MediaWiki API result

This is the HTML representation of the JSON format. HTML is good for debugging, but is unsuitable for application use.

Specify the format parameter to change the output format. To see the non-HTML representation of the JSON format, set format=json.

See the complete documentation, or the API help for more information.

{
    "batchcomplete": "",
    "continue": {
        "gapcontinue": "Stay_at_home_order",
        "continue": "gapcontinue||"
    },
    "warnings": {
        "main": {
            "*": "Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/postorius/lists/mediawiki-api-announce.lists.wikimedia.org/> for notice of API deprecations and breaking changes."
        },
        "revisions": {
            "*": "Because \"rvslots\" was not specified, a legacy format has been used for the output. This format is deprecated, and in the future the new format will always be used."
        }
    },
    "query": {
        "pages": {
            "244": {
                "pageid": 244,
                "ns": 0,
                "title": "Reference Of Most Commonly Used OpenSSL Commands",
                "revisions": [
                    {
                        "contentformat": "text/x-wiki",
                        "contentmodel": "wikitext",
                        "*": "= Creating Certificates =\n\n=== Private key ===\n\n<code>openssl genrsa -out private.key 4096</code>\n\nGenerates a private 4096 bit RSA key.\n\n=== Certificate Signing Request (CSR) for an existing private key ===\n\n<code>openssl req -new -key private.key -days 1825 -sha256 -out file.csr</code>\n\nGenerates a signing request with an sha256 signature. It also indicates to the signing authority that the issued certificate should be valid for 5 years.\n\n= Checking & Verifying =\n\n=== Certificate ===\n\n<code>openssl x509 -text -noout -in file.crt</code>\n\n=== Certificate Signing Request (CSR) ===\n\n<code>openssl req -verify -text -noout -in file.csr</code>\n\n=== Private Key ===\n\n<code>openssl rsa -check -text -noout -in file.key</code>\n\n=== Certificate Revocation List (CRL) ===\n\n<code>openssl crl -text -noout -in file.pem</code>\n\n= Hashing =\n\nOpenSSL can be used to generate a hash from standard input or create a hash for a file.\n\n=== Standard Input (stdin) ===\n\n<code>echo -n \"text to hash\" | openssl [[#Hash Algorithms|ALGORITHM]]</code>\n\n\nThe <code>-n</code> option makes sure that no trailing newline character is added to the text. \n\n=== File ===\n\n<code>openssl [[#Hash Algorithms|ALGORITHM]] FILE</code>\n\n=== Hash Algorithms ===\n\n{| class=\"wikitable\"\n|-\n! Possible values for ALGORITHM \n|-\n| md4\n|-\n| md5\n|-\n| mdc2\n|-\n| ripemd160\n|-\n| sha\n|-\n| sha1\n|-\n| ssh224\n|-\n| sha256\n|-\n| sha384\n|-\n| sha512\n|-\n| whirlpool\n|}\n\nPlease note that some of above hash algorithms are no longer safe for use.\n\n= Encrypting & Decrypting =\n\n{| class=\"wikitable\"\n|-\n! Option \n! colspan=\"2\" | Description\n|-\n| aes-256-cbc \n| colspan=\"2\" | the cipher used for encryption. To get a list of available ciphers: <code>openssl list-cipher-commands</code>\n|-\n| -d \n| colspan=\"2\" | option to tell openssl to decrypt\n|-\n| -a \n| colspan=\"2\" | generate base64 encoded output\n|-\n| -in \n| colspan=\"2\" | the input file\n|-\n| -out \n| colspan=\"2\" | the output file\n|-\n| rowspan=\"3\" | -pass \n! KEY \n! VALUE\n|-\n| pass\n| your password\n|-\n| file \n| the filename that contains the password\n|}\n\n'''Attention''':\n\n* If a password is specified on the command line, it will show up in the process list.\n* The option -salt is used by default, thus there's no need to specify it explicitly.\n\n== Encrypting ==\n\n<code>[[#Encrypting & Decrypting|openssl aes-256-cbc [-a] -in INPUT_FILE -out ENCRYPTED_FILE [-pass KEY:VALUE]]]</code>\n\n\nPlease note that <code>aes-256-cbc</code> is a short form of <code>enc -aes-256-cbc</code>. This means one can either use the cipher name as an option or write it as <code>enc -CIPHER</code>.\n\n'''Examples''':\n\nEncrypt a file (the password is read from standard input): \n\n<code>openssl aes-256-cbc -in unencrypted.txt -out file.enc</code>\n\nEncrypt a file with the password specified in a file named <code>mypassword.txt</code>:\n\n<code>openssl aes-256-cbc -in unencrypted.txt -out file.enc -pass file:mypassword.txt</code>\n\n== Decrypting ==\n\n<code>[[#Encrypting & Decrypting|openssl aes-256-cbc -d [-a] -in ENCRYPTED_FILE -out OUTPUT_FILE [-pass KEY:VALUE] [-md md5]]]</code>\n\n\n'''Attention''': One might receive an error with OpenSSL 1.1.0 when trying to decrypt data that was encrypted with OpenSSL 1.0.2. To solve this problem, use the <code>-md md5</code> flag to decrypt the data.