RoE | Wiki

User Tools

Site Tools

Trace:
servers:nginx:lychee

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
servers:nginx:lychee [2018/12/31 04:19] – old revision restored (2018/12/10 17:43) Sean Rhoneservers:nginx:lychee [2023/06/27 12:44] – [Service] Sean Rhone
Line 1: Line 1:
 +====== Information ======
 +
 +  * WordPress ((https://wordpress.org))
 +  * [[Information:Realm of Espionage]]
 +  * https://blog.realmofespionage.xyz
 +  * :!: WIP
 +
 +===== Prerequisites =====
 +
 +  * [[distros:fedora_server|Fedora Server]]
 +  * [[servers:mariadb|MariaDB]]
 +  * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]
 +  * [[servers:nginx:lets_encrypt|Let's Encrypt]]
 +
 +===== Notes =====
 +
 +  * :!: Do not initiate any updates from the Admin/wp-admin web page as this may cause local file changes and break the automatic update service
 +  * TODO: https://docs.joomla.org/Special:MyLanguage/J4.x:Setting_Up_Your_Local_Environment
 +
 +====== Dependencies ======
 +
 +  * https://lycheeorg.github.io/docs/installation.html
 +
 +  sudo dnf install php-bcmath php-gd php-pecl-imagick php-mbstring php-pdo php-mysqlnd perl-Image-ExifTool ffmpeg-free composer
 +
 +====== Download Source ======
 +
 +****
 +
 +  sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/LycheeOrg/Lychee.git' '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sync
 +
 +====== PHP Dependencies ======
 +
 +****
 +
 +  cd '/var/www/media' && sudo -u 'nginx' COMPOSER_CACHE_DIR='/dev/null' composer install --no-dev && sync
 +
 +====== Database ======
 +
 +  sudo mysql
 +
 +  CREATE DATABASE lychee;
 +
 +  GRANT ALL PRIVILEGES ON lychee.* to 'lychee'@'localhost' IDENTIFIED BY 'x';
 +
 +  FLUSH PRIVILEGES;
 +
 +  EXIT
 +
 +====== Lychee Config ======
 +
 +  * https://lycheeorg.github.io/docs/configuration.html
 +
 +  sudo -u 'nginx' -e '/var/www/media/.env'
 +
 +<code>
 +DB_CONNECTION="mysql"
 +DB_DATABASE="lychee"
 +DB_USERNAME="lychee"
 +DB_PASSWORD=x
 +DB_SOCKET="/var/lib/mysql/mysql.sock"</code>
 +
 +====== nginx + PHP-FPM Configuration ======
 +
 +===== PHP-FPM Socket =====
 +
 +  sudo -e '/etc/php-fpm.d/media.conf' && sudo systemctl restart 'php-fpm'
 +
 +<code>
 +[media]
 +
 +; User/Group
 +user = nginx
 +group = nginx
 +
 +; Socket
 +listen = /run/php-fpm/media.sock
 +listen.acl_users = nginx
 +listen.allowed_clients = 127.0.0.1
 +
 +; Process Management
 +pm = ondemand
 +pm.max_children = 4
 +pm.process_idle_timeout = 30
 +
 +; Fedora php.ini Defaults
 +php_value[session.save_handler] = "files"
 +php_value[session.save_path] = "/var/lib/php/session"
 +
 +; General
 +php_value[date.timezone] = "America/New_York"
 +php_value[max_execution_time] = "200"
 +php_value[memory_limit] = "512M"
 +php_value[post_max_size] = "10M"
 +php_value[upload_max_filesize] = "100M"
 +php_value[max_file_uploads] = "100"
 +
 +; End</code>
 +
 +<code>
 +php_value[upload_tmp_dir] = "/tmp"</code>
 +
 +===== FastCGI =====
 +
 +  sudo -e '/etc/nginx/default.d/media.conf'
 +
 +<code>
 +# PHP-FPM
 +location = /index.php {
 +    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
 +
 +    fastcgi_param PHP_VALUE "post_max_size=100M
 +        max_execution_time=200
 +        upload_max_filesize=100M
 +        memory_limit=512M";
 +
 +    fastcgi_intercept_errors on;
 +    fastcgi_param HTTP_PROXY "";
 +    fastcgi_index index.php;
 +    include fastcgi_params;
 +    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 +    fastcgi_param PATH /usr/local/bin:/usr/bin:/bin;
 +    fastcgi_param PATH_INFO $fastcgi_path_info;
 +    fastcgi_pass unix:/run/php-fpm/media.sock;
 +}</code>
 +
 +===== Server Block =====
 +
 +  * https://lycheeorg.github.io/docs/installation.html#nginx
 +
