Created
January 8, 2015 15:47
-
-
Save schmonz/3ce905d6a87e400d64a6 to your computer and use it in GitHub Desktop.
Ikiwiki + httpauth + Apache + Kerberos
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<VirtualHost *:80> | |
ServerName wiki.example.com | |
DocumentRoot /home/wiki/html | |
UserDir /home/wiki/html/users | |
<Location /> | |
Require all granted | |
</Location> | |
ErrorLog "|/usr/pkg/sbin/rotatelogs /u0/log/httpd/wiki-error 86400" | |
CustomLog "|/usr/pkg/sbin/rotatelogs /u0/log/httpd/wiki-access 86400" combined | |
# we let people read by http, but search/edit/etc. is https-only | |
RedirectPermanent \ | |
/cgi-bin/ikiwiki https://wiki.example.com/cgi-bin/ikiwiki | |
RedirectPermanent \ | |
/auth/ikiwiki https://wiki.example.com/auth/ikiwiki | |
</VirtualHost> | |
<VirtualHost *:443> | |
SSLEngine on | |
ServerName wiki.example.com | |
DocumentRoot /home/wiki/html | |
UserDir /home/wiki/html/users | |
<Location /> | |
Require all granted | |
</Location> | |
# for cvsweb | |
Alias /icons/ /usr/pkg/share/httpd/icons/ | |
ScriptAlias /cgi-bin/ /home/wiki/cgi/ | |
ScriptAlias /auth/ /home/wiki/auth/ | |
<Location /auth/ikiwiki> | |
AuthType Kerberos | |
AuthName "ExampleCom Web Authentication" | |
KrbServiceName "HTTP/wiki.example.com" | |
Krb5Keytab "/usr/pkg/etc/httpd/wiki.kt" | |
KrbLocalUserMapping on | |
Require valid-user | |
</Location> | |
ErrorLog "|/usr/pkg/sbin/rotatelogs /u0/log/httpd/wiki-ssl-error 86400" | |
CustomLog "|/usr/pkg/sbin/rotatelogs /u0/log/httpd/wiki-ssl-access 86400" combined | |
</VirtualHost> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/pkg/bin/perl | |
# Setup file for ikiwiki. | |
# | |
# Passing this to ikiwiki --setup will make ikiwiki generate | |
# wrappers and build the wiki. | |
# | |
# Remember to re-run ikiwiki --setup any time you edit this file. | |
use IkiWiki::Setup::Standard { | |
# name of the wiki | |
wikiname => 'ExampleCom Wiki', | |
# contact email for wiki | |
adminemail => 'www@example.com', | |
# users who are wiki admins | |
adminuser => [qw( | |
schmonz | |
)], | |
# users who are banned from the wiki | |
banned_users => [], | |
# where the source of the wiki is located | |
srcdir => '/home/wiki/wikisrc', | |
# where to build the wiki | |
destdir => '/home/wiki/html', | |
# base url to the wiki | |
url => 'https://wiki.example.com', | |
# url to the ikiwiki.cgi | |
cgiurl => 'https://wiki.example.com/cgi-bin/ikiwiki', | |
cgiauthurl => 'https://wiki.example.com/auth/ikiwiki', | |
# filename of cgi wrapper to generate | |
cgi_wrapper => '/home/wiki/cgi/ikiwiki', | |
# mode for cgi_wrapper (can safely be made suid) | |
cgi_wrappermode => '06755', | |
# rcs backend to use | |
rcs => 'cvs', | |
# plugins to add to the default configuration | |
add_plugins => [qw{ | |
aggregate | |
blogspam | |
calendar | |
color | |
comments | |
cutpaste | |
editdiff | |
edittemplate | |
favicon | |
format | |
getsource | |
goodstuff | |
highlight | |
httpauth | |
inline | |
localstyle | |
map | |
openid | |
prettydate | |
recentchangesdiff | |
relativedate | |
remove | |
rename | |
search | |
sidebar | |
table | |
tag | |
testpagespec | |
version | |
}], | |
# plugins to disable | |
disable_plugins => [qw{ | |
passwordauth | |
repolist | |
}], | |
# location of template files | |
#templatedir => '/home/wiki/wikitemplates', | |
# base wiki source location | |
underlaydir => '/usr/pkg/share/ikiwiki/basewiki', | |
# display verbose messages? | |
#verbose => 1, | |
