====== Fedora Package ======

DokuWiki is available in the Fedora repositories. These instructions are written for Fedora 19, there may be differences for other versions. Do

  dnf install httpd php dokuwiki dokuwiki-selinux

The package ''dokuwiki-selinux'' is necessary for the Configuration Manager of DokuWiki to work. It configures [[wp>Security-Enhanced Linux|SELinux]] to allow dokuwiki to write to its configuration.

Package details are available at https://admin.fedoraproject.org/pkgdb/package/rpms/dokuwiki/

===== httpd =====
Apache HTTP Server, named ''httpd'' in Fedora, is not enabled by default. Since Fedora is [[wp>systemd]]-based you may start it with

  systemctl start httpd.service
  
And you may enable it for automatic startup at system boot with

  systemctl enable httpd.service
  
To disable or to stop httpd, just use the commands "disable" and "stop".

DokuWiki should be accessible at http://localhost/dokuwiki now.

===== Configuration =====
The basic configuration just lets you create and edit pages, but doesn't allow you to login and use the Configuration Manager!

The configuration resides in ''/etc/dokuwiki''. ''local.php'' contains your local configuration, ''dokuwiki.php'' contains dokuwikis defaults and should be left alone. The Configuration Manager also writes to ''local.php''.

To enable login, edit ''/etc/dokuwiki/local.php'' and set

  $conf['useacl'] = 1;
  $conf['superuser'] = '@admin';

This enables ACL (Access Control) and gives all members of the group "admin" superuser rights.

Now add a new user to ''users.auth.php'':

  admin:21232f297a57a5a743894a0e4a801fc3:Admin:example@example.com:admin

The user is named "admin" with password "admin" and is member of the group "admin", which has superuser rights.

You can now login as user "admin" and use DokuWikis admin tools to configure it, to add new users and the like.

==== Paths ====
| DokuWiki        | ''/usr/share/dokuwiki''    |
| Configuration   | ''/etc/dokuwiki''          |
| Data directory  | ''/var/lib/dokuwiki/data'' |

===== Allowing access =====
Once this is installed, you should be able to access this on your local machine. A problem may arise when you try to access it through a network. This has to do with the config settings of Dokuwiki, to change them, Navigate to ''/etc/httpd/conf.d/'' and there should be a file named ''dokuwiki.conf''.
  * For Fedora versions earlier than 18 (Apache 2.2): Edit the file and find the line that says "Allow 127.0.0.1 only" and change it to say "Allow from All". 
  * For Fedora 18 and later (Apache 2.4): Edit the file and find the line that says "Require local" and change it to say "Require all granted".
Save the file and restart the Apache HTTP Server with the systemd user space utility ''systemctl'':

  systemctl restart httpd.service

It should now allow remote requests to the site. Depending on your setup, you may have to allow incoming http(s) traffic in you firewall though.

===== SELinux =====
[[wp>Security-Enhanced Linux|SELinux]] is pre-installed on Fedora.

<code>
SELinux is preventing /usr/sbin/httpd from write access on the file /etc/dokuwiki/users.auth.php
</code>

If you want to allow httpd to have write access on the file ''/etc/dokuwiki/users.auth.php'', then change the "label" of that file:
  - As root do:<code>
semanage fcontext -a -t FILE_TYPE '/etc/dokuwiki/users.auth.php'</code>\\ FILE_TYPE is one of the following strings:\\ abrt_retrace_spool_t, afs_cache_t, anon_inodefs_t, dirsrv_config_t, dirsrv_var_log_t, dirsrv_var_run_t, dirsrvadmin_config_t, dirsrvadmin_tmp_t, httpd_apcupsd_cgi_rw_content_t, httpd_awstats_rw_content_t, httpd_bugzilla_rw_content_t, httpd_cache_t, httpd_collectd_rw_content_t, httpd_cvs_rw_content_t, httpd_dirsrvadmin_rw_content_t, httpd_dspam_rw_content_t, httpd_git_rw_content_t, httpd_lock_t, httpd_man2html_rw_content_t, httpd_mediawiki_rw_content_t, httpd_mojomojo_rw_content_t, httpd_munin_rw_content_t, httpd_mythtv_rw_content_t, httpd_nagios_rw_content_t, httpd_nutups_cgi_rw_content_t, httpd_openshift_rw_content_t, httpd_prewikka_rw_content_t, httpd_smokeping_cgi_rw_content_t, httpd_squid_rw_content_t, httpd_squirrelmail_t, httpd_sys_rw_content_t, httpd_tmp_t, httpd_tmpfs_t, httpd_user_rw_content_t, httpd_var_lib_t, httpd_var_run_t, httpd_w3c_validator_rw_content_t, httpd_webalizer_rw_content_t, httpd_zoneminder_rw_content_t, initrc_tmp_t, jetty_cache_t, jetty_log_t, jetty_var_lib_t, jetty_var_run_t, krb5_host_rcache_t, passenger_tmp_t, passenger_var_run_t, pki_ra_etc_rw_t, pki_ra_log_t, pki_ra_var_lib_t, pki_tps_etc_rw_t, pki_tps_log_t, pki_tps_var_lib_t, puppet_tmp_t, squirrelmail_spool_t, systemd_passwd_var_run_t, user_cron_spool_t, zarafa_var_lib_t, zoneminder_var_lib_t. 
  - Then execute<code>
restorecon -v '/etc/dokuwiki/users.auth.php'
</code>

