Differences

This shows you the differences between two versions of the page.

--- servers:nginx:zenphoto [2018/12/31 04:17] – [FastCGI] Sean Rhone
+++ servers:nginx:zenphoto [2019/06/28 22:46] – Change to Fedora Server Sean Rhone
@@ Line 1: / Line 1: @@
+====== Information ======
+  * Zenphoto ((https://www.zenphoto.org/)) ((https://github.com/zenphoto/zenphoto))
+  * [[Information:Realm of Espionage]]
+  * https://media.realmofespionage.xyz
+===== Prerequisites =====
+  * [[distros:fedora_server|Fedora Server]]
+  * [[servers:mariadb | MariaDB]]
+  * [[servers:nginx_php_php-fpm | nginx + PHP + PHP-FPM]]
+  * [[servers:nginx:lets_encrypt | Let's Encrypt]]
+====== Download Source ======
+****
+  sudo rm -Rf '/var/www/media' && sudo git clone --branch 'master' --depth '1' --recurse-submodules 'https://github.com/zenphoto/zenphoto.git' '/var/www/media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && sync
+===== SELinux =====
+  sudo semanage fcontext --deleteall "/var/www/media(/.*)?"
+  sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' "/var/www/media(/.*)?"
+  sudo restorecon -R -v '/var/www/media' && sync
+====== Database ======
+  mysql --user='root' --password
+  CREATE DATABASE zenphoto;
+  GRANT ALL PRIVILEGES ON zenphoto.* to 'zenphoto'@'localhost' IDENTIFIED BY 'x';
+  FLUSH PRIVILEGES;
+====== nginx + PHP-FPM Configuration ======
+===== PHP-FPM Socket =====
+  sudo -e '/etc/php-fpm.d/media.conf' && sudo systemctl restart 'php-fpm'
+<code>
+[media]
+user = nginx
+group = nginx
+listen = /run/php-fpm/media.sock
+listen.owner = nginx
+listen.group = nginx
+listen.allowed_clients = 127.0.0.1
+pm = dynamic
+pm.max_children = 8
+pm.start_servers = 3
+pm.min_spare_servers = 2
+pm.max_spare_servers = 4
+php_value[date.timezone] = "America/New_York"
+php_value[upload_tmp_dir] = "/tmp"
+php_value[max_execution_time] = "300"
+php_value[memory_limit] = "512M"
+php_value[post_max_size] = "500M"
+php_value[upload_max_filesize] = "500M"
+php_value[max_file_uploads] = "100"
+php_value[session.save_handler] = files
+php_value[session.save_path] = /var/lib/php/session
+php_value[soap.wsdl_cache_dir] = /var/lib/php/wsdlcache
+php_value[opcache.file_cache] = /var/lib/php/opcache</code>
+===== FastCGI =====
+  sudo -e '/etc/nginx/default.d/media.conf'
+<code>
+# PHP-FPM
+location ~ \.(php|phar)(/.*)?$ {
+    fastcgi_split_path_info ^(.+\.(?:php|phar))(/.*)$;
+    fastcgi_intercept_errors on;
+    fastcgi_index index.php;
+    include fastcgi_params;
+    fastcgi_param SCRIPT_FILENAME  $document_root$fastcgi_script_name;
+    fastcgi_param PATH_INFO $fastcgi_path_info;
+    fastcgi_pass unix:/run/php-fpm/media.sock;
+}</code>
+===== Server Block =====
+  sudo -e '/etc/nginx/conf.d/media.conf' && sudo systemctl reload 'nginx'
+<code>
+server {
+    listen '443' 'ssl' 'http2';
+    server_name 'media.realmofespionage.xyz';
+    root '/var/www/media';
+    index 'index.php';
+    include '/etc/nginx/default.d/media.conf';
+    include '/etc/nginx/default.d/headers.conf';
+    client_max_body_size '500M';
+    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' blob:" always;
+#    access_log  /var/log/nginx/media-access.log;
+#    error_log  /var/log/nginx/media-error.log;
+    location / {
