Installation Guide
Manually installing Foswiki
This guide describes the steps for manually installing Foswiki, with
specific steps for installations on Linux with the Apache web server.
If you would prefer to use a different web server, please refer to supplemental documentation when you reach the Apache-specific steps:
Rather not install manually? Visit
Foswiki:Download.OtherFoswikiInstallers for automated installers, and virtual machine images. These automate much of the installation process and may help some users get started more easily. For instructions using those packages, refer to the documentation provided there. Note that the installers are optimized for the target system, and do not necessarily follow the normal Foswiki directory structure documented below.
Upgrading? Please see the
upgrade guide.
Need further information? Visit
Foswiki:Support.SupplementalDocuments for additional notes on installing on different operating systems or shared web-hosting environments, performance tuning, security hardening and more.
Need help? Visit
Foswiki:Support web or
Foswiki:Community.InternetRelayChat (irc.freenode.net, channel #foswiki).
This guide assumes a basic knowledge of server administration on the system being used. For more information, see
Foswiki:System.AdminSkillsAssumptions.
Before you start
5-Minute Install
Here's the quick version of the instructions, for
those that are already comfortable with performing such installations. More detailed instructions follow.
- Download and unpack the latest version of Foswiki.
- Configure Apache using the Foswiki:Support.ApacheConfigGenerator tool to generate a safe, working config file for your Foswiki installation.
- Bootstrap your the install by browsing to the default view URL for your site in your web browser. Depending upon your Apache configuration, your view URL might look something like:
-
http://yoursite.com
-
http://yoursite.com/bin/view
-
http://yoursite.com/foswiki/bin/view
- Follow the link in the Bootstrap banner of the returned page to the bin/configure tool, address any warnings and save your configuration.
That's it! You Foswiki should now be installed. Browse to
/bin/view
and start editing!
At some point, you will want to re-visit
Configuring Foswiki to enable out-going emails, create administrators and properly secure your installation.
Detailed Instructions
Step 1: Download and unpack Foswiki
- Go to your site's root directory as set by Apache (typically within the
/var/www
or /srv/www
directory) or as set by your hosting company.
- Download the Foswiki distribution from http://foswiki.org/Download
- Unpack the distribution file:
- go to your web directory (usually /var/www) or in any directory you what to install Foswiki (designed after by /path/to/foswiki/)
- Untar and gunzip the distribution using this command: (modify to match version number) tar -xzvf foswiki-VERSION.tgz A new subdirectory called Foswiki-VERSION will be created.
- You can rename this subdirectory to a shorter name. For the rest of this document, this subdirectory is assumed to be at
/path/to/foswiki
.
- Note: Foswiki does not support directory paths that contain spaces, so ensure that all of its directory paths do not contain any spaces (particularly on Windows).
Step 2: Confirm file and directory ownership and permissions
Note: Installers on shared hosting sites and Windows can skip to next step.
The general command in Linux distributions to set file ownership to the Apache system user is:
sudo chown -R {user}:{group} /path/to/foswik
The appropriate user/group ownership varies, depending upon the operating system and distribution:
RedHat, Fedora, CentOS, Gentoo, Mandriva |
apache:apache |
debian, Ubuntu, Kubuntu |
www-data:www-data |
Suse |
wwwrun:www |
FreeBSD |
www:wwwadmin |
The default file and directory access permissions as set by the distribution define a reasonable security level that will work for many types of installations, including shared hosting. Nonetheless, you should verify that the web server user has read access to all files and directories beneath the
foswiki
directory, and execute access for all directories. Also verify that the
data
and
pub
directories and all the subdirectories and files beneath them allow write access for the web server user.
For more information on the appropriate permissions to ensure security for your Foswiki data, see
Foswiki:Support.SecuringYourSite.
If you are running a Linux system with Perl found on the default path or are on a shared hosting site, then you can
jump to this step. This step is
required on Windows installations.
The easiest way to fix up the bin scripts is to run the
tools/rewriteshebang.pl
script:
cd /path/to/foswiki/tools
perl -I ../lib rewriteshebang.pl
or for Windows users:
cd C:\path\to\foswiki\tools
perl -I ..\lib rewriteshebang.pl
The script will determine the location of the Perl interpreter and will prompt to update both the bin and tools scripts in a single step. The changed files will be reported, and it is safe to rerun the script.
If you get an error about perl command not found, the you need to find where your perl command is installed and include that in your command. For example:
C:\path\to\perl -I ..\lib rewriteshebang.pl
Foswiki provides several methods to configure Apache depending of your access to root and sudo and your preference to set all in one file or several files.
Method 1 and 2 provide better performance and requires editing only one file. However, they require root or sudo access. Method 3 is for cases where you do not have root access (such as on hosted sites).
