A Rocky Linux instance installed on a server, container, or virtual machine.
Comfort with modifying configuration files from the command line with an editor (our examples here will use vi, but you can substitute your favorite editor).
Some knowledge about web applications and setup.
Our example will use the Apache Sites Enabled for setup, so it is a good idea to review that routine if you plan on following along.
We will be using "example.com" as the domain name throughout this example.
We will assume throughout this document that you are the root user or can get there with sudo.
We are assuming a fresh install of the OS, however that is NOT a requirement.
Documentation can take many forms in an organization. Having a repository that you can reference for that documentation is invaluable. A wiki (which means quick in Hawaiian), is a way to keep documentation, process notes, corporate knowledge bases, and even code examples, in a centralized location. IT professionals who maintain a wiki, even secretly, have a built-in insurance policy against forgetting an obscure routine.
DokuWiki is a mature, fast, wiki that runs without a database, has built in security features, and is relatively easy to deploy. For more information on what DokuWiki can do, check out their web page.
DokuWiki is just one of many wikis available, though it's a pretty good one. One big pro is that DokuWiki is relatively lightweight and can run on a server that is already running other services, provided you have space and memory available.
The minimum PHP version for DokuWiki is now 7.2, which is exactly what Rocky Linux 8 comes with. Rocky Linux 9.0 comes with PHP version 8.0, which is also fully supported. We are specifying packages here that may already be installed:
dnf install tar wget httpd php php-gd php-xml php-json php-mbstring
You will see a list of additional dependencies that will be installed and this prompt:
Is this ok [y/N]:
Go ahead and answer with "y" and hit 'Enter' to install.
If you have read through the Apache Sites Enabled procedure, you know that we need to create a few directories. We will start with the httpd configuration directory additions:
Now that we have our environment ready to go, let's get the latest stable version of DokuWiki. You can find this by going to the download page and on the left-hand side of the page under "Version" you will see "Stable (Recommended) (direct link)."
Right-click on the "(direct link)" portion of this and copy the link address. In the console of your DokuWiki server, type "wget" and a space and then paste in your copied link in the terminal. You should get something like this:
We don't want that leading named directory when we decompress the archive, so we are going to use some options with tar to exclude it. The first option is the "--strip-components=1" which removes that leading directory.
The second option is the "-C" option, and that tells tar where we want the archive to be decompressed to. So decompress the archive with this command:
tar xzf dokuwiki-stable.tgz --strip-components=1 -C /var/www/sub-domains/com.example/html/
Once we have executed this command, all of DokuWiki should be in our DocumentRoot.
We need to make a copy of the .htaccess.dist file that came with DokuWiki and keep the old one there too, in case we need to revert to the original in the future.
In the process, we will be changing the name of this file to simply .htaccess which is what apache will be looking for. To do this:
Before you'll be able to access the DokuWiki interface, you'll need to set name resolution for this site. For testing purposes, you can use your /etc/hosts file.
In this example, let's assume that DokuWiki will be running on a private IPv4 address of 10.56.233.179. Let's also assume that you are modifying the /etc/hosts file on a Linux workstation. To do this, run:
sudo vi /etc/hosts
And then modify your hosts file to look something like this (note the IP address above in the below example):
127.0.0.1localhost
127.0.1.1myworkstation-home
10.56.233.179example.comexample
# The following lines are desirable for IPv6 capable hosts
::1ip6-localhostip6-loopback
fe00::0ip6-localnet
ff00::0ip6-mcastprefix
ff02::1ip6-allnodes
ff02::2ip6-allrouters
Once you have finished testing and are ready to take things live for everyone, you will need to add this host to a DNS server. You could do this by using a Private DNS Server, or a public-facing DNS server.
Now that our host name is set for testing and the web service has been started, the next step is to open up a web browser and type this in the address bar:
http://example.com/install.php
OR
http://example.com/install.php
Either should work if you set your hosts file as above. This will bring you to the setup screen so that you can finish the setup:
In the "Wiki Name" field, type the name for our wiki. Example "Technical Documentation"
In the "Superuser" field, type the administrative username. Example "admin"
In the "Real name" field, type the real name of the administrative user.
In the "E-Mail" field, type the email address of the administrative user.
In the "Password" field, type the secure password of the administrative user.
In the "once again" field, re-type that same password.
In the "Initial ACL Policy" drop-down, choose the option that works best for your environment.
Choose the appropriate check box of the license you want to put your content under.
Leave checked (or uncheck if you prefer) the "Once a month, send anonymous usage data to the DokuWiki developers" checkbox
Neither of these firewall examples makes any sort of assumptions about what other services you might need to allow on your Dokuwiki server. These rules are based on our testing environment and ONLY deal with allowing access to a LOCAL network ip block. You will need more services allowed for a production server.
Before you call everything done, you need to think about security. First, you should be running a firewall on the server. We will assume you are using one of the firewalls below.
Instead of everyone having access to the wiki, we are going to assume that anyone on the 10.0.0.0/8 network is on your private Local Area Network, and that those are the only people who need access to the site.
The iptables firewall process here has been deprecated in Rocky Linux 9.0 (still available, but likely to disappear in future releases, perhaps as early as Rocky Linux 9.1). For this reason, we recommend skipping to the firewalld procedure below if you are doing this on 9.0 or better.
Please note that you may need other rules for other services on this server, and that this example only takes into account the web services.
First, modify or create the /etc/firewall.conf file:
vi /etc/firewall.conf
#IPTABLES=/usr/sbin/iptables# Unless specified, the default for OUTPUT is ACCEPT# The default for FORWARD and INPUT is DROP#echo" clearing any existing rules and setting default policy.."
iptables-FINPUT
iptables-PINPUTDROP
# web ports
iptables-AINPUT-ptcp-mtcp-s10.0.0.0/8--dport80-jACCEPT
iptables-AINPUT-ptcp-mtcp-s10.0.0.0/8--dport443-jACCEPT
iptables-AINPUT-ilo-jACCEPT
iptables-AINPUT-mstate--stateESTABLISHED,RELATED-jACCEPT
iptables-AINPUT-ptcp-jREJECT--reject-withtcp-reset
iptables-AINPUT-pudp-jREJECT--reject-withicmp-port-unreachable
/usr/sbin/serviceiptablessave
Once the script is created, make sure it is executable:
chmod +x /etc/firewall.conf
Then execute the script:
/etc/firewall.conf
This will execute the rules and save them so that they will be reloaded on the next start of iptables or on boot.
If you are using firewalld as your firewall (and by this time, you probably should be) you can apply the same concepts using firewalld's firewall-cmd syntax.
We will duplicate the iptables rules (above) with firewalld rules:
For the best security, you should consider using an SSL so that all web traffic is encrypted. You can purchase an SSL from an SSL provider or use Let's Encrypt.
Whether you need to document processes, company policies, program code, or something else, a wiki is a great way to get that done. DokuWiki is a product that is secure, flexible, easy to use, relatively easy to install and deploy, and is a stable project that has been around for many years.