[media]
; User/Group
user = nginx
group = nginx
; Socket
listen = /run/php-fpm/media.sock
listen.acl_users = nginx
listen.allowed_clients = 127.0.0.1
; Process Management
pm = ondemand
pm.max_children = 4
pm.process_idle_timeout = 30
; Fedora php.ini Defaults
php_value[session.save_handler] = "files"
php_value[session.save_path] = "/var/lib/php/session"
; General
php_value[date.timezone] = "America/New_York"
php_value[max_execution_time] = "200"
php_value[memory_limit] = "512M"
php_value[post_max_size] = "100M"
php_value[upload_max_filesize] = "20M"
php_value[max_file_uploads] = "100"
; End
===== FastCGI =====
* ''media.sock''
sudo -e '/etc/nginx/default.d/media.conf'
location ~ \.(php|phar)(/.*)?$ {
fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
fastcgi_intercept_errors on;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php-fpm/media.sock;
}
# End
===== Server Block =====
* 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs
sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync
server {
listen '443' 'ssl' 'http2';
server_name 'media.realmofespionage.xyz';
root '/var/www/media';
index 'index.php';
include '/etc/nginx/default.d/media.conf';
include '/etc/nginx/default.d/headers.conf';
# add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
# add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
# access_log /var/log/nginx/media-access.log;
# error_log /var/log/nginx/media-error.log;
location / {
index index.php;
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite ^/picture((/|$).*)$ /picture.php$1 last;
rewrite ^/index((/|$).*)$ /index.php$1 last;
rewrite ^/i((/|$).*)$ /i.php$1 last;
}
}
====== Initial Setup ======
* https://media.realmofespionage.xyz
====== Settings ======
* :!: Using a long password with symbols passed setup fine, but failed to log-in later; use less-complex password
* :!: Use a relay or bogus email address during account creation to protect against potential spam ((the webmaster URL in the footer shows the email in plaintext and looks tasty to bots))
* :!: Disable ''Allow user registration'' **immediately** under Configuration -> Options -> General -> Permissions
* Seemingly have to enable ''Activate comments'' in order to prevent broken CSS on the bottom of image pages, but can uncheck ''Comments for all'' so that nobody public can leave comments
* Activate Boostrap Darkroom theme
===== Page Banner =====
****
Tech, hardware, food, nature, and gaming pictures and videos!
===== config.inc.php =====
* [[https://piwigo.org/forum/viewtopic.php?pid=159584#p159584|nginx Rewrite source]]
* [[https://piwigo.org/forum/viewtopic.php?pid=179504#p179504|Video Uploading source]]
* [[https://github.com/Piwigo/Piwigo/blob/master/include/config_default.inc.php|More Settings]]
sudo -u 'nginx' -e '/var/www/media/local/config/config.inc.php' && sudo restorecon -F -I -R '/var/www/media/local/config/config.inc.php'
'Realm of Espionage',
'https://wiki.realmofespionage.xyz' => 'RoE | Wiki',
'https://social.realmofespionage.xyz/profile/espionage724' => 'RoE | Social',
'https://blog.realmofespionage.xyz' => 'RoE | Blog',
'https://wiki.realmofespionage.xyz/personal:social_media' => 'Webmaster Info',
'https://wiki.realmofespionage.xyz/servers:nginx:piwigo' => 'Instance Configuration Notes',
);
// Video Uploading
$conf['upload_form_all_types'] = true;
$conf['file_ext'] = array_merge(
$conf['picture_ext'],
array('tiff', 'tif', 'mpg','zip','avi','mp3','ogg','pdf','webm','mp4')
);
// End
?>
====== Services ======
===== Updater =====
==== Service ====
sudo -e '/etc/systemd/system/media-up.service'
[Service]
User=nginx
Group=nginx
Type=oneshot
WorkingDirectory=/var/www/media
ExecStart='/usr/bin/git' -C '/var/www/media' pull origin 'master'
ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' pull origin 'master'
ExecStartPost='/usr/bin/sync'
==== Timer ====
* Every day at ''05:00:00''
sudo -e '/etc/systemd/system/media-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-up.timer' --now && sudo systemctl start 'media-up' && sudo systemctl status 'media-up' -l
[Unit]
Description=Piwigo Updater
After=network-online.target
