Editing MediaWiki
From Bibliotheca Anonoma
Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.
The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then publish the changes below to finish undoing the edit.
Latest revision | Your text | ||
Line 4: | Line 4: | ||
* '''Caching Front Server''' - Varnish | * '''Caching Front Server''' - Varnish | ||
* '''Web Server''' - Nginx | * '''Web Server''' - Nginx | ||
* '''PHP Engine''' - | * '''PHP Engine''' - PHP FPM | ||
* '''Database''' - MariaDB | * '''Database''' - MariaDB | ||
* '''Cache''' - memcached | * '''Cache''' - memcached | ||
Line 20: | Line 19: | ||
* [[Varnish/MediaWiki|Varnish]] - This caching front server is used on Wikimedia sites to significantly reduce the amount of regeneration that dynamic pages need, while preventing outdated caches by having Mediawiki directly tell Varnish what needs to be regenerated. | * [[Varnish/MediaWiki|Varnish]] - This caching front server is used on Wikimedia sites to significantly reduce the amount of regeneration that dynamic pages need, while preventing outdated caches by having Mediawiki directly tell Varnish what needs to be regenerated. | ||
* [[Nginx/MediaWiki|Nginx]] - Nginx also serves as a backend to Varnish on port 127.0.0.1:8080 (internal only), and proxies a PHP-FPM UNIX socket. | * [[Nginx/MediaWiki|Nginx]] - Nginx also serves as a backend to Varnish on port 127.0.0.1:8080 (internal only), and proxies a PHP-FPM UNIX socket. | ||
* [[PHP/FPM/MediaWiki|PHP-FPM]] - Unlike Apache, Nginx isn't able to run PHP natively itself, so we use PHP-FPM here. It's actually a bit faster in general. | |||
* '''[[MediaWiki/Installation]]''' - How we install MediaWiki itself. | * '''[[MediaWiki/Installation]]''' - How we install MediaWiki itself. | ||
* [[PostgreSQL/MediaWiki|PostgreSQL]] - Used as our database for a number of reasons, from stability to compatibility with other apps to support for JSONB values. However, it is clearly not the most popular choice of database for Mediawiki, so we do make some workarounds to support this unique use case. Unfortunately, facts are that Mediawiki was made for MySQL/MariaDB first, so we decided to move over. | * [[PostgreSQL/MediaWiki|PostgreSQL]] - Used as our database for a number of reasons, from stability to compatibility with other apps to support for JSONB values. However, it is clearly not the most popular choice of database for Mediawiki, so we do make some workarounds to support this unique use case. Unfortunately, facts are that Mediawiki was made for MySQL/MariaDB first, so we decided to move over. | ||
* [[Memcached/MediaWiki|Memcached]] - An alternative to the default APCu PHP caching system, and is designed to significantly lighten the load of queries on the database. Also, the [[mediawikiwiki:Extension:OAuth|OAuth]] extension requires memcached. | |||
== Extensions == | == Extensions == | ||
Line 33: | Line 28: | ||
=== Infrastructure === | === Infrastructure === | ||
* [[ | * [[mediawikiwiki:Extension:AWS|Amazon AWS]] - The tools needed to support AWS S3 upload, if you are using it. If you use this you should probably bundle it with Amazon Cloudfront, their load balancing service. | ||
* [[ | * [[mediawikiwiki:Extension:MobileFrontend|MobileFrontend]] - A mobilefrontend just like the one on Wikipedia. Makes editing away from home much easier. | ||
* [[ | * [[mediawikiwiki:Extension:Scribunto|Scribunto]] - Provides Lua scripting for Turing-complete computation instead of using increasingly complex template scripting. | ||
=== Mods === | === Mods === | ||
Line 51: | Line 38: | ||
=== Spam === | === Spam === | ||
* [[ | * [[mediawikiwiki:Extension:SpamBlacklist#Whitelist|SpamBlacklist]] - Comes with Mediawiki by default, and we've enabled it. However, it blocks a lot of good 4chan sources (naturally), so we've set up a [[Mediawiki:Spam-whitelist|whitelist]] as well. | ||
=== Media === | === Media === | ||
* [[ | * [[mediawikiwiki:Extension:EmbedVideo|EmbedVideo]] - This embeds uploaded videos using the browser's own HTML5 <code><video></code> tag for embedding content (requires MP4 or webm). You can even embed from YouTube or NicoNico. | ||
<!-- | <!-- | ||
We looked into whether we could use these extensions, but we couldn't get them working on our configuration. | We looked into whether we could use these extensions, but we couldn't get them working on our configuration. | ||
* [[ | * [[mediawikiwiki:Extension:TimedMediaHandler|TimedMediaHandler]] - Used for embedding MP4/WebM and ogg audio: but not for mp3s. The same popular extension from Mediawiki. | ||
