[media]
; User/Group
user = nginx
group = nginx
; Socket
listen = /run/php-fpm/media.sock
listen.acl_users = nginx
listen.allowed_clients = 127.0.0.1
; Process Management
pm = ondemand
pm.max_children = 4
pm.process_idle_timeout = 30
; Fedora php.ini Defaults
php_value[session.save_handler] = "files"
php_value[session.save_path] = "/var/lib/php/session"
; General
php_value[date.timezone] = "America/New_York"
php_value[max_execution_time] = "200"
php_value[memory_limit] = "512M"
php_value[post_max_size] = "100M"
php_value[upload_max_filesize] = "20M"
php_value[max_file_uploads] = "100"
; End
===== FastCGI =====
sudo -e '/etc/nginx/default.d/media.conf'
# PHP-FPM
location ~ \.(php|phar)(/.*)?$ {
fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
fastcgi_intercept_errors on;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php-fpm/media.sock;
}
===== Server Block =====
* 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs
sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync
server {
listen '443' 'ssl' 'http2';
server_name 'media.realmofespionage.xyz';
root '/var/www/media';
index 'index.php';
include '/etc/nginx/default.d/media.conf';
include '/etc/nginx/default.d/headers.conf';
# add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
# add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
# access_log /var/log/nginx/media-access.log;
# error_log /var/log/nginx/media-error.log;
location / {
index index.php;
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite ^/picture((/|$).*)$ /picture.php$1 last;
rewrite ^/index((/|$).*)$ /index.php$1 last;
rewrite ^/i((/|$).*)$ /i.php$1 last;
}
}
====== Initial Setup ======
* https://media.realmofespionage.xyz
====== Settings ======
* :!: Using a long password with symbols passed setup fine, but failed to log-in later; use less-complex password
* :!: Use a relay or bogus email address during account creation to protect against potential spam ((the webmaster URL in the footer shows the email in plaintext and looks tasty to bots))
* :!: Disable ''Allow user registration'' **immediately** under Configuration -> Options -> General -> Permissions
* Seemingly have to enable ''Activate comments'' in order to prevent broken CSS on the bottom of image pages, but can uncheck ''Comments for all'' so that nobody public can leave comments
* Activate Boostrap Darkroom theme
===== Page Banner =====
****
Tech, hardware, food, nature, and gaming pictures and videos!
===== config.inc.php =====
* [[https://piwigo.org/forum/viewtopic.php?pid=159584#p159584|nginx Rewrite source]]
* [[https://piwigo.org/forum/viewtopic.php?pid=179504#p179504|Video Uploading source]]
* [[https://github.com/Piwigo/Piwigo/blob/master/include/config_default.inc.php|More Settings]]
sudo -u 'nginx' -e '/var/www/media/local/config/config.inc.php' && sudo restorecon -F -I -R '/var/www/media/local/config/config.inc.php'
'Realm of Espionage',
'https://wiki.realmofespionage.xyz' => 'RoE | Wiki',
'https://social.realmofespionage.xyz/profile/espionage724' => 'RoE | Social',
'https://blog.realmofespionage.xyz' => 'RoE | Blog',
'https://wiki.realmofespionage.xyz/personal:social_media' => 'Webmaster Info',
'https://wiki.realmofespionage.xyz/servers:nginx:piwigo' => 'Instance Configuration Notes',
);
// Video Uploading
$conf['upload_form_all_types'] = true;
$conf['file_ext'] = array_merge(
$conf['picture_ext'],
array('tiff', 'tif', 'mpg','zip','avi','mp3','ogg','pdf','webm','mp4')
);
// End
?>
====== Services ======
===== Updater =====
==== Service ====
sudo -e '/etc/systemd/system/media-up.service'
[Service]
User=nginx
Group=nginx
Type=oneshot
WorkingDirectory=/var/www/media
ExecStart='/usr/bin/git' -C '/var/www/media' pull origin 'master'
ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' pull origin 'master'
ExecStartPost='/usr/bin/sync'
==== Timer ====
* Every day at ''05:00:00''
sudo -e '/etc/systemd/system/media-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-up.timer' --now && sudo systemctl start 'media-up' && sudo systemctl status 'media-up' -l
[Unit]
Description=Piwigo Updater
After=network-online.target
Wants=network-online.target
[Timer]
OnCalendar=*-*-* 05:00:00
Persistent=true
[Install]
WantedBy=timers.target
===== Maintenance =====
==== Service ====
sudo -e '/etc/systemd/system/media-m.service'
