Difference: TWikiInstallationGuide (79 vs. 80)

Revision 802013-08-30 - TWikiContributor

Line: 1 to 1
 

TWiki Installation Guide

Line: 10 to 10
 

Preparing to install TWiki

Changed:
<
<
Before attempting to install TWiki, you are encouraged to review the AdminSkillsAssumptions. This guide assumes the user installing TWiki has, at a minimum, basic knowledge of server administration on the system on which TWiki is to be installed. While it is possible to install TWiki with FTP access alone (for example, on a hosted site), it is tricky and may require additional support from your hosting service (for example, in setting file ownership and installing missing Perl CPAN libraries).
>
>
Before attempting to install TWiki, you are encouraged to review the AdminSkillsAssumptions. This guide assumes you have, at a minimum, basic knowledge of server administration on the system on which TWiki is to be installed. While it is possible to install TWiki with FTP access alone (for example, on a hosted site), it is tricky and may require additional support from your hosting service (for example, in setting file ownership and installing missing Perl CPAN libraries).
  To help setup a correct Apache configuration, you are very much encouraged to use the automatic tool TWiki:TWiki.ApacheConfigGenerator which generates the contents for an Apache config file for TWiki based on your inputs.
Changed:
<
<
While this installation guide specifically describes installation on an Apache web server on Linux, TWiki should be fine with any web server and OS that meet the system requirements (see below). For additional notes on installing TWiki on other systems, see TWiki:TWiki.InstallingTWiki#OtherPlatforms.
>
>
While this installation guide specifically describes installation on an Apache web server on Linux, TWiki should work fine with any web server and OS that meet the system requirements (see below). For additional notes on installing TWiki on other systems, see TWiki:TWiki.InstallingTWiki#OtherPlatforms.
  If you are installing TWiki without Unix/Linux root (administrator) privileges (for example, on a hosted domain), see "Notes on Installing TWiki on Non-Root Account" below for supplemental instructions to the basic steps presented below.
Line: 29 to 29
 
  1. Download the TWiki distribution from http://TWiki.org/. (Example - download TWiki-5.1.2.tgz for Linux)
  2. Copy the downloaded package into the directory where you want to install TWiki (Example: /home/httpd ). Unpack the distribution in it (Example: tar xvfz TWiki-5.1.2.tgz). The unpack will create a directory called twiki which contains the TWiki package. In the rest of this document we assume this directory is called twiki.
Changed:
<
<
    • Note: TWiki does not allow spaces in the directory names. Especially on Windows make sure to use a directory path without spaces.
>
>
    • Note: TWiki does not allow spaces in directory names. Especially on Windows make sure to use a directory path without spaces.
 
  1. Setup access file and directory rights to enable the webserver user (the user Apache runs the CGI scripts as) to read and write inside the twiki directory.
    • Warning: Do not just just run a chmod -R 770 twiki. The access rules have different meaning for files and directories. This is the most common mistake installers make.
    • The distribution tgz has the file and directory access rights setup to work with a reasonable security level that will work for all types of installations including shared hosting.
Line: 37 to 37
 
      • RedHat, Fedora, CentOS, Gentoo, Mandriva : chown -R apache:apache /path/to/twiki
      • debian/Ubuntu/Kubunto : chown -R www-data:www-data /path/to/twiki
      • Suse : chown -R wwwrun:www /path/to/twiki
Changed:
<
<
    • If you mistakenly change the access rights in a way that makes TWiki stop working, simply run the script found at TWiki:TWiki.SettingFileAccessRightsLinuxUnix to set the access right of the entire TWiki tree back to the distributed defaults.
    • It is possible to define tighter access rules than the ones given by default after the installation is complete. But how tight they should be depends on your distribution and local needs. Typically you may want to limit all access from world if the webserver machine has login access for other users than root and the web server administrator. For a dedicated web server made just for running TWiki with limited login access the default access rights have a good safety level.
>
>
    • If you mistakenly change the access rights in a way that makes TWiki stop working, simply run the script found at TWiki:TWiki.SettingFileAccessRightsLinuxUnix to set the access rights of the entire TWiki tree back to the defaults in the distribution.
    • It is possible to define tighter access rules than the ones given by default after the installation is complete. But how tight they should be depends on your distribution and local needs. Typically you may want to limit all access from world if the webserver machine has login access for other users than root and the web server administrator. For a dedicated web server made just for running TWiki with limited login access the default access rights are reasonable.
 
