From ArchWiki
Revision as of 15:34, 11 June 2012 by Giddie (talk | contribs) (A few tweaks & started configure script documentation)
Jump to: navigation, search

This template has only maintenance purposes. For linking to local translations please use interlanguage links, see Help:i18n#Interlanguage links.

Local languages: Català – Dansk – English – Español – Esperanto – Hrvatski – Indonesia – Italiano – Lietuviškai – Magyar – Nederlands – Norsk Bokmål – Polski – Português – Slovenský – Česky – Ελληνικά – Български – Русский – Српски – Українська – עברית – العربية – ไทย – 日本語 – 正體中文 – 简体中文 – 한국어

External languages (all articles in these languages should be moved to the external wiki): Deutsch – Français – Română – Suomi – Svenska – Tiếng Việt – Türkçe – فارسی

Foswiki is a free enterprise collaboration platform written in Perl; developed, supported and maintained by its users and the open-source community.

More information:

You may also be interested in XWiki, which caters to similar needs, but is Java-based.


Note: I abandoned the idea of adopting and maintaining the foswiki package on the AUR for the following reasons:
  • Foswiki currently requires some user intervention on every upgrade.
  • Foswiki has a convenient mechanism for installing, updating, and removing plugins that does not function unless the installation directory is writeable.

These instructions assume you will be using the directory /srv/http/foswiki to store your Foswiki installation.

The Foswiki Installation Guide is very thorough (although maybe a bit overwhelming), and makes an excellent reference. Follow along using the official guide, but you will find these notes to be more concise, and more specific to ArchLinux.

  • You will need to install the following packages in order for Foswiki to work:
    • rcs
    • perl-cgi-session
    • perl-html-tree
    • perl-uri
    • perl-libwww
  • From the Foswiki website, determine the URL of the latest Foswiki release.
  • Download and unpack the archive as the http user at /srv/http/foswiki. For instance (as root):
# su -s /bin/bash - http
$ mkdir /tmp/foswiki
$ cd /tmp/foswiki
$ wget <archive-url>
$ tar xzf Fos*
$ rm *.tgz
$ exit
# mv /tmp/foswiki/* /srv/http/foswiki
# rmdir /tmp/foswiki
# cd /srv/http/foswiki
  • Depending on how keen you are on locking down access to the Foswiki installation, you could restrict access to the installation directory:
# chmod o-rx .
  • At this point, you want to ensure that all the files have the correct permissions. (See the Foswiki guide on Setting File Access Permissions for details.)
If you would like to determine whether the files already have the correct permissions, you can make use of find to test permissions against the example commands listed in the above Foswiki guide. For instance, this will find any directories that do not have their access mode set to 755:
# find . -type d \! -perm 755
As of version 1.1.5, I found that only one file was incorrectly set to be owner-writable; all other files appeared to have the correct permissions fresh out of the archive. The following command can be used to set the correct permissions (either as root or http), and will also catch any similar files that may display the same issue in future:
$ find pub data -name '*,v' -type f -exec chmod 444 {} \;
  • Copy bin/LocalLib.cfg.txt to bin/LocalLib.cfg, ensuring that ownership and access rights are identical to the original file.
  • Edit your newly copied file so that the $foswikiLibPath line reads as follows:
$foswikiLibPath = '/srv/http/foswiki/lib';


See the Configure the Webserver section of the Foswiki Installation Guide for guidance on getting set up with Apache.


Setting up Nginx to work correctly with Foswiki is tricky, but almost everything you need is provided here. The configuration is heavily commented, to make it as easy as possible to modify it to suit your needs.

Foswiki is written in Perl and is generally intended to be run as a series of CGI scripts. Check out the FastCGIEngineContrib if you're interested in running Foswiki as a FastCGI application, but be aware that some plugins do not work well with this setup.