==== Solution ====
(at least for 2013-08-09 Fedora 19 "Schrödinger's Cat')
As root do:
<code bash>
semanage fcontext -a -t httpd_mediawiki_rw_content_t '/etc/dokuwiki'
restorecon -v '/etc/dokuwiki'
semanage fcontext -a -t httpd_mediawiki_rw_content_t '/etc/dokuwiki/users.auth.php'
restorecon -v '/etc/dokuwiki/users.auth.php'
semanage fcontext -a -t httpd_mediawiki_rw_content_t '/etc/dokuwiki/local.php'
restorecon -v '/etc/dokuwiki/local.php'
</code>

==== Solution 2 ====

I'm not a SELinux or Fedora expert, but thanks to people from the #selinux Freenode IRC channel I managed to fix the problem in the following way:
<code>
# semanage fcontext -a -t httpd_sys_rw_content_t '/etc/dokuwiki(/.*)?'
# restorecon -v '/etc/dokuwiki' -R
</code>

Tried with Fedora 20 on 2014-02-17.


==== Solution 3 ====

The Fedora ''dokuwiki-selinux-20230404a-4.fc40.noarch'' package's postinstall-script adds the following fcontext policy entries:

<code>
semanage fcontext -a -t httpd_sys_rw_content_t '/etc/dokuwiki(/.*)?'
semanage fcontext -a -t httpd_sys_content_t '/usr/share/dokuwiki(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/usr/share/dokuwiki/lib/plugins(/.*)?'
restorecon -R '/etc/dokuwiki'
restorecon -R '/usr/share/dokuwiki'
</code>

In addition, The Fedora dokuwiki package places the ''data'' subdirectory in ''/var/lib/dokuwiki'', which has the following policy:

<code>
$ ls -laZ /var/lib/dokuwiki/
total 12
drwxr-xr-x.  3 root   root   system_u:object_r:httpd_sys_rw_content_t:s0 4096 Apr 26 15:28 .
drwxr-xr-x. 28 root   root   system_u:object_r:var_lib_t:s0              4096 Apr 26 15:28 ..
drwxr-xr-x. 13 apache apache system_u:object_r:httpd_sys_rw_content_t:s0 4096 Apr 26 15:28 data
</code>

Based on the above, the following policies should be needed when installing dokuwiki from the original tarball under /srv/http/wiki.example.net/:

<code>
semanage fcontext -a -t httpd_sys_content_t '/srv/http/wiki.example.net(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/srv/http/wiki.example.net/conf(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/srv/http/wiki.example.net/data(/.*)?'
semanage fcontext -a -t httpd_sys_rw_content_t '/srv/http/wiki.example.net/lib/plugins(/.*)?'
</code>
==== Solution 4 ====
The ''chcon'' command changes the SELinux context for files temporary. These changes do not survive a file system relabel, or the ''restorecon'' command.

    chcon -t httpd_sys_rw_content_t /etc/dokuwiki/ -R
    chcon -t httpd_sys_content_t /usr/share/dokuwiki/ -R
    chcon -t httpd_sys_rw_content_t /usr/share/dokuwiki/lib/plugins/ -R

You can restore default SELinux context for this files by running:
    restorecon -R '/etc/dokuwiki/'
    restorecon -R '/usr/share/dokuwiki/'
    restorecon -R '/usr/share/dokuwiki/lib/plugins/'

====== Install the package downloaded from the website ======

See [[https://openhsc.org/wiki/install_nginx_and_dokuwiki_on_fedora_server_29|this wiki page on how to install DokuWiki with nginx on Fedora 29]]