servers:linux:nginx:piwigo
This is an old revision of the document!
Table of Contents
Information
TODOs
- Show title on pictures (long titles get cut-off in navbar)
- AI (post, config.inc.php)
Prerequisites
Dependencies
sudo zypper install php8-gd php8-exif php8-mbstring php8-mysql php8-opcache
Old TODO
sudo dnf install php-mysqlnd php-imagick php-gd perl-Image-ExifTool mediainfo ffmpeg-free libvorbis poppler-utils
sudo zypper install php8-bz2 php8-intl php8-sodium php8-zlib
Download Source
- Also includes the Bootstrap Darkroom theme
sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/Piwigo.git' '/srv/www/media' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/piwigo-bootstrap-darkroom.git' '/srv/www/media/themes/bootstrap_darkroom' && sudo chown -R 'wwwrun' '/srv/www/media'
Database
sudo mariadb
CREATE DATABASE piwigo;
CREATE USER 'piwigo'@'localhost' IDENTIFIED BY 'x';
GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost';
FLUSH PRIVILEGES;
EXIT
nginx + PHP-FPM Configuration
PHP-FPM Socket
sudo -e '/etc/php8/fpm/php-fpm.d/media.conf' && sudo systemctl restart 'php-fpm'
[media] ; User/Group user = nginx group = nginx ; Socket listen = /run/php-fpm/media.sock listen.acl_users = nginx listen.allowed_clients = 127.0.0.1 ; Process Management pm = ondemand pm.max_children = 4 pm.process_idle_timeout = 30 ; Fedora php.ini Defaults php_value[session.save_handler] = "files" php_value[session.save_path] = "/var/lib/php/session" ; General php_value[date.timezone] = "America/New_York" php_value[max_execution_time] = "200" php_value[memory_limit] = "512M" php_value[post_max_size] = "100M" php_value[upload_max_filesize] = "20M" php_value[max_file_uploads] = "100" ; End
FastCGI
media.sock
sudo -e '/etc/nginx/default.d/media.conf'
location ~ \.(php|phar)(/.*)?$ {
fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
fastcgi_intercept_errors on;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_pass unix:/run/php-fpm/media.sock;
}
# End
Server Block
- 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs
sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync
server {
listen '443' 'ssl' 'http2';
server_name 'media.realmofespionage.xyz';
root '/var/www/media';
index 'index.php';
include '/etc/nginx/default.d/media.conf';
include '/etc/nginx/default.d/headers.conf';
# add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
# add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
# access_log /var/log/nginx/media-access.log;
# error_log /var/log/nginx/media-error.log;
location / {
index index.php;
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite ^/picture((/|$).*)$ /picture.php$1 last;
rewrite ^/index((/|$).*)$ /index.php$1 last;
rewrite ^/i((/|$).*)$ /i.php$1 last;
}
}
Initial Setup
Settings
Using a long password with symbols passed setup fine, but failed to log-in later; use less-complex password- Use a relay or bogus email address during account creation to protect against potential spam 3)
- Disable
Allow user registrationimmediately under Configuration → Options → General → Permissions - Seemingly have to enable
Activate commentsin order to prevent broken CSS on the bottom of image pages, but can uncheckComments for allso that nobody public can leave comments - Activate Boostrap Darkroom theme
Page Banner
<p>Tech, hardware, food, nature, and gaming pictures and videos!</p>
config.inc.php
sudo -u 'nginx' -e '/var/www/media/local/config/config.inc.php' && sudo restorecon -F -I -R '/var/www/media/local/config/config.inc.php'
<?php
// nginx Rewrite
$conf['question_mark_in_urls'] = false;
$conf['php_extension_in_urls'] = false;
// Minimal Logging
$conf['log_level'] = 'EMERGENCY';
// Header Links
$conf['links'] = array(
'https://realmofespionage.xyz' => 'Realm of Espionage',
'https://wiki.realmofespionage.xyz' => 'RoE | Wiki',
'https://social.realmofespionage.xyz/profile/espionage724' => 'RoE | Social',
'https://blog.realmofespionage.xyz' => 'RoE | Blog',
'https://wiki.realmofespionage.xyz/personal:social_media' => 'Webmaster Info',
'https://wiki.realmofespionage.xyz/servers:nginx:piwigo' => 'Instance Configuration Notes',
);
// Video Uploading
$conf['upload_form_all_types'] = true;
$conf['file_ext'] = array_merge(
$conf['picture_ext'],
array('tiff', 'tif', 'mpg','zip','avi','mp3','ogg','pdf','webm','mp4')
);
// End
?>
Services
Updater
Service
sudo -e '/etc/systemd/system/media-up.service'
