Commit | Line | Data |
---|---|---|
473a4431 CAW |
1 | .. MediaGoblin Documentation |
2 | ||
fd5c35e5 | 3 | Written in 2011, 2012, 2013 by MediaGoblin contributors |
473a4431 CAW |
4 | |
5 | To the extent possible under law, the author(s) have dedicated all | |
6 | copyright and related and neighboring rights to this software to | |
7 | the public domain worldwide. This software is distributed without | |
8 | any warranty. | |
9 | ||
10 | You should have received a copy of the CC0 Public Domain | |
11 | Dedication along with this software. If not, see | |
12 | <http://creativecommons.org/publicdomain/zero/1.0/>. | |
13 | ||
abe74178 WKG |
14 | .. _deploying-chapter: |
15 | ||
4e893b6e | 16 | ===================== |
17 | Deploying MediaGoblin | |
18 | ===================== | |
00fdc7bd | 19 | |
44db13fa JC |
20 | GNU MediaGoblin is fairly new, and so at the time of writing there aren't |
21 | easy package-manager-friendly methods to install it. However, doing a basic | |
22 | install isn't too complex in and of itself. Following this deployment guide | |
23 | will take you step-by-step through setting up your own instance of MediaGoblin. | |
56d507b6 | 24 | |
44db13fa JC |
25 | Of course, when it comes to setting up web applications like MediaGoblin, |
26 | there's an almost infinite way to deploy things, so for now, we'll keep it | |
27 | simple with some assumptions. We recommend a setup that combines MediaGoblin + | |
28 | virtualenv + fastcgi + nginx on a .deb- or .rpm-based GNU/Linux distro. | |
29 | ||
30 | Other deployment options (e.g., deploying on FreeBSD, Arch Linux, using | |
31 | Apache, etc.) are possible, though! If you'd prefer a different deployment | |
32 | approach, see our | |
33 | `Deployment wiki page <http://wiki.mediagoblin.org/Deployment>`_. | |
e260065a | 34 | |
076bf0cf WKG |
35 | .. note:: |
36 | ||
37 | These tools are for site administrators wanting to deploy a fresh | |
44db13fa | 38 | install. If you want to join in as a contributor, see our |
076bf0cf | 39 | `Hacking HOWTO <http://wiki.mediagoblin.org/HackingHowto>`_ instead. |
e260065a | 40 | |
44db13fa JC |
41 | .. note:: |
42 | ||
43 | Throughout the documentation we use the ``sudo`` command to indicate that | |
44 | an instruction requires elevated user privileges to run. You can issue | |
45 | these commands as the ``root`` user if you prefer. | |
46 | ||
47 | If you need help configuring ``sudo``, see the | |
48 | `Debian wiki <https://wiki.debian.org/sudo/>`_ or the | |
49 | `Fedora Project wiki <https://fedoraproject.org/wiki/Configuring_Sudo/>`_. | |
50 | ||
4d8a3cd8 | 51 | |
4e893b6e | 52 | Prepare System |
53 | -------------- | |
e260065a | 54 | |
4e893b6e | 55 | Dependencies |
56 | ~~~~~~~~~~~~ | |
e260065a | 57 | |
4e893b6e | 58 | MediaGoblin has the following core dependencies: |
e260065a | 59 | |
2acf47d8 | 60 | - Python 2.7 |
4e893b6e | 61 | - `python-lxml <http://lxml.de/>`_ |
62 | - `git <http://git-scm.com/>`_ | |
775ec9e8 | 63 | - `SQLite <http://www.sqlite.org/>`_/`PostgreSQL <http://www.postgresql.org/>`_ |
4e893b6e | 64 | - `Python Imaging Library <http://www.pythonware.com/products/pil/>`_ (PIL) |
65 | - `virtualenv <http://www.virtualenv.org/>`_ | |
4ec1af11 | 66 | - `nodejs <https://nodejs.org>`_ |
e260065a | 67 | |
4e893b6e | 68 | On a DEB-based system (e.g Debian, gNewSense, Trisquel, Ubuntu, and |
7798f911 | 69 | derivatives) issue the following command:: |
e260065a | 70 | |
44db13fa | 71 | sudo apt-get install git-core python python-dev python-lxml \ |
4c89287c JC |
72 | python-imaging python-virtualenv npm nodejs-legacy automake \ |
73 | nginx | |
e260065a | 74 | |
4e893b6e | 75 | On a RPM-based system (e.g. Fedora, RedHat, and derivatives) issue the |
7798f911 | 76 | following command:: |
4e893b6e | 77 | |
44db13fa | 78 | sudo yum install python-paste-deploy python-paste-script \ |
076bf0cf | 79 | git-core python python-devel python-lxml python-imaging \ |
4c89287c | 80 | python-virtualenv npm automake nginx |
e260065a | 81 | |
775ec9e8 JW |
82 | Configure PostgreSQL |
83 | ~~~~~~~~~~~~~~~~~~~~ | |
84 | ||
85 | .. note:: | |
86 | ||
7798f911 WKG |
87 | MediaGoblin currently supports PostgreSQL and SQLite. The default is a |