In details:
Method 1: Use Foswiki's configuration generator (Needs root access)
- See Foswiki:Support.ApacheConfigGenerator.
- This is the easiest and best way to generate a smooth-running and secure configuration file.
- After installing the config file as per your distribution's guidelines, remember to restart or reload Apache each time you edit the file to apply your changes.
Method 2: Customize the Apache config template file included in distribution (Needs root access)
- A sample config file called
foswiki_httpd_conf.txt
can be found in the root of the foswiki installation.
- This is provided in case you can not access the online configuration generator.
- Instructions are provided in the file for tailoring the configuration to you server.
- Be carefull! The configuration shipped with Foswiki is for Apache 2.2 or earlier. Apache 2.4 has changed the syntax of the configuration file. Ensure that
mod_access_compat
is enabled for backwards compatibility when using Apache 2.4
- As with Method 1, remember to restart or reload Apache each time you edit the file to apply your changes.
Method 3: Customize the .htaccess
template files included in distribution (Useful on shared hosting sites)
- Sample
.htaccess
files for the Foswiki root and each subdirectory are included in the root of your installation. Each file contains instructions on modifying it for your installation. For more information, see Foswiki:Support.SupplementalDocuments.
location and name of sample .htaccess file |
copy sample file to the following location |
tailoring required (Detailed instuctions in each file) |
foswiki/root-htaccess.txt |
foswiki/.htaccess |
Optional: redirect to a default page for empty URL. |
foswiki/bin-htaccess.txt |
foswiki/bin/.htaccess |
Yes - Must find/replace all instances of {DataDir} , {DefaultUrlHost} and {ScriptUrlPath} with valid information. The setting SetHandler cgi-script is critical to make sure that scripts in the bin directory will be executed by Apache. |
foswiki/pub-htaccess.txt |
foswiki/pub/.htaccess |
Yes - Must set correct url path on ErrorDocument |
foswiki/subdir-htaccess.txt |
foswiki/<subdir>/.htaccess Copy to all other subdirectories below foswiki , including data , lib , locale , templates , tools , working . Copy to any other directories except for bin and pub addressed above. |
No |
General points to keep in mind with any of the above Apache configuration approaches:
- For security purposes, it's important to check that web access is denied to all Foswiki subdirectories other than
bin
and pub
. All three of the approaches described above (Foswiki:Support.ApacheConfigGenerator, the sample foswiki_httpd_conf.txt
file included in the distribution, or .htaccess
files) should provide for this but it should be confirmed by using web browser to confirm that direct access to the other directories is blocked.
- Also for security purposes, be sure to turn off any kind of PHP, Perl, Python, Server Side Includes, or other software execution mechanisms supported by your web server in the
pub
directory. Again, the three approaches described above all provide for this. However, different script execution mechanisms are disabled in different ways so refer see your web server configuration and documentation for more details.
- The configuration shipped with Foswiki is for Apache 2.2 or earlier. Apache 2.4 has changed the syntax of the configuration file. Ensure that
mod_access_compat
is enabled for backwards compatibility when using Apache 2.4, or use the updated Foswiki:Support.ApacheConfigGenerator24 config generator.
- New with Foswiki 2.0 The
configure
script no longer needs any special protection within the Apache configuration.
Step 5: Bootstrap your configuration
- Using your web browser, enter the default "view" url for your site. Depending upon your Apache configuration, this might look something like:
-
http://yoursite.com/foswiki/bin/view
-
http://yoursite.com/bin/view
-
http://yoursite.com
This will Bootstrap your configuration and help Foswiki determine whether or not you are using Short URLs. It also logs you in as a the admin user. Don't close your browser until you've completed the configuration process and registered your first user.
- Follow the link to configure rendered in the Bootstrap banner. (Do not manually enter the
bin/configure
URL or Foswiki will not correctly detect the URL configuration).
- Make any required changes, and save the settings.
- This will create the initial configuration and end the bootstrap process.
- Configuration items which may require further attention will be highlighted.
- Save as soon as possible, especially if your site is exposed. Anyone accessing Foswiki before the configuration has been saved will be granted admin rights.
Outgoing e-mail is required for Foswiki to send registration confirmations, notifications of changes, password reset requests, etc.
- Select the
Mail
tab in left bar of confgiure and fill out the following parameters:
- The
{WebMasterEmail}
should be set to a valid e-mail address. This will be the From: ID used to send Foswiki Emails and will also appear on webmaster mailto: links. If you are running on a *nix server with a configured local mail transport agent, you can try pressing the "
auto-configure email" button. If auto-configure succeeds, proceed to the next step, to send a test email. If your server is a Windows server, if auto-configure failed, or you know a local transport agent is not available, continue with the SMTP e-mail configuration:
- The
{SMTP}{MAILHOST}
should be set to your e-mail server hostame: ex: smtp.gmail.com
- On most systems, you will also have to configure
{SMTP}{Username}
and {SMTP}{Password}
. These are used so that Foswiki can sign into the e-mail server for purposes of sending e-mail.