** <s>The SQL [https://www.mediawiki.org/wiki/Topic:Rlt45cl0khrl8o15 just needs modification to work with PostgreSQL.]</s> Unfortunately some more significant changes in the extension are needed from there, but we might as well avoid it in that case. | ** <s>The SQL [https://www.mediawiki.org/wiki/Topic:Rlt45cl0khrl8o15 just needs modification to work with PostgreSQL.]</s> Unfortunately some more significant changes in the extension are needed from there, but we might as well avoid it in that case. | ||
* [[ | * [[mediawikiwiki:Extension:HTML5video|HTML5Video]] - Very simple HTML5Video extension which embeds content such as MP3, MP4, or webm using JPlayer. | ||
** Downside is that it doesn't allow files to be uploaded normally through Mediawiki. Nope. | ** Downside is that it doesn't allow files to be uploaded normally through Mediawiki. Nope. | ||
--> | --> | ||
Line 70: | Line 55: | ||
=== Security === | === Security === | ||
* [[ | * [[mediawikiwiki:Extension:OATHAuth|OATHAuth]] - Uses TOTP one time codes along with your password for two factor authentication, in case one of them is compromised. You can run TOTP through Authy or Google Authenticator using any smartphone (or even dumbphone if it has Java applets). Well maintained since it is used by the Wikimedia Foundation for admin accounts. (not to be confused with OAUTH) | ||
** [https://gerrit.wikimedia.org/r/#/c/135618/ Wikimedia Gerrit: 135618] - [https://phabricator.wikimedia.org/T67658 Wikimedia Phabricator - T67658] - In the stable releases, OATHAuth only supports MySQL at the moment. However, Reedy has added PostgreSQL tables, so you need to grab the latest version straight from the git. | ** [https://gerrit.wikimedia.org/r/#/c/135618/ Wikimedia Gerrit: 135618] - [https://phabricator.wikimedia.org/T67658 Wikimedia Phabricator - T67658] - In the stable releases, OATHAuth only supports MySQL at the moment. However, Reedy has added PostgreSQL tables, so you need to grab the latest version straight from the git. | ||
** Then, go to the page [[Special:Two-factor_authentication]] to activate TOTP. You can use an app such as Authy, Google Authenticator, Authomator (BB10), or any other TOTP app: perhaps even the hardware OnlyKey. | ** Then, go to the page [[Special:Two-factor_authentication]] to activate TOTP. You can use an app such as Authy, Google Authenticator, Authomator (BB10), or any other TOTP app: perhaps even the hardware OnlyKey. | ||
* [[ | * [[mediawikiwiki:Extension:OAuth|OAuth]] - You can use an OAuth system so that you can use your own wiki accounts as a single login system (rather than many), just like you would link Google or Facebook accounts with OAuth. In particular, Mediawiki has the ability to activate two factor authentication with the extension above. Requires Memcached. | ||
** This extension implements OAuth 1.0, which requires cryptography enabled on both ends. OAuth 2.0 doesn't require this, but it has tradeoffs as a result (though it can be overcome by restoring cryptographic plugins). Thus, it's not a question of which is better, but which would work for you. [https://codiscope.com/oauth-2-0-vs-oauth-1-0/ More details here.] | ** This extension implements OAuth 1.0, which requires cryptography enabled on both ends. OAuth 2.0 doesn't require this, but it has tradeoffs as a result (though it can be overcome by restoring cryptographic plugins). Thus, it's not a question of which is better, but which would work for you. [https://codiscope.com/oauth-2-0-vs-oauth-1-0/ More details here.] | ||
** While the extension currently has SQLite support, it doesn't have PostgreSQL support yet. But it's a simple matter of translating the syntax into the correct format, [https://github.com/wikimedia/mediawiki-extensions-OAuth/blob/master/backend/schema/MWOAuthUpdater.hooks.php in this directory.] Simple, if not easy. It might be possible to use the [https://gist.github.com/vigneshwaranr/3454093 SQLite to PostgreSQL conversion script.] | ** While the extension currently has SQLite support, it doesn't have PostgreSQL support yet. But it's a simple matter of translating the syntax into the correct format, [https://github.com/wikimedia/mediawiki-extensions-OAuth/blob/master/backend/schema/MWOAuthUpdater.hooks.php in this directory.] Simple, if not easy. It might be possible to use the [https://gist.github.com/vigneshwaranr/3454093 SQLite to PostgreSQL conversion script.] | ||
Line 96: | Line 81: | ||
These XML dumps can then be imported through [[mediawikiwiki:Manual:Importing_XML_dumps|these procedures.]] | These XML dumps can then be imported through [[mediawikiwiki:Manual:Importing_XML_dumps|these procedures.]] | ||
=== Image Backup === | === Image Backup === | ||
Line 110: | Line 87: | ||
Use [[mediawikiwiki:Manual:ImportImages.php|ImportImages.php]] to dump them to a folder. Then 7zip them up into the Wikiteam format along with the XML. | Use [[mediawikiwiki:Manual:ImportImages.php|ImportImages.php]] to dump them to a folder. Then 7zip them up into the Wikiteam format along with the XML. | ||