[Service] User=nginx Group=nginx Type=oneshot WorkingDirectory=/var/www/media ExecStart='/usr/bin/git' -C '/var/www/media' pull origin 'master' ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' pull origin 'master' ExecStartPost='/usr/bin/sync'
Timer
- Every day at
05:00:00
sudo -e '/etc/systemd/system/media-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-up.timer' --now && sudo systemctl start 'media-up' && sudo systemctl status 'media-up' -l
[Unit] Description=Piwigo Updater After=network-online.target Wants=network-online.target [Timer] OnCalendar=*-*-* 05:00:00 Persistent=true [Install] WantedBy=timers.target
Maintenance
Service
sudo -e '/etc/systemd/system/media-m.service'
[Service] User=nginx Group=nginx Type=oneshot ExecStart='/usr/bin/git' -C '/var/www/media' gc --aggressive --prune='all' ExecStart='/usr/bin/git' -C '/var/www/media' fsck --full --strict ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' gc --aggressive --prune='all' ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' fsck --full --strict ExecStartPost='/usr/bin/sync'
Timer
01day of every month at05:20:00
sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now && sudo systemctl start 'media-m' && sudo systemctl status 'media-m' -l
[Unit] Description=Piwigo Maintenance After=network-online.target Wants=network-online.target [Timer] OnCalendar=*-*-01 05:20:00 Persistent=true [Install] WantedBy=timers.target
Backup
Files
Service
mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/media-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/media-fb.service'
[Service] Type=oneshot WorkingDirectory=/var/www ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"' ExecStartPost='/usr/bin/sync'
Timer
01day of every month at05:35:00
sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l
[Unit] Description=Piwigo Files Backup [Timer] OnCalendar=*-*-01 05:35:00 Persistent=true [Install] WantedBy=timers.target
Database
Database Auth
sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/piwigo' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/auth/piwigo' && sudo chmod '600' '/var/lib/mysql/auth/piwigo' && sync
[mariadb-dump] user=piwigo password=x
Service
mkdir -p ~/'backups' && sudo mkdir -p '/var/lib/mysql/tmp' && sudo -e '/etc/systemd/system/media-db.service' && sudo sed -i 's/'CHANGEME'/'$USER'/g' '/etc/systemd/system/media-db.service'
[Service] Type=oneshot WorkingDirectory=/var/lib/mysql/tmp ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql' ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql' ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"' ExecStartPost='/usr/bin/sync'
Timer
- Every day at
05:45:00
sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l
[Unit] Description=Piwigo Database Backup After=mariadb.service [Timer] OnCalendar=*-*-* 05:45:00 Persistent=true [Install] WantedBy=timers.target
Old Restore
Client
Uncompress Database
- This is only needed if restoring an automated database backup 4)
gunzip ~/'Downloads/piwigo-database-'*'.sql.gz'
Files
Backup
sudo tar -czf ~/'piwigo-files-manual-'$(date +%Y-%m-%d)'.tar.gz' -C '/srv/www' 'media'
scp
To Client Backup
- Server back-up → Client
- Run on server
scp espionage724@192.168.1.152:~/'piwigo-files-'*'.tar.gz' ~/'Downloads'
To Server Restore
- Client → (files) → Server
- Run on client
scp ~/'Downloads/piwigo-files-'*'.tar.gz' espionage724@192.168.1.152:~
Restore
sudo rm -Rf '/srv/www/media' && sudo tar -xzf ~/'piwigo-files-'*'.tar.gz' -C '/srv/www' 'media' && sudo chown -R 'wwwrun':'www' '/srv/www/media' && sync
Clean-up
rm -fv ~/'piwigo-files-'*'.tar.gz'
Database
Backup
sudo mariadb-dump --single-transaction --quick 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql'
scp
To Client Backup
- Server back-up → Client
- Run on server
scp espionage724@192.168.1.152:~/'piwigo-database-'*'.sql' ~/'Downloads'
To Server Restore
- Client → (files) → Server
- Run on client
scp ~/'Downloads/piwigo'*'.sql' espionage724@192.168.1.152:~
Restore
sudo mariadb --execute='CREATE DATABASE piwigo'
sudo mariadb 'piwigo' < ~/'piwigo'*'.sql'
Permissions
sudo mariadb
CREATE USER 'piwigo'@'localhost' IDENTIFIED BY 'x';
GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost';
FLUSH PRIVILEGES;
EXIT
Clean-up
rm -fv ~/'piwigo'*'.sql'
/usr/local/www/wiki/data/attic/servers/linux/nginx/piwigo.1756339899.txt.gz · Last modified: by Sean Rhone