  1. Check the Perl installation. Ensure that Perl 5 and the Perl CGI library are installed on your system.
    • The default location of Perl is /usr/bin/perl. If it's somewhere else, change the path to Perl in the first line of each script in the twiki/bin directory.
    • Some systems require a special extension on perl scripts (e.g. .cgi or .pl). This is normally only needed under Windows and only where perl scripts are only recognized by file extension. Linux and Unix users should normally never need to do this. If necessary, rename all files in twiki/bin (i.e. rename view to view.pl etc). If you do this, make sure you set the ScriptSuffix option in configure (Step 6).
  2. Create the file LocalLib.cfg located as twiki/bin/LocalLib.cfg
    • There is a template for this file in twiki/bin/LocalLib.cfg.txt. Simply copy LocalLib.cfg.txt to LocalLib.cfg. Make sure the ownership and access rights of the copy are the same as LocalLib.cfg.txt
Changed:
<
<
    • The file twiki/bin/LocalLib.cfg must contain a setting for $twikiLibPath, which must point to the absolute file path of your twiki/lib e.g. /var/www/twiki/lib.
>
>
    • The file twiki/bin/LocalLib.cfg must contain a setting for $twikiLibPath, which must point to the absolute directory path of your twiki/lib e.g. /var/www/twiki/lib.
 
    • If you need to install additional CPAN modules, but can't update the main Perl installation files on the server, you can set $CPANBASE to point to your personal CPAN install. Don't forget that the webserver user has to be able to read those files as well.
Changed:
<
<
  1. Choose best configuration method for your webserver. There are two ways to configure Apache: config file included from httpd.conf or .htaccess files
    • Apache config file: The recommended method is using a config file. With a config file you can put the entire TWiki configuration in ONE file (typically named twiki.conf). Performance is much better with a config file, and one file gives the best overview and ensures that you get a safe installation . However using a config file requires that you can restart Apache which again means that you need root or sudo access to stop and start Apache. The TWiki apache config file is included from the main Apache config file http.conf. Most distributions have a directory from which any file that ends with .conf gets included when you restart Apache (Example RedHat/Fedora/Centos: /etc/httpd/conf.d). If you use a virtual host setup in Apache you should include the twiki.conf file from inside the desired virtual host config in your Apache configuration.
    • .htaccess file: This should only be used when you cannot use a config file. Performance is slowed down because Apache has to look through all directories in search for possible .htaccess files each time someone views a page in TWiki. Normally this is the only way to control Apache in a shared host environment where you have no root or sudo privileges.
>
>
  1. Choose best configuration method for your webserver. There are two ways to configure Apache: config file included from httpd.conf or .htaccess files.
    • Apache config file: The recommended method is using a config file. With a config file you can put the entire TWiki configuration in ONE file (typically named twiki.conf). Performance is much better with a config file, and makes setting up a correct and safe installation easier. However using a config file requires that you can restart Apache which again means that you need root or sudo access to stop and start Apache. The TWiki apache config file is included from the main Apache config file httpd.conf. Most distributions have a directory from which any file that ends with .conf gets included when you restart Apache (Example RedHat/Fedora/Centos: /etc/httpd/conf.d). If you use a virtual host setup in Apache you should include the twiki.conf file from inside the desired virtual host config in your Apache configuration.
    • .htaccess files: This option should only be used when you cannot use a config file. Performance is slowed down because Apache has to look through all directories in search of possible .htaccess files each time someone views a page in TWiki. Normally this is the only way to control Apache in a shared host environment where you have no root or sudo privileges.
 