+        try_files $uri $uri/ /index.php?$args;
+    }
+}</code>
+====== Initial Setup ======
+===== UTF-8 Test =====
+  * Zenphoto tests for a UTF8-compliant filesystem and expects the following file to exist
+  sudo -u 'nginx' touch '/var/www/media/zp-data/charset_tést'
+===== Site =====
+  * https://media.realmofespionage.xyz
+====== Services ======
+===== Updater =====
+==== Service ====
+  sudo -e '/etc/systemd/system/media-up.service'
+<code>
+[Service]
+User=nginx
+Group=nginx
+Type=oneshot
+WorkingDirectory=/var/www/media
+ExecStart='/usr/bin/git' -C '/var/www/media' pull origin 'master'
+ExecStartPost='/usr/bin/sync'</code>
+==== Timer ====
+  * Every day at ''05:00:00''
+  sudo -e '/etc/systemd/system/media-up.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-up.timer' --now && sudo systemctl start 'media-up' && sudo systemctl status 'media-up' -l
+<code>
+[Unit]
+Description=Zenphoto Updater
+After=network-online.target
+Wants=network-online.target
+[Timer]
+OnCalendar=*-*-* 05:00:00
+Persistent=true
+[Install]
+WantedBy=timers.target</code>
+===== Maintenance =====
+==== Service ====
+  sudo -e '/etc/systemd/system/media-m.service'
+<code>
+[Service]
+User=nginx
+Group=nginx
+Type=oneshot
+ExecStart='/usr/bin/git' -C '/var/www/media' gc --aggressive --prune='all'
+ExecStart='/usr/bin/git' -C '/var/www/media' fsck --full --strict
+ExecStartPost='/usr/bin/sync'</code>
+==== Timer ====
+  * ''01'' day of every month at ''05:20:00''
+  sudo -e '/etc/systemd/system/media-m.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-m.timer' --now
+<code>
+[Unit]
+Description=Zenphoto Maintenance
+After=network-online.target
+Wants=network-online.target
+[Timer]
+OnCalendar=*-*-01 05:20:00
+Persistent=true
+[Install]
+WantedBy=timers.target</code>
+===== Backup =====
+==== Files ====
+=== Service ===
+  mkdir -p ~/'backups' && sudo -e '/etc/systemd/system/media-fb.service' && sudo sed -i 's/CHANGEME/'$USER'/g' '/etc/systemd/system/media-fb.service'
+<code>
+[Service]
+Type=oneshot
+WorkingDirectory=/var/www
+ExecStart='/usr/bin/bash' -c '"/usr/bin/tar" -cvzf "/home/CHANGEME/backups/zenphoto-files-auto-"$$(date +%%Y-%%m-%%d)".tar.gz" "media"'
+ExecStartPost='/usr/bin/sync'</code>
+=== Timer ===
+  * ''01'' day of every month at ''05:50:00''
+  sudo -e '/etc/systemd/system/media-fb.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-fb.timer' --now && sudo systemctl start 'media-fb' && sudo systemctl status 'media-fb' -l
+<code>
+[Unit]
+Description=Zenphoto Files Backup
+[Timer]
+OnCalendar=*-*-01 05:50:00
+Persistent=true
+[Install]
+WantedBy=timers.target</code>
+==== Database ====
+=== Database Auth ===
+  sudo -u 'mysql' -e '/var/lib/mysql/auth/zenphoto' && sudo chmod '600' '/var/lib/mysql/auth/zenphoto'
+<code>
+[mysqldump]
+user=zenphoto
+password=x</code>
+=== Service ===
+  mkdir -p ~/'backups' && sudo -u 'mysql' mkdir -p '/var/lib/mysql/tmp' && sudo -e '/etc/systemd/system/media-db.service' && sudo sed -i 's/'CHANGEME'/'$USER'/g' '/etc/systemd/system/media-db.service'
+<code>
+[Service]
+Type=oneshot
+WorkingDirectory=/var/lib/mysqltmp
+ExecStartPre='/usr/bin/mysqldump' --defaults-extra-file='/var/lib/mysql/auth/zenphoto' --single-transaction 'zenphoto' -r '/var/lib/mysql/tmp/zenphoto.sql'
