TWiki Installation Guide

The following is installation instructions for the TWiki Dakar production release on an Apache web server on Linux. Visit TWiki:TWiki.InstallingTWiki for the latest updates to this guide and supplemental information for installing or upgrading TWiki, including notes on installing TWiki on other platforms.

Preparing to install TWiki

Before attempting to install TWiki, you are encouraged to review the TWiki:TWiki.AdminSkillsAssumptions. This guide assumes the person installing TWiki has, at a minimum, basic knowledge of server administration and cgi script management on the system on which TWiki is to be installed. While it is possible to install TWiki with FTP access alone (for example, on a hosted site), it is tricky and may require additional support from your hosting service (for example, in setting file ownership).

To help setup a correct Apache configuration, you can use the automatic TWIki:TWiki.ApacheConfigGenerator which generates the contents for an Apache config file for TWiki based on your inputs.

While this installation guide specifically describes installation on an Apache web server on Linux, TWiki should be fine with any web server and OS that meet the system requirements. For additional notes on installing TWiki on other systems, see TWiki:TWiki.InstallingTWiki#OtherPlatforms.

If you are installing TWiki without Unix/Linux root (administrator) privileges (for example, on a hosted domain), see Notes on Installing TWiki on Non-Root Account for supplemental instructions to the basic steps presented below.

If you are upgrading from an earlier major version of TWiki such a Cairo (TWiki 3) you will need the information found in TWiki:TWiki.TWikiUpgradeGuide which includes a description of both an automated and a manual procedure. The manual procedure is probably the safest to follow but takes more time. The upgrade guide describes essential steps needed to avoid problems with locked topics.

Upgrading from a recent TWiki4 release is much simpler. Upgraders from earlier TWiki4 versions can with advantage follow the steps described in TWiki:TWiki.UpgradingTWiki04x00PatchReleases to ensure a safe upgrade without accidently overwriting customizations.

If you need help, ask a question in the TWiki:Support web or on TWiki:Codev.TWikiIRC (irc.freenode.net, channel #twiki)

Basic Installation

  1. Download the TWiki distribution from http://TWiki.org/download.html.
  2. Make a directory for the installation and unpack the distribution in it. In the rest of this document we assume this directory is called twiki.
  3. Make sure the user that runs CGI scripts on your system can read and write all files in the distribution.
    Detailed instructions on file permissions are beyond the scope of this guide, and the best and safest set of file and directory permissions depend on the actual server environment. For Unix/Linux see TWIki:TWiki.SettingFileAccessRightsLinuxUnix which contains scripts to setup the right file and directory access rights.
    The general rules for access rights are:
    • During installation and configuration, the CGI user needs to be able to read and write everything in the distribution,
    • Once installation and configuration is complete, the CGI user needs write access to everything under the data and pub directories and to twiki/lib/LocalSite.cfg. Everything else should be read-only.
    • Everybody else should be denied access to everything, always.
  4. Make sure Perl 5 and the Perl CGI library are installed on your system.
    The default location of Perl is /usr/bin/perl. If it's somewhere else, change the path to Perl in the first line of each script in the twiki/bin directory.
    HELP Some systems require a special extension on perl scripts (e.g. .cgi or .pl). If necessary, rename all files in twiki/bin (i.e. rename view to view.pl etc). If you do this, make sure you set the ScriptSuffix option in configure (Step 6).
  5. Create the file twiki/bin/LocalLib.cfg.
    There is a template for this file in twiki/bin/LocalLib.cfg.txt.
    (Make sure you do not mix up twiki/bin/LocalLib.cfg.txt with the similarly named twiki/lib/LocalSite.cfg.txt which you should normally never need to copy or touch.)
    The file twiki/bin/LocalLib.cfg.txt must contain a setting for $twikiLibPath, which must point to the absolute file path of your twiki/lib e.g. /home/httpd/twiki/lib.
    HELP If you need to install additional CPAN modules, but can't update the main Perl installation files on the server, you can set $CPANBASE to point to your personal CPAN install. Don't forget that the webserver user has to be able to read those files as well.
  6. Configure the webserver so you can execute the bin/configure script from your browser. But limit the access to either localhost, an IP address or a specific user using basic Apache authentication. You should never leave the configure script open to the public.
    • If you are unsure about how to do this on your system, see TWiki:TWiki.InstallingTWiki#OtherPlatforms for links to information about various server setups. There is an example Apache httpd.conf file in twiki_httpd_conf.txt at the root of the package. This file also contains advice on securing your installation. There's also a script called tools/rewriteshebang.pl to help you in fixing up the shebang lines in your CGI scripts.
  7. Run the configure script from your browser (i.e. enter http://yourdomain/twiki/bin/configure into your browser address bar) and resolve any errors or warnings it tells you about.
    ALERT! When you run configure for the first time, remember to first set the General Path Settings, save these settings, and then return to configure to continue configuration.
    When you return to configure you now need to setup Mail and Proxies. Especially the {WebMasterEmail}, and {SMTP}{MAILHOST} must be defined to enable TWiki to send registration emails. Many ISPs have introduced authentication when sending emails to fight spam so you may also have to set {SMTP}{Username} and {SMTP}{Password}.

