TWiki Installation Guide

The following is installation instructions for the TWiki 4.1 production release on an Apache web server on Linux. Visit TWiki:TWiki.InstallingTWiki for the latest updates to this guide and supplemental information for installing or upgrading TWiki, including notes on installing TWiki on different platforms, environments and web hosting sites.

If you are upgrading from a previous version of TWiki, you probably want to read TWikiUpgradeGuide instead (both this document and the TWikiUpgradeGuide are also available in the root of the distribution as HTML files)

Preparing to install TWiki

Before attempting to install TWiki, you are encouraged to review the TWiki:TWiki.AdminSkillsAssumptions. This guide assumes the person installing TWiki has, at a minimum, basic knowledge of server administration and cgi script management on the system on which TWiki is to be installed. While it is possible to install TWiki with FTP access alone (for example, on a hosted site), it is tricky and may require additional support from your hosting service (for example, in setting file ownership).

To help setup a correct Apache configuration, you can use the automatic TWiki:TWiki.ApacheConfigGenerator which generates the contents for an Apache config file for TWiki based on your inputs.

While this installation guide specifically describes installation on an Apache web server on Linux, TWiki should be fine with any web server and OS that meet the system requirements (see below). For additional notes on installing TWiki on other systems, see TWiki:TWiki.InstallingTWiki#OtherPlatforms.

If you are installing TWiki without Unix/Linux root (administrator) privileges (for example, on a hosted domain), see "Notes on Installing TWiki on Non-Root Account" below for supplemental instructions to the basic steps presented below.

If you are upgrading from an earlier major version of TWiki such a Cairo (TWiki 3) you will need the information found in TWiki:TWiki.TWikiUpgradeGuide which includes a description of both an automated and a manual procedure. The manual procedure is probably the safest to follow but takes more time. The upgrade guide describes essential steps needed to avoid problems with locked topics.

Upgrading from a recent TWiki4 release is much simpler. Upgraders from earlier TWiki4 versions can with advantage follow the steps described in TWiki:TWiki.UpgradingTWiki04x00PatchReleases to ensure a safe upgrade without accidently overwriting customizations.

If you need help, ask a question in the TWiki:Support web or on TWiki:Codev.TWikiIRC (irc.freenode.net, channel #twiki)

Basic Installation

Download the TWiki distribution from http://TWiki.org/download.html.
Make a directory for the installation and unpack the distribution in it. In the rest of this document we assume this directory is called twiki.
Make sure the user that runs CGI scripts on your system can read and write all files in the distribution.
Detailed instructions on file permissions are beyond the scope of this guide, and the best and safest set of file and directory permissions depend on the actual server environment. For Unix/Linux see TWiki:TWiki.SettingFileAccessRightsLinuxUnix which contains scripts to setup the right file and directory access rights.
The general rules for access rights are:
- During installation and configuration, the CGI user needs to be able to read and write everything in the distribution.
- Once installation and configuration is complete, the CGI user needs write access to everything under the data and pub directories and to twiki/lib/LocalSite.cfg. Everything else should be read-only.
- Everybody else should be denied access to everything, always.
Make sure Perl 5 and the Perl CGI library are installed on your system.
The default location of Perl is /usr/bin/perl. If it's somewhere else, change the path to Perl in the first line of each script in the twiki/bin directory.
Some systems require a special extension on perl scripts (e.g. .cgi or .pl). If necessary, rename all files in twiki/bin (i.e. rename view to view.pl etc). If you do this, make sure you set the ScriptSuffix option in configure (Step 6).
Create the file twiki/bin/LocalLib.cfg.
There is a template for this file in twiki/bin/LocalLib.cfg.txt.
The file twiki/bin/LocalLib.cfg.txt must contain a setting for $twikiLibPath, which must point to the absolute file path of your twiki/lib e.g. /home/httpd/twiki/lib.
If you need to install additional CPAN modules, but can't update the main Perl installation files on the server, you can set $CPANBASE to point to your personal CPAN install. Don't forget that the webserver user has to be able to read those files as well.
Configure the webserver so you can execute the bin/configure script from your browser. But limit the access to either localhost, an IP address or a specific user using basic Apache authentication. You should never leave the configure script open to the public. See TWiki:TWiki.ApacheConfigGenerator which contains a tool that can generate a safe and working config file for TWiki on Apache.
- If you are unsure about how to do this on your system, see TWiki:TWiki.InstallingTWiki#OtherPlatforms for links to information about various server setups. There is an example Apache httpd.conf file in twiki_httpd_conf.txt at the root of the package. This file also contains advice on securing your installation. There's also a script called tools/rewriteshebang.pl to help you in fixing up the shebang lines in your CGI scripts.
Run the configure script from your browser (i.e. enter http://yourdomain/twiki/bin/configure into your browser address bar) and resolve any errors or warnings it tells you about.
When you run configure for the first time, you can only edit the section General Path Settings. Save these settings, and then return to configure to continue configuration.
When you return to configure you now need to setup Mail and Proxies. Especially the {WebMasterEmail}, and {SMTP}{MAILHOST} must be defined to enable TWiki to send registration emails. Many ISPs have introduced authentication when sending emails to fight spam so you may also have to set {SMTP}{Username} and {SMTP}{Password}.

