Plum (Photo): Difference between revisions

From Sea of Fate
Jump to navigationJump to search
← Older edit
No edit summary
 
(25 intermediate revisions by 4 users not shown)
Line 1: Line 1:
==Introduction==
==Introduction==


The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a hard drive for it's OS as normal but read only access to the photo archive.
The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a SSD hard drive for it's OS as normal but it will have a large hard drive from the ZFS Proxmox storage to store the photos and video. We can add the hd as soon as the VM is created but leave it to be formatted and mounted later.


==Strawberry==
==Updates==


To separate the photo archive from the webserver and avoid any data loss of the original photos we will store the files on a different VM and share the files by a read only NFS. All pictures will be uploaded to this other VM that has read and write access. This other host is named strawberry and has an IP address of prod.21.  
Both Logan and '''[[Lime]]''' have been retired with all of their website setup file and database moved to Plum as vhosts. '''[[Postfix Installation| Postfix ]]'''is also running from Plum as well.


===Hard Drive===
==Initial Setup==


Strawberry has a normal HD for it's OS but it has a large additional drive from the pearpool/PoolForPear/Pdata/shared, this is listed as AllSharedFiles on datacenter->storage and has an initial size of 4TB. It is mounted at /mnt/shared. To give a plum access to photos there is a directory called photo, this is the limit of plum's sight of the files on /mnt/shared and if some other VM needs to have access to a different share we could create another share off of mnt/shared or share /mnt/shared completely.
The first things we need to do is to install Apache and configure the webserver, as soon as that is done we should setup the reverse proxy on Raisin. The good news is that we have some scripts to do that as it is just boiler plate stuff all we need to say here is that the website will be called photo or more precisely photo.seaoffate.net. To use the wonderful scripts we must first copy them from Lemon so open a terminal on lemon and cd to ~/templates once that is done enter the command
scp create_apache_config.sh lamp_client_install.sh nigel@plum:~/
This will copy the files to the home dir of nigel (if SSH is not ready yet on plum look here). When the two are copied they will need to be made executable and make sure they are owned by the set user so login to plum and
sudo chown nigel:nigel create_apache_config.sh
sudo chown nigel:nigel lamp_client_install.sh
sudo chmod 755 lamp_client_install.sh
sudo chmod 755 create_apache_config.sh
Now that we have the first scripts we can execute them
./lamp_client_install.sh
and then setup the websites with the other script
./create_apache_config.sh photo
This script will create the configs for the hostname(plum) and the parameter in this case photo. We will get 6 configs both the http and https for plum.seaofffate.local and photo.seaoffate.local and photo.seaoffate.net. We will should check that the seaoffate.crt is in the /etc/ssl/certs dir
ls -l /etc/ssl/certs/
If it is missing then we should get the cert and key and mv it to the /etc/ssl/ dirs it should be called "seaoffate" (.crt & .key) to match the Apache configs that we just created. The next thing we need to do is get the piwigo zip file. Probably the best thing is to get it downloaded on to one of the desktop Linux VMs and scp it to this at the home dir. We will need to copy the zip to the public_html (best to cp rather than mv in case we need to redo the install and we would just delete everything in public_html). First we install zip, then cp the zip file then cd to where we want to extract to
sudo apt install zip
sudo cp piwigo-15.4.0.zip /var/www/plum.seaoffate.local
cd /var/www/plum.seaoffate.local
Then delete the existing public_html
sudo rm -rf /var/www/plum.seaoffate.local/public_html
and then unzip the file with
sudo unzip piwigo-15.4.0.zip -d .
This will create a dir called piwigo and so we rename it to public_html
sudo mv piwigo /var/www/plum.seaoffate.local/public_html
so we now should have all of the files extracted in to the docroot of our website we now need to change the permissions & ownership to the apache user
sudo chown -R www-data:www-data /var/www/plum.seaoffate.local/public_html/
sudo chmod 755 -R /var/www/plum.seaoffate.local/public_html/


==Strawberry & Plum Drive Sharing==
Before we can proceed with the installation at a web browser we have to create a database and for piwigo to use so ssh to mandarin and start a MySQL session with
 
  sudo mysql -u root -p
===Setup the Hard Drive===
at the mysql> prompt we need to create the database
 
