Commit | Line | Data |
---|---|---|
473a4431 CAW |
1 | .. MediaGoblin Documentation |
2 | ||
62a565e1 | 3 | Written in 2011, 2012, 2013, 2020 by MediaGoblin contributors |
473a4431 CAW |
4 | |
5 | To the extent possible under law, the author(s) have dedicated all | |
6 | copyright and related and neighboring rights to this software to | |
7 | the public domain worldwide. This software is distributed without | |
8 | any warranty. | |
9 | ||
10 | You should have received a copy of the CC0 Public Domain | |
11 | Dedication along with this software. If not, see | |
12 | <http://creativecommons.org/publicdomain/zero/1.0/>. | |
13 | ||
abe74178 WKG |
14 | .. _deploying-chapter: |
15 | ||
4e893b6e | 16 | ===================== |
17 | Deploying MediaGoblin | |
18 | ===================== | |
00fdc7bd | 19 | |
464a5d7f | 20 | This deployment guide will take you step-by-step through |
62a565e1 | 21 | setting up your own instance of MediaGoblin. |
56d507b6 | 22 | |
62a565e1 BS |
23 | MediaGoblin most likely isn't yet available from your operating |
24 | system's package manage, however, a basic install isn't too complex in | |
e82857fa BS |
25 | and of itself. We recommend a setup that combines MediaGoblin, |
26 | virtualenv and Nginx on a .deb or .rpm-based GNU/Linux distribution. | |
44db13fa | 27 | |
62a565e1 BS |
28 | Experts may of course choose other deployment options, including |
29 | Apache. See our `Deployment wiki page | |
30 | <http://wiki.mediagoblin.org/Deployment>`_ for for more details. | |
31 | Please note that we are not able to provide support for these | |
32 | alternative deployment options. | |
e260065a | 33 | |
076bf0cf WKG |
34 | .. note:: |
35 | ||
36 | These tools are for site administrators wanting to deploy a fresh | |
44db13fa | 37 | install. If you want to join in as a contributor, see our |
076bf0cf | 38 | `Hacking HOWTO <http://wiki.mediagoblin.org/HackingHowto>`_ instead. |
e260065a | 39 | |
44db13fa JC |
40 | .. note:: |
41 | ||
42 | Throughout the documentation we use the ``sudo`` command to indicate that | |
43 | an instruction requires elevated user privileges to run. You can issue | |
44 | these commands as the ``root`` user if you prefer. | |
45 | ||
46 | If you need help configuring ``sudo``, see the | |
47 | `Debian wiki <https://wiki.debian.org/sudo/>`_ or the | |
48 | `Fedora Project wiki <https://fedoraproject.org/wiki/Configuring_Sudo/>`_. | |
49 | ||
4d8a3cd8 | 50 | |
4e893b6e | 51 | Prepare System |
52 | -------------- | |
e260065a | 53 | |
4e893b6e | 54 | Dependencies |
55 | ~~~~~~~~~~~~ | |
e260065a | 56 | |
4e893b6e | 57 | MediaGoblin has the following core dependencies: |
e260065a | 58 | |
62a565e1 | 59 | - Python 3.4+ (Python 2.7 is supported, but not recommended) |
100f6265 | 60 | - `python3-lxml <http://lxml.de/>`_ |
4e893b6e | 61 | - `git <http://git-scm.com/>`_ |
775ec9e8 | 62 | - `SQLite <http://www.sqlite.org/>`_/`PostgreSQL <http://www.postgresql.org/>`_ |
4e893b6e | 63 | - `Python Imaging Library <http://www.pythonware.com/products/pil/>`_ (PIL) |
64 | - `virtualenv <http://www.virtualenv.org/>`_ | |
62a565e1 | 65 | - `Node.js <https://nodejs.org>`_ |
e260065a | 66 | |
7e10cdde BS |
67 | These instructions have been tested on Debian 10, CentOS 8 and |
68 | Fedora 31. These instructions should approximately translate to recent | |
69 | Debian derivatives such as Ubuntu 18.04 and Trisquel 8, and to relatives of | |
70 | Fedora such as CentOS 8. | |
71 | ||
72 | Issue the following commands: | |
3a1fb089 BS |
73 | |
74 | .. code-block:: bash | |
e260065a | 75 | |
7e10cdde | 76 | # Debian 10 |
62a565e1 BS |
77 | sudo apt update |
