FAQ

Page Discussion History

Difference between revisions of "Dokuwiki"

(SSL powered Dokuwiki in nginx.)
 
(Dokuwiki without SSL)
Line 8: Line 8:
 
<geshi lang="nginx">
 
<geshi lang="nginx">
 
server {
 
server {
        server_name wiki.domain.tld;
+
  server_name wiki.domain.tld;
        root /var/www/dokuwiki;
+
  root /var/www/dokuwiki;
  
        location / {
+
  location / {
                index doku.php;
+
    index doku.php;
                try_files $uri $uri/ @dokuwiki;
+
    try_files $uri $uri/ @dokuwiki;
        }
+
  }
  
        location @dokuwiki {
+
  location ^~ /lib/ {
                rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
+
    expires 30d;
                rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
+
  }
                rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
+
                rewrite ^/(.*) /doku.php?id=$1 last;
+
        }
+
  
        location ~ \.php$ {
+
  location ^~ /conf/ { return 403; }
                include fastcgi_params;
+
  location ^~ /data/ { return 403; }
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+
 
                fastcgi_pass unix:/tmp/phpcgi.socket;
+
  location @dokuwiki {
        }
+
    rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
 +
    rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
 +
    rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
 +
    rewrite ^/(.*) /doku.php?id=$1 last;
 +
  }
 +
 
 +
  location ~ \.php$ {
 +
    include fastcgi_params;
 +
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 +
    fastcgi_pass unix:/tmp/phpcgi.socket;
 +
  }
 
}
 
}
 
</geshi>
 
</geshi>

Revision as of 01:20, 16 May 2013

Contents

Dokuwiki recipes

Here you can find snippets for configuring Dokuwiki to install in a root path of your server. If you had installed Dokuwiki in a non-root path, consider using a rewrite rule.

Dokuwiki without SSL

This is pretty straight-forward. Just add this to your nginx.conf. Note that the fastcgi_pass is non-standard here.

server {
  server_name wiki.domain.tld;
  root /var/www/dokuwiki;
 
  location / {
    index doku.php;
    try_files $uri $uri/ @dokuwiki;
  }
 
  location ^~ /lib/ {
    expires 30d;
  }
 
  location ^~ /conf/ { return 403; }
  location ^~ /data/ { return 403; }
 
  location @dokuwiki {
    rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
    rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
    rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
    rewrite ^/(.*) /doku.php?id=$1 last;
  }
 
  location ~ \.php$ {
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_pass unix:/tmp/phpcgi.socket;
  }
}

Dokuwiki with SSL

In http context you have to this line to fill the $php_https variable that is later passed to your fcgi engine. It is required for Dokuwiki to switch properly between http and https.

# In http context
map $scheme $php_https { default off; https on; }

This goes into dokuwiki.conf, for convenience. This is basically the same as the above snippet but with the required fastcgi_param HTTPS $php_https;

### File: /etc/nginx/dokuwiki.conf	
 
include drop.conf;
 
client_max_body_size 15M;
client_body_buffer_size 128k;
location / {
	try_files $uri $uri/ @dw;
}
 
location @dw {
	rewrite ^/_media/(.*) /lib/exe/fetch.php?media=$1 last;
	rewrite ^/_detail/(.*) /lib/exe/detail.php?media=$1 last;
	rewrite ^/_export/([^/]+)/(.*) /doku.php?do=export_$1&id=$2 last;
	rewrite ^/(.*) /doku.php?id=$1 last;
}
 
location ~ \.php$ {
	include fastcgi_params;
	fastcgi_param HTTPS $php_https;#DW checks $_SERVER['HTTPS']
	fastcgi_pass unix:/tmp/php5-fpm.sock;
}
 
# Block access to data folders
location ~ /(data|conf|bin|inc)/ {
deny all;
}
 
# Block access to .htaccess files
location ~ /\.ht {
deny  all;
}

You can force your users to switch to SSL for login and administration. As also displayed on the page HTTPS Login for Dokuwiki, you have to create two server{} instances.


### File: /etc/nginx/nginx.conf
 
map $scheme $php_https { default off; https on; }
 
    server {
	server_name wiki.host.org
	root /path/to/dokuwiki;
	index doku.php;
	listen 80;
	#Enforce https for logins, admin
	if ($args ~* do=(log|admin|profile)) {
		rewrite ^ https://$host$request_uri? redirect;
	}
	include dokuwiki.conf;
    }
 
    server {
	server_name wiki.host.org;
	root /path/to/dokuwiki;
	index doku.php;
	listen 443 ssl;
	keepalive_requests    10;
	keepalive_timeout     60 60;
	ssl_certificate      /etc/ssl/certs/ssl-cert-snakeoil.pem;
	ssl_certificate_key  /etc/ssl/private/ssl-cert-snakeoil.key;
	#switch back to plain http for normal view
 
	if ($args ~* (do=show|^$)){
		rewrite ^ http://$host$request_uri? redirect;
	}
	include dokuwiki.conf;
    }

For completeness sake, this goes into drop.conf.

### file: /etc/nginx/conf.d/drop.conf
 
location = /robots.txt  { access_log off; log_not_found off; }
location = /favicon.ico { access_log off; log_not_found off; }	
location ~ /\.          { access_log off; log_not_found off; deny all; }
location ~ ~$           { access_log off; log_not_found off; deny all; }

Rewrite rule

Coming from apache, I realised that I have to install Dokuwiki inside root, because I couldn't rewrite the configuration accordingly. So I added this this to keep all the old links working that were pointing to host.tld/dokuwiki and redirect them to wiki.host.tld.

rewrite ^/dokuwiki(/.*)?$ http://wiki.host.tld$1 permanent;