In this guide, we will learn how to install and configure the MediaWiki platform in Debian Linux to create online wiki websites.
MediaWiki is a free open-source wiki application written mostly in the PHP programming language, often used on Linux with Apache/Nginx web servers, PHP, and the MySQL/MariaDB database management system, also known as the LAMP or LEMP stack.
The MediaWiki software platform is widely used to create powerful and collaborative documentation websites, similar to the popular Wikipedia.
Requirements
- Minimal installation of Debian 9 on a bare-metal server machine or on a virtual private server
- sudo root privileges for a local account or remote access direct to root account
- A static IP address configured for one of your system network interfaces cards
- A domain name, private or public, depending on your deployment, with the correct DNS records configured for web services. If you don’t have a valid or registered domain name, you can install and access the site using your server’s IP address
- If you want to use the website registration, mail order confirmations and other features, you should have a running mail server on your premises that is properly configured and provides remote access to its IMAP and SMTP services
Prerequisites
Before you begin installing and configuring MediaWiki from your own server’s sources, you must ensure that the system meets all software requirements for compiling and installing the application.
The first step is to update your system’s repositories and software packages by running the following command.
apt update
apt upgrade
Next, run the following command to install some necessary utilities that you will need to continue managing your system from the command line.
apt install wget bash-completion curl
After the system has been fully upgraded and the necessary utilities to manage your server have been installed, set up the name for your system by running the following command. Replace your hostname variable accordingly
hostnamectl set-hostname www.mywiki.com
Check machine hostname and hosts file by issing the following commands.
hostnamectl
cat /etc/hostname
hostname –s
hostname –f
Also, install ImageMagick, which is required for thumbnailing images, and the TeX software, which is required for inline display of mathematical formulas. In Debian-based distributions, enter the following command to install ImageMagick and TeX
apt install imagemagick texlive
Finally, restart the Debian server to apply kernel updates and change the hostname properly.
init 6
MediaWiki is a web-based CMS wiki platform written in the PHP server-side programming language. In order to run the application’s PHP file scripts, a web server such as the Apache HTTP server and a PHP interpreter must be installed and operational in the system.
To install the Apache web server and PHP interpreter along with all the necessary PHP modules that the application needs to run properly, enter the following command in your server console.
apt 6
apt install apache2 libapache2-mod-php7.0 php7.0 php7.0-curl php7.0-gd php7.0-opcache php7.0-json php7.0-mbstring php7.0-intl php-imagick php7.0-xml php7.0-apcu
After installing Apache and PHP, verify that the web server is running and listening for network connections on port 80 by entering the following command with root privileges
netstat –tlpn
In case netstat network utility is not installed by default in your Debian system, run the following command to install it.
apt install net-tools
Using the output of the netstat command, you can see that the Apache web server is listening for incoming network connections on port 80. For the same task, you can also use the ss command, which is automatically installed in Debian 9
ss- tulpn
If you have a firewall enabled in your system, such as the UFW firewall application, you should add a new rule to allow HTTP traffic through the firewall by entering the following command
ufw allow WWW
or
ufw allow 80/tcp
If you are using iptables raw rules to manage your Debian server’s firewall rules, add the following rule to allow incoming traffic on port 80 to allow visitors to visit the website.
apt-get install -y iptables-persistent
iptables -I INPUT -p tcp --destination-port 80 -j ACCEPT
iptables -I INPUT -p tcp --destination-port 22 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent
systemctl enable netfilter-persistent.service
Next, enable the following Apache modules that the wiki application needs to run properly by typing the following command:
a2enmod rewrite
systemctl restart apache2
Finally, test if the default Apache web page can be displayed in your clients’ browsers by calling the IP address of your Debian machine or your domain name or server FQDN using the HTTP protocol, as shown in the following figure. If you don’t know the IP address of your machine, you can run the ifconfig or ip a commands to find out the IP address of your server.
http://your_domain.tld
To install and access the MediaWiki site using the HTTPS protocol, which secures traffic for your clients, enter the following command to enable the Apache web server’s SSL module and SSL site configuration file:
a2enmod ssl
a2ensite default-ssl.conf
Next, open the Apache default SSL site configuration file with a text editor and enable the URL rewrite rules by inserting the following lines of code after the DocumentRoot directive, as shown in the following example:
nano /etc/apache2/sites-enabled/default-ssl.conf
SSL site configuration file excerpt:
<directory /var/www/html> Options +FollowSymlinks AllowOverride All Require all granted </directory>
Also, make the following change to VirtualHost line as shown in the following excerpt:
<VirtualHost *:443>
Close the SSL Apache file and open the /etc/apache2/sites-enabled/000-default.conf file for editing and add the same URL rewrite rules as for the SSL configuration file. Add the lines of code after the DocumentRoot statement, as shown in the following example.
