Differences

This shows you the differences between two versions of the page.

--- servers:nginx:piwigo [2022/12/27 07:19] – Sean Rhone
+++ servers:nginx:piwigo [2024/02/01 11:45] (current) – [Page Banner] Sean Rhone
@@ Line 1: / Line 1: @@
 ====== Information ======
-  * Piwigo ((https://piwigo.org/)) ((https://github.com/Piwigo))
+  * Piwigo ((https://piwigo.org/))
+  * Bootstrap Darkroom Theme ((https://github.com/Piwigo/piwigo-bootstrap-darkroom))
+  * ''master'' Branches ((https://github.com/Piwigo/Piwigo/tree/master)) ((https://github.com/Piwigo/piwigo-bootstrap-darkroom/tree/master))
   * [[Information:Realm of Espionage]]
   * https://media.realmofespionage.xyz
@@ Line 7: / Line 9: @@
 ===== Prerequisites =====
-  * [[distros:ubuntu_server | Ubuntu Server]]
+  * [[distros:fedora_server|Fedora Server]]
-  * [[servers:mariadb | MariaDB]]
+  * [[servers:mariadb|MariaDB]]
-  * [[servers:nginx_php_php-fpm | nginx + PHP + PHP-FPM]]
+  * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]
-  * [[servers:nginx:lets_encrypt | Let's Encrypt]]
+  * [[servers:nginx:lets_encrypt|Let's Encrypt]]
 ====== Dependencies ======
-****
+  * https://piwigo.org/guides/install/requirements
+  * https://github.com/Piwigo/piwigo-videojs/wiki/How-to-add-videos
+  * https://github.com/Piwigo/piwigo-videojs/wiki/Synchronize#requirement
-  sudo apt install exiftool ffmpeg libjpeg-turbo-progs poppler-utils
+  sudo dnf install php-mysqlnd php-imagick php-gd perl-Image-ExifTool mediainfo ffmpeg-free libvorbis poppler-utils
 ====== Download Source ======
-****
+  * Also includes the [[https://github.com/Piwigo/piwigo-bootstrap-darkroom|Bootstrap Darkroom]] theme
-  sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/Piwigo.git' '/var/www/media' && sudo chown -R 'www-data':'www-data' '/var/www/media' && sync
+  sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/Piwigo.git' '/var/www/media' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/piwigo-bootstrap-darkroom.git' '/var/www/media/themes/bootstrap_darkroom' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sync
 ====== Database ======
-  sudo mysql
+  sudo mariadb
   CREATE DATABASE piwigo;
@@ Line 33: / Line 37: @@
   FLUSH PRIVILEGES;
+  EXIT
 ====== nginx + PHP-FPM Configuration ======
@@ Line 38: / Line 44: @@
 ===== PHP-FPM Socket =====
-  sudo -e '/etc/php/7.2/fpm/pool.d/media.conf' && sudo systemctl restart 'php7.2-fpm'
+  sudo -e '/etc/php-fpm.d/media.conf' && sudo systemctl restart 'php-fpm'
 <code>
 [media]
-user = www-data
-group = www-data
-listen = /run/php/media.sock
+; User/Group
-listen.owner = www-data
+user = nginx
-listen.group = www-data
+group = nginx
+; Socket
+listen = /run/php-fpm/media.sock
+listen.acl_users = nginx
 listen.allowed_clients = 127.0.0.1
-pm = dynamic
+; Process Management
-pm.max_children = 5
+pm = ondemand
-pm.start_servers = 2
+pm.max_children = 4
-pm.min_spare_servers = 1
+pm.process_idle_timeout = 30
-pm.max_spare_servers = 3
-php_value[upload_max_filesize] = "20M"
+; Fedora php.ini Defaults
-php_value[date.timezone] = "America/New_York"
+php_value[session.save_handler] = "files"
-php_value[upload_tmp_dir] = "/tmp"
+php_value[session.save_path] = "/var/lib/php/session"
+; General
+php_value[date.timezone] = "America/New_York"
 php_value[max_execution_time] = "200"
+php_value[memory_limit] = "512M"
 php_value[post_max_size] = "100M"
-php_value[memory_limit] = "256M"</code>
+php_value[upload_max_filesize] = "20M"
+php_value[max_file_uploads] = "100"
+; End</code>
 ===== FastCGI =====