78 | sudo apt install automake git nodejs npm python3-dev python3-gi \ | |
79 | python3-gst-1.0 python3-lxml python3-pil virtualenv | |
e260065a | 80 | |
7e10cdde BS |
81 | # Fedora 31 |
82 | sudo dnf install automake gcc git-core make nodejs npm python3-devel \ | |
62a565e1 | 83 | python3-lxml python3-pillow virtualenv |
4e893b6e | 84 | |
62a565e1 | 85 | .. note:: |
e260065a | 86 | |
62a565e1 BS |
87 | MediaGoblin now uses Python 3 by default. To use Python 2, you may |
88 | instead substitute from "python3" to "python" for most package | |
89 | names in the Debian instructions and this should cover dependency | |
7e10cdde | 90 | installation. Python 2 installation has not been tested on Fedora. |
e2212f94 | 91 | |
62a565e1 BS |
92 | For a production deployment, you'll also need Nginx as frontend web |
93 | server and RabbitMQ to store the media processing queue:: | |
2e1e9650 | 94 | |
7e10cdde | 95 | # Debian |
62a565e1 BS |
96 | sudo apt install nginx-light rabbitmq-server |
97 | ||
7e10cdde | 98 | # Fedora |
35494ed6 | 99 | sudo dnf install nginx rabbitmq-server |
775ec9e8 | 100 | |
7e10cdde BS |
101 | .. |
102 | .. note:: | |
775ec9e8 | 103 | |
7e10cdde BS |
104 | You might have to enable additional repositories under Fedora |
105 | because rabbitmq-server might be not included in official | |
106 | repositories. That looks like this for CentOS:: | |
62a565e1 | 107 | |
7e10cdde BS |
108 | sudo dnf config-manager --set-enabled centos-rabbitmq-38 |
109 | sudo dnf config-manager --set-enabled PowerTools | |
110 | sudo dnf install rabbitmq-server | |
111 | sudo systemctl enable rabbitmq-server.service | |
112 | # TODO: Celery repeatedly disconnects from RabbitMQ on CentOS 8. | |
775ec9e8 | 113 | |
7e10cdde BS |
114 | As an alternative, you can try installing redis-server and |
115 | configure it as celery broker. | |
62a565e1 BS |
116 | |
117 | Configure PostgreSQL | |
118 | ~~~~~~~~~~~~~~~~~~~~ | |
119 | ||
120 | .. note:: | |
7798f911 | 121 | |
62a565e1 BS |
122 | MediaGoblin currently supports PostgreSQL and SQLite. The default |
123 | is a local SQLite database. This will "just work" for small | |
124 | deployments. For medium to large deployments we recommend | |
125 | PostgreSQL. If you don't want/need PostgreSQL, skip this section. | |
7798f911 | 126 | |
464a5d7f | 127 | These are the packages needed for PostgreSQL:: |
775ec9e8 | 128 | |
7e10cdde | 129 | # Debian |
62a565e1 | 130 | sudo apt install postgresql python3-psycopg2 |
c3075e91 | 131 | |
7e10cdde | 132 | # Fedora |
62a565e1 | 133 | sudo dnf install postgresql postgresql-server python3-psycopg2 |
c3075e91 | 134 | |
7e10cdde | 135 | Fedora also requires that you initialize and start the |
9650aa39 | 136 | PostgreSQL database with a few commands. The following commands are |
a0392075 | 137 | not needed on a Debian-based platform, however:: |
c3075e91 | 138 | |
7e10cdde | 139 | # Feora |
44db13fa | 140 | sudo /usr/bin/postgresql-setup initdb |
a0392075 JC |
141 | sudo systemctl enable postgresql |
142 | sudo systemctl start postgresql | |
775ec9e8 JW |
143 | |
144 | The installation process will create a new *system* user named ``postgres``, | |
9650aa39 BS |
145 | which will have privileges sufficient to manage the database. We will create a |
146 | new database user with restricted privileges and a new database owned by our | |
775ec9e8 JW |
147 | restricted database user for our MediaGoblin instance. |
148 | ||
149 | In this example, the database user will be ``mediagoblin`` and the database | |
62a565e1 | 150 | name will be ``mediagoblin`` too. We'll first at the user:: |
775ec9e8 | 151 | |
