This is intended to document how to install MedaiWiki on Lightsail. It's starting with notes on my attempts and has good intentions to mature into a proper tutorial.

Contents 1 To Do 2 Deploying on Lightsail Debian 10.5 2.1 SSH Key 2.2 Static IP Address 2.3 OS Updates 2.4 DNS Entries 2.5 Apache 2.6 Let's Encrypt SSL Certificate 2.7 MediaWiki Supporting Software 2.8 Configure PHP 2.9 Configure MariaDB 2.10 Download and Unpack MediaWiki 2.11 Point Apache at MediaWiki 2.12 Configure MediaWiki 2.13 Backup & Recovery 2.14 Migration from Older Versions

To Do

• Document Lightsail Setup
  • SSH Login Key
• Backup and Restore
  • Database Dump and Import
  • LocalSettings.php backup and import
  • Periodic Backup

Deploying on Lightsail Debian 10.5

This time around I'm going with a bare Debian 10.5 instance. I used 9.5 for the first pass, it only has PHP 7.0, which the latest version of MediaWiki won't run on. Debian 10.5 (which I don't recall seeing last time, I think it's new to Lightsail) comes with PHP 7.3, which will support the most current MediaWiki.

I used the $5 instance with 1 GB RAM, 1 vcPU, 40 GB SSD, and 2 TB transfer. It's the best price/performance they offer at the moment; as you go to larger instances the price grows faster than the specs. If it can run on a $5 instance, I think it's the right call.

SSH Key

TBD

Static IP Address

Wait for the Lightsail console to show that the instance is "Running" - it should only take a minute or two. Once the instance is up, assign it a static IP address. In the Lightsail console page on AWS, select your instance, and click on the Networking folder tab. Click on "Create Static IP". It will attach an IP from its pool to your instance, and you'll use that IP address for the DNS entries below.

While you're at the Networking configuration, go to the Firewall section and add an entry for 443 (HTTPS).

OS Updates

Once it's fired up, login and update the OS:

$ ssh -i <path/to/secret_ssh_key> admin@<ip_address>
$ sudo apt update
$ sudo apt dist-upgrade

DNS Entries

Add A records for each of the hostnames you want to create certificates for. I'm setting up traxel.com, www.traxel.com, and wiki.traxel.com, so I created 3 A Records all pointing to the same static IP address.

Now wait for those records to cascade. It should be done in a day or two.

Apache

Let's Encrypt creates files on your webserver, then hits the host with an HTTP request to confirm that you own the domain. Install Apache 2 so you can host the files.

$ sudo apt install apache2

Then you'll need a file like /etc/apache2/sites-available/003-wiki.conf for each of the hostnames. I pointed each one at a different directory, since I don't know if Let's Encrypt uses unique filenames. It probably does, but this guarantees it will work.

<VirtualHost *:80>
	ServerName wiki.traxel.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/mediawiki

	ErrorLog ${APACHE_LOG_DIR}/wiki-error.log
	CustomLog ${APACHE_LOG_DIR}/wiki-access.log combined
</VirtualHost>

After you create the conf files, activate them with a2ensite and disable 000-default with a2dissite (unless you're keeping that one active to cover the root hostname).

$ sudo a2ensite 001-root
$ sudo a2ensite 002-www
$ sudo a2ensite 003-wiki
$ sudo a2dissite 000-default
$ sudo systemctl reload apache2

Finally we'll need mod_rewrite - Let's Encrypt will create conf files that will redirect non-SSL traffic to HTTPS.

$ sudo a2enmod rewrite
$ sudo systemctl restart apache2

Let's Encrypt SSL Certificate

Let's Encrypt will look at your active sites and ask you if you want to create certs for all of them.

Make sure to use the "Redirect" setting so that any traffic arriving on port 80 gets redirected to the SSL port (443).

$ sudo apt install certbot python3-certbot-apache
$ sudo certbot --apache

Wow! OK, that was way easier than I was expecting. Sure, there's the setup that you have to do, but most of that would have to be done anyway just to get the webserver up. That is really awesome. I'll have to give the EFF a little extra this year.

MediaWiki Supporting Software

First, the basics. You'll need all of these:

$ sudo apt-get install mariadb-server php php-mysql libapache2-mod-php php-xml php-mbstring

Next, the enhancements. These will give MediaWiki extra capabilities. See Optional Packages

$ sudo apt-get install php-apcu php-intl imagemagick php-cli php-curl git

Configure PHP

There are a couple settings that are worth checking in PHP:

$ cd /etc/php/7.3/apache2/
$ grep memory_limit php.ini
$ grep upload_max_filesize php.ini

128 megs should be fine for memory.

I'm torn on filesize. I'm trying to fit on a $5/mo machine with a 40 Gig HDD. Most things other than video for use on the web can be under 2 megs (the default size). I feel like the best answer may be a plugin to store large files in S3 at 1/4th the price. It's not a one-way-door, though. I'm leaving mine at 2 megs for now.

Make sure the PHP plugins are enabled:

$ sudo phpenmod apcu
$ sudo phpenmod curl
$ sudo phpenmod intl
$ sudo phpenmod mbstring
$ sudo phpenmod xml
$ sudo systemctl restart apache2

Configure MariaDB

It's time to stop generically referring to MariaDB as MySQL. MySQL is a once-great project that is no longer trustworthy. MariaDB is the leading Open Source RDBMS.

If you haven't done anything with it yet, there will be no password.

$ sudo mariadb -u root

Pick a username for MediaWiki to use (I'm using wiki_wiki as an example).

Pick a database name (I'm using hsl_wiki as an example).

Pick a password other than "CHANGE THIS PASSWORD".

MariaDB> create database hsl_wiki;
MariaDB> grant all on hsl_wiki.* to 'wiki_wiki'@'localhost' identified by 'CHANGE THIS PASSWORD';
MariaDB> flush privileges;

Then you can verify it worked if you like. (there won't be any tables, but it shouldn't give you an auth error)

$ mariadb -u wiki_wiki -p
MariaDB> show tables in hsl_wiki;
MariaDB> exit

Download and Unpack MediaWiki

$ cd
$ mkdir tmp
$ cd tmp
$ wget https://releases.wikimedia.org/mediawiki/1.35/mediawiki-1.35.0.tar.gz
$ tar -xvzf mediawiki-1.35.0.tar.gz
$ mv mediawiki-1.35.0 /var/www/

Point Apache at MediaWiki

Note that Let's Encrypt will have replicated your apache .conf file to an SSL version when you redirected traffic from 80 to 443.

$ sudo emacs -nw /etc/apache2/sites-available/003-wiki-le-ssl.conf

Point your DocumentRoot at the mediawiki directory. It should look something like this:

<IfModule mod_ssl.c>
<VirtualHost *:443>
	ServerName wiki.traxel.com

	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/mediawiki-1.35.0

	ErrorLog ${APACHE_LOG_DIR}/wiki-error.log
	CustomLog ${APACHE_LOG_DIR}/wiki-access.log combined

	SSLCertificateFile /etc/letsencrypt/live/wiki.traxel.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/wiki.traxel.com/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
</IfModule>

Configure MediaWiki

Walk through the web interface to collect your settings. At the end, it will give you a LocalSettings.php file.

Save the file locally, then upload it to your server and put it in the MediaWiki directory.

After that, the wiki is ready to go. Hit it with your browser and away you go!

Backup & Recovery

TBD

Migration from Older Versions

TBD