mediawiki.conf

# Set upload limit to 210MB to allow for larger file uploads
# NOTE: this limit is also enforced by php's limits, see /etc/php.ini
LimitRequestBody 220200960
# has to set to NoDecode so that the URLs with "/"(slash) can be accepted and applied to RewriteRule
AllowEncodedSlashes NoDecode

# for mod_remoteip to get real client IP
RemoteIPHeader X-Forwarded-For
#RemoteIPInternalProxy 127.0.0.1/8
# %a uses IP from mod_remoteip
LogFormat "%a %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined
CustomLog ${APACHE_LOG_DIR}/access.log combined

# Support for SSL, redirect HTTP to HTTPS and place in SSL stuff.
<IfModule ssl_module>
  <VirtualHost *:80>
    RewriteEngine On
    RewriteCond %{HTTPS} off
    RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
  </VirtualHost>

  <VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /etc/apache2/ssl.crt
    SSLCertificateKeyFile /etc/apache2/ssl.key
    SSLCertificateChainFile /etc/apache2/ssl.bundle.crt
  </VirtualHost>
</IfModule>

ProxyPass /api/rest_v1 ${RESTBASE_URL}/localhost/v1 nocanon
ProxyPassReverse /api/rest_v1 ${RESTBASE_URL}/localhost/v1 nocanon

<Directory /var/www/html>
  # Use of .htaccess files exposes a lot of security risk,
  # disable them and put all the necessary configuration here instead.
  AllowOverride None

  RewriteEngine On
  RewriteBase /
  # Expose REST API at /api/rest_v1/
  # "NE" is needed so that the correct URL encoding such as "%2F" (slash) being passed to backend correctly
#  RewriteCond %{ENV:RESTBASE_URL} "!^restbase-is-not-specified$"
#  RewriteRule ^api/rest_v1/(.*)$  %{ENV:RESTBASE_URL}/localhost/v1/$1  [P,L,NE]
#  RewriteRule ^w/(.*)$ %{DOCUMENT_ROOT}/$1 [L]
  # Short url for wiki pages
  RewriteRule ^wiki/(.*)?$ %{DOCUMENT_ROOT}/index.php [L]
  RewriteRule ^wiki$ /wiki/ [R,L]

  # Redirect / to Main Page
  # RewriteRule ^$ /wiki/ [R,L]

  RewriteEngine On
  RewriteBase /
  RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
  RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
  RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/index.php [L]

  RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
  RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
  RewriteRule ^/?images/thumb/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/thumb.php?f=$1&width=$2 [L,QSA,B]

  RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-f
  RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
  RewriteRule ^/?images/thumb/archive/[0-9a-f]/[0-9a-f][0-9a-f]/([^/]+)/([0-9]+)px-.*$ %{DOCUMENT_ROOT}/thumb.php?f=$1&width=$2&archived=1 [L,QSA,B]
</Directory>

<Directory /var/www/html/images>
  # Ignore .htaccess files
  AllowOverride None

  # Serve HTML as plaintext, don't execute SHTML
  AddType text/plain .html .htm .shtml .php

  # Don't run arbitrary PHP code.
  php_admin_flag engine off
</Directory>

# Protect risky directory from abuse
<Directory /var/www/html/cache/>
  Deny from all
</Directory>
<Directory /var/www/html/includes/>
  Deny from all
</Directory>
<Directory /var/www/html/languages/>
  Deny from all
</Directory>
<Directory /var/www/html/maintenance/>
  Deny from all
</Directory>
<Directory /var/www/html/maintenance/archives/>
  Deny from all
</Directory>
<Directory /var/www/html/serialized/>
  Deny from all
</Directory>
<Directory /var/www/html/tests/>
  Deny from all
</Directory>
<Directory /var/www/html/tests/qunit/>
  Allow from all
</Directory>