- Click the "auto-configure email" button. (This can run a long time as Foswiki probes all possible e-mail configurations) This will probe the mail server to discover it's configuration, and will finish the configuration. If all goes well, the settings will have been fine tuned for your e-mail server and e-mail is automatically enabled.
- Once auto-configure completes, Click the "Send test email" button. located on the
{WebMasterEmail}
field This will verify if the configuration is correct and able to send mail. If e-mail is enabled, but not functional, you will be unable to register users.
- Click the Save button in the upper right corner of the configuration page.
If auto-configure fails to complete, you can use the "Advanced settings" tab to manually configure the e-mail server. You will also need to configure the basic information tab.
Although outgoing email is necessary for user registration, it is not required for Foswiki to run otherwise, so if you are setting up a test installation or don't plan on enabling user registration, you can skip this step.
Step 7: Check Authentication and Register Yourself
Authentication of users means their activity can be tracked, and access to your site can be controlled. This is particularly important for sites that are publicly accessible on the web. Foswiki is pre-configured with a flexible and user-friendly authentication set-up that fits most common use-cases. To learn more about this set-up and available alternatives, see User Authentication Options. You can also revisit this later and switch to an alternative authentication set-up.
Test if authentication is working by going to System.UserRegistration and registering yourself.
If there are problems, see authentication trouble-shooting tips.
Step 8: Establish an Administrator user
The last step in your configuration is to create and user with administration rights.
The steps outlined below are recommended for initial configuration.
You should complete this before closing the browser after the bootstrap process. Once you close the browser you will lose your temporary admin status. Later on, you can review the further notes below regarding
about administrators and
options to protect configure and consider one of the more restrictive options.
Once the Foswiki bootstrap process is completed and you've logged out, configure will be restricted to Foswiki's "AdminGroup". Therefor you must add the user you just registered to the administrators group.
If you have not yet registered your first user, return to InstallationGuide#FirstUser and follow the steps to register a user. Once that is completed, return to
- Go to Main.AdminGroup (Theses instructions will be there as well).
- Scroll down to the "Administration" section and click on "Add Members" link.
- If you do not see the Admistration section, then you don't have authorization to change this group. See InstallationGuide#InternalAdmin for instructions on establishing an internal admin user.
- Enter your WikiName as defined when you registered yourself in Step 7.
- Click the Add Member button
- Return to the AdminGroup by clicking the group name on the confirmation page and look under "Members" to confirm you have been added.
Foswiki provides multiple ways to protect configure. See
#AboutAdminUsers for more details on how to protect your configuration.
Step 9. Save your configuration!
Click the Save button in the upper right corner of the configuration page.
Refer back to any page in your installation (such as the "AdminGroup" page you were at in the previous step). The login section at the top of the left-hand menu should show that you are still be logged in as a temporary Admin user. Click on the "Log Out" link to exit that user.
Congratulations! Your Foswiki Installation is Ready to Use!
You now have set up your Foswiki installation! At this point you can start creating and editing pages. See InstallationGuidePart2 to proceed with further tailoring your site.
In order to keep your user, group, and site configuration information separate from the actual content of your site, it is recommended that you create a new web in which your site's pages will reside. See System.ManagingWebs for more information on Wiki webs and how to create one.
Troubleshooting
If you are having problems with your installation, try the following:
System Requirements
Server Requirements
Foswiki is written in Perl 5, which is supported on Microsoft Windows as well as Unix and Unix-like systems (including Linux and OSX). On Unix-like systems, it uses a number of shell commands. It should be able to run out-of-the-box on any server platform that meets the following requirements.
Resource |
Required Server Environment |
Perl |
5.8.8 or higher. A minimum of perl 5.12 is recommended. |
External programs |
GNU diff 2.7 or higher, fgrep , and egrep (not required on Windows) |
Web server |
Apache, Nginx and Lighttpd are all well supported; Apache sample configs are provided. For information on other servers, see Foswiki:Support.InstallingOnSpecificPlatforms. |
Foswiki is designed to automatically detect the platform and generate a basic configuration the first time the configure
script is run, but start from your expected default "view" URL, so that Foswiki can figure out your URL scheme.
Use either the bin/configure
web interface, or the tools/configure
perl script, to configure Foswiki. This will explore and test critical dependencies and alert you when any are missing. For a detailed report, See PerlDependencyReport.
Prior versions of Foswiki shipped with the important CPAN modules, for use as a "last resort". Since they are needed only in rare situations,
they were put into an optional extension. See Foswiki:Extensions.CpanContrib. Install this extension into your Foswiki installation directory if you cannot install Perl modules otherwise.
