Differenze tra le versioni di "Wikina/Technical documentation"
m (asd) |
(→PHP FPM: +#Filesystem) |
||
Riga 26: | Riga 26: | ||
== PHP FPM == | == PHP FPM == | ||
+ | |||
+ | The PHP FPM (FastCGI Process Manager) is a dedicated process serving PHP files. | ||
+ | |||
+ | The configuration of PHP FPM is splitted in pools. Relevant pool: | ||
+ | |||
+ | /etc/php/7.3/fpm/pool.d/wikina.conf | ||
+ | |||
+ | TODO: publish this configuration file on git. | ||
The backend PHP FPM webserver does not listen to a port but to a filesystem socket. It is here: | The backend PHP FPM webserver does not listen to a port but to a filesystem socket. It is here: | ||
Riga 31: | Riga 39: | ||
/run/php/php7.3-fpm-wikina.sock | /run/php/php7.3-fpm-wikina.sock | ||
− | Apache | + | Apache is the only user who can connect to that socket. |
+ | |||
+ | == Filesystem == | ||
+ | |||
+ | This is a filesystem overview: | ||
+ | |||
+ | <pre> | ||
+ | root@intreccio:/var/www/wikina# ls -la | ||
+ | total 72 | ||
+ | drwxr-x--- 11 wmit-wikina wmit-wikina 4096 gen 26 20:54 . | ||
+ | drwxr-xr-x 21 root root 4096 gen 9 11:37 .. | ||
+ | drwxrwx--- 2 wmit-wikina wmit-wikina 20480 gen 9 13:38 cache | ||
+ | drwxr-x--- 2 wmit-wikina wmit-wikina 4096 gen 9 13:43 debug | ||
+ | drwxr-xr-x 31 root root 4096 gen 9 13:28 extensions | ||
+ | drwxr-xr-x 2 root root 4096 nov 28 19:44 fonts | ||
+ | drwxr-xr-x 24 wmit-wikina wmit-wikina 4096 gen 9 11:37 images | ||
+ | lrwxrwxrwx 1 root root 83 dic 19 08:32 LocalSettings-public.php -> /etc/wmit-infrastructure/servers/intreccio/projects/wikina/LocalSettings-public.php | ||
+ | -rw-r----- 1 root wmit-wikina 675 set 3 23:51 LocalSettings-secret.php | ||
+ | drwxr-xr-x 14 root root 4096 gen 9 13:38 mediawiki-1.35.6 | ||
+ | drwxr-xr-x 14 root root 4096 lug 23 2022 mediawiki-1.35.7 | ||
+ | lrwxrwxrwx 1 root root 67 dic 19 08:32 scripts -> /etc/wmit-infrastructure/servers/intreccio/projects/wikina/scripts/ | ||
+ | drwxrwx--- 2 wmit-wikina wmit-wikina 4096 gen 27 07:17 tmp | ||
+ | lrwxrwxrwx 1 root root 16 giu 15 2022 www -> mediawiki-1.35.6 | ||
+ | </pre> | ||
+ | |||
+ | Pathnames that SHOULD be public but MUST be in read-only (assigned to the root user): | ||
+ | |||
+ | <pre> | ||
+ | /var/www/wikina/extensions | ||
+ | /var/www/wikina/extensions/fonts | ||
+ | /var/www/wikina/extensions/LocalSettings-public.php | ||
+ | /var/www/wikina/extensions/www | ||
+ | /var/www/wikina/extensions/mediawiki-*/ | ||
+ | /var/www/wikina/extensions/scripts | ||
+ | </pre> | ||
+ | |||
+ | Pathnames that MUST be private and readable and writable only by the application (assigning to the app user and removing others): | ||
+ | |||
+ | <pre> | ||
+ | /var/www/wikina/tmp | ||
+ | /var/www/wikina/cache | ||
+ | /var/www/wikina/debug | ||
+ | </pre> | ||
+ | |||
+ | Pathnames that SHOULD be public and MUST be writable by the application: | ||
+ | |||
+ | <pre> | ||
+ | /var/www/wikina/images | ||
+ | </pre> | ||
== MediaWiki == | == MediaWiki == |
Versione delle 08:25, 27 gen 2023
Thank you for contributing to this page, collecting info about the website called wikina, served at https://wiki.wikimedia.it/ and running MediaWiki.
Server
The website is served by server ⚙️ intreccio
.
Webserver
The frontend webserver is Apache HTTP. Its configuration is published here:
In short, Apache HTTPd serves static files as-is.
Dynamic files are proxed to the underlying #PHP FPM webserver.
PHP FPM
The PHP FPM (FastCGI Process Manager) is a dedicated process serving PHP files.
The configuration of PHP FPM is splitted in pools. Relevant pool:
/etc/php/7.3/fpm/pool.d/wikina.conf
TODO: publish this configuration file on git.
The backend PHP FPM webserver does not listen to a port but to a filesystem socket. It is here:
/run/php/php7.3-fpm-wikina.sock
Apache is the only user who can connect to that socket.
