RoE | Wiki

User Tools

Site Tools

Trace:
servers:nginx:piwigo

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
servers:nginx:piwigo [2023/09/01 10:03] – openSUSE TW Sean Rhoneservers:nginx:piwigo [2024/02/01 11:45] (current) – [Page Banner] Sean Rhone
Line 3: Line 3:
   * Piwigo ((https://piwigo.org/))   * Piwigo ((https://piwigo.org/))
   * Bootstrap Darkroom Theme ((https://github.com/Piwigo/piwigo-bootstrap-darkroom))   * Bootstrap Darkroom Theme ((https://github.com/Piwigo/piwigo-bootstrap-darkroom))
-  * master Branches ((https://github.com/Piwigo/Piwigo/tree/master)) ((https://github.com/Piwigo/piwigo-bootstrap-darkroom/tree/master))+  * ''master'' Branches ((https://github.com/Piwigo/Piwigo/tree/master)) ((https://github.com/Piwigo/piwigo-bootstrap-darkroom/tree/master))
   * [[Information:Realm of Espionage]]   * [[Information:Realm of Espionage]]
   * https://media.realmofespionage.xyz   * https://media.realmofespionage.xyz
Line 9: Line 9:
 ===== Prerequisites ===== ===== Prerequisites =====
  
-  * [[distros:opensuse_tumbleweed_server|openSUSE Tumbleweed]]+  * [[distros:fedora_server|Fedora Server]]
   * [[servers:mariadb|MariaDB]]   * [[servers:mariadb|MariaDB]]
   * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]   * [[servers:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]
Line 20: Line 20:
   * https://github.com/Piwigo/piwigo-videojs/wiki/Synchronize#requirement   * https://github.com/Piwigo/piwigo-videojs/wiki/Synchronize#requirement
  
-  * Check for updated versions for ''ffmpeg'' and ''libopenh264'' +  sudo dnf install php-mysqlnd php-imagick php-gd perl-Image-ExifTool mediainfo ffmpeg-free libvorbis poppler-utils
- +
-  sudo zypper install poppler-tools php8-exif mediainfo libfdk-aac2 libvorbis0 libvpx8 exiftool ffmpeg-6 libopenh264-7+
  
 ====== Download Source ====== ====== Download Source ======
Line 28: Line 26:
   * Also includes the [[https://github.com/Piwigo/piwigo-bootstrap-darkroom|Bootstrap Darkroom]] theme   * Also includes the [[https://github.com/Piwigo/piwigo-bootstrap-darkroom|Bootstrap Darkroom]] theme
  
-  sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/Piwigo.git' '/srv/www/media' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/piwigo-bootstrap-darkroom.git' '/srv/www/media/themes/bootstrap_darkroom' && sudo chown -R 'nginx':'nginx' '/srv/www/media' && sync+  sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/Piwigo.git' '/var/www/media' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/Piwigo/piwigo-bootstrap-darkroom.git' '/var/www/media/themes/bootstrap_darkroom' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sync
  
 ====== Database ====== ====== Database ======
  
-  sudo mysql+  sudo mariadb
  
   CREATE DATABASE piwigo;   CREATE DATABASE piwigo;
Line 46: Line 44:
 ===== PHP-FPM Socket ===== ===== PHP-FPM Socket =====
  
-  sudo -e '/etc/php8/fpm/php-fpm.d/media.conf' && sudo systemctl restart 'php-fpm'+  sudo -e '/etc/php-fpm.d/media.conf' && sudo systemctl restart 'php-fpm'
  
 <code> <code>
Line 56: Line 54:
  
 ; Socket ; Socket
-listen = 127.0.0.1:9004+listen = /run/php-fpm/media.sock
 listen.acl_users = nginx listen.acl_users = nginx
 listen.allowed_clients = 127.0.0.1 listen.allowed_clients = 127.0.0.1
Line 65: Line 63:
 pm.process_idle_timeout = 30 pm.process_idle_timeout = 30
  
-openSUSE TW php.ini Defaults +Fedora php.ini Defaults 
-php_value[session.save_path] = /var/lib/php8/sessions+php_value[session.save_handler] = "files" 
 +php_value[session.save_path] = "/var/lib/php/session"
  
 ; General ; General
Line 86: Line 85:
 location ~ \.(php|phar)(/.*)?$ { location ~ \.(php|phar)(/.*)?$ {
     fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;     fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
- 
     fastcgi_intercept_errors on;     fastcgi_intercept_errors on;
     fastcgi_index index.php;     fastcgi_index index.php;
     include fastcgi_params;     include fastcgi_params;
-    fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;+    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
     fastcgi_param PATH_INFO $fastcgi_path_info;     fastcgi_param PATH_INFO $fastcgi_path_info;
-    fastcgi_pass 127.0.0.1:9004;+    fastcgi_pass unix:/run/php-fpm/media.sock;
 }</code> }</code>
  