You can check the dependencies before Foswiki is fully operational with the following command. It will list all potentially missing dependencies. Not all listed dependences are required on all installations, Refer to the usage message that accompanies each missing dependency in the report.
cd /path/to/foswiki
perl tools/dependencies
Specific distribution details
*Find the closest match to your installed system. and click on the "Show ..."
link to reveal the details.
Ubuntu and other Debian derived distributions
Minimum requirements
Install apache and rcs:
apt-get install apache2 rcs
Perl Module |
Package to install |
Notes |
Algorithm::Diff |
libalgorithm-diff-perl |
|
Archive::Tar |
libarchive-tar-perl |
|
Authen::SASL |
libauthen-sasl-perl |
|
CGI |
libcgi-pm-perl |
|
CGI::Session |
libcgi-session-perl |
|
Crypt::PasswdMD5 |
libcrypt-passwdmd5-perl |
|
Digest::SHA |
libdigest-sha-perl |
*First shipped in perl 5.9.3 |
Encode |
libencode-perl |
|
Error |
liberror-perl |
|
File::Copy::Recursive |
libfile-copy-recursive-perl |
|
HTML::Parser |
libhtml-parser-perl |
|
HTML::Tree |
libhtml-tree-perl |
|
IO::Socket::IP |
libio-socket-ip-perl |
First shipped perl 5.19.8 |
IO::Socket::SSL |
libio-socket-ssl-perl |
|
JSON |
libjson-perl |
|
Locale::Maketext |
liblocale-maketext-perl |
|
Locale::Maketext::Lexicon |
liblocale-maketext-lexicon-perl |
Optional, needed for internationalization |
Locale::Msgfmt |
liblocale-msgfmt-perl |
Optional, needed for internationalization |
LWP |
libwww-perl |
|
URI |
liburi-perl |
|
version |
libversion-perl |
Must be version 0.77 or newer, included with perl 5.10.1 and newer. |
Note: to install all the above:
apt-get install
libalgorithm-diff-perl
libarchive-tar-perl
libauthen-sasl-perl
libcgi-pm-perl
libcgi-session-perl
libcrypt-passwdmd5-perl
libdigest-sha-perl
libencode-perl
liberror-perl
libfile-copy-recursive-perl
libhtml-parser-perl
libhtml-tree-perl
libio-socket-ip-perl
libio-socket-ssl-perl
libjson-perl
liblocale-maketext-perl
liblocale-maketext-lexicon-perl
liblocale-msgfmt-perl
libwww-perl
liburi-perl
libversion-perl
Optional dependencies
Install as needed.
Perl Module |
Package to install |
Notes |
Apache2::Request |
libapache2-request-perl |
Required if using Apache 2 and mod_perl |
DBI |
libdbi-perl |
Used for the Foswiki Page cache |
DBD::mysql |
libdbd-mysql-perl |
Used for MySQL based Page Cache |
DBD::Pg |
libdbd-pg-perl |
Used for PostgreSQL based Page Cache |
DBD::SQLite |
libdbd-sqlite3-perl |
Used for SQLite based Page Cache |
FCGI |
libfcgi-perl |
Optional, needed for fastcgi / fcgi apache modules |
After expanding the Foswiki archive, change the ownership of the files:
- Debian, Ubuntu, Kubunto:
chown -R www-data:www-data /path/to/foswiki
Apache user should issue the following commands:
-
a2enmod rewrite
- Enables mod_rewrite
-
a2enmod cgi
OR a2enmod cgid
- Enables CGI. May need cgid if using a threaded mpm.
-
a2enmod access_compat
- Apache 2.4: Enables compatibility with foswiki example apache configurations.
RedHat, SuSE, CentOS and other RPM based distributions
Minimum requirements
Install apache2, rcs, and perl-CPAN
Perl Module |
Package to install |
Notes |
Algorithm::Diff |
perl-Algorithm-Diff |
|
Archive::Tar |
perl-Archive-Tar |
*First shipped in perl 5.9.3 |
Authen::SASL |
perl-Authen-SASL |
|
CGI |
perl-CGI |
|
CGI::Session |
perl-CGI-Session |
|
Crypt::PasswdMD5 |
perl-Crypt-PasswdMD5 |
|
Digest::SHA |
perl-Digest-SHA |
*First shipped in perl 5.9.3 |
Encode |
perl-Encode |
|
Error |
perl-Error |
|
File::Copy::Recursive |
perl-File-Copy-Recursive |
|
HTML::Parser |
perl-HTML-Parser |
|
HTML::Tree |
perl-HTML-Tree |
|
IO::Socket::IP |
perl-IO-Socket-IP |
First shipped perl 5.19.8 |
IO::Socket::SSL |
perl-IO-Socket-SSL |
|
JSON |
perl-JSON |
|
Locale::Language |
perl-Locale-Codes |
|
Locale::Maketext |
perl-Locale-Maketext |
|
Locale::Maketext::Lexicon |
perl-Locale-Maketext-Lexicon |
Optional, needed for internationalization |
Locale::Msgfmt |
perl-Locale-Msgfmt |
Optional, needed for internationalization |
LWP |
perl-libwww-perl |
|
URI |
perl-URI |
|
version |
perl-Perl-Version |
Must be version 0.77 or newer, included with perl 5.10.1 and newer. |
Optional dependencies
Install as needed.