88 | local SQLite database. This will "just work" for small deployments. | |
775ec9e8 | 89 | |
7798f911 WKG |
90 | For medium to large deployments we recommend PostgreSQL. |
91 | ||
92 | If you don't want/need postgres, skip this section. | |
93 | ||
44db13fa | 94 | These are the packages needed for Debian Jessie (stable):: |
775ec9e8 | 95 | |
44db13fa | 96 | sudo apt-get install postgresql postgresql-client python-psycopg2 |
c3075e91 JC |
97 | |
98 | These are the packages needed for an RPM-based system:: | |
99 | ||
44db13fa | 100 | sudo yum install postgresql postgresql-server python-psycopg2 |
c3075e91 | 101 | |
a0392075 JC |
102 | An rpm-based system also requires that you initialize and start the |
103 | PostgresSQL database with a few commands. The following commands are | |
104 | not needed on a Debian-based platform, however:: | |
c3075e91 | 105 | |
44db13fa | 106 | sudo /usr/bin/postgresql-setup initdb |
a0392075 JC |
107 | sudo systemctl enable postgresql |
108 | sudo systemctl start postgresql | |
775ec9e8 JW |
109 | |
110 | The installation process will create a new *system* user named ``postgres``, | |
c3075e91 | 111 | which will have privilegies sufficient to manage the database. We will create a |
775ec9e8 JW |
112 | new database user with restricted privilegies and a new database owned by our |
113 | restricted database user for our MediaGoblin instance. | |
114 | ||
115 | In this example, the database user will be ``mediagoblin`` and the database | |
116 | name will be ``mediagoblin`` too. | |
117 | ||
c3075e91 JC |
118 | We'll add these entities by first switching to the *postgres* account:: |
119 | ||
44db13fa | 120 | sudo su - postgres |
775ec9e8 | 121 | |
c3075e91 JC |
122 | This will change your prompt to a shell prompt, such as *-bash-4.2$*. Enter |
123 | the following *createuser* and *createdb* commands at that prompt. We'll | |
124 | create the *mediagoblin* database user first:: | |
775ec9e8 | 125 | |
44db13fa JC |
126 | # this command and the one that follows are run as the ``postgres`` user: |
127 | createuser -A -D mediagoblin | |
775ec9e8 | 128 | |
c3075e91 JC |
129 | Then we'll create the database where all of our MediaGoblin data will be stored:: |
130 | ||
44db13fa | 131 | createdb -E UNICODE -O mediagoblin mediagoblin |
775ec9e8 JW |
132 | |
133 | where the first ``mediagoblin`` is the database owner and the second | |
134 | ``mediagoblin`` is the database name. | |
135 | ||
7bba6d2e | 136 | Type ``exit`` to exit from the 'postgres' user account.:: |
c3075e91 | 137 | |
7bba6d2e | 138 | exit |
c3075e91 | 139 | |
775ec9e8 JW |
140 | .. caution:: Where is the password? |
141 | ||
142 | These steps enable you to authenticate to the database in a password-less | |
143 | manner via local UNIX authentication provided you run the MediaGoblin | |
144 | application as a user with the same name as the user you created in | |
145 | PostgreSQL. | |
146 | ||
147 | More on this in :ref:`Drop Privileges for MediaGoblin <drop-privileges-for-mediagoblin>`. | |
148 | ||
149 | ||
775ec9e8 JW |
150 | .. _drop-privileges-for-mediagoblin: |
151 | ||
4e893b6e | 152 | Drop Privileges for MediaGoblin |
153 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
17c71230 | 154 | |
fd5c35e5 | 155 | MediaGoblin does not require special permissions or elevated |
1b4a9f26 CAW |
156 | access to run. As such, the preferred way to run MediaGoblin is to |
157 | create a dedicated, unprivileged system user for the sole purpose of running | |
fd5c35e5 JC |
158 | MediaGoblin. Running MediaGoblin processes under an unpriviledged system user |
159 | helps to keep it more secure. | |
160 | ||
161 | The following command (entered as root or with sudo) will create a | |
162 | system account with a username of ``mediagoblin``. You may choose a different | |
4c89287c | 163 | username if you wish. |
fd5c35e5 | 164 | |
4c89287c | 165 | If you are using a Debian-based system, enter this command:: |
fd5c35e5 | 166 | |
4c89287c JC |
167 | sudo useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g www-data mediagoblin |
168 | ||
169 | If you are using an RPM-based system, enter this command:: | |
170 | ||
171 | sudo useradd -c "GNU MediaGoblin system account" -d /var/lib/mediagoblin -m -r -g nginx mediagoblin | |
