RoE | Wiki

User Tools

Site Tools

Trace:
servers:nginx:piwigo

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
servers:nginx:piwigo [2018/12/08 18:31] – [Server Block] Sean Rhoneservers:nginx:piwigo [2024/02/01 11:45] (current) – [Page Banner] Sean Rhone
Line 1: Line 1:
 +====== Information ======
 +
 +  * Piwigo ((https://piwigo.org/))
 +  * Bootstrap Darkroom Theme ((https://github.com/Piwigo/piwigo-bootstrap-darkroom))
 +  * ''master'' Branches ((https://github.com/Piwigo/Piwigo/tree/master)) ((https://github.com/Piwigo/piwigo-bootstrap-darkroom/tree/master))
 +  * [[Information:Realm of Espionage]]
 +  * https://media.realmofespionage.xyz
 +
 +===== Prerequisites =====
 +
 +  * [[distros:fedora_server|Fedora Server]]
 +  * [[servers:mariadb|MariaDB]]
 +  * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]
 +  * [[servers:nginx:lets_encrypt|Let's Encrypt]]
 +
 +====== Dependencies ======
 +
 +  * https://piwigo.org/guides/install/requirements
 +  * https://github.com/Piwigo/piwigo-videojs/wiki/How-to-add-videos
 +  * https://github.com/Piwigo/piwigo-videojs/wiki/Synchronize#requirement
 +
 +  sudo dnf install php-mysqlnd php-imagick php-gd perl-Image-ExifTool mediainfo ffmpeg-free libvorbis poppler-utils
 +
 +====== Download Source ======
 +
 +  * Also includes the [[https://github.com/Piwigo/piwigo-bootstrap-darkroom|Bootstrap Darkroom]] theme
 +
 +  sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/Piwigo.git' '/var/www/media' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/piwigo-bootstrap-darkroom.git' '/var/www/media/themes/bootstrap_darkroom' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sync
 +
 +====== Database ======
 +
 +  sudo mariadb
 +
 +  CREATE DATABASE piwigo;
 +
 +  GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x';
 +
 +  FLUSH PRIVILEGES;
 +
 +  EXIT
 +
 +====== nginx + PHP-FPM Configuration ======
 +
 +===== PHP-FPM Socket =====
 +
 +  sudo -e '/etc/php-fpm.d/media.conf' && sudo systemctl restart 'php-fpm'
 +
 +<code>
 +[media]
 +
 +; User/Group
 +user = nginx
 +group = nginx
 +
 +; Socket
 +listen = /run/php-fpm/media.sock
 +listen.acl_users = nginx
 +listen.allowed_clients = 127.0.0.1
 +
 +; Process Management
 +pm = ondemand
 +pm.max_children = 4
 +pm.process_idle_timeout = 30
 +
 +; Fedora php.ini Defaults
 +php_value[session.save_handler] = "files"
 +php_value[session.save_path] = "/var/lib/php/session"
 +
 +; General
 +php_value[date.timezone] = "America/New_York"
 +php_value[max_execution_time] = "200"
 +php_value[memory_limit] = "512M"
 +php_value[post_max_size] = "100M"
 +php_value[upload_max_filesize] = "20M"
 +php_value[max_file_uploads] = "100"
 +
 +; End</code>
 +
 +===== FastCGI =====
 +
 +  sudo -e '/etc/nginx/default.d/media.conf'
 +
 +<code>
 +# PHP-FPM
 +location ~ \.(php|phar)(/.*)?$ {
 +    fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
 +    fastcgi_intercept_errors on;
 +    fastcgi_index index.php;
 +    include fastcgi_params;
 +    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
 +    fastcgi_param PATH_INFO $fastcgi_path_info;
 +    fastcgi_pass unix:/run/php-fpm/media.sock;
 +}</code>
 +
 +===== Server Block =====
 +
 +  * 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs
 +
 +  sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync
 +
 +<code>
 +server {
 +    listen '443' 'ssl' 'http2';
 +    server_name 'media.realmofespionage.xyz';
 +    root '/var/www/media';
 +    index 'index.php';
 +
 +    include '/etc/nginx/default.d/media.conf';
 +    include '/etc/nginx/default.d/headers.conf';
 +
 +#    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
 +#    add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
 +#    access_log  /var/log/nginx/media-access.log;
 +#    error_log  /var/log/nginx/media-error.log;
 +
 +    location / {
 +        index index.php;
 +        try_files $uri $uri/ @rewrite;
 +    }
 +
 +    location @rewrite {
 +        rewrite ^/picture((/|$).*)$ /picture.php$1 last;
 +        rewrite ^/index((/|$).*)$ /index.php$1 last;
 +        rewrite ^/i((/|$).*)$ /i.php$1 last;
 +    }
 +
 +}</code>
 +
