Setup DokuWiki on Ubuntu Server

Introduction

I recently moved and am working on setting up some infrastructure at the new house. Part of my “master plan” is to have a repository where I can store configuration data about my devices. Right now, I’m using this site (in the form of tutorials) and random text files, both of which have become difficult to manage. I’m going to create a personal wiki using DokuWiki to store my data. I also considered MediaWiki (what Wikipedia uses), but thought it would be overkill for what I needed.

Install OS

I’m using Ubuntu Server because of my familiarity with it, and its long-term support cycle. You could also use CentOS if you’re more comfortable with RHEL or Fedora. Since this wiki is only going to be available on my home network, I’m installing it in VirtualBox for now, but am thinking about moving it to a Raspberry Pi 2 Model B in the future.

Install Ubuntu Server as needed. During the installation, I encrypted the entire virtual disk. This way, when the VM is powered off, the wiki is secure.

Setup SSH access (optional)

Even though this box is a virtual machine, I prefer to manage it over SSH. I’m going to setup SSH keys on my host, set the VM to use a bridge network (so it gets a unique IP from the router, not from my host), and SSH into the VM. If you’d like, you can follow my tutorial here for setting up SSH keys and securing SSH.

Install and setup packages

Install updates

For security purposes, you should install any updates right away.

sudo apt-get update && sudo apt-get upgrade

To update the kernel, use the command below.

sudo apt-get update && sudo apt-get dist-upgrade

Install packages

DokuWiki has pretty relaxed requirements. All we really need is a webserver and PHP. I’m using the stable branch of Nginx, as the version that Ubuntu uses by default is outdated. If you’re curios why I love Nginx so much, see my other post here.

sudo apt-get update && sudo apt-get install software-properties-common
sudo add-apt-repository ppa:nginx/stable
echo deb http://ppa.launchpad.net/nginx/release/ubuntu $(lsb_release -cs) main | sudo tee --append /etc/apt/sources.list.d/nginx-stable-$(lsb_release -cs).list
echo deb-src http://ppa.launchpad.net/nginx/stable/ubuntu $(lsb_release -cs) main | sudo tee --append /etc/apt/sources.list.d/nginx-stable-$(lsb_release -cs).list
sudo apt-get update && sudo apt-get install htop nginx-extras ntp php5 php5-fpm php5-gd php5-cli libssh2-php rsync ufw unzip

Then, start the necessary services.

sudo service nginx start
sudo service php5-fpm start

Note – I used the nginx-extras package, instead of nginx. This gives me the HttpHeadersMoreModule, which allows me to add/remove HTTP headers. You could also get this by compiling nginx from source and including that option.

Setup PHP

We need to change a few options to secure/tune PHP by editing the /etc/php5/fpm/php.ini file. These steps are taken almost entirely from this page.

sudo sh -c 'echo "register_globals = Off" >> /etc/php5/fpm/php.ini'
sudo sed -i "s/^; max_input_vars = 1000/max_input_vars = 10000/g" /etc/php5/fpm/php.ini
sudo sed -i "s/^upload_max_filesize = 2M/upload_max_filesize = 4M/g" /etc/php5/fpm/php.ini
sudo service php5-fpm restart

Setup NTP

First, select the correct timezone.

sudo dpkg-reconfigure tzdata

Then, manually sync the time (only once) and start the NTP service.

sudo ntpdate pool.ntp.org
sudo service ntp start

Setup firewall

Check the status of UFW.

sudo ufw status verbose

Set the default state of UFW to deny incoming and allow outgoing.

sudo ufw default deny incoming
sudo ufw default allow outgoing

List all of the current apps that have UFW rules.

sudo ufw app list

Enable OpenSSH, Nginx, and NTP access.

sudo ufw allow OpenSSH
sudo ufw allow "Nginx HTTP"
sudo ufw allow ntp

Finally, turn on UFW.

sudo ufw enable

Then, check the status again.

sudo ufw status verbose

Install DokuWiki

These steps are taken almost entirely from this page.