[Service]
User=nginx
Group=nginx
Type=oneshot
ExecStart='/usr/bin/git' -C '/var/www/media' gc --aggressive --prune='all'
ExecStart='/usr/bin/git' -C '/var/www/media' fsck --full --strict
ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' gc --aggressive --prune='all'
ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' fsck --full --strict
ExecStartPost='/usr/bin/sync'
==== Timer ====
* ''01'' day of every month at ''05:20:00''
sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now && sudo systemctl start 'media-m' && sudo systemctl status 'media-m' -l
[Unit]
Description=Piwigo Maintenance
After=network-online.target
Wants=network-online.target
[Timer]
OnCalendar=*-*-01 05:20:00
Persistent=true
[Install]
WantedBy=timers.target
===== Backup =====
==== Files ====
=== Service ===
mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/media-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/media-fb.service'
[Service]
Type=oneshot
WorkingDirectory=/var/www
ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"'
ExecStartPost='/usr/bin/sync'
=== Timer ===
* ''01'' day of every month at ''05:35:00''
sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l
[Unit]
Description=Piwigo Files Backup
[Timer]
OnCalendar=*-*-01 05:35:00
Persistent=true
[Install]
WantedBy=timers.target
==== Database ====
=== Database Auth ===
sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/piwigo' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/auth/piwigo' && sudo chmod '600' '/var/lib/mysql/auth/piwigo' && sync
[mariadb-dump]
user=piwigo
password=x
=== Service ===
mkdir -p ~/'backups' && sudo mkdir -p '/var/lib/mysql/tmp' && sudo -e '/etc/systemd/system/media-db.service' && sudo sed -i 's/'CHANGEME'/'$USER'/g' '/etc/systemd/system/media-db.service'
[Service]
Type=oneshot
WorkingDirectory=/var/lib/mysql/tmp
ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql'
ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql'
ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"'
ExecStartPost='/usr/bin/sync'
=== Timer ===
* Every day at ''05:45:00''
sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l
[Unit]
Description=Piwigo Database Backup
After=mariadb.service
[Timer]
OnCalendar=*-*-* 05:45:00
Persistent=true
[Install]
WantedBy=timers.target
====== Backup ======
* Create backup archive on server and transfer to client computer
===== Server =====
==== Stop Services ====
****
sudo systemctl stop nginx php-fpm
==== Backup Folder ====
****
cd '/var/www' && sudo tar -cvzf ~/'piwigo-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'media' && cd ~ && sync
==== Backup Database ====
****
sudo mariadb-dump --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync
==== Start Services ====
****
sudo systemctl start nginx php-fpm
===== Client =====
==== Transfer Files To Client ====
****
scp espionage724@192.168.1.152:~/'piwigo-files-'*'.tar.gz' espionage724@192.168.1.152:~/'piwigo-database-'*'.sql' ~/'Downloads' && sync
====== Restore ======
===== Client =====
==== Uncompress Database ====
* This is only needed if restoring an **automated** database backup ((manual doesn't gzip))
gunzip ~/'Downloads/piwigo-database-'*'.sql.gz'
==== Transfer Files To Server ====
****
scp ~/'Downloads/piwigo-files-'*'.tar.gz' ~/'Downloads/piwigo-database-'*'.sql' espionage724@192.168.1.152:~
==== Remove Files ====
****
rm -f ~/'Downloads/piwigo-files-'*'.tar.gz' ~/'Downloads/piwigo-database-'*'.sql' && sync
===== Server =====
==== Stop Services ====
****
sudo systemctl stop nginx php-fpm
==== Remove Previous Folder ====
****
sudo rm -Rf '/var/www/media'
==== Restore Piwigo Folder ====
****
cd '/var/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && cd ~ && sync
==== Drop Previous Database ====
sudo mariadb
DROP DATABASE piwigo;
FLUSH TABLES;
EXIT
==== Re-create Databases ====
sudo mariadb
CREATE DATABASE piwigo;
EXIT
==== Restore Database ====
****
sudo mariadb 'piwigo' < ~/'piwigo-database-'*'.sql' && sync
==== Reapply Permissions ====
sudo mariadb
GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x';
FLUSH PRIVILEGES;
EXIT
==== Start Services ====
****
sudo systemctl start nginx php-fpm
==== Remove Backups ====
* Verify that Piwigo works before running
rm ~/'piwigo-files-'*'.tar.gz' ~/'piwigo-database-'*'.sql' && sync