Difference between revisions of "User:Aexoxea/Tiki Wiki CMS Groupware"

From ArchWiki
Jump to: navigation, search
(Before updating: Tighten up wording.)
m (Apache: Add enabling.)
Line 40: Line 40:
 
#* Enable {{ic|LoadModule alias_module modules/mod_alias.so}} (it is enabled by default on new installs).
 
#* Enable {{ic|LoadModule alias_module modules/mod_alias.so}} (it is enabled by default on new installs).
 
#* Add this line where appropriate (if unsure, place it at the end): {{ic|Include conf/extra/tikiwiki.conf}}.
 
#* Add this line where appropriate (if unsure, place it at the end): {{ic|Include conf/extra/tikiwiki.conf}}.
# Start the Apache service per instructions at [[Apache HTTP Server#Configuration]].
+
# Start (and enable if appropriate) the Apache service per instructions at [[Apache HTTP Server#Configuration]].
  
 
=== Set up a database server ===
 
=== Set up a database server ===

Revision as of 10:56, 16 February 2018

Warning: This is a work in progress and may not ever move to mainspace. Proceed at your own risk!

Tiki Wiki CMS Groupware (referred herein as just "Tiki") is a web-based content management system with collaboration features written in PHP.

Package Tiki

Tiki ships both stable and long-term support releases (see versioning policy and release roadmap). Choose from one of the following, then make a package using the files on the linked page:

  • For the latest stable release (18.x): Files Stable.
  • For the latest long-term support release (18.x): Files LTS.
Note: While PHP 7.2 or 7.1 should work in most circumstances with Tiki 18.x series, if you encounter difficulties you should downgrade to PHP 7.0 or 5.6 (available in AUR as php70AUR and php56AUR respectively).

Once done, continue with Install and set up prerequisites (for new installs) or Choose your update path (for updates) below.

Install and set up prerequisites

Tiki relies on a typical LAMP-like stack. See Tiki's Requirements page for specific prerequisites.

Install Tiki

Install the Tiki package that you made above.

Set up a web server

You need a running web server configured to use PHP and serve up files from /usr/share/webapps/tikiwiki/.

If not sure what to pick, choose Apache and follow the instructions below.

Apache

To use Tiki on Apache, you need to:

  1. Install Apache per instructions at Apache HTTP Server#Installation.
  2. Configure Apache to use PHP per instructions at Apache HTTP Server#PHP.
  3. Copy /etc/webapps/tikiwiki/apache.example.conf to /etc/httpd/conf/extra/tikiwiki.conf.
  4. Edit /etc/httpd/conf/httpd.conf to:
    • Enable LoadModule alias_module modules/mod_alias.so (it is enabled by default on new installs).
    • Add this line where appropriate (if unsure, place it at the end): Include conf/extra/tikiwiki.conf.
  5. Start (and enable if appropriate) the Apache service per instructions at Apache HTTP Server#Configuration.

Set up a database server

Tiki supports either MariaDB or Oracle MySQL. If not sure what to pick, use MariaDB.

Either way, you need to install, set up and start the database server per instructions at MySQL#Installation.

It is recommended to let Tiki create the database (and optionally -- but recommended for security reasons -- the database user account) that it will use. You will need to note down for later:

  • The database server host name (if not on localhost),
  • The username and password of a database user account (e.g. root) with access to create new databases and new database user accounts.

If you need or want to create these manually instead, see Database - Manual creation below.

Set up PHP

PHP was pulled in as a dependency when Tiki was installed earlier.

You need to edit /etc/php/php.ini (or equivalent) and, at a minimum:

  • Set the default timezone (date.timezone=, see PHP's List of Supported Timezones for valid options).
  • Set the session data path (session.save_path=, the default "/tmp" works as a starting point).
  • Enable the calendar, iconv, intl, mysqli and pdo_mysql extensions (each has its own extension= entry).

