DokuWiki

It's better when it's simple

User Tools

Site Tools

Trace:
install:openbsd

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
install:openbsd [2021-08-10 14:31] – [Installation from the package] fiwsweinstall:openbsd [2023-09-09 14:11] (current) – Include a better httpd(8) configuration fiwswe
Line 9: Line 9:
 The package manager will take care of setting up dependencies and chroot requirements. The package manager will take care of setting up dependencies and chroot requirements.
  
-Note: The package ''dokuwiki-2020.07.29p0'' contains a minor mistakeIf you want to install your own templates using the Extension Manager you should change the owner of ''/var/www/dokuwiki/lib/tpl'' to ''www'':+Note: The package ''dokuwiki-2022.07.31ap0'' and ''dokuwiki-2023.04.04'' (in snapshots) require users wanting to install templates using the Extension Manager to change the owner of ''/var/www/dokuwiki/lib/tpl'' to ''www'':
   # chown www /var/www/dokuwiki/lib/tpl   # chown www /var/www/dokuwiki/lib/tpl
 +
 +
 +:!: Note: The currently available OpenBSD ports ''dokuwiki-2022.07.31ap0'' and ''dokuwiki-2023.04.04'' (in snapshots) contain a small bug. You will need to fix the permissions like this:
 +  # chown www /var/www/dokuwiki/data/log
 +This bug will probably be fixed in newer versions of the ports.
 =====Manual installation===== =====Manual installation=====
  
Line 19: Line 24:
   ~$ doas pkg_add php php-gd   ~$ doas pkg_add php php-gd
  
-You should be able to choose the newest version of PHP. We will use 7.for this example.+You should be able to choose the newest version of PHP. We will use 8.for this example.
  
  
 To enable the installed PHP package add the symbolic links as root: To enable the installed PHP package add the symbolic links as root:
  
-  # cd /etc/php-7.4.sample +  # cd /etc/php-8.0.sample 
-  # for i in *; do ln -sf ../php-7.4.sample/$i ../php-7.4/; done+  # for i in *; do ln -sf ../php-8.0.sample/$i ../php-8.0/; done
  
 Start up the PHP FPM daemon: Start up the PHP FPM daemon:
  
-  ~$ doas rcctl start php74_fpm+  ~$ doas rcctl start php80_fpm
  
 ==== Add the daemon to the list of things started up at boot ==== ==== Add the daemon to the list of things started up at boot ====
Line 36: Line 41:
 Add the daemon to the list of things started up at boot in the /etc/rc.conf.local file (you might have to create it) by adding it to any existing list like this: Add the daemon to the list of things started up at boot in the /etc/rc.conf.local file (you might have to create it) by adding it to any existing list like this:
  
-  pkg_scripts=pkg1 pkg2 php74_fpm +  ~$ doas rcctl enable php80_fpm
- +
-New method: +
-  ~$ doas rcctl enable php74_fpm+
  
 Once you have PHP working you can go through the generic [[::install|installation instructions]]. Pay particular attention to setting up the [[install:permissions|permissions]] properly. If you are using the OpenBSD httpd web server you will be setting things to a user of www and group of www. Once you have PHP working you can go through the generic [[::install|installation instructions]]. Pay particular attention to setting up the [[install:permissions|permissions]] properly. If you are using the OpenBSD httpd web server you will be setting things to a user of www and group of www.
Line 51: Line 53:
         listen on egress port 80          listen on egress port 80 
         listen on 127.0.0.1 port 80          listen on 127.0.0.1 port 80 
 +
 +        location "/*.inc" { block }
 +        location "/*.ht*" { block }
 +        location "/data/*" { block }
 +        location "/conf/*" { block }
 +        location "/bin/*" { block }
 +        location "/inc/*" { block }
 +        location "/vendor/*" { block }
  
         location "/dokuwiki/*.php*"         location "/dokuwiki/*.php*"
Line 63: Line 73:
         }          } 
  
