Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision |
servers:nginx:piwigo [2023/09/01 16:59] – Sean Rhone | servers:nginx:piwigo [2024/02/01 10:54] – [Settings] Sean Rhone |
---|
* Piwigo ((https://piwigo.org/)) | * Piwigo ((https://piwigo.org/)) |
* Bootstrap Darkroom Theme ((https://github.com/Piwigo/piwigo-bootstrap-darkroom)) | * Bootstrap Darkroom Theme ((https://github.com/Piwigo/piwigo-bootstrap-darkroom)) |
* master Branches ((https://github.com/Piwigo/Piwigo/tree/master)) ((https://github.com/Piwigo/piwigo-bootstrap-darkroom/tree/master)) | * ''master'' Branches ((https://github.com/Piwigo/Piwigo/tree/master)) ((https://github.com/Piwigo/piwigo-bootstrap-darkroom/tree/master)) |
* [[Information:Realm of Espionage]] | * [[Information:Realm of Espionage]] |
* https://media.realmofespionage.xyz | * https://media.realmofespionage.xyz |
===== Prerequisites ===== | ===== Prerequisites ===== |
| |
* [[distros:opensuse_tumbleweed_server|openSUSE Tumbleweed]] | * [[distros:fedora_server|Fedora Server]] |
* [[servers:mariadb|MariaDB]] | * [[servers:mariadb|MariaDB]] |
* [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]] | * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]] |
* https://github.com/Piwigo/piwigo-videojs/wiki/Synchronize#requirement | * https://github.com/Piwigo/piwigo-videojs/wiki/Synchronize#requirement |
| |
* Check for updated versions for ''ffmpeg'' and ''libopenh264'' | sudo dnf install php-mysqlnd php-imagick php-gd perl-Image-ExifTool mediainfo ffmpeg-free libvorbis poppler-utils |
| |
sudo zypper install poppler-tools php8-exif mediainfo libfdk-aac2 libvorbis0 libvpx8 exiftool ffmpeg-6 libopenh264-7 | |
| |
====== Download Source ====== | ====== Download Source ====== |
* Also includes the [[https://github.com/Piwigo/piwigo-bootstrap-darkroom|Bootstrap Darkroom]] theme | * Also includes the [[https://github.com/Piwigo/piwigo-bootstrap-darkroom|Bootstrap Darkroom]] theme |
| |
sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/Piwigo.git' '/srv/www/media' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/piwigo-bootstrap-darkroom.git' '/srv/www/media/themes/bootstrap_darkroom' && sudo chown -R 'nginx':'nginx' '/srv/www/media' && sync | sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/Piwigo.git' '/var/www/media' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/piwigo-bootstrap-darkroom.git' '/var/www/media/themes/bootstrap_darkroom' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sync |
| |
====== Database ====== | ====== Database ====== |
| |
sudo mysql | sudo mariadb |
| |
CREATE DATABASE piwigo; | CREATE DATABASE piwigo; |
===== PHP-FPM Socket ===== | ===== PHP-FPM Socket ===== |
| |
sudo -e '/etc/php8/fpm/php-fpm.d/media.conf' && sudo systemctl restart 'php-fpm' | sudo -e '/etc/php-fpm.d/media.conf' && sudo systemctl restart 'php-fpm' |
| |
<code> | <code> |
| |
; Socket | ; Socket |
listen = 127.0.0.1:9004 | listen = /run/php-fpm/media.sock |
listen.acl_users = nginx | listen.acl_users = nginx |
listen.allowed_clients = 127.0.0.1 | listen.allowed_clients = 127.0.0.1 |
pm.process_idle_timeout = 30 | pm.process_idle_timeout = 30 |
| |
; openSUSE TW php.ini Defaults | ; Fedora php.ini Defaults |
php_value[session.save_path] = /var/lib/php8/sessions | php_value[session.save_handler] = "files" |
| php_value[session.save_path] = "/var/lib/php/session" |
| |
; General | ; General |
location ~ \.(php|phar)(/.*)?$ { | location ~ \.(php|phar)(/.*)?$ { |
fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$; | fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$; |
| |
fastcgi_intercept_errors on; | fastcgi_intercept_errors on; |
fastcgi_index index.php; | fastcgi_index index.php; |
include fastcgi_params; | include fastcgi_params; |
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; |
fastcgi_param PATH_INFO $fastcgi_path_info; | fastcgi_param PATH_INFO $fastcgi_path_info; |