 ===== Server Block ===== ===== Server Block =====
  
-  * The ''default-src'' Piwigo URL allows Theme preview images to load, but isn't mandatory+  * 2023/09/12: CSPs disabled; TODO: Re-figure out CSPs
  
   sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync   sudo -e '/etc/nginx/vhosts.d/media.conf' && sudo systemctl reload 'nginx' && sync
Line 105: Line 103:
     listen '443' 'ssl' 'http2';     listen '443' 'ssl' 'http2';
     server_name 'media.realmofespionage.xyz';     server_name 'media.realmofespionage.xyz';
-    root '/srv/www/media';+    root '/var/www/media';
     index 'index.php';     index 'index.php';
  
Line 111: Line 109:
     include '/etc/nginx/default.d/headers.conf';     include '/etc/nginx/default.d/headers.conf';
  
-    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;+#    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
 #    add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always; #    add_header Content-Security-Policy "default-src 'self' https://piwigo.org/ext/upload/; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'" always;
 #    access_log  /var/log/nginx/media-access.log; #    access_log  /var/log/nginx/media-access.log;
Line 135: Line 133:
 ====== Settings ====== ====== Settings ======
  
-  * :!: Using a long password with symbols passed set-up fine, but failed to log-in later; use less-complex password+  * :!: Using a long password with symbols passed setup fine, but failed to log-in later; use less-complex password
   * :!: Use a relay or bogus email address during account creation to protect against potential spam ((the webmaster URL in the footer shows the email in plaintext and looks tasty to bots))   * :!: Use a relay or bogus email address during account creation to protect against potential spam ((the webmaster URL in the footer shows the email in plaintext and looks tasty to bots))
-  * :!: Disable ''Allow user registration'' immediately under Configuration -> Options -> General -> Permissions +  * :!: Disable ''Allow user registration'' **immediately** under Configuration -> Options -> General -> Permissions 
-  * :!: Seemingly have to enable ''Activate comments'' in order to prevent broken CSS on the bottom of image pages, but can uncheck ''Comments for all'' so that nobody public can leave comments+  * Seemingly have to enable ''Activate comments'' in order to prevent broken CSS on the bottom of image pages, but can uncheck ''Comments for all'' so that nobody public can leave comments
   * Activate Boostrap Darkroom theme   * Activate Boostrap Darkroom theme
  
 ===== Page Banner ===== ===== Page Banner =====
 +
 +****
  
 <code> <code>
Line 152: Line 152:
   * [[https://github.com/Piwigo/Piwigo/blob/master/include/config_default.inc.php|More Settings]]   * [[https://github.com/Piwigo/Piwigo/blob/master/include/config_default.inc.php|More Settings]]
  
-  sudo -e '/srv/www/media/local/config/config.inc.php' && sudo chown 'nginx':'nginx' '/srv/www/media/local/config/config.inc.php'+  sudo -u 'nginx' -e '/var/www/media/local/config/config.inc.php' && sudo restorecon -F -I -R '/var/www/media/local/config/config.inc.php'
  
 <code> <code>
Line 197: Line 197:
 Group=nginx Group=nginx
 Type=oneshot Type=oneshot
-WorkingDirectory=/srv/www/media +WorkingDirectory=/var/www/media 
-ExecStart='/usr/bin/git' -C '/srv/www/media' pull origin 'master' +ExecStart='/usr/bin/git' -C '/var/www/media' pull origin 'master' 
-ExecStart='/usr/bin/git' -C '/srv/www/media/themes/bootstrap_darkroom' pull origin 'master'+ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' pull origin 'master'
 ExecStartPost='/usr/bin/sync'</code> ExecStartPost='/usr/bin/sync'</code>
  
Line 232: Line 232:
 Group=nginx Group=nginx
 Type=oneshot Type=oneshot
-ExecStart='/usr/bin/git' -C '/srv/www/media' gc --aggressive --prune='all' +ExecStart='/usr/bin/git' -C '/var/www/media' gc --aggressive --prune='all' 
-ExecStart='/usr/bin/git' -C '/srv/www/media' fsck --full --strict +ExecStart='/usr/bin/git' -C '/var/www/media' fsck --full --strict 
-ExecStart='/usr/bin/git' -C '/srv/www/media/themes/bootstrap_darkroom' gc --aggressive --prune='all' +ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' gc --aggressive --prune='all' 
-ExecStart='/usr/bin/git' -C '/srv/www/media/themes/bootstrap_darkroom' fsck --full --strict+ExecStart='/usr/bin/git' -C '/var/www/media/themes/bootstrap_darkroom' fsck --full --strict
 ExecStartPost='/usr/bin/sync'</code> ExecStartPost='/usr/bin/sync'</code>
  
Line 242: Line 242:
   * ''01'' day of every month at ''05:20:00''   * ''01'' day of every month at ''05:20:00''
  
