Wikina/Technical documentation
Thank you for contributing to this page, collecting info about the website called wikina, served at https://wiki.wikimedia.it/ and running MediaWiki.
Server
The website is served by server ⚙️ intreccio
.
Webserver
The frontend webserver is Apache HTTP. Its configuration is published here:
In short, Apache HTTPd serves static files as-is.
Dynamic files are proxed to the underlying #PHP FPM webserver.
PHP FPM
The PHP FPM (FastCGI Process Manager) is a dedicated process serving PHP files.
The configuration of PHP FPM is splitted in pools. Relevant pool:
/etc/php/7.3/fpm/pool.d/wikina.conf
TODO: publish this configuration file on git.
The backend PHP FPM webserver does not listen to a port but to a filesystem socket. It is here:
/run/php/php7.3-fpm-wikina.sock
Apache is the only user who can connect to that socket.
Filesystem
This is a filesystem overview:
root@intreccio:/var/www/wikina# ls -la total 72 drwxr-x--- 11 wmit-wikina wmit-wikina 4096 gen 26 20:54 . drwxr-xr-x 21 root root 4096 gen 9 11:37 .. drwxrwx--- 2 wmit-wikina wmit-wikina 20480 gen 9 13:38 cache drwxr-x--- 2 wmit-wikina wmit-wikina 4096 gen 9 13:43 debug drwxr-xr-x 31 root root 4096 gen 9 13:28 extensions drwxr-xr-x 2 root root 4096 nov 28 19:44 fonts drwxr-xr-x 24 wmit-wikina wmit-wikina 4096 gen 9 11:37 images lrwxrwxrwx 1 root root 83 dic 19 08:32 LocalSettings-public.php -> /etc/wmit-infrastructure/servers/intreccio/projects/wikina/LocalSettings-public.php -rw-r----- 1 root wmit-wikina 675 set 3 23:51 LocalSettings-secret.php drwxr-xr-x 14 root root 4096 gen 9 13:38 mediawiki-1.35.6 drwxr-xr-x 14 root root 4096 lug 23 2022 mediawiki-1.35.7 lrwxrwxrwx 1 root root 67 dic 19 08:32 scripts -> /etc/wmit-infrastructure/servers/intreccio/projects/wikina/scripts/ drwxrwx--- 2 wmit-wikina wmit-wikina 4096 gen 27 07:17 tmp lrwxrwxrwx 1 root root 16 giu 15 2022 www -> mediawiki-1.35.6
Pathnames that MUST NOT be writable by anyone and MUST be readable by the application:
# chown root:wmit-wikina # chmod o= /var/www/wikina/extensions/LocalSettings-secret.php
Pathnames that MUST be private to others and MUST be readable and writable to the application:
# chown wmit-wikina: # chmod o= /var/www/wikina/tmp /var/www/wikina/cache /var/www/wikina/debug
Pathnames that MUST be read-only and SHOULD be kept public (since they do not contains any secret):
# chown root: /var/www/wikina/extensions /var/www/wikina/extensions/fonts /var/www/wikina/extensions/LocalSettings-public.php /var/www/wikina/extensions/www /var/www/wikina/extensions/mediawiki-*/ /var/www/wikina/extensions/scripts
Pathnames that MUST be writable by the application and SHOULD be public (since they do not contain any secret):
# chown wmit-wikina: /var/www/wikina/images
MediaWiki
MediaWiki configuration
The MediaWiki configuration is published here:
The public configuration is here on the filesystem:
/var/www/wikina/LocalSettings-public.php
The secret configuration is on the server itself and it just contains database password, email credentials, upgrade key, and nothing else.
The secret configuration is here on the filesystem:
nano /var/www/wikina/LocalSettings-secret.php
Systemd unit
There is a systemd unit executing MediaWiki background jobs. Here the unit:
Here its source code:
Unix
There is a dedicated Unix user called wmit-wikina:wmit-wikina
.
Writable files are assigned to that user.
Non-writable files are assigned to the user root:root
.
Extensions
Extensions are deployed here:
/var/www/wikina/extensions
Then they can be activated from the #MediaWiki configuration.
Database
The database is a local, standard MariaDB installation.
Database name:
wikina
There is a dedicated username with its credential. It's only stored in the secret #MediaWiki configuration and nowhere else.
Backup
Backup on-site
The database is under a daily on-site backup, executed daily, before midnight. This is the on-site path:
/var/backups/wmi/intreccio.wikimedia.it/daily/databases/wikina.sql.gz
Backup off-site
The backup is then pushed off-site on this server:
General details:
That copy is then kept for some days, rotated on daily basis. Example location:
/var/backups/wmi/intreccio.wikimedia.it /var/backups/wmi.1/intreccio.wikimedia.it /var/backups/wmi.2/intreccio.wikimedia.it
Etc.
Complete snapshot
There is also a complete daily server snapshot executed from the OpenStack provider, restorable by any "admin" or "superadmin" of this provider:
Don't execute a manual snapshot randomly since it can put the server offline for several minutes.
Don't allocate a server snapshot randomly since it consumes paid resources.
Phabricator Workboard
To report feature requests / bugs:
Accessi a: Server intreccio
Elenco di tutti i ruoli e le relative utenze che possono accedere a Server intreccio:
Per aggiungere un ruolo o una utenza, aggiungere il seguente template nella pagina utente della persona mancante:
{{Accesso|Server intreccio|RUOLO}}
Accessi a: Wikina
Elenco di tutti i ruoli e le relative utenze che possono accedere a Wikina:
Per aggiungere un ruolo o una utenza, aggiungere il seguente template nella pagina utente della persona mancante:
{{Accesso|Wikina|RUOLO}}
Accessi a: Fornitore vh
Elenco di tutti i ruoli e le relative utenze che possono accedere a Fornitore vh:
Per aggiungere un ruolo o una utenza, aggiungere il seguente template nella pagina utente della persona mancante:
{{Accesso|Fornitore vh|RUOLO}}
Contact
Thank you for your contributions to this page and on the WMIT infrastructure in general ❤️