diff --git a/manifests/instance.pp b/manifests/instance.pp index 340ae51..0f60858 100644 --- a/manifests/instance.pp +++ b/manifests/instance.pp @@ -1,141 +1,145 @@ define mediawiki::instance ( String $vhost_name = $title, String $vhost_docroot = '/var/lib/mediawiki', String $vhost_fpm_root = 'http://127.0.0.1:5000', String $vhost_basic_auth = '', Array[String] $vhost_aliases = [], String $vhost_ssl_protocol = 'all -SSLv2 -SSLv3', String $vhost_ssl_honorcipherorder = 'On', String $vhost_ssl_cipher = 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA', String $vhost_ssl_cert = '/etc/ssl/certs/ssl-cert-snakeoil.pem', String $vhost_ssl_chain = '/etc/ssl/certs/ssl-cert-snakeoil.pem', String $vhost_ssl_key = '/etc/ssl/private/ssl-cert-snakeoil.key', String $vhost_ssl_hsts_header = 'add Strict-Transport-Security "max-age=15768000"', String $db_user = 'mediawiki', String $db_basename = 'mediawiki', String $db_host = 'localhost', String $db_password = 'verysecret', String $secret_key = 'secretkey', String $upgrade_key = 'upgradekey', String $swh_logo = '/images/b/b2/Swh-logo.png', String $site_name = 'MediaWiki', ){ include ::mediawiki $vhost_basic_auth_file = "/etc/apache2/mediawiki_${vhost_name}_http_auth" $config_relative = "LocalSettings_${vhost_name}.php" $config = "/etc/mediawiki/${config_relative}" include ::mysql::client ::mysql::db {$db_basename: user => $db_user, password => $db_password, host => $db_host, grant => ['ALL'], } include ::apache include ::apache::mod::proxy include ::profile::apache::mod_proxy_fcgi ::apache::vhost {"${vhost_name}_non-ssl": servername => $vhost_name, serveraliases => $vhost_aliases, port => '80', docroot => $vhost_docroot, redirect_status => 'permanent', redirect_dest => "https://${vhost_name}/", } if $vhost_basic_auth != '' { file {$vhost_basic_auth_file: ensure => present, owner => 'root', group => 'www-data', mode => '0640', content => $vhost_basic_auth, } $root_directory = { path => '/', provider => 'location', auth_type => 'Basic', auth_name => 'Software Heritage development', auth_user_file => $vhost_basic_auth_file, auth_require => 'valid-user', } } else { file {$vhost_basic_auth_file: ensure => absent, } $root_directory = {} } ::apache::vhost {"${vhost_name}_ssl": servername => $vhost_name, serveraliases => $vhost_aliases, port => '443', ssl => true, ssl_protocol => $vhost_ssl_protocol, ssl_honorcipherorder => $vhost_ssl_honorcipherorder, ssl_cipher => $vhost_ssl_cipher, ssl_cert => $vhost_ssl_cert, ssl_chain => $vhost_ssl_chain, ssl_key => $vhost_ssl_key, headers => [$vhost_ssl_hsts_header], docroot => $vhost_docroot, proxy_pass_match => [ { path => '^/(.*\.php(/.*)?)$', url => "fcgi://${vhost_fpm_root}${vhost_docroot}/\$1", }, + { path => '^/wiki/', + url => "fcgi://${vhost_fpm_root}${vhost_docroot}/index.php", + reverse_urls => [], + }, ], directories => [ $root_directory, { path => "${vhost_docroot}/config", provider => 'directory', override => ['None'], }, { path => "${vhost_docroot}/images", provider => 'directory', override => ['None'], }, { path => "${vhost_docroot}/upload", provider => 'directory', override => ['None'], }, ], require => [ File[$vhost_ssl_cert], File[$vhost_ssl_chain], File[$vhost_ssl_key], File[$config], ], } # Uses variables: # $vhost_name # $db_basename # $db_user # $db_host # $db_password # $secret_key # $upgrade_key # $site_name file {$config: ensure => present, owner => 'root', group => 'www-data', mode => '0640', content => template('mediawiki/LocalSettings_vhost.php.erb'), } # Uses variables: # $vhost_name # $vhost_aliases concat::fragment {"mediawiki_config_meta_${vhost_name}": target => $::mediawiki::config_meta, order => '10', content => template('mediawiki/LocalSettings.php.erb') } } diff --git a/templates/LocalSettings_vhost.php.erb b/templates/LocalSettings_vhost.php.erb index 4648cb4..ce4db4e 100644 --- a/templates/LocalSettings_vhost.php.erb +++ b/templates/LocalSettings_vhost.php.erb @@ -1,182 +1,183 @@ "; ## The URL base path to the directory containing the wiki; ## defaults for all runtime URL paths are based off of this. ## For more information on customizing the URLs please see: ## http://www.mediawiki.org/wiki/Manual:Short_URL $wgScriptPath = ""; $wgScriptExtension = ".php"; +$wgArticlePath = "/wiki/$1"; ## The protocol and server name to use in fully-qualified URLs $wgServer = "https://<%= @vhost_name %>"; ## The relative URL path to the skins directory $wgStylePath = "$wgScriptPath/skins"; ## The relative URL path to the logo. Make sure you change this from the default, ## or else you'll overwrite your logo when you upgrade! $wgLogo = "<%= @swh_logo %>"; $wgFavicon = "<%= @swh_logo %>"; ## UPO means: this is also a user preference option $wgEnableEmail = true; $wgEnableUserEmail = true; # UPO $wgEmergencyContact = "info@softwareheritage.org"; $wgPasswordSender = "info@softwareheritage.org"; $wgEnotifUserTalk = true; # UPO $wgEnotifWatchlist = true; # UPO $wgEmailAuthentication = true; $wgEmailConfirmToEdit = true; # require email confirmation before editing ## Database settings $wgDBtype = "mysql"; $wgDBserver = "<%= @db_host %>"; $wgDBname = "<%= @db_basename %>"; $wgDBuser = "<%= @db_user %>"; $wgDBpassword = "<%= @db_password %>"; # MySQL specific settings $wgDBprefix = ""; # MySQL table options to use during installation or update $wgDBTableOptions = "ENGINE=InnoDB, DEFAULT CHARSET=binary"; # Experimental charset support for MySQL 5.0. $wgDBmysql5 = false; ## Shared memory settings $wgMainCacheType = CACHE_NONE; $wgMemCachedServers = array(); ## To enable image uploads, make sure the 'images' directory ## is writable, then set this to true: $wgEnableUploads = true; $wgUseImageMagick = true; $wgImageMagickConvertCommand = "/usr/bin/convert"; # InstantCommons allows wiki to use images from http://commons.wikimedia.org $wgUseInstantCommons = false; ## If you use ImageMagick (or any other shell command) on a ## Linux server, this will need to be set to the name of an ## available UTF-8 locale $wgShellLocale = "en_US.utf8"; ## If you want to use image uploads under safe mode, ## create the directories images/archive, images/thumb and ## images/temp, and make them all writable. Then uncomment ## this, if it's not already uncommented: #$wgHashedUploadDirectory = false; ## Set $wgCacheDirectory to a writable directory on the web server ## to make your wiki go slightly faster. The directory should not ## be publically accessible from the web. #$wgCacheDirectory = "$IP/cache"; # Site language code, should be one of the list in ./languages/Names.php $wgLanguageCode = "en"; $wgSecretKey = "<%= @secret_key %>"; # Site upgrade key. Must be set to a string (default provided) to turn on the # web installer while LocalSettings.php is in place $wgUpgradeKey = "<%= @upgrade_key %>"; ## Default skin: you can change the default skin. Use the internal symbolic ## names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector': $wgDefaultSkin = "vector"; ## For attaching licensing metadata to pages, and displaying an ## appropriate copyright notice / icon. GNU Free Documentation ## License and Creative Commons licenses are supported so far. $wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright $wgRightsUrl = "https://creativecommons.org/licenses/by-sa/4.0/"; $wgRightsText = "Creative Commons Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) License"; $wgRightsIcon = "https://licensebuttons.net/l/by-sa/4.0/88x31.png"; # Path to the GNU diff3 utility. Used for conflict resolution. $wgDiff3 = "/usr/bin/diff3"; # Query string length limit for ResourceLoader. You should only set this if # your web server has a query string length limit (then set it to that limit), # or if you have suhosin.get.max_value_length set in php.ini (then set it to # that value) $wgResourceLoaderMaxQueryLength = -1; # Skins wfLoadSkin( 'CologneBlue' ); wfLoadSkin( 'Modern' ); wfLoadSkin( 'MonoBook' ); wfLoadSkin( 'Vector' ); # Anti-SPAM Q&A wfLoadExtensions([ 'ConfirmEdit', 'ConfirmEdit/QuestyCaptcha' ]); $wgCaptchaQuestions = [ "The name of this project is Software [BLANK] (fill the blank)" => "heritage", "The name of this project is [BLANK] Heritage (fill the blank)" => "software", "What do we collect, preserve, and share?" => ["software", "source code", "software source code"], "Our headquarters are located in the capital of France, which is ...?" => "paris", "Name a popular GNU/Linux distribution" => ["arch", "centos", "debian", "fedora", "gentoo", "mageia", "mandriva", "mint", "opensuse", "red hat", "redhat", "slackware", "suse", "ubuntu"], "Name a popular programming language" => ["ada", "assembly", "c", "c#", "c++", "erlang", "f#", "fortran", "go", "haskell", "java", "javascript", "lisp", "logo", "lua", "ml", "objective c", "objective-c", "ocaml", "pascal", "perl", "php", "prolog", "python", "ruby", "rust", "scala", "scheme", "shell", "swift", "visual basic"], ]; # End of automatically generated settings. # Add more configuration options below. $wgGroupPermissions['*']['edit'] = false; $wgFileExtensions[] = 'pdf'; $wgNamespacesToBeSearchedDefault = array( NS_MAIN => true, NS_TALK => true, NS_USER => true, NS_USER_TALK => true, NS_PROJECT => true, NS_PROJECT_TALK => true, NS_FILE => true, NS_FILE_TALK => true, NS_MEDIAWIKI => true, NS_MEDIAWIKI_TALK => true, NS_TEMPLATE => true, NS_TEMPLATE_TALK => true, NS_HELP => true, NS_HELP_TALK => true, NS_CATEGORY => true, NS_CATEGORY_TALK => true ); wfLoadExtension( 'Cite' );