First, remove the default Nginx html files and config files.

sudo rm -rf /var/www/html
sudo rm -rf /etc/nginx/sites-enabled/default
sudo rm -rf /etc/nginx/sites-available/default

Next, download and decompress the latest stable version of DokuWiki.

cd /var/www
sudo wget http://download.dokuwiki.org/src/dokuwiki/dokuwiki-stable.tgz
sudo tar xvf dokuwiki-stable.tgz
sudo rm dokuwiki-stable.tgz
sudo mv dokuwiki-*/ dokuwiki

Setup Nginx

First, we need to overwrite the default Nginx config file with our own. This config file specifies settings on a global level, and includes our gzip configuration. The file is located at /etc/nginx/nginx.conf.

user www-data;
worker_processes 1; #this should be equal to "grep processor /proc/cpuinfo | wc -l"
pid /run/nginx.pid;

events {
        worker_connections 1024; #this should be equal to "ulimit -n"
        multi_accept on;
}

http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 30;
        types_hash_max_size 2048;
        server_names_hash_bucket_size 64;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

#Added for security
        server_tokens off;
        server_name_in_redirect off;
        add_header X-Frame-Options SAMEORIGIN;

#Compression settings
        gzip on;
        gzip_disable "msie6";
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 9;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;
        gzip_types text/plain text/css text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss text/javascript;

#Other files to include
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

Second, create the necessary Nginx config file for our DokuWiki.

sudo touch /etc/nginx/sites-available/dokuwiki

Now, populate the file you just created. The main config file is taken from here, and security portion is taken from here.

server {
        listen 80 default_server;                       #Listen on IPv4
        server_name XX.XX.XX.XX;
        root /var/www/dokuwiki;                         #Set document root
        autoindex off;                                  #Turn off index browsing everywhere
        index doku.php;                                 #Set indexe

        client_max_body_size 4M;                        #Maximum file upload size is 4MB - change accordingly if needed 
        client_body_buffer_size 128k;

        #Security 
#        location ~ /(data/|conf/|bin/|inc/|install.php|COPYING|README|VERSION|.ht*) {
#        deny all;
#        }
 
        location / {
        try_files $uri $uri/ @dokuwiki;
                #Cache these filetypes in the user's browser for a set number of days
                location ~* \.(jpg|jpeg|png|gif|ico|css|js|svg)$ {
                expires 10d;
                add_header Pragma "public";
                add_header Cache-Control "max-age=31536000, public, must-revalidate, proxy-revalidate";
                log_not_found off;
                }
        }
 
        location @dokuwiki {
        rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
        rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
        rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
        rewrite ^/(.*) /doku.php?id=$1&$args last;
        }
 
        location ~ \.php$ {
        try_files $uri $uri/ /doku.php;
        fastcgi_param REDIRECT_STATUS 200;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_param SCRIPT_FILENAME $request_filename;
        include fastcgi_params;
        }
}

A few things to note:

  • Change your server name. In my case, I’m just using the server’s IP.
  • For now, leave the security portion commented out. After we install DokuWiki, go back and remove the comments.

Finally, enable your site, change permissions on your files, and reload Nginx.

sudo ln -s /etc/nginx/sites-available/dokuwiki /etc/nginx/sites-enabled/
sudo chown -R www-data:www-data /var/www/dokuwiki
sudo service php5-fpm restart
sudo service nginx reload

Setup DokuWiki

Open your browser and navigate to http://your_server_IP_or_name/install.php in your browser. With any luck, the page will load and you can setup DokuWiki.

20150625_002

If you need some help setting up DokuWiki, a few good links are below.

Let me know how it goes!

Logan

6 thoughts on “Setup DokuWiki on Ubuntu Server

  1. I installed it on Rasberry pi as well. Biggest question is how did you handle the Data Directory security issue. I’ve poured for hours over the topics that DokuWiki suggests, but had no luck. I even attempted .htaccess files, but am not entirely sure if I’m doing it right.

    • How was the install on the RPi? I use Nginx, so I’m using the following rules, taken from here.
      #Remember to comment the below out when you're installing, and uncomment it when done.
      location ~ /(data/|conf/|bin/|inc/|install.php) {
      deny all;
      }

Leave a Comment