<Directory /var/www/html> Options +FollowSymlinks AllowOverride All Require all granted </Directory>
Finally, you restart the Apache daemon to apply all the rules configured so far and visit your domain using the HTTP protocol. Since you are using the self-signed certificate pairs automatically issued by Apache during installation, which are not trusted by the browser, an error warning should be displayed in the browser.
systemctl restart apache2
https://yourdomain.tld
Accept the warning to accept the untrusted certificate and continue to be redirected to the default Apache web page, as shown in the following image.
If the UFW firewall application is blocking incoming network connections to the HTTPS port, you should add a new rule to allow HTTPS traffic through the firewall by entering the following command
ufw allow ‘WWW Full’
or
ufw allow 443/tcp
If iptables is the default firewall application installed to protect your Debian system at the network level, add the following rule to allow incoming traffic through port 443 in the firewall to allow visitors to browse your domain name.
iptables -I INPUT -p tcp --destination-port 443 -j ACCEPT
netfilter-persistent save
systemctl restart netfilter-persistent
systemctl status netfilter-persistent
In the next step, we need to make some more changes to the PHP default configuration file to ensure that the following PHP variables are enabled and that the PHP timezone setting is configured correctly and matches the geographic location of your system. Open the /etc/php/7.0/apache2/php.ini file for editing and make sure the following lines are set as follows. Also, make a backup of the PHP configuration file first.
cp /etc/php/7.0/apache2/php.ini{,.backup}
nano /etc/php/7.0/apache2/php.ini
Find, edit and change the following variables in the php.ini configuration file:
file_uploads = On default_charset = UTF-8 memory_limit = 128M max_execution_time = 18000 upload_max_filesize = 100M date.timezone = Europe/London
Increase the upload_max_file_size variable to support large file attachments, and replace the time.zone variable with your physical time accordingly by consulting the list of timezones in the PHP docs at the following link http://php.net/manual/en/timezones.php
If you want to increase the loading speed of your web pages via the OPCache plugin available for PHP7, add the following OPCache settings to the end of the PHP interpreter configuration file under the [opcache] line, as described below:
[opcache] opcache.enable=1 opcache.enable_cli=1 opcache.interned_strings_buffer=8 opcache.max_accelerated_files=10000 opcache.memory_consumption=128 opcache.save_comments=1 opcache.revalidate_freq=1
After you have made all the changes explained above, restart the Apache daemon to apply the new changes by entering the following command
systemctl restart apache2
Finally, create a PHP info file by running the following command, and verify that the PHP time zone is configured correctly by accessing the PHP info file in a browser at the following URL, as shown in the following figure. Scroll down to the date setting to verify that the PHP time zone is configured.
echo '<?php phpinfo(); ?>'| tee /var/www/html/info.php
https://domain.tld/info.php
The MediaWiki web application stores configurations such as users, sessions, and articles in an RDBMS database. This tutorial will configure the MediaWiki platform to use the MariaDB database as the backend. Enter the following command to install the MariaDB database and the PHP module to access the MySQL database.
apt install mariadb-server php7.0-mysql mariadb-client
After you install MariaDB, check that the daemon is running and waiting for connections on localhost, port 3306, by running the netstat command.
netstat –tlpn | grep mysql
Then log into the MySQL console and secure the MariaDB root account by giving the following commands.
root@www:~# mysql -h localhost
Welcome to MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 2 Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1 Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Tap ‘help;’ or ‘\h’ for help. Tap ‘\c’ to delete the current input statement.