  1. Configure the webserver
    • Unless you are an Apache expert setting up the webserver can be quite difficult. But TWiki has three resources that make setting up Apache easier.
      • The best and easiest way is to use webpage TWiki:TWiki.ApacheConfigGenerator which contains a tool that can generate a safe and working config file for TWiki on Apache.
Changed:
<
<
      • In the root of the twiki installation you find an example config file twiki_httpd_conf.txt
      • In the root of the twiki installation and in the twiki/bin directory you find example .htaccess files you can copy and modify. The files contains help text explaining how to set them up. In twiki/bin you find .htaccess.txt which can be copied to .htaccess and defined access to the CGI scripts. In the root of TWiki you find pub-htaccess.txt which you can copy to pub/.htaccess, subdir-htaccess.txt which you can copy to all directories as .htaccess except bin and pub, and you find root-htaccess.txt which you can copy to .htaccess in the twiki root directory. But again only use .htaccess files if you do not have root priviledges.
>
>
      • In the root of the twiki installation you find an example config file twiki_httpd_conf.txt (nevertheless, it is better to use the generator).
    • In case you do not have root priviledges on the server:
      • In the root of the twiki installation and in the twiki/bin directory you find example .htaccess files you can copy and modify. The files contains help text explaining how to set them up. In twiki/bin you find .htaccess.txt which can be copied to .htaccess and defined access to the CGI scripts.
      • In the root of TWiki you find pub-htaccess.txt which you can copy to pub/.htaccess, subdir-htaccess.txt which you can copy to all directories as .htaccess except bin and pub, and you find root-htaccess.txt which you can copy to .htaccess in the twiki root directory. But again only use .htaccess files if you do not have root priviledges.
 
    • If you are unsure about how to do this on your system, see TWiki:TWiki.InstallingTWiki#OtherPlatforms for links to information about various server setups.
    • Note: When you use config files you need to restart Apache each time you change a setting to make the new setting active.
Deleted:
<
<
  1. Protect the configure script
    • You should never leave the configure script open to the public. Limit access to the twiki/bin/configure script to either localhost, an IP address or a specific user using basic Apache authentication. The TWiki:TWiki.ApacheConfigGenerator lets you setup who has access to the configure script. Also the example twiki-httpd-conf.txt and bin/.htaccess.txt files includes the needed setting to protect the configure script.
    • If you limit the access to a particular user then you need to setup a .htpasswd file that contains the user name and password that Apache will authenticate against. Per default both TWiki:TWiki.ApacheConfigGenerator and the example config files and .htaccess files uses twiki/data/.htpasswd but this file does not exist until you have TWiki running and have registered the first user. You therefore have two options. Either limit the access to localhost or an IP address, or make a .htpasswd file. To make a .htpasswd file change directory to twiki/data and issue the command htpasswd -c .htpasswd username and enter your password when asked. The username must match the Require user username directive in the Apache config file or .htaccess file. Do not use a username you will later use to register in TWiki because TWiki will then claim that you are already registered.
 
  1. Run the configure script from your browser (enter http://yourdomain/twiki/bin/configure into your browser address bar)
    • Specify and reenter a password. This is your configure password, as well as the admin user password once TWiki is running.
      • Note: In case you forgot the password, you can reset it by deleting $TWiki::cfg{Password} from LocalSite.cfg file from {TWIKI_ROOT}/lib directory.
Line: 75 to 74
  Before you continue any further there are some basic and very important security settings you have to make sure are set correctly.
Changed:
<
<
  1. As already described above you should protect the configure script from general access. The configure script is designed for use by administrators only and should be restricted to invocation by them only, by using the basic Apache authentication. Because of this there has not been put much effort into hardening the script. The configure script cannot save any settings once the password has been saved the first time, but the script could still be vulnerable to specially crafted field values and the script reveals many details about the webserver that you should not display in public.
>
>
  1. As already described above, you should protect the configure script from general access. The configure script is designed for use by administrators only and should be restricted to invocation by them only, by using the basic Apache authentication. Because of this there has not been put much effort into hardening the script. The configure script cannot save any settings once the password has been saved the first time, but the script could still be vulnerable to specially crafted field values and the script reveals many details about the webserver that you should not display in public.
 
