DRAFT: How To Make Your MediaWiki Private
THIS ARTICLE IS A DRAFT. I still need to smooth out some bumps, and even then any instructions found here are for your information and include no warranty or support. Use at your own risk and all that...
I've been using an amalgamation of hacks to track all the information I want to be able to recall later: del.icio.us for bookmarks, gmail for contacts and random notes, private blog entries for some organized content, and tracks for tracking projects. Blech. It's just too much. My memory is too weak. What I really want is a comprehensive PIM (Personal Informatio Manager). And so I installed MediaWiki because that's what Wikipedia uses and that's what Dreamhost offers as a One-Click Install (e.g. the path of least resistance).
I thought I'd share with you all the the process of customizing the default install to create a private wiki. Following are the specifics to my install but this will probably be helpful to many with a different host or newer version.
- Create a subdomain for your MediaWiki install, such as, wiki.yourdomain.com. Select PHP 5.x (not 4.4.2) and leave Extra Web Security.
- Install MediaWiki. Dreamhost walks you through this and it's also covered at the Dreamhost Wiki so I'm not going to go into detail here. But be sure to move the newly generated LocalSettings.php to the parent directory, and delete the config directory with its content.
- Chmod LocalSettings.php to 600
- Create a backup copy of LocalSettings.php, rename it something like .BAK instead of .PHP or something. Put it back in your Wiki install directory right away so it's safe and available if you need it later.
Restrict Wiki Access
Before bothering to put up our own cute logo or other fun stuff like enabling image linking and using clean urls, we're going to lock down our install. I didn't find a lot for this particular intent on the official MediaWiki Docs or the Dreamhost Wiki, but I did find this old Meta Wiki Article
- Prevent new user registrations. Add the following line to the bottom of LocalSettings.PHP:
# This snippet prevents new registrations from anonymous users
# (Sysops can still create user accounts)
$wgGroupPermissions['*']['createaccount'] = false; - Make sure it's working by trying to create an account. You should receive an error message that says username not found, please create an account. To change the message login as yourself (you should have set up a Sysop login when you configured your wiki) and point your browser to wiki.yourdomain.com/index.php?title=MediaWiki:Nosuchuser&action=edit.
I changed my message to:There is no user by the name "$1". This wiki is private and therefore closed to new accounts. Please contact Mahalie if you have any questions.
I intentionally failed to provide contact information. If a user doesn't even know how to contact me, they really don't need an account on my private wiki! - Prevent anonymous users from reading by adding the following to LocalSettings.php:
# Disable reading line, for anonymous (not-logged-in => * ) :
$wgGroupPermissions['*']['read'] = false;
# ... and enable anonymous to read the followings pages :
$wgWhitelistRead = array( "Main Page", "Special:Userlogin", "-", "MediaWiki:Monobook.css" );
# ... same in an other language (French, with one UTF-8 special characteres) :
# $wgWhitelistRead = array( "Page Principale", "Special:Userlogin", utf8_encode('Aide en français'));
- Verify setting by logging out of your wiki and attempting to browse. You should get a 'Login Required. You must login to view other pages.' when clicking on any local link and the page should redirect to the main page after a few seconds.
- If you want to hide the side navigation if the user isn't logged in (because, perhaps you have private project names or something) edit includes/Skin.php and change the function buildSidebar(). Add these lines near the very top, after the globals.:
global $wgUser; if (! $wgUser->isLoggedIn()) { return array(); }This will hide the navigation on sup-pages (not the default main page)
p.s. WebWorkerDaily just published 15 Productive Uses for a Wiki in case you're wondering why someone would want to do this!
techguy said,
July 16, 2007 @ 10:45 pm
Why not just set an apache password on that folder? I know it’s not perfect, but should be enough privacy for most people who want to secure their wiki, no?
mahalie said,
July 17, 2007 @ 7:57 am
One could consider it overboard, but this way there’s a nice landing page for those who land on your wiki accidentally and if you want your significant other or friends to have access, or have a small group wiki (semi-private) for whatever reason then every person just uses their login. If you secure the directory people would have to login twice.
Maarten said,
August 28, 2007 @ 11:02 pm
Thanks for this.
It wasn’t immediately obvious to me how to create user accounts, and nothing helpful shows up in the list of special pages. The answer is that if you log in as a Sysop and go to Special:Userlogin, then click the Create New Account link, you can generate new accounts and use the email button to email out the password. (Tested with 1.10.1)
kentster said,
August 30, 2007 @ 1:54 am
This will still allow a user to edit the main login page without being logged in.
you can add
$wgGroupPermissions[’*'][’edit’] = false;
Tested in 1.10.1
John said,
February 20, 2008 @ 9:52 pm
Adding the following line does not work:
$wgGroupPermissions[’*’][’createaccount’] = false;
I just get a blank page when I try and access the wiki. Your information is null and void and your sir are an ass.
mahalie said,
February 21, 2008 @ 9:38 am
@John - brilliant feedback. This will really encourage everyone to try and fix your problem. In any case, I’m a miss, or a maam I guess if you want to get cute. This article is an informal draft, as stated, and I only share what worked for me. I’m happy to fix or update it if there are any useful suggestions.