fastcgi_pass 127.0.0.1:9004; | fastcgi_pass unix:/run/php-fpm/media.sock; |
}</code> | }</code> |
| |
===== Server Block ===== | ===== Server Block ===== |
| |
* The ''default-src'' Piwigo URL allows Theme preview images to load, but isn't mandatory | * 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs |
| |
sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync | sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync |
listen '443' 'ssl' 'http2'; | listen '443' 'ssl' 'http2'; |
server_name 'media.realmofespionage.xyz'; | server_name 'media.realmofespionage.xyz'; |
root '/srv/www/media'; | root '/var/www/media'; |
index 'index.php'; | index 'index.php'; |
| |
include '/etc/nginx/default.d/headers.conf'; | include '/etc/nginx/default.d/headers.conf'; |
| |
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; | # add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; |
# add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; | # add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; |
# access_log /var/log/nginx/media-access.log; | # access_log /var/log/nginx/media-access.log; |
====== Settings ====== | ====== Settings ====== |
| |
* :!: Using a long password with symbols passed set-up fine, but failed to log-in later; use less-complex password | * :!: Using a long password with symbols passed setup fine, but failed to log-in later; use less-complex password |
* :!: Use a relay or bogus email address during account creation to protect against potential spam ((the webmaster URL in the footer shows the email in plaintext and looks tasty to bots)) | * :!: Use a relay or bogus email address during account creation to protect against potential spam ((the webmaster URL in the footer shows the email in plaintext and looks tasty to bots)) |
* :!: Disable ''Allow user registration'' immediately under Configuration -> Options -> General -> Permissions | * :!: Disable ''Allow user registration'' **immediately** under Configuration -> Options -> General -> Permissions |
* :!: Seemingly have to enable ''Activate comments'' in order to prevent broken CSS on the bottom of image pages, but can uncheck ''Comments for all'' so that nobody public can leave comments | * Seemingly have to enable ''Activate comments'' in order to prevent broken CSS on the bottom of image pages, but can uncheck ''Comments for all'' so that nobody public can leave comments |
* Activate Boostrap Darkroom theme | * Activate Boostrap Darkroom theme |
| |
* [[https://github.com/Piwigo/Piwigo/blob/master/include/config_default.inc.php|More Settings]] | * [[https://github.com/Piwigo/Piwigo/blob/master/include/config_default.inc.php|More Settings]] |
| |
sudo -e '/srv/www/media/local/config/config.inc.php' && sudo chown 'nginx':'nginx' '/srv/www/media/local/config/config.inc.php' | sudo -u 'nginx' -e '/var/www/media/local/config/config.inc.php' && sudo restorecon -F -I -R '/var/www/media/local/config/config.inc.php' |
| |
<code> | <code> |
Group=nginx | Group=nginx |
Type=oneshot | Type=oneshot |
WorkingDirectory=/srv/www/media | WorkingDirectory=/var/www/media |
ExecStart='/usr/bin/git' -C '/srv/www/media' pull origin 'master' | ExecStart='/usr/bin/git' -C '/var/www/media' pull origin 'master' |
ExecStart='/usr/bin/git' -C '/srv/www/media/themes/bootstrap_darkroom' pull origin 'master' | ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' pull origin 'master' |
ExecStartPost='/usr/bin/sync'</code> | ExecStartPost='/usr/bin/sync'</code> |
| |
Group=nginx | Group=nginx |
Type=oneshot | Type=oneshot |
ExecStart='/usr/bin/git' -C '/srv/www/media' gc --aggressive --prune='all' | ExecStart='/usr/bin/git' -C '/var/www/media' gc --aggressive --prune='all' |
ExecStart='/usr/bin/git' -C '/srv/www/media' fsck --full --strict | ExecStart='/usr/bin/git' -C '/var/www/media' fsck --full --strict |