# log to syslog? | |
#syslog => 1, | |
# create output files named page/index.html? | |
usedirs => 1, | |
# use '!'-prefixed preprocessor directives? | |
prefix_directives => 1, | |
# use page/index.mdwn source files | |
indexpages => 0, | |
# enable Discussion pages? | |
discussion => 1, | |
# only send cookies over SSL connections? | |
sslcookie => 0, | |
# extension to use for new pages | |
default_pageext => 'mdwn', | |
# extension to use for html files | |
htmlext => 'html', | |
# strftime format string to display date | |
timeformat => '%c', | |
# UTF-8 locale to use | |
#locale => 'en_US.UTF-8', | |
# put user pages below specified page | |
userdir => 'users', | |
# how many backlinks to show before hiding excess (0 to show all) | |
numbacklinks => 10, | |
# attempt to hardlink source files? (optimisation for large files) | |
hardlink => 0, | |
# force ikiwiki to use a particular umask | |
umask => 002, | |
# group for wrappers to run in | |
wrappergroup => 'example', | |
# extra library and plugin directory | |
libdir => '/home/wiki/perl', | |
# environment variables | |
ENV => {}, | |
# regexp of source files to ignore | |
#exclude => '\\.wav$', | |
exclude => '\\.core$', | |
# specifies the characters that are allowed in source filenames | |
wiki_file_chars => '-[:alnum:]+/.:_', | |
# allow symlinks in the path leading to the srcdir (potentially insecure) | |
allow_symlinks_before_srcdir => 0, | |
# aggregate plugin | |
# enable aggregation to internal pages? | |
#aggregateinternal => 1, | |
# allow aggregation to be triggered via the web? | |
#aggregate_webtrigger => 0, | |
# anonok plugin | |
# PageSpec to limit which pages anonymous users can edit | |
#anonok_pagespec => '*/Discussion', | |
# attachment plugin | |
# enhanced PageSpec specifying what attachments are allowed | |
#allowed_attachments => 'virusfree() and mimetype(image/*) and maxsize(50kb)', | |
#allowed_attachments => 'mimetype(image/*) and maxsize(400kb)', | |
# virus checker program (reads STDIN, returns nonzero if virus found) | |
#virus_checker => 'clamdscan -', | |
# blogspam plugin | |
# PageSpec of pages to check for spam | |
blogspam_pagespec => 'postcomment(*)', | |
# options to send to blogspam server | |
#blogspam_options => 'blacklist=1.2.3.4,blacklist=8.7.6.5,max-links=10', | |
#blogspam_options => 'whitelist=69.203.118.245', | |
# blogspam server XML-RPC url | |
#blogspam_server => '', | |
# bzr plugin | |
# bzr post-commit hook to generate | |
#bzr_wrapper => '', | |
# mode for bzr_wrapper (can safely be made suid) | |
#bzr_wrappermode => '06755', | |
# url to show file history, using loggerhead ([[file]] substituted) | |
#historyurl => '', | |
# url to view a diff, using loggerhead ([[file]] and [[r2]] substituted) | |
#diffurl => 'http://example.com/revision?start_revid=[[r2]]#[[file]]-s', | |
# calendar plugin | |
# base of the archives hierarchy | |
#archivebase => 'archives', | |
# camelcase plugin | |
# list of words to not turn into links | |
#camelcase_ignore => [], | |
# comments plugin | |
# PageSpec of pages where comments are allowed | |
#comments_pagespec => 'blog/* and !*/Discussion', | |
comments_pagespec => '*', | |
# PageSpec of pages where posting new comments is not allowed | |
#comments_closed_pagespec => 'blog/controversial or blog/flamewar', | |
# Base name for comments, e.g. "comment_" for pages like "sandbox/comment_12" | |
#comments_pagename => '', | |
# Interpret directives in comments? | |
#comments_allowdirectives => 0, | |
