Both sides previous revisionPrevious revisionNext revision | Previous revision |
servers:nginx:piwigo [2022/12/29 16:43] – Sean Rhone | servers:nginx:piwigo [2024/02/01 11:45] (current) – [Page Banner] Sean Rhone |
---|
====== Information ====== | ====== Information ====== |
| |
* Piwigo ((https://piwigo.org/)) ((https://github.com/Piwigo)) | * Piwigo ((https://piwigo.org/)) |
| * Bootstrap Darkroom Theme ((https://github.com/Piwigo/piwigo-bootstrap-darkroom)) |
| * ''master'' Branches ((https://github.com/Piwigo/Piwigo/tree/master)) ((https://github.com/Piwigo/piwigo-bootstrap-darkroom/tree/master)) |
* [[Information:Realm of Espionage]] | * [[Information:Realm of Espionage]] |
* https://media.realmofespionage.xyz | * https://media.realmofespionage.xyz |
* https://github.com/Piwigo/piwigo-videojs/wiki/Synchronize#requirement | * https://github.com/Piwigo/piwigo-videojs/wiki/Synchronize#requirement |
| |
sudo dnf install perl-Image-ExifTool mediainfo ffmpeg-free libvorbis poppler-utils | sudo dnf install php-mysqlnd php-imagick php-gd perl-Image-ExifTool mediainfo ffmpeg-free libvorbis poppler-utils |
| |
===== Non-free ===== | |
| |
* :!: Remove ''ffmpeg-free'' from above if using ''ffmpeg'' | |
| |
ffmpeg x264-libs | |
| |
====== Download Source ====== | ====== Download Source ====== |
* Also includes the [[https://github.com/Piwigo/piwigo-bootstrap-darkroom|Bootstrap Darkroom]] theme | * Also includes the [[https://github.com/Piwigo/piwigo-bootstrap-darkroom|Bootstrap Darkroom]] theme |
| |
sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/Piwigo.git' '/var/www/media' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/piwigo-bootstrap-darkroom.git' '/var/www/media/themes/bootstrap_darkroom' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sudo restorecon -F -I -R '/var/www/media' && sync | sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/Piwigo.git' '/var/www/media' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/piwigo-bootstrap-darkroom.git' '/var/www/media/themes/bootstrap_darkroom' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sync |
| |
====== Database ====== | ====== Database ====== |
| |
sudo mysql | sudo mariadb |
| |
CREATE DATABASE piwigo; | CREATE DATABASE piwigo; |
location ~ \.(php|phar)(/.*)?$ { | location ~ \.(php|phar)(/.*)?$ { |
fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$; | fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$; |
| |
fastcgi_intercept_errors on; | fastcgi_intercept_errors on; |
fastcgi_index index.php; | fastcgi_index index.php; |
include fastcgi_params; | include fastcgi_params; |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
fastcgi_param PATH_INFO $fastcgi_path_info; | fastcgi_param PATH_INFO $fastcgi_path_info; |
fastcgi_pass unix:/run/php-fpm/media.sock; | fastcgi_pass unix:/run/php-fpm/media.sock; |
===== Server Block ===== | ===== Server Block ===== |
| |
* The ''default-src'' Piwigo URL allows Theme preview images to load, but isn't mandatory | * 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs |
| |
sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync | sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync |
include '/etc/nginx/default.d/headers.conf'; | include '/etc/nginx/default.d/headers.conf'; |
| |
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; | # add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; |
# add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; | # add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; |
# access_log /var/log/nginx/media-access.log; | # access_log /var/log/nginx/media-access.log; |
====== Settings ====== | ====== Settings ====== |
| |
* :!: Using a long password with symbols passed set-up fine, but failed to log-in later; use less-complex password | * :!: Using a long password with symbols passed setup fine, but failed to log-in later; use less-complex password |
* :!: Use a relay or bogus email address during account creation to protect against potential spam ((the webmaster URL in the footer shows the email in plaintext and looks tasty to bots)) | * :!: Use a relay or bogus email address during account creation to protect against potential spam ((the webmaster URL in the footer shows the email in plaintext and looks tasty to bots)) |
* :!: Disable ''Allow user registration'' immediately under Configuration -> Options -> General -> Permissions | * :!: Disable ''Allow user registration'' **immediately** under Configuration -> Options -> General -> Permissions |
* :!: Seemingly have to enable ''Activate comments'' in order to prevent broken CSS on the bottom of image pages, but can uncheck ''Comments for all'' so that nobody public can leave comments | * Seemingly have to enable ''Activate comments'' in order to prevent broken CSS on the bottom of image pages, but can uncheck ''Comments for all'' so that nobody public can leave comments |
* Activate Boostrap Darkroom theme | * Activate Boostrap Darkroom theme |
| |
===== Page Banner ===== | ===== Page Banner ===== |
| |
| **** |
| |
<code> | <code> |
