
   ~$ doas pkg_add dokuwiki
-The package managers will take care of setting up dependencies and chroot requirements.
+The package manager will take care of setting up dependencies and chroot requirements.
+Note: The package ''dokuwiki-2022.07.31ap0'' and ''dokuwiki-2023.04.04'' (in snapshots) require users wanting to install templates using the Extension Manager to change the owner of ''/var/www/dokuwiki/lib/tpl'' to ''www'':
+  # chown www /var/www/dokuwiki/lib/tpl
+:!: Note: The currently available OpenBSD ports ''dokuwiki-2022.07.31ap0'' and ''dokuwiki-2023.04.04'' (in snapshots) contain a small bug. You will need to fix the permissions like this:
+  # chown www /var/www/dokuwiki/data/log
+This bug will probably be fixed in newer versions of the ports.
 =====Manual installation=====
-The package doesn't do all of this so you should also look at this if you run into problems. The following should be done as the root user.
+The package doesn't do all of this so you should also look at this if you run into problems.
-First install PHP and a dependency:
+First install PHP and a dependency if required((The ''php'' and ''php-gd'' packages should have been installed by the ''dokuwiki'' package as dependencies. Manual installation should not be necessary.)):
-  ~$ pkg_add php php-gd
+  ~$ doas pkg_add php php-gd
-You should be able to choose the newest version of PHP. We will use 7.3 for this example.
+You should be able to choose the newest version of PHP. We will use 8.0 for this example.
-To enable the PHP GD package add the symbolic link:
-  ~$ ln -s /etc/php-7.3.sample/gd.ini /etc/php-7.3/
+To enable the installed PHP package add the symbolic links as root:
+  # cd /etc/php-8.0.sample
+  # for i in *; do ln -sf ../php-8.0.sample/$i ../php-8.0/; done
 Start up the PHP FPM daemon:
-  ~$ rcctl start php73_fpm
+  ~$ doas rcctl start php80_fpm
+==== Add the daemon to the list of things started up at boot ====
+Old method\\
 Add the daemon to the list of things started up at boot in the /etc/rc.conf.local file (you might have to create it) by adding it to any existing list like this:
-  pkg_scripts=pkg1 pkg2 php73_fpm
+  ~$ doas rcctl enable php80_fpm
 Once you have PHP working you can go through the generic [[::install|installation instructions]]. Pay particular attention to setting up the [[install:permissions|permissions]] properly. If you are using the OpenBSD httpd web server you will be setting things to a user of www and group of www.
@@ Line 41: / Line 53: @@
         listen on egress port 80
         listen on 127.0.0.1 port 80
+        location "/*.inc" { block }
+        location "/*.ht*" { block }
+        location "/data/*" { block }
+        location "/conf/*" { block }
+        location "/bin/*" { block }
+        location "/inc/*" { block }
+        location "/vendor/*" { block }
         location "/dokuwiki/*.php*" {
-                root { "/dokuwiki", strip 1 }
+                root "/dokuwiki"
+                request strip 1
                 fastcgi socket "/run/php-fpm.sock"
         }
         location "/dokuwiki/*" {
                 directory index index.php
-                root { "/dokuwiki", strip 1 }
+                root "/dokuwiki"
+                request strip 1
         }
 }
 </code>
-Alternative configuration with updated syntax (tested on OpenBSD 6.6):
+Note: The above is a very generic minimal configuration. It assumes yo can access DokuWiki using the url ''%%http://%%//<your-ip>//%%/dokuwiki/%%'' or locally using ''%%http://localhost/dokuwiki/%%'' You SHOULD probably set DokuWiki up to use HTTPS so that login credentials will be transferred securely. It is fairly easy to do this using e.g. [[https://letsencrypt.org|Let's Encrypt]] and [[https://man.openbsd.org/acme-client.1|acme-client(1)]]. Simply redirect all requests on port 80 to port 443, except for the ACME challenge and change the above ''listen'' statements to port 443 and add the appropriate ''tls {}'' configuration.