62a565e1 | 152 | sudo --login --user=postgres createuser --no-createdb mediagoblin |
775ec9e8 | 153 | |
c3075e91 JC |
154 | Then we'll create the database where all of our MediaGoblin data will be stored:: |
155 | ||
62a565e1 | 156 | sudo --login --user=postgres createdb --encoding=UTF8 --owner=mediagoblin mediagoblin |
c3075e91 | 157 | |
775ec9e8 JW |
158 | .. caution:: Where is the password? |
159 | ||
160 | These steps enable you to authenticate to the database in a password-less | |
161 | manner via local UNIX authentication provided you run the MediaGoblin | |
162 | application as a user with the same name as the user you created in | |
163 | PostgreSQL. | |
164 | ||
165 | More on this in :ref:`Drop Privileges for MediaGoblin <drop-privileges-for-mediagoblin>`. | |
166 | ||
167 | ||
775ec9e8 JW |
168 | .. _drop-privileges-for-mediagoblin: |
169 | ||
4e893b6e | 170 | Drop Privileges for MediaGoblin |
171 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
17c71230 | 172 | |
fd5c35e5 | 173 | MediaGoblin does not require special permissions or elevated |
1b4a9f26 CAW |
174 | access to run. As such, the preferred way to run MediaGoblin is to |
175 | create a dedicated, unprivileged system user for the sole purpose of running | |
6ec0393d | 176 | MediaGoblin. Running MediaGoblin processes under an unprivileged system user |
fd5c35e5 JC |
177 | helps to keep it more secure. |
178 | ||
62a565e1 BS |
179 | The following command will create a system account with a username of |
180 | ``mediagoblin``. | |
fd5c35e5 | 181 | |
4c89287c | 182 | If you are using a Debian-based system, enter this command:: |
fd5c35e5 | 183 | |
7e10cdde BS |
184 | # Debian |
185 | sudo useradd --system --create-home --home-dir /var/lib/qmediagoblin \ | |
464a5d7f | 186 | --group www-data --comment 'GNU MediaGoblin system account' mediagoblin |
4c89287c | 187 | |
7e10cdde | 188 | # Fedora |
464a5d7f BS |
189 | sudo useradd --system --create-home --home-dir /var/lib/mediagoblin \ |
190 | --group nginx --comment 'GNU MediaGoblin system account' mediagoblin | |
4c89287c JC |
191 | |
192 | This will create a ``mediagoblin`` user and assign it to a group that is | |
193 | associated with the web server. This will ensure that the web server can | |
62a565e1 | 194 | read the media files that users upload (images, videos, etc.) |
4c89287c | 195 | |
62a565e1 BS |
196 | Many operating systems will automatically create a group |
197 | ``mediagoblin`` to go with the new user ``mediagoblin``, but just to | |
198 | be sure:: | |
4c89287c | 199 | |
62a565e1 BS |
200 | sudo groupadd --force mediagoblin |
201 | sudo usermod --append --groups mediagoblin mediagoblin | |
4c89287c | 202 | |
fd5c35e5 | 203 | No password will be assigned to this account, and you will not be able |
9a1ba0e8 | 204 | to log in as this user. To switch to this account, enter:: |
fd5c35e5 | 205 | |
62a565e1 | 206 | sudo su mediagoblin --shell=/bin/bash |
fd5c35e5 | 207 | |
ef2642f7 | 208 | To return to your regular user account after using the system account, type |
62a565e1 | 209 | ``exit`` or ``Ctrl-d``. |
fd5c35e5 | 210 | |
fd5c35e5 JC |
211 | .. _create-mediagoblin-directory: |
212 | ||
213 | Create a MediaGoblin Directory | |
214 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
17c71230 | 215 | |
4e893b6e | 216 | You should create a working directory for MediaGoblin. This document |
076bf0cf | 217 | assumes your local git repository will be located at |
fd5c35e5 | 218 | ``/srv/mediagoblin.example.org/mediagoblin/``. |
9650aa39 | 219 | Substitute your preferred local deployment path as needed. |
fd5c35e5 JC |
220 | |