  1. You absolutely must turn off any kind of PHP, Perl, Python, Server Side Includes etc in the pub directory. TWiki has some built-in protection which renames files with dangerous filenames by appending .txt to the filename. But this is a secondary security measure. The essential action that you must take is to turn off any possible execution of any of the attached files.
    Most Linux distributions have a default Apache installation which has PHP and server side include (SSI) enabled.
  2. Make sure that you deny access to all other twiki directories than the bin and pub directories. When you have access to the Apache config files the twiki_httpd_conf.txt file mentioned above also contains protection of these directories.
Changed:
<
<
For those that do not have access to the Apache config files a sample subdir-htaccess.txt file can be copied as .htaccess to the data, lib, locale, templates, tools and working directories.
>
>
For those who do not have access to the Apache config files a sample subdir-htaccess.txt file can be copied as .htaccess to the data, lib, locale, templates, tools and working directories.
 
  1. Attachments are not secured by default to the access control setting of the topic. In other words, anyone can read them if they know the direct URL of the attachment, which includes name of the web, topic and attachment. You can configure TWiki to secure attachments.

The TWiki:TWiki.ApacheConfigGenerator as well as the example twiki_httpd_conf.txt and example htaccess.txt files include the needed settings that protect against all 4 security elements.

Line: 117 to 116
 

Define the Administrator User(s)

Changed:
<
<
Administrators have read and write access to any topic in TWiki, irrespectively of TWiki access controls. When you install TWiki one of the first things you will want to do is define yourself as an administrator. You become an administrator simply by adding yourself to the TWikiAdminGroup. It is the WikiName and not the login name you add to the group. Editing the Main.TWikiAdminGroup topic requires that you are an administrator. So to add the first administrator you need to login using the internal TWiki admin user login and the password you defined in configure.
>
>
Administrators have read and write access to any topic in TWiki, regardless of TWiki access controls. When you install TWiki one of the first things you will want to do is define yourself as an administrator. You become an administrator simply by adding yourself to the TWikiAdminGroup. It is the WikiName and not the login name you add to the group. Editing the Main.TWikiAdminGroup topic requires that you are an administrator. So to add the first administrator you need to login using the internal TWiki admin user login and the password you defined in configure.
 
  • Navigate to the Main.TWikiAdminGroup topic
  • Follow carefully the steps TWikiAdminGroup of how to become an admin
Line: 158 to 157
 

Enable WebStatistics

Changed:
<
<
You can generate a listing manually, or on an automated schedule, of visits to individual pages, on a per web basis. For information on setting up this feature, see the TWikiSiteTools topic.
>
>
You can generate a listing manually, or on an automated schedule, of visits to individual pages on a per web basis. For information on setting up this feature, see the TWikiSiteTools topic.
 

Automate removal of expired sessions and lease files

Changed:
<
<
Per default TWiki cleans out expired session and lease files each time any topic is viewed. This however comes at a cost of lower performance. It is an advantage to define a negative value in configure for {Sessions}{ExpireAfter} (turn on expert mode to see it), and install a crjob to run the tools/tick_twiki.pl script. Read The topic TWikiScripts#tick_twiki_pl for details how to do this.
>
>
Per default TWiki cleans out expired session and lease files each time any topic is viewed. This however comes at a cost of lower performance. It is an advantage to define a negative value in configure for {Sessions}{ExpireAfter} (turn on expert mode to see it), and install a cronjob to run the tools/tick_twiki.pl script. Read The topic TWikiScripts#tick_twiki_pl for details how to do this.
 