172 | ||
173 | This will create a ``mediagoblin`` user and assign it to a group that is | |
174 | associated with the web server. This will ensure that the web server can | |
175 | read the media files (images, videos, etc.) that users upload. | |
176 | ||
177 | We will also create a ``mediagoblin`` group and associate the mediagoblin | |
178 | user with that group, as well:: | |
179 | ||
180 | sudo groupadd mediagoblin && sudo usermod --append -G mediagoblin mediagoblin | |
181 | ||
fd5c35e5 | 182 | No password will be assigned to this account, and you will not be able |
9a1ba0e8 | 183 | to log in as this user. To switch to this account, enter:: |
fd5c35e5 | 184 | |
44db13fa | 185 | sudo su mediagoblin -s /bin/bash |
fd5c35e5 | 186 | |
ef2642f7 JC |
187 | To return to your regular user account after using the system account, type |
188 | ``exit``. | |
fd5c35e5 | 189 | |
fd5c35e5 JC |
190 | .. _create-mediagoblin-directory: |
191 | ||
192 | Create a MediaGoblin Directory | |
193 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
17c71230 | 194 | |
4e893b6e | 195 | You should create a working directory for MediaGoblin. This document |
076bf0cf | 196 | assumes your local git repository will be located at |
fd5c35e5 JC |
197 | ``/srv/mediagoblin.example.org/mediagoblin/``. |
198 | Substitute your prefered local deployment path as needed. | |
199 | ||
200 | Setting up the working directory requires that we first create the directory | |
201 | with elevated priviledges, and then assign ownership of the directory | |
202 | to the unpriviledged system account. | |
17c71230 | 203 | |
4c89287c JC |
204 | To do this, enter the following command, changing the defaults to suit your |
205 | particular requirements. On a Debian-based platform you will enter this:: | |
206 | ||
207 | sudo mkdir -p /srv/mediagoblin.example.org && sudo chown -hR mediagoblin:www-data /srv/mediagoblin.example.org | |
208 | ||
209 | On an RPM-based distribution, enter this command:: | |
17c71230 | 210 | |
4c89287c | 211 | sudo mkdir -p /srv/mediagoblin.example.org && sudo chown -hR mediagoblin:nginx /srv/mediagoblin.example.org |
fd5c35e5 | 212 | |
c3075e91 | 213 | .. note:: |
fd5c35e5 | 214 | |
c3075e91 JC |
215 | Unless otherwise noted, the remainder of this document assumes that all |
216 | operations are performed using this unpriviledged account. | |
17c71230 | 217 | |
4e893b6e | 218 | |
e260065a | 219 | Install MediaGoblin and Virtualenv |
4e893b6e | 220 | ---------------------------------- |
e260065a | 221 | |
44db13fa JC |
222 | We will now switch to our 'mediagoblin' system account, and then set up |
223 | our MediaGoblin source code repository and its necessary services. | |
224 | You should modify these commands to suit your own environment. | |
17c71230 | 225 | |
fd5c35e5 JC |
226 | Change to the MediaGoblin directory that you just created:: |
227 | ||
44db13fa | 228 | sudo su mediagoblin -s /bin/bash # to change to the 'mediagoblin' account |
9a1ba0e8 | 229 | $ cd /srv/mediagoblin.example.org |
17c71230 | 230 | |
d3b1fd2e | 231 | Clone the MediaGoblin repository and set up the git submodules:: |
e260065a | 232 | |
a35b7c7f | 233 | $ git clone git://git.savannah.gnu.org/mediagoblin.git -b stable |
9a1ba0e8 JC |
234 | $ cd mediagoblin |
235 | $ git submodule init && git submodule update | |
e260065a | 236 | |
9fa1e602 CAW |
237 | .. note:: |
238 | ||
239 | The MediaGoblin repository used to be on gitorious.org, but since | |
240 | gitorious.org shut down, we had to move. We are presently on | |
241 | Savannah. You may need to update your git repository location:: | |
242 | ||
44db13fa | 243 | $ git remote set-url origin git://git.savannah.gnu.org/mediagoblin.git |
e260065a | 244 | |
41dbb27a | 245 | Set up the hacking environment:: |
3b8251f3 | 246 | |
9a1ba0e8 | 247 | $ ./bootstrap.sh && ./configure && make |
f0e137ab | 248 | |
b791ae97 JC |
249 | Create and set the proper permissions on the ``user_dev`` directory. |
250 | This directory will be used to store uploaded media files:: | |
251 | ||
252 | $ mkdir user_dev && chmod 750 user_dev | |
253 | ||
254 | Assuming you are going to deploy with FastCGI, you should also install | |
255 | flup:: | |
256 | ||
257 | $ ./bin/easy_install flup | |
