CHG-2018-05-22 migrate wiki to hetzner2
Jump to navigation
Jump to search
Status
2018-05-18
Marcin set a tentative date of the migration to Tuesday 2018-05-22 pending the completion of validation of the staging site.
Purpose
This change does the following for our wiki
- entirely migrate the wiki site from hetzner1 (shared hosting) to hetzner2 (dedicated hosting)
- changes the domain from 'http://opensourceecology.org/wiki/' to 'https://wiki.opensourceecology.org/'
- update core mediawiki from v1.24.2 (released 2014-09-19) to v1.30.0 (released 2017-12-12)
- installs many of the extensions using `git clone ...`, making it easier to update in the future
- updates the vhost config to block all access to ".*wp-login.php"
- updates the vhost config to block access to git files, and more generally: ".*\.(svn|git|hg|bzr|cvs|ht)/.*"
- enable https via nginx
- enable cache via varnish
- disable cache & ddos protection on cloudflare
- update extension 'Confirm User Accounts' to 4fe25f7
- update extension 'Confrim Edit' from 1.3 to 1.5.0
- update extension 'Interwiki' from 3.0 20140719 to 3.1 20160307
- update extension 'Nuke' from 1.2.0 to 1.3.0
- update extension 'Replace Text' from 1.0 to 1.2 (4426752)
- update extension 'User Merge' from 1.9.0 to 1.10.1 (4546537)
- update extension 'Widgets' from 0.8.10 to 1.3.0 (fce5acc)
- update extension 'CategoryTree' to (850c018)
- removed extension 'Flattr'
- removed extension 'Google Co-op Extension'
- removed extension 'IpbWiki Paypal'
- removed extension 'JSWikiGantt'
- removed extension 'RSS Reader'
- removed extension 'TreeAndMenu'
- removed extension 'ProxyConnect'
- added new extension 'OATHAuth' version 0.2.2 (bed2e4b)
- moves LocalSettings.php outside the docroot, replaces the existing LocalSettings.php with a simple file that does a php include of the LocalSettings.php file outside the docroot.
- moves the ose logo into the uploads directory
- does a sed text replacement within the db data for all http strings to use https instead for 'https://www.youtube.com/embed/', 'https://static.issuu.com/webembed/', 'https://scrumy.com/', 'https://embed.ted.com/', & 'https://player.vimeo.com/'
- reduces the privileges of the wiki user on the db to only SELECT, INSERT, UPDATE, & DELETE
- adds an additional "superuser" db user with all permissions on the db for maintenance scripts (creds stored in keepass, not on the server)
- hardens the file permissions
- prevents the web server from executing php files in the uploads directory
- changes LocalSettings.php to ban IE6
- changes LocalSettings.php to make the max upload size 1M. It warns > 500k.
- changes LocalSettings.php to disable use of imagemagick as we don't let php exec()
- changes LocalSettings.php to require all users to have >=10 character passwords and not be a common password or match their username
- changes LocalSettings.php to require all sysop users to have >=20 character passwords
- changes LocalSettings.php to use varnish
- changes LocalSettings.php to not enable error/warning messages sent to user
- changes LocalSettings.php to write debugging logs to 'wiki-error.log' outside the docroot
- changes LocalSettings.php to use "MiserMode" to decrease db-heavy operations
- changes the caching settings of mediawiki to use APCU (via CACHE_ACCEL) for the MainCache & MessageCache. Else it uses the db, and therefore every load includes a cpPosTime cookie, which causes varnish to hit-for-pass on every page.
- changes the caching settings of mediawiki to use the DB for ParserCache
- changes the caching settings of mediawiki enable the SidebarCache
- changes the caching settings of mediawiki cache interface messages to files on disk outside the docroot ($IP/../cache/)
Points of Contact
Change being performed by: Michael Altfield
Service owners: Catarina Mota & Marcin Jakubowski
Apply to Production
TODO