+A slightly better configuration which would be accessible using the url ''%%https://%%//<your-hostname>//%%/%%'' (using ''wiki.example.com'' as the hostname for this example) might look like this:
 <code autoconf>
-server "default" {
+# Redirect HTTP requests to HTTPS and handle ACME certificate verification
-  listen on egress port 443
+# requests.
-  root "/dokuwiki"
+server "wiki.example.com" {
-  directory index doku.php
+	listen on * port 80
-  # Set according to upload_max_filesize and post_max_size in php.ini
+	# Add other hostnames here if you have multiple virtual hosts that
-  connection max request body 20971520
+	# require the same functionality. No need to write extra server {}
+	# blocks for them.
-  location "*.php"     { fastcgi socket "/run/php-fpm.sock" }
+	# alias "other.host.name"
-  location "/data/*"   { block }
-  location "/conf/*"   { block }
+	block return 301 "https://$HTTP_HOST$REQUEST_URI"
-  location "/bin/*"    { block }
-  location "/inc/*"    { block }
+	location "/.well-known/acme-challenge/*" {
-  location "/vendor/*" { block }
+		pass
-}
+		root "/acme"
+		request strip 2
+	}
+}
+# This is the server for hosting a DokuWiki website.
+server "wiki.example.com" {
+	# Always use HTTPS so that login credentials are encrypted.
+	listen on * tls port 443
+	tls {
+		# Adjust these paths for the ones your certificate uses.
+		certificate "/etc/ssl/fullchain.pem"
+		key "/etc/ssl/private/privkey.key"
+	}
+	# If you are using the default DokuWiki as installed from the
+	# OpenBSD dokuwiki port then this is your root directory. If
+	# you are using a manual installation, adjust as needed.
+	root "/dokuwiki"
+	# Make sure that https://<hostname>/ works (in addition to
+	# https://<hostname>/doku.php)
+	directory index doku.php
+	# Block some things.
+	# Note: The first matching location statement wins. Thus the
+	# order is important.
+	location "*~" { block }
+	location ".*" { block }
+	location "/data/*" { block }
+	location "/conf/*" { block }
+	location "/bin/*" { block }
+	location "/inc/*" { block }
+	location "/vendor/*" { block }
+	# If nothing was blocked then handle PHP scripts.
+	location "*.php" {
+		# If you are running multiple versions of php-fpm
+		# you may need to adjust the socket path.
+		fastcgi socket "/run/php-fpm.sock"
+	}
+}
 </code>
+Don't forget to check your configuration using ''httpd -n''! If all is well you can start httpd(8) using:
+  ~$ doas rcctl start httpd
+To enable httpd(8) at boot time use:
+  ~$ doas rcctl enable httpd
+And for completeness, after changing your httpd.conf use:
+  ~$ doas httpd -n
+  ~$ doas rcctl reload httpd
+or
+  ~$ doas httpd -n
+  ~$ doas rcctl restart httpd
 =====Allowing outgoing http connections=====
@@ Line 77: / Line 156: @@
 The OpenBSD web server chroot is fairly restrictive by default. If you want to use things like automatic extension downloading you will need to open things up a bit. This should allow outgoing http and https connections. As root (creating any needed directories on the way):
-  ~$ mknod /var/www/dev/urandom c 45 2
+  # mkdir /var/www/dev
-  ~$ cp /etc/resolv.conf /var/www/etc/
+  # mknod /var/www/dev/urandom c 45 2
-  ~$ cp /etc/ssl/cert.pem /var/www/etc/ssl/
+  # mkdir /var/www/etc
+  # cp /etc/resolv.conf /var/www/etc/
+  # cp /etc/hosts /var/www/etc/
+  # cp /etc/services /var/www/etc/
+  # mkdir /var/www/etc/ssl
+  # cp /etc/ssl/cert.pem /var/www/etc/ssl/
+Then restart the php daemon:
+  ~$ doas rcctl start php80_fpm