Wikimedia Italia/Website/Technical documentation

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
Imbox style.png
Welcome under the hood of https://www.wikimedia.it/.

Public technical documentation for the https://www.wikimedia.it/ website.

Server access[edit]

System administrators can enter with their own account:

ssh username@intreccio.wikimedia.it

Please do not try random attempts or file2ban will be not nice with you.

To request access:

File system[edit]

The application is under:

/var/www/wmi/wordpress

WordPress theme[edit]

The active theme is under:

/var/www/wmi/wordpress/wp-content/themes/wmi

The source code is hosted here:

Database[edit]

The database is called WMIDB.

It has a dedicated user called in the same way.

It should always have minimum privileges only on its database.

Update[edit]

Normally, for security reasons, the application should be set in read-only mode, writable only by root.

Before being able to do an update you have to run this:

chown www-data: -R /var/www/wmi/wordpress

Then, when your upgrade is concluded, run again the #Hardening part.

Hardening[edit]

After you have done any #Update, please execute this hardening process:

# first step: make whole application read-only for everyone
chown root: -R        /var/www/wmi/wordpress

# second step: protect some secrets
chmod o=              /var/www/wmi/{tmp,session}
chmod o=              /var/www/wmi/wordpress/wp-config.php
chown root:www-data   /var/www/wmi/wordpress/wp-config.php

# third step: allow write-mode on some locations
chown -R www-data:    /var/www/wmi/{tmp,session,wp-config.php}
chown -R www-data:    /var/www/wmi/wordpress/wp-content

Configuration[edit]

WordPress configuration:

nano /var/www/wmi/wordpress/wp-config.php

Apache configuration:

nano /etc/httpd/sites-enabled/it-wikimedia-www-ssl.conf
nano /etc/httpd/sites-enabled/it-wikimedia-www-txt.conf

To publish whatever change in Wikimedia Phabricator please run this:

TODO

Log[edit]

Generic Apache error log:

tail -f /var/log/httpd/error_log

Generic Apache access log:

tail -f /var/log/httpd/access_log

Service[edit]

To apply your changes you need to restart the services.

Service of the apache frontend webserver:

apache2ctl configtest
apache2ctl graceful

E-mail[edit]

This service uses an SMTP account @wikimedia.it with username noreply.

See #Configuration.

Additional details:

Phabricator[edit]