https://wiki.seaoffate.net/api.php?action=feedcontributions&feedformat=atom&user=NigelSea of Fate - User contributions [en]2026-06-05T22:38:52ZUser contributionsMediaWiki 1.43.0https://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=73Plum (Photo)2025-03-05T06:32:42Z<p>Nigel: /* Configure NFS Server */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User photoup<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
If we want the default index files from /var/www/html<br />
cd /var/html<br />
sudo cp *.* /var/www/plum.seaoffate/public_html<br />
We can now test the plum webserver by browsing to http://plum.seaoffate.local and http://photo.seaoffate.local, if photo does not work or keeps defaulting to https check ns1 to make sure there is an entry for photo.seoffate.local. if we try the plum.seaoffate.net now we should get the welcome to nginx default page because we haven't setup raisin yet.<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
<br />
login to plum<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
cd /var/www/plum.seaoffate/public_html/<br />
sudo unzip ~/piwigo-15.4.0.zip<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
A MySQL database is needed for the CMS so login to mandarin then login to Mysql<br />
mysql -u root -p<br />
Then create a database<br />
CREATE DATABASE piwigo_db;<br />
Now we need a user for the database<br />
CREATE USER 'piwigo_user'@'192.168.100.20' IDENTIFIED BY 'your_password';<br />
This user can only connect from the IP address of plum if you want it less restrictive use '%' instead of '192.168.100.20. We need to grant privileges to the user:<br />
GRANT ALL PRIVILEGES ON piwigo_db.* TO 'piwigo_user'@'192.168.100.20';<br />
last we need to flush privileges and exit<br />
FLUSH PRIVILEGES;<br />
EXIT; <br />
We should now have the following set for the web install part<br />
* Database Host: mandarin.seaoffate.local<br />
* Database User: piwigo_user<br />
* Database Password: your_password<br />
* Database Name: piwigo_db<br />
<br />
===Complete the Piwigo Installation===<br />
<br />
Now with everything setup we are ready to complete the Piwigo install in the browser<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
* Administrator is sailor<br />
* password is in keepass of mgtconsole<br />
<br />
We want to have the source photos to be store in the RO /photo and have a working directory for dynamic or cache photos to be somewhere on the main website (public_html). Ensure the _data directory exists within your Piwigo installation directory (e.g., /var/www/plum.seaoffate/public_html/_data). Set the permissions for the _data directory to allow Apache to write to it:<br />
sudo chmod -R 775 /var/www/plum.seaoffate/public_html/_data<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html/_data<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
====Configure the forwarders====<br />
<br />
First of all login to logan. We have to create some config files<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.local<br />
Enter the following lines<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then open the next config<br />
sudo nano /etc/nginx/sites-available/photo.seaoffate.local<br />
and fill in the following lines<br />
server {<br />
listen 80;<br />
server_name photo.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then do the last one with<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.net<br />
and the following configuration<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.net;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
and save and exit.Next we need to enable the configs<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/photo.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.net /etc/nginx/sites-enabled/<br />
We should test with <br />
sudo nginx -t<br />
and if all is well restart nginx<br />
sudo systemctl restart nginx <br />
<br />
Some final notes.<br />
* Ensure port 80 is forwarded to 192.168.100.8 (Raisin)<br />
* Ensure DNS records for plum.seaoffate.local and photo.seaoffate.local have been created on NS1<br />
* Ensure DNS record has been created for plum.seaoffate.net on Cloudflare<br />
* When testing the .net it will appear as https: even though we have not done that yet because Cloudflare is set to proxy so Cloudflare will present a ssl cert to the browser but only between the browser and Cloudflare is encrypted. We should do the SSL certs as soon as possible after testing.</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=72Plum (Photo)2025-03-05T06:31:49Z<p>Nigel: /* Piwigo Configuration */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
If we want the default index files from /var/www/html<br />
cd /var/html<br />
sudo cp *.* /var/www/plum.seaoffate/public_html<br />
We can now test the plum webserver by browsing to http://plum.seaoffate.local and http://photo.seaoffate.local, if photo does not work or keeps defaulting to https check ns1 to make sure there is an entry for photo.seoffate.local. if we try the plum.seaoffate.net now we should get the welcome to nginx default page because we haven't setup raisin yet.<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
<br />
login to plum<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
cd /var/www/plum.seaoffate/public_html/<br />
sudo unzip ~/piwigo-15.4.0.zip<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
A MySQL database is needed for the CMS so login to mandarin then login to Mysql<br />
mysql -u root -p<br />
Then create a database<br />
CREATE DATABASE piwigo_db;<br />
Now we need a user for the database<br />
CREATE USER 'piwigo_user'@'192.168.100.20' IDENTIFIED BY 'your_password';<br />
This user can only connect from the IP address of plum if you want it less restrictive use '%' instead of '192.168.100.20. We need to grant privileges to the user:<br />
GRANT ALL PRIVILEGES ON piwigo_db.* TO 'piwigo_user'@'192.168.100.20';<br />
last we need to flush privileges and exit<br />
FLUSH PRIVILEGES;<br />
EXIT; <br />
We should now have the following set for the web install part<br />
* Database Host: mandarin.seaoffate.local<br />
* Database User: piwigo_user<br />
* Database Password: your_password<br />
* Database Name: piwigo_db<br />
<br />
===Complete the Piwigo Installation===<br />
<br />
Now with everything setup we are ready to complete the Piwigo install in the browser<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
* Administrator is sailor<br />
* password is in keepass of mgtconsole<br />
<br />
We want to have the source photos to be store in the RO /photo and have a working directory for dynamic or cache photos to be somewhere on the main website (public_html). Ensure the _data directory exists within your Piwigo installation directory (e.g., /var/www/plum.seaoffate/public_html/_data). Set the permissions for the _data directory to allow Apache to write to it:<br />
sudo chmod -R 775 /var/www/plum.seaoffate/public_html/_data<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html/_data<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
====Configure the forwarders====<br />
<br />
First of all login to logan. We have to create some config files<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.local<br />
Enter the following lines<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then open the next config<br />
sudo nano /etc/nginx/sites-available/photo.seaoffate.local<br />
and fill in the following lines<br />
server {<br />
listen 80;<br />
server_name photo.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then do the last one with<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.net<br />
and the following configuration<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.net;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
and save and exit.Next we need to enable the configs<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/photo.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.net /etc/nginx/sites-enabled/<br />
We should test with <br />
sudo nginx -t<br />
and if all is well restart nginx<br />
sudo systemctl restart nginx <br />
<br />
Some final notes.<br />
* Ensure port 80 is forwarded to 192.168.100.8 (Raisin)<br />
* Ensure DNS records for plum.seaoffate.local and photo.seaoffate.local have been created on NS1<br />
* Ensure DNS record has been created for plum.seaoffate.net on Cloudflare<br />
* When testing the .net it will appear as https: even though we have not done that yet because Cloudflare is set to proxy so Cloudflare will present a ssl cert to the browser but only between the browser and Cloudflare is encrypted. We should do the SSL certs as soon as possible after testing.</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=71Plum (Photo)2025-03-05T06:07:36Z<p>Nigel: /* Complete the Piwigo Installation */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
If we want the default index files from /var/www/html<br />
cd /var/html<br />
sudo cp *.* /var/www/plum.seaoffate/public_html<br />
We can now test the plum webserver by browsing to http://plum.seaoffate.local and http://photo.seaoffate.local, if photo does not work or keeps defaulting to https check ns1 to make sure there is an entry for photo.seoffate.local. if we try the plum.seaoffate.net now we should get the welcome to nginx default page because we haven't setup raisin yet.<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
<br />
login to plum<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
cd /var/www/plum.seaoffate/public_html/<br />
sudo unzip ~/piwigo-15.4.0.zip<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
A MySQL database is needed for the CMS so login to mandarin then login to Mysql<br />
mysql -u root -p<br />
Then create a database<br />
CREATE DATABASE piwigo_db;<br />
