MediaWIKI HTTP to HTTPS

Wiki.TerraBase.info
Revision as of 15:37, 28 October 2020 by Root (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

NOTE: As of 2020, with MediaWiki 1.35.0, none of this seems to be necessary as MediaWiki works out of the box with HTTPS and the Visual Editor / Parsoid...

Encrypting a MediaWiki Site on a CentOS 7 Server with Shorewall

First get an SSL Certificate and test on a static file such as php.php

Second HTTPD stuff

Create the settings in /etc/httpd/conf.d/ssl.conf Create the redirect in /etc/httpd/conf/httpd.conf

Third LocalSettings.php

    1. The protocol and server name to use in fully-qualified URLs
    2. Above statement isn't fully true as according to documentation, after version 1.18, is supports http and https in the below manner'

$wgServer = "//wiki.riseofthesaltonsea.com";


And that's it for SSL as far as accessing it. Parsoid, STUNNEL, and Firewall stuff still need to be done...

/opt/parsoid or whatever directory is matched to a MediaWIKI site, change the following

uri: 'https://WhatEverDomainName/api.php' domain: localhost strictSSL: false

serverPort: Modify as needed for additional sites

...then back to the LocalSettings.php file

'url' => 'https://WhatEverDomainName:PortNumber',

NOTE: The Port Number for HTTP and HTTP will be different as the HTTP accesses Parsoid directly, but HTTPS relies on STUNNEL


STUNNEL

[WhatEverName] accept = 0.0.0.0:WhatEverPort connect = wiki.terrabase.info:WhatEverPort (needs to match the port in the config.yaml file) cert = /etc/httpd/ssl/certs/COMBO.WhatEverCertName.crt key = /etc/httpd/ssl/private/WhatEverKeyName.key CAfile = /etc/httpd/ssl/certs/cacert.pem (this is a list of files downloaded from Mozilla)

COMBO Note: STUNNEL requires the server certificate and intermediate certificate be located in the same file (server certificate first, then intermediate certificate, of which there could be more than one)


Firewall

/etc/shorewall/rules

Open up appropriate ports (and remember if there are multiple WANs configured, open multiple ports)


And don't forget to restart services;

httpd stunnel parsoid (all instances for different web sites) (and also make a new instance of the parsoid service if multiple wikis are installed)

Retrieved from "https://wiki.terrabase.info/index.php?title=MediaWIKI_HTTP_to_HTTPS&oldid=1172"