221 | Setting up the working directory requires that we first create the directory | |
9650aa39 | 222 | with elevated privileges, and then assign ownership of the directory |
6ec0393d | 223 | to the unprivileged system account. |
17c71230 | 224 | |
62a565e1 BS |
225 | To do this, enter the following commands, changing the defaults to suit your |
226 | particular requirements:: | |
fd5c35e5 | 227 | |
7e10cdde | 228 | # Debian |
62a565e1 BS |
229 | sudo mkdir --parents /srv/mediagoblin.example.org |
230 | sudo chown --no-dereference --recursive mediagoblin:www-data /srv/mediagoblin.example.org | |
fd5c35e5 | 231 | |
7e10cdde | 232 | # Fedora |
62a565e1 BS |
233 | sudo mkdir --parents /srv/mediagoblin.example.org |
234 | sudo chown --no-dereference --recursive mediagoblin:nginx /srv/mediagoblin.example.org | |
17c71230 | 235 | |
4e893b6e | 236 | |
e260065a | 237 | Install MediaGoblin and Virtualenv |
4e893b6e | 238 | ---------------------------------- |
e260065a | 239 | |
44db13fa JC |
240 | We will now switch to our 'mediagoblin' system account, and then set up |
241 | our MediaGoblin source code repository and its necessary services. | |
242 | You should modify these commands to suit your own environment. | |
17c71230 | 243 | |
62a565e1 BS |
244 | Switch to the ``mediagoblin`` unprivileged user and change to the |
245 | MediaGoblin directory that you just created:: | |
fd5c35e5 | 246 | |
62a565e1 | 247 | sudo su mediagoblin --shell=/bin/bash |
9a1ba0e8 | 248 | $ cd /srv/mediagoblin.example.org |
17c71230 | 249 | |
62a565e1 BS |
250 | .. note:: |
251 | ||
252 | Unless otherwise noted, the remainder of this document assumes that all | |
253 | operations are performed using the unprivileged ``mediagoblin`` | |
254 | account, indicated by the ``$`` prefix. | |
255 | ||
d3b1fd2e | 256 | Clone the MediaGoblin repository and set up the git submodules:: |
e260065a | 257 | |
7e10cdde BS |
258 | $ git clone --depth=1 https://git.savannah.gnu.org/git/mediagoblin.git \ |
259 | --branch stable --recursive | |
9a1ba0e8 | 260 | $ cd mediagoblin |
e260065a | 261 | |
62a565e1 | 262 | Set up the environment:: |
9fa1e602 | 263 | |
7e10cdde BS |
264 | $ ./bootstrap.sh |
265 | $ VIRTUALENV_FLAGS='--system-site-packages' ./configure | |
266 | $ make | |
e260065a | 267 | |
62a565e1 | 268 | .. note:: |
f0e137ab | 269 | |
62a565e1 BS |
270 | If you'd prefer to run MediaGoblin with Python 2, pass in |
271 | ``--without-python3`` to the ``./configure`` command. | |
e2212f94 | 272 | |
b791ae97 JC |
273 | Create and set the proper permissions on the ``user_dev`` directory. |
274 | This directory will be used to store uploaded media files:: | |
275 | ||
7e10cdde | 276 | $ mkdir --mode=2750 user_dev |
b791ae97 | 277 | |
b791ae97 | 278 | This concludes the initial configuration of the MediaGoblin |
8d9aa03f | 279 | environment. In the future, when you update your |
076bf0cf | 280 | codebase, you should also run:: |
e260065a | 281 | |
62a565e1 BS |
282 | sudo su mediagoblin --shell=/bin/bash |
283 | $ cd /srv/mediagoblin.example.org | |
9a1ba0e8 JC |
284 | $ git submodule update && ./bin/python setup.py develop --upgrade && ./bin/gmg dbupdate |
285 | ||
286 | .. note:: | |
e260065a | 287 | |
9a1ba0e8 JC |
288 | Note: If you are running an active site, depending on your server |
289 | configuration, you may need to stop it first or the dbupdate command | |
290 | may hang (and it's certainly a good idea to restart it after the | |
291 | update) | |
9d5cd0b9 CAW |
292 | |
293 | ||
e82857fa BS |
294 | Configure Mediagoblin |
295 | --------------------- | |
e260065a | 296 | |
a7d2a892 ST |
297 | Edit site configuration |
