MediaWIKI HTTP to HTTPS
NOTE: As of 2020, with MediaWiki 1.35.0, none of this seems to be necessary as MediaWiki works out of the box with HTTPS and the Visual Editor / Parsoid...
Encrypting a MediaWiki Site on a CentOS 7 Server with Shorewall
First get an SSL Certificate and test on a static file such as php.php
Second HTTPD stuff
Create the settings in /etc/httpd/conf.d/ssl.conf Create the redirect in /etc/httpd/conf/httpd.conf
Third LocalSettings.php
- The protocol and server name to use in fully-qualified URLs
- Above statement isn't fully true as according to documentation, after version 1.18, is supports http and https in the below manner'
$wgServer = "//wiki.riseofthesaltonsea.com";
And that's it for SSL as far as accessing it. Parsoid, STUNNEL, and Firewall stuff still need to be done...
/opt/parsoid or whatever directory is matched to a MediaWIKI site, change the following
uri: 'https://WhatEverDomainName/api.php' domain: localhost strictSSL: false
serverPort: Modify as needed for additional sites
...then back to the LocalSettings.php file
'url' => 'https://WhatEverDomainName:PortNumber',
NOTE: The Port Number for HTTP and HTTP will be different as the HTTP accesses Parsoid directly, but HTTPS relies on STUNNEL
STUNNEL
[WhatEverName] accept = 0.0.0.0:WhatEverPort connect = wiki.terrabase.info:WhatEverPort (needs to match the port in the config.yaml file) cert = /etc/httpd/ssl/certs/COMBO.WhatEverCertName.crt key = /etc/httpd/ssl/private/WhatEverKeyName.key CAfile = /etc/httpd/ssl/certs/cacert.pem (this is a list of files downloaded from Mozilla)
COMBO Note: STUNNEL requires the server certificate and intermediate certificate be located in the same file (server certificate first, then intermediate certificate, of which there could be more than one)
Firewall
/etc/shorewall/rules
Open up appropriate ports (and remember if there are multiple WANs configured, open multiple ports)
And don't forget to restart services;
httpd stunnel parsoid (all instances for different web sites) (and also make a new instance of the parsoid service if multiple wikis are installed)