Wants=network-online.target
[Timer]
OnCalendar=*-*-* 05:00:00
Persistent=true
[Install]
WantedBy=timers.target
===== Maintenance =====
==== Service ====
sudo -e '/etc/systemd/system/media-m.service'
[Service]
User=nginx
Group=nginx
Type=oneshot
ExecStart='/usr/bin/git' -C '/var/www/media' gc --aggressive --prune='all'
ExecStart='/usr/bin/git' -C '/var/www/media' fsck --full --strict
ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' gc --aggressive --prune='all'
ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' fsck --full --strict
ExecStartPost='/usr/bin/sync'
==== Timer ====
* ''01'' day of every month at ''05:20:00''
sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now && sudo systemctl start 'media-m' && sudo systemctl status 'media-m' -l
[Unit]
Description=Piwigo Maintenance
After=network-online.target
Wants=network-online.target
[Timer]
OnCalendar=*-*-01 05:20:00
Persistent=true
[Install]
WantedBy=timers.target
===== Backup =====
==== Files ====
=== Service ===
mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/media-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/media-fb.service'
[Service]
Type=oneshot
WorkingDirectory=/var/www
ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"'
ExecStartPost='/usr/bin/sync'
=== Timer ===
* ''01'' day of every month at ''05:35:00''
sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l
[Unit]
Description=Piwigo Files Backup
[Timer]
OnCalendar=*-*-01 05:35:00
Persistent=true
[Install]
WantedBy=timers.target
==== Database ====
=== Database Auth ===
sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/piwigo' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/auth/piwigo' && sudo chmod '600' '/var/lib/mysql/auth/piwigo' && sync
[mariadb-dump]
user=piwigo
password=x
=== Service ===
mkdir -p ~/'backups' && sudo mkdir -p '/var/lib/mysql/tmp' && sudo -e '/etc/systemd/system/media-db.service' && sudo sed -i 's/'CHANGEME'/'$USER'/g' '/etc/systemd/system/media-db.service'
[Service]
Type=oneshot
WorkingDirectory=/var/lib/mysql/tmp
ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql'
ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql'
ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"'
ExecStartPost='/usr/bin/sync'
=== Timer ===
* Every day at ''05:45:00''
sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l
[Unit]
Description=Piwigo Database Backup
After=mariadb.service
[Timer]
OnCalendar=*-*-* 05:45:00
Persistent=true
[Install]
WantedBy=timers.target
====== Old Restore ======
===== Client =====
==== Uncompress Database ====
* This is only needed if restoring an **automated** database backup ((manual doesn't gzip))
gunzip ~/'Downloads/piwigo-database-'*'.sql.gz'
====== Files ======
===== Backup =====
****
sudo tar -czf ~/'piwigo-files-manual-'$(date +%Y-%m-%d)'.tar.gz' -C '/srv/www' 'media'
===== scp =====
==== To Client Backup ====
* Server back-up -> Client
* Run on server
scp espionage724@192.168.1.152:~/'piwigo-files-'*'.tar.gz' ~/'Downloads'
==== To Server Restore ====
* Client -> (files) -> Server
* Run on client
scp ~/'Downloads/piwigo-files-'*'.tar.gz' espionage724@192.168.1.152:~
===== Restore =====
****
sudo rm -Rf '/srv/www/media' && sudo tar -xzf ~/'piwigo-files-'*'.tar.gz' -C '/srv/www' 'media' && sudo chown -R 'wwwrun':'www' '/srv/www/media' && sync
===== Clean-up =====
****
rm -fv ~/'piwigo-files-'*'.tar.gz'
====== Database ======
===== Backup =====
****
sudo mariadb-dump --single-transaction --quick 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql'
===== scp =====
==== To Client Backup ====
* Server back-up -> Client
* Run on server
scp espionage724@192.168.1.152:~/'piwigo-database-'*'.sql' ~/'Downloads'
==== To Server Restore ====
* Client -> (files) -> Server
* Run on client
scp ~/'Downloads/piwigo'*'.sql' espionage724@192.168.1.152:~
===== Restore =====
sudo mariadb --execute='CREATE DATABASE piwigo'
sudo mariadb 'piwigo' < ~/'piwigo'*'.sql'
==== Permissions ====
sudo mariadb
CREATE USER 'piwigo'@'localhost' IDENTIFIED BY 'x';
GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost';
FLUSH PRIVILEGES;
EXIT
===== Clean-up =====
****
rm -fv ~/'piwigo'*'.sql'