Apache configuration

From MediaWiki.org
Jump to: navigation, search

Other languages:
asturianu • ‎català • ‎Deutsch • ‎English • ‎español • ‎suomi • ‎français • ‎italiano • ‎日本語 • ‎Lëtzebuergesch • ‎polski • ‎português • ‎português do Brasil • ‎русский • ‎中文

Apache is probably the webserver used most with MediaWiki.

Modules[edit | edit source]

PHP[edit | edit source]

PHP as Apache Module[edit | edit source]

MediaWiki is written to use PHP as an Apache module. Your PHP is probably configured as a module if you start with URLs like this:

example.com/index.php/Main_Page

You can check which configuration and version of PHP you have by viewing your wiki's Special:Version page, or with phpinfo().

RedHat/Fedora-based Linux[edit | edit source]

Install PHP:

# yum install php php-xml

Reload httpd:

# service httpd reload
Debian-based Linux[edit | edit source]

Install apache2 php5 module:

# apt-get install apache2 libapache2-mod-php5 php5-cli php-apc php5-mcrypt

Enable apache2 php5 module:

# a2enmod php5

Restart Apache:

# apache2ctl restart

(Debian also has a mediawiki package.)

PHP as CGI[edit | edit source]

If PHP is running as a CGI, you will have "ugly" URLs by default, but you can still implement short URLs.

CGIWrap[edit | edit source]

If you have your own server running Apache and are running PHP as CGI, you can install CGIWrap. This tool enables you to run the Apache server as a different user for CGIs.

That way, you can create a new user for your MediaWiki pages. Installing CGIWrap is beyond the scope of this document, especially since you must compile it accordingly to your own server. However, as a quick guideline, you can follow these rules:

  • Create a Wikimedia user
useradd -M -s /sbin/nologin wikiuser
  • Have a cgi-bin folder, containing CGIWrap (example in /home/myuser/cgi-bin). Once everything is configured, keep only cgiwrap, move the debug versions to another folder if you ever need it. Your cgiwrap file should be accessible only to Apache (chown and chmod accordingly).
chown apache:apache cgiwrap
chmod 500 cgiwrap
  • Inside the cgi-bin folder, create a symbolic link to the Wikimedia root.
ln -s /home/myuser/public_html/wiki /home/myuser/cgi-bin/wikilink
  • In your wiki's .htaccess file, add the following definitions:
AddHandler php-wrapper .php
Action php-wrapper /cgi-bin/cgiwrap/wikiuser/wikilink
  • Finally, chown and chmod all the .php files of your Wikimedia folder to be accessible solely by wikiuser.
chown -R wikiuser:wikiuser *.php
chmod -R 500 *.php

The files will be accessible as usual. You do not need to specify in your path any cgi-bin, as this is transparently taken care for you.

I strongly suggest you start out with /cgi-bin/cgiwrapd/... as your php-wrapper, as it will precisely show what is currently working. I also strongly suggest you do not delete your CGIWrap source folder until everything works perfectly as this is a real trial and error process, taking a long time. However, it's all worth your time as your MediaWiki will be run in its own separate process, in its own uid, without being able to interfere any other uid. Inverse is also true, except for root, that can read anything anywhere.

mod_alias and mod_rewrite[edit | edit source]

The recommended method of beautifying URLs involves mod_alias. Other methods use mod_rewrite instead.

mod_security[edit | edit source]

ModSecurity has been known to cause problems with MediaWiki. If you get errors seemingly at random, check your error log to see whether it is causing problems.

Thread stack size[edit | edit source]

The stack size for for each Apache thread is configurable and the default varies on different operating systems. To run MediaWiki on Windows environments it may be necessary to increase the stack size (if there are problems), as the 1MB default is small and can cause stack overflows during PHP script execution. The following httpd.conf setting will set the stack size to about 8MB (about a typical Linux default):

<IfModule mpm_winnt_module>
ThreadStackSize 8388608
</IfModule>

Spiders and bots[edit | edit source]

You really should use a robots.txt file to tell well-behaved spiders not to download dynamically generated pages (edit pages, for instance). This can reduce the load on your webserver, preserve your bandwidth, and prevent duplicate content issues with search engines. However, malicious bots could tie up your webserver and waste your bandwidth by downloading a large volume of pages extremely quickly. Request throttling can help protect against this.