298 | ~~~~~~~~~~~~~~~~~~~~~~~ | |
299 | ||
62a565e1 BS |
300 | Edit ``mediagoblin.ini`` and update ``email_sender_address`` to the |
301 | address you wish to be used as the sender for system-generated emails. | |
e82857fa | 302 | You'll find more details in ":doc:`configuration`". |
a7d2a892 | 303 | |
62a565e1 | 304 | .. note:: |
a7d2a892 | 305 | |
62a565e1 BS |
306 | If you're changing the MediaGoblin directories or URL prefix, you |
307 | may need to edit ``direct_remote_path``, ``base_dir``, and | |
308 | ``base_url``. | |
94c10f1c | 309 | |
a7d2a892 ST |
310 | |
311 | ||
775ec9e8 JW |
312 | Configure MediaGoblin to use the PostgreSQL database |
313 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
314 | ||
9650aa39 | 315 | If you are using PostgreSQL, edit the ``[mediagoblin]`` section in your |
464a5d7f | 316 | ``mediagoblin.ini`` and remove the ``#`` prefix on the line containing:: |
775ec9e8 JW |
317 | |
318 | sql_engine = postgresql:///mediagoblin | |
319 | ||
62a565e1 BS |
320 | This assumes you are running the MediaGoblin application under the |
321 | same system account and database account; both ``mediagoblin``. | |
775ec9e8 | 322 | |
7798f911 | 323 | |
775ec9e8 JW |
324 | Update database data structures |
325 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
326 | ||
7798f911 | 327 | Before you start using the database, you need to run:: |
775ec9e8 | 328 | |
44db13fa | 329 | $ ./bin/gmg dbupdate |
775ec9e8 JW |
330 | |
331 | to populate the database with the MediaGoblin data structures. | |
332 | ||
333 | ||
62a565e1 BS |
334 | Create an admin account |
335 | ~~~~~~~~~~~~~~~~~~~~~~~ | |
336 | ||
337 | Create a MediaGoblin account with full administration access. Provide | |
338 | your own email address and enter a secure password when prompted:: | |
339 | ||
340 | $ ./bin/gmg adduser --username you --email you@example.com | |
341 | $ ./bin/gmg makeadmin you | |
342 | ||
343 | ||
4e893b6e | 344 | Test the Server |
345 | ~~~~~~~~~~~~~~~ | |
e260065a | 346 | |
4e893b6e | 347 | At this point MediaGoblin should be properly installed. You can |
076bf0cf | 348 | test the deployment with the following command:: |
e260065a | 349 | |
44db13fa | 350 | $ ./lazyserver.sh --server-name=broadcast |
e260065a | 351 | |
4e893b6e | 352 | You should be able to connect to the machine on port 6543 in your |
62a565e1 BS |
353 | browser to confirm that the service is operable. You should also be |
354 | able to log in with the admin username and password. | |
e260065a | 355 | |
62a565e1 | 356 | Type ``Ctrl-c`` to exit the above server test. |
3948e44c | 357 | |
62a565e1 BS |
358 | The next series of commands will need to be run as a privileged user. |
359 | To return to your regular user account after using the system account, | |
360 | type ``exit`` or ``Ctrl-d``. | |
3948e44c | 361 | |
cd1abb11 | 362 | |
e82857fa BS |
363 | Deploy MediaGoblin |
364 | ------------------ | |
365 | ||
366 | The configuration described below is sufficient for development and | |
367 | smaller deployments. However, for larger production deployments with | |
368 | larger processing requirements, see the | |
369 | ":doc:`production-deployments`" documentation. | |
370 | ||
371 | .. _webserver-config: | |
56d507b6 | 372 | |
e82857fa BS |
373 | Nginx as a reverse-proxy |
374 | ~~~~~~~~~~~~~~~~~~~~~~~~ | |
a7d2a892 | 375 | |
62a565e1 BS |
376 | This configuration example will use Nginx, however, you may use any |
377 | webserver of your choice. If you do not already have a web server, | |
378 | consider Nginx, as the configuration files may be more clear than the | |
379 | alternatives. | |