 +====== Initial Setup ======
 +
 +  * https://media.realmofespionage.xyz
 +
 +====== Settings ======
 +
 +  * :!: Using a long password with symbols passed setup fine, but failed to log-in later; use less-complex password
 +  * :!: Use a relay or bogus email address during account creation to protect against potential spam ((the webmaster URL in the footer shows the email in plaintext and looks tasty to bots))
 +  * :!: Disable ''Allow user registration'' **immediately** under Configuration -> Options -> General -> Permissions
 +  * Seemingly have to enable ''Activate comments'' in order to prevent broken CSS on the bottom of image pages, but can uncheck ''Comments for all'' so that nobody public can leave comments
 +  * Activate Boostrap Darkroom theme
 +
 +===== Page Banner =====
 +
 +****
 +
 +<code>
 +<p>Tech, hardware, food, nature, and gaming pictures and videos!</p></code>
 +
 +===== config.inc.php =====
 +
 +  * [[https://piwigo.org/forum/viewtopic.php?pid=159584#p159584|nginx Rewrite source]]
 +  * [[https://piwigo.org/forum/viewtopic.php?pid=179504#p179504|Video Uploading source]]
 +  * [[https://github.com/Piwigo/Piwigo/blob/master/include/config_default.inc.php|More Settings]]
 +
 +  sudo -u 'nginx' -e '/var/www/media/local/config/config.inc.php' && sudo restorecon -F -I -R '/var/www/media/local/config/config.inc.php'
 +
 +<code>
 +<?php
 +
 +// nginx Rewrite
 +$conf['question_mark_in_urls'] = false;
 +$conf['php_extension_in_urls'] = false;
 +
 +// Minimal Logging
 +$conf['log_level'] = 'EMERGENCY';
 +
 +// Header Links
 +$conf['links'] = array(
 +  'https://realmofespionage.xyz' => 'Realm of Espionage',
 +  'https://wiki.realmofespionage.xyz' => 'RoE | Wiki',
 +  'https://social.realmofespionage.xyz/profile/espionage724' => 'RoE | Social',
 +  'https://blog.realmofespionage.xyz' => 'RoE | Blog',
 +  'https://wiki.realmofespionage.xyz/personal:social_media' => 'Webmaster Info',
 +  'https://wiki.realmofespionage.xyz/servers:nginx:piwigo' => 'Instance Configuration Notes',
 +  );
 +
 +// Video Uploading
 +$conf['upload_form_all_types'] = true;
 +$conf['file_ext'] = array_merge(
 +  $conf['picture_ext'],
 +  array('tiff', 'tif', 'mpg','zip','avi','mp3','ogg','pdf','webm','mp4')
 +  );
 +
 +// End
 +?></code>
 +
 +====== Services ======
 +
 +===== Updater =====
 +
 +==== Service ====
 +
 +  sudo -e '/etc/systemd/system/media-up.service'
 +
 +<code>
 +[Service]
 +User=nginx
 +Group=nginx
 +Type=oneshot
 +WorkingDirectory=/var/www/media
 +ExecStart='/usr/bin/git' -C '/var/www/media' pull origin 'master'
 +ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' pull origin 'master'
 +ExecStartPost='/usr/bin/sync'</code>
 +
 +==== Timer ====
 +
 +  * Every day at ''05:00:00''
 +
 +  sudo -e '/etc/systemd/system/media-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-up.timer' --now && sudo systemctl start 'media-up' && sudo systemctl status 'media-up' -l
 +
 +<code>
 +[Unit]
 +Description=Piwigo Updater
 +After=network-online.target
 +Wants=network-online.target
 +
 +[Timer]
 +OnCalendar=*-*-* 05:00:00
 +Persistent=true
 +
 +[Install]
 +WantedBy=timers.target</code>
 +
 +===== Maintenance =====
 +
 +==== Service ====
 +
 +  sudo -e '/etc/systemd/system/media-m.service'
 +
 +<code>
 +[Service]
 +User=nginx
 +Group=nginx
 +Type=oneshot
 +ExecStart='/usr/bin/git' -C '/var/www/media' gc --aggressive --prune='all'
 +ExecStart='/usr/bin/git' -C '/var/www/media' fsck --full --strict
 +ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' gc --aggressive --prune='all'
 +ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' fsck --full --strict
 +ExecStartPost='/usr/bin/sync'</code>
 +
 +==== Timer ====
 +
 +  * ''01'' day of every month at ''05:20:00''
 +
 +  sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now && sudo systemctl start 'media-m' && sudo systemctl status 'media-m' -l
 +
 +<code>
 +[Unit]
 +Description=Piwigo Maintenance
 +After=network-online.target
 +Wants=network-online.target
 +
 +[Timer]
 +OnCalendar=*-*-01 05:20:00
 +Persistent=true
 +
 +[Install]
 +WantedBy=timers.target</code>
 +
 +===== Backup =====
 +
 +==== Files ====
