Differences

This shows you the differences between two versions of the page.

--- servers:nginx:lychee [2023/06/27 07:50] – Sean Rhone
+++ servers:nginx:lychee [2023/06/27 12:44] – [Service] Sean Rhone
@@ Line 28: / Line 28: @@
 ****
-  sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/LycheeOrg/Lychee.git' '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sudo restorecon -F -I -R '/var/www/media' && sync
+  sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/LycheeOrg/Lychee.git' '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sync
 ====== PHP Dependencies ======
@@ Line 40: / Line 40: @@
   sudo mysql
-  CREATE DATABASE wordpress;
+  CREATE DATABASE lychee;
-  GRANT ALL PRIVILEGES ON wordpress.* to 'wordpress'@'localhost' IDENTIFIED BY 'x';
+  GRANT ALL PRIVILEGES ON lychee.* to 'lychee'@'localhost' IDENTIFIED BY 'x';
   FLUSH PRIVILEGES;
   EXIT
+====== Lychee Config ======
+  * https://lycheeorg.github.io/docs/configuration.html
+  sudo -u 'nginx' -e '/var/www/media/.env'
+<code>
+DB_CONNECTION="mysql"
+DB_DATABASE="lychee"
+DB_USERNAME="lychee"
+DB_PASSWORD=x
+DB_SOCKET="/var/lib/mysql/mysql.sock"</code>
 ====== nginx + PHP-FPM Configuration ======
@@ Line 52: / Line 65: @@
 ===== PHP-FPM Socket =====
-  sudo -e '/etc/php-fpm.d/blog.conf' && sudo systemctl restart 'php-fpm'
+  sudo -e '/etc/php-fpm.d/media.conf' && sudo systemctl restart 'php-fpm'
 <code>
-[blog]
+[media]
 ; User/Group
@@ Line 62: / Line 75: @@
 ; Socket
-listen = /run/php-fpm/blog.sock
+listen = /run/php-fpm/media.sock
 listen.acl_users = nginx
 listen.allowed_clients = 127.0.0.1
@@ Line 80: / Line 93: @@
 php_value[memory_limit] = "512M"
 php_value[post_max_size] = "10M"
-php_value[upload_max_filesize] = "10M"
+php_value[upload_max_filesize] = "100M"
 php_value[max_file_uploads] = "100"
@@ Line 90: / Line 103: @@
 ===== FastCGI =====
-  sudo -e '/etc/nginx/default.d/blog.conf'
+  sudo -e '/etc/nginx/default.d/media.conf'
 <code>
 # PHP-FPM
-location ~ \.(php|phar)(/.*)?$ {
+location = /index.php {
-    fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
+    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+    fastcgi_param PHP_VALUE "post_max_size=100M
+        max_execution_time=200
+        upload_max_filesize=100M
+        memory_limit=512M";
     fastcgi_intercept_errors on;
+    fastcgi_param HTTP_PROXY "";
     fastcgi_index index.php;
     include fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+    fastcgi_param PATH /usr/local/bin:/usr/bin:/bin;
     fastcgi_param PATH_INFO $fastcgi_path_info;
-    fastcgi_pass unix:/run/php-fpm/blog.sock;
+    fastcgi_pass unix:/run/php-fpm/media.sock;
 }</code>
 ===== Server Block =====
-  * :!: ''style-src'' in the CSP blocks a Google font URL from being loaded ((at least with the Twenty Seventeen theme; nothing appears broken, so looks good to me)) ((add ''fonts.googleapis.com'' after ''unsafe-inline'' in ''style-src'' to fix this))
+  * https://lycheeorg.github.io/docs/installation.html#nginx
-  sudo -e '/etc/nginx/vhosts.d/blog.conf' && sudo systemctl reload 'nginx' && sync
+  sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync
 <code>
 server {
     listen '443' 'ssl' 'http2';
-    server_name 'blog.realmofespionage.xyz';
+    server_name 'media.realmofespionage.xyz';
-    root '/var/www/blog';
+    root '/var/www/media';
     index 'index.php';
-    include '/etc/nginx/default.d/blog.conf';
+    include '/etc/nginx/default.d/media.conf';
     include '/etc/nginx/default.d/headers.conf';
-    client_max_body_size '10M';
+    client_max_body_size '100M';
     add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src 'self' data: s.w.org" always;
@@ Line 128: / Line 148: @@
 #    error_log  /var/log/nginx/media-error.log;
-    location / {
+    if (!-e $request_filename)
-        try_files $uri $uri/ /index.php?$args;
+    {
+        rewrite ^/(.*)$ /index.php?/$1 last;
+        break;
     }
-    rewrite /wp-admin$ $scheme://$host$uri/ permanent;
+    location ~ [^/]\.php(/|$) {
+        return 403;
-    location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
-          access_log off; log_not_found off; expires max;
     }
+    rewrite ^/(.+)/$ /$1 permanent;
 }</code>
 ====== Initial Setup ======
-  * https://blog.realmofespionage.xyz
+  * https://media.realmofespionage.xyz
 ====== Settings ======
@@ Line 160: / Line 182: @@
 Group=nginx
 Type=oneshot
+WorkingDirectory=/var/www/media
+Environment="COMPOSER_CACHE_DIR=/dev/null"
+ExecStartPre='/usr/bin/php' '/var/www/media/artisan' down
 ExecStart='/usr/bin/git' -C '/var/www/media' pull origin 'master'
+ExecStart='/usr/bin/composer' install --no-dev
+ExecStart='/usr/bin/php' '/var/www/media/artisan' 'migrate' --force
+ExecStartPost='/usr/bin/php' '/var/www/media/artisan' 'config:cache'
+ExecStartPost='/usr/bin/php' '/var/www/media/artisan' 'up'
 ExecStartPost='/usr/bin/sync'</code>
@@ Line 369: / Line 398: @@
 ****
-  cd '/var/www' && sudo tar -xvzf ~/'lychee-files-'*'.tar.gz' 'media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sudo restorecon -F -I -R '/var/www/media' && cd ~ && sync
+  cd '/var/www' && sudo tar -xvzf ~/'lychee-files-'*'.tar.gz' 'media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && cd ~ && sync
 ==== Drop Previous Database ====