 +
 </code> </code>
  
-Alternative configuration with updated syntax (tested on OpenBSD 6.6):+Note: The above is a very generic minimal configuration. It assumes yo can access DokuWiki using the url ''%%http://%%//<your-ip>//%%/dokuwiki/%%'' or locally using ''%%http://localhost/dokuwiki/%%'' You SHOULD probably set DokuWiki up to use HTTPS so that login credentials will be transferred securely. It is fairly easy to do this using e.g. [[https://letsencrypt.org|Let's Encrypt]] and [[https://man.openbsd.org/acme-client.1|acme-client(1)]]. Simply redirect all requests on port 80 to port 443, except for the ACME challenge and change the above ''listen'' statements to port 443 and add the appropriate ''tls {}'' configuration.
  
 +A slightly better configuration which would be accessible using the url ''%%https://%%//<your-hostname>//%%/%%'' (using ''wiki.example.com'' as the hostname for this example) might look like this:
 <code autoconf> <code autoconf>
-server "default" { +# Redirect HTTP requests to HTTPS and handle ACME certificate verification 
-  listen on egress port 443 +# requests. 
-  root "/dokuwiki" +server "wiki.example.com" { 
-  directory index doku.php + listen on * port 80 
-   + 
-  Set according to upload_max_filesize and post_max_size in php.ini + # Add other hostnames here if you have multiple virtual hosts that 
-  connection max request body 20971520 + # require the same functionality. No need to write extra server {} 
-   + # blocks for them. 
-  location "*.php    fastcgi socket "/run/php-fpm.sock" } + # alias "other.host.name" 
-  location "/data/*"   { block } + 
-  location "/conf/*"   { block } + block return 301 "https://$HTTP_HOST$REQUEST_URI" 
-  location "/bin/*"    { block } + 
-  location "/inc/*"    { block } + location "/.well-known/acme-challenge/*"
-  location "/vendor/*" { block } + pass 
- + root "/acme" 
 + request strip 2 
 +
 +
 + 
 +# This is the server for hosting a DokuWiki website. 
 +server "wiki.example.com"
 + # Always use HTTPS so that login credentials are encrypted. 
 + listen on * tls port 443 
 + 
 + tls { 
 + # Adjust these paths for the ones your certificate uses. 
 + certificate "/etc/ssl/fullchain.pem" 
 + key "/etc/ssl/private/privkey.key" 
 +
 + 
 + # If you are using the default DokuWiki as installed from the 
 + # OpenBSD dokuwiki port then this is your root directory. If 
 + # you are using a manual installation, adjust as needed. 
 + root "/dokuwiki" 
 + 
 + # Make sure that https://<hostname>/ works (in addition to 
 + # https://<hostname>/doku.php) 
 + directory index doku.php 
 + 
 +Block some things
 + # Note: The first matching location statement wins. Thus the 
 + # order is important. 
 + location "*~" { block } 
 + location ".*{ block 
 + location "/data/*" { block } 
 + location "/conf/*" { block } 
 + location "/bin/*" { block } 
 + location "/inc/*" { block } 
 + location "/vendor/*" { block 
 + 
 + # If nothing was blocked then handle PHP scripts. 
 + location "*.php"
 + # If you are running multiple versions of php-fpm 
 + # you may need to adjust the socket path. 
 + fastcgi socket "/run/php-fpm.sock" 
 +
 +}
 </code> </code>
  
Line 111: Line 165:
   # cp /etc/ssl/cert.pem /var/www/etc/ssl/   # cp /etc/ssl/cert.pem /var/www/etc/ssl/
  
-Note: On [[https://openbsd.org|OpenBSD 6.9]] using the package ''dokuwiki-2020.07.29p0'' the above did not seem to be sufficient to allow [[:DokuWiki]] access to the plugin and template repositories. The Extension Manager still displays the message"The plugin repository could not be contacted. Make sure your server is allowed to contact <nowiki>www.dokuwiki.org</nowiki> and check your proxy settings. [Retry]"+Then restart the php daemon: 
 +  ~$ doas rcctl start php80_fpm
install/openbsd.1628598698.txt.gz · Last modified: 2021-08-10 14:31 by fiwswe
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki

Global DokuWiki Links