You now have a basic, unauthenticated installation running. At this point you can just point your Web browser at http://yourdomain.com/twiki/bin/view and start TWiki-ing away!

Important Server Security Settings

Before you continue any further there are some basic and very important security settings you have to make sure are set correctly.
  • You should protect the configure script from general access. The configure script the tool is designed for use by administrators only and should be restricted to invocation by them only, by using the basic Apache authentication. Because of this there has not been put much effort into hardening the script. The configure script cannot save any settings once the password has been saved the first time, but the script could still be vulnerable to specially crafted field values and the script reveals many details about the webserver that you should not display in public.
  • You absolutely must turn off any kind of PHP, Perl, Python, Server Side Includes etc in the pub directory. TWiki has some builtin protection which renames files with dangerous filenames by appending .txt to the filename. But this is a secondary security measure. The essential action that you must take is to turn off any possible execution of any of the attached files.
    Most Linux distributions have a default Apache installation which has PHP and server side include (SSI) enabled. The twiki_httpd_conf.txt file provided in the root of the twiki directory is an example of an Apache config file which you would normally include from httpd.conf. In many distributions this happens automatically if the file is copied to a specific directory (Example RedHat/Fedora/Centos: /etc/httpd/conf.d) and has suffix .conf. This example file shows how to protect the pub directory from executing both PHP scripts and server side includes.
    If you do not have access to the apache config files you can normally control control access by placing a file called .htaccess in the directory you want to protect. The pub-htaccess.txt file provided in the root of the twiki directory is an example of an Apache .htaccess file which protects against execusion of PHP and SSI scripts.
  • Make sure that you deny access to all other twiki directories than the bin and pub directories. When you have access to the Apache config files the twiki_httpd_conf.txt file mentioned above also contains protection of these directories.
    For those that do not have access to the Apache config files a sample subdir-htaccess.txt file can be copied as .htaccess to the data, lib, locale, templates and tools directories.
The TWIki:TWiki.ApacheConfigGenerator will help you address all 3 security elements.

Next Steps (optional)

Once you have TWiki installed and running, you might consider the following optional steps for setting up and customizing your TWiki site. Many of the references below refer to topics within your TWiki installation. For example, TWiki.TWikiSkins refers to the TWikiSkins topic in your TWiki web. If not available locally, you can find these topics in the on-line reference copy of TWiki Release 4.0.

Enable Authentication of Users

This step provides for site access control and user activity tracking on your TWiki site. This is particularly important for sites that are publicly accessible on the web. This guide describes only the most common of several possible authentication setups for TWiki and is suitable for public web sites. For information about other setups, see TWiki.TWikiUserAuthentication, and TWiki:TWiki.TWikiUserAuthenticationSupplement.

These are the steps for enabling "Template Login" which asks for a username and password in a web page, and processes them using the Apache 'htpasswd' password manager. Users can log in and log out.

  1. Under the Security Settings pane of configure :
    1. Select TWiki::Client::TemplateLogin for {LoginManager}.
    2. Select TWiki::Users::HtPasswdUser for {PasswordManager}.
    3. Save your configure settings.
  2. Register yourself using the TWiki.TWikiRegistration topic.
    HELP Check that the password manager recognizes the new user. Check that a new line with the username and encrypted password is added to the data/.htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file.
  3. Edit a topic (by clicking on the Edit link at beginning or end of topic) to check if authentication works.
  4. Edit the Main/TWikiAdminGroup topic to include users with system administrator status. Additional instructions are provided in that topic.
    ALERT! This is a very important step, as users in this group can access all topics, independent of TWiki access controls.
  5. Clear admin notes: Some pages are meant to be customized after choice of authentication - check and update these topics (remove notice): Main.TWikiAdminGroup, TWiki.ChangePassword, TWiki.ResetPassword, and TWiki.ChangeEmailAddress.

You are strongly encouraged to read TWiki.TWikiUserAuthentication, TWiki:TWiki.TWikiUserAuthenticationSupplement, and TWiki:TWiki.SecuringTWikiSite for further information about managing users and security of your TWiki site.

Set TWiki Preferences

Preferences for customizing many aspects of TWiki are set simply by editing a special topic with TWiki.