Now we need a user for the database<br />
CREATE USER 'piwigo_user'@'192.168.100.20' IDENTIFIED BY 'your_password';<br />
This user can only connect from the IP address of plum if you want it less restrictive use '%' instead of '192.168.100.20. We need to grant privileges to the user:<br />
GRANT ALL PRIVILEGES ON piwigo_db.* TO 'piwigo_user'@'192.168.100.20';<br />
last we need to flush privileges and exit<br />
FLUSH PRIVILEGES;<br />
EXIT; <br />
We should now have the following set for the web install part<br />
* Database Host: mandarin.seaoffate.local<br />
* Database User: piwigo_user<br />
* Database Password: your_password<br />
* Database Name: piwigo_db<br />
<br />
===Complete the Piwigo Installation===<br />
<br />
Now with everything setup we are ready to complete the Piwigo install in the browser<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
====Configure the forwarders====<br />
<br />
First of all login to logan. We have to create some config files<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.local<br />
Enter the following lines<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then open the next config<br />
sudo nano /etc/nginx/sites-available/photo.seaoffate.local<br />
and fill in the following lines<br />
server {<br />
listen 80;<br />
server_name photo.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then do the last one with<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.net<br />
and the following configuration<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.net;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
and save and exit.Next we need to enable the configs<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/photo.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.net /etc/nginx/sites-enabled/<br />
We should test with <br />
sudo nginx -t<br />
and if all is well restart nginx<br />
sudo systemctl restart nginx <br />
<br />
Some final notes.<br />
* Ensure port 80 is forwarded to 192.168.100.8 (Raisin)<br />
* Ensure DNS records for plum.seaoffate.local and photo.seaoffate.local have been created on NS1<br />
* Ensure DNS record has been created for plum.seaoffate.net on Cloudflare<br />
* When testing the .net it will appear as https: even though we have not done that yet because Cloudflare is set to proxy so Cloudflare will present a ssl cert to the browser but only between the browser and Cloudflare is encrypted. We should do the SSL certs as soon as possible after testing.</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=70Plum (Photo)2025-03-05T06:07:09Z<p>Nigel: /* Piwigo Requirements */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
If we want the default index files from /var/www/html<br />
cd /var/html<br />
sudo cp *.* /var/www/plum.seaoffate/public_html<br />
We can now test the plum webserver by browsing to http://plum.seaoffate.local and http://photo.seaoffate.local, if photo does not work or keeps defaulting to https check ns1 to make sure there is an entry for photo.seoffate.local. if we try the plum.seaoffate.net now we should get the welcome to nginx default page because we haven't setup raisin yet.<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
<br />
login to plum<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
cd /var/www/plum.seaoffate/public_html/<br />
sudo unzip ~/piwigo-15.4.0.zip<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
A MySQL database is needed for the CMS so login to mandarin then login to Mysql<br />
mysql -u root -p<br />
Then create a database<br />
CREATE DATABASE piwigo_db;<br />
Now we need a user for the database<br />
CREATE USER 'piwigo_user'@'192.168.100.20' IDENTIFIED BY 'your_password';<br />
This user can only connect from the IP address of plum if you want it less restrictive use '%' instead of '192.168.100.20. We need to grant privileges to the user:<br />
GRANT ALL PRIVILEGES ON piwigo_db.* TO 'piwigo_user'@'192.168.100.20';<br />
last we need to flush privileges and exit<br />
FLUSH PRIVILEGES;<br />
EXIT; <br />
We should now have the following set for the web install part<br />
* Database Host: mandarin.seaoffate.local<br />
* Database User: piwigo_user<br />
* Database Password: your_password<br />
* Database Name: piwigo_db<br />
<br />
===Complete the Piwigo Installation===<br />
<br />
Now with everything setup we are ready to complete the Piwigo install in the browser<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos<br />
<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
====Configure the forwarders====<br />
<br />
First of all login to logan. We have to create some config files<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.local<br />
Enter the following lines<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then open the next config<br />
sudo nano /etc/nginx/sites-available/photo.seaoffate.local<br />
and fill in the following lines<br />
server {<br />
listen 80;<br />
server_name photo.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then do the last one with<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.net<br />
and the following configuration<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.net;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
and save and exit.Next we need to enable the configs<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/photo.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.net /etc/nginx/sites-enabled/<br />
We should test with <br />
sudo nginx -t<br />
and if all is well restart nginx<br />
sudo systemctl restart nginx <br />
<br />
Some final notes.<br />
* Ensure port 80 is forwarded to 192.168.100.8 (Raisin)<br />
* Ensure DNS records for plum.seaoffate.local and photo.seaoffate.local have been created on NS1<br />
* Ensure DNS record has been created for plum.seaoffate.net on Cloudflare<br />
* When testing the .net it will appear as https: even though we have not done that yet because Cloudflare is set to proxy so Cloudflare will present a ssl cert to the browser but only between the browser and Cloudflare is encrypted. We should do the SSL certs as soon as possible after testing.</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=69Plum (Photo)2025-03-05T03:58:22Z<p>Nigel: /* Configure the forwarders */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
If we want the default index files from /var/www/html<br />
cd /var/html<br />
sudo cp *.* /var/www/plum.seaoffate/public_html<br />
We can now test the plum webserver by browsing to http://plum.seaoffate.local and http://photo.seaoffate.local, if photo does not work or keeps defaulting to https check ns1 to make sure there is an entry for photo.seoffate.local. if we try the plum.seaoffate.net now we should get the welcome to nginx default page because we haven't setup raisin yet.<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
sudo cp ~/piwigo-15.4.0.zip /var/www/plum.seaoffate/public_html<br />
<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
cd /var/www/plum.seaoffate/public_html<br />
sudo unzip piwigo-15.4.0.zip<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos<br />
<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
====Configure the forwarders====<br />
<br />
First of all login to logan. We have to create some config files<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.local<br />
Enter the following lines<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then open the next config<br />
sudo nano /etc/nginx/sites-available/photo.seaoffate.local<br />
and fill in the following lines<br />
server {<br />
listen 80;<br />
server_name photo.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then do the last one with<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.net<br />
and the following configuration<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.net;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
and save and exit.Next we need to enable the configs<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/photo.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.net /etc/nginx/sites-enabled/<br />
We should test with <br />
sudo nginx -t<br />
and if all is well restart nginx<br />
sudo systemctl restart nginx <br />
<br />
Some final notes.<br />
* Ensure port 80 is forwarded to 192.168.100.8 (Raisin)<br />
* Ensure DNS records for plum.seaoffate.local and photo.seaoffate.local have been created on NS1<br />
* Ensure DNS record has been created for plum.seaoffate.net on Cloudflare<br />
* When testing the .net it will appear as https: even though we have not done that yet because Cloudflare is set to proxy so Cloudflare will present a ssl cert to the browser but only between the browser and Cloudflare is encrypted. We should do the SSL certs as soon as possible after testing.</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=68Plum (Photo)2025-03-05T03:50:36Z<p>Nigel: /* Server Configs */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
If we want the default index files from /var/www/html<br />
cd /var/html<br />
sudo cp *.* /var/www/plum.seaoffate/public_html<br />
We can now test the plum webserver by browsing to http://plum.seaoffate.local and http://photo.seaoffate.local, if photo does not work or keeps defaulting to https check ns1 to make sure there is an entry for photo.seoffate.local. if we try the plum.seaoffate.net now we should get the welcome to nginx default page because we haven't setup raisin yet.<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
sudo cp ~/piwigo-15.4.0.zip /var/www/plum.seaoffate/public_html<br />
<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
cd /var/www/plum.seaoffate/public_html<br />
sudo unzip piwigo-15.4.0.zip<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos<br />
<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