It is also recommended to:

  • Enable the zip extension (it is enabled by default on new installs).
  • Enable the gd extension, then install the php-gd package (or equivalent) it requires to work.
Note: If using Apache, you will need to restart the web server now so these changes take effect. Other web servers may also need to be reloaded or restarted at this point; consult your documentation.

Next steps

Once done, continue with Configure Tiki below.

Configure Tiki

See Tiki's Installation and Linux pages for specific information.

Set up Tiki's files

Tiki ships with a setup script (setup.sh) that updates its file permissions and downloads any necessary extra files using Composer.

If you're using the current version of PHP that ships in the main repositories, run this from a terminal:

# cd /usr/share/webapps/tikiwiki/
# sh setup.sh -u http -g http -n fix

The -u and -g options change the user and group of Tiki's files, so set these as appropriate (noting http:http is the default user and group for most web servers).

If you're using an earlier version of PHP, you need to add the -p option with the truncated program name, e.g. if using php70AUR:

# cd /usr/share/webapps/tikiwiki/
# sh setup.sh -u http -g http -p php70 -n fix
Tip: See permission check section for more options around setup.sh.

Run Tiki's install workflow

Finally, open a web browser and access https://localhost/tiki/tiki-install.php (HTTP will also work, but see the warning below), substituting the web server address and path if needed.

For new installs, a web-based workflow will start to guide you through the final configuration steps (including setting up the database). When this workflow is complete, Tiki is ready to use.

For updates, you'll first be prompted to enter the username and password for Tiki's database user account. When the web-based workflow appears, there will be a notice about upgrading. Follow the link under that notice; it will take you to the correct part of the workflow to upgrade the database. Run through the workflow from there; when complete, your Tiki is updated, and you should continue with After updating section.

Warning: As usernames and passwords are handled through the workflow, if the server is not on localhost or a trusted network, you should use HTTPS or another secure communication method.
Tip: The workflow defaults to English, but you can select a different language on the first page.

Updates

See Tiki's Upgrade page for detailed information about updating between versions.

Before updating

It is strongly recommended to:

  • Make sure you have a backup in place, as Tiki does not support downgrades. Take a system backup of your Arch, follow one of Tiki's Backup recommendations, or ideally, do both.
  • Close the site to non-admin users. This setting can be enabled by a Tiki admin user through the Control Panel (either General > Navigation or Security > Site Access).
  • Revert to a built-in theme, as custom themes are not guaranteed to work between versions. This setting can be changed by a Tiki admin user through the Control Panel (Look & Feel > Theme).

Choose your update path

Make the new package (see Package Tiki above), then choose one of the following paths to install it:

  • Update-in-place: Install the new package over the existing package.
  • Remove-then-install: Remove the existing package, then install the new package.

The update-in-place path will work in most circumstances. However, if you run into difficulties relating to Tiki's package files during or after the update, the remove-then-install path will enable you to troubleshoot around what files are left behind under /usr/share/webapps/tikiwiki/ after removing the old version but before installing the new version.

Warning: It is not guaranteed that customisations to Tiki package files will be retained through either update path, or that they will work properly. If you make customisations, it is recommended to store them elsewhere (e.g. in a version control system), so you can merge them back in after updating as needed. Alternatively, you can consider submitting generally useful changes upstream.
Note: Depending upon how Tiki has been configured, be aware that some of the directories may contain uploaded files (e.g. images and other attachments). They should not be impacted by the update process, but if you would prefer they be located elsewhere, there are options to do so after updating successfully. See File Storage below for details.

Once you've installed the new package successfully, continue with Configure Tiki above.

After updating

Log in to your site, check that everything is as it should be, and when you're ready, re-open the site (if you closed it before). Points to look out for include:

  • Release notes. These can be found for each major version under Tiki's "New in version" page.
  • The .htaccess file (or the file it's symlinked to, such as _htaccess). If you've made custom changes to this, such as for SEFURLs, you may need to re-apply these.
  • Feature defaults. New features will generally be set to default values, and features deemed 'unsafe' (including approvals for editing plugins) may have been reset to 'safe' values. Change these through the Control Panel etc. as needed.
  • Custom themes. If you were using a custom theme (and it supports the upgraded version of Tiki), switch back to it and check if it works OK or not. It's recommended to keep a separate browser window open that shows the Look & Feel > Theme Control Panel in a built-in theme while testing, so you can revert it easily if needed.