# Allow anonymous commenters to set an author name? | |
#comments_allowauthor => 0, | |
# commit comments to the VCS | |
#comments_commit => 1, | |
# cvs plugin | |
# cvs repository location | |
cvsrepo => '/home/wiki/cvsroot', | |
# path inside repository where the wiki is located | |
cvspath => 'wikisrc', | |
# cvs post-commit hook to generate (triggered by CVSROOT/loginfo entry | |
cvs_wrapper => '/home/wiki/cvsroot/CVSROOT/post-commit', | |
# mode for cvs_wrapper (can safely be made suid) | |
cvs_wrappermode => '04755', | |
# cvsweb url to show file history ([[file]] substituted) | |
historyurl => 'https://wiki.example.com/cgi-bin/cvsweb/wikisrc/[[file]]', | |
# cvsweb url to show a diff ([[file]], [[r1]], and [[r2]] substituted) | |
diffurl => 'https://wiki.example.com/cgi-bin/cvsweb/wikisrc/[[file]].diff?r1=text&tr1=[[r1]]&r2=text&tr2=[[r2]];f=h', | |
# darcs plugin | |
# wrapper to generate (set as master repo apply hook) | |
#darcs_wrapper => '/darcs/repo/_darcs/ikiwiki-wrapper', | |
# mode for darcs_wrapper (can safely be made suid) | |
#darcs_wrappermode => '06755', | |
# darcsweb url to show file history ([[file]] substituted) | |
#historyurl => 'http://darcs.example.com/darcsweb.cgi?r=wiki;a=filehistory;f=[[file]]', | |
# darcsweb url to show a diff ([[hash]] and [[file]] substituted) | |
#diffurl => 'http://darcs.example.com/darcsweb.cgi?r=wiki;a=filediff;h=[[hash]];f=[[file]]', | |
# git plugin | |
# git hook to generate | |
#git_wrapper => '/git/wiki.git/hooks/post-update', | |
# mode for git_wrapper (can safely be made suid) | |
#git_wrappermode => '06755', | |
# git pre-receive hook to generate | |
#git_test_receive_wrapper => '/git/wiki.git/hooks/pre-receive', | |
# unix users whose commits should be checked by the pre-receive hook | |
#untrusted_committers => [], | |
# gitweb url to show file history ([[file]] substituted) | |
#historyurl => 'http://git.example.com/gitweb.cgi?p=wiki.git;a=history;f=[[file]]', | |
# gitweb url to show a diff ([[file]], [[sha1_to]], [[sha1_from]], [[sha1_commit]], and [[sha1_parent]] substituted) | |
#diffurl => 'http://git.example.com/gitweb.cgi?p=wiki.git;a=blobdiff;f=[[file]];h=[[sha1_to]];hp=[[sha1_from]];hb=[[sha1_commit]];hpb=[[sha1_parent]]', | |
# where to pull and push changes (set to empty string to disable) | |
#gitorigin_branch => 'origin', | |
# branch that the wiki is stored in | |
#gitmaster_branch => 'master', | |
# highlight plugin | |
# types of source files to syntax highlight | |
#tohighlight => '.c .h .cpp .pl .py Makefile:make', | |
tohighlight => '.c .h .cpp .pl .py Makefile:make .diff:diff', | |
#filetypes_conf => '/usr/pkg/etc/highlight/filetypes.conf', | |
#langdefdir => '/usr/pkg/share/highlight/langDefs', | |
# htmlscrubber plugin | |
# PageSpec specifying pages not to scrub | |
#htmlscrubber_skip => '!*/Discussion', | |
# inline plugin | |
# enable rss feeds by default? | |
rss => 1, | |
# enable atom feeds by default? | |
atom => 1, | |
# allow rss feeds to be used? | |
#allowrss => 0, | |
# allow atom feeds to be used? | |
#allowatom => 0, | |
# urls to ping (using XML-RPC) on feed update | |
pingurl => [], | |
# listdirectives plugin | |
# directory in srcdir that contains directive descriptions | |
#directive_description_dir => 'ikiwiki/directive', | |
# lockedit plugin | |
# PageSpec controlling which pages are locked | |
#locked_pages => '!*/Discussion', | |
#httpauth_pagespec => "!(Discussion or */Discussion or users/*)", | |