  • Edit TWiki.TWikiPreferences. Read through it and set any additional settings you think you might need. (You can click the 'Edit' button near the top to edit the settings in place).
  • IDEA! Alternately, you can copy any settings or variables that you want to customize from TWiki.TWikiPreferences and paste them into Main.TWikiPreferences. This will protect your local customizations from being overwritten in later upgrades. See notes at top of TWiki.TWikiPreferences for more information.

Enable Email Notification

Each TWiki web has an automatic email notification service that sends you an email with links to all of the topics modified since the last alert. To enable this service:

  1. Confirm the Mail and Proxies settings in the Configure interface.
  2. Setup a cron job (or equivalent) to call the bin/mailnotify script as described in the TWiki.MailerContrib topic.

Enable WebStatistics

You can generate a listing manually, or on an automated schedule, of visits to individual pages, on a per web basis. For information on setting up this feature, see the TWiki.TWikiSiteTools topic.

Enable Localisation

TWiki now supports displaying of national (non-ascii) characters and presentation of basic interface elements in different languages. To enable these features, see the Localisation section of configure. For more information about these features, see TWiki:TWiki.InternationalizationSupplement.

Tailor New Users Home Topic

When a new users registers on your TWiki a home topic is created for him based on the TWiki/NewUserTemplate template topic. This can be tailored. It contains additional resources you can use to:

  • Localise the user topic.
  • Add a default ALLOWTOPICCHANGE so only the user can edit his own home topic. We do not encourage this for Intranet sites as it sends a wrong signal to new users, but it can be necessary on a public TWiki to avoid that the user topics get spammed.
  • Install Plugins

    TWiki:Plugins is an extensive library of Plugins for TWiki, that enhance functionality in a huge number of ways. A few plugins are pre-installed in the TWiki distribution. For more information on these, see TWiki.InstalledPlugins.

    You activate installed plugin in the Plugins section of configure. In this section you also find a Find More Extensions button which opens an application which can install additional plugins from the TWiki.org website. If you are behind a firewall or your server has no access to the Internet it is also possible to install plugins manually. Manual installation instructions for the plugins can be found in the plugin topics on TWiki.org. Additional documenation on TWiki plugins can be found at TWiki:TWiki.TWikiPluginsSupplement.

    Some plugins require that you define their settings in configure. You fill find these under the Extensions section of configure.

    Customize your TWiki!

    The real power of TWiki lies in it's flexibility to be customized to meet your needs. A good place to start for exploring what's possible is TWiki:TWiki.TWikiAdminCookBook which offers tips and tricks for customizing your TWiki site. Many of these are appropriate to implement immediately after installing TWiki and before adding content so now's a good time to look at these. If you would like to customize the look of your TWiki, see TWiki:TWiki.TWikiSkinsSupplement.

    Troubleshooting

    The first step is to re-run the configure script and make sure you have resolved all errors, and are satisfied that you understand any warnings.

    Failing that, please check the topics listed below which include important tips for HP-UX, Solaris, OS/390, and many other platforms.

    It is also advisable to review TWiki:Codev.KnownIssuesOfTWiki04x00x00.

    If you need help, ask a question in the TWiki:Support web or on TWiki:Codev/TWikiIRC (irc.freenode.net, channel #twiki)

    Appendixes

    TWiki System Requirements

    Low client and server base requirements are core features that keep TWiki widely deployable, particularly across a range of browser platforms and versions.

    Server Requirements

    TWiki is written in Perl 5, uses a number of shell commands, and requires RCS (Revision Control System), a GNU Free Software package. TWiki is developed in a basic Linux/Apache environment. It also works with Microsoft Windows, and should have no problem on any other platform that meets the requirements.

    Resource Required Server Environment *
    Perl 5.8.4 or higher is recommended
    RCS 5.7 or higher (including GNU diff)
    Optional, TWiki includes a pure perl implementation of RCS that can be used instead (although it's slower)
    GNU diff GNU diff 2.7 or higher is required when not using the all-Perl RcsLite.
    Install on PATH if not included with RCS (check version with diff -v)
    Must be the version used by RCS, to avoid problems with binary attachments - RCS may have hard-coded path to diff
    Other external programs fgrep, egrep
    Cron/scheduler • Unix: cron
    • Windows: cron equivalents
    Web server Apache is well supported; for information on other servers, see TWiki:TWiki.InstallingTWiki#OtherWebServers.