Perl Module |
Package to install |
Notes |
Apache2::Request |
perl-libapreq2 |
Required if using Apache 2 and mod_perl |
DBI |
|
Used for the Foswiki Page cache |
DBD::mysql |
|
Used for MySQL based Page Cache |
DBD::Pg |
|
Used for PostgreSQL based Page Cache |
DBD::SQLite |
|
Used for SQLite based Page Cache |
After expanding the Foswiki archive, change the ownership of the files:
- RedHat, Fedora, CentOS Mandriva: chown -R apache:apache /path/to/foswiki=
- Suse:
chown -R wwwrun:www /path/to/foswiki
Gentoo (ebuild) based distributions
Minimum requirements
Install
www-servers/apache
,
dev-vcs/rcs
, and
dev-lang/perl
Perl Module |
Package to install |
Notes |
Algorithm::Diff |
dev-perl/Algorithm-Diff |
|
Apache2::Request |
www-apache/libapreq2 |
Required if using Apache 2 and mod_perl |
Archive::Tar |
perl-Archive-Tar |
*First shipped in perl 5.9.3 |
Authen::SASL |
dev-perl/Authen-SASL |
Optional, needed for authenticated SMTP |
CGI |
perl-core/CGI |
|
CGI::Session |
dev-perl/CGI-Session |
|
Crypt::PasswdMD5 |
dev-perl/Crypt-PasswdMD5 |
|
Digest::SHA |
perl-core/Digest-SHA |
Included with perl |
Error |
dev-perl/Error |
|
Encode |
perl-core/Encode |
|
File::Copy::Recursive |
dev-perl/File-Copy-Recursive |
|
HTML::Parser |
dev-perl/HTML-Parser |
|
HTML::Tree |
dev-perl/HTML-Tree |
|
IO::Socket::IP |
dev-perl/IO-Socket-IP |
|
IO::Socket::SSL |
dev-perl/IO-Socket-SSL |
Optional, support encrypted email connection: STARTTLS or SSL |
JSON |
dev-perl/JSON |
|
Locale::Maketext |
dev-perl/locale-maketext |
|
Locale::Maketext::Lexicon |
dev-perl/locale-maketext-lexicon |
Optional, needed for internationalization |
Locale::Msgfmt |
dev-perl/Locale-Msgfmt |
Optional, needed for internationalization |
LWP |
dev-perl/libwww-perl |
|
version |
perl-core/version |
Must be version 0.77 or newer, included with perl 5.10.1 and newer. |
URI |
dev-perl/URI |
|
* Packages in
perl-core/
generally are installed with perl. May be directly installed if updated versions are available.
Optional dependencies
Install as needed.
Perl Module |
Package to install |
Notes |
Apache2::Request |
libapache2-request-perl |
Required if using Apache 2 and mod_perl |
DBI |
|
Optional - Used for the Foswiki Page cache |
DBD::mysql |
|
Optional - Used for MySQL based Page Cache |
DBD::Pg |
|
Optional - Used for PostgreSQL based Page Cache |
DBD::SQLite |
|
Optional - Used for SQLite based Page Cache |
After expanding the Foswiki archive, change the ownership of the files:
-
chown -R apache:apache /var/www/path-to-foswiki
Installation with cpanminus
Perl dependencies can also be installed on most systems using
cpanm
, aka
App::cpanminus
. On most unix* systems,
cpanminus
can bootstrap itself using curl or wget.
If run as root, the modules will be installed in the System perl. Otherwise they are installed into the users local environment.
curl -L http://cpanmin.us | perl - App::cpanminus (optional - install cpanminus if not available )
cpanm Algorithm::Diff Archive::Tar Authen::SASL CGI CGI::Session Crypt::PasswdMD5 DBI DBD::mysql DBD::Pg DBD::SQLite Digest::SHA Error Encode File::Copy::Recursive HTML::Parser HTML::Tree IO::Socket::IP IO::Socket::SSL JSON Locale::Maketext Locale::Maketext::Lexicon Locale::Msgfmt LWP version URI
If you want to install the dependendencies into a specified location, add the
"-l"
option to cpanm, and add the lib path to
bin/LocalLib.cfg
. The dependencies will be installed under the specified location, in the
lib/perl5
subdirectory.