-  sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now+  sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now && sudo systemctl start 'media-m' && sudo systemctl status 'media-m' -l
  
 <code> <code>
Line 268: Line 268:
 [Service] [Service]
 Type=oneshot Type=oneshot
-WorkingDirectory=/srv/www+WorkingDirectory=/var/www
 ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"' ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -czf "/home/CHANGEME/backups/piwigo-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"'
 ExecStartPost='/usr/bin/sync'</code> ExecStartPost='/usr/bin/sync'</code>
Line 274: Line 274:
 === Timer === === Timer ===
  
-  * ''01'' day of every month at ''05:50:00''+  * ''01'' day of every month at ''05:35:00''
  
   sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l   sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l
Line 283: Line 283:
  
 [Timer] [Timer]
-OnCalendar=*-*-01 05:50:00+OnCalendar=*-*-01 05:35:00
 Persistent=true Persistent=true
  
Line 293: Line 293:
 === Database Auth === === Database Auth ===
  
-  sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/piwigo' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/piwigo' && sudo chmod '600' '/var/lib/mysql/auth/piwigo' && sync+  sudo mkdir -p '/var/lib/mysql/auth' && sudo -e '/var/lib/mysql/auth/piwigo' && sudo chown -R 'mysql':'mysql' '/var/lib/mysql/auth/piwigo' && sudo chmod '600' '/var/lib/mysql/auth/piwigo' && sync
  
 <code> <code>
-[mysqldump]+[mariadb-dump]
 user=piwigo user=piwigo
 password=x</code> password=x</code>
Line 308: Line 308:
 Type=oneshot Type=oneshot
 WorkingDirectory=/var/lib/mysql/tmp WorkingDirectory=/var/lib/mysql/tmp
-ExecStartPre='/usr/bin/mysqldump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql'+ExecStartPre='/usr/bin/mariadb-dump' --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r '/var/lib/mysql/tmp/piwigo.sql'
 ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql' ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/piwigo.sql'
 ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"' ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/piwigo.sql.gz" "/home/CHANGEME/backups/piwigo-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"'
Line 315: Line 315:
 === Timer === === Timer ===
  
-  * Every day at ''05:15:00''+  * Every day at ''05:45:00''
  
   sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l   sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l
Line 325: Line 325:
  
 [Timer] [Timer]
-OnCalendar=*-*-* 05:15:00+OnCalendar=*-*-* 05:45:00
 Persistent=true Persistent=true
  
Line 347: Line 347:
 **** ****
  
-  cd '/srv/www' && sudo tar -cvzf ~/'piwigo-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'media' && cd ~ && sync+  cd '/var/www' && sudo tar -cvzf ~/'piwigo-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'media' && cd ~ && sync
  
 ==== Backup Database ==== ==== Backup Database ====
Line 353: Line 353:
 **** ****
  
-  sudo mysqldump --defaults-extra-file='/var/lib/mysqlauth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync+  sudo mariadb-dump --defaults-extra-file='/var/lib/mysql/auth/piwigo' --single-transaction 'piwigo' -r ~/'piwigo-database-manual-'$(date +%Y-%m-%d)'.sql' && sync
  
 ==== Start Services ==== ==== Start Services ====
Line 403: Line 403:
 **** ****
  
-  sudo rm -Rf '/srv/www/media'+  sudo rm -Rf '/var/www/media'
  
 ==== Restore Piwigo Folder ==== ==== Restore Piwigo Folder ====
Line 409: Line 409:
 **** ****
  
-  cd '/srv/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo chown -R 'nginx':'nginx' '/srv/www/media' && cd ~ && sync+  cd '/var/www' && sudo tar -xvzf ~/'piwigo-files-'*'.tar.gz' 'media' && sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' '/var/www/media(/.*)?' && sudo restorecon -F -I -R '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && cd ~ && sync
  
 ==== Drop Previous Database ==== ==== Drop Previous Database ====
  
-  sudo mysql+  sudo mariadb
  
   DROP DATABASE piwigo;   DROP DATABASE piwigo;
Line 423: Line 423:
 ==== Re-create Databases ==== ==== Re-create Databases ====
  
-  sudo mysql+  sudo mariadb
  
   CREATE DATABASE piwigo;   CREATE DATABASE piwigo;
Line 433: Line 433:
 **** ****
  
-  sudo mysql 'piwigo' < ~/'piwigo-database-'*'.sql' && sync+  sudo mariadb 'piwigo' < ~/'piwigo-database-'*'.sql' && sync
  
 ==== Reapply Permissions ==== ==== Reapply Permissions ====
  
-  sudo mysql+  sudo mariadb
  
   GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x';   GRANT ALL PRIVILEGES ON piwigo.* to 'piwigo'@'localhost' IDENTIFIED BY 'x';
/var/www/wiki/data/attic/servers/nginx/piwigo.1693576996.txt.gz · Last modified: 2023/09/01 10:03 by Sean Rhone