From 4bcdb4cba74b2dcdcff1440723cd2ae4c204242d Mon Sep 17 00:00:00 2001 From: baldnerd Date: Fri, 18 Jul 2025 10:26:44 -0400 Subject: [PATCH] First commit; not yet functional --- README.md | 105 +++++++++++++++++- activate/index.php | 67 ++++++++++++ installer.sh | 266 +++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 437 insertions(+), 1 deletion(-) create mode 100644 activate/index.php create mode 100755 installer.sh diff --git a/README.md b/README.md index e0e1803..77dbece 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,105 @@ -# mediawiki-appliance +# πŸ“˜ MediaWiki Appliance +**An Open Source Appliance from Robbie Ferguson** +(c) 2025 Robbie Ferguson. Licensed under the Apache License, Version 2.0 + +A ready-to-use MediaWiki appliance built for simplicity, performance, and security. This installer prepares a clean Debian system to serve MediaWiki at the root path with modern defaults, file uploads enabled, Redis caching, self-signed HTTPS, and preloaded core extensions. + +--- + +## βš™οΈ How It Works + +The appliance is built by running `installer.sh` on a clean Debian instance. It installs all required packages, downloads the latest stable version of MediaWiki, sets up MariaDB and Redis, configures NGINX with HTTPS, and preloads useful skins and extensions. + +After installation, the wiki is fully functional at: + +``` +https://your-server-ip/ +``` + +--- + +## πŸ§ͺ First-Time Setup + +After installation, log into your wiki as: + +- **Username**: `admin` +- **Password**: `changeme` + +> πŸ”’ You must change this password immediately! + +Visit: +``` +https://your-server-ip/activate/ +``` +This setup screen allows you to securely define a new password. It is a **one-time activation process**. + +--- + +## πŸ“‚ What’s Included + +- MediaWiki (latest stable) +- Skins: Vector (default), MonoBook, Timeless +- Extensions: + - Cite + - WikiEditor + - SyntaxHighlight_GeSHi + - CategoryTree +- File uploads enabled +- Redis server with MediaWiki cache integration +- PHP tuned for media uploads +- Self-signed HTTPS certificate for secure local access + +--- + +## πŸ”§ Enabling Let’s Encrypt (Optional) + +The appliance includes **Certbot** and is preconfigured for HTTPS. If you plan to serve your wiki publicly with a real domain name: + +1. Update `/etc/nginx/sites-available/mediawiki` to use your actual `server_name` +2. Then run: + ```bash + certbot --nginx -d your.domain.name + ``` + +This will obtain a valid SSL certificate and reload NGINX. + +--- + +## πŸ” Reinstalling or Removing + +If the installer fails and you need to revert in order to try again, you can purge the appliance from your system: + +```bash +./installer.sh --purge +``` + +This will: +- Stop all related services +- Remove MediaWiki files and NGINX config +- Uninstall MariaDB, PHP, Redis, and Certbot +- Leave the system clean for a rebuild + +Note: This process assumes you are running the script on a dedicated appliance. Running this on anything but a dedicated appliance may destroy your system. + +--- + +## πŸ” Backup Tips + +To ensure your wiki can be restored, back up: + +1. The database: + ```bash + mysqldump -u root mediawiki > mediawiki.sql + ``` + +2. The uploaded files and configs: + ```bash + tar czf uploads_backup.tar.gz /var/www/html/images /var/www/html/LocalSettings.php + ``` + +--- + +## πŸ’¬ Support + +This appliance was built by Robbie Ferguson to provide a turn-key, modern MediaWiki experience. Contributions, forks, and enhancements are welcome. diff --git a/activate/index.php b/activate/index.php new file mode 100644 index 0000000..45e835e --- /dev/null +++ b/activate/index.php @@ -0,0 +1,67 @@ +Setup already completed

The admin password has already been set. To change it, use the MediaWiki user interface or maintenance tools.

