====== DokuWiki on OpenBSD ======
=====Installation from the package=====
To install [[:DokuWiki]] using the [[https://openbsd.org|OpenBSD]] packages use the [[https://www.openbsd.org/faq/faq15.html|package manager]]:
~$ doas pkg_add dokuwiki
The package manager will take care of setting up dependencies and chroot requirements.
Note: The package ''dokuwiki-2022.07.31ap0'' and ''dokuwiki-2023.04.04'' (in snapshots) require users wanting to install templates using the Extension Manager to change the owner of ''/var/www/dokuwiki/lib/tpl'' to ''www'':
# chown www /var/www/dokuwiki/lib/tpl
:!: Note: The currently available OpenBSD ports ''dokuwiki-2022.07.31ap0'' and ''dokuwiki-2023.04.04'' (in snapshots) contain a small bug. You will need to fix the permissions like this:
# chown www /var/www/dokuwiki/data/log
This bug will probably be fixed in newer versions of the ports.
=====Manual installation=====
The package doesn't do all of this so you should also look at this if you run into problems.
First install PHP and a dependency if required((The ''php'' and ''php-gd'' packages should have been installed by the ''dokuwiki'' package as dependencies. Manual installation should not be necessary.)):
~$ doas pkg_add php php-gd
You should be able to choose the newest version of PHP. We will use 8.0 for this example.
To enable the installed PHP package add the symbolic links as root:
# cd /etc/php-8.0.sample
# for i in *; do ln -sf ../php-8.0.sample/$i ../php-8.0/; done
Start up the PHP FPM daemon:
~$ doas rcctl start php80_fpm
==== Add the daemon to the list of things started up at boot ====
Old method\\
Add the daemon to the list of things started up at boot in the /etc/rc.conf.local file (you might have to create it) by adding it to any existing list like this:
~$ doas rcctl enable php80_fpm
Once you have PHP working you can go through the generic [[::install|installation instructions]]. Pay particular attention to setting up the [[install:permissions|permissions]] properly. If you are using the OpenBSD httpd web server you will be setting things to a user of www and group of www.
=====Httpd configuration=====
You may want to change your httpd.conf to something similar show below.
server "default" {
listen on egress port 80
listen on 127.0.0.1 port 80
location "/*.inc" { block }
location "/*.ht*" { block }
location "/data/*" { block }
location "/conf/*" { block }
location "/bin/*" { block }
location "/inc/*" { block }
location "/vendor/*" { block }
location "/dokuwiki/*.php*" {
root "/dokuwiki"
request strip 1
fastcgi socket "/run/php-fpm.sock"
}
location "/dokuwiki/*" {
directory index index.php
root "/dokuwiki"
request strip 1
}
}
Note: The above is a very generic minimal configuration. It assumes yo can access DokuWiki using the url ''%%http://%%////%%/dokuwiki/%%'' or locally using ''%%http://localhost/dokuwiki/%%'' You SHOULD probably set DokuWiki up to use HTTPS so that login credentials will be transferred securely. It is fairly easy to do this using e.g. [[https://letsencrypt.org|Let's Encrypt]] and [[https://man.openbsd.org/acme-client.1|acme-client(1)]]. Simply redirect all requests on port 80 to port 443, except for the ACME challenge and change the above ''listen'' statements to port 443 and add the appropriate ''tls {}'' configuration.
A slightly better configuration which would be accessible using the url ''%%https://%%////%%/%%'' (using ''wiki.example.com'' as the hostname for this example) might look like this:
# Redirect HTTP requests to HTTPS and handle ACME certificate verification
# requests.
server "wiki.example.com" {
listen on * port 80
# Add other hostnames here if you have multiple virtual hosts that
# require the same functionality. No need to write extra server {}
# blocks for them.
# alias "other.host.name"
block return 301 "https://$HTTP_HOST$REQUEST_URI"
location "/.well-known/acme-challenge/*" {
pass
root "/acme"
request strip 2
}
}
# This is the server for hosting a DokuWiki website.
server "wiki.example.com" {
# Always use HTTPS so that login credentials are encrypted.
listen on * tls port 443
tls {
# Adjust these paths for the ones your certificate uses.
certificate "/etc/ssl/fullchain.pem"
key "/etc/ssl/private/privkey.key"
}
# If you are using the default DokuWiki as installed from the
# OpenBSD dokuwiki port then this is your root directory. If
# you are using a manual installation, adjust as needed.
root "/dokuwiki"
# Make sure that https:/// works (in addition to
# https:///doku.php)
directory index doku.php
# Block some things.
# Note: The first matching location statement wins. Thus the
# order is important.
location "*~" { block }
location ".*" { block }
location "/data/*" { block }
location "/conf/*" { block }
location "/bin/*" { block }
location "/inc/*" { block }
location "/vendor/*" { block }
# If nothing was blocked then handle PHP scripts.
location "*.php" {
# If you are running multiple versions of php-fpm
# you may need to adjust the socket path.
fastcgi socket "/run/php-fpm.sock"
}
}
Don't forget to check your configuration using ''httpd -n''! If all is well you can start httpd(8) using:
~$ doas rcctl start httpd
To enable httpd(8) at boot time use:
~$ doas rcctl enable httpd
And for completeness, after changing your httpd.conf use:
~$ doas httpd -n
~$ doas rcctl reload httpd
or
~$ doas httpd -n
~$ doas rcctl restart httpd
=====Allowing outgoing http connections=====
The OpenBSD web server chroot is fairly restrictive by default. If you want to use things like automatic extension downloading you will need to open things up a bit. This should allow outgoing http and https connections. As root (creating any needed directories on the way):
# mkdir /var/www/dev
# mknod /var/www/dev/urandom c 45 2
# mkdir /var/www/etc
# cp /etc/resolv.conf /var/www/etc/
# cp /etc/hosts /var/www/etc/
# cp /etc/services /var/www/etc/
# mkdir /var/www/etc/ssl
# cp /etc/ssl/cert.pem /var/www/etc/ssl/
Then restart the php daemon:
~$ doas rcctl start php80_fpm