Table of Contents

Information

Prerequisites

Dependencies

sudo dnf install php-mysqlnd php-imagick php-gd perl-Image-ExifTool mediainfo ffmpeg-free libvorbis poppler-utils

Download Source

sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/Piwigo.git' '/var/www/media' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/piwigo-bootstrap-darkroom.git' '/var/www/media/themes/bootstrap_darkroom' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sync

Database

sudo mariadb
CREATE DATABASE piwigo;
GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x';
FLUSH PRIVILEGES;
EXIT

nginx + PHP-FPM Configuration

PHP-FPM Socket

sudo -e '/etc/php-fpm.d/media.conf' && sudo systemctl restart 'php-fpm'
[media]

; User/Group
user = nginx
group = nginx

; Socket
listen = /run/php-fpm/media.sock
listen.acl_users = nginx
listen.allowed_clients = 127.0.0.1

; Process Management
pm = ondemand
pm.max_children = 4
pm.process_idle_timeout = 30

; Fedora php.ini Defaults
php_value[session.save_handler] = "files"
php_value[session.save_path] = "/var/lib/php/session"

; General
php_value[date.timezone] = "America/New_York"
php_value[max_execution_time] = "200"
php_value[memory_limit] = "512M"
php_value[post_max_size] = "100M"
php_value[upload_max_filesize] = "20M"
php_value[max_file_uploads] = "100"

; End

FastCGI

sudo -e '/etc/nginx/default.d/media.conf'
# PHP-FPM
location ~ \.(php|phar)(/.*)?$ {
    fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
    fastcgi_intercept_errors on;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_pass unix:/run/php-fpm/media.sock;
}

Server Block

sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync
server {
    listen '443' 'ssl' 'http2';
    server_name 'media.realmofespionage.xyz';
    root '/var/www/media';
    index 'index.php';

    include '/etc/nginx/default.d/media.conf';
    include '/etc/nginx/default.d/headers.conf';

#    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
#    add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
#    access_log  /var/log/nginx/media-access.log;
#    error_log  /var/log/nginx/media-error.log;

    location / {
        index index.php;
        try_files $uri $uri/ @rewrite;
    }

    location @rewrite {
        rewrite ^/picture((/|$).*)$ /picture.php$1 last;
        rewrite ^/index((/|$).*)$ /index.php$1 last;
        rewrite ^/i((/|$).*)$ /i.php$1 last;
    }

}

Initial Setup

Settings

Page Banner

<p>Tech, hardware, food, nature, and gaming pictures and videos!</p>

config.inc.php

sudo -u 'nginx' -e '/var/www/media/local/config/config.inc.php' && sudo restorecon -F -I -R '/var/www/media/local/config/config.inc.php'
<?php

// nginx Rewrite
$conf['question_mark_in_urls'] = false;
$conf['php_extension_in_urls'] = false;

// Minimal Logging
$conf['log_level'] = 'EMERGENCY';

// Header Links
$conf['links'] = array(
  'https://realmofespionage.xyz' => 'Realm of Espionage',
  'https://wiki.realmofespionage.xyz' => 'RoE | Wiki',
  'https://social.realmofespionage.xyz/profile/espionage724' => 'RoE | Social',
  'https://blog.realmofespionage.xyz' => 'RoE | Blog',
  'https://wiki.realmofespionage.xyz/personal:social_media' => 'Webmaster Info',
  'https://wiki.realmofespionage.xyz/servers:nginx:piwigo' => 'Instance Configuration Notes',
  );

// Video Uploading
$conf['upload_form_all_types'] = true;
$conf['file_ext'] = array_merge(
  $conf['picture_ext'],
  array('tiff', 'tif', 'mpg','zip','avi','mp3','ogg','pdf','webm','mp4')
  );

// End
?>

Services

Updater

Service

sudo -e '/etc/systemd/system/media-up.service'
[Service]
User=nginx
Group=nginx
Type=oneshot
WorkingDirectory=/var/www/media
ExecStart='/usr/bin/git' -C '/var/www/media' pull origin 'master'
ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' pull origin 'master'
ExecStartPost='/usr/bin/sync'