====Configure the forwarders====<br />
<br />
First of all login to logan. We have to create some config files<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.local<br />
Enter the following lines<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then open the next config<br />
sudo nano /etc/nginx/sites-available/photo.seaoffate.local<br />
and fill in the following lines<br />
server {<br />
listen 80;<br />
server_name photo.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then do the last one with<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.net<br />
and the following configuration<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.net;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
and save and exit.Next we need to enable the configs<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/photo.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.net /etc/nginx/sites-enabled/<br />
We should test with <br />
sudo nginx -t<br />
and if all is well restart nginx<br />
sudo systemctl restart nginx <br />
<br />
Some final notes.<br />
* Ensure port 80 is forwarded to 192.168.100.8 (Raisin)<br />
* Ensure DNS records for plum.seaoffate.local and photo.seaoffate.local have been created on NS1<br />
* Ensure DNS record has been created for plum.seaoffate.net on Cloudflare<br />
* When testing the .net it will appear as https: even though we have not done that yet because Cloudflare is set to proxy so Cloudflare will present a ssl cert to the browser but only between the browser and Cloudflare is encrypted. We should do the SSL certs as soon as possible after testing.</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=67Plum (Photo)2025-03-05T03:48:20Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
If we want the default index files from /var/www/html<br />
cd /var/html<br />
sudo cp *.* /var/www/plum.seaoffate/public_html<br />
We can now test the plum webserver by browsing to http://plum.seaoffate.local and http://photo.seaoffate.local, if photo does not work or keeps defaulting to https check ns1 to make sure there is an entry for photo.seoffate.local<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
sudo cp ~/piwigo-15.4.0.zip /var/www/plum.seaoffate/public_html<br />
<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
cd /var/www/plum.seaoffate/public_html<br />
sudo unzip piwigo-15.4.0.zip<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos<br />
<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
====Configure the forwarders====<br />
<br />
First of all login to logan. We have to create some config files<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.local<br />
Enter the following lines<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then open the next config<br />
sudo nano /etc/nginx/sites-available/photo.seaoffate.local<br />
and fill in the following lines<br />
server {<br />
listen 80;<br />
server_name photo.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then do the last one with<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.net<br />
and the following configuration<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.net;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
and save and exit.Next we need to enable the configs<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/photo.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.net /etc/nginx/sites-enabled/<br />
We should test with <br />
sudo nginx -t<br />
and if all is well restart nginx<br />
sudo systemctl restart nginx <br />
<br />
Some final notes.<br />
* Ensure port 80 is forwarded to 192.168.100.8 (Raisin)<br />
* Ensure DNS records for plum.seaoffate.local and photo.seaoffate.local have been created on NS1<br />
* Ensure DNS record has been created for plum.seaoffate.net on Cloudflare<br />
* When testing the .net it will appear as https: even though we have not done that yet because Cloudflare is set to proxy so Cloudflare will present a ssl cert to the browser but only between the browser and Cloudflare is encrypted. We should do the SSL certs as soon as possible after testing.</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=66Plum (Photo)2025-03-05T03:48:03Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
If we want the default index files from /var/www/html<br />
cd /var/html<br />
sudo cp *.* /var/www/plum.seaoffate/public_html<br />
We can now test the plum webserver by browsing to http://plum.seaoffate.local and http://photo.seaoffate.local, if photo does not work or keeps defaulting to https check ns1 to make sure there is an entry for photo.seoffate.local<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
sudo cp ~/piwigo-15.4.0.zip /var/www/plum.seaoffate/public_html<br />
<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
cd /var/www/plum.seaoffate/public_html<br />
sudo unzip piwigo-15.4.0.zip<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=65Plum (Photo)2025-03-05T03:46:14Z<p>Nigel: /* Reverse Proxy */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
====Configure the forwarders====<br />
<br />
First of all login to logan. We have to create some config files<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.local<br />
Enter the following lines<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then open the next config<br />
sudo nano /etc/nginx/sites-available/photo.seaoffate.local<br />
and fill in the following lines<br />
server {<br />
listen 80;<br />
server_name photo.seaoffate.local;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
save and exit then do the last one with<br />
sudo nano /etc/nginx/sites-available/plum.seaoffate.net<br />
and the following configuration<br />
server {<br />
listen 80;<br />
server_name plum.seaoffate.net;<br />
<br />
location / {<br />
proxy_pass http://192.168.100.20; # Plum's IP<br />
proxy_set_header Host $host;<br />
proxy_set_header X-Real-IP $remote_addr;<br />
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br />
proxy_set_header X-Forwarded-Proto $scheme;<br />
}<br />
}<br />
and save and exit.Next we need to enable the configs<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/photo.seaoffate.local /etc/nginx/sites-enabled/<br />
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.net /etc/nginx/sites-enabled/<br />
We should test with <br />
sudo nginx -t<br />
and if all is well restart nginx<br />
sudo systemctl restart nginx <br />
<br />
Some final notes.<br />
* Ensure port 80 is forwarded to 192.168.100.8 (Raisin)<br />
* Ensure DNS records for plum.seaoffate.local and photo.seaoffate.local have been created on NS1<br />
* Ensure DNS record has been created for plum.seaoffate.net on Cloudflare<br />
* When testing the .net it will appear as https: even though we have not done that yet because Cloudflare is set to proxy so Cloudflare will present a ssl cert to the browser but only between the browser and Cloudflare is encrypted. We should do the SSL certs as soon as possible after testing.<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
If we want the default index files from /var/www/html<br />
cd /var/html<br />
sudo cp *.* /var/www/plum.seaoffate/public_html<br />
We can now test the plum webserver by browsing to http://plum.seaoffate.local and http://photo.seaoffate.local, if photo does not work or keeps defaulting to https check ns1 to make sure there is an entry for photo.seoffate.local<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
sudo cp ~/piwigo-15.4.0.zip /var/www/plum.seaoffate/public_html<br />
<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
cd /var/www/plum.seaoffate/public_html<br />
sudo unzip piwigo-15.4.0.zip<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=64Plum (Photo)2025-03-05T03:30:01Z<p>Nigel: /* Server Configs */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
If we want the default index files from /var/www/html<br />
cd /var/html<br />
sudo cp *.* /var/www/plum.seaoffate/public_html<br />
We can now test the plum webserver by browsing to http://plum.seaoffate.local and http://photo.seaoffate.local, if photo does not work or keeps defaulting to https check ns1 to make sure there is an entry for photo.seoffate.local<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
sudo cp ~/piwigo-15.4.0.zip /var/www/plum.seaoffate/public_html<br />
<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
cd /var/www/plum.seaoffate/public_html<br />
sudo unzip piwigo-15.4.0.zip<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=63Plum (Photo)2025-03-05T03:21:50Z<p>Nigel: /* Server Configs */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
If we want the default index files from /var/www/html<br />
cd /var/html<br />
sudo cp *.* /var/www/plum.seaoffate/public_html<br />
We can now test the plum webserver by browsing to http://plum.seaoffate.local and http://photo.seaoffate.local<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
sudo cp ~/piwigo-15.4.0.zip /var/www/plum.seaoffate/public_html<br />
<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
cd /var/www/plum.seaoffate/public_html<br />
sudo unzip piwigo-15.4.0.zip<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=62Plum (Photo)2025-03-05T03:19:10Z<p>Nigel: /* Server Configs */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
If we want the default index files from /var/www/html<br />
cd /var/html<br />
sudo cp *.* /var/www/plum.seaoffate/public_html<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
sudo cp ~/piwigo-15.4.0.zip /var/www/plum.seaoffate/public_html<br />
<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
cd /var/www/plum.seaoffate/public_html<br />
sudo unzip piwigo-15.4.0.zip<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=61Plum (Photo)2025-03-05T03:14:02Z<p>Nigel: /* Piwigo Requirements */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
