2015年7月2日 星期四

自行架設 Wiki 引擎(一)補充:手動安裝 Foswiki(2016-06-01 修改)

因為要重新建置一個新的 Foswiki 系統,但直接使用之前的 Debian 安裝方法,裝出來的一直有點問題
因此這次就直接嘗試完全手動安裝了。


    1、環境準備
    這次使用的 Foswiki 環境,依然是 Ubuntu 12.04,不過就過程來說,使用 Ubuntu 14.04 應該也沒差
    差別大概只在於,依靠官方提供的工具產生 Apache 設定檔時,要依據安裝的 Apache 版本做調整而已。
    (Ubuntu 12.04 中,透過 apt-get 工具安裝的 Apache2,預設會是 Apache 2.2,但 Ubuntu 14.04 則是 Apache 2.4)

    1.1、安裝並設定 Apache2
    首先,最開始當然是要先安裝網頁伺服器
    因為 Foswiki 完全支援 Apache,而且還有產生器可以產生 Apache 專用的設定檔
    因此就直接選用 Apache 作為網頁伺服器了。
    apt-get install apache2
    上述指令安裝完 Apache2 後,需要確認一下目前安裝的版本,以 Ubuntu 12.04 來說,應該會安裝到 Apache 2.2。

    接著因為 Foswiki 會用到一個叫做 rewrite 的模組,所以要先啟用這個模組。
    在 Apache 2.2 中,模組的 include 指令已經被獨立放成一個一個的檔案,並且放在 mods-available 資料夾中
    因此只需要把模組的 include 檔案連結到 mods-enabled 資料夾即可。
    ln -s /etc/apache2/mods-available/rewrite.load /etc/apache2/mods-enabled

    1.2、安裝 Perl 執行環境
    Perl 執行環境需要準備的東西就比較多了。
    為了簡單,這裡使用 CPAN(Comprehensive Perl Archive Network)這個工具來安裝 Perl 的套件 [1],因此第一步自然是先安裝 CPAN 了。
    執行下面的安裝指令,除了安裝 CPAN 以外,還包含了一些 CPAN 會用到的其他東西,避免後續出現奇怪的錯誤。
    apt-get install libcgi-session-perl liblocal-lib-perl build-essential libssl-dev
    安裝完成以後,使用以下的指令進入 CPAN 的指令介面。
    perl -MCPAN -e shell
    在 CPAN 指令介面中,依序輸入以下的一大堆 install 指令,進行 Perl 套件的安裝與升級。
    install Bundle::CPAN
    reload cpan
    install Locale::Maketext
    install HTML::Entities
    install HTML::Parser
    install HTML::Tree
    install URI
    install LWP
    install version
    install Digest::SHA
    install Digest::SHA1
    install Archive::Tar
    install Archive::Zip
    install Error
    install JSON
    install File::Path
    install File::Copy::Recursive
    install Crypt::PasswdMD5
    install Text::Diff
    install File::Grep
    install Email::MIME
    install Authen::SASL
    install Net::SSLeay
    install IO::Socket::SSL
    install Locale::Maketext::Lexicon
    install Locale::Msgfmt
    exit
    以上安裝的套件中,第一個是在升級 CPAN,然後重新讀取 CPAN;
    第三到第七個是依據 Foswiki 官方安裝文件 [2] 中寫到的必備套件;
    第八個開始則是從安裝過程的錯誤、以及 Foswiki 設定介面上的提示或者官方安裝文件 [2] 的選擇安裝項目依序加入的。
    最後離開 CPAN 的指令介面。

    2、Foswiki 的 Apache 環境設定
    系統大環境準備好以後,就要開始準備讓 Foswiki 跑在 Apache 上需要的環境設定了。
    2.1、下載 Foswiki
    這裡我下載的版本是 Foswiki 1.2.0 Beta 2 [3](不過過兩天就要釋出 Foswiki 2.0 了.....Orz)。
    下載回來的檔案是 Foswiki-1.2.0_Beta_2.tgz,將它解壓縮後放置到 /opt/foswiki
    放置的位置是可以任意決定的,影響到的只是下個步驟在產生 Apache 設定檔時,要記得在產生器上填上正確的路徑。

    接著要變更所有人,用以下的指令把整個資料夾全改成 Apache 的使用者擁有。
    chown -R www-data:www-data /opt/foswiki
    然後變更權限的部分,我自己是偷懶全改成 770,但系統會暴露在網路上的話,建議要參考一下官方的文件 [4]
    (雖然說官方文件目前沒有 1.2.0 或者是 2.0 版的權限設定建議,我自己不太確定直接用 1.0.x 的權限會不會有什麼問題)
    chmod -R 770 /opt/foswiki