Example: User "foswiki" logs in and installs the libraries locally under the foswikideps directory:
cpanm -l foswikideps Algorithm::Diff Archive::Tar ... (install libraries into =/home/foswiki/foswikideps=)
/path/to/foswiki/bin/LocalLib.txt
is then edited, and the commented line is modified:
# @localPerlLibPath = ( '/path/to/dir', '/path/to/another/dir', );
@localPerlLibPath = ( '/home/foswiki/foswikideps/lib/perl5', );
Foswiki will now run using the libraries installed by cpanm.
Client Requirements
The standard installation has relatively low browser requirements:
- XHTML 1.0 Transitional compliant
- Cookies, if persistent sessions are required
- Javascript, is required for configure, edit save and upload functionality. Foswiki is viewable without javascript.
CSS and Javascript are used in most skins. Some skins will require more recent releases of browsers. The default (Pattern) skin is tested on IE 6+, Safari, Chrome and Firefox.
You can easily select a balance of browser capability versus look and feel. Try the installed skins at System.SkinBrowser and more at Foswiki:Extensions.SkinPackage.
Uploading the Foswiki distribution to your web server host
If you cannot unpack the Foswiki distribution directly in your installation directory, you can unpack the distribution on your local computer, manually create the directory structure on your host server and upload the files as follows:
- Using the table below, create a directory structure on your host server
- Upload the Foswiki files by FTP (transfer as text except for the image files in
pub
directory.)
- Note: Don't worry if you are not able to put the
lib
directory at the same level as the bin
directory. You can create this directory elsewhere and configure the bin/setlib.cfg
file. Foswiki dir: | What it is: | Where to copy: | Example: |
foswiki | start-up pages | root Foswiki dir | /home/smith/public_html/foswiki/ |
foswiki/bin | CGI bin | CGI-enabled dir | /home/smith/public_html/foswiki/bin |
foswiki/lib | library files | same level as bin | /home/smith/public_html/foswiki/lib |
foswiki/locale | language files | dir secure from public access | /home/smith/public_html/foswiki/locale |
foswiki/pub | public files | htdoc enabled dir | /home/smith/public_html/foswiki/pub |
foswiki/data | topic data | dir secure from public access | /home/smith/public_html/foswiki/data |
foswiki/templates | web templates | dir secure from public access | /home/smith/public_html/foswiki/templates |
foswiki/tools | Foswiki utlilities | dir secure from public access | /home/smith/public_html/foswiki/tools |
foswiki/working | Temporary and internal files | dir secure from public access | /home/smith/public_html/foswiki/working |
About Administrators
Administrators have read and write access to any topic, regardless of any access controls that have been applied to the topic or its web. Administrators also have access to configure unless further restricted.
The default setup in Foswiki is that members of Main.AdminGroup have administrator privileges. Any member of the Main.AdminGroup can add subsequent members to that group.
To more easily debug access control issues, you may want to have a regular Foswiki user account for daily use, and a special one that belongs to the AdminGroup
that you use only for administering your Foswiki site. See System.AccessControls for more information on access controls and user groups.
Foswiki 2.0 has changed how configure is protected. You no longer need to establish special protections within the web server configuration.
There are now several choices for how to protect configure:
- Option 1 Restrict configure to members of the AdminGroup:
- This is the default configuration. You don't need to set anything special from within configure.
- After you save your configuration, be sure to register a user and add them to the AdminGroup before you log out from the initial super admin login. Once you log out, you'll be blocked from any further configure access unless you can log in as a user in the AdminGroup. The default behaviour is that members of the AdminGroup have access to
bin/configure
- Option 2 Restrict configure to a defined list of users:
- Visit the "Security and Authentication" tab, "Access control" sub-tab.
- Set
{FeatureAccess}{Configure}
to a list of WikiNames that will be allowed access to configure.
- This setting overrides use of the AdminGroup, and these users do not have to be members of the AdminGroup.
- If you want the admin super-user to also have access to configure, you need to include "BaseUserMapping_333" in that list.
- Option 3 Define a "super user" ID and allow it access to configure (This is not recommended)
- Visit the "Security and Authentication" tab, "Passwords" tab. Enable "Expert" options. Set the
{Password}
field to a hashed ApacheMD5
encoded password.
- See #InternalAdmin for more information.
You must at least do one of the above before closing your browser or logging out from the temporary admin authority established during bootstrap. Once you
close your browser, you have to have a usable id to run configure or you'll need to add a super-user admin login using the command line.
Establishing an internal admin login (optional)
Don't log in with the wikiname AdminUser, and never register or set a password for AdminUser.
There is an optional internal admin (Main.AdminUser) which is accessed by logging in with user admin
and a password set in the configuration. Foswiki 2.0 no longer enables the internal admin by default.