 +  sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync
 +
 +<code>
 +server {
 +    listen '443' 'ssl' 'http2';
 +    server_name 'media.realmofespionage.xyz';
 +    root '/var/www/media';
 +    index 'index.php';
 +
 +    include '/etc/nginx/default.d/media.conf';
 +    include '/etc/nginx/default.d/headers.conf';
 +
 +    client_max_body_size '100M';
 +
 +    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: s.w.org" always;
 +
 +#    access_log  /var/log/nginx/media-access.log;
 +#    error_log  /var/log/nginx/media-error.log;
 +
 +    if (!-e $request_filename)
 +    {
 +        rewrite ^/(.*)$ /index.php?/$1 last;
 +        break;
 +    }
 +
 +    location ~ [^/]\.php(/|$) {
 +        return 403;
 +    }
 +
 +    rewrite ^/(.+)/$ /$1 permanent;
 +}</code>
 +
 +====== Initial Setup ======
 +
 +  * https://media.realmofespionage.xyz
 +
 +====== Settings ======
 +
 +  * Date Format: Y/m/d
 +
 +====== Services ======
 +
 +===== Updater =====
 +
 +==== Service ====
 +
 +  sudo -e '/etc/systemd/system/media-up.service'
 +
 +<code>
 +[Service]
 +User=nginx
 +Group=nginx
 +Type=oneshot
 +WorkingDirectory=/var/www/media
 +Environment="COMPOSER_CACHE_DIR=/dev/null"
 +ExecStartPre='/usr/bin/php' '/var/www/media/artisan' down
 +ExecStart='/usr/bin/git' -C '/var/www/media' pull origin 'master'
 +ExecStart='/usr/bin/composer' install --no-dev
 +ExecStart='/usr/bin/php' '/var/www/media/artisan' 'migrate' --force
 +ExecStartPost='/usr/bin/php' '/var/www/media/artisan' 'config:cache'
 +ExecStartPost='/usr/bin/php' '/var/www/media/artisan' 'up'
 +ExecStartPost='/usr/bin/sync'</code>
 +
 +==== Timer ====
 +
 +  * Every day at ''04:00:00''
 +
 +  sudo -e '/etc/systemd/system/media-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-up.timer' --now && sudo systemctl start 'media-up' && sudo systemctl status 'media-up' -l
 +
 +<code>
 +[Unit]
 +Description=Lychee Git Updater
 +After=network-online.target
 +Wants=network-online.target
 +
 +[Timer]
 +OnCalendar=*-*-* 04:00:00
 +Persistent=true
 +
 +[Install]
 +WantedBy=timers.target</code>
 +
 +===== Maintenance =====
 +
 +==== Service ====
 +
 +  sudo -e '/etc/systemd/system/media-m.service'
 +
 +<code>
 +[Service]
 +User=nginx
 +Group=nginx
 +Type=oneshot
 +ExecStart='/usr/bin/git' -C '/var/www/media' gc --aggressive --prune='all'
 +ExecStart='/usr/bin/git' -C '/var/www/media' fsck --full --strict
 +ExecStartPost='/usr/bin/sync'</code>
 +
 +==== Timer ====
 +
 +  * ''01'' day of every month at ''04:20:00''
 +
 +  sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now
 +
 +<code>
 +[Unit]
 +Description=Lychee Maintenance
 +After=network-online.target
 +Wants=network-online.target
 +
 +[Timer]
 +OnCalendar=*-*-01 04:20:00
 +Persistent=true
 +
 +[Install]
 +WantedBy=timers.target</code>
 +
 +===== Backup =====
 +
 +==== Files ====
 +
 +=== Service ===
 +
 +  mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/media-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/media-fb.service'
 +
 +<code>
 +[Service]
 +Type=oneshot
 +WorkingDirectory=/var/www
 +ExecStartPre='/usr/sbin/restorecon' -F -I -R '/var/www/media'
 +ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/lychee-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"'
 +ExecStartPost='/usr/bin/sync'</code>
 +
 +=== Timer ===
 +
 +  * ''01'' day of every month at ''04:50:00''
 +
 +  sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l
 +
 +<code>
 +[Unit]
 +Description=Lychee Files Backup
 +
 +[Timer]
 +OnCalendar=*-*-01 04:50:00
 +Persistent=true
 +
 +[Install]
 +WantedBy=timers.target</code>
 +
 +==== Database ====
 +
 +=== Database Auth ===
 +
 +  sudo -u 'mysql' -e '/var/lib/mysql/auth/lychee' && sudo chmod '600' '/var/lib/mysql/auth/lychee'