    Required CPAN Modules

    The following Perl CPAN modules are used by TWiki:
    Module Preferred version
    Algorithm::Diff (included)  
    CGI::Carp >=1.26
    Config >=0
    Cwd >=3.05
    Data::Dumper >=2.121
    Error (included)  
    File::Copy >=2.06
    File::Find >=1.05
    File::Spec >=3.05
    FileHandle >=2.01
    IO::File >=1.10
    Text::Diff (included)  
    Time::Local >=1.11

    Optional CPAN Modules

    The following Perl modules may be used by TWiki:
    Module Preferred version Description
    Archive::Tar   May be required by the Extensions Installer in configure if command line tar or unzip is not available
    CGI::Cookie >=1.24 Used for session support
    CGI::Session >=3.95 Highly recommended! Used for session support
    Digest::base    
    Digest::SHA1    
    Jcode   Used for I18N support with perl 5.6
    Locale::Maketext::Lexicon >=0 Used for I18N support
    Net::SMTP >=2.29 Used for sending mail
    Unicode::Map   Used for I18N support with perl 5.6
    Unicode::Map8   Used for I18N support with perl 5.6
    Unicode::MapUTF8   Used for I18N support with perl 5.6
    Unicode::String   Used for I18N support with perl 5.6
    URI   Used for configure

    Most of them will probably already be available in your installation. You can check version numbers with the configure script, or if you're still trying to get to that point, check from the command line like this:

    perl -e 'use FileHandle; print $FileHandle::VERSION."\n"'
    

    Client Requirements

    The TWiki standard installation has relatively low browser requirements:

    • HTML 3.2 compliant
    • Cookies, if persistent sessions are required

    CSS and Javascript are used in most skins, although there is a low-fat skin (Classic skin) available that minimises these requirements. Some skins will require more recent releases of browsers. The default skin (Pattern) is tested on IE 6, Safari, and Mozilla 5.0 based browsers (such as Firefox).

    You can easily select a balance of browser capability versus look and feel. Try the installed skins at TWiki/TWikiSkinBrowser and more at TWiki:Plugins.SkinPackage.

    Important note about TWiki Plugins

    • Plugins can require just about anything - browser-specific functions, stylesheets (CSS), Java applets, cookies, specific Perl modules,... - check the individual Plugin specs.
      • TIP Note: Plugins included in the TWiki distribution do not add requirements, except for the CommentPlugin which requires Perl 5.6.1.

    Notes on Installing TWiki on Non-Root Account

    The following supplemental notes to the Basic Installation instructions apply to installing TWiki on a system where you don't have Unix/Linux root (administrator) privileges, for example, on a hosted Web account or an intranet server administered by someone else.

    Referring to the Basic Installation steps presented above:

    • Step 2: If you cannot unpack the TWiki distribution directly in your installation directory, you can unpack the distribution on your local PC and then manually create the directory structure on your host server and upload the files as follows:
      • Using the table below, create a directory structure on your host server
      • Upload the TWiki files by FTP (transfer as text except for the image files in pub directory.)
      • Note: Don't worry if you are not able to put the twiki/lib directory at the same level as the twiki/bin directory (e.g. because CGI bin directories can't be under your home directory and you don't have root access). You can create this directory elsewhere and configure the twiki/bin/setlib.cfg file (done in Step 2).

    TWiki dir: What it is: Where to copy: Example:
    twiki start-up pages root TWiki dir /home/smith/twiki/
    twiki/bin CGI bin CGI-enabled dir /home/smith/twiki/bin
    twiki/lib library files same level as twiki/bin /home/smith/twiki/lib
    twiki/locale language files dir secure from public access /home/smith/twiki/locale
    twiki/pub public files htdoc enabled dir /home/smith/twiki/pub
    twiki/data topic data dir secure from public access /home/smith/twiki/data
    twiki/templates web templates dir secure from public access /home/smith/twiki/templates
    twiki/tools TWiki utlilities dir secure from public access /home/smith/twiki/tools

    • Step 3: Files in the pub directory must be readable as a url. This means that directory permissions should be set to 755 (or 775 ) and file permissions should be set to 644 (or 664). If you can run a chmod command, you can accomplish this in two quick steps by running these commands from the root direct:
      1. chmod -R 755 pub
      2. chmod 644 `find pub -type f -print`
        • In addition, you should create a .htaccess file in the pub directory, using the template included in the root level of the distribution entitled pub-htaccess.txt.
        • Note: This setup does not provide for absolute security for TWiki attachments. For more information, see TWiki:Codev.SecuringYourTWiki.
    • Step 6: In order to run the configure script, create a file called .htaccess in the bin directory that includes the following single line: SetHandler cgi-script . This informs the server to treat all the perl scripts in the bin directory as scripts.

    For additional information about installing TWiki on a hosted accounts, see TWiki:TWiki.InstallingTWiki#WebHostingSites