@@ Line 72: / Line 85: @@
 location ~ \.(php|phar)(/.*)?$ {
     fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
     fastcgi_intercept_errors on;
     fastcgi_index index.php;
     include fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     fastcgi_param PATH_INFO $fastcgi_path_info;
     fastcgi_pass unix:/run/php-fpm/media.sock;
@@ Line 82: / Line 94: @@
 ===== Server Block =====
+  * 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs
   sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync
@@ Line 95: / Line 109: @@
     include '/etc/nginx/default.d/headers.conf';
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
+#    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
+#    add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
 #    access_log  /var/log/nginx/media-access.log;
 #    error_log  /var/log/nginx/media-error.log;
@@ Line 103: / Line 117: @@
         index index.php;
         try_files $uri $uri/ @rewrite;
+    }
+    location @rewrite {
+        rewrite ^/picture((/|$).*)$ /picture.php$1 last;
+        rewrite ^/index((/|$).*)$ /index.php$1 last;
+        rewrite ^/i((/|$).*)$ /i.php$1 last;
     }
@@ Line 113: / Line 133: @@
 ====== Settings ======
-  * TODO
+  * :!: Using a long password with symbols passed setup fine, but failed to log-in later; use less-complex password
+  * :!: Use a relay or bogus email address during account creation to protect against potential spam ((the webmaster URL in the footer shows the email in plaintext and looks tasty to bots))
+  * :!: Disable ''Allow user registration'' **immediately** under Configuration -> Options -> General -> Permissions
+  * Seemingly have to enable ''Activate comments'' in order to prevent broken CSS on the bottom of image pages, but can uncheck ''Comments for all'' so that nobody public can leave comments
+  * Activate Boostrap Darkroom theme
+===== Page Banner =====
+****
+<code>
+<p>Tech, hardware, food, nature, and gaming pictures and videos!</p></code>
+===== config.inc.php =====
+  * [[https://piwigo.org/forum/viewtopic.php?pid=159584#p159584|nginx Rewrite source]]
+  * [[https://piwigo.org/forum/viewtopic.php?pid=179504#p179504|Video Uploading source]]
+  * [[https://github.com/Piwigo/Piwigo/blob/master/include/config_default.inc.php|More Settings]]
+  sudo -u 'nginx' -e '/var/www/media/local/config/config.inc.php' && sudo restorecon -F -I -R '/var/www/media/local/config/config.inc.php'
+<code>
+<?php
+// nginx Rewrite
+$conf['question_mark_in_urls'] = false;
+$conf['php_extension_in_urls'] = false;
+// Minimal Logging
+$conf['log_level'] = 'EMERGENCY';
+// Header Links
+$conf['links'] = array(
+  'https://realmofespionage.xyz' => 'Realm of Espionage',
+  'https://wiki.realmofespionage.xyz' => 'RoE | Wiki',
+  'https://social.realmofespionage.xyz/profile/espionage724' => 'RoE | Social',
+  'https://blog.realmofespionage.xyz' => 'RoE | Blog',
+  'https://wiki.realmofespionage.xyz/personal:social_media' => 'Webmaster Info',
+  'https://wiki.realmofespionage.xyz/servers:nginx:piwigo' => 'Instance Configuration Notes',
+  );
+// Video Uploading
+$conf['upload_form_all_types'] = true;
+$conf['file_ext'] = array_merge(
+  $conf['picture_ext'],
+  array('tiff', 'tif', 'mpg','zip','avi','mp3','ogg','pdf','webm','mp4')
+  );
+// End
+?></code>
 ====== Services ======
@@ Line 130: / Line 199: @@
 WorkingDirectory=/var/www/media
 ExecStart='/usr/bin/git' -C '/var/www/media' pull origin 'master'
+ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' pull origin 'master'
