====== CentOS ====== CentOS 7.x with firewallcmd ===== Firewall Rules ===== Incoming traffic on port 80 may be blocked by default. If so, we must create a permanent firewall rule to accept incoming traffic to our DokuWiki website. sudo firewall-cmd --permanent --zone=public --add-service=http sudo firewall-cmd --reload ===== Apache ===== Ensure apache service always starts on boot. sudo systemctl enable httpd.service mod_rewrite must be enabled so the .htaccess file which locks down the ///data// directory can be executed. mod_rewrite is enabled by default on CentOS 7.x, if you need to re-enable it add the following line to a new .conf file and restart apache to load the mod_rewrite module echo LoadModule rewrite_module modules/mod_rewrite.so > /etc/httpd/conf.d/addModule-mod_rewrite.conf sudo systemctl restart httpd.service ===== PHP GD Module Install ===== The PHP GD module must be installed for image resizing. sudo yum install php-gd ===== SELinux Note ===== CentOS comes with SELinux enabled by default which prevents the apache user from writing to the Document Root and sub directories. ==== Option 1 ==== Switch SELinux to permissive mode, only for the httpd(Apache) service. This will leave SELinux enforcing for the rest of the system. This is the easier solution, but arguably also the less safe, as SELinux does not provide any protection for httpd. sudo yum install policycoreutils-python sudo semanage permissive -a httpd_t ==== Option 2 ==== Modify SELinux context (conf & data directories) sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/dokuwiki/conf(/.*)?" (Try adding -h option if it doesn't work) sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/dokuwiki/data(/.*)?" sudo restorecon -Rv /var/www/html/dokuwiki/conf sudo restorecon -Rv /var/www/html/dokuwiki/data Using the Wiki Upgrade Plugin & the Extension Manager \\ To use the Wiki Upgrade Plugin & the Extension Manager with option 2 you also have to grant apache access to the network, otherwise you will get the error : **Could not connect Permission denied** sudo setsebool -P httpd_can_network_connect on check with ''getsebool -a | grep httpd_can_network_connect'' Allowing apache to send mail using postfix \\ If you get error : **open /etc/postfix/main.cf: Permission denied** in /var/log/maillog, you have to grant apache to send e-mails: sudo setsebool -P httpd_can_sendmail on check with ''getsebool -a | grep httpd_can_sendmail'' Additionally you need to modify the SElinux context for the extension manager: sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/dokuwiki/lib/plugins(/.*)?" sudo restorecon -Rv /var/www/html/dokuwiki/lib/plugins sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/dokuwiki/lib/tpl(/.*)?" sudo restorecon -Rv /var/www/html/dokuwiki/lib/tpl When using the Wiki Upgrade Plugin, temporary access is needed for all dokuwiki directories, follow the steps below to accomplish this: - Change the SElinux context for the dokuwiki folder: sudo semanage fcontext -a -t httpd_sys_rw_content_t "/var/www/html/dokuwiki(/.*)?" sudo restorecon -Rv /var/www/html/dokuwiki - Use the wiki upgrade plugin to perform the upgrade - Remove the SElinux context from the dokuwiki folder: sudo semanage fcontext --delete "/var/www/html/dokuwiki(/.*)?" sudo restorecon -Rv /var/www/html/dokuwiki ==== Troubleshooting ==== If a HTTP 500 error code is returned, maybe the SELinux context of the files in the /var/www/html/dokuwiki directory is incorrect. The required context appears to be "httpd_sys_content_t"