MariaDB [(none)]>
use mysql; Read table information To complete tables and column names You can turn off this feature to be a faster start with -A
Database changed
MariaDB [mysql]>
update user set plugin='' where user='root'; Query OK, 1 row affected (0.00 sec) rows hit: 1 changed: 1 warnings: 0
MariaDB [mysql]>
flush privileges; Query OK, 0 rows affected (0.00 sec)
MariaDB [mysql]>
exit Bye
In the next step, secure MariaDB by running the mysql_secure_installation script included in the installation packages from the Debian Stretch repositories. As the script runs, it asks a series of questions about securing the MariaDB database, such as changing the MySQL root password, removing anonymous users, disabling removed root logins, and deleting the test database.
Run the script with the following command and make sure you answer yes to all questions to secure the MySQL daemon fully. Use the following excerpt from the script as a guide.
mysql_secure_installation
NOTE: THE EXECUTION OF ALL PARTS OF THIS SCRIPT WILL BE FOR ALL MariaDB SERVERS IN PRODUCTION! PLEASE READ EACH STEP CAREFULLY! To log in to MariaDB to back it up, we need the current password for the root user. If you just installed MariaDB and haven't set the root password yet, the password is blank, then you should just hit enter here. Enter the current password for root (Enter for none): OK, password used successfully, let's move on.... Setting the root password ensures that no one can log in to the MariaDB root user without proper authorization. You already have a root password set, so you can safely answer 'n'. Change the root password? [Y/n] y New password: Enter new password: Password updated successfully! Reload permission tables... .... Success! By default, a MariaDB installation has an anonymous user that anyone can use to log in to MariaDB without having to create a user account for them. This is for testing purposes only and should make the installation a little smoother. You should remove it before moving to a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB ships with a database called 'test' that everyone has access to. This database is also for testing only and should be removed before you deploy it in a production environment. Remove test database and access to it? [Y/n] y - Delete test database... ... Success! - Remove test database permissions... ... Success! Restoring the permissions tables ensures that all changes made so far take effect immediately. Restoring the permissions tables now? [Y/n] y ... Success! Clean up... All done! If you have done all the above steps, your MariaDB installation should now be safe. Thank you for using MariaDB!
To test the security of MariaDB, try logging into the database from the console without a root password. Access to the database should be denied if no password is specified for the root account, as seen in the following command snippet:
.
root@www:~# mysql -h localhost -u root
ERROR 1045 (28000): Access denied for user 'root'@'localhost' (with Password: NO)
When the password is specified, the login process should be granted to the MySQL console, as shown in the command example:
root@www:~# mysql -h localhost -u root -p
Enter password: Welcome to MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 15 Server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1 Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others. Tap 'Help;' or '\h' for Help. Type '\c' to clear the current input statement. MariaDB [(none)]> exit Bye
.
After logging into the MariaDB database console, create a MediaWiki application database and a user with a password that will be used to manage the application database by entering the following commands. Replace the database name, user, and password accordingly.
mysql –u root -p
Welcome to MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 2 server version: 10.1.26-MariaDB-0+deb9u1 Debian 9.1
Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.
Tap ‘help;’ or ‘\h’ for help. Tap ‘\c’ to delete the current input statement.
MariaDB [(none)]>
create database mediawiki; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> grant all rights to mediawiki.* to 'user'@'localhost' identified by 'password1234'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit Bye
To apply all the changes made so far, restart MySQL and the Apache daemons and verify that the daemons are running by entering the following commands.
systemctl restart mysql apache2
systemctl status mysql apache2
Install MediaWiki
Once all the system requirements for installing your wiki online platform have been met, visit the official MediaWiki download page at https://www.mediawiki.org/wiki/Download and download the latest compressed zip archive to your system by entering the following command.
wget https://releases.wikimedia.org/mediawiki/1.29/mediawiki-1.29.2.tar.gz
After completing the zip archive download, unzip the MediaWiki zip archive file named v2.3.4.1.zip to your current working directory and list the unzipped files using the following commands. Also, remove the index.html file installed by default by the Apache web server from the webroot path and delete the info.php file you created earlier.
tar xfz mediawiki-1.29.2.tar.gz
ls mediawiki-1.29.2
rm /var/www/html/index.html
rm /var/www/html/info.php
The installation files for MediaWiki are located in your current working directory in the mediawiki-1.29.2 directory. Issue the ls command to list the files in that directory. Copy the entire contents of the extracted MediaWiki directory to the root of your web server by running the following command
cp -fr mediawiki-1.29.2/* /var/www/html/
Next, run the following commands to give the Apache runtime user full write permissions to the web root path. Use the ls command to list the permissions for the application’s installed files in the /var/www/html/ directory.