 ExecStartPost='/usr/bin/sync'</code>
@@ Line 164: / Line 234: @@
 ExecStart='/usr/bin/git' -C '/var/www/media' gc --aggressive --prune='all'
 ExecStart='/usr/bin/git' -C '/var/www/media' fsck --full --strict
+ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' gc --aggressive --prune='all'
+ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' fsck --full --strict
 ExecStartPost='/usr/bin/sync'</code>
@@ Line 170: / Line 242: @@
   * ''01'' day of every month at ''05:20:00''
-  sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now
+  sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now && sudo systemctl start 'media-m' && sudo systemctl status 'media-m' -l
 <code>
@@ Line 197: / Line 269: @@
 Type=oneshot
 WorkingDirectory=/var/www
-ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"'
+ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"'
 ExecStartPost='/usr/bin/sync'</code>
 === Timer ===
-  * ''01'' day of every month at ''05:50:00''
+  * ''01'' day of every month at ''05:35:00''
   sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l
@@ Line 211: / Line 283: @@
 [Timer]
-OnCalendar=*-*-01 05:50:00
+OnCalendar=*-*-01 05:35:00
 Persistent=true
@@ Line 221: / Line 293: @@
 === Database Auth ===
-  sudo -u 'mysql' -e '/var/lib/mysql/auth/piwigo' && sudo chmod '600' '/var/lib/mysql/auth/piwigo'
+  sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/piwigo' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/auth/piwigo' && sudo chmod '600' '/var/lib/mysql/auth/piwigo' && sync
 <code>
-[mysqldump]
+[mariadb-dump]
 user=piwigo
 password=x</code>
@@ Line 236: / Line 308: @@
 Type=oneshot
 WorkingDirectory=/var/lib/mysql/tmp
-ExecStartPre='/usr/bin/mysqldump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql'
+ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql'
 ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql'
 ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"'
@@ Line 243: / Line 315: @@
 === Timer ===
-  * Every day at ''05:15:00''
+  * Every day at ''05:45:00''
   sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l
@@ Line 253: / Line 325: @@
 [Timer]
-OnCalendar=*-*-* 05:15:00
+OnCalendar=*-*-* 05:45:00
 Persistent=true
@@ Line 281: / Line 353: @@
 ****
-  sudo mysqldump --defaults-extra-file='/var/lib/mysqlauth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync
+  sudo mariadb-dump --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync
 ==== Start Services ====
@@ Line 295: / Line 367: @@
 ****
-  scp espionage724@192.168.1.153:~/'piwigo-files-'*'.tar.gz' espionage724@192.168.1.153:~/'piwigo-database-'*'.sql' ~/'Downloads' && sync
+  scp espionage724@192.168.1.152:~/'piwigo-files-'*'.tar.gz' espionage724@192.168.1.152:~/'piwigo-database-'*'.sql' ~/'Downloads' && sync
 ====== Restore ======
@@ Line 337: / Line 409: @@
 ****
-  cd '/var/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sudo restorecon -F -I -R '/var/www/media' && cd ~ && sync
+  cd '/var/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && cd ~ && sync
 ==== Drop Previous Database ====
-  sudo mysql
+  sudo mariadb
   DROP DATABASE piwigo;
@@ Line 351: / Line 423: @@
 ==== Re-create Databases ====
-  sudo mysql
+  sudo mariadb
   CREATE DATABASE piwigo;
@@ Line 361: / Line 433: @@
 ****
-  sudo mysql 'piwigo' < ~/'piwigo-database-'*'.sql' && sync
+  sudo mariadb 'piwigo' < ~/'piwigo-database-'*'.sql' && sync
 ==== Reapply Permissions ====
-  sudo mysql
+  sudo mariadb
   GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x';