4e893b6e | 380 | |
381 | Create a configuration file at | |
382 | ``/srv/mediagoblin.example.org/nginx.conf`` and create a symbolic link | |
383 | into a directory that will be included in your ``nginx`` configuration | |
62a565e1 BS |
384 | (e.g. "``/etc/nginx/sites-enabled`` or ``/etc/nginx/conf.d``) with the |
385 | following commands:: | |
cd7af789 | 386 | |
7e10cdde | 387 | # Debian |
62a565e1 BS |
388 | sudo ln --symbolic /srv/mediagoblin.example.org/nginx.conf /etc/nginx/sites-enabled/mediagoblin.conf |
389 | sudo rm --force /etc/nginx/sites-enabled/default | |
cd7af789 JC |
390 | sudo systemctl enable nginx |
391 | ||
7e10cdde | 392 | # Fedora |
62a565e1 | 393 | sudo ln -s /srv/mediagoblin.example.org/nginx.conf /etc/nginx/conf.d/mediagoblin.conf |
cd7af789 JC |
394 | sudo systemctl enable nginx |
395 | ||
62a565e1 BS |
396 | You can modify these commands and locations depending on your |
397 | preferences and the existing configuration of your Nginx instance. The | |
398 | contents of this ``/srv/mediagoblin.example.org/nginx.conf`` file | |
399 | should be modeled on the following:: | |
076bf0cf WKG |
400 | |
401 | server { | |
402 | ################################################# | |
403 | # Stock useful config options, but ignore them :) | |
404 | ################################################# | |
405 | include /etc/nginx/mime.types; | |
406 | ||
407 | autoindex off; | |
408 | default_type application/octet-stream; | |
409 | sendfile on; | |
410 | ||
411 | # Gzip | |
412 | gzip on; | |
413 | gzip_min_length 1024; | |
414 | gzip_buffers 4 32k; | |
cd7af789 | 415 | gzip_types text/plain application/x-javascript text/javascript text/xml text/css; |
076bf0cf WKG |
416 | |
417 | ##################################### | |
418 | # Mounting MediaGoblin stuff | |
419 | # This is the section you should read | |
420 | ##################################### | |
421 | ||
422 | # Change this to update the upload size limit for your users | |
423 | client_max_body_size 8m; | |
424 | ||
a49c741f CAW |
425 | # prevent attacks (someone uploading a .txt file that the browser |
426 | # interprets as an HTML file, etc.) | |
427 | add_header X-Content-Type-Options nosniff; | |
37b48053 | 428 | |
076bf0cf WKG |
429 | server_name mediagoblin.example.org www.mediagoblin.example.org; |
430 | access_log /var/log/nginx/mediagoblin.example.access.log; | |
431 | error_log /var/log/nginx/mediagoblin.example.error.log; | |
432 | ||
433 | # MediaGoblin's stock static files: CSS, JS, etc. | |
434 | location /mgoblin_static/ { | |
435 | alias /srv/mediagoblin.example.org/mediagoblin/mediagoblin/static/; | |
436 | } | |
437 | ||
438 | # Instance specific media: | |
439 | location /mgoblin_media/ { | |
440 | alias /srv/mediagoblin.example.org/mediagoblin/user_dev/media/public/; | |
441 | } | |
442 | ||
8d051cc0 CAW |
443 | # Theme static files (usually symlinked in) |
444 | location /theme_static/ { | |
445 | alias /srv/mediagoblin.example.org/mediagoblin/user_dev/theme_static/; | |
446 | } | |
447 | ||
24ede044 CAW |
448 | # Plugin static files (usually symlinked in) |
449 | location /plugin_static/ { | |
450 | alias /srv/mediagoblin.example.org/mediagoblin/user_dev/plugin_static/; | |
451 | } | |
452 | ||
82c2f9a9 | 453 | # Forward requests to the MediaGoblin app server. |
076bf0cf | 454 | location / { |
82c2f9a9 | 455 | proxy_pass http://127.0.0.1:6543; |
4e893b6e | 456 | } |
076bf0cf | 457 | } |
4e893b6e | 458 | |
f44bd7dc CAW |
459 | The first four ``location`` directives instruct Nginx to serve the |
460 | static and uploaded files directly rather than through the MediaGoblin | |