Timer

sudo -e '/etc/systemd/system/media-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-up.timer' --now && sudo systemctl start 'media-up' && sudo systemctl status 'media-up' -l
[Unit]
Description=Piwigo Updater
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=*-*-* 05:00:00
Persistent=true

[Install]
WantedBy=timers.target

Maintenance

Service

sudo -e '/etc/systemd/system/media-m.service'
[Service]
User=nginx
Group=nginx
Type=oneshot
ExecStart='/usr/bin/git' -C '/var/www/media' gc --aggressive --prune='all'
ExecStart='/usr/bin/git' -C '/var/www/media' fsck --full --strict
ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' gc --aggressive --prune='all'
ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' fsck --full --strict
ExecStartPost='/usr/bin/sync'

Timer

sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now && sudo systemctl start 'media-m' && sudo systemctl status 'media-m' -l
[Unit]
Description=Piwigo Maintenance
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=*-*-01 05:20:00
Persistent=true

[Install]
WantedBy=timers.target

Backup

Files

Service

mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/media-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/media-fb.service'
[Service]
Type=oneshot
WorkingDirectory=/var/www
ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"'
ExecStartPost='/usr/bin/sync'

Timer

sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l
[Unit]
Description=Piwigo Files Backup

[Timer]
OnCalendar=*-*-01 05:35:00
Persistent=true

[Install]
WantedBy=timers.target

Database

Database Auth

sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/piwigo' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/auth/piwigo' && sudo chmod '600' '/var/lib/mysql/auth/piwigo' && sync
[mariadb-dump]
user=piwigo
password=x

Service

mkdir -p ~/'backups' && sudo mkdir -p '/var/lib/mysql/tmp' && sudo -e '/etc/systemd/system/media-db.service' && sudo sed -i 's/'CHANGEME'/'$USER'/g' '/etc/systemd/system/media-db.service'
[Service]
Type=oneshot
WorkingDirectory=/var/lib/mysql/tmp
ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql'
ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql'
ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"'
ExecStartPost='/usr/bin/sync'

Timer

sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l
[Unit]
Description=Piwigo Database Backup
After=mariadb.service

[Timer]
OnCalendar=*-*-* 05:45:00
Persistent=true

[Install]
WantedBy=timers.target

Backup

Server

Stop Services

sudo systemctl stop nginx php-fpm

Backup Folder

cd '/var/www' && sudo tar -cvzf ~/'piwigo-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'media' && cd ~ && sync

Backup Database

sudo mariadb-dump --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync

Start Services

sudo systemctl start nginx php-fpm

Client

Transfer Files To Client

scp espionage724@192.168.1.152:~/'piwigo-files-'*'.tar.gz' espionage724@192.168.1.152:~/'piwigo-database-'*'.sql' ~/'Downloads' && sync

Restore

Client

Uncompress Database

gunzip ~/'Downloads/piwigo-database-'*'.sql.gz'

Transfer Files To Server

scp ~/'Downloads/piwigo-files-'*'.tar.gz' ~/'Downloads/piwigo-database-'*'.sql' espionage724@192.168.1.152:~

Remove Files

rm -f ~/'Downloads/piwigo-files-'*'.tar.gz' ~/'Downloads/piwigo-database-'*'.sql' && sync

Server

Stop Services

sudo systemctl stop nginx php-fpm

Remove Previous Folder

sudo rm -Rf '/var/www/media'

Restore Piwigo Folder

cd '/var/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && cd ~ && sync

Drop Previous Database

sudo mariadb
DROP DATABASE piwigo;
FLUSH TABLES;
EXIT

Re-create Databases

sudo mariadb
CREATE DATABASE piwigo;
EXIT

Restore Database

sudo mariadb 'piwigo' < ~/'piwigo-database-'*'.sql' && sync

Reapply Permissions

sudo mariadb
GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x';
FLUSH PRIVILEGES;
EXIT

Start Services

sudo systemctl start nginx php-fpm

Remove Backups

rm ~/'piwigo-files-'*'.tar.gz' ~/'piwigo-database-'*'.sql' && sync
5)
the webmaster URL in the footer shows the email in plaintext and looks tasty to bots
6)
manual doesn't gzip