+ExecStart='/usr/bin/gzip' -f '/var/lib/mysql/tmp/zenphoto.sql'
+ExecStart='/usr/bin/bash' -c '"/usr/bin/mv" "/var/lib/mysql/tmp/zenphoto.sql.gz" "/home/CHANGEME/backups/zenphoto-database-auto-"$$(date +%%Y-%%m-%%d)".sql.gz"'
+ExecStartPost='/usr/bin/sync'</code>
+=== Timer ===
+  * Every day at ''05:15:00''
+  sudo -e '/etc/systemd/system/media-db.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'media-db.timer' --now && sudo systemctl start 'media-db' && sudo systemctl status 'media-db' -l
+<code>
+[Unit]
+Description=Zenphoto Database Backup
+After=mariadb.service
+[Timer]
+OnCalendar=*-*-* 05:15:00
+Persistent=true
+[Install]
+WantedBy=timers.target</code>
+====== Backup ======
+  * Create backup archive on server and transfer to client computer
+===== Server =====
+==== Stop Services ====
+****
+  sudo systemctl stop nginx php-fpm
+==== Backup Folder ====
+****
+  cd '/var/www' && sudo tar -cvzf ~/'zenphoto-files-manual-'$(date +%Y-%m-%d)'.tar.gz' 'media' && cd ~ && sync
+==== Backup Database ====
+****
+  sudo mysqldump --defaults-extra-file='/var/lib/mysql/auth/zenphoto' --single-transaction 'zenphoto' -r ~/'zenphoto-database-manual-'$(date +%Y-%m-%d)'.sql' && sync
+==== Start Services ====
+****
+  sudo systemctl start nginx php-fpm
+===== Client =====
+==== Transfer Files To Client ====
+****
+  scp espionage724@192.168.1.153:~/'zenphoto-files-'*'.tar.gz' espionage724@192.168.1.153:~/'zenphoto-database-'*'.sql' ~/'Downloads' && sync
+====== Restore ======
+===== Client =====
+==== Uncompress Database ====
+  * This is only needed if restoring an **automated** database backup ((manual doesn't gzip))
+  gunzip ~/'Downloads/zenphoto-database-'*'.sql.gz'
+==== Transfer Files To Server ====
+****
+  scp ~/'Downloads/zenphoto-files-'*'.tar.gz' ~/'Downloads/zenphoto-database-'*'.sql' espionage724@192.168.1.153:~
+==== Remove Files ====
+****
+  rm -f ~/'Downloads/zenphoto-files-'*'.tar.gz' ~/'Downloads/zenphoto-database-'*'.sql' && sync
+===== Server =====
+==== Stop Services ====
+****
+  sudo systemctl stop nginx php-fpm
+==== Remove Previous Folder ====
+****
+  sudo rm -Rf '/var/www/media'
+==== Restore Zenphoto Folder ====
+****
+  cd '/var/www' && sudo tar -xvzf ~/'zenphoto-files-'*'.tar.gz' 'media' && sudo chown -R 'nginx':'nginx' '/var/www/media' && cd ~ && sync
+==== SELinux ====
+  sudo semanage fcontext --deleteall "/var/www/media(/.*)?"
+  sudo semanage fcontext --add --type 'httpd_sys_rw_content_t' "/var/www/media(/.*)?"
+  sudo restorecon -R -v '/var/www/media' && sync
+==== Drop Previous Database ====
+  mysql --user='root' --password
+  DROP DATABASE zenphoto;
+  FLUSH TABLES;
+==== Re-create Databases ====
+  mysql --user='root' --password
+  CREATE DATABASE zenphoto;
+==== Restore Database ====
+****
+  mysql --user='root' --password 'zenphoto' < ~/'zenphoto-database-'*'.sql' && sync
+==== Reapply Permissions ====
+  mysql --user='root' --password
+  GRANT ALL PRIVILEGES ON zenphoto.* to 'zenphoto'@'localhost' IDENTIFIED BY 'x';
+  FLUSH PRIVILEGES;
+==== Start Services ====
+****
+  sudo systemctl start nginx php-fpm
+==== Remove Backups ====
+  * Verify that Zenphoto works before running
+  rm ~/'zenphoto-files-'*'.tar.gz' ~/'zenphoto-database-'*'.sql' && sync