    2.2、產生 Apache 設定檔
    由於 Apache 的結構已經相當模組化了,因此 Foswiki 可以直接用官方提供的工具產生設定檔
    再把設定檔放到 Apache 放設定檔的資料夾就可以了。
    設定檔產生器的連結請參考 [5],雖然看起來有點長,但其實在沒有特殊需求的情況下,很多設定是可以不用做的。
    以下是我產生出來的設定檔。
    # For Foswiki version 1.2,  Apache 2.2
    
    # The Alias defines a url that points to the root of the Foswiki installation.
    # The first parameter will be part of the URL to your installation e.g.
    # http://my.co.uk/foswiki/bin/view/...
    # The second parameter must point to the physical path on your disc.
    
    ScriptAlias /foswiki/bin "/opt/foswiki/bin"
    
    # The following Alias is used to access files in the pub directory (attachments etc)
    # It must come _after_ the ScriptAlias.
    # If short URLs are enabled, and any other local directories or files need to be accessed directly, they
    # must also be specified in an Alias statement, and must not conflict with a web name.
    
    Alias /foswiki/pub "/opt/foswiki/pub"
    Alias /foswiki/robots.txt "/opt/foswiki/robots.txt"
    
    #  Rewriting is required for Short URLs, and Attachment redirecting to viewfile
    RewriteEngine    on
    #RewriteLog "/var/log/apache/rewrite.log"
    #RewriteLogLevel 0
    
    # short urls
    Alias /foswiki "/opt/foswiki/bin/view"
    RewriteRule ^/+foswiki/+bin/+view/+(.*) /foswiki/$1 [L,NE,R]
    RewriteRule ^/+foswiki/+bin/+view$ /foswiki/ [L,NE,R]
    
    # Block access to typical spam related attachments
    # Except the Foswiki directory which is read only and does have attached html files.
    SetEnvIf Request_URI "/foswiki/pub/.*\.[hH][tT][mM][lL]?$" blockAccess
    SetEnvIf Request_URI "/foswiki/pub/System/.*\.[hH][tT][mM][lL]?$" !blockAccess
    
    # This enables access to the documents in the Foswiki root directory
    
    <Directory "/opt/foswiki">
        Order Allow,Deny
        Allow from all
        Deny from env=blockAccess
    </Directory>
    
    # This specifies the options on the Foswiki scripts directory. The ExecCGI
    # and SetHandler tell apache that it contains scripts. "Allow from all"
    # lets any IP address access this URL.
    # Note:  If you use SELinux, you also have to "Allow httpd cgi support" in your SELinux policies
    
    <Directory "/opt/foswiki/bin">
        AllowOverride None
    
        Order Allow,Deny
        Allow from all
        Deny from env=blockAccess
    
        Options +ExecCGI  -FollowSymLinks
        SetHandler cgi-script
    
        # Password file for Foswiki users
        AuthUserFile "/opt/foswiki/data/.htpasswd"
        AuthName 'Enter your WikiName: (First name and last name, no space, no dots, capitalized, e.g. JohnSmith). Cancel to register if you do not have one.'
        AuthType Basic
    
    </Directory>
    
    # This sets the options on the pub directory, which contains attachments and
    # other files like CSS stylesheets and icons. AllowOverride None stops a
    # user installing a .htaccess file that overrides these options.
    # Note that files in pub are *not* protected by Foswiki Access Controls,
    # so if you want to control access to files attached to topics you need to
    # block access to the specific directories same way as the ApacheConfigGenerator
    # blocks access to the pub directory of the Trash web
    <Directory "/opt/foswiki/pub">
        Options None
        Options -FollowSymLinks
        AllowOverride None
    
        Order Allow,Deny
        Allow from all
        Deny from env=blockAccess
        ErrorDocument 404 /foswiki/bin/viewfile
    
       # This line will redefine the mime type for the most common types of scripts
        AddType text/plain .shtml .php .php3 .phtml .phtm .pl .py .cgi
       #
       # add an Expires header that is sufficiently in the future that the browser does not even ask if its uptodate
       # reducing the load on the server significantly
       # IF you can, you should enable this - it _will_ improve your Foswiki experience, even if you set it to under one day.
       # you may need to enable expires_module in your main apache config
       #LoadModule expires_module libexec/httpd/mod_expires.so
       #AddModule mod_expires.c
       #<ifmodule mod_expires.c>
       #  <filesmatch "\.(jpe?g|gif|png|css(\.gz)?|js(\.gz)?|ico)$">
       #       ExpiresActive on
       #       ExpiresDefault "access plus 11 days"
       #   </filesmatch>
       #</ifmodule>
       #
       # Serve pre-compressed versions of .js and .css files, if they exist
       # Some browsers do not handle this correctly, which is why it is disabled by default
       # <FilesMatch "\.(js|css)$">
       #         RewriteEngine on
       #         RewriteCond %{HTTP:Accept-encoding} gzip
       #         RewriteCond %{REQUEST_FILENAME}.gz -f
       #         RewriteRule ^(.*)$ %{REQUEST_URI}.gz [L,QSA]
       # </FilesMatch>
       # <FilesMatch "\.(js|css)\?.*$">
       #         RewriteEngine on
       #         RewriteCond %{HTTP:Accept-encoding} gzip
       #         RewriteCond %{REQUEST_FILENAME}.gz -f
       #         RewriteRule ^([^?]*)\?(.*)$ $1.gz?$2 [L]
       # </FilesMatch>
       # <FilesMatch "\.js\.gz(\?.*)?$">
       #         AddEncoding x-gzip .gz
       #         AddType application/x-javascript .gz
       # </FilesMatch>
       # <FilesMatch "\.css\.gz(\?.*)?$">
       #         AddEncoding x-gzip .gz
       #         AddType text/css .gz
       # </FilesMatch>
    
    </Directory>
    
    # Spammers are known to attach their stuff and then move it to trash where it remains unnoticed.
    # We prevent viewing any attachments directly from pub
    <Directory "/opt/foswiki/pub/Trash">
        deny from all
    </Directory>
    
    # Security note: All other directories should be set so
    # that they are *not* visible as URLs, so we set them as =deny from all=.
    <Directory "/opt/foswiki/data">
        deny from all
    </Directory>
    
    <Directory "/opt/foswiki/templates">
        deny from all
    </Directory>
    
    <Directory "/opt/foswiki/lib">
        deny from all
    </Directory>
    
    <Directory "/opt/foswiki/locale">
        deny from all
    </Directory>
    
    <Directory "/opt/foswiki/tools">
        deny from all
    </Directory>
    
    <Directory "/opt/foswiki/working">
        deny from all
    </Directory>
    
    # We set an environment variable called blockAccess.
    #
    # Setting a BrowserMatchNoCase to ^$ is important. It prevents Foswiki from
    # including its own topics as URLs and also prevents other Foswikis from
    # doing the same. This is important to prevent the most obvious
    # Denial of Service attacks.
    #
    # You can expand this by adding more BrowserMatchNoCase statements to
    # block evil browser agents trying to crawl your Foswiki
    #
    # Example:
    # BrowserMatchNoCase ^SiteSucker blockAccess
    # BrowserMatchNoCase ^$ blockAccess
    
    BrowserMatchNoCase ^Accoona blockAccess
    BrowserMatchNoCase ^ActiveAgent blockAccess
    BrowserMatchNoCase ^Attache blockAccess
    BrowserMatchNoCase BecomeBot blockAccess
    BrowserMatchNoCase ^bot blockAccess
    BrowserMatchNoCase Charlotte/ blockAccess
    BrowserMatchNoCase ^ConveraCrawler blockAccess
    BrowserMatchNoCase ^CrownPeak-HttpAgent blockAccess
    BrowserMatchNoCase ^EmailCollector blockAccess
    BrowserMatchNoCase ^EmailSiphon blockAccess
    BrowserMatchNoCase ^e-SocietyRobot blockAccess
    BrowserMatchNoCase ^Exabot blockAccess
    BrowserMatchNoCase ^FAST blockAccess
    BrowserMatchNoCase ^FDM blockAccess
    BrowserMatchNoCase ^GetRight/6.0a blockAccess
    BrowserMatchNoCase ^GetWebPics blockAccess
    BrowserMatchNoCase ^Gigabot blockAccess
    BrowserMatchNoCase ^gonzo1 blockAccess
    BrowserMatchNoCase ^Google\sSpider blockAccess
    BrowserMatchNoCase ^ichiro blockAccess
    BrowserMatchNoCase ^ie_crawler blockAccess
    BrowserMatchNoCase ^iGetter blockAccess
    BrowserMatchNoCase ^IRLbot blockAccess
    BrowserMatchNoCase Jakarta blockAccess
    BrowserMatchNoCase ^Java blockAccess
    BrowserMatchNoCase ^KrakSpider blockAccess
    BrowserMatchNoCase ^larbin blockAccess
    BrowserMatchNoCase ^LeechGet blockAccess
    BrowserMatchNoCase ^LinkWalker blockAccess
    BrowserMatchNoCase ^Lsearch blockAccess
    BrowserMatchNoCase ^Microsoft blockAccess
    BrowserMatchNoCase MJ12bot blockAccess
    BrowserMatchNoCase MSIECrawler blockAccess
    BrowserMatchNoCase ^MSRBOT blockAccess
    BrowserMatchNoCase ^noxtrumbot blockAccess
    BrowserMatchNoCase ^NutchCVS blockAccess
    BrowserMatchNoCase ^RealDownload blockAccess
    BrowserMatchNoCase ^Rome blockAccess
    BrowserMatchNoCase ^Roverbot blockAccess
    BrowserMatchNoCase ^schibstedsokbot blockAccess
    BrowserMatchNoCase ^Seekbot blockAccess
    BrowserMatchNoCase ^SiteSnagger blockAccess
    BrowserMatchNoCase ^SiteSucker blockAccess
    BrowserMatchNoCase ^Snapbot blockAccess
    BrowserMatchNoCase ^sogou blockAccess
    BrowserMatchNoCase ^SpiderKU blockAccess
    BrowserMatchNoCase ^SpiderMan blockAccess
    BrowserMatchNoCase ^Squid blockAccess
    BrowserMatchNoCase ^Teleport blockAccess
    BrowserMatchNoCase ^User-Agent\: blockAccess
    BrowserMatchNoCase VoilaBot blockAccess
    BrowserMatchNoCase ^voyager blockAccess
    BrowserMatchNoCase ^w3search blockAccess
    BrowserMatchNoCase ^Web\sDownloader blockAccess
    BrowserMatchNoCase ^WebCopier blockAccess
    BrowserMatchNoCase ^WebDevil blockAccess
    BrowserMatchNoCase ^WebSec blockAccess
    BrowserMatchNoCase ^WebVac blockAccess
    BrowserMatchNoCase ^Webwhacker blockAccess
    BrowserMatchNoCase ^Webzip blockAccess
    BrowserMatchNoCase ^Wells blockAccess
    BrowserMatchNoCase ^WhoWhere blockAccess
    BrowserMatchNoCase www\.netforex\.org blockAccess
    BrowserMatchNoCase ^WX_mail blockAccess
    BrowserMatchNoCase ^yacybot blockAccess
    BrowserMatchNoCase ^ZIBB blockAccess
    