chown -R www-data:www-data /var/www/html/
ls –al /var/www/html/
Next, proceed with the installation of MediaWiki by opening a browser and accessing your server’s IP address, domain name, or FQDN using the HTTPS protocol. On the first installation screen, the MediaWiki installer will display a warning message informing you that the LocalSettings.php file was not found in your current webroot. Click the Please set up the wiki first link to start the installation process, as shown in the example below.
https://yourdomain.tld
On the next screen, select MediaWiki Installation Language and Wiki Language and press Next button.
Next, the installer will check your environment to see if all the app installation requirements are met. When the green message “You can install MediaWiki” appears in your browser, you can continue the installation process by clicking the Next button.
On the next installation screen, you will select the MySQL database and enter the MySQL database server address, the username and password to access the MediaWiki database, and the name of the database created for the MediaWiki installation. After you have entered all the required database information, click the Next button to proceed to the next installation screen. Use the following screenshot as a guide to configure this step.
In the next window, under Database Account for Web Access, select the account you used during installation, select the MySQL storage engine InnoDB and the database character set UTF-8, and click the Next button.
After the database structure is imported, add the name of your wiki platform, set the project namespace to “Same as wiki name,” and add an administrator username and password for your wiki platform and an email address for the administrator account. At the bottom of the page, select Ask More Questions to customize your wiki site further, and click the Next button.
On the next screen, you’ll select the account creation for the user rights profile, select the copyright and license for your wiki site, add your email account settings, select your site skins and PHP extensions, the directory path for the deleted and logo URL, and finally select the PHP object caching mechanism. Once you’ve completed this step, click the Next button. Use the following series of images to set up this installation step.
In the next window, click the Continue button to start the installation process and wait for it to complete.
After the MediaWiki installation process is complete, click on the Download LocalSettings.php configuration file to download the configuration file locally to your desktop and use a file transfer protocol such as ftp, sftp, or scp to transfer this file to your site’s webroot path. Using the SCP protocol, the command should look like the following excerpt:
scp /local/path/to/LocalSettings.php root@yourdomain.com:/var/www/html/
To visit the front end of your wiki site, navigate to your server IP address or domain name using the HTTPS protocol, as shown in the example below, and the main page of the wiki site should be displayed in your browser.
https://yourdomain.tld
To access the wiki admin dashboard, navigate to your server IP address or domain name using the HTTPS protocol and click the login link at the top. Enter the username and password of the admin account you created for your wiki site during installation to log in to the MediaWiki admin area.
To force visitors to browse the MediaWiki site and securely access the backend interface using the HTTPS protocol to encrypt traffic between the server and client browsers, you must return to your server’s terminal and open the .htaccess file in the root of your site document for editing by entering the following command:
nano /var/www/html/.htaccess
Then edit the .htaccess file and change the native PHP server settings at the end of the file with the configurations below. Change the PHP settings to match your own server resources and configurations
.htaccess File Excerpt:
# Modify PHP settings php_value session.use_trans_sid 0 php_value register_globals 1 php_value upload_max_filesize 100M php_value post_max_size 100M
Finally, add the following rules to the .htaccess file to automatically redirect domain traffic to HTTPS and disable indexing of the Webroot directory.
# Redirect to HTTPS <IfModule mod_rewrite.c> RewriteEngine On RewriteCond %{HTTPS} off RewriteRule (.*) https://%{SERVER_NAME}/$1 [R,L]
Options -Indexes
</IfModule>
That’s all! You have successfully installed and configured the MediaWiki platform in Debian 9.2. However, since the Apache HTTP server uses self-signed certificates to encrypt traffic between the server and visitors’ browsers, a warning message is always generated and displayed in their browsers. This warning is bad for your website’s reputation and search engine optimization. In this case, you should buy a certificate from a trusted certificate authority or get a free pair of certificates from Let’s Encrypt CA.
For other custom configurations related to MediaWiki, visit the documentation page at: https://www.mediawiki.org/wiki/Manual:Contents