Status

2018-05-18

Marcin set a tentative date of the migration to Tuesday 2018-05-22 pending the completion of validation of the staging site.

Purpose

This change does the following for our wiki

1. entirely migrate the wiki site from hetzner1 (shared hosting) to hetzner2 (dedicated hosting)
2. changes the domain from 'http://opensourceecology.org/wiki/' to 'https://wiki.opensourceecology.org/'
3. update core mediawiki from v1.24.2 (released 2014-09-19) to v1.30.0 (released 2017-12-12)
4. installs many of the extensions using `git clone ...`, making it easier to update in the future
5. updates the vhost config to block access to git files, and more generally: ".*\.(svn|git|hg|bzr|cvs|ht)/.*"
6. update extension 'Confirm User Accounts' to 4fe25f7
7. update extension 'Confrim Edit' from 1.3 to 1.5.0
8. update extension 'Interwiki' from 3.0 20140719 to 3.1 20160307
9. update extension 'Nuke' from 1.2.0 to 1.3.0
10. update extension 'Replace Text' from 1.0 to 1.2 (4426752)
11. update extension 'User Merge' from 1.9.0 to 1.10.1 (4546537)
12. update extension 'Widgets' from 0.8.10 to 1.3.0 (fce5acc)
13. update extension 'CategoryTree' to (850c018)
14. removed extension 'Flattr'
15. removed extension 'Google Co-op Extension'
16. removed extension 'IpbWiki Paypal'
17. removed extension 'JSWikiGantt'
18. removed extension 'RSS Reader'
19. removed extension 'TreeAndMenu'
20. removed extension 'ProxyConnect'
21. added new extension 'OATHAuth' version 0.2.2 (bed2e4b)
22. updates the vhost config to block all access to ".*wp-login.php"
23. enable https via nginx
24. enable cache via varnish
25. moves LocalSettings.php outside the docroot, replaces the existing LocalSettings.php with a simple file that does a php include of the LocalSettings.php file outside the docroot.
26. moves the ose logo into the uploads directory
27. does a sed text replacement within the db data for all http strings to use https instead for 'https://www.youtube.com/embed/', 'https://static.issuu.com/webembed/', 'https://scrumy.com/', 'https://embed.ted.com/', & 'https://player.vimeo.com/'
28. reduces the privileges of the wiki user on the db to only SELECT, INSERT, UPDATE, & DELETE
29. adds an additional "superuser" db user with all permissions on the db for maintenance scripts (creds stored in keepass, not on the server)
30. hardens the file permissions
31. prevents the web server from executing php files in the uploads directory
32. changes LocalSettings.php to ban IE6
33. changes LocalSettings.php to make the max upload size 1M. It warns > 500k.
34. changes LocalSettings.php to disable use of imagemagick as we don't let php exec()
35. changes LocalSettings.php to require all users to have >=10 character passwords and not be a common password or match their username
36. changes LocalSettings.php to require all sysop users to have >=20 character passwords
37. changes LocalSettings.php to use varnish
38. changes LocalSettings.php to not enable error/warning messages sent to user
39. changes LocalSettings.php to write debugging logs to 'wiki-error.log' outside the docroot
40. changes LocalSettings.php to use "MiserMode" to decrease db-heavy operations
41. changes the caching settings of mediawiki to use APCU (via CACHE_ACCEL) for the MainCache & MessageCache. Else it uses the db, and therefore every load includes a cpPosTime cookie, which causes varnish to hit-for-pass on every page.
42. changes the caching settings of mediawiki to use the DB for ParserCache
43. changes the caching settings of mediawiki enable the SidebarCache
44. changes the caching settings of mediawiki cache interface messages to files on disk outside the docroot ($IP/../cache/)

Points of Contact

Change being performed by: Michael Altfield

Service owners: Catarina Mota & Marcin Jakubowski

Apply to Production

TODO