  CREATE DATABASE piwigo_db;
First we need to login to strawberry and format the Hard disk and mount it to /mnt/shared. Run
and then the user with privileges to the database, we will restrict this user to the plum host only
lsblk
  CREATE USER 'piwigo_user'@'192.168.100.22' IDENTIFIED BY 'your_strong_password';
or
  GRANT ALL PRIVILEGES ON piwigo_db.* TO 'piwigo_user'@'192.168.100.22';
  sudo fdisk -l
  FLUSH PRIVILEGES;
to identify the disk to mount, it will probably be "sdb" or "/dev/sdb" or some thing similar it will be the large one in any case as we are starting with 4tb. We will not be creating a new partition, just directories, so no need for that, we will format the entire drive. To format the entire drive with ext4 we use the command (obviously, use the actual drive shown by lsblk or fdisk -l)
  exit;
sudo mkfs.ext4 /dev/sdb
Armed with our newly created database and user we can now start the web installation so we need to go get a web browser to https://photo.seaoffate.local. if that takes us to the nginix holding page we will need to setup raisin to do the reverse proxy thing or we could continue from a client inside the Pfsense but if we do that we still have to do the raisin set up at some point. so we may as well do so now so SSH to raisin
Next we create the mount point for /mnt/shared if it does not already exist
  cd /etc/nginx/sites-available
  sudo mkdir /mnt/shared
  sudo cp wiki.conf photo.conf
If it does exist see if there is anything stored there and possibly move it somewhere else. but if it is empty it is ok to use as is. Now there is somewhare to mount the drive we can use the mount command
  sudo cp wiki.seaoffate.local.ssl.conf photo.seaoffate.local.ssl.conf
sudo mount /dev/sdb /mnt/shared
  sudo cp wiki.seaoffate.net.conf photo.seaoffate.net.conf
this will mount dev/sdb to the mount point /mnt/shared. To prove that it worked try
Then modify them to replace the servernames and ip addresses. While it is not pretty it does work and the scripts that we had generated forwarding loops so we can't use them. It looks like the reverse proxy was redirecting as well as the origin so it was causing a problem for browsers, we should only have the origin browser do any redirect between 80 and 443. Once this is done proceed to the web browser part of the piwigi installation. Keep a record of passwords in a password manager. The Details that need to be entered on the web install are:
  ls /mnt/shared
* For the database Hostname is the IP of Mandarin 192.168.100.8
You should see the lost+found directory, which is created by ext4. We now need to configure /etc/fstab (for Automatic Mounting). We will need the UUID to add to /etc/fstab so run
* For the username it will be as was entered in the DB setup earlier piwigo_user
  sudo blkid /dev/sdb
* For the password it should be on the keepass under piwigo mysql user
and copy the UUID number. Next we need to edit fstab
* The database name will also be the name setup earlier piwigo_db
  sudo nano /etc/fstab
* Administration configuration username should be stored in the keepass password manager
and add the line
* Get the password from the same as username
  UUID=your_uuid /mnt/shared ext4 defaults 0 2
* use sailor@seaoffate.net as this should be redirected by Cloudflare
Replace your_uuid with the value from blkid /dev/sdb.Save and exit. To verify that the fstab edits were ok use
Most of the install is now done. we could use the application as is but we would run out of storage for photos before too long so we will add a big hard drive to the installation mounting it inside public_html/galleries.
sudo mount -a
If there is anything wrong there should be an error message. The last thing to do is to create the photo directory
sudo mkdir /mnt/shared/photo
 
 
===Create an Upload user===
 
To do any SFTP uploads we will need an user to upload photos, we will call it "photoup"
sudo adduser photoup
set permissions with
sudo chown uploader:uploader /mnt/shared/photo
sudo chmod 775 /mnt/shared/photo
make sure permissions are correct for /mnt/shared
sudo chown root:root /mnt/shared
sudo chmod 755 /mnt/shared
 
===Configure NFS Server===
 
We need to install the NFS server
sudo apt update && sudo apt install nfs-kernel-server
We need to export the directory by editing the exports file
/etc/exports
and add the line
/mnt/shared/photo 192.168.100.20(ro,sync,no_subtree_check)
Save and exit. Then to apply the export we do
sudo exportfs -a
sudo systemctl restart nfs-kernel-server
 