\n\n'''Examples''':\n\nDecrypt a file with the password specified on the command line: \n\n<code>openssl aes-256-cbc -d -in file.enc -out unencrypted.txt -pass pass:mySuperSecretPassword</code>\n\nDecrypt a base64 encoded file:\n\n<code>openssl aes-256-cbc -d -a -in file.enc -out unencrypted.txt</code>\n\n= Debugging =\n\n=== Fingerprint ===\n\nIf you want to retrieve the fingerprint of a certificate, use the following command:\n\n<code>openssl x509 -noout -in file.crt -fingerprint -[[#Hash Algorithms|ALGORITHM]]</code>\n\n=== Connection Information ===\n\nTo verify the connection, the certificate chain, and the protocol and cipher negotiated, use the following:\n\n<code>openssl s_client -connect HOSTNAME:PORT</code>\n\nThe above command will stay in interactive mode until {{key press|Ctrl|C}} is pressed. If you want to return to the prompt right away (useful for scripting purposes) do this:\n\n<code>echo \"Q\" |openssl s_client -connect HOSTNAME:PORT</code>\n\n[[Category:OpenSSL]] [[Category:SSL/TLS]] [[Category:Article]]"
                    }
                ]
            },
            "297": {
                "pageid": 297,
                "ns": 0,
                "title": "Reverse Proxy setup for Cockpit with Apache (in a sub directory)",
                "revisions": [
                    {
                        "contentformat": "text/x-wiki",
                        "contentmodel": "wikitext",
                        "*": "== Introduction ==\n\nThe task: run Cockpit in a sub directory e.g. <code><nowiki>https://example.com/cp/</nowiki></code>\n\nIt should have been simple enough, but once again the Internet has failed me. All articles that I had found only explained how to setup a reverse proxy in a separate virtual host in the document root of the server. This was not what I wanted. None of the articles had all the moving parts that would have allowed me to extrapolate a config that worked.\n\n== Cockpit ==\n\n[https://cockpit-project.org Cockpit] is a web-based graphical interface for servers. While I usually work on the command line, there are a few situations in which my much preferred ssh session won't do. (e.g. sitting in front of a locked down client system with no access to the command line.)\n\nI just wanted to have it available for emergencies if all else fails, but I didn't want to set it up in a separate virtual host and neither in the document root of said virtual host.\n\nThe documentation of the web service specifically mentions that one can't use <code>/cockpit/</code> or <code>/cockpit+</code> as a sub directory, because they are reserved. I still think it is possible, but I just chose another sub directory: <code>/cp/</code>\n\n=== <code>/etc/cockpit/cockpit.conf</code> ===\n\n<pre>\n[WebService]\nOrigins = https://example.com http://127.0.0.1:9090\nProtocolHeader = X-Forwarded-Proto\nAllowUnencrypted = true\nUrlRoot = /cp/\n</pre>\n\nDon't forget to restart the service.\n\n== Reverse Proxy setup ==\n\nThe following Apache directives will configure the reverse proxy.\n\n<syntaxhighlight lang=\"apache\">\nProxyPreserveHost       On\nProxyRequests           Off\n\nSSLProxyVerify          None\nSSLProxyCheckPeerCN     Off\nSSLProxyCheckPeerName   Off\nSSLProxyCheckPeerExpire Off\n\n# allow for upgrading to websockets\nRewriteEngine On\nRewriteCond %{HTTP:Upgrade}    =websocket [NC]\nRewriteRule /cp/(.*)           ws://127.0.0.1:9090/cp/$1 [P,L]\nRewriteCond %{HTTP:Upgrade}    !=websocket [NC]\nRewriteRule /cp/(.*)           http://127.0.0.1:9090/cp/$1 [P,L]\n\n# Proxy to your local cockpit instance\nProxyPass        /cp/          http://127.0.0.1:9090/cp/\nProxyPassReverse /cp/          http://127.0.0.1:9090/cp/\n</syntaxhighlight>\n\nIf you want to use TLS behind the reverse proxy, you will have to replace <code>http</code> with <code>https</code>, and <code>ws</code> with <code>wss</code>.\nFurthermore the <code>SSLProxy</code> directives must be removed.\n\nIn the Cockpit configuration, you will also have to concatenate the full chain and the key, and put the resulting file in the <code>/etc/cockpit/ws-certs.d</code> directory. \n\n[[Category:Apache]] [[Category:Article]]"
                    }
                ]
            }
        }
    }
}