  • Install fcgiwrap (See the Nginx#fcgiwrap page). The rest of this configuration assumes you've set up fcgiwrap using a socket.
  • Create a file with the following contents at /etc/nginx/conf/foswiki.conf:
location /bin/configure {
  # It is important to protect this location with a password.
  auth_basic "Restricted";
  auth_basic_user_file ../htpasswd/foswiki-configure;
  # (Temporarily?) allow an IP address below for configuration access
  deny all;
  fastcgi_pass fcgiwrap;
  include      fastcgi.conf;
  fastcgi_split_path_info ^(/bin/configure)(.*);
  fastcgi_param PATH_INFO $fastcgi_path_info;
location /bin/ {
  fastcgi_pass fcgiwrap;
  include      fastcgi.conf;
  fastcgi_split_path_info ^(/bin/\w+)(.*);
  fastcgi_param PATH_INFO $fastcgi_path_info;
  # Setting the NO_FOSWIKI_SESSION environment variable prevents a
  # session being created. If a bot is spawning too many sessions, add its
  # user agent string to this regexp.
  set $no_foswiki_session "";
  if ($http_user_agent ~* "^gsa-crawler") {
    set $no_foswiki_session true;
  fastcgi_param NO_FOSWIKI_SESSION $no_foswiki_session;
  # This prevents the %INCLUDE% macro from including our own topics as URLs
  # and also prevents other Foswikis from doing the same. This is important to
  # prevent the most obvious Denial of Service attacks.
  if ($http_user_agent = "") { return 403; }
# Contains public-facing files.
# The rewrite rule is necessary for enforcing access policies. Otherwise,
# access would be free to this directory. Comment it out if you don't like
# the performance hit (but see /pub/... locations below).
location /pub/ {
  rewrite ^/pub/(.*)$ /bin/viewfile/$1 last;
# Prevent HTML attachments from rendering directly in the browser; it could
# potentially be a security risk.
location ~* /pub/.*\.html?$ {
  types {}
  default_type application/octet-stream;
# These locations contain CSS, JS, and other assets that are trusted and really
# need to be cached, and that we don't want going through CGI for reasons of
# performance. The ^~ prefix prevents the above HTML security fix from applying
# to these locations (e.g. WYSIWYG uses some HTML from /pub/System).
location ^~ /pub/System/ {  # General system support files
location ^~ /pub/Main/SitePreferences/ {  # Attachments for site logos etc...
# Anything in the Trash should not be visible.
# This is not necessary if access policies are being enforced for the /pub
# directory through the rewrite rule above.
#location /pub/Trash {
#  deny all;
location /robots.txt {
# Pretty URLs: /Main/Foo, /edit/Main/Foo, etc...
location / {
  rewrite ^/(?:[A-Z].*)?$ /bin/view$uri last;
  rewrite ^/([a-z]+/[A-Z].*) /bin/$1 last;
  # The above should catch most day-to-day things. This is for some more unusual
  # situations (e.g. when Main requires authentication, when resubmitting a
  # form, maybe some other situations):
  rewrite ^ /bin$uri last;
Warning: When working on a production installation, take care of the allow directive near the top of the file. Keep it commented out when you don't need access to the configure script. This script is a potential security weak point for Foswiki, and is best kept locked down when it's not needed.
  • Uncomment the allow directive near the top of the file, and replace with the IP address of your local machine.
  • Now, add new server section to your main nginx configuration file at /etc/nginx/conf/nginx.conf; for instance:
server {
  listen 80;
  server_name foswiki;
  root /srv/http/foswiki;

  include foswiki.conf;
  • Follow the instructions from the Nginx Wiki to create an htpasswd file at the required location. The above configuration expects such a file at /etc/nginx/htpasswd/foswiki-configure. For instance, as root:
# mkdir -p /etc/nginx/htpasswd
# printf "admin:$(openssl passwd -crypt <YOURPASSWORD>)\n" >> /etc/nginx/htpasswd/foswiki-configure
  • Navigate your browser to the /configure URL, e.g.: http://foswiki/configure.
  • In the General Path Settings section, remove the contents of the {ScriptUrlPaths}{view} setting. It should be completely blank. (This will make Foswiki use the pretty URLs we've set up in the Nginx configuration.)
  • All other settings should be fine, so press "Save Changes", and choose a password to protect your configuration. (You may as well use the same password you set for your HTTP Basic Authentication.)
Warning: Work in progress. More to follow. The next episode is coming soon.