    # Setting the NO_FOSWIKI_SESSION environment variable prevents a
    # session being created for the Google Search Appliance bot. This
    # is useful if you have the Google Search Appliance installed on
    # your intranet, as they can be very aggressive when indexing, creating
    # a lot of session files and slowing Foswiki down.
    # You can also set this environment variable for public sites, to
    # prevent Google and other search engines' bots. However, these tend
    # to index your site a lot less often than the Google Search Appliance.
    # *Works on Foswiki 1.1 and later only*
    BrowserMatch "^gsa-crawler" NO_FOSWIKI_SESSION
    
    BrowserMatchNoCase ^$ blockAccess
    設定檔產生出來以後,直接寫到 /etc/apache2/conf.d/foswiki.conf,然後重新啟動 Apache 即可。
    service apache2 restart

    3、設定 Foswiki
    前兩個步驟做完,其實 Foswiki 環境就已經建好了,可以從 http://hostname/foswiki/bin/configure 進入設定介面。
    從官方文件 [2] 的描述來看,這時會自動給予暫時的管理權限,並且一開始只能做 General Settings 的部份
    把基本設定(主要是 Default Url Host 這個參數)設完,就可以再做其他分類的設定。
    剛開始的設定中,一定要做的是 Security and Authentication > Passwords > Internal Admin Password 設定
    把 admin 帳號的密碼設好以後,以後要使用 admin 功能,就可以用 admin 登入了。
    另外 Mail 分類也建議一定要設定,否則註冊功能會有問題。

    PS. 郵件伺服器如果要使用 Gmail 的話,有一點小撇步需要了解,預計我會寫在「自行架設 Wiki 引擎(三):Foswiki 基本設定」這篇文章中。

    4、Trouble Shooting
    • 2016-03-23 因為上面使用了 CPAN,發現如果要在 VM 內部屬的話,相同環境下記憶體必須超過 512MB,否則 CPAN 的各種安裝會無法完成。
    • 2016-06-01 Foswiki 預設網址需要打像是 http://hostname/foswiki 才能進入首頁,如果想要直接打 http://hostname/ 就直接進入首頁的話,可以在上述設定檔的 24 行下面再加一行:
      Alias /foswiki "/opt/foswiki/bin/view"
      Alias / "/opt/foswiki/bin/view"


    參考資料:
    1. Install Perl Module from CPAN
    2. Foswiki - Installation Guide
    3. Foswiki - Foswiki Release 1.2.0 Beta2
    4. Foswiki - Setting File Access Rights on Linux and Unix
    5. Foswiki - Apache Config Generator

    沒有留言:

    張貼留言