MediaWIKI HTTP to HTTPS

Wiki.TerraBase.info
Jump to navigation Jump to search

Encrypting a MediaWiki Site on a CentOS 7 Server with Shorewall

First get an SSL Certificate and test on a static file such as php.php

Second HTTPD stuff

Create the settings in /etc/httpd/conf.d/ssl.conf Create the redirect in /etc/httpd/conf/httpd.conf

Third LocalSettings.php

    1. The protocol and server name to use in fully-qualified URLs
    2. Above statement isn't fully true as according to documentation, after version 1.18, is supports http and https in the below manner'

$wgServer = "//wiki.riseofthesaltonsea.com";


And that's it for SSL as far as accessing it. Parsoid, STUNNEL, and Firewall stuff still need to be done...

/opt/parsoid or whatever directory is matched to a MediaWIKI site, change the following

uri: 'https://WhatEverDomainName/api.php' domain: localhost strictSSL: false

serverPort: Modify as needed for additional sites

...then back to the LocalSettings.php file

'url' => 'https://WhatEverDomainName:PortNumber',

NOTE: The Port Number for HTTP and HTTP will be different as the HTTP accesses Parsoid directly, but HTTPS relies on STUNNEL


STUNNEL

[WhatEverName] accept = 0.0.0.0:WhatEverPort connect = wiki.terrabase.info:WhatEverPort (needs to match the port in the config.yaml file) cert = /etc/httpd/ssl/certs/COMBO.WhatEverCertName.crt key = /etc/httpd/ssl/private/WhatEverKeyName.key CAfile = /etc/httpd/ssl/certs/cacert.pem (this is a list of files downloaded from Mozilla)

COMBO Note: STUNNEL requires the server certificate and intermediate certificate be located in the same file (server certificate first, then intermediate certificate, of which there could be more than one)


Firewall

/etc/shorewall/rules

Open up appropriate ports (and remember if there are multiple WANs configured, open multiple ports)


And don't forget to restart services;

httpd stunnel parsoid (all instances for different web sites) (and also make a new instance of the parsoid service if multiple wikis are installed)