DokuWiki

It's better when it's simple

User Tools

Site Tools

Trace:
install:openbsd

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
install:openbsd [2021-05-08 13:30] – use php 7.4, as it is now the default mprinsinstall:openbsd [2023-09-09 14:11] (current) – Include a better httpd(8) configuration fiwswe
Line 3: Line 3:
 =====Installation from the package===== =====Installation from the package=====
  
-To install [[:DokuWiki]] using the OpenBSD packages use the [[https://www.openbsd.org/faq/faq15.html|package manager]]:+To install [[:DokuWiki]] using the [[https://openbsd.org|OpenBSD]] packages use the [[https://www.openbsd.org/faq/faq15.html|package manager]]:
  
   ~$ doas pkg_add dokuwiki   ~$ doas pkg_add dokuwiki
Line 9: Line 9:
 The package manager will take care of setting up dependencies and chroot requirements. The package manager will take care of setting up dependencies and chroot requirements.
  
 +Note: The package ''dokuwiki-2022.07.31ap0'' and ''dokuwiki-2023.04.04'' (in snapshots) require users wanting to install templates using the Extension Manager to change the owner of ''/var/www/dokuwiki/lib/tpl'' to ''www'':
 +  # chown www /var/www/dokuwiki/lib/tpl
 +
 +
 +:!: Note: The currently available OpenBSD ports ''dokuwiki-2022.07.31ap0'' and ''dokuwiki-2023.04.04'' (in snapshots) contain a small bug. You will need to fix the permissions like this:
 +  # chown www /var/www/dokuwiki/data/log
 +This bug will probably be fixed in newer versions of the ports.
 =====Manual installation===== =====Manual installation=====
  
 The package doesn't do all of this so you should also look at this if you run into problems. The package doesn't do all of this so you should also look at this if you run into problems.
  
-First install PHP and a dependency:+First install PHP and a dependency if required((The ''php'' and ''php-gd'' packages should have been installed by the ''dokuwiki'' package as dependencies. Manual installation should not be necessary.)):
  
   ~$ doas pkg_add php php-gd   ~$ doas pkg_add php php-gd
  
-You should be able to choose the newest version of PHP. We will use 7.for this example.+You should be able to choose the newest version of PHP. We will use 8.for this example. 
  
 To enable the installed PHP package add the symbolic links as root: To enable the installed PHP package add the symbolic links as root:
  
-  # cd /etc/php-7.4.sample +  # cd /etc/php-8.0.sample 
-  # for i in *; do ln -sf ../php-7.4.sample/$i ../php-7.4/; done+  # for i in *; do ln -sf ../php-8.0.sample/$i ../php-8.0/; done
  
 Start up the PHP FPM daemon: Start up the PHP FPM daemon:
  
-  ~$ doas rcctl start php74_fpm +  ~$ doas rcctl start php80_fpm 
-  + 
 +==== Add the daemon to the list of things started up at boot ==== 
 + 
 +Old method\\
 Add the daemon to the list of things started up at boot in the /etc/rc.conf.local file (you might have to create it) by adding it to any existing list like this: Add the daemon to the list of things started up at boot in the /etc/rc.conf.local file (you might have to create it) by adding it to any existing list like this:
  
-  pkg_scripts=pkg1 pkg2 php74_fpm+  ~$ doas rcctl enable php80_fpm
  
 Once you have PHP working you can go through the generic [[::install|installation instructions]]. Pay particular attention to setting up the [[install:permissions|permissions]] properly. If you are using the OpenBSD httpd web server you will be setting things to a user of www and group of www. Once you have PHP working you can go through the generic [[::install|installation instructions]]. Pay particular attention to setting up the [[install:permissions|permissions]] properly. If you are using the OpenBSD httpd web server you will be setting things to a user of www and group of www.
Line 42: Line 53:
         listen on egress port 80          listen on egress port 80 
         listen on 127.0.0.1 port 80          listen on 127.0.0.1 port 80 
 +
 +        location "/*.inc" { block }
 +        location "/*.ht*" { block }
 +        location "/data/*" { block }
 +        location "/conf/*" { block }
 +        location "/bin/*" { block }
 +        location "/inc/*" { block }
 +        location "/vendor/*" { block }
  
         location "/dokuwiki/*.php*"         location "/dokuwiki/*.php*"
Line 54: Line 73:
         }          } 
  
 +
 </code> </code>
  
-Alternative configuration with updated syntax (tested on OpenBSD 6.6):+Note: The above is a very generic minimal configuration. It assumes yo can access DokuWiki using the url ''%%http://%%//<your-ip>//%%/dokuwiki/%%'' or locally using ''%%http://localhost/dokuwiki/%%'' You SHOULD probably set DokuWiki up to use HTTPS so that login credentials will be transferred securely. It is fairly easy to do this using e.g. [[https://letsencrypt.org|Let's Encrypt]] and [[https://man.openbsd.org/acme-client.1|acme-client(1)]]. Simply redirect all requests on port 80 to port 443, except for the ACME challenge and change the above ''listen'' statements to port 443 and add the appropriate ''tls {}'' configuration.
  
