Hi Folks, After LOTS of research, we have decided to seriously explore XWiki; one feature in particular (among many) that stands out is the support for *annotation*. We like the idea of a "*second generation Wiki*" (especially after some extensive experience with MediaWiki and Confluence). Right now the biggest *hurdle is getting a successful install*. We have ready a large number of documents, but have now run out of insights. *TARGET SYSTEM*: VPS running 42.1 OpenSUSE Linux (RPM-based). Latest MySQL (actually MariaDB), Java, Apache etc. Currently a CRM system (PHP-based) and an accounting system (PostBooks) running. *CHALLENGE*: Tomcat and the WAR file. *SPECIFIC QUESTION: What is the best documentation that would enable us to very systematically install and configure XWiki? * /Especially in a non-deb environment. And with details concerning e.g. "ports". Widespread adoption will be encouraged when technically savvy individuals and small teams can try XWiki without having a sysadmin as a permanent team member. / We have voted for a *Bitnami *XWiki stack package. But we don't want to wait! Thanks for any pointers! -- View this message in context: http://xwiki.475771.n2.nabble.com/Detailed-XWiki-Install-Info-For-RPM-Based… Sent from the XWiki- Users mailing list archive at Nabble.com.

On Apr 28, 2017, at 9:09 PM, Douglas Landau &lt;DouglasL(a)westmarine.com&gt; wrote: John, As far as I know it might be my own instructions. :-) They will get you a successful install/running MySQL+XWiki-8.4.4(WAR)+Tomcat+NGINX on CentOS-7. But my own XWiki is still under construction and there are at least a few loose ends left to be addressed before I can announce it. For example: - I got LDAP auth working and yesterday I got, at length, XWiki-group-sync-from-AD working. So now when I log in using my AD credentials, because I'm in the Admins AD group, I am a member of the XWikiAdminGroup group. I don't know if there is anything special built-in to that group, or if it's just a name chosen as an example. I see it has full rights to some pages and not others and now don't remember if I granted the ones that exist, or if it came that way. In any case I made a lot of groups yesterday and now cannot remove some. Maybe all, not sure. I can add them but if I remove them and then refresh they come back, and I get this in the logs: 2017-04-28 12:31:41,492 [http://dwswiki10.westmarine.net:8080/xwiki/bin/admin/XWiki/XWikiPreferences…] WARN o.x.c.i.DefaultCSRFToken - CSRFToken: Secret token verification failed, token: "whLkhIQlmWnx4c7FHacGdA", stored token: "mdkkxCCQAFB4fwoqoceMYw" - I don't have usable startup and shutdown scripts working. The files are owned by the user xwiki and to run as the same user I've been starting and stopping it with "cd /data/tomcat; sudo -u xwiki bin/startup.sh" and "sudo -u xwiki bin/shutdown.sh". The Tomcat docs say to use jsvc but their example doesn't pick up bin/setenv.sh, and blah blah blah. I guess I need to merge that script into the suggested jsvc usage, and then use the option that switches who it's running as, even tho I don't need to do this stuff to make it run on port 80, I just want it to run as xwiki. I guess I'll just let NGINX run as root, not sure yet. - The HTTP -> HTTPS redirection doesn't seem to work as I expected/would like and I'm not sure I'm doing it right. I have this in my xwiki.cfg: xwiki.url.protocol=https ...but I'm not sure that's the right way to go about it. I see the bit on the XWiki InstallationTomcat page about Let's Encrypt but glanced at that page and it seemed like it was about creating certs and didn't understand how it relates. Today my NGINX is not working; not sure why. It -was-. Last week I stuck this in there: return 301 https://$host$request_uri; ... but now it's commented out. Think I got it from https://www.bjornjohansen.no/redirect-to-https-with-nginx which makes it sound great but I then commented it out and don't remember why. Seems to me that the best place for the redirection to happen would be at the NGINX layer. - There is a "server" section for port 80 and another for 443 in conf/nginx.conf. As per the InstallationTomcat page I added the dir conf.d and inside it tomcat.conf, with similar sections. I dunno if I should go and comment out