IT Services Installer
As of 04/10/09 a web-based installer is available for MediaWiki. You can find it at https://tools.stanford.edu under Web Services, Collaboration Tools Installer.
Installation Instructions
Thanks to Dodi and the CRC Team in IT Services for providing the original instructions and getting us (Documentation Group in IT Services) started in this direction!
Please provide feedback on these instructions directly here or questions can be directed to mediawiki-users@lists.stanford.edu.
Requirements
You will need a MySQL database to store Mediawiki. A MySQL account can be obtained by any administrator of /dept/, /group/ or /service/ directories by going to IT Services tools page at https://tools.stanford.edu/ (scroll down to the end for the MySQL request page).
Basic Installation
First, download mediawiki to a local directory. You can download it using the web at http://www.mediawiki.org/wiki/Download and then use SFTP to transfer it over, or download the file directly into the installation directory using the command line and wget:
wget http://download.wikimedia.org/mediawiki/1.11/mediawiki-1.11.1.tar.gz
tar -xvf mediawiki-1.11.1.tar.gz
Rename the directory if you wish.
mv mediawiki-1.11.1 wiki
Protect your wiki using WebAuth at this point.
Then, point your browser to the directory containing the wiki. You'll be greeted with a page with a link to set up the wiki.
An installation page will show up showing you whether the requirements are met.
Hopefully they all are and you can proceed with the installation:
I kept all the option as default except for:
* Entering a WikiName
* Changing the contact email address
* Creating an admin account
* Adding information about the MySQL database.
After you submit the page, if all goes well, you'll see a message asking you to move config/LocalSettings.php to the main directory.
Access the wiki using a web browser. At this point you should have a standard installation of MediaWiki up and running.
Changing Timezone
Modify LocalSettings.php by adding the following code:
#Set Default Timezone
$wgLocaltimezone = "America/Los_Angeles";
$oldtz = getenv("TZ");
putenv("TZ=$wgLocaltimezone");
# Versions before 1.7.0 used $wgLocalTZoffset as hours.
# After 1.7.0 offset as minutes
$wgLocalTZoffset = date("Z") / 60;
putenv("TZ=$oldtz");
Allowing File Uploads
Add the following to LocalSettings.php:
# For enabling uploading of files
$wgEnableUploads = true;
$wgFileExtensions = array( 'png', 'gif', 'jpg', 'jpeg', 'pdf', 'doc', 'xls' );
Adding Webauth
There is an extension for MediaWiki that allows you to perform authentication using the REMOTE_USER variable. This is the variable WebAuth sets for you when you are logged in.
Read up on instructions and background here: http://meta.wikimedia.org/wiki/User:Otheus/Auto_Login_via_REMOTE_USER
When you are ready, download the code for the extension from here: http://www.mediawiki.org/wiki/Extension:AutomaticREMOTE_USER
Cut and paste the code into a new file:
extensions/Auth_remoteuser.php
Then, modify it to change, at the very least, the email domain for the wiki. Search for the word "example.com" and change it to stanford.edu. What this does is tell the extension to create email addresses for the users that are composed of their SUNetID plus @stanford.edu
$user->setEmail($username . '@stanford.edu');
Now, to make sure this extension is loaded, modify LocalSettings.php by adding the following two lines to the end of the file, immediately before ?>
require_once('extensions/Auth_remoteuser.php');
$wgAuth = new Auth_remoteuser();
You're almost done! Next time you visit the wiki (or simply reload it), you will be logged in with your SUNetID automatically.
There is no need to enter your password anywhere but the regular WebLogin page.
Making your SUNetID an admin
In MediaWiki, there are two roles you'd want to have as an admin.
* Bureaucrat
* Sysop
A bureaucrat can create sysops accounts.
There are probably ways to do this using MediaWiki extensions or special pages, but I found it quicker to go into the database and modify permissions there.
To do that, log into your database (using whatever tool you use to modify databases) and then look into the ''wikiuser'' table for your user_id. It's probably 2 or 3. Now, look into ''wikiuser_groups''. You'll see that the user 1 (the original admin) has been set up as both "bureaucrat" and "sysop". Change that value (the 1) to your user ID. You can then delete the admin user from wikiuser if you wish.
Next time you reload, you'll see that you can "protect" or "delete" pages...
Enabling MySQL-based PHP Session Sharing
In order to avoid session data loss when a user is handed off to a different web server, PHP sessions need to be stored in a location accessible to all seven web servers. The current solution is to create a MySQL database to store the sessions and modify PHP's configuration to make use of it. Here's how:
Create a table to hold PHP sessions. I used the same database used for MediaWiki. Here's the SQL code to create the table:
CREATE TABLE php_sessions (
sessionid varchar(40) binary NOT NULL default '',
expiry int(10) unsigned NOT NULL default '0',
value text NOT NULL,
PRIMARY KEY (sessionid)
) TYPE=MyISAM COMMENT='Sessions';
Open includes/Setup.php and add the following code at the top:
/**
* Code to use MySQL-based sessions
*/
$STANFORD_DB = 'databasename';
$STANFORD_DB_USER = 'databaseuser';
$STANFORD_DB_PASS = 'password';
$STANFORD_DB_HOST = '127.0.0.1';
include '/etc/php5/init/sessions.php';
Then, modify /includes/GlobalFunctions.php's wfSetupSession's function by commenting out the code that sets up PHP sessions to use files:
/**
* Initialise php session
*/
function wfSetupSession() {
global $wgSessionsInMemcached, $wgCookiePath, $wgCookieDomain, $wgCookieSecure;
if( $wgSessionsInMemcached ) {
require_once( 'MemcachedSessions.php' );
}
# elseif( 'files' != ini_get( 'session.save_handler' ) ) {
# # If it's left on 'user' or another setting from another
# # application, it will end up failing. Try to recover.
# ini_set ( 'session.save_handler', 'files' );
# }
session_set_cookie_params( 0, $wgCookiePath, $wgCookieDomain, $wgCookieSecure);
session_cache_limiter( 'private, must-revalidate' );
@session_start();
}
Security
Because MediaWiki will store your database username and password in plaintext in the AFS installation directory (as almost all web applications do), make sure to protect this directory appropriately. This means at least making sure that system:anyuser does not have read permissions to this directory.
View http://www.stanford.edu/services/afs/intro/perms/index.html for more information on how to set up ACLs.
Gotchas
Note that signing out currently doesn't. As long as you are signed in with webauth, you'll be signed into the wiki.
Because the wiki is behind webauth, it will be served through HTTPS. This means that any image linked using HTTP will cause popup warnings in browsers like IE. These need to be moved locally or, if the server on which they are on allows it, served through HTTPS as well. The default logo is one such image, and the creative commons logo is another.
