Page MenuHomePhabricator

Try to migrate and upgrade on server intreccio
Closed, ResolvedPublic

Assigned To
Authored By
Jun 14 2022, 12:51 PM
Referenced Files
"Love" token, awarded by Marta_Arosio."Meh!" token, awarded by dario.crespi.wmit."Party Time" token, awarded by valerio.bozzolan.


NOTE: This is volunteer activity. Please be nice with us.

Historical context

Hoping to support our glorious volunteer Gvf who has been hosting for free (as in beer and as in freedom) at his own expense for years and who always asked for some help in solving many problems,

In order to do T268515: Upgrade from 1.26.4 to latest LTS it would be optimal to be able to create databases, but in the current server we have not that privilege.

Since we are trying to support the epic volunteer who hosts this site since years, and since we do not want to fill Gvf with things to do, a reasonable thing to do is to try to make an initial transfer from that volunteer's server to the Wikimedia Italia's server called intreccio, so there are 0% possibilities to create more unwanted workload for him.

Wiki migration and upgrade

The webmaster in charge (eme) of basic interventions on the server intreccio suggested that server for this migration, since its CPU load is usually ~0.12.

This migration is absolutely not destructive. When concluded, we can just do a DNS change.

Now we will notify the WMIT tech list by saying not to try to update, since we are already doing this elsewhere.

  • do a first transfer of everything on another server (wmit-intreccio)
  • run update.php successfully to 1.35 T268515
  • drop the Lockdown extension and migrate to $wgWhitelistReadRegexp
  • successfully fix of T306587: Infoleak on due to CVE-2021-44858 and Lockdown
  • successfully adoption of extension Echo
  • successfully adoption of extension Thanks T270148
  • successfully adoption of extension Graph T311179
  • update all extensions (breaking changes: WikiEditor, PdfHandler, Cite ..)
  • install VisualEditor
  • adopt VisualEditor with loopback "http" requests instead of "https"
  • test of known VisualEditor potential issues T270456
    • when not logged-in, /rest.php/ gives 403 rest-read-denied correctly
  • successfully upload file with weird accents T269237
  • @dario.crespi.wmit is happy
  • deploy DNS pointing to to allow everyone to test (by M/)
  • start test period (notes:
  • proposed the final migration E1545: Proposed epic final migration and update of
  • announce the final migration
  • put the legacy wiki in read-only mode
  • final database migration from production (ext. 10 minutes) (mysqldump via secret PHP page + import)
  • final filesystem /images migration from production (ext. 1H) (ftps without shell - rsync not available)
    • completed in 1m5.9s
  • final upgrade (ext. 5 minutes)
  • test everything again (
  • DNS change (ext. 25 minutes) (by user M/)
  • new DNS available worldwide


Proposed $wgWhitelistReadRegexp:

$wgWhitelistReadRegexp = [
  '/^[^:]*$/',     // main namespace
  '/^Categoria:/', // Category:
  '/^Category:/',  // Category:
  '/^File:/',      // File:
  '/^Template:/',  // Template
  '/^Utente:/',    // User:
  '/^User:/',      // User:

  //      '/^Speciale:Ricerca/'

Proposed workaround for VisualEditor redirecting traffic:

* Fix VisualEditor loopback connections intended in http:// but redirecting to https://
( function() use ( &$wgHooks, &$wgForceHTTPS ) {
    $ip = $_SERVER['REMOTE_ADDR'] ?? null;
    if( $ip && $ip === '' ) {
        $wgForceHTTPS = false;
        $wgHooks['SessionMetadata'][] = function( $backend, &$metadata, $requests ) {
            if( $backend->forceHTTPS() ) {
                $backend->setForceHTTPS( false );
} )();

Notable Debian packages installed:


The images can be pulled with rclone using:

# rclone sync -P wiki-gvf:/www/images /var/www/wikina/images
# chown www-data: -R                  /var/www/wikina/images


  • Isn't it a risk to have our two main sites on the same server intreccio? (By @Nemo_bis)
    • In the future it can certainly be moved to another position. At the moment we want to fix 3 risks: avoiding the burnout of our volunteer Gvf (avoid using his resources in terms of CPU, disk space, bandwidth and time); decrease the lottery factor (since on server intreccio is already possible to share SSH access to external consultants without causing problems to Gvf); and fix the reported security problems (T306587). (By @valerio.bozzolan)

How to Test

Thank you so much if you want to test this wiki before the final migration! If you want to try, visit this website:

Suggested tests:


Due Date
Aug 18 2022, 8:30 AM

Related Objects

Event Timeline

I tried a first transfer in /var/www/wikina using PHP FPM and a dedicated Unix user called wmit-wikina.

valerio.bozzolan updated the task description. (Show Details)

Whoa I was able to drop the Lockdown extension!

BTW if you see this:

Error from line 411 of extensions/WikiEditor/WikiEditor.hooks.php: Call to undefined method MagicWord::get()

Just update WikiEditor.

Additional note: our global JavaScript is borked since it tries to access wgUserGroup without caring whenever it exists or not.

valerio.bozzolan renamed this task from Try migrating on server intreccio to Try to migrate and upgrade on server intreccio.Aug 16 2022, 2:47 PM
valerio.bozzolan updated the task description. (Show Details)
valerio.bozzolan set Due Date to Aug 18 2022, 8:30 AM.