Enable Localization

Line: 178 to 177
 
  • Add a default ALLOWTOPICCHANGE so only the user can edit their own home topic. We do not encourage this for Intranet sites as it sends a wrong signal to new users, but it can be necessary on a public TWiki to prevent spam.
  • Add and remove fields defined in the UserForm
Changed:
<
<
If you choose to tailor anything you are strongly adviced to copy NewUserTemplate and UserForm to the Main web and tailor the Main web copies. TWiki will look for the NewUserTemplate in the Main web first and if it does not exist it uses the default from the TWiki web. By creating a Main.NewUserTemplate and its Main.UserForm you will not loose your customization next time you upgrade TWiki.
>
>
If you choose to tailor anything you are strongly advised to copy NewUserTemplate and UserForm to the Main web and tailor the Main web copies. TWiki will look for the NewUserTemplate in the Main web first and if it does not exist TWiki uses the default from the TWiki web. By creating a Main.NewUserTemplate and its Main.UserForm you will not loose your customization next time you upgrade TWiki.
  If you added or removed fields from the user form you may also need to tailor TWikiRegistration.
Line: 216 to 215
 

Customize the Look of Your TWiki!

Changed:
<
<
The real power of TWiki lies in it's flexibility to be customized to meet your needs. You can with small means change the looks of the default skins (called TopMenuSkin and PatternSkin) by reading the PatternSkinCustomization.
>
>
The real power of TWiki lies in its flexibility to be customized to meet your needs. You can easily change the look of the default skins (called TopMenuSkin and PatternSkin) by reading the PatternSkinCustomization.
 
Changed:
<
<
At the official TWiki website you can find more resources. A good place to start for exploring what's possible is TWiki:TWiki.TWikiAdminCookBook which offers tips and tricks for customizing your TWiki site. Many of these are appropriate to implement immediately after installing TWiki and before adding content so now's a good time to look at these.
>
>
At the official TWiki website you can find more resources. A good place to start exploring what's possible is TWiki:TWiki.TWikiAdminCookBook which offers tips and tricks for customizing your TWiki site. Many of these are appropriate to implement immediately after installing TWiki and before adding content so now's a good time to look at these.
 

Customize Special Pages

Line: 250 to 249
 

Copyright, License and Classification Statements

Changed:
<
<
In the bottom of each topic you will find a default copyright messages saying "Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors." It is a setting WEBCOPYRIGHT that defines this. This is often not adequate.
>
>
At the bottom of each topic you will find a default copyright message saying "Copyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors." The WEBCOPYRIGHT setting defines this. This is often not adequate.
 
  • If your TWiki is used in a commercial application without public access you should replace this by your normal copyright notice. You should also consider adding classifications (e.g. For Internal Use Only) so people do not have to add this manually to every new topic.
  • If your TWiki is public with public access you need to decide which copyright and license the contributions should be covered by. For open source type applications licenses such as the GNU Free Documentation License, FreeBSD Documentation License, and Creative Commons license are possible licenses to consider. Remember that once people have started contributing it is difficult and not correct to change or impose licenses on existing contributions.
Line: 266 to 265
  The first step is to re-run the configure script and make sure you have resolved all errors, and are satisfied that you understand any warnings.
Changed:
<
<
If by any chance you forgot the "admin" password, the same is used in "configure" script, then please login to the server. Delete $TWiki::cfg{Password}= ' ...'; . Set the new password using "configure" script.
>
>
If, by any chance, you forget the "admin" password, the same used in "configure" script, then please login to the server. Delete $TWiki::cfg{Password}= ' ...';. Set the new password using "configure" script.
  Failing that, please check TWiki:TWiki.InstallingTWiki on TWiki.org, the supplemental documentation that help you install TWiki on different platforms, environments and web hosting sites. For example:
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 1999-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiInstallationGuide.