servers:linux:nginx:piwigo
Table of Contents
Information
Prerequisites
Dependencies
sudo dnf install php-mysqlnd php-imagick php-gd perl-Image-ExifTool mediainfo ffmpeg-free libvorbis poppler-utils
Download Source
- Also includes the Bootstrap Darkroom theme
sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/Piwigo.git' '/var/www/media' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/piwigo-bootstrap-darkroom.git' '/var/www/media/themes/bootstrap_darkroom' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sync
Database
sudo mariadb
CREATE DATABASE piwigo;
GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x';
FLUSH PRIVILEGES;
EXIT
nginx + PHP-FPM Configuration
PHP-FPM Socket
sudo -e '/etc/php-fpm.d/media.conf' && sudo systemctl restart 'php-fpm'
[media] ; User/Group user = nginx group = nginx ; Socket listen = /run/php-fpm/media.sock listen.acl_users = nginx listen.allowed_clients = 127.0.0.1 ; Process Management pm = ondemand pm.max_children = 4 pm.process_idle_timeout = 30 ; Fedora php.ini Defaults php_value[session.save_handler] = "files" php_value[session.save_path] = "/var/lib/php/session" ; General php_value[date.timezone] = "America/New_York" php_value[max_execution_time] = "200" php_value[memory_limit] = "512M" php_value[post_max_size] = "100M" php_value[upload_max_filesize] = "20M" php_value[max_file_uploads] = "100" ; End
FastCGI
sudo -e '/etc/nginx/default.d/media.conf'
# PHP-FPM
location ~ \.(php|phar)(/.*)?$ {
fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
fastcgi_intercept_errors on;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php-fpm/media.sock;
}
Server Block
- 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs
sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync
server {
listen '443' 'ssl' 'http2';
server_name 'media.realmofespionage.xyz';
root '/var/www/media';
index 'index.php';
include '/etc/nginx/default.d/media.conf';
include '/etc/nginx/default.d/headers.conf';
# add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
# add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
# access_log /var/log/nginx/media-access.log;
# error_log /var/log/nginx/media-error.log;
location / {
index index.php;
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite ^/picture((/|$).*)$ /picture.php$1 last;
rewrite ^/index((/|$).*)$ /index.php$1 last;
rewrite ^/i((/|$).*)$ /i.php$1 last;
}
}
Initial Setup
Settings
Using a long password with symbols passed setup fine, but failed to log-in later; use less-complex password- Use a relay or bogus email address during account creation to protect against potential spam 5)
- Disable
Allow user registrationimmediately under Configuration → Options → General → Permissions - Seemingly have to enable
Activate commentsin order to prevent broken CSS on the bottom of image pages, but can uncheckComments for allso that nobody public can leave comments - Activate Boostrap Darkroom theme
Page Banner
<p>Tech, hardware, food, nature, and gaming pictures and videos!</p>
config.inc.php
sudo -u 'nginx' -e '/var/www/media/local/config/config.inc.php' && sudo restorecon -F -I -R '/var/www/media/local/config/config.inc.php'
<?php
// nginx Rewrite
$conf['question_mark_in_urls'] = false;
$conf['php_extension_in_urls'] = false;
// Minimal Logging
$conf['log_level'] = 'EMERGENCY';
// Header Links
$conf['links'] = array(
'https://realmofespionage.xyz' => 'Realm of Espionage',
'https://wiki.realmofespionage.xyz' => 'RoE | Wiki',
'https://social.realmofespionage.xyz/profile/espionage724' => 'RoE | Social',
'https://blog.realmofespionage.xyz' => 'RoE | Blog',
'https://wiki.realmofespionage.xyz/personal:social_media' => 'Webmaster Info',
'https://wiki.realmofespionage.xyz/servers:nginx:piwigo' => 'Instance Configuration Notes',
);
// Video Uploading
$conf['upload_form_all_types'] = true;
$conf['file_ext'] = array_merge(
$conf['picture_ext'],
array('tiff', 'tif', 'mpg','zip','avi','mp3','ogg','pdf','webm','mp4')
);
// End
?>
Services
Updater
Service
sudo -e '/etc/systemd/system/media-up.service'
[Service] User=nginx Group=nginx Type=oneshot WorkingDirectory=/var/www/media ExecStart='/usr/bin/git' -C '/var/www/media' pull origin 'master' ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' pull origin 'master' ExecStartPost='/usr/bin/sync'
Timer
- Every day at
05:00:00
sudo -e '/etc/systemd/system/media-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-up.timer' --now && sudo systemctl start 'media-up' && sudo systemctl status 'media-up' -l
[Unit] Description=Piwigo Updater After=network-online.target Wants=network-online.target [Timer] OnCalendar=*-*-* 05:00:00 Persistent=true [Install] WantedBy=timers.target
Maintenance
Service
sudo -e '/etc/systemd/system/media-m.service'
[Service] User=nginx Group=nginx Type=oneshot ExecStart='/usr/bin/git' -C '/var/www/media' gc --aggressive --prune='all' ExecStart='/usr/bin/git' -C '/var/www/media' fsck --full --strict ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' gc --aggressive --prune='all' ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' fsck --full --strict ExecStartPost='/usr/bin/sync'
Timer
01day of every month at05:20:00
sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now && sudo systemctl start 'media-m' && sudo systemctl status 'media-m' -l
[Unit] Description=Piwigo Maintenance After=network-online.target Wants=network-online.target [Timer] OnCalendar=*-*-01 05:20:00 Persistent=true [Install] WantedBy=timers.target
Backup
Files
Service
mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/media-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/media-fb.service'
[Service] Type=oneshot WorkingDirectory=/var/www ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"' ExecStartPost='/usr/bin/sync'
Timer
01day of every month at05:35:00
sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l
[Unit] Description=Piwigo Files Backup [Timer] OnCalendar=*-*-01 05:35:00 Persistent=true [Install] WantedBy=timers.target
Database
Database Auth
sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/piwigo' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/auth/piwigo' && sudo chmod '600' '/var/lib/mysql/auth/piwigo' && sync
[mariadb-dump] user=piwigo password=x
Service
mkdir -p ~/'backups' && sudo mkdir -p '/var/lib/mysql/tmp' && sudo -e '/etc/systemd/system/media-db.service' && sudo sed -i 's/'CHANGEME'/'$USER'/g' '/etc/systemd/system/media-db.service'
[Service] Type=oneshot WorkingDirectory=/var/lib/mysql/tmp ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql' ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql' ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"' ExecStartPost='/usr/bin/sync'
Timer
- Every day at
05:45:00
sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l
[Unit] Description=Piwigo Database Backup After=mariadb.service [Timer] OnCalendar=*-*-* 05:45:00 Persistent=true [Install] WantedBy=timers.target
Backup
- Create backup archive on server and transfer to client computer
Server
Stop Services
sudo systemctl stop nginx php-fpm
Backup Folder
cd '/var/www' && sudo tar -cvzf ~/'piwigo-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'media' && cd ~ && sync
Backup Database
sudo mariadb-dump --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync
Start Services
sudo systemctl start nginx php-fpm
Client
Transfer Files To Client
scp espionage724@192.168.1.152:~/'piwigo-files-'*'.tar.gz' espionage724@192.168.1.152:~/'piwigo-database-'*'.sql' ~/'Downloads' && sync
Restore
Client
Uncompress Database
- This is only needed if restoring an automated database backup 6)
gunzip ~/'Downloads/piwigo-database-'*'.sql.gz'
Transfer Files To Server
scp ~/'Downloads/piwigo-files-'*'.tar.gz' ~/'Downloads/piwigo-database-'*'.sql' espionage724@192.168.1.152:~
Remove Files
rm -f ~/'Downloads/piwigo-files-'*'.tar.gz' ~/'Downloads/piwigo-database-'*'.sql' && sync
Server
Stop Services
sudo systemctl stop nginx php-fpm
Remove Previous Folder
sudo rm -Rf '/var/www/media'
Restore Piwigo Folder
cd '/var/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && cd ~ && sync
Drop Previous Database
sudo mariadb
DROP DATABASE piwigo;
FLUSH TABLES;
EXIT
Re-create Databases
sudo mariadb
CREATE DATABASE piwigo;
EXIT
Restore Database
sudo mariadb 'piwigo' < ~/'piwigo-database-'*'.sql' && sync
Reapply Permissions
sudo mariadb
GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x';
FLUSH PRIVILEGES;
EXIT
Start Services
sudo systemctl start nginx php-fpm
Remove Backups
- Verify that Piwigo works before running
rm ~/'piwigo-files-'*'.tar.gz' ~/'piwigo-database-'*'.sql' && sync
/usr/local/www/wiki/data/pages/servers/linux/nginx/piwigo.txt · Last modified: by 127.0.0.1