User Authentication Options
The most common authentication methods used for public Foswiki installations are Template Login and Apache Login. They have the following relative advantages:
- Template Login can be set up without any web server configuration, and users can log off without restarting the browser. As the login page is just a Wiki page, you can customize it to suit your needs.
- Apache Login allows you to use any Apache-module based authentication scheme, such as
mod_auth_ldap
or mod_auth_mysql
. However, as your browser is caching your login, you must restart the browser to log out.
Note that the password databases for both of these authentication mechanisms are compatible, so you can switch between them at a later date.
Template Login authentication
Template Login asks for a username (or optionally e-mail address) and password in a web page, and processes them using whatever Password Manager you choose. Users can log in and log out. Client Sessions are used to remember users. Users can choose to have their session remembered so they will automatically be logged in the next time they start their browser.
Enabling Template Login
By default, your Foswiki installation is probably already using TemplateLogin, HtPasswdUser and
TopicUserMappingContrib as the default
Login
,
Password
and
user mapping
options.
- Using
configure
, Security And Authentication
tab
- Navigate to the
Login
tab on the Security and Authentication
panel. Select the Foswiki::LoginManager::TemplateLogin
login manager.
- Navigate to the
Passwords
tab. Select the appropriate PasswordManager
for your system - the default is Foswiki::Users::HtPasswdUser
. There is an EXPERT configure setting
{TemplateLogin}{PreventBrowserRememberingPassword}
that you can set to prevent Browsers from remembering username and passwords if you are concerned about public terminal usage.
There is an EXPERT configure setting
{TemplateLogin}{AllowLoginUsingEmailAddress}
that you can set to allow users to login using their password system registered e-mail addresses.
Apache Login authentication
With Apache Login enabled, when Foswiki needs to authenticate the user, the standard HTTP authentication mechanism is used: the browser itself will prompt for a user name and password.
The rest of this section describes Webserver Login using the Apache web server, but the same process is applicable to other webserver implementations as well (though you may require a customised version of the ApacheLogin module to do it).
The advantage of this scheme is that if you have an existing website authentication scheme using Apache modules such as mod_auth_ldap
or mod_auth_mysql
you can just plug in to them directly.
The disadvantage is that because the user identity is cached in the browser, you can log in, but you can't log out again unless you restart the browser.
Foswiki maps the REMOTE_USER
that was used to log in to the webserver to a WikiName using the table in Main.WikiUsers. This table is updated whenever a user registers, so users can choose not to register (in which case their webserver username is used for their signature) or register (in which case that username is mapped to their WikiName).
The same private .htpasswd
file used in Foswiki Template Login can be used to authenticate Apache users, using the Apache Basic Authentication support.
Do
not use the Apache
htpasswd
program to modify
.htpasswd
files generated by Foswiki!
htpasswd
wipes out e-mail addresses that Foswiki saves in the info fields of this file.
Apache Login is required for Apache-based login methods such as
mod_ldap
You can use any Apache authentication module that sets the
REMOTE_USER
environment variable.
To set up Apache Login, perform the following steps:
- Configure Apache Login. Under the
Security and Authentication
pane on the Login
tab in configure
:
- Select
Foswiki::LoginManager::ApacheLogin
for {LoginManager}
.
- Select
Foswiki::Users::HtPasswdUser
for {PasswordManager}
.
- Select
Foswiki::Users::TopicUserMapping
for {UserMappingManager}
.
- Save your settings.
- Configure your Apache settings for HTTP authentication. Use the Foswiki:Support.ApacheConfigGenerator tool or the
foswiki/bin-htaccess.txt
file to set the following Apache directives on the bin
scripts:(This example is for Apache 2.2, there are changes required if using Apache 2.4)
AuthType Basic
<FilesMatch "(attach|edit|manage|rename|save|upload|mail|logon|.*auth).*">
require valid-user
</FilesMatch>
You can also refer to the sample foswiki_httpd_conf.txt
and bin-htaccess.txt
files to see how the appropriate Apache directives are specified.
Testing your authentication configuration:
- Verify that registration works by registering yourself with the System.UserRegistration topic. If there are problems, try these troubleshooting tips:
- Note: If e-mail is enabled in configure, Foswiki will not allow any new registrations unless e-mail is functional. In order to avoid issues, return to the
Mail and Proxies
, Email Test
tab in configure
and verify that Foswiki can successfully send e-mail.
- If your PasswordManager is
HtPasswdUser
(the default), check the .htpasswd
file is being updated correctly with a new entry. If not, check {Htpasswd}{FileName}
is correct (under Security and Authentication
on the Password
tab in configure
), and that the webserver user has write permission.
- Create a new topic (in Sandbox web for example) to confirm that authentication works.