 +
 +=== Service ===
 +
 +  mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/media-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/media-fb.service'
 +
 +<code>
 +[Service]
 +Type=oneshot
 +WorkingDirectory=/var/www
 +ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"'
 +ExecStartPost='/usr/bin/sync'</code>
 +
 +=== Timer ===
 +
 +  * ''01'' day of every month at ''05:35:00''
 +
 +  sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l
 +
 +<code>
 +[Unit]
 +Description=Piwigo Files Backup
 +
 +[Timer]
 +OnCalendar=*-*-01 05:35:00
 +Persistent=true
 +
 +[Install]
 +WantedBy=timers.target</code>
 +
 +==== Database ====
 +
 +=== Database Auth ===
 +
 +  sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/piwigo' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/auth/piwigo' && sudo chmod '600' '/var/lib/mysql/auth/piwigo' && sync
 +
 +<code>
 +[mariadb-dump]
 +user=piwigo
 +password=x</code>
 +
 +=== Service ===
 +
 +  mkdir -p ~/'backups' && sudo mkdir -p '/var/lib/mysql/tmp' && sudo -e '/etc/systemd/system/media-db.service' && sudo sed -i 's/'CHANGEME'/'$USER'/g' '/etc/systemd/system/media-db.service'
 +
 +<code>
 +[Service]
 +Type=oneshot
 +WorkingDirectory=/var/lib/mysql/tmp
 +ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql'
 +ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql'
 +ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"'
 +ExecStartPost='/usr/bin/sync'</code>
 +
 +=== Timer ===
 +
 +  * Every day at ''05:45:00''
 +
 +  sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l
 +
 +<code>
 +[Unit]
 +Description=Piwigo Database Backup
 +After=mariadb.service
 +
 +[Timer]
 +OnCalendar=*-*-* 05:45:00
 +Persistent=true
 +
 +[Install]
 +WantedBy=timers.target</code>
 +
 +====== Backup ======
 +
 +  * Create backup archive on server and transfer to client computer
 +
 +===== Server =====
 +
 +==== Stop Services ====
 +
 +****
 +
 +  sudo systemctl stop nginx php-fpm
 +
 +==== Backup Folder ====
 +
 +****
 +
 +  cd '/var/www' && sudo tar -cvzf ~/'piwigo-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'media' && cd ~ && sync
 +
 +==== Backup Database ====
 +
 +****
 +
 +  sudo mariadb-dump --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync
 +
 +==== Start Services ====
 +
 +****
 +
 +  sudo systemctl start nginx php-fpm
 +
 +===== Client =====
 +
 +==== Transfer Files To Client ====
 +
 +****
 +
 +  scp espionage724@192.168.1.152:~/'piwigo-files-'*'.tar.gz' espionage724@192.168.1.152:~/'piwigo-database-'*'.sql' ~/'Downloads' && sync
 +
 +====== Restore ======
 +
 +===== Client =====
 +
 +==== Uncompress Database ====
 +
 +  * This is only needed if restoring an **automated** database backup ((manual doesn't gzip))
 +
 +  gunzip ~/'Downloads/piwigo-database-'*'.sql.gz'
 +
 +==== Transfer Files To Server ====
 +
 +****
 +
 +  scp ~/'Downloads/piwigo-files-'*'.tar.gz' ~/'Downloads/piwigo-database-'*'.sql' espionage724@192.168.1.152:~
 +
 +==== Remove Files ====
 +
 +****
 +
 +  rm -f ~/'Downloads/piwigo-files-'*'.tar.gz' ~/'Downloads/piwigo-database-'*'.sql' && sync
 +
 +===== Server =====
 +
 +==== Stop Services ====
 +
 +****
 +
 +  sudo systemctl stop nginx php-fpm
 +
 +==== Remove Previous Folder ====
 +
 +****
 +
 +  sudo rm -Rf '/var/www/media'
 +
 +==== Restore Piwigo Folder ====
 +
 +****
 +
 +  cd '/var/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && cd ~ && sync
 +
 +==== Drop Previous Database ====
 +
 +  sudo mariadb
 +
 +  DROP DATABASE piwigo;
 +
 +  FLUSH TABLES;
 +
 +  EXIT
 +
 +==== Re-create Databases ====
 +
 +  sudo mariadb
 +
 +  CREATE DATABASE piwigo;
 +
 +  EXIT
 +
 +==== Restore Database ====
 +
 +****
 +
 +  sudo mariadb 'piwigo' < ~/'piwigo-database-'*'.sql' && sync
 +
 +==== Reapply Permissions ====
 +
 +  sudo mariadb
 +
 +  GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x';
 +
 +  FLUSH PRIVILEGES;
 +
 +  EXIT
 +
 +==== Start Services ====
 +
 +****
 +
 +  sudo systemctl start nginx php-fpm
 +
 +==== Remove Backups ====
 +
 +  * Verify that Piwigo works before running
 +
 +  rm ~/'piwigo-files-'*'.tar.gz' ~/'piwigo-database-'*'.sql' && sync