"; + exit; +} + +if ($_SERVER['REQUEST_METHOD'] === 'POST') { + $password = $_POST['password'] ?? ''; + $confirm = $_POST['confirm'] ?? ''; + + if ($password !== $confirm) { + $error = "Passwords do not match."; + } elseif (strlen($password) < 6) { + $error = "Password must be at least 6 characters."; + } else { + $safePassword = escapeshellarg($password); + $output = []; + $return = 0; + + exec("php /var/www/html/maintenance/run.php changePassword --user=admin --password=$safePassword", $output, $return); + + if ($return === 0) { + file_put_contents($flagFile, "Admin password set on " . date('c') . "\n"); + echo "

Success!

The admin password has been updated. You can now log in and start using your wiki.

"; + exit; + } else { + $error = "Failed to update password. Please check server permissions."; + } + } +} +?> + + + + + Set Admin Password - MediaWiki Appliance + + + +

Set Admin Password

+

This is a one-time setup page to secure your MediaWiki appliance. After submitting, this setup interface will be disabled.

+ + +

+ + +
+ + + + + +
+ + diff --git a/installer.sh b/installer.sh new file mode 100755 index 0000000..48f8e56 --- /dev/null +++ b/installer.sh @@ -0,0 +1,266 @@ +#!/bin/bash +# MediaWiki Server Appliance +# An Open Source Appliance from Robbie Ferguson +# (c) 2025 Robbie Ferguson. Licensed under the Apache License, Version 2.0 + +# This is the admin installer for building the appliance. +# Only to be run on a dedicated vanilla server to convert to this purpose. +# NEVER RUN THIS SCRIPT ON YOUR COMPUTER - it CONVERTS it to an appliance. + +### HANDLE --purge ### +if [[ "$1" == "--purge" ]]; then + echo "[!] This will permanently remove all MediaWiki Appliance components." + echo " This will DESTROY a normal system; NEVER run this without exactly" + echo " understanding what the purpose is." + read -p "Are you sure you want to destory this system? [y/N]: " confirm + if [[ "$confirm" != "y" && "$confirm" != "Y" ]]; then + echo "Aborted." + exit 1 + fi + + echo "[*] Purging packages..." + + systemctl stop nginx mariadb redis-server || true + apt purge -y nginx mariadb-server php* redis-server certbot python3-certbot-nginx + apt autoremove -y + rm -rf /var/www/html /etc/nginx/sites-available/mediawiki /etc/nginx/sites-enabled/default + rm -rf /etc/ssl/mediawiki + + echo "[βœ“] Purge complete." + exit 0 +fi + +set -e + +### CONFIG ### +MW_DIR="/var/www/html" +DB_NAME="mediawiki" +DB_USER="wikiuser" +DB_PASS="$(openssl rand -base64 18)" +INSTALLER_DIR="$(pwd)" + +### UPDATE SYSTEM AND INSTALL DEPENDENCIES ### +echo "[*] Installing system packages..." +apt update +apt install -y nginx mariadb-server php php-fpm php-mysql php-intl php-xml php-mbstring php-apcu php-gd php-curl php-zip unzip git curl redis-server php-redis certbot python3-certbot-nginx + +### CONFIGURE DATABASE ### +echo "[*] Configuring MariaDB..." +mysql -e "CREATE DATABASE ${DB_NAME};" +mysql -e "CREATE USER '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASS}';" +mysql -e "GRANT ALL PRIVILEGES ON ${DB_NAME}.* TO '${DB_USER}'@'localhost';" +mysql -e "FLUSH PRIVILEGES;" + +### DOWNLOAD MEDIAWIKI ### +echo "[*] Downloading latest MediaWiki..." +# A clever lil' way to detect the latest version of MediaWiki +MW_VERSION=$(curl -s https://releases.wikimedia.org/mediawiki/ | grep -oP 'href="([0-9]+\.