Lionel Brits said,
February 27, 2008 @ 6:17 pm
@John,
Woosh… try replacing smart quotes with regular single quotes. I suspect the blogging software simply mangles the quotes.
mahalie said,
February 28, 2008 @ 3:13 pm
Lionel, thanks for the tip. I fixed the fancy quotes.
Preston said,
March 10, 2008 @ 6:47 pm
Mahalie, thanks for posting this. It was very helpful. Please ignore the jerks.
Daniel said,
March 28, 2008 @ 12:55 am
Absolutely fantastic. Big ups for this informative post. The comments are all very helpful as well. Keep it up! ^_^\\
Andrew Caforuek said,
April 8, 2008 @ 8:29 am
You rock…setting up an internal company wiki on a subdomain and it took waaay to long for me to find this! Glad I did, thanks!
mahalie said,
April 8, 2008 @ 10:39 am
Hey Andrew, glad you found it. I’m looking at setting up wikis for work as well but decided against MediaWiki because it doesn’t really support Ldap. Because we have over 200 employees and there’s always some coming and going we really can’t manage users in more than one place (LDAP in our case).
I looked at Plone and think I’ve settled on Drupal, a CMS that has Wiki modules. LDAP integration was easy, but I’m still learning everything else.
I’d be curious to know what other folks are doing for their intranets…also, is there an intranet community out there somewhere? Seems paradoxical but I’d sure like share what I’m doing and hear from others on the topic.
Jean said,
April 14, 2008 @ 8:42 am
thanks for the great tips :)
Justin said,
May 5, 2008 @ 10:18 pm
Thank you very much for this helpful tutorial!!
I’ve been searching for a while until i found your page, awesome.
Evan said,
May 15, 2008 @ 4:04 pm
Excellent howto. Thanks! How do you add a new account on the wiki, though, from the sysop account?
23rd World » Google Doctype Screams “Fork ME!” said,
May 16, 2008 @ 3:28 pm
[…] My own private wiki, largely comprised of web development documentation for my own projects, code snippits and links to online resources, is invaluable to me - so the potential benefits of an open wiki of this nature is obvious and I’ve often wondered why there isn’t one (with critical mass) out there already. Certainly this project, or at least the idea of it, could be an invaluable tool to professional web designers and client-side developers. Some take-aways: […]
mahalie said,
May 16, 2008 @ 4:39 pm
Evan, to add a user manually go to http://yourwikidomain.com/index.php?title=Special:Userlogin&type=signup
You’ll enter a password for the new user and if you put in an email address they will get a confirmation but no password so you’ll want to email them yourself and let them know what that is. I’m sure this is all configurable but I haven’t bothered with it yet as I gave only 2 other people access to mine.
To find that link again later click ‘Special Pages’ and go to ‘Log in / create account’.
Marc B said,
June 30, 2008 @ 12:19 pm
What does Chmod LocalSettings to 600 mean?
I have a wiki on a subdomain that I want to make private, and I think I understand the rest of the install….
Dan Z said,
July 2, 2008 @ 8:56 am
Awesome tutorial, thanks Mahalie. This was the quick and dirty I needed on using MediaWiki in a private configuration to tip the scales from installing Twiki to MediaWiki. Thanks!
mahalie said,
July 2, 2008 @ 10:02 am
@Marc - probably the simplest is to do this through your FTP client (I use FileZilla) - go to the directory of the file, right click it and you can change the file permissions to 600 or uncheck everything except read/write for the Owner only.
If you work on *nix servers a lot you may find it easier to do this via the command line (you can ssh in using puTTy or whatevs) and chmod is the command you enter.
You may want to check out the Chmod page on the Dreamhost wiki for more info.
Katrine said,
July 5, 2008 @ 4:57 pm
Just for the record, we’ve set up a private mediawiki for documentation in our IT-departement, wich is integrated with Microsoft Active Directory. So we use our windows server username/password for logging in to the wiki… Not sure if you use Microsoft AD, but I am almost certain that LDAP can be used with MediaWiki…
Nice work however, thanks for the input…
pete said,
July 14, 2008 @ 8:25 pm
mahalie
as always the internet community is always a great resource! I managed to add your changes simply and easily to a fresh install of mediawiki. One thing I’m not sure I understand - does this also prevent searchbots from browsing/caching content?
Once a user has logged in and a page is rendered, it is only available to that user in their browser session, correct? So applying any further Apache mods is unnessary….
Thnxs again