We need to edit the sshd config
/etc/ssh/sshd_config
Towards the bottom there should be a line
Subsystem      sftp    /usr/lib/openssh/sftp-server
just below that line add
 
Match User uploader
    ChrootDirectory /mnt/shared
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no
Save and exit. Now apply the config and make sure it works
sudo sshd -t
sudo systemctl restart ssh
sudo systemctl status ssh
 
===Testing===
 
We should test that the SFTP server is working by using a SFTP client like filezilla to connect and upload a text file from a local VM like the mgtConsole(lemon). use the following settings
* host = strawberry.seaoffate.local
* username = photoup
* password = whatever was set when photoup was created
* port = 22
We should be able to upload a test.txt file to the directory photo if not troubleshoot before going to the next thing.
 
 
===Plum Setup===
 
Now that the photo directory is setup and exported by strawberry we can mount it as a NFS share in Plum. To that end login to Plum then install the nfs client
sudo apt update && sudo apt install nfs-common
Create Mount Point
sudo mkdir /photo
Mount NFS Share by editing the /etc/fstab file
sudo nano /etc/fstab
add a line
192.168.100.21:/mnt/shared/photo /photo nfs ro,defaults 0 0
this mounts the /mnt/shared/photo directory from strawberry to /photo on plum with ro pemissions. if we wanted to call it pictures we would have it as
192.168.100.21:/mnt/shared/photo /pictures nfs ro,defaults 0 0
save and exit. Then do  
sudo systemctl daemon-reload
sudo mount -a
We can check that the shared photo directory is working by doing
ls /photo
WE should se the test.txt file there we can test that it is RO by deleting it
sudo rm test.txt
It should return the error message
rm: cannot remove 'test.txt': Read-only file system
 
==Webserver Setup==
 
There will be a webserver on Plum to display all of the photos. We will be installing Piwigo as the CMS.
 
 
===Plum===
 
The same set of servers to listen to as above so seperate config for plum.seaoffate.local, photo.seaoffate.local and plum.seaoffate.net. They will all be serving the same data so we create that first.
 
====Server Configs====
  sudo mkdir -p /var/www/plum.seaoffate
sudo chown www-data:www-data /var/www/plum.seaoffate
Next we create Virtual Host Configuration Files 
sudo nano /etc/apache2/sites-available/plum.seaoffate.local.conf
We need to put in the following config
  <VirtualHost *:80>
    ServerName plum.seaoffate.local
    DocumentRoot /var/www/plum.seaoffate/public_html
 
    ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.local-error.log
    CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.local-access.log combined
</VirtualHost>
save and exit. Then the next with
sudo nano /etc/apache2/sites-available/photo.seaoffate.local.conf
and fill in
  <VirtualHost *:80>
    ServerName photo.seaoffate.local
    DocumentRoot /var/www/plum.seaoffate/public_html
 
    ErrorLog ${APACHE_LOG_DIR}/photo.seaoffate.local-error.log
    CustomLog ${APACHE_LOG_DIR}/photo.seaoffate.local-access.log combined
</VirtualHost>
The last one
sudo nano /etc/apache2/sites-available/plum.seaoffate.net.conf
should contain the .net config
  <VirtualHost *:80>
    ServerName plum.seaoffate.net
    DocumentRoot /var/www/plum.seaoffate/public_html
 
    ErrorLog ${APACHE_LOG_DIR}/plum.seaoffate.net-error.log
    CustomLog ${APACHE_LOG_DIR}/plum.seaoffate.net-access.log combined
</VirtualHost>
Once they are done we need to enable them all
sudo a2ensite plum.seaoffate.local.conf
sudo a2ensite photo.seaoffate.local.conf
sudo a2ensite plum.seaoffate.net.conf
and disable the default
sudo a2dissite 000-default.conf
We now restart apache with
sudo systemctl restart apache2
If we want the default index files from /var/www/html
cd /var/html
sudo cp *.* /var/www/plum.seaoffate/public_html
We can now test the plum webserver by browsing to http://plum.seaoffate.local and http://photo.seaoffate.local, if photo does not work or keeps defaulting to https check ns1 to make sure there is an entry for photo.seoffate.local
 
====Piwigo Requirements====
 
Get the webserver mods
sudo apt update
sudo apt install php libapache2-mod-php php-mysql php-gd php-curl php-xml php-mbstring mysql-client
 
Download Piwigo from the official website on lemon and copy it to plum
scp ~/Downloads/piwigo-15.4.0.zip [email protected]:~/
sudo cp ~/piwigo-15.4.0.zip /var/www/plum.seaoffate/public_html
 
Extract the Piwigo archive to /var/www/plum.seaoffate/public_html
cd /var/www/plum.seaoffate/public_html
sudo unzip piwigo-15.4.0.zip
sudo chown -R www-data:www-data /var/www/plum.seaoffate/public_html
 
Mount Read-Only Photo Directory
 
Create a symlink in Piwigo's _data/galleries directory
sudo ln -s /photo /var/www/plum.seaoffate/public_html/_data/galleries/original_photos
 
====Piwigo Configuration====
 
Access Piwigo through your browser (e.g., plum.seaoffate.local).
 
Follow the installation wizard, providing database details and administrator credentials.
 
For the "Photos Directory" during install, ensure that it is set to the symlink directory, like _data/galleries/original_photos
 
 
===Reverse Proxy===
 
We will have to forward browser requests from both local and remote so there will be three config files to edit one for plum.seaoffate.local, photo.seaoffate.local and another config for plum.seaoffate.net.
 
====Configure the forwarders====
 
First of all login to logan. We have to create some config files
sudo nano /etc/nginx/sites-available/plum.seaoffate.local
Enter the following lines
server {
    listen 80;
    server_name plum.seaoffate.local;
 
    location / {
        proxy_pass http://192.168.100.20; # Plum's IP
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
save and exit then open the next config
sudo nano /etc/nginx/sites-available/photo.seaoffate.local
and fill in the following lines
server {
    listen 80;
    server_name photo.seaoffate.local;
 
    location / {
        proxy_pass http://192.168.100.20; # Plum's IP
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
save and exit then do the last one with
sudo nano /etc/nginx/sites-available/plum.seaoffate.net
and the following configuration
server {
    listen 80;
    server_name plum.seaoffate.net;
 
    location / {
        proxy_pass http://192.168.100.20; # Plum's IP
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
and save and exit.Next we need to enable the configs
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.local /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/photo.seaoffate.local /etc/nginx/sites-enabled/
sudo ln -s /etc/nginx/sites-available/plum.seaoffate.net /etc/nginx/sites-enabled/
We should test with
sudo nginx -t
and if all is well restart nginx
sudo systemctl restart nginx
 
Some final notes.
* Ensure port 80 is forwarded to 192.168.100.8 (Raisin)
* Ensure DNS records for plum.seaoffate.local and photo.seaoffate.local have been created on NS1
* Ensure DNS record has been created for plum.seaoffate.net on Cloudflare
* When testing the .net it will appear as https: even though we have not done that yet because Cloudflare is set to proxy so Cloudflare will present a ssl cert to the browser but only between the browser and Cloudflare is encrypted. We should do the SSL certs as soon as possible after testing.

Latest revision as of 03:05, 28 February 2026

Introduction

The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a SSD hard drive for it's OS as normal but it will have a large hard drive from the ZFS Proxmox storage to store the photos and video. We can add the hd as soon as the VM is created but leave it to be formatted and mounted later.

Updates

Both Logan and Lime have been retired with all of their website setup file and database moved to Plum as vhosts. Postfix is also running from Plum as well.

Initial Setup

The first things we need to do is to install Apache and configure the webserver, as soon as that is done we should setup the reverse proxy on Raisin. The good news is that we have some scripts to do that as it is just boiler plate stuff all we need to say here is that the website will be called photo or more precisely photo.seaoffate.net. To use the wonderful scripts we must first copy them from Lemon so open a terminal on lemon and cd to ~/templates once that is done enter the command 

scp create_apache_config.sh lamp_client_install.sh nigel@plum:~/

This will copy the files to the home dir of nigel (if SSH is not ready yet on plum look here). When the two are copied they will need to be made executable and make sure they are owned by the set user so login to plum and 

sudo chown nigel:nigel create_apache_config.sh
sudo chown nigel:nigel lamp_client_install.sh
sudo chmod 755 lamp_client_install.sh
sudo chmod 755 create_apache_config.sh

Now that we have the first scripts we can execute them 

./lamp_client_install.sh

and then setup the websites with the other script 

./create_apache_config.sh photo

This script will create the configs for the hostname(plum) and the parameter in this case photo. We will get 6 configs both the http and https for plum.seaofffate.local and photo.seaoffate.local and photo.seaoffate.net. We will should check that the seaoffate.crt is in the /etc/ssl/certs dir 

ls -l /etc/ssl/certs/

If it is missing then we should get the cert and key and mv it to the /etc/ssl/ dirs it should be called "seaoffate" (.crt & .key) to match the Apache configs that we just created. The next thing we need to do is get the piwigo zip file. Probably the best thing is to get it downloaded on to one of the desktop Linux VMs and scp it to this at the home dir. We will need to copy the zip to the public_html (best to cp rather than mv in case we need to redo the install and we would just delete everything in public_html). First we install zip, then cp the zip file then cd to where we want to extract to 

sudo apt install zip
sudo cp piwigo-15.4.0.zip /var/www/plum.seaoffate.local
cd /var/www/plum.seaoffate.local

Then delete the existing public_html 

sudo rm -rf /var/www/plum.seaoffate.local/public_html

and then unzip the file with 

sudo unzip piwigo-15.4.0.zip -d .

This will create a dir called piwigo and so we rename it to public_html 

sudo mv piwigo /var/www/plum.seaoffate.local/public_html

so we now should have all of the files extracted in to the docroot of our website we now need to change the permissions & ownership to the apache user 

sudo chown -R www-data:www-data /var/www/plum.seaoffate.local/public_html/
sudo chmod 755 -R /var/www/plum.seaoffate.local/public_html/

Before we can proceed with the installation at a web browser we have to create a database and for piwigo to use so ssh to mandarin and start a MySQL session with 

sudo mysql -u root -p

at the mysql> prompt we need to create the database 

CREATE DATABASE piwigo_db;

and then the user with privileges to the database, we will restrict this user to the plum host only 

CREATE USER 'piwigo_user'@'192.168.100.22' IDENTIFIED BY 'your_strong_password';
GRANT ALL PRIVILEGES ON piwigo_db.* TO 'piwigo_user'@'192.168.100.22';
FLUSH PRIVILEGES; 
exit;

Armed with our newly created database and user we can now start the web installation so we need to go get a web browser to https://photo.seaoffate.local. if that takes us to the nginix holding page we will need to setup raisin to do the reverse proxy thing or we could continue from a client inside the Pfsense but if we do that we still have to do the raisin set up at some point. so we may as well do so now so SSH to raisin 

cd /etc/nginx/sites-available
sudo cp wiki.conf photo.conf
sudo cp wiki.seaoffate.local.ssl.conf photo.seaoffate.local.ssl.conf
sudo cp wiki.seaoffate.net.conf photo.seaoffate.net.conf

Then modify them to replace the servernames and ip addresses. While it is not pretty it does work and the scripts that we had generated forwarding loops so we can't use them. It looks like the reverse proxy was redirecting as well as the origin so it was causing a problem for browsers, we should only have the origin browser do any redirect between 80 and 443. Once this is done proceed to the web browser part of the piwigi installation. Keep a record of passwords in a password manager. The Details that need to be entered on the web install are:

  • For the database Hostname is the IP of Mandarin 192.168.100.8
  • For the username it will be as was entered in the DB setup earlier piwigo_user
  • For the password it should be on the keepass under piwigo mysql user
  • The database name will also be the name setup earlier piwigo_db
  • Administration configuration username should be stored in the keepass password manager
  • Get the password from the same as username
  • use [email protected] as this should be redirected by Cloudflare

Most of the install is now done. we could use the application as is but we would run out of storage for photos before too long so we will add a big hard drive to the installation mounting it inside public_html/galleries.

Retrieved from "https://wiki.seaoffate.net/index.php?title=Plum_(Photo)&oldid=1322"