 +A slightly better configuration which would be accessible using the url ''%%https://%%//<your-hostname>//%%/%%'' (using ''wiki.example.com'' as the hostname for this example) might look like this:
 <code autoconf> <code autoconf>
-server "default" { +# Redirect HTTP requests to HTTPS and handle ACME certificate verification 
-  listen on egress port 443 +# requests. 
-  root "/dokuwiki" +server "wiki.example.com" { 
-  directory index doku.php + listen on * port 80 
-   + 
-  Set according to upload_max_filesize and post_max_size in php.ini + # Add other hostnames here if you have multiple virtual hosts that 
-  connection max request body 20971520 + # require the same functionality. No need to write extra server {} 
-   + # blocks for them. 
-  location "*.php    fastcgi socket "/run/php-fpm.sock" } + # alias "other.host.name" 
-  location "/data/*"   { block } + 
-  location "/conf/*"   { block } + block return 301 "https://$HTTP_HOST$REQUEST_URI" 
-  location "/bin/*"    { block } + 
-  location "/inc/*"    { block } + location "/.well-known/acme-challenge/*"
-  location "/vendor/*" { block } + pass 
- + root "/acme" 
 + request strip 2 
 +
 +
 + 
 +# This is the server for hosting a DokuWiki website. 
 +server "wiki.example.com"
 + # Always use HTTPS so that login credentials are encrypted. 
 + listen on * tls port 443 
 + 
 + tls { 
 + # Adjust these paths for the ones your certificate uses. 
 + certificate "/etc/ssl/fullchain.pem" 
 + key "/etc/ssl/private/privkey.key" 
 +
 + 
 + # If you are using the default DokuWiki as installed from the 
 + # OpenBSD dokuwiki port then this is your root directory. If 
 + # you are using a manual installation, adjust as needed. 
 + root "/dokuwiki" 
 + 
 + # Make sure that https://<hostname>/ works (in addition to 
 + # https://<hostname>/doku.php) 
 + directory index doku.php 
 + 
 +Block some things
 + # Note: The first matching location statement wins. Thus the 
 + # order is important. 
 + location "*~" { block } 
 + location ".*{ block 
 + location "/data/*" { block } 
 + location "/conf/*" { block } 
 + location "/bin/*" { block } 
 + location "/inc/*" { block } 
 + location "/vendor/*" { block 
 + 
 + # If nothing was blocked then handle PHP scripts. 
 + location "*.php"
 + # If you are running multiple versions of php-fpm 
 + # you may need to adjust the socket path. 
 + fastcgi socket "/run/php-fpm.sock" 
 +
 +}
 </code> </code>
 +
 +Don't forget to check your configuration using ''httpd -n''! If all is well you can start httpd(8) using:
 +  ~$ doas rcctl start httpd
 +
 +To enable httpd(8) at boot time use:
 +  ~$ doas rcctl enable httpd
 +
 +And for completeness, after changing your httpd.conf use:
 +  ~$ doas httpd -n
 +  ~$ doas rcctl reload httpd
 +or
 +  ~$ doas httpd -n
 +  ~$ doas rcctl restart httpd
  
 =====Allowing outgoing http connections===== =====Allowing outgoing http connections=====
Line 80: Line 156:
 The OpenBSD web server chroot is fairly restrictive by default. If you want to use things like automatic extension downloading you will need to open things up a bit. This should allow outgoing http and https connections. As root (creating any needed directories on the way): The OpenBSD web server chroot is fairly restrictive by default. If you want to use things like automatic extension downloading you will need to open things up a bit. This should allow outgoing http and https connections. As root (creating any needed directories on the way):
  
 +  # mkdir /var/www/dev
   # mknod /var/www/dev/urandom c 45 2   # mknod /var/www/dev/urandom c 45 2
 +  # mkdir /var/www/etc
   # cp /etc/resolv.conf /var/www/etc/   # cp /etc/resolv.conf /var/www/etc/
   # cp /etc/hosts /var/www/etc/   # cp /etc/hosts /var/www/etc/
   # cp /etc/services /var/www/etc/   # cp /etc/services /var/www/etc/
 +  # mkdir /var/www/etc/ssl
   # cp /etc/ssl/cert.pem /var/www/etc/ssl/   # cp /etc/ssl/cert.pem /var/www/etc/ssl/
  
 +Then restart the php daemon:
 +  ~$ doas rcctl start php80_fpm
install/openbsd.1620473449.txt.gz · Last modified: 2021-05-08 13:30 by mprins
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

Global DokuWiki Links