Biz & IT —

Web Served 7: Wiki wiki wiki!

Setting up MediaWiki for your own Wikipedia.

Web Served 7: Wiki wiki wiki!
WikiMedia Commons

This series is proving a lot more popular than I'd figured. Who would have thought so many people enjoy noodling around with Web servers? By popular demand, "Web Served" now enters the bonus round with two things I didn't think I was going to be able to get to: MediaWiki in this piece, and Etherpad Lite in the next.

Wikipedia is a staple of the World Wide Web, used by millions of folks every single day. From casual readers checking a quick fact to journalists who need to verify esoteric details of a story to students too lazy to go to the library and consult more reliable primary sources, it's the go-to crowdsourced information site on the Internet.

Wikipedia is powered by a PHP-based application called MediaWiki. The concept of a "wiki" is simple: MediaWiki provides a framework where anyone can create pages, which can be edited by anyone else. The usage isn't limited to an encyclopedia—MediaWiki can power any kind of collaborative environment. Want to set up something for a working team to quickly throw ideas against the wall? MediaWiki can do that. Want to set up a photo library or other document repository? MediaWiki can do that. Want to make your own documentation library, complete with version tracking? MediaWiki can do that.

It is by no means the only game in town—there are lots of different wiki applications, including DokuWiki (which I used for a while and very much like) and Foswiki—in fact, there's an excellent wiki comparison page here (though the fact that I'm linking a Wikipedia page should tell you something about what the dominant application is). DokuWiki is particularly nice, because it can be skinned to look very much like Wikipedia and it doesn't require a database, storing all of its pages as flat files.

However, MediaWiki is the big dog, and if you want to set up a wiki, it's the one you'll most likely want to go with.

Thoughts on security

Just a small sampling of the spam accounts a wiki can collect.
Enlarge / Just a small sampling of the spam accounts a wiki can collect.
Lee Hutchinson

The very concept of a wiki is at odds with a lot of the normal ideas of security. In its purest form, a wiki should encourage even anonymous collaboration and shouldn't restrict the creation of accounts and the addition or modification of content by anyone. This can be seen with Wikipedia, where anyone really can edit anything (within certain limits and rules imposed by the gatekeeping editors). However, controlling spam accounts is difficult. I run a wiki for documenting the cool stuff folks have made on my Minecraft server, and spam account creation is an unstoppable force.

Fortunately, MediaWiki has role-based security model, so you can require accounts to be added to a security group before they are allowed to post. This adds administrative overhead—as in, it gives you the administrator more stuff to do—but for a personal wiki it's not at all a problem.

MediaWiki's popularity also makes it a pretty big attack target, and a large number of the vulnerabilities MediaWiki sites get hit with come from unmaintained plug-ins. As with WordPress, you should only install a MediaWiki plug-in if you are absolutely sure you need it, and you should keep your plug-ins up to date to avoid vulnerabilities.

Prerequisites

MediaWiki works with a number of different databases, and since we've already got MySQL installed, we'll use that. You'll need to create a new user and database for MediaWiki to use. By now, you should be familiar with how to do this—if not, check part 5 or part 6 for the details. Creating a new database and user for each Web application is a good idea because it limits the amount of damage that can be done if the Web application is compromised—it helps keep an attacker's access limited only to the database controlled by the compromised application.

Creating a new database isn't always an option if you're using a Web hosting service—some give you only a single database to use among all your applications. Since we're self-hosting, we have no such restrictions.

After you've created a MediaWiki database and user—which for this tutorial I'll assume are both named "wikidb"—you'll need to install a collection of utilities called ImageMagick, if it's not already installed. MediaWiki (and other Web applications you might want to install in the future) use ImageMagick's various utilities to modify the pictures you upload—most obviously, ImageMagick is used to resize images to provide thumbnails. Launch a root shell and install the ImageMagick package with aptitude:

aptitude install imagemagick

Installing MediaWiki

MediaWiki is available as a package you can install with aptitude, but the problem with installing an application like MediaWiki from the official curated sources is that it can take time—sometimes weeks or longer—for the official sources to be updated with new versions. Plus, those updates, when they come, are typically only done in response to security issues, not new features.

MediaWiki is a popular enough attack target that we want to make sure we always have the most current stable version installed, and to do that we need to install and maintain the application directly from the MediaWiki Foundation. It's possible to use Git (which we installed in part 6) to clone different MediaWiki releases to your server, but we're going to go for the regular old-fashioned tarball download.

The download link for MediaWiki.
Enlarge / The download link for MediaWiki.
Lee Hutchinson

Head to the MediaWiki download page in a browser and copy the target of the big prominent "download" link to your clipboard. This link will always point to the latest stable release of MediaWiki. As of this writing, that's version 1.20.2.

With that link on your clipboard, return to your terminal window and change to your Web root directory and download the release using wget. After it's downloaded, decompress it with the tar command. This will create a destination directory for MediaWiki; as with previous web apps, we'll need to modify that directory's ownership to your local Nginx user. We're also going to rename the directory (with the mv command) so that its name is a little easier to remember, and then finally we'll delete the source archive file to keep our Web root directory clean.

cd /usr/share/nginx/html
wget http://download.wikimedia.org/mediawiki/1.20/mediawiki-1.20.2.tar.gz
tar xvzf mediawiki-1.20.2.tar.gz
mv mediawiki-1.20.2 wiki
chown -R www-data:www-data wiki
rm mediawiki-1.20.2.tar.gz

Everything is now in place to add the Nginx configuration. We'll come back to MediaWiki after we've got our Web server set correctly.

Channel Ars Technica