Both sides previous revisionPrevious revisionNext revision | Previous revision |
servers:nginx:piwigo [2023/09/12 07:21] – Sean Rhone | servers:nginx:piwigo [2024/02/01 11:45] (current) – [Page Banner] Sean Rhone |
---|
* https://github.com/Piwigo/piwigo-videojs/wiki/Synchronize#requirement | * https://github.com/Piwigo/piwigo-videojs/wiki/Synchronize#requirement |
| |
* Check for updated versions for ''ffmpeg'' and ''libopenh264'' | sudo dnf install php-mysqlnd php-imagick php-gd perl-Image-ExifTool mediainfo ffmpeg-free libvorbis poppler-utils |
| |
sudo dnf install perl-Image-ExifTool mediainfo ffmpeg-free libvorbis poppler-utils | |
| |
===== Old openSUSE ===== | |
| |
**** | |
| |
sudo zypper install poppler-tools php8-exif mediainfo libfdk-aac2 libvorbis0 libvpx8 exiftool ffmpeg-6 libopenh264-7 | |
| |
====== Download Source ====== | ====== Download Source ====== |
====== Database ====== | ====== Database ====== |
| |
sudo mysql | sudo mariadb |
| |
CREATE DATABASE piwigo; | CREATE DATABASE piwigo; |
location ~ \.(php|phar)(/.*)?$ { | location ~ \.(php|phar)(/.*)?$ { |
fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$; | fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$; |
| |
fastcgi_intercept_errors on; | fastcgi_intercept_errors on; |
fastcgi_index index.php; | fastcgi_index index.php; |
===== Server Block ===== | ===== Server Block ===== |
| |
* The ''default-src'' Piwigo URL allows Theme preview images to load, but isn't mandatory | * 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs |
| |
sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync | sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync |
include '/etc/nginx/default.d/headers.conf'; | include '/etc/nginx/default.d/headers.conf'; |
| |
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; | # add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; |
# add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; | # add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; |
# access_log /var/log/nginx/media-access.log; | # access_log /var/log/nginx/media-access.log; |
====== Settings ====== | ====== Settings ====== |
| |
* :!: Using a long password with symbols passed set-up fine, but failed to log-in later; use less-complex password | * :!: Using a long password with symbols passed setup fine, but failed to log-in later; use less-complex password |
* :!: Use a relay or bogus email address during account creation to protect against potential spam ((the webmaster URL in the footer shows the email in plaintext and looks tasty to bots)) | * :!: Use a relay or bogus email address during account creation to protect against potential spam ((the webmaster URL in the footer shows the email in plaintext and looks tasty to bots)) |
* :!: Disable ''Allow user registration'' immediately under Configuration -> Options -> General -> Permissions | * :!: Disable ''Allow user registration'' **immediately** under Configuration -> Options -> General -> Permissions |
* :!: Seemingly have to enable ''Activate comments'' in order to prevent broken CSS on the bottom of image pages, but can uncheck ''Comments for all'' so that nobody public can leave comments | * Seemingly have to enable ''Activate comments'' in order to prevent broken CSS on the bottom of image pages, but can uncheck ''Comments for all'' so that nobody public can leave comments |
* Activate Boostrap Darkroom theme | * Activate Boostrap Darkroom theme |
| |
===== Page Banner ===== | ===== Page Banner ===== |
| |
| **** |
| |
<code> | <code> |
* ''01'' day of every month at ''05:20:00'' | * ''01'' day of every month at ''05:20:00'' |
| |
sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now | sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now && sudo systemctl start 'media-m' && sudo systemctl status 'media-m' -l |
| |
<code> | <code> |
=== Timer === | === Timer === |
| |
* ''01'' day of every month at ''05:50:00'' | * ''01'' day of every month at ''05:35:00'' |
| |
sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l | sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l |
| |
[Timer] | [Timer] |
OnCalendar=*-*-01 05:50:00 | OnCalendar=*-*-01 05:35:00 |
Persistent=true | Persistent=true |
| |
| |
<code> | <code> |
[mysqldump] | [mariadb-dump] |
user=piwigo | user=piwigo |
password=x</code> | password=x</code> |
Type=oneshot | Type=oneshot |
WorkingDirectory=/var/lib/mysql/tmp | WorkingDirectory=/var/lib/mysql/tmp |
ExecStartPre='/usr/bin/mysqldump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql' | ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql' |
ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql' | ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql' |
ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"' | ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"' |
=== Timer === | === Timer === |
| |
* Every day at ''05:15:00'' | * Every day at ''05:45:00'' |
| |
sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l | sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l |
| |
[Timer] | [Timer] |
OnCalendar=*-*-* 05:15:00 | OnCalendar=*-*-* 05:45:00 |
Persistent=true | Persistent=true |
| |
**** | **** |
| |
sudo mysqldump --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync | sudo mariadb-dump --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync |
| |
==== Start Services ==== | ==== Start Services ==== |
**** | **** |
| |
cd '/var/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && cd ~ && sync | cd '/var/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && cd ~ && sync |
| |
=== SELinux === | |
| |
**** | |
| |
sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sync | |
| |
==== Drop Previous Database ==== | ==== Drop Previous Database ==== |
| |
sudo mysql | sudo mariadb |
| |
DROP DATABASE piwigo; | DROP DATABASE piwigo; |
==== Re-create Databases ==== | ==== Re-create Databases ==== |
| |
sudo mysql | sudo mariadb |
| |
CREATE DATABASE piwigo; | CREATE DATABASE piwigo; |
**** | **** |
| |
sudo mysql 'piwigo' < ~/'piwigo-database-'*'.sql' && sync | sudo mariadb 'piwigo' < ~/'piwigo-database-'*'.sql' && sync |
| |
==== Reapply Permissions ==== | ==== Reapply Permissions ==== |
| |
sudo mysql | sudo mariadb |
| |
GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x'; | GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x'; |