- Add users to the Main.AdminGroup. Edit the Main.AdminGroup topic in the Main web to include users that should have administrator status. Read defining adminstrator user(s) for more information.
This is a very important step, as users in this group can access
all topics, independent of Foswiki access controls.
Configuring Foswiki manually (without using the configure
page)
Foswiki 2.0 includes a shell based configuration tool that can be run from a
server command-line login. It will bootstrap the configuration, and prompt
for settings as required. Here is an example of using it for an interactive
command line bootstrap:
$ tools/configure -save
LocalSite.cfg load failed
AUTOCONFIG: Found Bin dir: /var/www/foswiki/distro/core/tools, Script name:
configure using FindBin
AUTOCONFIG: PubDir = /var/www/foswiki/distro/core/pub
AUTOCONFIG: DataDir = /var/www/foswiki/distro/core/data
AUTOCONFIG: WorkingDir = /var/www/foswiki/distro/core/working
AUTOCONFIG: ToolsDir = /var/www/foswiki/distro/core/tools
AUTOCONFIG: TemplateDir = /var/www/foswiki/distro/core/templates
AUTOCONFIG: LocalesDir = /var/www/foswiki/distro/core/locale
AUTOCONFIG: ScriptDir = /var/www/foswiki/distro/core/bin
AUTOCONFIG: Unable to use PlainFileStore: ,v files were found in data or pub,
which indicates this installation is already configured for RCS e.g.
/var/www/foswiki/distro/core/data/WFWeb/WebChanges.txt,v
AUTOCONFIG: Store configured for RcsLite
AUTOCONFIG: {Store}{SearchAlgorithm} set to Forking
AUTOCONFIG: Detected OS UNIX: DetailedOS: linux
** Enter values for critical configuration items.
** type a new value or hit return to accept the value in brackets.
This is the root of all Foswiki URLs.
For example, =http://myhost.com:123=
(do not include the trailing slash.)
{DefaultUrlHost} (http://localhost): http://myhost.com
This is the 'cgi-bin' part of URLs used to access the Foswiki bin
directory. For example =/foswiki/bin=.
See [[http://foswiki.org/Support/ShorterUrlCookbook][ShorterUrlCookbook]]
for more information on setting up Foswiki to use shorter script URLs.
{ScriptUrlPath} (/foswiki/bin):
...
It can also be run in a non-interactive mode, for use in automated deployment
systems.
tools/configure -save -noprompt
tools/configure -save -set {DefaultUrlHost}='http://mysite.com'
tools/configure -save -set {ScriptUrlPath}='/bin'
tools/configure -save -set {ScriptUrlPaths}{view}=''
tools/configure -save -set {PubUrlPath}='/pub'
tools/configure -save -set {Password}='adminpass'
Any configuration keys may be set using this tool.
To run a wizard, for example autoconfiguration of email:
tools/configure -save -set {WebMasterEmail}='user@email.com'
tools/configure -save -set {SMTP}{MAILHOST}='smtpserver.email.com'
tools/configure -save -set {SMTP}{Username}='userid'
tools/configure -save -set {SMTP}{Password}='password'
tools/configure -save -wizard AutoConfigureEmail -method autoconfigure
And the configuration can then be checked, with optional verbose output:
(Without -verbose, only errors and warnings are reported.)
tools/configure -check -verbose
Configuration settings can be searched and queried as well:
tools/configure -search Umask
tools/configure -getcfg {Store}
TWiki Compatibility
Foswiki is 100% backwards compatible with TWiki™ markup up to and including TWiki 4.2.4. Existing TWiki webs, topics and attachments can be used with Foswiki without requiring any changes.
To support a seamless upgrade from TWiki, Foswiki ships with a plugin called TWikiCompatibilityPlugin
. This plugin enables most TWiki extensions to work with Foswiki, without modifications. It also maps requests for legacy TWiki web topics to their Foswiki equivalents, as defined in Foswiki:Development.TopicNameMappingTable. The TWIKIWEB
and MAINWEB
TWiki variables are also mapped to the new Foswiki macros SYSTEMWEB
and USERSWEB
.
If you are not upgrading an existing TWiki installation and do not plan to install plugins from the TWiki web site, it is recommended that you disable the TWikiCompatibilityPlugin in the Plugins Section on the configure
page.
If a plugin exists both in a TWiki version and a Foswiki version, it is strongly recommended that you use the Foswiki version, as this is coded to work optimally with Foswiki. As part of the Foswiki project, the Foswiki community is evaluating all of the extensions that are available for TWiki, and porting them over to the Foswiki name space. Many of them are being enhanced through the removal of bugs and security vulnerabilities, resulting in better, more functional extensions for Foswiki.
TWiki is a registered trademark of Peter Thoeny.
Related Topics: InstallationGuidePart2, AdminDocumentationCategory, Foswiki:Support.SupplementalDocuments