Security

Tiki's Security documentation page describes the Security Control Panel, and references other security-related functions as related topics. The Security ArchWiki page complements this in respect of securing the underlying operating system. These will all be of interest for any site that is exposed to untrusted networks, devices or users.

In addition to this, the Server Check script checks for a number of PHP functions that have security implications. Where enabled, these functions are marked as "Risky". If your use of Tiki doesn't need those functions (and nothing else on the server does either), you can disable them. This is done by adding them to the disable_functions= directive under /etc/php/php.ini (or equivalent) and reloading or restarting your web server as needed.

Permission check

The setup.sh script can be used after the initial configuration to lock down local file permissions, which can be helpful in some circumstances. The file at /usr/share/webapps/tikiwiki/permissioncheck/usecases.txt shows the permission names that the script will accept, along with the numeric permission levels that are set for directories and files respectively.

The script can be run interactively by just entering:

# cd /usr/share/webapps/tikiwiki/
# sh setup.sh

Alternatively, the list of directives that the script will accept directly at invocation can be seen through the printed help information:

# cd /usr/share/webapps/tikiwiki/
# sh setup.sh -h

See Tiki's Permission Check page for more information.

Note: Only the 'classic' commands will change user and group assignments of the files, or ask for this information interactively.

Tips and Tricks

Server check

Tiki ships a Server Check PHP script that allows you confirm aspects of your web server, PHP and (optionally) database setup are compatible with Tiki, or will allow certain optional features of Tiki to be used or not.

The script is available:

  • Before installation, as a separate download (upload it to a web server with PHP enabled and run it in a web browser, and it will tell you if things are configured OK or not).
  • During installation, from the "Review the System Requirements" screen (see the link to "a detailed report about your server").
  • After installation, as an administration tool (you'll need to be logged in to Tiki as an admin user to use it there).
Note: Tiki's Requirements page lists a number of recommended defaults for PHP, noting the script flags values that will/might be problematic but doesn't always suggest something better.

File gallery indexing dependencies

Warning: File gallery indexing presents a risk if untrusted files can be uploaded, as someone could use a specially crafted file to exploit security vulnerabilities in either Tiki itself or the underlying packages used for indexing.

If you want to use file gallery indexing, you need to do two things:

First, use the server check script to confirm that the popen and shell_exec PHP functions are enabled. If they aren't, remove them from the disable_functions= directive under /etc/php/php.ini (or equivalent) and reload or restart your web server as needed.

Second, install the following packages as desired:

Package Provides Binaries Used For Types
catdoc catdoc, catppt, xls2cvs Microsoft Office, RTF
docx2txt docx2txt Microsoft Word (OOXML)
elinks elinks HTML
odt2txt odt2txt OpenDocument
pstotext pstotext PDF, PostScript
unzip unzip Zip

For convenience, the File Indexing file on the following page can be used to make and install a meta package that will pull in all packages that support indexing: Files Meta.

Database

Manual creation

Tiki needs its own database (using a UTF-8 charset) and the ability to log in to a database user with full access to that database. If you can't or don't want to let Tiki create these during its install workflow, you can set these up manually, and just supply the details that Tiki needs directly (i.e. the host name if not on localhost, database name, user account name and password).

