RoE | Wiki

User Tools

Site Tools

Trace: piwigo
servers:bsd:nginx:piwigo

Table of Contents

Information

Prerequisites

Dependencies

su -
pkg install git-lite php84-exif php84-gd php84-mysqli php84-mbstring

Download Source

su -
git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/Piwigo.git' '/usr/local/www/media' && chown -R 'www':'www' '/usr/local/www/media' && sync
git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/piwigo-bootstrap-darkroom.git' '/usr/local/www/media/themes/bootstrap_darkroom' && chown -R 'www':'www' '/usr/local/www/media' && sync

Database

mariadb -u 'root' -p
CREATE DATABASE piwigo;
CREATE USER piwigo@localhost IDENTIFIED BY 'x';
GRANT ALL PRIVILEGES ON piwigo.* to piwigo@localhost;
FLUSH PRIVILEGES;
EXIT

nginx + PHP-FPM Configuration

PHP-FPM Socket

su -
ee '/usr/local/etc/php-fpm.d/media.conf' && service 'php_fpm' restart
[media]

; User/Group
user = www
group = www

; Socket
listen = 127.0.0.1:9003
listen.allowed_clients = 127.0.0.1

; Process Management
pm = ondemand
pm.max_children = 4
pm.process_idle_timeout = 30

; General
php_value[date.timezone] = "America/New_York"
php_value[max_execution_time] = "200"
php_value[memory_limit] = "512M"
php_value[post_max_size] = "100M"
php_value[upload_max_filesize] = "20M"
php_value[max_file_uploads] = "100"

; End

FastCGI

su -
ee '/usr/local/etc/nginx/default.d/media.conf'
# PHP-FPM
location ~ \.(php|phar)(/.*)?$ {
    fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
    fastcgi_intercept_errors on;
    fastcgi_index index.php;
    include fastcgi_params;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_path_info;
    fastcgi_param HTTPS on;
    fastcgi_pass 127.0.0.1:9003;
}

# End

Server Block

su -
ee '/usr/local/etc/nginx/vhosts.d/media.conf' && service 'nginx' reload && sync
server {
    listen '443' 'ssl';
#    http2 'on';
    server_name 'media.realmofespionage.xyz';
    root '/usr/local/www/media';
    index 'index.php';

    include '/usr/local/etc/nginx/default.d/media.conf';
    include '/usr/local/etc/nginx/default.d/headers.conf';

#    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
#    add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
#    access_log  /var/log/nginx/media-access.log;
#    error_log  /var/log/nginx/media-error.log;

    location / {
        index index.php;
        try_files $uri $uri/ @rewrite;
    }

    location @rewrite {
        rewrite ^/picture((/|$).*)$ /picture.php$1 last;
        rewrite ^/index((/|$).*)$ /index.php$1 last;
        rewrite ^/i((/|$).*)$ /i.php$1 last;
    }

}

# End

Initial Setup

Settings

  • :!: Using a long password with symbols passed setup fine, but failed to log-in later; use less-complex password
  • :!: Use a relay or bogus email address during account creation to protect against potential spam 3)
  • :!: Disable Allow user registration immediately under Configuration → Options → General → Permissions
  • Seemingly have to enable Activate comments in order to prevent broken CSS on the bottom of image pages, but can uncheck Comments for all so that nobody public can leave comments
  • Activate Boostrap Darkroom theme

Page Banner

<p>Tech, hardware, food, nature, and gaming pictures and videos!</p>

config.inc.php

su -
ee '/usr/local/www/media/local/config/config.inc.php' && chown 'www':'www' '/usr/local/www/media/local/config/config.inc.php'
<?php

// nginx Rewrite
$conf['question_mark_in_urls'] = false;
$conf['php_extension_in_urls'] = false;

// Minimal Logging
$conf['log_level'] = 'EMERGENCY';

// Hide PHP Warnings
$conf['show_php_errors'] = E_ALL & ~E_DEPRECATED & ~E_NOTICE & ~E_WARNING;

// Header Links
$conf['links'] = array(
  'https://realmofespionage.xyz' => 'Realm of Espionage',
  'https://wiki.realmofespionage.xyz' => 'RoE | Wiki',
  'https://blog.realmofespionage.xyz' => 'RoE | Blog',
  'https://wiki.realmofespionage.xyz/user:espionage724' => 'Webmaster Info',
  'https://wiki.realmofespionage.xyz/servers:bsd:nginx:piwigo' => 'Instance Configuration Notes',
  );

// Video Uploading
$conf['upload_form_all_types'] = true;
$conf['file_ext'] = array_merge(
  $conf['picture_ext'],
  array('tiff', 'tif', 'mpg','zip','avi','mp3','ogg','pdf','webm','mp4')
  );

// End
?>

Temp Commands

Update

su -
su -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/media' pull origin 'master'"
su -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/media/themes/bootstrap_darkroom' pull origin 'master'"

Etc

Media

su -
su -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/media' reset --hard"
su -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/media' pull origin 'master' --rebase"
su -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/media' gc --aggressive --prune='all'"
su -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/media' fsck --full --strict"

Theme

su -
su -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/media/themes/bootstrap_darkroom' reset --hard"
su -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/media/themes/bootstrap_darkroom' pull origin 'master' --rebase"
su -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/media/themes/bootstrap_darkroom' gc --aggressive --prune='all'"
su -m 'www' -c "'/usr/local/bin/git' -C '/usr/local/www/media/themes/bootstrap_darkroom' fsck --full --strict"

Services

Updater

Service

sudo -e '/etc/systemd/system/media-up.service'
[Service]
User=nginx
Group=nginx
Type=oneshot
WorkingDirectory=/var/www/media
ExecStart='/usr/bin/git' -C '/var/www/media' pull origin 'master'
ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' pull origin 'master'
ExecStartPost='/usr/bin/sync'

Timer

  • Every day at 05:00:00
sudo -e '/etc/systemd/system/media-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-up.timer' --now && sudo systemctl start 'media-up' && sudo systemctl status 'media-up' -l
[Unit]
Description=Piwigo Updater
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=*-*-* 05:00:00
Persistent=true

[Install]
WantedBy=timers.target

Maintenance

Service

sudo -e '/etc/systemd/system/media-m.service'
[Service]
User=nginx
Group=nginx
Type=oneshot
ExecStart='/usr/bin/git' -C '/var/www/media' gc --aggressive --prune='all'
ExecStart='/usr/bin/git' -C '/var/www/media' fsck --full --strict
ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' gc --aggressive --prune='all'
ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' fsck --full --strict
ExecStartPost='/usr/bin/sync'

Timer

  • 01 day of every month at 05:20:00
sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now && sudo systemctl start 'media-m' && sudo systemctl status 'media-m' -l
[Unit]
Description=Piwigo Maintenance
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=*-*-01 05:20:00
Persistent=true

[Install]
WantedBy=timers.target

Backup

Files

Service

mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/media-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/media-fb.service'
[Service]
Type=oneshot
WorkingDirectory=/var/www
ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"'
ExecStartPost='/usr/bin/sync'

Timer

  • 01 day of every month at 05:35:00
sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l
[Unit]
Description=Piwigo Files Backup

[Timer]
OnCalendar=*-*-01 05:35:00
Persistent=true

[Install]
WantedBy=timers.target

Database

Database Auth

sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/piwigo' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/auth/piwigo' && sudo chmod '600' '/var/lib/mysql/auth/piwigo' && sync
[mariadb-dump]
user=piwigo
password=x

Service

mkdir -p ~/'backups' && sudo mkdir -p '/var/lib/mysql/tmp' && sudo -e '/etc/systemd/system/media-db.service' && sudo sed -i 's/'CHANGEME'/'$USER'/g' '/etc/systemd/system/media-db.service'
[Service]
Type=oneshot
WorkingDirectory=/var/lib/mysql/tmp
ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql'
ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql'
ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"'
ExecStartPost='/usr/bin/sync'

Timer

  • Every day at 05:45:00
sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l
[Unit]
Description=Piwigo Database Backup
After=mariadb.service

[Timer]
OnCalendar=*-*-* 05:45:00
Persistent=true

[Install]
WantedBy=timers.target

Backup

  • Create backup archive on server and transfer to client computer

Server

Stop Services

sudo systemctl stop nginx php-fpm

Backup Folder

cd '/var/www' && sudo tar -cvzf ~/'piwigo-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'media' && cd ~ && sync

Backup Database

sudo mariadb-dump --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync

Start Services

sudo systemctl start nginx php-fpm

Client

Transfer Files To Client

scp espionage724@192.168.1.152:~/'piwigo-files-'*'.tar.gz' espionage724@192.168.1.152:~/'piwigo-database-'*'.sql' ~/'Downloads' && sync

Restore

Client

Uncompress Database

  • This is only needed if restoring an automated database backup 4)
gunzip ~/'Downloads/piwigo-database-'*'.sql.gz'

Transfer Files To Server

scp ~/'Downloads/piwigo-files-'*'.tar.gz' ~/'Downloads/piwigo-database-'*'.sql' espionage724@192.168.1.152:~

Remove Files

rm -f ~/'Downloads/piwigo-files-'*'.tar.gz' ~/'Downloads/piwigo-database-'*'.sql' && sync

Server

Stop Services

sudo systemctl stop nginx php-fpm

Remove Previous Folder

sudo rm -Rf '/var/www/media'

Restore Piwigo Folder

cd '/var/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && cd ~ && sync

Drop Previous Database

sudo mariadb
DROP DATABASE piwigo;
FLUSH TABLES;
EXIT

Re-create Databases

sudo mariadb
CREATE DATABASE piwigo;
EXIT

Restore Database

sudo mariadb 'piwigo' < ~/'piwigo-database-'*'.sql' && sync

Reapply Permissions

sudo mariadb
GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x';
FLUSH PRIVILEGES;
EXIT

Start Services

sudo systemctl start nginx php-fpm

Remove Backups

  • Verify that Piwigo works before running
rm ~/'piwigo-files-'*'.tar.gz' ~/'piwigo-database-'*'.sql' && sync

Restore

Files

su -
rm -Rf '/usr/local/www/media'
cd '/usr/local/www' && tar -xvzf '/home/'*'/piwigo-files-'*'.tar.gz' 'media' && chown -R 'www':'www' '/usr/local/www/media' && cd ~ && sync

Database

mariadb -u 'root' -p --execute='CREATE DATABASE piwigo;'
mariadb -u 'root' -p 'piwigo' < ~/'piwigo.sql'
1)
https://piwigo.org/
2)
https://github.com/Piwigo/piwigo-bootstrap-darkroom
3)
the webmaster URL in the footer shows the email in plaintext and looks tasty to bots
4)
manual doesn't gzip
/usr/local/www/wiki/data/pages/servers/bsd/nginx/piwigo.txt · Last modified: by Sean Rhone