From Bobs Projects
Jump to: navigation, search

MediaWiki is a Wiki used by Wikipedia and others.


Behind a Reverse Proxy

In general we run dynamic websites (such as MediaWiki) on Apache2 servers "behind" a reverse proxy server, usually also Apache2. Unfortunately, out of the box, MediaWiki is written with some internal links using absolute addresses (which include the server DNS name). This makes proxying from the reverse proxy server somewhat problematic.

Previously, the easiest way to fix this, it seems, is to add the following to LocalSettings.php, after $wgSitename:

$wgSitename = "...";
$wgServer = '';

As MediaWiki uses some JavaScript to generate CSS and "skins", the absolute URI is required in $wgServer.

So, set $wgServer to the public DNS name of the reverse proxy (including, in this case, "https://"). For local access, nurgle DNS to resolve the external name to an internal address, or add the external name to the /etc/hosts file.

This effectively overrides the automatic discovery of the server name and protocol and forces all internal URLs to be relative (ie. resolved by the browser, as it should be).

Using Short URLs is also a good idea.

Apache Configuration for a Reverse Proxy

It is a good idea to use https (Secure HTTP) for authentication etc. as passwords will not travel over the Internet "in the clear".

In the normal VirtualHost section of Apache (assuming the MediaWiki is symlinked at DocumentRoot as "mw":

Redirect permanent /mw/ https://fqdn.of.this.server/mw/
ProxyPass /wiki/ http://internal.mediawiki.server/wiki/
ProxyPassReverse /wiki/ http://internal.mediawiki.server/wiki/

This forces all /mw/ references to redirect (permanently) to the https port, including logins, but not normal (read-only) pages.

Then, in the VirtualHost section for the https part:

ProxyPass /mw/ http://internal.mediawiki.server/mw/
ProxyPassReverse /mw/ http://internal.mediawiki.server/mw/
ProxyPass /wiki/ http://internal.mediawiki.server/wiki/
ProxyPassReverse /wiki/ http://internal.mediawiki.server/wiki/

Nginx Configuration for a Reverse Proxy

Nginx configuration may be in a file in /etc/nginx/sites-available/sitename etc.

In server section for HTTP (listening on port 80), put:

location ^~ /wiki/ {
   return 301 https://$server_name$request_uri;
location ^~ /mw/ {
   return 301 https://$server_name$request_uri;

Then, in server section for HTTPS (listening on port 443), put:

location ^~ /wiki/ {
   proxy_pass http://wiki.local/wiki/;
   include /etc/nginx/proxy.conf;
location ^~ /mw/ {
   proxy_pass http://wiki.local/mw/;
   include /etc/nginx/proxy.conf;

Where /etc/nginx/proxy.conf contains lines such as:

# from
sendfile off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;
#this is the maximum upload size
client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

External Links