461 | process. This approach is faster and requires less memory. | |
462 | ||
463 | .. note:: | |
464 | ||
cd7af789 | 465 | The user who owns the Nginx process, normally ``www-data`` or ``nginx``, |
f44bd7dc CAW |
466 | requires execute permission on the directories ``static``, |
467 | ``public``, ``theme_static`` and ``plugin_static`` plus all their | |
468 | parent directories. This user also requires read permission on all | |
469 | the files within these directories. This is normally the default. | |
470 | ||
cd7af789 JC |
471 | Nginx is now configured to serve the MediaGoblin application. Perform a quick |
472 | test to ensure that this configuration works:: | |
473 | ||
62a565e1 | 474 | sudo nginx -t |
cd7af789 | 475 | |
9650aa39 BS |
476 | If you encounter any errors, review your Nginx configuration files, and try to |
477 | resolve them. If you do not encounter any errors, you can start your Nginx | |
62a565e1 | 478 | server (may vary depending on your operating system):: |
4e893b6e | 479 | |
44db13fa | 480 | sudo systemctl restart nginx |
4e893b6e | 481 | |
62a565e1 | 482 | Now start MediaGoblin to test your Nginx configuration:: |
4e893b6e | 483 | |
62a565e1 BS |
484 | sudo su mediagoblin --shell=/bin/bash |
485 | $ cd /srv/mediagoblin.example.org/mediagoblin/ | |
486 | $ ./lazyserver.sh --server-name=main | |
4e893b6e | 487 | |
62a565e1 BS |
488 | You should be able to connect to the machine on port 80 in your |
489 | browser to confirm that the service is operable. If this is the | |
490 | machine in front of you, visit <http://localhost/> or if it is a | |
491 | remote server visit the URL or IP address provided to you by your | |
492 | hosting provider. You should see MediaGoblin; this time via Nginx! | |
4e893b6e | 493 | |
06d8fc89 BS |
494 | Try logging in and uploading an image. If after uploading you see any |
495 | "Forbidden" errors from Nginx or your image doesn't show up, you may | |
496 | need to update the permissions on the new directories MediaGoblin has | |
497 | created:: | |
498 | ||
7e10cdde | 499 | # Debian |
06d8fc89 BS |
500 | sudo chown --no-dereference --recursive mediagoblin:www-data /srv/mediagoblin.example.org |
501 | ||
7e10cdde | 502 | # Fedora |
06d8fc89 BS |
503 | sudo chown --no-dereference --recursive mediagoblin:nginx /srv/mediagoblin.example.org |
504 | ||
4e893b6e | 505 | .. note:: |
a7d2a892 | 506 | |
62a565e1 BS |
507 | If you see an Nginx placeholder page, you may need to remove the |
508 | Nginx default configuration, or explictly set a ``server_name`` | |
509 | directive in the Nginx config. | |
a7d2a892 | 510 | |
62a565e1 BS |
511 | Type ``Ctrl-c`` to exit the above server test and ``exit`` or |
512 | ``Ctrl-d`` to exit the mediagoblin shell. | |
a7d2a892 | 513 | |
b835e153 | 514 | |
62a565e1 | 515 | .. _systemd-service-files: |
3f088a3f | 516 | |
62a565e1 BS |
517 | Run MediaGoblin as a system service |
518 | ----------------------------------- | |
3f088a3f | 519 | |
62a565e1 BS |
520 | To ensure MediaGoblin is automatically started and restarted in case of |
521 | problems, we need to run it as a system service. If your operating system uses | |
522 | Systemd, you can use Systemd ``service files`` to manage both the Celery and | |
523 | Paste processes. | |
3f088a3f | 524 | |
e82857fa BS |
525 | In the Systemd configuration below, MediaGoblin log files are kept in |
526 | the ``/var/log/mediagoblin`` directory. Create the directory and give | |
527 | it the proper permissions:: | |
528 | ||
529 | sudo mkdir --parents /var/log/mediagoblin | |
530 | sudo chown --no-dereference --recursive mediagoblin:mediagoblin /var/log/mediagoblin | |