ExecStart='/usr/bin/git' -C '/srv/www/media/themes/bootstrap_darkroom' gc --aggressive --prune='all' | ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' gc --aggressive --prune='all' |
ExecStart='/usr/bin/git' -C '/srv/www/media/themes/bootstrap_darkroom' fsck --full --strict | ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' fsck --full --strict |
ExecStartPost='/usr/bin/sync'</code> | ExecStartPost='/usr/bin/sync'</code> |
| |
* ''01'' day of every month at ''05:20:00'' | * ''01'' day of every month at ''05:20:00'' |
| |
sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now | sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now && sudo systemctl start 'media-m' && sudo systemctl status 'media-m' -l |
| |
<code> | <code> |
[Service] | [Service] |
Type=oneshot | Type=oneshot |
WorkingDirectory=/srv/www | WorkingDirectory=/var/www |
ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"' | ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"' |
ExecStartPost='/usr/bin/sync'</code> | ExecStartPost='/usr/bin/sync'</code> |
=== Timer === | === Timer === |
| |
* ''01'' day of every month at ''05:50:00'' | * ''01'' day of every month at ''05:35:00'' |
| |
sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l | sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l |
| |
[Timer] | [Timer] |
OnCalendar=*-*-01 05:50:00 | OnCalendar=*-*-01 05:35:00 |
Persistent=true | Persistent=true |
| |
| |
<code> | <code> |
[mysqldump] | [mariadb-dump] |
user=piwigo | user=piwigo |
password=x</code> | password=x</code> |
Type=oneshot | Type=oneshot |
WorkingDirectory=/var/lib/mysql/tmp | WorkingDirectory=/var/lib/mysql/tmp |
ExecStartPre='/usr/bin/mysqldump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql' | ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql' |
ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql' | ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql' |
ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"' | ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"' |
=== Timer === | === Timer === |
| |
* Every day at ''05:15:00'' | * Every day at ''05:45:00'' |
| |
sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l | sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l |
| |
[Timer] | [Timer] |
OnCalendar=*-*-* 05:15:00 | OnCalendar=*-*-* 05:45:00 |
Persistent=true | Persistent=true |
| |
**** | **** |
| |
cd '/srv/www' && sudo tar -cvzf ~/'piwigo-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'media' && cd ~ && sync | cd '/var/www' && sudo tar -cvzf ~/'piwigo-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'media' && cd ~ && sync |
| |
==== Backup Database ==== | ==== Backup Database ==== |
**** | **** |
| |
sudo mysqldump --defaults-extra-file='/var/lib/mysqlauth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync | sudo mariadb-dump --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync |
| |
==== Start Services ==== | ==== Start Services ==== |
**** | **** |
| |
sudo rm -Rf '/srv/www/media' | sudo rm -Rf '/var/www/media' |
| |
==== Restore Piwigo Folder ==== | ==== Restore Piwigo Folder ==== |
**** | **** |
| |
cd '/srv/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo chown -R 'nginx':'nginx' '/srv/www/media' && cd ~ && sync | cd '/var/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && cd ~ && sync |
| |
==== Drop Previous Database ==== | ==== Drop Previous Database ==== |
| |
sudo mysql | sudo mariadb |
| |
DROP DATABASE piwigo; | DROP DATABASE piwigo; |
==== Re-create Databases ==== | ==== Re-create Databases ==== |
| |
sudo mysql | sudo mariadb |
| |
CREATE DATABASE piwigo; | CREATE DATABASE piwigo; |
**** | **** |
| |
sudo mysql 'piwigo' < ~/'piwigo-database-'*'.sql' && sync | sudo mariadb 'piwigo' < ~/'piwigo-database-'*'.sql' && sync |
| |
==== Reapply Permissions ==== | ==== Reapply Permissions ==== |
| |
sudo mysql | sudo mariadb |
| |
GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x'; | GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x'; |