You now have a basic, unauthenticated installation running. At this point you can just point your Web browser at http://yourdomain.com/twiki/bin/view and start TWiki-ing away!

Important Server Security Settings

Before you continue any further there are some basic and very important security settings you have to make sure are set correctly.

You should protect the configure script from general access. The configure script the tool is designed for use by administrators only and should be restricted to invocation by them only, by using the basic Apache authentication. Because of this there has not been put much effort into hardening the script. The configure script cannot save any settings once the password has been saved the first time, but the script could still be vulnerable to specially crafted field values and the script reveals many details about the webserver that you should not display in public.
You absolutely must turn off any kind of PHP, Perl, Python, Server Side Includes etc in the pub directory. TWiki has some builtin protection which renames files with dangerous filenames by appending .txt to the filename. But this is a secondary security measure. The essential action that you must take is to turn off any possible execution of any of the attached files.
Most Linux distributions have a default Apache installation which has PHP and server side include (SSI) enabled. The twiki_httpd_conf.txt file provided in the root of the twiki directory is an example of an Apache config file which you would normally include from httpd.conf. In many distributions this happens automatically if the file is copied to a specific directory (Example RedHat/Fedora/Centos: /etc/httpd/conf.d) and has suffix .conf. This example file shows how to protect the pub directory from executing both PHP scripts and server side includes.
If you do not have access to the apache config files you can normally control control access by placing a file called .htaccess in the directory you want to protect. The pub-htaccess.txt file provided in the root of the twiki directory is an example of an Apache .htaccess file which protects against execusion of PHP and SSI scripts.
Make sure that you deny access to all other twiki directories than the bin and pub directories. When you have access to the Apache config files the twiki_httpd_conf.txt file mentioned above also contains protection of these directories.
For those that do not have access to the Apache config files a sample subdir-htaccess.txt file can be copied as .htaccess to the data, lib, locale, templates and tools directories.

The TWIki:TWiki.ApacheConfigGenerator will help you address all 3 security elements.

Next Steps

Once you have TWiki installed and running, you might consider the following optional steps for setting up and customizing your TWiki site. Many of the references below refer to topics within your TWiki installation. For example, TWiki.TWikiSkins refers to the TWikiSkins topic in your TWiki web. If not available locally, you can find these topics in the on-line reference copy of TWiki Release 4.1.

Enable Authentication of Users

This step provides for site access control and user activity tracking on your TWiki site. This is particularly important for sites that are publicly accessible on the web. This guide describes only the most common of several possible authentication setups for TWiki and is suitable for public web sites. For information about other setups, see TWiki.TWikiUserAuthentication, and TWiki:TWiki.TWikiUserAuthenticationSupplement.

These are the steps for enabling "Template Login" which asks for a username and password in a web page, and processes them using the Apache 'htpasswd' password manager. Users can log in and log out.