531 | ||
62a565e1 BS |
532 | Place the following service files in the ``/etc/systemd/system/`` |
533 | directory. The first file should be named | |
534 | ``mediagoblin-celeryd.service``. Be sure to modify it to suit your | |
535 | environment's setup: | |
536 | ||
537 | .. code-block:: bash | |
538 | ||
539 | # Set the WorkingDirectory and Environment values to match your environment. | |
540 | [Unit] | |
541 | Description=MediaGoblin Celeryd | |
542 | ||
543 | [Service] | |
544 | User=mediagoblin | |
545 | Group=mediagoblin | |
546 | Type=simple | |
547 | WorkingDirectory=/srv/mediagoblin.example.org/mediagoblin | |
548 | Environment=MEDIAGOBLIN_CONFIG=/srv/mediagoblin.example.org/mediagoblin/mediagoblin.ini \ | |
549 | CELERY_CONFIG_MODULE=mediagoblin.init.celery.from_celery | |
550 | ExecStart=/srv/mediagoblin.example.org/mediagoblin/bin/celery worker \ | |
551 | --logfile=/var/log/mediagoblin/celery.log \ | |
552 | --loglevel=INFO | |
553 | ||
554 | [Install] | |
555 | WantedBy=multi-user.target | |
556 | ||
557 | ||
558 | The second file should be named ``mediagoblin-paster.service``: | |
559 | ||
560 | .. code-block:: bash | |
561 | ||
562 | # Set the WorkingDirectory and Environment values to match your environment. | |
563 | [Unit] | |
564 | Description=Mediagoblin | |
565 | ||
566 | [Service] | |
567 | Type=simple | |
568 | User=mediagoblin | |
569 | Group=mediagoblin | |
570 | Environment=CELERY_ALWAYS_EAGER=false | |
571 | WorkingDirectory=/srv/mediagoblin.example.org/mediagoblin | |
572 | ExecStart=/srv/mediagoblin.example.org/mediagoblin/bin/paster serve \ | |
573 | /srv/mediagoblin.example.org/mediagoblin/paste.ini \ | |
574 | --log-file=/var/log/mediagoblin/mediagoblin.log \ | |
575 | --server-name=main | |
576 | ||
577 | [Install] | |
578 | WantedBy=multi-user.target | |
579 | ||
580 | ||
581 | Enable these processes to start at boot by entering:: | |
b835e153 | 582 | |
62a565e1 BS |
583 | sudo systemctl enable mediagoblin-celeryd.service && sudo systemctl enable mediagoblin-paster.service |
584 | ||
585 | ||
586 | Start the processes for the current session with:: | |
587 | ||
588 | sudo systemctl start mediagoblin-celeryd.service | |
589 | sudo systemctl start mediagoblin-paster.service | |
590 | ||
591 | ||
592 | If either command above gives you an error, you can investigate the cause of | |
593 | the error by entering either of:: | |
594 | ||
595 | sudo systemctl status mediagoblin-celeryd.service | |
596 | sudo systemctl status mediagoblin-paster.service | |
597 | ||
598 | The above ``systemctl status`` command is also useful if you ever want to | |
599 | confirm that a process is still running. If you make any changes to the service | |
600 | files, you can reload the service files by entering:: | |
601 | ||
602 | sudo systemctl daemon-reload | |
603 | ||
604 | After entering that command, you can attempt to start the Celery or Paste | |
605 | processes again using ``restart`` instead of ``start``. | |
606 | ||
607 | Assuming the above was successful, you should now have a MediaGoblin | |
608 | server that will continue to operate, even after being restarted. | |
609 | Great job! | |
610 | ||
62a565e1 | 611 | |
e82857fa BS |
612 | What next? |
613 | ---------- | |
b835e153 | 614 | |
e82857fa BS |
615 | This configuration supports upload of images only, but MediaGoblin |
616 | also supports other types of media, such as audio, video, PDFs and 3D | |
617 | models. For details, see the ":doc:`media-types`" documentation. | |
fd5c35e5 | 618 | |
f44bd7dc CAW |
619 | .. |
620 | Local variables: | |
621 | fill-column: 70 | |
622 | End: |