sudo cp ~/piwigo-15.4.0.zip /var/www/plum.seaoffate/public_html<br />
<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
cd /var/www/plum.seaoffate/public_html<br />
sudo unzip piwigo-15.4.0.zip<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=60Plum (Photo)2025-03-05T03:06:53Z<p>Nigel: /* Piwigo Requirements */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website on lemon and copy it to plum<br />
scp ~/Downloads/piwigo-15.4.0.zip nigel@plum.seaoffate.local:~/<br />
sudo cp ~/piwigo-15.4.0.zip /var/www/plum.seaoffate/public_html<br />
<br />
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html<br />
<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=59Plum (Photo)2025-03-05T02:37:26Z<p>Nigel: /* Server Configs */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate/public_html<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website.<br />
<br />
Extract the Piwigo archive to /var/www/plum.seaoffate<br />
<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/_data/galleries/original_photos<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=58Plum (Photo)2025-03-05T02:34:52Z<p>Nigel: /* Plum */</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
<br />
====Server Configs====<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost><br />
The last one<br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf<br />
should contain the .net config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.net<br />
DocumentRoot /var/www/plum.seaoffate<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined<br />
</VirtualHost><br />
Once they are done we need to enable them all<br />
sudo a2ensite plum.seaoffate.local.conf<br />
sudo a2ensite photo.seaoffate.local.conf<br />
sudo a2ensite plum.seaoffate.net.conf<br />
and disable the default<br />
sudo a2dissite 000-default.conf<br />
We now restart apache with<br />
sudo systemctl restart apache2<br />
<br />
====Piwigo Requirements====<br />
<br />
Get the webserver mods<br />
sudo apt update<br />
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client<br />
<br />
Download Piwigo from the official website.<br />
<br />
Extract the Piwigo archive to /var/www/plum.seaoffate<br />
<br />
sudo chown -R www-data:www-data /var/www/plum.seaoffate<br />
<br />
Mount Read-Only Photo Directory<br />
<br />
Create a symlink in Piwigo's _data/galleries directory<br />
sudo ln -s /photo /var/www/plum.seaoffate/_data/galleries/original_photos<br />
<br />
====Piwigo Configuration====<br />
<br />
Access Piwigo through your browser (e.g., plum.seaoffate.local).<br />
<br />
Follow the installation wizard, providing database details and administrator credentials.<br />
<br />
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=57Plum (Photo)2025-03-05T02:23:57Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system<br />
<br />
==Webserver Setup==<br />
<br />
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.<br />
<br />
===Reverse Proxy===<br />
<br />
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.<br />
<br />
===Plum===<br />
<br />
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.<br />
sudo mkdir -p /var/www/plum.seaoffate<br />
sudo chown www-data:www-data /var/www/plum.seaoffate<br />
Next we create Virtual Host Configuration Files <br />
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf<br />
We need to put in the following config<br />
<VirtualHost *:80><br />
ServerName plum.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined<br />
</VirtualHost><br />
save and exit. Then the next with<br />
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf<br />
and fill in <br />
<VirtualHost *:80><br />
ServerName photo.seaoffate.local<br />
DocumentRoot /var/www/plum.seaoffate<br />
<br />
ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log<br />
CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined<br />
</VirtualHost></div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=56Plum (Photo)2025-03-05T01:50:27Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry & Plum Drive Sharing==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we create the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=55Plum (Photo)2025-03-05T01:48:34Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
==Strawberry to share /mnt/shared/photo==<br />
<br />
===Setup the Hard Drive===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we creat the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=54Plum (Photo)2025-03-05T01:46:38Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
===Setup Strawberry to share /mnt/shared/photo===<br />
<br />
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we creat the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===Testing===<br />
<br />
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings<br />
* host = strawberry.seaoffate.local<br />
* username = photoup<br />
* password = whatever was set when photoup was created<br />
* port = 22<br />
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.<br />
<br />
<br />
===Plum Setup===<br />
<br />
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client<br />
sudo apt update && sudo apt install nfs-common<br />
Create Mount Point<br />
sudo mkdir /photo<br />
Mount NFS Share by editing the /etc/fstab file<br />
sudo nano /etc/fstab<br />
add a line <br />
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0<br />
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as<br />
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0<br />
save and exit. Then do <br />
sudo systemctl daemon-reload<br />
sudo mount -a<br />
We can check that the shared photo directory is working by doing <br />
ls /photo<br />
WE should se the test.txt file there we can test that it is RO by deleting it<br />
sudo rm test.txt<br />
It should return the error message<br />
rm: cannot remove 'test.txt': Read-only file system</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=53Plum (Photo)2025-03-05T01:22:10Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
===Setup Strawberry to share /mnt/shared/photo===<br />
<br />
First we need to format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we creat the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
Save and exit. Then to apply the export we do<br />
sudo exportfs -a<br />
sudo systemctl restart nfs-kernel-server<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=52Plum (Photo)2025-03-05T01:20:28Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
===Setup Strawberry to share /mnt/shared/photo===<br />
<br />
First we need to format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we creat the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
make sure permissions are correct for /mnt/shared<br />
sudo chown root:root /mnt/shared<br />
sudo chmod 755 /mnt/shared<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to export the directory by editing the exports file<br />
/etc/exports<br />
and add the line<br />
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)<br />
<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
Save and exit. Now apply the config and make sure it works<br />
sudo sshd -t<br />
sudo systemctl restart ssh<br />
sudo systemctl status ssh<br />
<br />
===</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=51Plum (Photo)2025-03-05T01:11:17Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
===Setup Strawberry to share /mnt/shared/photo===<br />
<br />
First we need to format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we craet the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=50Plum (Photo)2025-03-05T01:10:07Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
===Setup Strawberry to share /mnt/shared/photo===<br />
<br />
First we need to format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we craet the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
<br />
===Create an Upload user===<br />
<br />
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"<br />
sudo adduser photoup<br />
set permissions with<br />
sudo chown uploader:uploader /mnt/shared/photo<br />
sudo chmod 775 /mnt/shared/photo<br />
<br />
===Configure NFS Server===<br />
<br />
We need to install the NFS server<br />
sudo apt update && sudo apt install nfs-kernel-server<br />
We need to edit the sshd config <br />
/etc/ssh/sshd_config<br />
Towards the bottom there should be a line <br />
Subsystem sftp /usr/lib/openssh/sftp-server<br />
just below that line add<br />
<nowiki><br />
Match User uploader<br />
ChrootDirectory /mnt/shared<br />
ForceCommand internal-sftp<br />
AllowTcpForwarding no<br />
X11Forwarding no<br />
</nowiki></div>Nigelhttps://wiki.seaoffate.net/index.php?title=Plum_(Photo)&diff=49Plum (Photo)2025-03-05T00:57:30Z<p>Nigel: Created page with "==Introduction== The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive. ==Strawberry== To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be upl..."</p>
<hr />
<div>==Introduction==<br />
<br />
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.<br />
<br />
==Strawberry==<br />
<br />
To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21. <br />
<br />
===Hard Drive===<br />
<br />
Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.<br />
<br />
===Setup Strawberry to share /mnt/shared/photo===<br />
<br />
First we need to format the Hard disk and mount it to /mnt/shared. Run <br />
lsblk <br />
or <br />
sudo fdisk -l <br />
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)<br />
sudo mkfs.ext4 /dev/sdb<br />
Next we craet the mount point for /mnt/shared if it does not already exist<br />
sudo mkdir /mnt/shared<br />
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command<br />
sudo mount /dev/sdb /mnt/shared<br />