Under the Security Settings pane of configure :
1. Select TWiki::Client::TemplateLogin for {LoginManager}.
2. Select TWiki::Users::HtPasswdUser for {PasswordManager}.
3. Save your configure settings.
4. Register yourself using the TWiki.TWikiRegistration topic.
  Check that the password manager recognizes the new user. Check that a new line with the username and encrypted password is added to the data/.htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file.
Edit a topic (by clicking on the Edit link at beginning or end of topic) to check if authentication works.
Edit the Main/TWikiAdminGroup topic to include users with system administrator status. Additional instructions are provided in that topic.
This is a very important step, as users in this group can access all topics, independent of TWiki access controls.
Clear admin notes: Some pages are meant to be customized after choice of authentication - check and update these topics (remove notice): Main.TWikiAdminGroup, TWiki.ChangePassword, TWiki.ResetPassword, and TWiki.ChangeEmailAddress.

You are strongly encouraged to read TWiki.TWikiUserAuthentication, TWiki:TWiki.TWikiUserAuthenticationSupplement, and TWiki:TWiki.SecuringTWikiSite for further information about managing users and security of your TWiki site.

Set TWiki Preferences

Preferences for customizing many aspects of TWiki are set simply by editing a special topic with TWiki.

Edit TWiki.TWikiPreferences. Read through it and set any additional settings you think you might need. (You can click the 'Edit' button near the top to edit the settings in place).
Alternately, you can copy any settings or variables that you want to customize from TWiki.TWikiPreferences and paste them into Main.TWikiPreferences. This will protect your local customizations from being overwritten in later upgrades. See notes at top of TWiki.TWikiPreferences for more information.

Enable Email Notification

Each TWiki web has an automatic email notification service that sends you an email with links to all of the topics modified since the last alert. To enable this service:

Confirm the Mail and Proxies settings in the Configure interface.
Setup a cron job (or equivalent) to call the bin/mailnotify script as described in the TWiki.MailerContrib topic.

Enable WebStatistics

You can generate a listing manually, or on an automated schedule, of visits to individual pages, on a per web basis. For information on setting up this feature, see the TWiki.TWikiSiteTools topic.

Automate removal of expired sessions and lease files

Per default TWiki cleans out expired session and lease files each time any topic is viewed. This however cost performance. It is an advantage to define a negative value in configure for {Sessions}{ExpireAfter} and install let cron run the tools/tick_twiki.pl script. Read The topic TWikiScripts#tick_twiki_pl for details how to do this.

Enable Localisation

TWiki now supports displaying of national (non-ascii) characters and presentation of basic interface elements in different languages. To enable these features, see the Localisation section of configure. For more information about these features, see TWiki:TWiki.InternationalizationSupplement.

Tailor New Users Home Topic

When a new users registers on your TWiki a home topic is created for him based on the TWiki/NewUserTemplate template topic. This can be tailored. It contains additional resources you can use to:

Localise the user topic.
Add a default ALLOWTOPICCHANGE so only the user can edit his own home topic. We do not encourage this for Intranet sites as it sends a wrong signal to new users, but it can be necessary on a public TWiki to avoid that the user topics get spammed.

Install Plugins

TWiki:Plugins is an extensive library of Plugins for TWiki, that enhance functionality in a huge number of ways. A few plugins are pre-installed in the TWiki distribution. For more information on these, see TWiki.InstalledPlugins.

You activate installed plugin in the Plugins section of configure. In this section you also find a Find More Extensions button which opens an application which can install additional plugins from the TWiki.org website. If you are behind a firewall or your server has no access to the Internet it is also possible to install plugins manually. Manual installation instructions for the plugins can be found in the plugin topics on TWiki.org. Additional documenation on TWiki plugins can be found at TWiki:TWiki.TWikiPluginsSupplement.

Some plugins require that you define their settings in configure. You fill find these under the Extensions section of configure.

Customize your TWiki!

The real power of TWiki lies in it's flexibility to be customized to meet your needs. A good place to start for exploring what's possible is TWiki:TWiki.TWikiAdminCookBook which offers tips and tricks for customizing your TWiki site. Many of these are appropriate to implement immediately after installing TWiki and before adding content so now's a good time to look at these. If you would like to customize the look of your TWiki, see TWiki:TWiki.TWikiSkinsSupplement.

Troubleshooting

The first step is to re-run the configure script and make sure you have resolved all errors, and are satisfied that you understand any warnings.

