dokuwiki安装与配置教程

PS:越来越发现博客不适合做知识库了,因为文章之间太分散,条理也不清晰。明显没有wiki那么清楚明了,wiki就和思维导图一样,看着那些结构层次命令的,就能回忆个大概,所以搭建了这个wiki知识库,供个人使用,以后可能会考虑开放吧。又要学习一遍wiki的语法了。

dokuwiki安装与配置
1.下载dokuwiki网站源码
#wget -c  http://download.dokuwiki.org/src/dokuwiki/dokuwiki-stable.tgz

2.解压源码安装
#tar -zvxf dokuwiki-stable.tgz    //解包解压缩
#cd dokuwiki-2013-05-10a   //进入解压后的目录
#cp -R * /home/www   //复制解压的网站源码文件到网站根目录

在浏览器输入:http://域名或者ip/install.php

xxx is not writable by DokuWiki. You need to fix the permission settings of this directory!

The installer found some problems, indicated below. You can not continue until you have fixed them.

{DOCUMENT_ROOT}/data/pages is not writable by DokuWiki. You need to fix the permission settings of this directory!
{DOCUMENT_ROOT}/data/attic is not writable by DokuWiki. You need to fix the permission settings of this directory!
{DOCUMENT_ROOT}/data/media is not writable by DokuWiki. You need to fix the permission settings of this directory!
{DOCUMENT_ROOT}/data/media_attic is not writable by DokuWiki. You need to fix the permission settings of this directory!
{DOCUMENT_ROOT}/data/media_meta is not writable by DokuWiki. You need to fix the permission settings of this directory!
{DOCUMENT_ROOT}/data/meta is not writable by DokuWiki. You need to fix the permission settings of this directory!
{DOCUMENT_ROOT}/data/cache is not writable by DokuWiki. You need to fix the permission settings of this directory!
{DOCUMENT_ROOT}/data/locks is not writable by DokuWiki. You need to fix the permission settings of this directory!
{DOCUMENT_ROOT}/data/index is not writable by DokuWiki. You need to fix the permission settings of this directory!
{DOCUMENT_ROOT}/data/tmp is not writable by DokuWiki. You need to fix the permission settings of this directory!

 

这是因为文件和文件夹权限问题,修改权限就可以了:
#chown -R www:www /home/www   //将文件所有者由root用户改为www用户(你nginx运行的用户)

先在右上角选好语言,简体中文zh
填写好网站的名称,管理员等,协议等

安装完后,为了安全,要删除install.php文件,然后再用刚才设置的用户名密码登陆

关于安全:

http://你的域名或者ip/data/pages/wiki/dokuwiki.txt

如果你能通过上面这个链接,访问到dokuwiki.txt文件,那么表明你的网站的数据是不安全,因为dokuwiki是文本数据库,也就是别人可以直接拖库了。

官方要求是

  • data
  • conf
  • bin
  • inc

这四个目录是不能通过web访问浏览的,所以,我们要设置这些目录的权限,保证网站的数据安全。

解决办法:因为这个根据你的web服务器的不同而设置访问权限的方式也不同,所以,我下面会贴出大部分web 服务器的设置方法。

  • nginx

我的就是nginx,在网站的nginx.conf配置文件的server段加上下面的代码:

location ~ /(data|conf|bin|inc)/

{

deny all;

}

或者通过.htaccess文件禁止访问:

location ~ /\.ht {

deny all;

}

  • Apache

用.htaccess文件来禁止,格式如下:

order allow,deny

deny from all

注意:官方说apache2的.htaccess文件在ubuntu上失效,所以,方法特别,需要进入/etc/apache2/sites-available,修改default文件(如果你是用的 https,这是修改default-ssl )

NameVirtualHost *
<VirtualHost *>
ServerAdmin admin@site.com

DocumentRoot /var/www/
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride none
Order allow,deny
allow from all
</Directory>

将其中的 AllowOverride none 改为  AllowOverride all ,然后重启apache服务器

或者直接在VirtualHost文件里,用LocationMatch ,代码如下:

<LocationMatch “/(data|conf|bin|inc)/”>
Order allow,deny
Deny from all
Satisfy All
</LocationMatch>

但是,可能会导致比如你的另外一个网站跟目下也有data,conf这类目录也不能访问,方法如下,扩展下

locationmatch:
<Directory /var/www/dokuwiki>
order deny,allow
allow from all
</Directory>

<LocationMatch “/dokuwiki/(data|conf|bin|inc)/”>
order allow,deny
deny from all
satisfy all
</LocationMatch>

  • IIS

进入刚才所提到的目录,进行如下设定:

  1. 打开配置工具: 开始 → 设置 → 控制面板 → 管理工具 → Internet信息服务
  2. 进入到你要保护的目录: 本地计算机 → 网站 → 默认web站点→ 目录路径
  3. 右击文件夹并选中属性 →目录安全 → IP address and domain name restrictions (ip地址和域名限制)→ Edit(编辑)…
  4. 选择“默认情况下,所有计算机:禁止访问”

在IIS7:

  1. select “IIS Request Filtering”
  2. go to the “URL” tab
  3. click on “Deny Sequence”
  4. enter ”/data/” in the popup box

Repeat for ”/data/media” and choose “Always Allow” (otherwise your images and other won’t be visible)

Note: By default, the Management Console snap-in for Internet Information Services 7 does not have UI access to “IIS Request Filtering” section. However, can be enabled by installing “IIS Administration pack 1.0” by using the Web Platform Installer.

Also note: Ensure you enter ”/data/” and NOT just ”/data”, otherwise pages that start with “data” will be inaccessible.

  • Lighttpd

Using a URL re-write you can deny access to the above directories. In your lighttpd.conf file adding the following URL rewrite rule should be sufficient to keep people out. It suppose your Dokuwiki files are installed under http://yourwebsite.tld/dokuwiki/. Don’t forget to uncomment “mod_rewrite” in the server.modules section.

url.rewrite-once = ( “^/dokuwiki/(data|conf|bin|inc)/+.*” => “/nonexistentfolder” )

Or use “mod_access”. More examples available here.

 

<blockquote>$HTTP[“url”] =~ “^/dokuwiki/(data|conf|bin|inc)/+.*” {
url.access-deny = (“”)}

  • Cherokee(据说比nginx还快的web 服务器,大家可以去试试.但貌似不如nginx稳定)

It is relatively easy to forbid access to those directories using Cherokee. In cherokee-admin, select the virtual server where dokuwiki is installed and select rules management.

then add a new “Regular Expression” rule and put the following in it :

/(data|conf|bin|inc)/

Then go in “Handler” section and select HTTP Error. Finally select “403 Forbidden” in HTTP Error.

TMD,其他的重命名,迁移data目录什么的,懒得翻译了,贴上官方的文档地址:https://www.dokuwiki.org/security#web_access_security       自己有疑问就去看吧,不懂google翻译去。

 

Posted in 经验分享.

发表评论