* [[https://piwigo.org/forum/viewtopic.php?pid=179504#p179504|Video Uploading source]] | * [[https://piwigo.org/forum/viewtopic.php?pid=179504#p179504|Video Uploading source]] |
* [[https://github.com/Piwigo/Piwigo/blob/master/include/config_default.inc.php|More Settings]] | * [[https://github.com/Piwigo/Piwigo/blob/master/include/config_default.inc.php|More Settings]] |
* :!: TODO: Sometimes(?) when writing a log file, SELinux will deny ''php-fpm'' writing to the log and cause the Admin panel to break; possibly setting logging level to ''EMERGENCY'' prevents most actions from causing logging and thus no log file to be created; address this if it happens again | |
| |
sudo -u 'nginx' -e '/var/www/media/local/config/config.inc.php' && sudo restorecon -F -I -R '/var/www/media/local/config/config.inc.php' | sudo -u 'nginx' -e '/var/www/media/local/config/config.inc.php' && sudo restorecon -F -I -R '/var/www/media/local/config/config.inc.php' |
'https://social.realmofespionage.xyz/profile/espionage724' => 'RoE | Social', | 'https://social.realmofespionage.xyz/profile/espionage724' => 'RoE | Social', |
'https://blog.realmofespionage.xyz' => 'RoE | Blog', | 'https://blog.realmofespionage.xyz' => 'RoE | Blog', |
'https://wiki.realmofespionage.xyz/personal/social_media' => 'Webmaster Info', | 'https://wiki.realmofespionage.xyz/personal:social_media' => 'Webmaster Info', |
'https://wiki.realmofespionage.xyz/servers/nginx/piwigo' => 'Instance Configuration Notes', | 'https://wiki.realmofespionage.xyz/servers:nginx:piwigo' => 'Instance Configuration Notes', |
); | ); |
| |
* ''01'' day of every month at ''05:20:00'' | * ''01'' day of every month at ''05:20:00'' |
| |
sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now | sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now && sudo systemctl start 'media-m' && sudo systemctl status 'media-m' -l |
| |
<code> | <code> |
Type=oneshot | Type=oneshot |
WorkingDirectory=/var/www | WorkingDirectory=/var/www |
ExecStartPre='/usr/sbin/restorecon' -F -I -R '/var/www/media' | |
ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"' | ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"' |
ExecStartPost='/usr/bin/sync'</code> | ExecStartPost='/usr/bin/sync'</code> |
=== Timer === | === Timer === |
| |
* ''01'' day of every month at ''05:50:00'' | * ''01'' day of every month at ''05:35:00'' |
| |
sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l | sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l |
| |
[Timer] | [Timer] |
OnCalendar=*-*-01 05:50:00 | OnCalendar=*-*-01 05:35:00 |
Persistent=true | Persistent=true |
| |
=== Database Auth === | === Database Auth === |
| |
sudo -u 'mysql' -e '/var/lib/mysql/auth/piwigo' && sudo chmod '600' '/var/lib/mysql/auth/piwigo' | sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/piwigo' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/auth/piwigo' && sudo chmod '600' '/var/lib/mysql/auth/piwigo' && sync |
| |
<code> | <code> |
[mysqldump] | [mariadb-dump] |
user=piwigo | user=piwigo |
password=x</code> | password=x</code> |
Type=oneshot | Type=oneshot |
WorkingDirectory=/var/lib/mysql/tmp | WorkingDirectory=/var/lib/mysql/tmp |
ExecStartPre='/usr/bin/mysqldump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql' | ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql' |
ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql' | ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql' |
ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"' | ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"' |
=== Timer === | === Timer === |
| |
* Every day at ''05:15:00'' | * Every day at ''05:45:00'' |
| |
sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l | sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l |
| |
[Timer] | [Timer] |
OnCalendar=*-*-* 05:15:00 | OnCalendar=*-*-* 05:45:00 |
Persistent=true | Persistent=true |
| |
**** | **** |
| |
sudo mysqldump --defaults-extra-file='/var/lib/mysqlauth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync | sudo mariadb-dump --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync |
| |
==== Start Services ==== | ==== Start Services ==== |
**** | **** |
| |
cd '/var/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sudo restorecon -F -I -R '/var/www/media' && cd ~ && sync | cd '/var/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && cd ~ && sync |
| |
==== Drop Previous Database ==== | ==== Drop Previous Database ==== |
| |
sudo mysql | sudo mariadb |
| |
DROP DATABASE piwigo; | DROP DATABASE piwigo; |
==== Re-create Databases ==== | ==== Re-create Databases ==== |
| |
sudo mysql | sudo mariadb |
| |
CREATE DATABASE piwigo; | CREATE DATABASE piwigo; |
**** | **** |
| |
sudo mysql 'piwigo' < ~/'piwigo-database-'*'.sql' && sync | sudo mariadb 'piwigo' < ~/'piwigo-database-'*'.sql' && sync |
| |
==== Reapply Permissions ==== | ==== Reapply Permissions ==== |
| |
sudo mysql | sudo mariadb |
| |
GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x'; | GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x'; |