An example of doing this manually through the terminal (that should work in most cases, with bolded bits configurable) is:

$ mysql -u root -p
mysql> CREATE DATABASE `tikiwiki` DEFAULT CHARACTER SET `utf8` COLLATE `utf8_unicode_ci`;
mysql> CREATE USER `tikiwiki`@'localhost' IDENTIFIED BY 'password';
mysql> GRANT ALL PRIVILEGES ON `tikiwiki`.* TO `tikiwiki`@'localhost';
mysql> FLUSH PRIVILEGES;
mysql> quit
Warning: The password in the above is the password of the database user account, not the authentication type. Make sure you don't accidentally set the password to "password" if you copy/paste!
Warning: The password you provide above will be saved to a local command history file at ~/.mysql_history. At a minimum, you should redact that part of the file when finished.

Manual removal

If you need or want to remove the Tiki database for any reason, you'll need to do so manually. An example of doing this through the terminal (which should work with the bolded bits set as appropriate) is:

$ mysql -u root -p
mysql> DROP USER `tikiwiki`@'localhost';
mysql> DROP DATABASE `tikiwiki`;
mysql> quit

File Storage

Tiki is able to store uploaded files either in its database or on the file system. The pros and cons of each approach are covered on Tiki's File Storage page.

If storing uploaded files on the file system, by default these will be kept in directories under /usr/share/webapps/tikiwiki/. There are a number of reasons why you might want to move them elsewhere. Again, the options to do so are outlined on Tiki's File Storage page, and on the related Control Panel pages for the specific features that accept file uploads.

Note: Where directories are created outside the /usr/share/webapps/tikiwiki/ hierarchy, be sure appropriate web server options and local file permissions are set so they can be accessed (e.g. if using Apache, update the /etc/httpd/conf/extra/tikiwiki.conf file so that the directories are included in the open_basedir parameter, and make sure the directories are owned by http:http).

Troubleshooting

Timeout updating database on large sites

If you have a large site, PHP timeout values may be exceeded when updating the database (as part of updating Tiki to a new version) in the web-based workflow. Should this occur, you have two choices:

  1. Extend PHP's timeout values, then try again.
  2. Run the database update from the command line, then manually lock the installer (you should then be able to skip the web-based workflow, and continue from After updating):
# cd /usr/share/webapps/tikiwiki/
# php console.php database:update
# touch db/lock

Substitute php in the command line example above if using a version from PHP from the AUR.

"Installer not locked" warning

A warning will appear in the Control Panel if the installer lock file is missing. This can occur if the Tiki package is uninstalled and reinstalled, or the package is updated but the web-based install workflow has not been gone through.

In circumstances where there is no need to go through the web-based install workflow, you need to manually create the lock file as suggested in the warning. The easiest way to do this from the command line is:

# touch /usr/share/webapps/tikiwiki/db/lock

Miscellanea

Linter Errata

If running Namcap on the made packages, you will get some or all of the following messages:

Message Remarks
tikiwiki W: Directory (usr/share/webapps/tikiwiki/<multiple>) is empty Ignore: There are a number of empty directories in the package as shipped, and it's not clear which ones are safe to remove and which ones aren't. Consequently, they have all been left in place. You may wish to configure your web server to deny directory listings.
tikiwiki W: Potential non-FHS info page (usr/share/webapps/tikiwiki/vendor_bundled/vendor/fortawesome/font-awesome/src/<version>/icon/<name>/index.html) found. Ignore: All of the Font Awesome icon subdirectories have an equivalent index.html file. It's not clear why just some of these being singled out.
tikiwiki W: Referenced library 'node' is an uninstalled dependency Ignore: It's not clear what's being referred to, or from where. In any case, all explicit requirements are satisfied by the package and instructions above.
tikiwiki E: Dependency python detected and not included (programs ['python'] needed in scripts ['usr/share/webapps/tikiwiki/vendor_bundled/vendor/adodb/adodb-php/scripts/<multiple>', 'usr/share/webapps/tikiwiki/vendor_bundled/vendor/openid/php-openid/<multiple>']) Ignore: These scripts appear to be used to build releases of ADOdb (TBA for OpenID), and are not required for normal operation.
tikiwiki W: Dependency included and not needed ('php-intl') Ignore: Intl module is required (and this is also used to pull in PHP at the same time).

See Also