the server sections in conf/nginx.conf. - I get this error in catalina.out, and dunno why or what I'm going to do: 27-Apr-2017 19:00:57.513 INFO [main] org.apache.catalina.startup.VersionLoggerListener.log Command line argument: -XX:MaxPermSize=192m OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=192m; support was removed in 8.0 ... if I remember correctly, wherever it was I saw that, that place said it was important! Oh yeah, it too was on this page: http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat - I get this message in the logs and dunno what to do about it: 27-Apr-2017 14:56:48.633 SEVERE [localhost-startStop-2] org.apache.catalina.loader.WebappClassLoaderBase.checkThreadLocalMapForLeaks The web application [xwiki] created a ThreadLocal with key of type [java.lang.ThreadLocal] (value [java.lang.ThreadLocal@38058fb1]) and a value of type [java.util.Stack] (value [[org.xwiki.context.ExecutionContext@c0f4827]]) but failed to remove it when the web application was stopped. Threads are going to be renewed over time to try and avoid a probable memory leak. I get these in my logs and dunno what to do about it: 27-Apr-2017 22:02:09.501 INFO [localhost-startStop-1] org.apache.jasper.servlet.TldScanner.scanJars At least one JAR was scanned for TLDs yet contained no TLDs. Enable debug logging for this logger for a complete list of JARs that were scanned but no TLDs were found in them. Skipping unneeded JARs during scanning can improve startup time and JSP compilation time. - I get this in my logs and don't understand it... I dunno what java.library.path is, all I know is this: 27-Apr-2017 14:43:24.720 INFO [main] org.apache.catalina.core.AprLifecycleListener.lifecycleEvent The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib ... I don't understand it, all I know is: [root@dwswiki10 tomcat]# which java /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64/jre/bin/java Setting JAVA_HOME in this way: export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::") ...yields this: [root@dwswiki10 tomcat]# echo $JAVA_HOME /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.121-0.b13.el7_3.x86_64/jre/ I'm procrastinating dealing with these issues at the moment and starting to try to push the UI into shape. I think our old wiki was using the spaces extension, or is it a macro, and that's no longer the correct thing to do, now that nested pages have replaced spaces, I guess... Vincent says, on the spaces extension page, to use the Document Tree macro instead, so I guess I'll install that now and try using it. Finally, looking at them today, I see a few places where the instructions need minor editing: - I say something about xwiki.preferences.redirect but am not sure if I should have that in there or not, part of my http->https redirection confusion - I set the "permanentDirectory" setting in xwiki.properties to get the attachments out of the DB and out of the application tree. I don't see that mentioned in the instructions. Before I set it, I did fire up the wiki, so there was stuff that needed to be moved, and when I moved it, and restarted, I had brought some problems down upon myself. I struggled with it for a short while and then started over by removing the xwiki database, recreating it, and repeating the setup I had done to that point. Anyway I have to get that into the doc. - I no longer think that the JAVA_HOME needs to be set in anyone's .bashrc; that is now done in setenv.sh. With that said, here are my own instructions: -Doug -------------------------------------- There are five parts: Hardware/OS MySQL AppServer XWiki NGINX Hardware/OS Start by deploying a VM from the CentOS-7.2 template on vcenter01 Power on the new clone and log in as anchor # sudo su - # yum -y update Add the following lines to root's .bashrc, to anchor's .bashrc, and to the .bashrc of the xwiki user: export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::") export PATH=$JAVA_HOME/bin:$PATH Prepare the Volume Edit I am installing everything on a new disk, which is mounted at /data. The volume will be owned by anchor. This was necessary for some unknown reason for the MySQL installation to work. I don't know why. It doesn't appear to put anything outside of the install dir, /data/mysql. But I had to nonetheless. # chown anchor:anchor /data Install MySQL Edit See https://dev.mysql.com/doc/refman/5.7/en/source-installation.html Create the user # groupadd mysql # useradd -r -g mysql -s /bin/false mysql While we are at it we may as well go ahead and make the xwiki user at this time: # groupadd -r xwiki # useradd -r -g xwiki -s /bin/false xwiki Unpack MySQL source As anchor, cd to $HOME, and unpack the MySQL 5.7 source from /opt: anchor$ cd anchor$ tar zxvf /opt/soft/mysql-5.7.17.tar.gz anchor$ mkdir bld anchor$ cd bld Install Boost Library Before you can configure and build MySQL you must install Boost in /usr/local/boost_1_59_0. See https://dev.mysql.com/doc/refman/5.7/en/source-installation.html 1. Untar the boost 1.59_0 from /opt/soft: anchor$ pushd /usr/local anchor$ tar zxvfp /opt/soft/boost_1_59_0.tar.gz 2. I don't remember how I figured this out, but I had to place the tarball inside the unpacked directory: anchor$ cp !$ boost_1_59_0 3. I also had to open up the permissions on the files and directories in the boost installation, /usr/local/boost_1_59_0, which were owned by root, but I'm building as anchor, and when unpacked, there were no read or search permissions for group or others on the subdirectories. $ sudo su - # cd /usr/local # chgrp -R anchor boost_1_59_0 # chmod g+w /usr/local/boost_1_59_0 # cd boost_1_59_0 # find . -type d | xargs chmod g+rx # find . -type f | xargs chmod g+rw # find . -type d | xargs chmod o+rx Build MySQL Now we can get back to configuring and building MySQL: $ cmake ../mysql-5.7.17 -DWITH_BOOST=/usr/local/boost_1_59_0 -DCMAKE_INSTALL_PREFIX=/data/mysql $ make $ make test Install MySQL See https://dev.mysql.com/doc/refman/5.7/en/installing-source-distribution.html As root: Place these lines in /etc/my.cnf: basedir=/data/mysql max_allowed_packet=32M Give these commands: # cd /data # chown anchor:anchor . # chmod 775 . # cd /home/anchor/bld # make install # cd /data/mysql # chown -R mysql . # bin/mysqld --user=mysql --initialize # bin/mysql_ssl_rsa_setup # chgrp -R mysql data # bin/mysqld_safe --user=mysql & # cp support-files/mysql.server /etc/init.d/mysql # /etc/init.d/mysql start Set the password for root in MySQL # mysql -u -root -p Log in with the password for root that was given to you in the output of the steps above. You will see the message: "You must reset your password using the ALTER USER statement before executing this statement." mysql> ALTER USER 'root'@'localhost' IDENTIFIED BY 'crappypass'; This completes the MySQL installation. Create the XWiki Database See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationMySQL Finally, create the xwiki database and grant permissions accordingly: # mysql -u root -p mysql> create database xwiki default character set utf8 collate utf8_bin; mysql> grant all privileges on *.* to xwiki@localhost identified by 'badpass'; Should you make a mistake and not want to start completely over, you can drop the XWiki database and recreate it: # mysql -uroot -p -e "drop database xwiki; CREATE DATABASE xwiki CHARACTER SET utf8 COLLATE utf8_general_ci; GRANT ALL PRIVILEGES ON xwiki.* TO 'xwiki'@'localhost' IDENTIFIED BY 'password'; Install Tomcat Edit # cd /data # tar xvfp /opt/soft/apache-tomcat-9.0.0.M15.tar.gz # mv apache-tomcat-9.0.0.M15.tar.gz tomcat # chown -R xwiki:xwiki tomcat Configure Tomcat See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat # cd /data/tomcat # cp -rp conf conf.orig # cd conf Edit server.xml and find these lines in the default connector, the only one which is uncommented. Insert this line at line 71: URIEncoding="UTF-8" Install XWiki Edit See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat # cd tomcat # cd webapps # mkdir xwiki # cd xwiki # jar -xvf /opt/soft/xwiki-enterprise-web-8.4.4.war # cd .. # chown -R xwiki:xwiki xwiki # cd xwiki/WEB_INF/lib # cp /opt/soft/mysql-connector-java-5.1.40-bin.jar . # chown xwiki:xwiki mysql-conn* Configure XWiki Attachment Storage See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/Attachments # cd ../webapps/xwiki # cd WEB-INF # cp -p xwiki.cfg xwiki.cfg.orig Edit xwiki.cfg and add this line at line 93: xwiki.store.attachement.hint=file Add this line at line 100: xwiki.store.attachment.versioning.hint=file And at 107: xwiki.store.attachment.recyclebin.hint=file Configure XWiki to work with MySQL See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationMySQL Modify hibernate.cfg by commenting out the default database settings and uncommenting the MySQL section. Then modify the settings in theat section to match those shown here: # cp -p hibernate.cfg.xml hibernate.cfg.xml.orig Edit hibernate.cfg and set the following settings <property name="connection.url">jdbc:mysql://localhost/xwiki</property> <property name="connection.username">xwiki</property> <property name="connection.password">badpass</property> <property name="connection.driver_class">com.mysql.jdbc.Driver</property> <property name="dialect">org.hibernate.dialect.MySQL5InnoDBDialect</property> <property name="connection.useUnicode">true</property> <property name="connection.characterEncoding">UTF-8</property> Configure XWiki Policy Configuration See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat The Tomcat Security Manager is enabled to be by default. Add these lines to the bottom of /data/tomcat/conf/catalina.policy: grant codeBase "file:${catalina.base}/webapps/xwiki/WEB-INF/lib/-" { // for mySQL connection permission java.net.SocketPermission "127.0.0.1:3306", "connect,resolve"; // XWiki must have access to all properties in read/write permission java.util.PropertyPermission "*", "read, write"; // Generic detected permissions permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.lang.RuntimePermission "createClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.loader"; permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "getenv.ProgramFiles"; permission java.lang.RuntimePermission "getenv.APPDATA"; permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.catalina.connector"; permission java.lang.RuntimePermission "accessClassInPackage.org.apache.tomcat.util.threads"; permission java.lang.RuntimePermission "reflectionFactoryAccess"; permission java.lang.RuntimePermission "accessClassInPackage.com.sun.jmx.interceptor"; permission java.lang.RuntimePermission "accessClassInPackage.com.sun.jmx.mbeanserver"; permission java.lang.RuntimePermission "modifyThread"; permission java.lang.RuntimePermission "getProtectionDomain"; // JAXB permissions permission javax.xml.bind.JAXBPermission "setDatatypeConverter"; // Serialization related permissions permission java.io.SerializablePermission "allowSerializationReflection"; permission java.io.SerializablePermission "creator"; permission java.io.SerializablePermission "enableSubclassImplementation"; // Internal resources access permissions permission java.io.FilePermission "synonyms.txt", "read"; permission java.io.FilePermission "lang/synonyms_en.txt", "read"; permission java.io.FilePermission "quartz.properties", "read"; permission java.io.FilePermission "/templates/-", "read"; permission java.io.FilePermission "/skins/-", "read"; permission java.io.FilePermission "/resources/-", "read"; // MBean related permissions permission javax.management.MBeanServerPermission "createMBeanServer"; permission javax.management.MBeanPermission "*", "registerMBean"; permission javax.management.MBeanPermission "*", "unregisterMBean"; permission javax.management.MBeanTrustPermission "register"; permission javax.management.MBeanPermission "-#-[-]", "queryNames"; permission javax.management.MBeanServerPermission "findMBeanServer"; // LibreOffice/OpenOffice related permissions permission java.io.FilePermission "/opt/openoffice.org3/program/soffice.bin", "read"; permission java.io.FilePermission "/opt/libreoffice/program/soffice.bin", "read"; permission java.io.FilePermission "/usr/lib/openoffice/program/soffice.bin", "read"; permission java.io.FilePermission "/usr/lib/libreoffice/program/soffice.bin", "read"; // Allow file storage directory reading - for directory and everything underneath // This is dependent on the setting of environment.permanentDirectory in xwiki.properties permission java.io.FilePermission "${catalina.base}${file.separator}xwikidata${file.separator}", "read,write,delete"; permission java.io.FilePermission "${catalina.base}${file.separator}xwikidata${file.separator}-", "read,write,delete"; // Allow file storage directory reading - temporary directory and everything underneath // This is dependent on the setting of environment.temporaryDirectory in xwiki.properties. permission java.io.FilePermission "${catalina.base}${file.separator}temp${file.separator}", "read,write,delete"; permission java.io.FilePermission "${catalina.base}${file.separator}temp${file.separator}-", "read,write,delete"; }; Create Tomcat Environment Script See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat Put these lines in /data/tomcat/bin/setenv.sh: #!/bin/sh export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::") export PATH=$JAVA_HOME/bin:$PATH export JAVA_OPTS="${JAVA_OPTS} -Djava.awt.headless=true" export CATALINA_HOME=/data/tomcat CATALINA_OPTS="-Xmx1024m -XX:MaxPermSize=192m" # Use the Java security manager? (yes/no) #TOMCAT5_SECURITY= Make that file owned by xwiki, group xwiki. # chown xwiki:xwiki /data/tomcat/bin/setenv.sh Confirm File Ownership Once again make sure that -all- files under /data/tomcat are owned by xwiki, group xwiki: # cd /data/tomcat # chown -R xwiki:xwiki . Start and Initialize Edit See http://platform.xwiki.org/xwiki/bin/view/Features/DistributionWizard At this point, we should be able to start XWiki. We have no SSL, and no front-end yet, so we will have to hit it on port 8080. But now is the time to test and initialize it. The first time we run it, it will run its "Distribution Wizard", adding its default pages to the database, and setting up an admin user. Start XWiki as the user xwiki: # cd /data/tomcat # sudo -u xwiki bin/startup.sh Then surf to http://pwswiki10.westmarine.net:8080/xwiki. You will see a grey background and soon a white bar with the words "Initializing" followed by a quickly-changing percentage. When the percentage hits 100, the Distribution wizard will start. Enter admin for the admin user's first name, user for the last name, admin for the username, badpass for the password, which must be six letters or we'd just leave it at admin for now. Change it later. Enter your email for the email address. Click Continue. On the next screen install the default theme and main pages by clicking Install and then Continue to install the default theme/main pages. When the Distribution Wizard completes, you will be logged in as admin. Click Next through the guided tour. Increase Maximum Attachment Size Limit The maximum size of an attachment is limited by a configuration parameter in the XWikiPreferences document. It is set to about 32MB by default. To change it follow these steps: Go to http://<yourwiki>/xwiki/bin/edit/XWiki/XWikiPreferences?editor=object Click on the line that says XWikiPreferences 0 (right below the line that says Objects of type XWiki.XWikiPreferences (1)) and expand it Scroll down to the field that says Maximum Upload Size and change the number to whatever size you want (it is expressed in bytes) Scroll to the bottom and click "Save" Install PDF and LDAP Authentication Extensions Click on More applications on the left side of the home page. Click Install New Applications. Scroll down until you get to PDF Viewer Macro. Click Install and then Continue. When the PDF Viewer install finishes, scroll up a bit to LDAP Authenticator, and click on Install on Farm and then Continue to install it. When the LDAP Authenticator extension is finished installing, exit XWiki, and shut down tomcat # sudo -u xwiki bin/shutdown.sh Configure XWiki for LDAP Add the following to the bottom of xwiki.cfg: #------------------------------ # LDAP # xwiki.authentication.authclass=org.xwiki.contrib.ldap.XWikiLDAPAuthServiceImpl xwiki.authentication.ldap=1 xwiki.authentication.ldap.server=<server> xwiki.authentication.ldap.port=389 xwiki.authentication.ldap.bind_DN=westmarine\\{0} xwiki.authentication.ldap.bind_pass={1} xwiki.authentication.ldap.base_DN=dc=westmarine,dc=net xwiki.authentication.ldap.UID_attr=sAMAccountName xwiki.authentication.ldap.fields_mapping=last_name=name=sAMAccountName,last_name=sn,first_name=givenName,fullName=displayName,email=mail,ldap_dn=dn xwiki.authentication.ldap.update_user=1 xwiki.authentication.ldap.mode_group_sync=always xwiki.authentication.ldap.trylocal=1 Confirm LDAP operation Start tomcat and surf to xwiki. After it completes reloading (re-initializing), try logging in with your LDAP credentials. # sudo -u xwiki bin/startup.sh With LDAP now working, what remains is to enable SSL in Tomcat and in XWiki, and to install and configure NGINX as a front-end. Edit First, log out of XWiki and shut down Tomcat. # sudo -u xwiki bin/shutdown.sh Configure Tomcat for SSL # # Note: This part is commented out / not in use. # We are not currently configuring Tomcat for SSL; we have NGINX listen on 80 and 443 and talk to Tomcat on 8080 in both cases. # # # cd /data/tomcat # # cd conf # Edit server.xml and add these lines immediately below the line you already added which reads URIEncoding="UTF-8" : # secure="true" # scheme="https" # Configure XWiki for SSL Add this to the bottom of xwiki.cfg: # SSL xwiki.preferences.redirect At line 236, under the section URLs, add the line: xwiki.url.protocol=https Build and Install NGINX Edit NGINX requires the zlib-1.2.11 and pcre-8.40 sources. The digital signatures have already been verified on the copies that exist in /opt/soft. It is not necessary to build the packages. # su - anchor anchor$ tar zxvf /opt/soft/zip-1.2.11.tar.gz anchor$ tar zxvf /opt/soft/pcre-8.40.tar.gz anchor$ tar zxvf /opt/soft/nginx-1.10.3.tar.gz anchor$ cd nginx-1.10.3 anchor$ ./configure --prefix=/data/nginx --user=xwiki --group=xwiki --with-http_ssl_module --with-pcre=/home/anchor/pcre-8.40 --with-pcre-jit --with-zlib=/home/anchor/zlib-1.2.11 anchor$ make anchor$ exit # cd /home/anchor/nginx-1.10.3 # cd nginx-1.10.3 # make install # ls -l /data/nginx # cd /data/nginx Configure NGINX See http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationTomcat # cd /data/nginx # cd conf # cp nginx.conf nginx.conf.orig Configure conf/nginx.conf Edit nginx.conf and add this line before the closing curly brace: include ../conf.d/*.conf; Just above that, uncomment the lines of the section titled # HTTPS server. Inside that section: Place /data/nginx/keys/dwswiki10.westmarine.net.pem; as the value of ssl_certificate Place /data/nginx/keys/dwswiki10.westmarine.net.key; as the value of ssl_certificate_key Place SSL Certificates in NGINX CD up one level and make the keys/ dir and populate it with your new certificate and key for this host: # cd .. # mkdir keys # cp /tmp/pwswiki10.westmarine.net.pem keys # cp /tmp/pwswiki10.westmarine.net.key keys Create the new directory conf.d and populate it with tomcat.conf: # cd .. # mkdir conf.d # cd conf.d Create the file tomcat.conf with the following content: server { listen 80; server_name pwswiki10.westmarine.net; # Root to the XWiki application root /data/tomcat/webapps/xwiki; location / { #All "root" requests will have /xwiki appended AND redirected to mydomain.com again rewrite ^ $scheme://$server_name/xwiki$request_uri? permanent; } location ^~ /xwiki { # If path starts with /xwiki - then redirect to backend: XWiki application in Tomcat # Read more about proxy_pass: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 443; server_name pwswiki10.westmarine.net; # Root to the XWiki application root /data/tomcat/webapps/xwiki; location / { #All "root" requests will have /xwiki appended AND redirected to mydomain.com again rewrite ^ $scheme://$server_name/xwiki$request_uri? permanent; } location ^~ /xwiki { # If path starts with /xwiki - then redirect to backend: XWiki application in Tomcat # Read more about proxy_pass: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; } } Finally, make sure that all the files under /data/nginx are owned by xwiki, group xwiki: # chown -R xwiki:xwiki conf.d Start and stop NGINX: # cd /data/nginx; sbin/start # cd /data/nginx; sbin/nginx -s stop # Additional Documents Edit platform.xwiki.org/xwiki/bin/view/AdminGuide/Backup https://dev.mysql.com/doc/refman/5.7/en/installing-source-distribution.html http://platform.xwiki.org/xwiki/bin/view/AdminGuide/InstallationMySQL The information contained in this transmission may contain West Marine proprietary, confidential and/or privileged information. It is intended only for the use of the person(s) named above. If you are not the intended recipient, you are hereby notified that any review, dissemination, distribution or duplication of this communication is strictly prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message. To reply to our email administrator directly, please send an email to netadmin(a)westmarine.com.