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try <br />
ls /mnt/shared<br />
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run <br />
sudo blkid /dev/sdb<br />
and copy the UUID number. Next we need to edit fstab<br />
sudo nano /etc/fstab<br />
and add the line <br />
UUID=your_uuid /mnt/shared ext4 defaults 0 2<br />
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use<br />
sudo mount -a<br />
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory<br />
sudo mkdir /mnt/shared/photo<br />
<br />
===Create an Upload user===<br />
<br />
to</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Webservers&diff=48Webservers2025-03-04T23:22:16Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
==temporary notes==<br />
<br />
new webserver plum 192.168.100.20 enp6s18 using strawberry as a sftp server<br />
<br />
== webservers Purposes ==<br />
<br />
four webservers with the primary job of serving websites have been defined.<br />
<br />
===Logan (Wiki)===<br />
<br />
logan has been setup as a webserver to have the wiki website. It' IP is prod.12 It can be accessed by logan.seaoffate.local, wiki.seaoffate.local or wiki.seaoffate.net<br />
<br />
===Lime (default)===<br />
<br />
The default website is hosted on lime. The IP is prod.10. It can be accessed by lime.seaoffate.local, www.seaoffate.local or www.seaoffate.local.<br />
<br />
===Fig (files)===<br />
<br />
not setup yet ip will is prod.11 <br />
<br />
===[[Plum (Photo)]]===<br />
<br />
This one is to host the photo website, probably Piwigo. It can be accessed at plum.seaoffate.local, photo.seaoffate.local or plum.seaoffate.net. The Ip will be Prod.20. The setup here is to have a normal HD for the webserver but a NFS share for the base photos with only RO access. The actual directory where the photos are shared from will be another VM called strawberry (IP prod.21).<br />
<br />
<br />
== Website log files and locations ==<br />
<br />
The Docroots are <br />
/var/www/wiki.seaoffate.local/public_html<br />
and<br />
/var/www/seaoffate.local/public_html<br />
and<br />
/var/www/files.seaoffate.local/public_html<br />
<br />
The access logs are seperate for each config <br />
<br />
===www.seaoffate on Lime===<br />
<br />
For the .net they are<br />
/var/log/apache2/www.seaoffate.net-error.log<br />
/var/log/apache2/www.seaoffate.net-access.log<br />
and the local are<br />
/var/log/apache2/lime.seaoffate.local-error.log<br />
/var/log/apache2/lime.seaoffate.local-access.log<br />
<br />
===wiki.seaoffate on Logan===<br />
<br />
For the .net they are<br />
/var/log/apache2/wiki.seaoffate.net-error.log<br />
/var/log/apache2/wiki.seaoffate.net-access.log<br />
and the .local are <br />
/var/log/apache2/wiki.seaoffate.local-error.log<br />
/var/log/apache2/wiki.seaoffate.local-access.log<br />
/var/log/apache2/logan.seaoffate.local-error.log<br />
/var/log/apache2/logan.seaoffate.local-access.log<br />
<br />
===Nginx Log Files===<br />
<br />
DocumentRoot /var/www/files.seaoffate.local/public_html<br />
DocumentRoot /var/www/files.seaoffate.local/public_html<br />
DocumentRoot /var/www/files.seaoffate.local/public_html</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Webservers&diff=47Webservers2025-03-04T22:53:13Z<p>Nigel: /* temporary notes */</p>
<hr />
<div>==Introduction==<br />
<br />
==temporary notes==<br />
<br />
new webserver plum 192.168.100.20 enp6s18 using strawberry as a sftp server<br />
<br />
== Website log files and locations ==<br />
<br />
The Docroots are <br />
/var/www/wiki.seaoffate.local/public_html<br />
and<br />
/var/www/seaoffate.local/public_html<br />
and<br />
/var/www/files.seaoffate.local/public_html<br />
<br />
The access logs are seperate for each config <br />
<br />
===www.seaoffate on Lime===<br />
<br />
For the .net they are<br />
/var/log/apache2/www.seaoffate.net-error.log<br />
/var/log/apache2/www.seaoffate.net-access.log<br />
and the local are<br />
/var/log/apache2/lime.seaoffate.local-error.log<br />
/var/log/apache2/lime.seaoffate.local-access.log<br />
<br />
===wiki.seaoffate on Logan===<br />
<br />
For the .net they are<br />
/var/log/apache2/wiki.seaoffate.net-error.log<br />
/var/log/apache2/wiki.seaoffate.net-access.log<br />
and the .local are <br />
/var/log/apache2/wiki.seaoffate.local-error.log<br />
/var/log/apache2/wiki.seaoffate.local-access.log<br />
/var/log/apache2/logan.seaoffate.local-error.log<br />
/var/log/apache2/logan.seaoffate.local-access.log<br />
<br />
===Nginx Log Files===<br />
<br />
DocumentRoot /var/www/files.seaoffate.local/public_html<br />
DocumentRoot /var/www/files.seaoffate.local/public_html<br />
DocumentRoot /var/www/files.seaoffate.local/public_html</div>Nigelhttps://wiki.seaoffate.net/index.php?title=External_Access&diff=46External Access2025-03-04T18:18:05Z<p>Nigel: /* Port Assignments */</p>
<hr />
<div>==Introduction==<br />
<br />
I will want access to various hosts for file shares and configuration. This is where I will describe it. <br />
<br />
<br />
==SSH Access==<br />
<br />
I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one pass rule for each interface because when I am "inside" there is no NAT so I can address the hosts by hostname.<br />
<br />
===Port Assignments=== <br />
<br />
As previously stated each host will listen to SSH on a different port. The assignments are<br />
<br />
* Raisin ..***02<br />
* Lime ...****03<br />
* Fig ....****04<br />
* Logan ..****05<br />
* NS1 ....****06<br />
* Lemon ..****07<br />
* Alpine .****08<br />
* Plum ...****09<br />
* strawberry**10<br />
It would make sense to have them as aliases in Pfsense, each alias will take the form SSH_int_''hostname''. when testing try the user nigel@</div>Nigelhttps://wiki.seaoffate.net/index.php?title=External_Access&diff=45External Access2025-03-04T17:35:14Z<p>Nigel: /* Port Assignments */</p>
<hr />
<div>==Introduction==<br />
<br />
I will want access to various hosts for file shares and configuration. This is where I will describe it. <br />
<br />
<br />
==SSH Access==<br />
<br />
I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one pass rule for each interface because when I am "inside" there is no NAT so I can address the hosts by hostname.<br />
<br />
===Port Assignments=== <br />
<br />
As previously stated each host will listen to SSH on a different port. The assignments are<br />
* Mandarin ***01<br />
* Raisin ..***02<br />
* Lime ...****03<br />
* Fig ....****04<br />
* Logan ..****05<br />
* NS1 ....****06<br />
* Lemon ..****07<br />
* Alpine .****08<br />
* Plum ...****09<br />
It would make sense to have them as aliases in Pfsense, each alias will take the form SSH_int_''hostname''. when testing try the user nigel@</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Webservers&diff=44Webservers2025-03-04T17:30:50Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
==temporary notes==<br />
<br />
new webserver plum 192.168.100.20 enp6s18<br />
<br />
== Website log files and locations ==<br />
<br />
The Docroots are <br />
/var/www/wiki.seaoffate.local/public_html<br />
and<br />
/var/www/seaoffate.local/public_html<br />
and<br />
/var/www/files.seaoffate.local/public_html<br />
<br />
The access logs are seperate for each config <br />
<br />
===www.seaoffate on Lime===<br />
<br />
For the .net they are<br />
/var/log/apache2/www.seaoffate.net-error.log<br />
/var/log/apache2/www.seaoffate.net-access.log<br />
and the local are<br />
/var/log/apache2/lime.seaoffate.local-error.log<br />
/var/log/apache2/lime.seaoffate.local-access.log<br />
<br />
===wiki.seaoffate on Logan===<br />
<br />
For the .net they are<br />
/var/log/apache2/wiki.seaoffate.net-error.log<br />
/var/log/apache2/wiki.seaoffate.net-access.log<br />
and the .local are <br />
/var/log/apache2/wiki.seaoffate.local-error.log<br />
/var/log/apache2/wiki.seaoffate.local-access.log<br />
/var/log/apache2/logan.seaoffate.local-error.log<br />
/var/log/apache2/logan.seaoffate.local-access.log<br />
<br />
===Nginx Log Files===<br />
<br />
DocumentRoot /var/www/files.seaoffate.local/public_html<br />
DocumentRoot /var/www/files.seaoffate.local/public_html<br />
DocumentRoot /var/www/files.seaoffate.local/public_html</div>Nigelhttps://wiki.seaoffate.net/index.php?title=External_Access&diff=43External Access2025-03-01T17:42:46Z<p>Nigel: /* Port Assignments */</p>
<hr />
<div>==Introduction==<br />
<br />
I will want access to various hosts for file shares and configuration. This is where I will describe it. <br />
<br />
<br />
==SSH Access==<br />
<br />
I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one pass rule for each interface because when I am "inside" there is no NAT so I can address the hosts by hostname.<br />
<br />
===Port Assignments=== <br />
<br />
As previously stated each host will listen to SSH on a different port. The assignments are<br />
* Mandarin ***01<br />
* Raisin ..***02<br />
* Lime ...****03<br />
* Fig ....****04<br />
* Logan ..****05<br />
* NS1 ....****06<br />
* Lemon ..****07<br />
* Alpine .****08<br />
<br />
It would make sense to have them as aliases in Pfsense, each alias will take the form SSH_int_''hostname''. when testing try the user nigel@</div>Nigelhttps://wiki.seaoffate.net/index.php?title=External_Access&diff=42External Access2025-03-01T17:30:29Z<p>Nigel: /* Port Assignments */</p>
<hr />
<div>==Introduction==<br />
<br />
I will want access to various hosts for file shares and configuration. This is where I will describe it. <br />
<br />
<br />
==SSH Access==<br />
<br />
I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one pass rule for each interface because when I am "inside" there is no NAT so I can address the hosts by hostname.<br />
<br />
===Port Assignments=== <br />
<br />
