Wikimedia Italia/Website/Technical documentation

From Meta, a Wikimedia project coordination wiki
Welcome under the hood of https://www.wikimedia.it/.

Public technical documentation for the https://www.wikimedia.it/ website.

Server access[edit]

System administrators can enter with their own account:

ssh username@intreccio.wikimedia.it

Please do not try random attempts or file2ban will be not nice with you.

To request access:

File system[edit]

The application is under:

/var/www/wmi/wordpress

WordPress theme[edit]

The active theme is under:

/var/www/wmi/wordpress/wp-content/themes/wmi

The source code is hosted here:

Database[edit]

The database is called WMIDB.

It has a dedicated user called in the same way.

It should always have minimum privileges only on its database.

Update[edit]

Normally, for security reasons, the application should be set in read-only mode, writable only by root.

Before being able to do an update you have to run this:

chown www-wikimediait: -R /var/www/wmi/wordpress

Then, when your upgrade is concluded, run again the #Hardening part.

Hardening[edit]

After you have done any #Update, please execute this hardening process:

# first step: make whole application read-only for everyone
chown root: -R             /var/www/wmi/wordpress

# second step: protect some secrets
chmod o=                   /var/www/wmi/{tmp,session}
chmod o=                   /var/www/wmi/wordpress/wp-config.php
chown root:www-wikimediait /var/www/wmi/wordpress/wp-config.php

# third step: allow write-mode on some locations
chown -R www-wikimediait:  /var/www/wmi/{tmp,session,wp-config.php}
chown -R www-wikimediait:  /var/www/wmi/wordpress/wp-content

Configuration[edit]

WordPress configuration:

nano /var/www/wmi/wordpress/wp-config.php

Apache configuration:

nano /etc/apache2/sites-enabled/it-wikimedia-www-ssl.conf
nano /etc/apache2/sites-enabled/it-wikimedia-www-txt.conf

PHP-FPM configuration:

/etc/php/8.1/fpm/pool.d/it.wikimedia.www.conf

Log[edit]

General PHP error log:

tail -f /var/log/fpm-php.it.wikimedia.www.err.log

Legacy information:

Generic Apache error log:

tail -f /var/log/httpd/error_log

Generic Apache access log:

tail -f /var/log/httpd/access_log

Service[edit]

To apply your changes you need to restart services.

To gracefully reload PHP-FPM:

systemctl reload php8.1-fpm

To gracefully reload Apache HTTPd frontend webserver:

apache2ctl configtest
apache2ctl graceful

Or, to restart Apache HTTPd:

systemctl restart apache2

E-mail[edit]

This service uses an SMTP account @wikimedia.it with username noreply.

See #Configuration.

Additional details:

Source code[edit]

Source code of the BeTheme WordPress child theme:

Phabricator[edit]