Jump to navigation Jump to search

NOTE: As of 2020, with MediaWiki 1.35.0, none of this seems to be necessary as MediaWiki works out of the box with HTTPS and the Visual Editor / Parsoid...

Encrypting a MediaWiki Site on a CentOS 7 Server with Shorewall

First get an SSL Certificate and test on a static file such as php.php

Second HTTPD stuff

Create the settings in /etc/httpd/conf.d/ssl.conf Create the redirect in /etc/httpd/conf/httpd.conf

Third LocalSettings.php

    1. The protocol and server name to use in fully-qualified URLs
    2. Above statement isn't fully true as according to documentation, after version 1.18, is supports http and https in the below manner'

$wgServer = "//";

And that's it for SSL as far as accessing it. Parsoid, STUNNEL, and Firewall stuff still need to be done...

/opt/parsoid or whatever directory is matched to a MediaWIKI site, change the following

uri: 'https://WhatEverDomainName/api.php' domain: localhost strictSSL: false

serverPort: Modify as needed for additional sites

...then back to the LocalSettings.php file

'url' => 'https://WhatEverDomainName:PortNumber',

NOTE: The Port Number for HTTP and HTTP will be different as the HTTP accesses Parsoid directly, but HTTPS relies on STUNNEL


[WhatEverName] accept = connect = (needs to match the port in the config.yaml file) cert = /etc/httpd/ssl/certs/COMBO.WhatEverCertName.crt key = /etc/httpd/ssl/private/WhatEverKeyName.key CAfile = /etc/httpd/ssl/certs/cacert.pem (this is a list of files downloaded from Mozilla)

COMBO Note: STUNNEL requires the server certificate and intermediate certificate be located in the same file (server certificate first, then intermediate certificate, of which there could be more than one)



Open up appropriate ports (and remember if there are multiple WANs configured, open multiple ports)

And don't forget to restart services;

httpd stunnel parsoid (all instances for different web sites) (and also make a new instance of the parsoid service if multiple wikis are installed)