Plum (Photo): Difference between revisions

Introduction

The host plum.seaoffate.net will be at an IP address of production.20. The purpose will be to show photos using Piwigo. The main premise is that plum will have a SSD hard drive for it's OS as normal but it will have a large hard drive from the ZFS Proxmox storage to store the photos and video. We can add the hd as soon as the VM is created but leave it to be formatted and mounted later.

Updates

Both Logan and Lime have been retired with all of their website setup file and database moved to Plum as vhosts. Postfix is also running from Plum as well.

Initial Setup

The first things we need to do is to install Apache and configure the webserver, as soon as that is done we should setup the reverse proxy on Raisin. The good news is that we have some scripts to do that as it is just boiler plate stuff all we need to say here is that the website will be called photo or more precisely photo.seaoffate.net. To use the wonderful scripts we must first copy them from Lemon so open a terminal on lemon and cd to ~/templates once that is done enter the command

scp create_apache_config.sh lamp_client_install.sh nigel@plum:~/

This will copy the files to the home dir of nigel (if SSH is not ready yet on plum look here). When the two are copied they will need to be made executable and make sure they are owned by the set user so login to plum and

sudo chown nigel:nigel create_apache_config.sh
sudo chown nigel:nigel lamp_client_install.sh
sudo chmod 755 lamp_client_install.sh
sudo chmod 755 create_apache_config.sh

Now that we have the first scripts we can execute them

./lamp_client_install.sh

and then setup the websites with the other script

./create_apache_config.sh photo

This script will create the configs for the hostname(plum) and the parameter in this case photo. We will get 6 configs both the http and https for plum.seaofffate.local and photo.seaoffate.local and photo.seaoffate.net. We will should check that the seaoffate.crt is in the /etc/ssl/certs dir

ls -l /etc/ssl/certs/

If it is missing then we should get the cert and key and mv it to the /etc/ssl/ dirs it should be called "seaoffate" (.crt & .key) to match the Apache configs that we just created. The next thing we need to do is get the piwigo zip file. Probably the best thing is to get it downloaded on to one of the desktop Linux VMs and scp it to this at the home dir. We will need to copy the zip to the public_html (best to cp rather than mv in case we need to redo the install and we would just delete everything in public_html). First we install zip, then cp the zip file then cd to where we want to extract to

sudo apt install zip
sudo cp piwigo-15.4.0.zip /var/www/plum.seaoffate.local
cd /var/www/plum.seaoffate.local

Then delete the existing public_html

sudo rm -rf /var/www/plum.seaoffate.local/public_html

and then unzip the file with

sudo unzip piwigo-15.4.0.zip -d .

This will create a dir called piwigo and so we rename it to public_html

sudo mv piwigo /var/www/plum.seaoffate.local/public_html

so we now should have all of the files extracted in to the docroot of our website we now need to change the permissions & ownership to the apache user

sudo chown -R www-data:www-data /var/www/plum.seaoffate.local/public_html/
sudo chmod 755 -R /var/www/plum.seaoffate.local/public_html/

Before we can proceed with the installation at a web browser we have to create a database and for piwigo to use so ssh to mandarin and start a MySQL session with

sudo mysql -u root -p

at the mysql> prompt we need to create the database

CREATE DATABASE piwigo_db;

and then the user with privileges to the database, we will restrict this user to the plum host only

CREATE USER 'piwigo_user'@'192.168.100.22' IDENTIFIED BY 'your_strong_password';
GRANT ALL PRIVILEGES ON piwigo_db.* TO 'piwigo_user'@'192.168.100.22';
FLUSH PRIVILEGES; 
exit;

Armed with our newly created database and user we can now start the web installation so we need to go get a web browser to https://photo.seaoffate.local. if that takes us to the nginix holding page we will need to setup raisin to do the reverse proxy thing or we could continue from a client inside the Pfsense but if we do that we still have to do the raisin set up at some point. so we may as well do so now so SSH to raisin

cd /etc/nginx/sites-available
sudo cp wiki.conf photo.conf
sudo cp wiki.seaoffate.local.ssl.conf photo.seaoffate.local.ssl.conf
sudo cp wiki.seaoffate.net.conf photo.seaoffate.net.conf

Then modify them to replace the servernames and ip addresses. While it is not pretty it does work and the scripts that we had generated forwarding loops so we can't use them. It looks like the reverse proxy was redirecting as well as the origin so it was causing a problem for browsers, we should only have the origin browser do any redirect between 80 and 443. Once this is done proceed to the web browser part of the piwigi installation. Keep a record of passwords in a password manager. The Details that need to be entered on the web install are:

• For the database Hostname is the IP of Mandarin 192.168.100.8
• For the username it will be as was entered in the DB setup earlier piwigo_user
• For the password it should be on the keepass under piwigo mysql user
• The database name will also be the name setup earlier piwigo_db
• Administration configuration username should be stored in the keepass password manager
• Get the password from the same as username
• use [email protected] as this should be redirected by Cloudflare

Most of the install is now done. we could use the application as is but we would run out of storage for photos before too long so we will add a big hard drive to the installation mounting it inside public_html/galleries.