[0-9]+(\.[0-9]+)?/)"' | cut -d'"' -f2 | sed 's:/$::' | sort -V | tail -n1) +# Now, git 'er! +DOWNLOAD_URL="https://releases.wikimedia.org/mediawiki/${MW_VERSION}/mediawiki-${MW_VERSION}.tar.gz" +FALLBACK_URL="https://releases.wikimedia.org/mediawiki/${MW_VERSION}/mediawiki-${MW_VERSION}.0.tar.gz" + +echo "[*] Attempting to download MediaWiki version $MW_VERSION..." + +cd /tmp +# This method ensures if the file is .0, we append that to the version for the extraction and installation portion +if wget "$DOWNLOAD_URL"; then + TAR_FILE="mediawiki-${MW_VERSION}.tar.gz" +elif wget "$FALLBACK_URL"; then + MW_VERSION="${MW_VERSION}.0" + TAR_FILE="mediawiki-${MW_VERSION}.tar.gz" +else + echo "[!] Failed to download MediaWiki source." + exit 1 +fi + +tar -xzf "mediawiki-${MW_VERSION}.tar.gz" +rm -rf "$MW_DIR" +mv "mediawiki-${MW_VERSION}" "$MW_DIR" + +### AUTO-CONFIGURE MEDIAWIKI ### +echo "[*] Generating LocalSettings.php..." + +WIKI_NAME="My Wiki" +ADMIN_USER="admin" +# WARNING: Default admin password is 'changeme'. User must change it immediately. +ADMIN_PASS="changeme" + +### APPEND ADDITIONAL SETTINGS ### +LSETTINGS="$MW_DIR/LocalSettings.php" + +echo "[*] Applying additional configuration..." + +cat >> "$LSETTINGS" < [ + 'default' => [ + 'MinimalPasswordLength' => 6, + 'PasswordCannotBePopular' => false, + ], + ], +]; + +EOF + +cd "$MW_DIR" +php maintenance/install.php \ + --dbname="$DB_NAME" \ + --dbuser="$DB_USER" \ + --dbpass="$DB_PASS" \ + --scriptpath="/" \ + --server="https://localhost" \ + --lang="en" \ + "$WIKI_NAME" \ + "$ADMIN_USER" --pass "$ADMIN_PASS" + +### ENSURE DEFAULT SKIN IS VECTOR ### +if [[ -f "$LSETTINGS" ]]; then + if ! grep -q '$wgDefaultSkin' "$LSETTINGS"; then + echo "[*] Setting default skin to Vector in LocalSettings.php" + echo -e "\n# Set Vector as the default skin" >> "$LSETTINGS" + echo '$wgDefaultSkin = "vector";' >> "$LSETTINGS" + else + echo "[*] Default skin already configured in LocalSettings.php" + fi +else + echo "[*] LocalSettings.php not found β€” skipping skin configuration" +fi + +### INSTALL EXTENSIONS ### +echo "[*] Installing common extensions..." +cd "$MW_DIR/extensions" + +for ext in Cite WikiEditor SyntaxHighlight_GeSHi CategoryTree; do + if [[ ! -d "$MW_DIR/extensions/$ext" ]]; then + echo "[*] Installing extension: $ext" + git clone "https://gerrit.wikimedia.org/r/mediawiki/extensions/${ext}.git" "$MW_DIR/extensions/$ext" + cd "$MW_DIR/extensions/$ext" && git checkout "REL${MW_VERSION//./_}" + else + echo "[*] Extension $ext already exists β€” skipping" + fi +done + +### ENABLE REDIS ### +systemctl enable redis-server +systemctl start redis-server + +### CONFIGURE PHP ### +echo "[*] Adjusting PHP settings..." +PHP_INI=$(php --ini | grep "Loaded Configuration" | awk '{print $4}') +sed -i 's/upload_max_filesize = .*/upload_max_filesize = 20M/' "$PHP_INI" +sed -i 's/post_max_size = .*/post_max_size = 24M/' "$PHP_INI" +systemctl restart php*-fpm + +### SETUP ACTIVATION ### +cd "$INSTALLER_DIR" +cp -R ./activate /var/www/html/ +chown -R www-data:www-data /var/www/html/activate +if [[ ! -e /opt/mediawiki ]]; then + rm -rf /opt/mediawiki +fi +mkdir -p /opt/mediawiki +chown www-data:www-data /opt/mediawiki + +### CONFIGURE NGINX ### +echo "[*] Setting up NGINX..." +cat > /etc/nginx/sites-available/mediawiki <