As previously stated each host will listen to SSH on a different port. It would make sense to have them as aliases in Pfsense, each alias will take the form SSH_int_''hostname''. The assignments are<br />
* Mandarin ***01<br />
* Raisin ..***02<br />
* Lime ...****03<br />
* Fig ....****04<br />
* Logan ..****05<br />
* NS1 ....****06<br />
* Lemon ..****07<br />
* Alpine .****08</div>Nigelhttps://wiki.seaoffate.net/index.php?title=External_Access&diff=41External Access2025-03-01T17:19:18Z<p>Nigel: /* Port Assignments */</p>
<hr />
<div>==Introduction==<br />
<br />
I will want access to various hosts for file shares and configuration. This is where I will describe it. <br />
<br />
<br />
==SSH Access==<br />
<br />
I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one pass rule for each interface because when I am "inside" there is no NAT so I can address the hosts by hostname.<br />
<br />
===Port Assignments=== <br />
<br />
As previously stated each host will listen to SSH on a different port. It would make sense to have them as aliases in Pfsense, each alias will take the form SSH_int_''hostname''. The assignments are<br />
* Mandarin ***01<br />
* Raisin ..***02<br />
* Lime ...****03<br />
* Fig ....****04<br />
* Logan ..****05<br />
* NS1 ....****06<br />
* Lemon ..****07</div>Nigelhttps://wiki.seaoffate.net/index.php?title=External_Access&diff=40External Access2025-03-01T17:11:51Z<p>Nigel: /* SSH Access */</p>
<hr />
<div>==Introduction==<br />
<br />
I will want access to various hosts for file shares and configuration. This is where I will describe it. <br />
<br />
<br />
==SSH Access==<br />
<br />
I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one pass rule for each interface because when I am "inside" there is no NAT so I can address the hosts by hostname.<br />
<br />
===Port Assignments=== <br />
<br />
As previously stated each host will listen to SSH on a different port. It would make sense to have them as aliases in Pfsense, each alias will take the form SSH_int_''hostname''. The assignments are<br />
* Mandarin ***01<br />
* Raisin ..***02<br />
* Lime ...****03<br />
* Fig ....****04<br />
* Logan ..****05<br />
* NS1 ....****06</div>Nigelhttps://wiki.seaoffate.net/index.php?title=External_Access&diff=39External Access2025-03-01T17:10:56Z<p>Nigel: /* Port Assignments */</p>
<hr />
<div>==Introduction==<br />
<br />
I will want access to various hosts for file shares and configuration. This is where I will describe it. <br />
<br />
<br />
==SSH Access==<br />
<br />
I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one pass rule for each interface because when I am "inside" ther is no NAT so I can address the hosts by hostname.<br />
<br />
===Port Assignments=== <br />
<br />
As previously stated each host will listen to SSH on a different port. It would make sense to have them as aliases in Pfsense, each alias will take the form SSH_int_''hostname''. The assignments are<br />
* Mandarin ***01<br />
* Raisin ..***02<br />
* Lime ...****03<br />
* Fig ....****04<br />
* Logan ..****05<br />
* NS1 ....****06</div>Nigelhttps://wiki.seaoffate.net/index.php?title=External_Access&diff=38External Access2025-03-01T16:26:39Z<p>Nigel: /* Port Assignments */</p>
<hr />
<div>==Introduction==<br />
<br />
I will want access to various hosts for file shares and configuration. This is where I will describe it. <br />
<br />
<br />
==SSH Access==<br />
<br />
I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one pass rule for each interface because when I am "inside" ther is no NAT so I can address the hosts by hostname.<br />
<br />
===Port Assignments=== <br />
<br />
As previously stated each host will listen to SSH on a different port. It would make sense to have them as aliases in Pfsense, each alias will take the form SSH_int_''hostname''. The assignments are<br />
* Mandarin ****01<br />
* Raisin ****02<br />
* Lime ****03<br />
* Fig ****04<br />
* Logan ****05<br />
* NS1 ****06<br />
* mandarin ****07</div>Nigelhttps://wiki.seaoffate.net/index.php?title=External_Access&diff=37External Access2025-03-01T16:19:23Z<p>Nigel: /* Port Assignments */</p>
<hr />
<div>==Introduction==<br />
<br />
I will want access to various hosts for file shares and configuration. This is where I will describe it. <br />
<br />
<br />
==SSH Access==<br />
<br />
I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one pass rule for each interface because when I am "inside" ther is no NAT so I can address the hosts by hostname.<br />
<br />
===Port Assignments=== <br />
<br />
As previously stated each host will listen to SSH on a different port. It would make sense to have them as aliases in Pfsense. The assignments are<br />
* Mandarin ****01<br />
* Raisin ****02<br />
* Lime ****03<br />
* Fig ****04<br />
* Logan ****05<br />
* NS1 ****06<br />
* mandarin ****07</div>Nigelhttps://wiki.seaoffate.net/index.php?title=External_Access&diff=36External Access2025-03-01T16:14:36Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
I will want access to various hosts for file shares and configuration. This is where I will describe it. <br />
<br />
<br />
==SSH Access==<br />
<br />
I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one pass rule for each interface because when I am "inside" ther is no NAT so I can address the hosts by hostname.<br />
<br />
===Port Assignments=== <br />
<br />
As previously stated each host will listen to SSH on a different port. It would make sense to have them as aliases in Pfsense. The assignments are<br />
* mandarin ****01</div>Nigelhttps://wiki.seaoffate.net/index.php?title=External_Access&diff=35External Access2025-03-01T15:53:02Z<p>Nigel: /* SSH Access */</p>
<hr />
<div>==Introduction==<br />
<br />
I will want access to various hosts for file shares and configuration. This is where I will describe it. <br />
<br />
<br />
==SSH Access==<br />
<br />
I will want access to the hosts inside the network not least the production hosts to continue the configuration while I am somewhere else. The problem is that Pfsense can only forward based on port so if I want to SSH to Lime from outside of the WAN port of Pfsense there is no way of the firewall from knowing that mean Lime and not Lemon. I could setup a bastion host to forward on SSH to the various hosts and I may well set it up at a later date just so that I know how but it is a bit of overkill for such a small number hosts. I have instead chosen to have each host listen at a different port so all I need is to have a table showing which port to which host, it will still be secure as it will still be SSH but instead. I will still need a firewall port forward rule for each host internally I will only need one</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Webservers&diff=30Webservers2025-03-01T07:30:07Z<p>Nigel: /* Website log files and locations */</p>
<hr />
<div>==Introduction==<br />
<br />
<br />
== Website log files and locations ==<br />
<br />
The Docroots are <br />
/var/www/wiki.seaoffate.local/public_html<br />
and<br />
/var/www/seaoffate.local/public_html<br />
<br />
The access logs are seperate for each config <br />
<br />
===www.seaoffate on Lime===<br />
<br />
For the .net they are<br />
/var/log/apache2/www.seaoffate.net-error.log<br />
/var/log/apache2/www.seaoffate.net-access.log<br />
and the local are<br />
/var/log/apache2/lime.seaoffate.local-error.log<br />
/var/log/apache2/lime.seaoffate.local-access.log<br />
<br />
===wiki.seaoffate on Logan===<br />
<br />
For the .net they are<br />
/var/log/apache2/wiki.seaoffate.net-error.log<br />
/var/log/apache2/wiki.seaoffate.net-access.log<br />
and the .local are <br />
/var/log/apache2/wiki.seaoffate.local-error.log<br />
/var/log/apache2/wiki.seaoffate.local-access.log<br />
/var/log/apache2/logan.seaoffate.local-error.log<br />
/var/log/apache2/logan.seaoffate.local-access.log<br />
<br />
===Nginx Log Files===</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Webservers&diff=29Webservers2025-03-01T07:26:21Z<p>Nigel: Created page with "==Introduction== == Website log files and locations == The Docroots are /var/www/wiki.seaoffate.local/public_html and /var/www/seaoffate.local/public_html The access logs are seperate for each config ===www.seaoffate on Lime=== For the .net they are /var/log/apache2/www.seaoffate.net-error.log /var/log/apache2/www.seaoffate.net-access.log and the local are /var/log/apache2/lime.seaoffate.local-error.log /var/log/apache2/lime.seaoffate.local-access.log ===w..."</p>
<hr />
<div>==Introduction==<br />
<br />
<br />
== Website log files and locations ==<br />
<br />
The Docroots are <br />
/var/www/wiki.seaoffate.local/public_html<br />
and<br />
/var/www/seaoffate.local/public_html<br />
<br />
The access logs are seperate for each config <br />
<br />
===www.seaoffate on Lime===<br />
<br />
For the .net they are<br />
/var/log/apache2/www.seaoffate.net-error.log<br />
/var/log/apache2/www.seaoffate.net-access.log<br />
and the local are<br />
/var/log/apache2/lime.seaoffate.local-error.log<br />
/var/log/apache2/lime.seaoffate.local-access.log<br />
<br />
===wiki.seaoffate on Logan===<br />
<br />
For the .net they are<br />
/var/log/apache2/wiki.seaoffate.net-error.log<br />
/var/log/apache2/wiki.seaoffate.net-access.log<br />
and the .local are <br />
/var/log/apache2/wiki.seaoffate.local-error.log<br />
/var/log/apache2/wiki.seaoffate.local-access.log<br />
/var/log/apache2/logan.seaoffate.local-error.log<br />
/var/log/apache2/logan.seaoffate.local-access.log</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Virtual_Machines&diff=28Virtual Machines2025-02-28T20:25:36Z<p>Nigel: /* Virtual Machine Installation & Configuration Notes */</p>
<hr />
<div>==Introduction==<br />
<br />
There will be a variety of Virtual Machines contained within the [[Home Lab]]. A Brief description will be provided here with a more complete set of notes on each individual VM on the links.<br />
<br />
==Virtual Machine Installation & Configuration Notes==<br />
<br />
===Qemu Agent Install===<br />
<br />
All VMs should have the qemu guest installed even server installs, it will allow the guest VM to communicate with Proxmox and give better options from the Proxmox . For Debian / Ubuntu type.<br />
sudo apt update && install qemu-guest-agent<br />
For Windows VMs there is a cd that can be referenced when defining the VM. On the OS page as soon as the Guest OS "Microsoft Windows" is selected a tick box, with the title "Add additional drive for VirtIO Drivers" appears. When selected find an ISO image "Virtio-win.iso". If it is not available it can be added to the ISO library on Proxmox by downloading it from [https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso] or [https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso].<br />
<br />
==Virtual Machines==<br />
A fairly high description of each of the VMs in use in the [[Home Lab]].<br />
<br />
===Firewall===<br />
<br />
====[[Pfsense]]====<br />
<br />
The firewall and gateway to the whole of the [[Home Lab]]. The Virgin router will forward all incoming traffic from the Internet to the WAN port of the firewall at 192.168.0.125. The Firewall has five other internal interfaces to link to the Home Lab environment. 192.168.99.10/24 is the MGT VLAN it should be severely restricted to maintain security it is the only VLAN to be able to access the WebGUI of Pfsense. The Production VLAN is where all of the file and web servers are, the gateway address is 192.168.100.1/24. The Infra VLAN gateway 192.168.110.10/24 is where any supporting services will be located, at present there is only a Nameserver. I have reserved a VLAN called VPNnet with a gateway address of 192.168.130.1/24 for a VPN server to provide a VPN tunnel from remote terminals, there will not be many concurrent connections so a /24 network will be more than sufficient. The last VLAN has a Pfsense interface of 192.168.111.1/24 for any Desktop VM terminals that I will use while i am out, I have called this terminals. Further details of the [[Pfsense]] firewall can be found [[Pfsense | here]].<br />
<br />
===MGT VLAN===<br />
<br />
====[[Management kiosk]]====<br />
<br />
A desktop Linux used to configure other VMs including Pfsense. As it is so sensitive i have kept it isolated on the MGT VLAN. There I have setup passwordless ssh to various other VMs as well. The host is called Lemon and has an IP Address of 192.168.99.20/24.<br />
<br />
====[[CA Server]]====<br />
<br />
I have setup a host specifically to issue SSL certificates. The host name is Alpine with an IP of 192.168.99.25/24. <br />
<br />
===Infra Vlan===<br />
<br />
====[[Nameserver]]====<br />
<br />
There is only one nameserver at the moment called ns1 192.168.110.11/24. It is the only host on the Infra VLAN.<br />
<br />
===VPNNet VLAN===<br />
<br />
====[[VPNserver]]====<br />
<br />
There will be a VPN server called vanilla at 192.168.130.5/24. It will control VPN access to the rest of the network.<br />
<br />
===Terminals===<br />
<br />
====[[Remote Access Terminal]]====<br />
<br />
There will be two VMs setup on teminals VLAN (192.168.111.0/24 with a desktop that I will provide for remote access one of them will be Linux (Ubuntu), hostname Lychee and the other will be Windows 11 Pro with a hostname Wahoo. <br />
<br />
===Prodution===<br />
<br />
====[[Reverse Proxy]]====<br />
<br />
The Reverse proxy Ngnix install is hosted on Raisin 192.168.100.9/24. It should be setup to fetch SSL certs from Letsencrypt and copy the certs to the various webservers that need them. It's primary role, of course is to manage access to the webservers.<br />
<br />
===[[Webservers]]===<br />
<br />
There wil be at least two webservers, One hosting www.seaoffate.net and the other hosting wiki.seaoffate.net. These will also be servicing .local addresses. MySQL will be on a different host. There will be other hosts that have some sort of webserver on them but not as a primary role.<br />
<br />
<br />
===[[File server]]===<br />
<br />
There is a file server called fig at 192.168.100.11. It will also have a webserver installed and will answer to files.seaoffate.net & files.seaoffate.local. It should be configured to serve files using NFS,FTP and SMB locally but only SFTP externally. <br />
<br />
===[[MySQL Server]]===<br />
<br />
Manderin at 192.168.100.8/24 is hosting the MySQL Databases.I will probably install phpmyadmin at some point to make DB management a bit easier but I doubt if I will give it external access.<br />
<br />
===Future VMs===<br />
<br />
I may well setup a streaming server with some sort of NFS RO share from the file server.</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Virtual_Machines&diff=27Virtual Machines2025-02-28T20:24:02Z<p>Nigel: /* Virtual Machine Installation & Configuration Notes */</p>
<hr />
<div>==Introduction==<br />
<br />
There will be a variety of Virtual Machines contained within the [[Home Lab]]. A Brief description will be provided here with a more complete set of notes on each individual VM on the links.<br />
<br />
==Virtual Machine Installation & Configuration Notes==<br />
<br />
All VMs should have the qemu guest installed even server installs, it will allow the guest VM to communicate with Proxmox and give better options from the Proxmox . For Debian / Ubuntu type.<br />
sudo apt update && install qemu-guest-agent<br />
For Windows VMs there is a cd that can be referenced when defining the VM. On the OS page as soon as the Guest OS "Microsoft Windows" is selected a tick box, with the title "Add additional drive for VirtIO Drivers" appears. When selected find an ISO image "Virtio-win.iso". If it is not available it can be added to the ISO library on Proxmox by downloading it from [https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso] or [https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso].<br />
<br />
==Virtual Machines==<br />
A fairly high description of each of the VMs in use in the [[Home Lab]].<br />
<br />
===Firewall===<br />
<br />
====[[Pfsense]]====<br />
<br />
The firewall and gateway to the whole of the [[Home Lab]]. The Virgin router will forward all incoming traffic from the Internet to the WAN port of the firewall at 192.168.0.125. The Firewall has five other internal interfaces to link to the Home Lab environment. 192.168.99.10/24 is the MGT VLAN it should be severely restricted to maintain security it is the only VLAN to be able to access the WebGUI of Pfsense. The Production VLAN is where all of the file and web servers are, the gateway address is 192.168.100.1/24. The Infra VLAN gateway 192.168.110.10/24 is where any supporting services will be located, at present there is only a Nameserver. I have reserved a VLAN called VPNnet with a gateway address of 192.168.130.1/24 for a VPN server to provide a VPN tunnel from remote terminals, there will not be many concurrent connections so a /24 network will be more than sufficient. The last VLAN has a Pfsense interface of 192.168.111.1/24 for any Desktop VM terminals that I will use while i am out, I have called this terminals. Further details of the [[Pfsense]] firewall can be found [[Pfsense | here]].<br />
<br />
===MGT VLAN===<br />
<br />
====[[Management kiosk]]====<br />
<br />
A desktop Linux used to configure other VMs including Pfsense. As it is so sensitive i have kept it isolated on the MGT VLAN. There I have setup passwordless ssh to various other VMs as well. The host is called Lemon and has an IP Address of 192.168.99.20/24.<br />
<br />
====[[CA Server]]====<br />
<br />
I have setup a host specifically to issue SSL certificates. The host name is Alpine with an IP of 192.168.99.25/24. <br />
<br />
===Infra Vlan===<br />
<br />
====[[Nameserver]]====<br />
<br />
There is only one nameserver at the moment called ns1 192.168.110.11/24. It is the only host on the Infra VLAN.<br />
<br />
===VPNNet VLAN===<br />
<br />
====[[VPNserver]]====<br />
<br />
There will be a VPN server called vanilla at 192.168.130.5/24. It will control VPN access to the rest of the network.<br />
<br />
===Terminals===<br />
<br />
====[[Remote Access Terminal]]====<br />
<br />
There will be two VMs setup on teminals VLAN (192.168.111.0/24 with a desktop that I will provide for remote access one of them will be Linux (Ubuntu), hostname Lychee and the other will be Windows 11 Pro with a hostname Wahoo. <br />
<br />
===Prodution===<br />
<br />
====[[Reverse Proxy]]====<br />
<br />
The Reverse proxy Ngnix install is hosted on Raisin 192.168.100.9/24. It should be setup to fetch SSL certs from Letsencrypt and copy the certs to the various webservers that need them. It's primary role, of course is to manage access to the webservers.<br />
<br />
===[[Webservers]]===<br />
<br />
There wil be at least two webservers, One hosting www.seaoffate.net and the other hosting wiki.seaoffate.net. These will also be servicing .local addresses. MySQL will be on a different host. There will be other hosts that have some sort of webserver on them but not as a primary role.<br />
<br />
<br />
===[[File server]]===<br />
<br />
There is a file server called fig at 192.168.100.11. It will also have a webserver installed and will answer to files.seaoffate.net & files.seaoffate.local. It should be configured to serve files using NFS,FTP and SMB locally but only SFTP externally. <br />
<br />
===[[MySQL Server]]===<br />
<br />
Manderin at 192.168.100.8/24 is hosting the MySQL Databases.I will probably install phpmyadmin at some point to make DB management a bit easier but I doubt if I will give it external access.<br />
<br />
===Future VMs===<br />
<br />
I may well setup a streaming server with some sort of NFS RO share from the file server.</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Virtual_Machines&diff=26Virtual Machines2025-02-28T20:23:11Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
There will be a variety of Virtual Machines contained within the [[Home Lab]]. A Brief description will be provided here with a more complete set of notes on each individual VM on the links.<br />
<br />
==Virtual Machine Installation & Configuration Notes==<br />
<br />
All VMs should have the qemu guest installed even server installs, it will allow the guest VM to communicate with Proxmox and give better options from the Proxmox . For Debian / Ubuntu type.<br />
sudo apt update && install qemu-guest-agent<br />
For Windows VMs there is a cd that can be referenced when defining the VM. On the OS page as soon as the Guest OS "Microsoft Windows" is selected a tick box, with the title "Add additional drive for VirtIO Drivers" appears. When selected find an ISO image "Virtio-win.iso". If it is not available it can be added to the ISO library on Proxmox by downloading it from [https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso] or [https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/stable-virtio/virtio-win.iso].<br />
<br />
<br />
==Virtual Machines==<br />
A fairly high description of each of the VMs in use in the [[Home Lab]].<br />
<br />
===Firewall===<br />
<br />
====[[Pfsense]]====<br />
<br />
The firewall and gateway to the whole of the [[Home Lab]]. The Virgin router will forward all incoming traffic from the Internet to the WAN port of the firewall at 192.168.0.125. The Firewall has five other internal interfaces to link to the Home Lab environment. 192.168.99.10/24 is the MGT VLAN it should be severely restricted to maintain security it is the only VLAN to be able to access the WebGUI of Pfsense. The Production VLAN is where all of the file and web servers are, the gateway address is 192.168.100.1/24. The Infra VLAN gateway 192.168.110.10/24 is where any supporting services will be located, at present there is only a Nameserver. I have reserved a VLAN called VPNnet with a gateway address of 192.168.130.1/24 for a VPN server to provide a VPN tunnel from remote terminals, there will not be many concurrent connections so a /24 network will be more than sufficient. The last VLAN has a Pfsense interface of 192.168.111.1/24 for any Desktop VM terminals that I will use while i am out, I have called this terminals. Further details of the [[Pfsense]] firewall can be found [[Pfsense | here]].<br />
<br />
===MGT VLAN===<br />
<br />
====[[Management kiosk]]====<br />
<br />
A desktop Linux used to configure other VMs including Pfsense. As it is so sensitive i have kept it isolated on the MGT VLAN. There I have setup passwordless ssh to various other VMs as well. The host is called Lemon and has an IP Address of 192.168.99.20/24.<br />
<br />
====[[CA Server]]====<br />
<br />
I have setup a host specifically to issue SSL certificates. The host name is Alpine with an IP of 192.168.99.25/24. <br />
<br />
===Infra Vlan===<br />
<br />
====[[Nameserver]]====<br />
<br />
There is only one nameserver at the moment called ns1 192.168.110.11/24. It is the only host on the Infra VLAN.<br />
<br />
===VPNNet VLAN===<br />
<br />
====[[VPNserver]]====<br />
<br />
There will be a VPN server called vanilla at 192.168.130.5/24. It will control VPN access to the rest of the network.<br />
<br />
===Terminals===<br />
<br />
====[[Remote Access Terminal]]====<br />
<br />
There will be two VMs setup on teminals VLAN (192.168.111.0/24 with a desktop that I will provide for remote access one of them will be Linux (Ubuntu), hostname Lychee and the other will be Windows 11 Pro with a hostname Wahoo. <br />
<br />
===Prodution===<br />
<br />
====[[Reverse Proxy]]====<br />
<br />
The Reverse proxy Ngnix install is hosted on Raisin 192.168.100.9/24. It should be setup to fetch SSL certs from Letsencrypt and copy the certs to the various webservers that need them. It's primary role, of course is to manage access to the webservers.<br />
<br />
===[[Webservers]]===<br />
<br />
There wil be at least two webservers, One hosting www.seaoffate.net and the other hosting wiki.seaoffate.net. These will also be servicing .local addresses. MySQL will be on a different host. There will be other hosts that have some sort of webserver on them but not as a primary role.<br />
<br />
<br />
===[[File server]]===<br />
<br />
There is a file server called fig at 192.168.100.11. It will also have a webserver installed and will answer to files.seaoffate.net & files.seaoffate.local. It should be configured to serve files using NFS,FTP and SMB locally but only SFTP externally. <br />
<br />
===[[MySQL Server]]===<br />
<br />
Manderin at 192.168.100.8/24 is hosting the MySQL Databases.I will probably install phpmyadmin at some point to make DB management a bit easier but I doubt if I will give it external access.<br />
<br />
===Future VMs===<br />
<br />
I may well setup a streaming server with some sort of NFS RO share from the file server.</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Open_several_ssh_terminals_at_once&diff=25Open several ssh terminals at once2025-02-28T18:59:47Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
Continuing the theme of '''[[Random stuff]]''' and more particularly of '''[[Code Snippets]]''' and '''[[Linux Bash & Shell]]'''. This is how to open several terminals at once.<br />
<br />
==The First version==<br />
<br />
===Code===<br />
Open a text file with the ext of .sh<br />
nano ./open_prod_terminals.sh<br />
Copy the following into the file.<br />
#!/bin/bash<br />
#<br />
# Open SSH sessions in separate terminal windows<br />
gnome-terminal --tab --title="logan" -- bash -c "ssh logan; exec bash"<br />
gnome-terminal --tab --title="fig" -- bash -c "ssh fig; exec bash"<br />
gnome-terminal --tab --title="mandarin" -- bash -c "ssh mandarin; exec bash"<br />
#<br />
exit 0<br />
Save and exit. Next we have to make it executable.<br />
chmod +x ./open_prod_terminals.sh<br />
From now we can use ./open_prod_terminals.sh to open several terminals at once. <br />
<br />
===create an alias===<br />
<br />
The text is a bit long and i will not want to type out the whole thing so instead we will create an alias of ./open_prod_terminals.sh. To do this open the shell configuration file<br />
nano ~/.bashrc<br />
Scroll down to the bottom and add the line <br />
alias sshp='./open_prod_terminals.sh' # alias to open production host ssh all at once <br />
Save and exit. to reload the .bashrc so the alias is available immediately we need to "source" it.<br />
source ~/.bashrc<br />
Now type sshp to open a SSH session to the Production terminals.</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Open_several_ssh_terminals_at_once&diff=24Open several ssh terminals at once2025-02-28T18:42:21Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
Continuing the theme of '''[[Random stuff]]''' and more particularly of '''[[Code Snippets]]''' and '''[[Linux Bash & Shell]]'''. This is how to open several terminals at once.<br />
<br />
==The First version==<br />
<br />
Open a text file with the ext of .sh<br />
nano ./open_prod_terminals.sh<br />
Copy the following into the file.<br />
#!/bin/bash<br />
<br />
# Open SSH sessions in separate terminal windows<br />
gnome-terminal --tab --title="logan" -- bash -c "ssh logan; exec bash"<br />
gnome-terminal --tab --title="fig" -- bash -c "ssh fig; exec bash"<br />
gnome-terminal --tab --title="mandarin" -- bash -c "ssh mandarin; exec bash"<br />
<br />
exit 0</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Open_several_ssh_terminals_at_once&diff=23Open several ssh terminals at once2025-02-28T18:35:06Z<p>Nigel: Created page with "==Introduction== Continuing the theme of '''Random stuff''' and more particularly of '''Code Snippets'''"</p>
<hr />
<div>==Introduction==<br />
Continuing the theme of '''[[Random stuff]]''' and more particularly of '''[[Code Snippets]]'''</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Linux_Bash_%26_Shell&diff=22Linux Bash & Shell2025-02-28T18:34:33Z<p>Nigel: /* =Open several ssh terminals at once */</p>
<hr />
<div>==Introduction==<br />
<br />
Continuing the theme of '''[[Random stuff]]''' and more particularly of '''[[Code Snippets]]''' here is some shell scripts for Linux<br />
<br />
==The Scripts==<br />
<br />
===[[Open several ssh terminals at once]]===<br />
<br />
I had already set up password less terminals opening to several common hosts with the format "ssh hostname", I thought it would be nice to open a terminal to all of the prod hosts from a script. then i thought it would be good to give it an alias.</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Linux_Bash_%26_Shell&diff=21Linux Bash & Shell2025-02-28T18:34:22Z<p>Nigel: </p>
<hr />
<div>==Introduction==<br />
<br />
Continuing the theme of '''[[Random stuff]]''' and more particularly of '''[[Code Snippets]]''' here is some shell scripts for Linux<br />
<br />
==The Scripts==<br />
<br />
===[[Open several ssh terminals at once]]==<br />
<br />
I had already set up password less terminals opening to several common hosts with the format "ssh hostname", I thought it would be nice to open a terminal to all of the prod hosts from a script. then i thought it would be good to give it an alias.</div>Nigelhttps://wiki.seaoffate.net/index.php?title=Linux_Bash_%26_Shell&diff=20Linux Bash & Shell2025-02-28T18:24:41Z<p>Nigel: Created page with "==Introduction== Continuing the theme of Random stuff and more particularly of"</p>
<hr />
<div>==Introduction==<br />
<br />
Continuing the theme of [[Random stuff]] and more particularly of</div>Nigel