Failing that, please check TWiki:TWiki.InstallingTWiki on TWiki.org, the supplemental documentation that help you install TWiki on different platforms, environments and web hosting sites. For example:

For Unix or Linux, check TWiki:Codev.TWikiOnUnix and TWiki:Codev.TWikiOnLinux.
For Windows, check the TWiki:Codev.WindowsInstallCookbook.
For MacOS X, check TWiki:Codev.TWikiOnMacOSX.

It is also advisable to review TWiki:Codev.KnownIssuesOfTWiki04x01.

If you need help, ask a question in the TWiki:Support web or on TWiki:Codev/TWikiIRC (irc.freenode.net, channel #twiki)

Appendixes

TWiki System Requirements

Low client and server base requirements are core features that keep TWiki widely deployable, particularly across a range of browser platforms and versions.

Server Requirements

TWiki is written in Perl 5, uses a number of shell commands, and requires RCS (Revision Control System), a GNU Free Software package. TWiki is developed in a basic Linux/Apache environment. It also works with Microsoft Windows, and should have no problem on any other platform that meets the requirements.

Resource	Required Server Environment
Perl	5.8.4 or higher is recommended
RCS	5.7 or higher (including GNU `diff`) Optional, TWiki includes a pure perl implementation of RCS that can be used instead (although it's slower)
GNU `diff`	GNU `diff` 2.7 or higher is required when not using the all-Perl RcsLite? . Install on PATH if not included with RCS (check version with `diff -v`) Must be the version used by RCS, to avoid problems with binary attachments - RCS may have hard-coded path to `diff`
Other external programs	`fgrep, egrep`
Cron/scheduler	• Unix: `cron` • Windows: `cron` equivalents
Web server	Apache is well supported; for information on other servers, see TWiki:TWiki.InstallingTWiki#OtherWebServers.

Required CPAN Modules

The following Perl CPAN modules are used by TWiki:

Module	Preferred version
Algorithm::Diff (included)
CGI::Carp	>=1.26
Config	>=0
Cwd	>=3.05
Data::Dumper	>=2.121
Error (included)
File::Copy	>=2.06
File::Find	>=1.05
File::Spec	>=3.05
FileHandle?	>=2.01
IO::File	>=1.10
Text::Diff (included)
Time::Local	>=1.11

Optional CPAN Modules

The following Perl modules may be used by TWiki:

Module	Preferred version	Description
Archive::Tar		May be required by the Extensions Installer in configure if command line tar or unzip is not available
CGI::Cookie	>=1.24	Used for session support
CGI::Session	>=3.95	Highly recommended! Used for session support
Digest::base
Digest::SHA1
Jcode		Used for I18N support with perl 5.6
Locale::Maketext::Lexicon	>=0	Used for I18N support
Net::SMTP	>=2.29	Used for sending mail
Unicode::Map		Used for I18N support with perl 5.6
Unicode::Map8		Used for I18N support with perl 5.6
Unicode::MapUTF8		Used for I18N support with perl 5.6
Unicode::String		Used for I18N support with perl 5.6
URI		Used for configure

Most of them will probably already be available in your installation. You can check version numbers with the configure script, or if you're still trying to get to that point, check from the command line like this:

perl -e 'use FileHandle; print $FileHandle::VERSION."\n"'

Client Requirements

The TWiki standard installation has relatively low browser requirements:

HTML 3.2 compliant
Cookies, if persistent sessions are required

CSS and Javascript are used in most skins, although there is a low-fat skin (Classic skin) available that minimises these requirements. Some skins will require more recent releases of browsers. The default skin (Pattern) is tested on IE 6, Safari, and Mozilla 5.0 based browsers (such as Firefox).

You can easily select a balance of browser capability versus look and feel. Try the installed skins at TWiki/TWikiSkinBrowser and more at TWiki:Plugins.SkinPackage.

Important note about TWiki Plugins

Plugins can require just about anything - browser-specific functions, stylesheets (CSS), Java applets, cookies, specific Perl modules,... - check the individual Plugin specs.
- Note: Plugins included in the TWiki distribution do not add requirements, except for the CommentPlugin which requires Perl 5.6.1.