 +
 +<code>
 +[mysqldump]
 +user=lychee
 +password=x</code>
 +
 +=== Service ===
 +
 +  mkdir -p ~/'backups' && sudo mkdir -p '/var/lib/mysql/tmp' && sudo -e '/etc/systemd/system/media-db.service' && sudo sed -i 's/'CHANGEME'/'$USER'/g' '/etc/systemd/system/media-db.service'
 +
 +<code>
 +[Service]
 +Type=oneshot
 +WorkingDirectory=/var/lib/mysql/tmp
 +ExecStartPre='/usr/bin/mysqldump' --defaults-extra-file='/var/lib/mysql/auth/lychee' --single-transaction 'lychee' -r '/var/lib/mysql/tmp/lychee.sql'
 +ExecStart='/usr/bin/gzip' --force '/var/lib/mysql/tmp/lychee.sql'
 +ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/lychee.sql.gz" "/home/CHANGEME/backups/lychee-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"'
 +ExecStartPost='/usr/bin/sync'</code>
 +
 +=== Timer ===
 +
 +  * Every day at ''04:15:00''
 +
 +  sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l
 +
 +<code>
 +[Unit]
 +Description=Lychee Database Backup
 +After=mariadb.service
 +
 +[Timer]
 +OnCalendar=*-*-* 04:15:00
 +Persistent=true
 +
 +[Install]
 +WantedBy=timers.target</code>
 +
 +====== Backup ======
 +
 +  * Create backup archive on server and transfer to client computer
 +
 +===== Server =====
 +
 +==== Stop Services ====
 +
 +****
 +
 +  sudo systemctl stop nginx php-fpm
 +
 +==== Backup Folder ====
 +
 +****
 +
 +  cd '/var/www' && sudo tar -cvzf ~/'lychee-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'media' && cd ~ && sync
 +
 +==== Backup Database ====
 +
 +****
 +
 +  sudo mysqldump --defaults-extra-file='/var/lib/mysql/auth/lychee' --single-transaction 'lychee' -r ~/'lychee-database-manual-'$(date +%Y-%m-%d)'.sql' && sync
 +
 +==== Start Services ====
 +
 +****
 +
 +  sudo systemctl start nginx php-fpm
 +
 +===== Client =====
 +
 +==== Transfer Files To Client ====
 +
 +****
 +
 +  scp espionage724@192.168.1.152:~/'lychee-files-'*'.tar.gz' espionage724@192.168.1.152:~/'lychee-database-'*'.sql' ~/'Downloads' && sync
 +
 +====== Restore ======
 +
 +===== Client =====
 +
 +==== Uncompress Database ====
 +
 +  * This is only needed if restoring an **automated** database backup ((manual doesn't gzip))
 +
 +  gunzip ~/'Downloads/lychee-database-'*'.sql.gz'
 +
 +==== Transfer Files To Server ====
 +
 +****
 +
 +  scp ~/'Downloads/lychee-files-'*'.tar.gz' ~/'Downloads/lychee-database-'*'.sql' espionage724@192.168.1.152:~
 +
 +==== Remove Files ====
 +
 +****
 +
 +  rm -f ~/'Downloads/lychee-files-'*'.tar.gz' ~/'Downloads/lychee-database-'*'.sql' && sync
 +
 +===== Server =====
 +
 +==== Stop Services ====
 +
 +****
 +
 +  sudo systemctl stop nginx php-fpm
 +
 +==== Remove Previous Folder ====
 +
 +****
 +
 +  sudo rm -Rf '/var/www/media'
 +
 +==== Restore Lychee Folder ====
 +
 +****
 +
 +  cd '/var/www' && sudo tar -xvzf ~/'lychee-files-'*'.tar.gz' 'media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && cd ~ && sync
 +
 +==== Drop Previous Database ====
 +
 +  sudo mysql
 +
 +  DROP DATABASE lychee;
 +
 +  FLUSH TABLES;
 +
 +  EXIT
 +
 +==== Re-create Databases ====
 +
 +  sudo mysql
 +
 +  CREATE DATABASE lychee;
 +
 +  EXIT
 +
 +==== Restore Database ====
 +
 +****
 +
 +  sudo mysql 'lychee' < ~/'lychee-database-'*'.sql' && sync
 +
 +==== Reapply Permissions ====
 +
 +  sudo mysql
 +
 +  GRANT ALL PRIVILEGES ON lychee.* to 'lychee'@'localhost' IDENTIFIED BY 'x';
 +
 +  FLUSH PRIVILEGES;
 +
 +  EXIT
 +
 +==== Start Services ====
 +
 +****
 +
 +  sudo systemctl start nginx php-fpm
 +
 +==== Remove Backups ====
 +
 +  * Verify that Lychee works before running
 +
 +  rm ~/'lychee-files-'*'.tar.gz' ~/'lychee-database-'*'.sql' && sync
  
/var/www/wiki/data/pages/servers/nginx/lychee.txt · Last modified: 2023/06/27 12:48 by Sean Rhone