# httpauth_pagespec => "!(Discussion or */Discussion)", | |
httpauth_pagespec => "!postcomment(*)", | |
# mdwn plugin | |
# enable multimarkdown features? | |
#multimarkdown => 0, | |
# mercurial plugin | |
# mercurial post-commit hook to generate | |
#mercurial_wrapper => '', | |
# mode for mercurial_wrapper (can safely be made suid) | |
#mercurial_wrappermode => '06755', | |
# url to hg serve'd repository, to show file history ([[file]] substituted) | |
#historyurl => 'http://example.com:8000/log/tip/[[file]]', | |
# url to hg serve'd repository, to show diff ([[file]] and [[r2]] substituted) | |
#diffurl => 'http://localhost:8000/?fd=[[r2]];file=[[file]]', | |
# mirrorlist plugin | |
# list of mirrors | |
#mirrorlist => {}, | |
# openid plugin | |
# an url where users can signup for an OpenID | |
#openidsignup => 'http://myopenid.com/', | |
# passwordauth plugin | |
# a password that must be entered when signing up for an account | |
#account_creation_password => 's3cr1t', | |
# cost of generating a password using Authen::Passphrase::BlowfishCrypt | |
#password_cost => 8, | |
# pinger plugin | |
# how many seconds to try pinging before timing out | |
#pinger_timeout => 15, | |
# prettydate plugin | |
# format to use to display date | |
#prettydateformat => '%X, %B %o, %Y', | |
# recentchanges plugin | |
# name of the recentchanges page | |
recentchangespage => 'recentchanges', | |
# number of changes to track | |
recentchangesnum => 100, | |
# repolist plugin | |
# URIs of repositories containing the wiki's source | |
#repositories => [qw{svn://svn.example.org/wiki/trunk}], | |
# search plugin | |
# path to the omega cgi program | |
omega_cgi => '/usr/pkg/libexec/cgi-bin/xapian-omega', | |
# svn plugin | |
# subversion repository location | |
#svnrepo => '/svn/wiki', | |
# path inside repository where the wiki is located | |
#svnpath => 'trunk', | |
# svn post-commit hook to generate | |
#svn_wrapper => '/svn/wikirepo/hooks/post-commit', | |
# mode for svn_wrapper (can safely be made suid) | |
#svn_wrappermode => '04755', | |
# viewvc url to show file history ([[file]] substituted) | |
#historyurl => 'http://svn.example.org/trunk/[[file]]', | |
# viewvc url to show a diff ([[file]], [[r1]], and [[r2]] substituted) | |
#diffurl => 'http://svn.example.org/trunk/[[file]]?root=wiki&r1=[[r1]]&r2=[[r2]]', | |
# tag plugin | |
# parent page tags are located under | |
#tagbase => 'tag', | |
# teximg plugin | |
# Should teximg use dvipng to render, or dvips and convert? | |
#teximg_dvipng => '', | |
# LaTeX prefix for teximg plugin | |
#teximg_prefix => '\\documentclass{article} | |
#\\usepackage{amsmath} | |
#\\usepackage{amsfonts} | |
#\\usepackage{amssymb} | |
#\\pagestyle{empty} | |
#\\begin{document} | |
#', | |
# LaTeX postfix for teximg plugin | |
#teximg_postfix => '\\end{document}', | |
# tla plugin | |
# tla post-commit hook to generate | |
#tla_wrapper => '', | |
# mode for tla_wrapper (can safely be made suid) | |
#tla_wrappermode => '06755', | |
# url to show file history ([[file]] substituted) | |
#historyurl => '', | |
# url to show a diff ([[file]] and [[rev]] substituted) | |
#diffurl => '', | |
# underlay plugin | |
# extra underlay directories to add | |
#add_underlays => '', | |
# websetup plugin | |
# list of plugins that cannot be enabled/disabled via the web interface | |
#websetup_force_plugins => [], | |
# show unsafe settings, read-only, in web interface? | |
#websetup_show_unsafe => 1, | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment