Commit | Line | Data |
---|---|---|
473a4431 CAW |
1 | .. MediaGoblin Documentation |
2 | ||
fd5c35e5 | 3 | Written in 2011, 2012, 2013 by MediaGoblin contributors |
473a4431 CAW |
4 | |
5 | To the extent possible under law, the author(s) have dedicated all | |
6 | copyright and related and neighboring rights to this software to | |
7 | the public domain worldwide. This software is distributed without | |
8 | any warranty. | |
9 | ||
10 | You should have received a copy of the CC0 Public Domain | |
11 | Dedication along with this software. If not, see | |
12 | <http://creativecommons.org/publicdomain/zero/1.0/>. | |
13 | ||
abe74178 WKG |
14 | .. _deploying-chapter: |
15 | ||
4e893b6e | 16 | ===================== |
17 | Deploying MediaGoblin | |
18 | ===================== | |
00fdc7bd | 19 | |
44db13fa JC |
20 | GNU MediaGoblin is fairly new, and so at the time of writing there aren't |
21 | easy package-manager-friendly methods to install it. However, doing a basic | |
22 | install isn't too complex in and of itself. Following this deployment guide | |
23 | will take you step-by-step through setting up your own instance of MediaGoblin. | |
56d507b6 | 24 | |
44db13fa JC |
25 | Of course, when it comes to setting up web applications like MediaGoblin, |
26 | there's an almost infinite way to deploy things, so for now, we'll keep it | |
27 | simple with some assumptions. We recommend a setup that combines MediaGoblin + | |
9650aa39 | 28 | virtualenv + FastCGI + Nginx on a .deb- or .rpm-based GNU/Linux distro. |
44db13fa JC |
29 | |
30 | Other deployment options (e.g., deploying on FreeBSD, Arch Linux, using | |
31 | Apache, etc.) are possible, though! If you'd prefer a different deployment | |
32 | approach, see our | |
33 | `Deployment wiki page <http://wiki.mediagoblin.org/Deployment>`_. | |
e260065a | 34 | |
076bf0cf WKG |
35 | .. note:: |
36 | ||
37 | These tools are for site administrators wanting to deploy a fresh | |
44db13fa | 38 | install. If you want to join in as a contributor, see our |
076bf0cf | 39 | `Hacking HOWTO <http://wiki.mediagoblin.org/HackingHowto>`_ instead. |
e260065a | 40 | |
44db13fa JC |
41 | .. note:: |
42 | ||
43 | Throughout the documentation we use the ``sudo`` command to indicate that | |
44 | an instruction requires elevated user privileges to run. You can issue | |
45 | these commands as the ``root`` user if you prefer. | |
46 | ||
47 | If you need help configuring ``sudo``, see the | |
48 | `Debian wiki <https://wiki.debian.org/sudo/>`_ or the | |
49 | `Fedora Project wiki <https://fedoraproject.org/wiki/Configuring_Sudo/>`_. | |
50 | ||
4d8a3cd8 | 51 | |
4e893b6e | 52 | Prepare System |
53 | -------------- | |
e260065a | 54 | |
4e893b6e | 55 | Dependencies |
56 | ~~~~~~~~~~~~ | |
e260065a | 57 | |
4e893b6e | 58 | MediaGoblin has the following core dependencies: |
e260065a | 59 | |
e2212f94 | 60 | - Python 2.7 or Python 3.4+ |
4e893b6e | 61 | - `python-lxml <http://lxml.de/>`_ |
62 | - `git <http://git-scm.com/>`_ | |
775ec9e8 | 63 | - `SQLite <http://www.sqlite.org/>`_/`PostgreSQL <http://www.postgresql.org/>`_ |
4e893b6e | 64 | - `Python Imaging Library <http://www.pythonware.com/products/pil/>`_ (PIL) |
65 | - `virtualenv <http://www.virtualenv.org/>`_ | |
4ec1af11 | 66 | - `nodejs <https://nodejs.org>`_ |
e260065a | 67 | |
c9cdb036 | 68 | On a DEB-based system (e.g Debian, gNewSense, Trisquel, *buntu, and |
7798f911 | 69 | derivatives) issue the following command:: |
e260065a | 70 | |
44db13fa | 71 | sudo apt-get install git-core python python-dev python-lxml \ |
4c89287c JC |
72 | python-imaging python-virtualenv npm nodejs-legacy automake \ |
73 | nginx | |
e260065a | 74 | |
4e893b6e | 75 | On a RPM-based system (e.g. Fedora, RedHat, and derivatives) issue the |
7798f911 | 76 | following command:: |
4e893b6e | 77 | |
44db13fa | 78 | sudo yum install python-paste-deploy python-paste-script \ |
076bf0cf | 79 | git-core python python-devel python-lxml python-imaging \ |
4c89287c | 80 | python-virtualenv npm automake nginx |
e260065a | 81 | |
e2212f94 CAW |
82 | (Note: MediaGoblin now officially supports Python 3. You may instead |
83 | substitute from "python" to "python3" for most package names in the | |
84 | Debian instructions and this should cover dependency installation. | |
85 | These instructions have not yet been tested on Fedora.) | |
86 | ||
775ec9e8 JW |
87 | Configure PostgreSQL |
88 | ~~~~~~~~~~~~~~~~~~~~ | |
89 | ||
90 | .. note:: | |
91 | ||
7798f911 WKG |
92 | MediaGoblin currently supports PostgreSQL and SQLite. The default is a |
93 | local SQLite database. This will "just work" for small deployments. | |
775ec9e8 | 94 | |
7798f911 WKG |
95 | For medium to large deployments we recommend PostgreSQL. |
96 | ||
9650aa39 | 97 | If you don't want/need PostgreSQL, skip this section. |
7798f911 | 98 | |
44db13fa | 99 | These are the packages needed for Debian Jessie (stable):: |
775ec9e8 | 100 | |
44db13fa | 101 | sudo apt-get install postgresql postgresql-client python-psycopg2 |
c3075e91 JC |
102 | |
103 | These are the packages needed for an RPM-based system:: | |
104 | ||
44db13fa | 105 | sudo yum install postgresql postgresql-server python-psycopg2 |
c3075e91 | 106 | |
a0392075 | 107 | An rpm-based system also requires that you initialize and start the |
9650aa39 | 108 | PostgreSQL database with a few commands. The following commands are |
a0392075 | 109 | not needed on a Debian-based platform, however:: |
c3075e91 | 110 | |
44db13fa | 111 | sudo /usr/bin/postgresql-setup initdb |
a0392075 JC |
112 | sudo systemctl enable postgresql |
113 | sudo systemctl start postgresql | |
775ec9e8 JW |
114 | |
115 | The installation process will create a new *system* user named ``postgres``, | |
9650aa39 BS |
116 | which will have privileges sufficient to manage the database. We will create a |
117 | new database user with restricted privileges and a new database owned by our | |
775ec9e8 JW |
118 | restricted database user for our MediaGoblin instance. |
119 | ||
120 | In this example, the database user will be ``mediagoblin`` and the database | |
121 | name will be ``mediagoblin`` too. | |
122 | ||
c3075e91 JC |
123 | We'll add these entities by first switching to the *postgres* account:: |
124 | ||
44db13fa | 125 | sudo su - postgres |
775ec9e8 | 126 | |
c3075e91 JC |
127 | This will change your prompt to a shell prompt, such as *-bash-4.2$*. Enter |
128 | the following *createuser* and *createdb* commands at that prompt. We'll | |
129 | create the *mediagoblin* database user first:: | |
775ec9e8 | 130 | |
44db13fa JC |
131 | # this command and the one that follows are run as the ``postgres`` user: |
132 | createuser -A -D mediagoblin | |
775ec9e8 | 133 | |
c3075e91 JC |
134 | Then we'll create the database where all of our MediaGoblin data will be stored:: |
135 | ||
44db13fa | 136 | createdb -E UNICODE -O mediagoblin mediagoblin |
775ec9e8 JW |
137 | |
138 | where the first ``mediagoblin`` is the database owner and the second | |
139 | ``mediagoblin`` is the database name. | |
140 | ||
7bba6d2e | 141 | Type ``exit`` to exit from the 'postgres' user account.:: |
c3075e91 | 142 | |
7bba6d2e | 143 | exit |
c3075e91 | 144 | |
775ec9e8 JW |
145 | .. caution:: Where is the password? |
146 | ||
147 | These steps enable you to authenticate to the database in a password-less | |
148 | manner via local UNIX authentication provided you run the MediaGoblin | |
149 | application as a user with the same name as the user you created in | |
150 | PostgreSQL. | |
151 | ||
152 | More on this in :ref:`Drop Privileges for MediaGoblin <drop-privileges-for-mediagoblin>`. | |
153 | ||
154 | ||
775ec9e8 JW |
155 | .. _drop-privileges-for-mediagoblin: |
156 | ||
4e893b6e | 157 | Drop Privileges for MediaGoblin |
158 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
17c71230 | 159 | |
fd5c35e5 | 160 | MediaGoblin does not require special permissions or elevated |
1b4a9f26 CAW |
161 | access to run. As such, the preferred way to run MediaGoblin is to |
162 | create a dedicated, unprivileged system user for the sole purpose of running | |
6ec0393d | 163 | MediaGoblin. Running MediaGoblin processes under an unprivileged system user |
fd5c35e5 JC |
164 | helps to keep it more secure. |
165 | ||
166 | The following command (entered as root or with sudo) will create a | |
167 | system account with a username of ``mediagoblin``. You may choose a different | |
4c89287c | 168 | username if you wish. |
fd5c35e5 | 169 | |
4c89287c | 170 | If you are using a Debian-based system, enter this command:: |
fd5c35e5 | 171 | |
4c89287c JC |
172 | sudo useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin |
173 | ||
174 | If you are using an RPM-based system, enter this command:: | |
175 | ||
176 | sudo useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g nginx mediagoblin | |
177 | ||
178 | This will create a ``mediagoblin`` user and assign it to a group that is | |
179 | associated with the web server. This will ensure that the web server can | |
180 | read the media files (images, videos, etc.) that users upload. | |
181 | ||
182 | We will also create a ``mediagoblin`` group and associate the mediagoblin | |
183 | user with that group, as well:: | |
184 | ||
185 | sudo groupadd mediagoblin && sudo usermod --append -G mediagoblin mediagoblin | |
186 | ||
fd5c35e5 | 187 | No password will be assigned to this account, and you will not be able |
9a1ba0e8 | 188 | to log in as this user. To switch to this account, enter:: |
fd5c35e5 | 189 | |
44db13fa | 190 | sudo su mediagoblin -s /bin/bash |
fd5c35e5 | 191 | |
ef2642f7 JC |
192 | To return to your regular user account after using the system account, type |
193 | ``exit``. | |
fd5c35e5 | 194 | |
fd5c35e5 JC |
195 | .. _create-mediagoblin-directory: |
196 | ||
197 | Create a MediaGoblin Directory | |
198 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
17c71230 | 199 | |
4e893b6e | 200 | You should create a working directory for MediaGoblin. This document |
076bf0cf | 201 | assumes your local git repository will be located at |
fd5c35e5 | 202 | ``/srv/mediagoblin.example.org/mediagoblin/``. |
9650aa39 | 203 | Substitute your preferred local deployment path as needed. |
fd5c35e5 JC |
204 | |
205 | Setting up the working directory requires that we first create the directory | |
9650aa39 | 206 | with elevated privileges, and then assign ownership of the directory |
6ec0393d | 207 | to the unprivileged system account. |
17c71230 | 208 | |
4c89287c JC |
209 | To do this, enter the following command, changing the defaults to suit your |
210 | particular requirements. On a Debian-based platform you will enter this:: | |
211 | ||
212 | sudo mkdir -p /srv/mediagoblin.example.org && sudo chown -hR mediagoblin:www-data /srv/mediagoblin.example.org | |
213 | ||
214 | On an RPM-based distribution, enter this command:: | |
17c71230 | 215 | |
4c89287c | 216 | sudo mkdir -p /srv/mediagoblin.example.org && sudo chown -hR mediagoblin:nginx /srv/mediagoblin.example.org |
fd5c35e5 | 217 | |
c3075e91 | 218 | .. note:: |
fd5c35e5 | 219 | |
c3075e91 | 220 | Unless otherwise noted, the remainder of this document assumes that all |
6ec0393d | 221 | operations are performed using this unprivileged account. |
17c71230 | 222 | |
4e893b6e | 223 | |
e260065a | 224 | Install MediaGoblin and Virtualenv |
4e893b6e | 225 | ---------------------------------- |
e260065a | 226 | |
44db13fa JC |
227 | We will now switch to our 'mediagoblin' system account, and then set up |
228 | our MediaGoblin source code repository and its necessary services. | |
229 | You should modify these commands to suit your own environment. | |
17c71230 | 230 | |
fd5c35e5 JC |
231 | Change to the MediaGoblin directory that you just created:: |
232 | ||
44db13fa | 233 | sudo su mediagoblin -s /bin/bash # to change to the 'mediagoblin' account |
9a1ba0e8 | 234 | $ cd /srv/mediagoblin.example.org |
17c71230 | 235 | |
d3b1fd2e | 236 | Clone the MediaGoblin repository and set up the git submodules:: |
e260065a | 237 | |
a35b7c7f | 238 | $ git clone git://git.savannah.gnu.org/mediagoblin.git -b stable |
9a1ba0e8 JC |
239 | $ cd mediagoblin |
240 | $ git submodule init && git submodule update | |
e260065a | 241 | |
9fa1e602 CAW |
242 | .. note:: |
243 | ||
244 | The MediaGoblin repository used to be on gitorious.org, but since | |
245 | gitorious.org shut down, we had to move. We are presently on | |
246 | Savannah. You may need to update your git repository location:: | |
247 | ||
44db13fa | 248 | $ git remote set-url origin git://git.savannah.gnu.org/mediagoblin.git |
e260065a | 249 | |
41dbb27a | 250 | Set up the hacking environment:: |
3b8251f3 | 251 | |
9a1ba0e8 | 252 | $ ./bootstrap.sh && ./configure && make |
f0e137ab | 253 | |
e2212f94 CAW |
254 | (Note that if you'd prefer to run MediaGoblin with Python 3, pass in |
255 | `--with-python3` to the `./configure` command.) | |
256 | ||
b791ae97 JC |
257 | Create and set the proper permissions on the ``user_dev`` directory. |
258 | This directory will be used to store uploaded media files:: | |
259 | ||
260 | $ mkdir user_dev && chmod 750 user_dev | |
261 | ||
262 | Assuming you are going to deploy with FastCGI, you should also install | |
263 | flup:: | |
264 | ||
265 | $ ./bin/easy_install flup | |
266 | ||
13f18799 CAW |
267 | (Note, if you're running Python 2, which you probably are at this |
268 | point in MediaGoblin's development, you'll need to run:) | |
269 | ||
270 | $ ./bin/easy_install flup==1.0.3.dev-20110405 | |
271 | ||
4e893b6e | 272 | The above provides an in-package install of ``virtualenv``. While this |
273 | is counter to the conventional ``virtualenv`` configuration, it is | |
274 | more reliable and considerably easier to configure and illustrate. If | |
275 | you're familiar with Python packaging you may consider deploying with | |
c356dc16 | 276 | your preferred method. |
e260065a | 277 | |
8d59cd1f CAW |
278 | .. note:: |
279 | ||
280 | What if you don't want an in-package ``virtualenv``? Maybe you | |
281 | have your own ``virtualenv``, or you are building a MediaGoblin | |
282 | package for a distribution. There's no need necessarily for the | |
283 | virtualenv produced by ``./configure && make`` by default other | |
284 | than attempting to simplify work for developers and people | |
285 | deploying by hiding all the virtualenv and bower complexity. | |
286 | ||
287 | If you want to install all of MediaGoblin's libraries | |
288 | independently, that's totally fine! You can pass the flag | |
289 | ``--without-virtualenv`` which will skip this step. | |
290 | But you will need to install all those libraries manually and make | |
291 | sure they are on your ``PYTHONPATH`` yourself! (You can still use | |
292 | ``python setup.py develop`` to install some of those libraries, | |
293 | but note that no ``./bin/python`` will be set up for you via this | |
294 | method, since no virtualenv is set up for you!) | |
295 | ||
b791ae97 | 296 | This concludes the initial configuration of the MediaGoblin |
8d9aa03f | 297 | environment. In the future, when you update your |
076bf0cf | 298 | codebase, you should also run:: |
e260065a | 299 | |
9a1ba0e8 JC |
300 | $ git submodule update && ./bin/python setup.py develop --upgrade && ./bin/gmg dbupdate |
301 | ||
302 | .. note:: | |
e260065a | 303 | |
9a1ba0e8 JC |
304 | Note: If you are running an active site, depending on your server |
305 | configuration, you may need to stop it first or the dbupdate command | |
306 | may hang (and it's certainly a good idea to restart it after the | |
307 | update) | |
9d5cd0b9 CAW |
308 | |
309 | ||
4e893b6e | 310 | Deploy MediaGoblin Services |
311 | --------------------------- | |
e260065a | 312 | |
a7d2a892 ST |
313 | Edit site configuration |
314 | ~~~~~~~~~~~~~~~~~~~~~~~ | |
315 | ||
041d2fd7 | 316 | A few basic properties must be set before MediaGoblin will work. First |
ec255f63 JC |
317 | make a copy of ``mediagoblin.ini`` and ``paste.ini`` for editing so the original |
318 | config files aren't lost (you likely won't need to edit the paste configuration, | |
319 | but we'll make a local copy of it just in case):: | |
a7d2a892 | 320 | |
ec255f63 | 321 | $ cp -av mediagoblin.ini mediagoblin_local.ini && cp -av paste.ini paste_local.ini |
a7d2a892 | 322 | |
ec255f63 | 323 | Then edit mediagoblin_local.ini: |
041d2fd7 CAW |
324 | - Set ``email_sender_address`` to the address you wish to be used as |
325 | the sender for system-generated emails | |
326 | - Edit ``direct_remote_path``, ``base_dir``, and ``base_url`` if | |
327 | your mediagoblin directory is not the root directory of your | |
9650aa39 | 328 | site. |
a7d2a892 ST |
329 | |
330 | ||
775ec9e8 JW |
331 | Configure MediaGoblin to use the PostgreSQL database |
332 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
333 | ||
9650aa39 | 334 | If you are using PostgreSQL, edit the ``[mediagoblin]`` section in your |
7798f911 | 335 | ``mediagoblin_local.ini`` and put in:: |
775ec9e8 JW |
336 | |
337 | sql_engine = postgresql:///mediagoblin | |
338 | ||
339 | if you are running the MediaGoblin application as the same 'user' as the | |
340 | database owner. | |
341 | ||
7798f911 | 342 | |
775ec9e8 JW |
343 | Update database data structures |
344 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
345 | ||
7798f911 | 346 | Before you start using the database, you need to run:: |
775ec9e8 | 347 | |
44db13fa | 348 | $ ./bin/gmg dbupdate |
775ec9e8 JW |
349 | |
350 | to populate the database with the MediaGoblin data structures. | |
351 | ||
352 | ||
4e893b6e | 353 | Test the Server |
354 | ~~~~~~~~~~~~~~~ | |
e260065a | 355 | |
4e893b6e | 356 | At this point MediaGoblin should be properly installed. You can |
076bf0cf | 357 | test the deployment with the following command:: |
e260065a | 358 | |
44db13fa | 359 | $ ./lazyserver.sh --server-name=broadcast |
e260065a | 360 | |
4e893b6e | 361 | You should be able to connect to the machine on port 6543 in your |
362 | browser to confirm that the service is operable. | |
e260065a | 363 | |
9650aa39 | 364 | The next series of commands will need to be run as a privileged user. Type |
3948e44c JC |
365 | exit to return to the root/sudo account.:: |
366 | ||
367 | exit | |
368 | ||
cd1abb11 CAW |
369 | .. _webserver-config: |
370 | ||
56d507b6 | 371 | |
a7d2a892 ST |
372 | FastCGI and nginx |
373 | ~~~~~~~~~~~~~~~~~ | |
374 | ||
9650aa39 | 375 | This configuration example will use Nginx, however, you may |
4e893b6e | 376 | use any webserver of your choice as long as it supports the FastCGI |
9650aa39 | 377 | protocol. If you do not already have a web server, consider Nginx, as |
4e893b6e | 378 | the configuration files may be more clear than the |
379 | alternatives. | |
380 | ||
381 | Create a configuration file at | |
382 | ``/srv/mediagoblin.example.org/nginx.conf`` and create a symbolic link | |
383 | into a directory that will be included in your ``nginx`` configuration | |
384 | (e.g. "``/etc/nginx/sites-enabled`` or ``/etc/nginx/conf.d``) with | |
cd7af789 | 385 | one of the following commands. |
4e893b6e | 386 | |
c9cdb036 | 387 | On a DEB-based system (e.g Debian, gNewSense, Trisquel, *buntu, and |
cd7af789 JC |
388 | derivatives) issue the following commands:: |
389 | ||
44db13fa | 390 | sudo ln -s /srv/mediagoblin.example.org/nginx.conf /etc/nginx/sites-enabled/ |
cd7af789 JC |
391 | sudo systemctl enable nginx |
392 | ||
393 | On a RPM-based system (e.g. Fedora, RedHat, and derivatives) issue the | |
394 | following commands:: | |
4e893b6e | 395 | |
cd7af789 JC |
396 | sudo ln -s /srv/mediagoblin.example.org/nginx.conf /etc/nginx/conf.d/ |
397 | sudo systemctl enable nginx | |
398 | ||
399 | You can modify these commands and locations depending on your preferences and | |
9650aa39 | 400 | the existing configuration of your Nginx instance. The contents of |
076bf0cf WKG |
401 | this ``nginx.conf`` file should be modeled on the following:: |
402 | ||
403 | server { | |
404 | ################################################# | |
405 | # Stock useful config options, but ignore them :) | |
406 | ################################################# | |
407 | include /etc/nginx/mime.types; | |
408 | ||
409 | autoindex off; | |
410 | default_type application/octet-stream; | |
411 | sendfile on; | |
412 | ||
413 | # Gzip | |
414 | gzip on; | |
415 | gzip_min_length 1024; | |
416 | gzip_buffers 4 32k; | |
cd7af789 | 417 | gzip_types text/plain application/x-javascript text/javascript text/xml text/css; |
076bf0cf WKG |
418 | |
419 | ##################################### | |
420 | # Mounting MediaGoblin stuff | |
421 | # This is the section you should read | |
422 | ##################################### | |
423 | ||
424 | # Change this to update the upload size limit for your users | |
425 | client_max_body_size 8m; | |
426 | ||
a49c741f CAW |
427 | # prevent attacks (someone uploading a .txt file that the browser |
428 | # interprets as an HTML file, etc.) | |
429 | add_header X-Content-Type-Options nosniff; | |
37b48053 | 430 | |
076bf0cf WKG |
431 | server_name mediagoblin.example.org www.mediagoblin.example.org; |
432 | access_log /var/log/nginx/mediagoblin.example.access.log; | |
433 | error_log /var/log/nginx/mediagoblin.example.error.log; | |
434 | ||
435 | # MediaGoblin's stock static files: CSS, JS, etc. | |
436 | location /mgoblin_static/ { | |
437 | alias /srv/mediagoblin.example.org/mediagoblin/mediagoblin/static/; | |
438 | } | |
439 | ||
440 | # Instance specific media: | |
441 | location /mgoblin_media/ { | |
442 | alias /srv/mediagoblin.example.org/mediagoblin/user_dev/media/public/; | |
443 | } | |
444 | ||
8d051cc0 CAW |
445 | # Theme static files (usually symlinked in) |
446 | location /theme_static/ { | |
447 | alias /srv/mediagoblin.example.org/mediagoblin/user_dev/theme_static/; | |
448 | } | |
449 | ||
24ede044 CAW |
450 | # Plugin static files (usually symlinked in) |
451 | location /plugin_static/ { | |
452 | alias /srv/mediagoblin.example.org/mediagoblin/user_dev/plugin_static/; | |
453 | } | |
454 | ||
076bf0cf WKG |
455 | # Mounting MediaGoblin itself via FastCGI. |
456 | location / { | |
457 | fastcgi_pass 127.0.0.1:26543; | |
458 | include /etc/nginx/fastcgi_params; | |
459 | ||
9650aa39 | 460 | # our understanding vs Nginx's handling of script_name vs |
076bf0cf WKG |
461 | # path_info don't match :) |
462 | fastcgi_param PATH_INFO $fastcgi_script_name; | |
463 | fastcgi_param SCRIPT_NAME ""; | |
4e893b6e | 464 | } |
076bf0cf | 465 | } |
4e893b6e | 466 | |
f44bd7dc CAW |
467 | The first four ``location`` directives instruct Nginx to serve the |
468 | static and uploaded files directly rather than through the MediaGoblin | |
469 | process. This approach is faster and requires less memory. | |
470 | ||
471 | .. note:: | |
472 | ||
cd7af789 | 473 | The user who owns the Nginx process, normally ``www-data`` or ``nginx``, |
f44bd7dc CAW |
474 | requires execute permission on the directories ``static``, |
475 | ``public``, ``theme_static`` and ``plugin_static`` plus all their | |
476 | parent directories. This user also requires read permission on all | |
477 | the files within these directories. This is normally the default. | |
478 | ||
cd7af789 JC |
479 | Nginx is now configured to serve the MediaGoblin application. Perform a quick |
480 | test to ensure that this configuration works:: | |
481 | ||
482 | nginx -t | |
483 | ||
9650aa39 BS |
484 | If you encounter any errors, review your Nginx configuration files, and try to |
485 | resolve them. If you do not encounter any errors, you can start your Nginx | |
cd7af789 | 486 | server with one of the following commands (depending on your environment):: |
4e893b6e | 487 | |
076bf0cf WKG |
488 | sudo /etc/init.d/nginx restart |
489 | sudo /etc/rc.d/nginx restart | |
44db13fa | 490 | sudo systemctl restart nginx |
4e893b6e | 491 | |
492 | Now start MediaGoblin. Use the following command sequence as an | |
076bf0cf | 493 | example:: |
4e893b6e | 494 | |
076bf0cf | 495 | cd /srv/mediagoblin.example.org/mediagoblin/ |
cd7af789 | 496 | su mediagoblin -s /bin/bash |
076bf0cf | 497 | ./lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543 |
4e893b6e | 498 | |
499 | Visit the site you've set up in your browser by visiting | |
518c5eb3 | 500 | <http://mediagoblin.example.org>. You should see MediaGoblin! |
4e893b6e | 501 | |
4e893b6e | 502 | .. note:: |
503 | ||
a085dda5 | 504 | The configuration described above is sufficient for development and |
505 | smaller deployments. However, for larger production deployments | |
506 | with larger processing requirements, see the | |
507 | ":doc:`production-deployments`" documentation. | |
a7d2a892 ST |
508 | |
509 | ||
510 | Apache | |
511 | ~~~~~~ | |
512 | ||
041d2fd7 CAW |
513 | Instructions and scripts for running MediaGoblin on an Apache server |
514 | can be found on the `MediaGoblin wiki <http://wiki.mediagoblin.org/Deployment>`_. | |
b835e153 E |
515 | |
516 | ||
f5ac2b61 CAW |
517 | Should I Keep Open Registration Enabled? |
518 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
3f088a3f CAW |
519 | |
520 | Unfortunately, in this current release of MediaGoblin we are suffering | |
521 | from spammers registering to public instances en masse. As such, you | |
522 | may want to either: | |
523 | ||
524 | a) Disable registration on your instance and just make | |
525 | accounts for people you know and trust (eg via the `gmg adduser` | |
526 | command). You can disable registration in your mediagoblin.ini | |
527 | like so:: | |
528 | ||
529 | [mediagoblin] | |
530 | allow_registration = false | |
531 | ||
9650aa39 | 532 | b) Enable a CAPTCHA plugin. But unfortunately, though some CAPTCHA |
3f088a3f CAW |
533 | plugins exist, for various reasons we do not have any general |
534 | recommendations we can make at this point. | |
535 | ||
536 | We hope to have a better solution to this situation shortly. We | |
537 | apologize for the inconvenience in the meanwhile. | |
538 | ||
539 | ||
b835e153 E |
540 | Security Considerations |
541 | ~~~~~~~~~~~~~~~~~~~~~~~ | |
542 | ||
543 | .. warning:: | |
544 | ||
545 | The directory ``user_dev/crypto/`` contains some very | |
546 | sensitive files. | |
547 | Especially the ``itsdangeroussecret.bin`` is very important | |
548 | for session security. Make sure not to leak its contents anywhere. | |
549 | If the contents gets leaked nevertheless, delete your file | |
550 | and restart the server, so that it creates a new secret key. | |
fd5c35e5 JC |
551 | All previous sessions will be invalidated. |
552 | ||
f44bd7dc CAW |
553 | .. |
554 | Local variables: | |
555 | fill-column: 70 | |
556 | End: |