MediaWiki On Lightsail
Cloned from https://wiki.heatsynclabs.org/wiki/MediaWiki_On_Lightsail
This is intended to document how to install MedaiWiki on Lightsail. It's starting with notes on my attempts and has good intentions to mature into a proper tutorial.
To Do
- Document Lightsail Setup
- SSH Login Key
- Backup and Restore
- Database Dump and Import
- LocalSettings.php backup and import
- Periodic Backup
Deploying on Lightsail Debian 10.5
This time around I'm going with a bare Debian 10.5 instance. I used 9.5 for the first pass, it only has PHP 7.0, which the latest version of MediaWiki won't run on. Debian 10.5 (which I don't recall seeing last time, I think it's new to Lightsail) comes with PHP 7.3, which will support the most current MediaWiki.
I used the $5 instance with 1 GB RAM, 1 vcPU, 40 GB SSD, and 2 TB transfer. It's the best price/performance they offer at the moment; as you go to larger instances the price grows faster than the specs. If it can run on a $5 instance, I think it's the right call.
SSH Key
TBD
Static IP Address
Wait for the Lightsail console to show that the instance is "Running" - it should only take a minute or two. Once the instance is up, assign it a static IP address. In the Lightsail console page on AWS, select your instance, and click on the Networking folder tab. Click on "Create Static IP". It will attach an IP from its pool to your instance, and you'll use that IP address for the DNS entries below.
While you're at the Networking configuration, go to the Firewall section and add an entry for 443 (HTTPS).
OS Updates
Once it's fired up, login and update the OS:
$ ssh -i <path/to/secret_ssh_key> admin@<ip_address> $ sudo apt update $ sudo apt dist-upgrade
DNS Entries
Add A records for each of the hostnames you want to create certificates for. I'm setting up traxel.com, www.traxel.com, and wiki.traxel.com, so I created 3 A Records all pointing to the same static IP address.
Now wait for those records to cascade. It should be done in a day or two.
Apache
Let's Encrypt creates files on your webserver, then hits the host with an HTTP request to confirm that you own the domain. Install Apache 2 so you can host the files.
$ sudo apt install apache2
Then you'll need a file like /etc/apache2/sites-available/003-wiki.conf for each of the hostnames. I pointed each one at a different directory, since I don't know if Let's Encrypt uses unique filenames. It probably does, but this guarantees it will work.
200-www.conf
Location: /etc/apache2/sites-available/200-www.conf
<VirtualHost *:80> ServerName traxel.com ServerAdmin webmaster@localhost DocumentRoot /var/www/root #LogLevel info ssl:warn ErrorLog ${APACHE_LOG_DIR}/root-error.log CustomLog ${APACHE_LOG_DIR}/root-access.log combined </VirtualHost>
300-wiki.conf
Location: /etc/apache2/sites-available/300-wiki.conf
<VirtualHost *:80> ServerName wiki.traxel.com ServerAdmin webmaster@localhost DocumentRoot /var/www/mediawiki ErrorLog ${APACHE_LOG_DIR}/wiki-error.log CustomLog ${APACHE_LOG_DIR}/wiki-access.log combined </VirtualHost>
After you create the conf files, activate them with a2ensite and disable 000-default with a2dissite (unless you're keeping that one active to cover the root hostname).
$ sudo a2ensite 001-root $ sudo a2ensite 002-www $ sudo a2ensite 003-wiki $ sudo a2dissite 000-default $ sudo systemctl reload apache2
Finally we'll need mod_rewrite - Let's Encrypt will create conf files that will redirect non-SSL traffic to HTTPS.
$ sudo a2enmod rewrite $ sudo systemctl restart apache2
Let's Encrypt SSL Certificate
Let's Encrypt will look at your active sites and ask you if you want to create certs for all of them.
Make sure to use the "Redirect" setting so that any traffic arriving on port 80 gets redirected to the SSL port (443).
$ sudo apt install certbot python3-certbot-apache $ sudo certbot --apache
Wow! OK, that was way easier than I was expecting. Sure, there's the setup that you have to do, but most of that would have to be done anyway just to get the webserver up. That is really awesome. I'll have to give the EFF a little extra this year.
MediaWiki Supporting Software
First, the basics. You'll need all of these:
$ sudo apt-get install mariadb-server php php-mysql libapache2-mod-php php-xml php-mbstring
Next, the enhancements. These will give MediaWiki extra capabilities. See Optional Packages
$ sudo apt-get install php-apcu php-intl imagemagick php-cli php-curl git
Configure PHP
There are a couple settings that are worth checking in PHP:
$ cd /etc/php/7.3/apache2/ $ grep memory_limit php.ini $ grep upload_max_filesize php.ini
128 megs should be fine for memory.
I'm torn on filesize. I'm trying to fit on a $5/mo machine with a 40 Gig HDD. Most things other than video for use on the web can be under 2 megs (the default size). I feel like the best answer may be a plugin to store large files in S3 at 1/4th the price. It's not a one-way-door, though. I'm leaving mine at 2 megs for now.
Make sure the PHP plugins are enabled:
$ sudo phpenmod apcu $ sudo phpenmod curl $ sudo phpenmod intl $ sudo phpenmod mbstring $ sudo phpenmod xml $ sudo systemctl restart apache2
Configure MariaDB
It's time to stop generically referring to MariaDB as MySQL. MySQL is a once-great project that is no longer trustworthy. MariaDB is the leading Open Source RDBMS.
If you haven't done anything with it yet, there will be no password.
$ sudo mariadb -u root
Pick a username for MediaWiki to use (I'm using wiki_wiki as an example).
Pick a database name (I'm using hsl_wiki as an example).
Pick a password other than "CHANGE THIS PASSWORD".
MariaDB> create database hsl_wiki; MariaDB> grant all on hsl_wiki.* to 'wiki_wiki'@'localhost' identified by 'CHANGE THIS PASSWORD'; MariaDB> flush privileges;
Then you can verify it worked if you like. (there won't be any tables, but it shouldn't give you an auth error)
$ mariadb -u wiki_wiki -p MariaDB> show tables in hsl_wiki; MariaDB> exit
Download and Unpack MediaWiki
$ cd $ mkdir tmp $ cd tmp $ wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz $ tar -xvzf mediawiki-1.35.0.tar.gz $ mv mediawiki-1.35.0 /var/www/
Point Apache at MediaWiki
Note that Let's Encrypt will have replicated your apache .conf file to an SSL version when you redirected traffic from 80 to 443.
$ sudo emacs -nw /etc/apache2/sites-available/003-wiki-le-ssl.conf
Point your DocumentRoot at the mediawiki directory. It should look something like this:
<IfModule mod_ssl.c> <VirtualHost *:443> ServerName wiki.traxel.com ServerAdmin webmaster@localhost DocumentRoot /var/www/mediawiki-1.35.0 ErrorLog ${APACHE_LOG_DIR}/wiki-error.log CustomLog ${APACHE_LOG_DIR}/wiki-access.log combined SSLCertificateFile /etc/letsencrypt/live/wiki.traxel.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/wiki.traxel.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule>
Configure MediaWiki
Walk through the web interface to collect your settings. At the end, it will give you a LocalSettings.php file.
Save the file locally, then upload it to your server and put it in the MediaWiki directory.
After that, the wiki is ready to go. Hit it with your browser and away you go!
Backup & Recovery
TBD
Migration from Older Versions
TBD