Filesystem
This is a filesystem overview:
root@intreccio:/var/www/wikina# ls -la total 72 drwxr-x--- 11 wmit-wikina wmit-wikina 4096 gen 26 20:54 . drwxr-xr-x 21 root root 4096 gen 9 11:37 .. drwxrwx--- 2 wmit-wikina wmit-wikina 20480 gen 9 13:38 cache drwxr-x--- 2 wmit-wikina wmit-wikina 4096 gen 9 13:43 debug drwxr-xr-x 31 root root 4096 gen 9 13:28 extensions drwxr-xr-x 2 root root 4096 nov 28 19:44 fonts drwxr-xr-x 24 wmit-wikina wmit-wikina 4096 gen 9 11:37 images lrwxrwxrwx 1 root root 83 dic 19 08:32 LocalSettings-public.php -> /etc/wmit-infrastructure/servers/intreccio/projects/wikina/LocalSettings-public.php -rw-r----- 1 root wmit-wikina 675 set 3 23:51 LocalSettings-secret.php drwxr-xr-x 14 root root 4096 gen 9 13:38 mediawiki-1.35.6 drwxr-xr-x 14 root root 4096 lug 23 2022 mediawiki-1.35.7 lrwxrwxrwx 1 root root 67 dic 19 08:32 scripts -> /etc/wmit-infrastructure/servers/intreccio/projects/wikina/scripts/ drwxrwx--- 2 wmit-wikina wmit-wikina 4096 gen 27 07:17 tmp lrwxrwxrwx 1 root root 16 giu 15 2022 www -> mediawiki-1.35.6
Pathnames that SHOULD be public but MUST be in read-only (assigned to the root user):
/var/www/wikina/extensions /var/www/wikina/extensions/fonts /var/www/wikina/extensions/LocalSettings-public.php /var/www/wikina/extensions/www /var/www/wikina/extensions/mediawiki-*/ /var/www/wikina/extensions/scripts
Pathnames that MUST be private and readable and writable only by the application (assigning to the app user and removing others):
/var/www/wikina/tmp /var/www/wikina/cache /var/www/wikina/debug
Pathnames that SHOULD be public and MUST be writable by the application:
/var/www/wikina/images
MediaWiki
MediaWiki configuration
The MediaWiki configuration is published here:
The public configuration is here on the filesystem:
/var/www/wikina/LocalSettings-public.php
The secret configuration is on the server itself and it just contains database password, email credentials, upgrade key, and nothing else.
The secret configuration is here on the filesystem:
nano /var/www/wikina/LocalSettings-secret.php
Systemd unit
There is a systemd unit executing MediaWiki background jobs. Here the unit:
Here its source code:
Unix
There is a dedicated Unix user called wmit-wikina:wmit-wikina
.
Writable files are assigned to that user.
Non-writable files are assigned to the user root:root
.
Extensions
Extensions are deployed here:
/var/www/wikina/extensions
Then they can be activated from the #MediaWiki configuration.
Database
The database is a local, standard MariaDB installation.
Database name:
wikina
There is a dedicated username with its credential. It's only stored in the secret #MediaWiki configuration and nowhere else.
Backup
Backup on-site
The database is under a daily on-site backup, executed daily, before midnight. This is the on-site path:
/var/backups/wmi/intreccio.wikimedia.it/daily/databases/wikina.sql.gz
Backup off-site
The backup is then pushed off-site on this server:
General details:
That copy is then kept for some days, rotated on daily basis. Example location:
/var/backups/wmi/intreccio.wikimedia.it /var/backups/wmi.1/intreccio.wikimedia.it /var/backups/wmi.2/intreccio.wikimedia.it
Etc.
Complete snapshot
There is also a complete daily server snapshot executed from the OpenStack provider, restorable by any "admin" or "superadmin" of this provider:
Don't execute a manual snapshot randomly since it can put the server offline for several minutes.
Don't allocate a server snapshot randomly since it consumes paid resources.
Phabricator Workboard
To report feature requests / bugs:
Accessi a: Server intreccio
Elenco di tutti i ruoli e le relative utenze che possono accedere a Server intreccio:
Per aggiungere un ruolo o una utenza, aggiungere il seguente template nella pagina utente della persona mancante:
{{Accesso|Server intreccio|RUOLO}}
Accessi a: Wikina
Elenco di tutti i ruoli e le relative utenze che possono accedere a Wikina:
Per aggiungere un ruolo o una utenza, aggiungere il seguente template nella pagina utente della persona mancante:
{{Accesso|Wikina|RUOLO}}
Accessi a: Fornitore vh
Elenco di tutti i ruoli e le relative utenze che possono accedere a Fornitore vh:
Per aggiungere un ruolo o una utenza, aggiungere il seguente template nella pagina utente della persona mancante:
{{Accesso|Fornitore vh|RUOLO}}
Contact
Thank you for your contributions to this page and on the WMIT infrastructure in general ❤️