Notes on Installing TWiki on Non-Root Account

The following supplemental notes to the Basic Installation instructions apply to installing TWiki on a system where you don't have Unix/Linux root (administrator) privileges, for example, on a hosted Web account or an intranet server administered by someone else.

Referring to the Basic Installation steps presented above:

Step 2: If you cannot unpack the TWiki distribution directly in your installation directory, you can unpack the distribution on your local PC and then manually create the directory structure on your host server and upload the files as follows:
- Using the table below, create a directory structure on your host server
- Upload the TWiki files by FTP (transfer as text except for the image files in pub directory.)
- Note: Don't worry if you are not able to put the twiki/lib directory at the same level as the twiki/bin directory (e.g. because CGI bin directories can't be under your home directory and you don't have root access). You can create this directory elsewhere and configure the twiki/bin/setlib.cfg file (done in Step 2).

TWiki dir: What it is: Where to copy: Example:

twiki start-up pages root TWiki dir /home/smith/twiki/

twiki/bin CGI bin CGI-enabled dir /home/smith/twiki/bin

twiki/lib library files same level as twiki/bin /home/smith/twiki/lib

twiki/locale language files dir secure from public access /home/smith/twiki/locale

twiki/pub public files htdoc enabled dir /home/smith/twiki/pub

twiki/data topic data dir secure from public access /home/smith/twiki/data

twiki/templates web templates dir secure from public access /home/smith/twiki/templates

twiki/tools TWiki utlilities dir secure from public access /home/smith/twiki/tools

TWiki dir:	What it is:	Where to copy:	Example:
`twiki`	start-up pages	root TWiki dir	`/home/smith/twiki/`
`twiki/bin`	CGI bin	CGI-enabled dir	`/home/smith/twiki/bin`
`twiki/lib`	library files	same level as `twiki/bin`	`/home/smith/twiki/lib`
`twiki/locale`	language files	dir secure from public access	`/home/smith/twiki/locale`
`twiki/pub`	public files	htdoc enabled dir	`/home/smith/twiki/pub`
`twiki/data`	topic data	dir secure from public access	`/home/smith/twiki/data`
`twiki/templates`	web templates	dir secure from public access	`/home/smith/twiki/templates`
`twiki/tools`	TWiki utlilities	dir secure from public access	`/home/smith/twiki/tools`

Step 3: Files in the pub directory must be readable as a url. This means that directory permissions should be set to 755 (or 775 ) and file permissions should be set to 644 (or 664). If you can run a chmod command, you can accomplish this in two quick steps by running these commands from the root direct:
- chmod -R 755 pub
- chmod 644 `find pub -type f -print`
- In addition, you should create a .htaccess file in the pub directory, using the template included in the root level of the distribution entitled pub-htaccess.txt.
- Note: This setup does not provide for absolute security for TWiki attachments. For more information, see TWiki:Codev.SecuringYourTWiki.

Step 6: In order to run the configure script, create a file called .htaccess in the bin directory that includes the following single line: SetHandler cgi-script . This informs the server to treat all the perl scripts in the bin directory as scripts.

For additional information about installing TWiki on a hosted accounts, see TWiki:TWiki.InstallingTWiki#WebHostingSites

Installing Manually Without Configure

It is highly recommended to use run configure from the browser when setting up TWiki. Configure does a lot of the hard work for you.

But there may be instances where you do not want to use configure or where configure simply won't run because of a missing dependency.

The manual steps you have to take are:

Copy the file lib/TWiki.spec to lib/LocalSite.cfg
Remove the comment # in front of $TWiki::cfg{DefaultUrlHost}, $TWiki::cfg{ScriptUrlPath}, $TWiki::cfg{PubUrlPath}, $TWiki::cfg{PubDir}, $TWiki::cfg{TemplateDir}, $TWiki::cfg{DataDir}, $TWiki::cfg{LocalesDir}, and $TWiki::cfg{OS} and make sure these settings have the correct values.
Make sure to define at least these settings: $TWiki::cfg{LoginManager}, $TWiki::cfg{WebMasterEmail}, $TWiki::cfg{SMTP}{MAILHOST}, $TWiki::cfg{SMTP}{SENDERHOST}.

Related Topics: AdminDocumentationCategory, TWiki:TWiki.InstallingTWiki