258 | ||
13f18799 CAW |
259 | (Note, if you're running Python 2, which you probably are at this |
260 | point in MediaGoblin's development, you'll need to run:) | |
261 | ||
262 | $ ./bin/easy_install flup==1.0.3.dev-20110405 | |
263 | ||
4e893b6e | 264 | The above provides an in-package install of ``virtualenv``. While this |
265 | is counter to the conventional ``virtualenv`` configuration, it is | |
266 | more reliable and considerably easier to configure and illustrate. If | |
267 | you're familiar with Python packaging you may consider deploying with | |
c356dc16 | 268 | your preferred method. |
e260065a | 269 | |
8d59cd1f CAW |
270 | .. note:: |
271 | ||
272 | What if you don't want an in-package ``virtualenv``? Maybe you | |
273 | have your own ``virtualenv``, or you are building a MediaGoblin | |
274 | package for a distribution. There's no need necessarily for the | |
275 | virtualenv produced by ``./configure && make`` by default other | |
276 | than attempting to simplify work for developers and people | |
277 | deploying by hiding all the virtualenv and bower complexity. | |
278 | ||
279 | If you want to install all of MediaGoblin's libraries | |
280 | independently, that's totally fine! You can pass the flag | |
281 | ``--without-virtualenv`` which will skip this step. | |
282 | But you will need to install all those libraries manually and make | |
283 | sure they are on your ``PYTHONPATH`` yourself! (You can still use | |
284 | ``python setup.py develop`` to install some of those libraries, | |
285 | but note that no ``./bin/python`` will be set up for you via this | |
286 | method, since no virtualenv is set up for you!) | |
287 | ||
b791ae97 | 288 | This concludes the initial configuration of the MediaGoblin |
8d9aa03f | 289 | environment. In the future, when you update your |
076bf0cf | 290 | codebase, you should also run:: |
e260065a | 291 | |
9a1ba0e8 JC |
292 | $ git submodule update && ./bin/python setup.py develop --upgrade && ./bin/gmg dbupdate |
293 | ||
294 | .. note:: | |
e260065a | 295 | |
9a1ba0e8 JC |
296 | Note: If you are running an active site, depending on your server |
297 | configuration, you may need to stop it first or the dbupdate command | |
298 | may hang (and it's certainly a good idea to restart it after the | |
299 | update) | |
9d5cd0b9 CAW |
300 | |
301 | ||
4e893b6e | 302 | Deploy MediaGoblin Services |
303 | --------------------------- | |
e260065a | 304 | |
a7d2a892 ST |
305 | Edit site configuration |
306 | ~~~~~~~~~~~~~~~~~~~~~~~ | |
307 | ||
041d2fd7 | 308 | A few basic properties must be set before MediaGoblin will work. First |
ec255f63 JC |
309 | make a copy of ``mediagoblin.ini`` and ``paste.ini`` for editing so the original |
310 | config files aren't lost (you likely won't need to edit the paste configuration, | |
311 | but we'll make a local copy of it just in case):: | |
a7d2a892 | 312 | |
ec255f63 | 313 | $ cp -av mediagoblin.ini mediagoblin_local.ini && cp -av paste.ini paste_local.ini |
a7d2a892 | 314 | |
ec255f63 | 315 | Then edit mediagoblin_local.ini: |
041d2fd7 CAW |
316 | - Set ``email_sender_address`` to the address you wish to be used as |
317 | the sender for system-generated emails | |
318 | - Edit ``direct_remote_path``, ``base_dir``, and ``base_url`` if | |
319 | your mediagoblin directory is not the root directory of your | |
320 | vhost. | |
a7d2a892 ST |
321 | |
322 | ||
775ec9e8 JW |
323 | Configure MediaGoblin to use the PostgreSQL database |
324 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
325 | ||
7798f911 WKG |
326 | If you are using postgres, edit the ``[mediagoblin]`` section in your |
327 | ``mediagoblin_local.ini`` and put in:: | |
775ec9e8 JW |
328 | |
329 | sql_engine = postgresql:///mediagoblin | |
330 | ||
331 | if you are running the MediaGoblin application as the same 'user' as the | |
332 | database owner. | |
333 | ||
7798f911 | 334 | |
775ec9e8 JW |
335 | Update database data structures |
336 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
337 | ||
7798f911 | 338 | Before you start using the database, you need to run:: |
775ec9e8 | 339 | |
44db13fa | 340 | $ ./bin/gmg dbupdate |
775ec9e8 JW |
341 | |
342 | to populate the database with the MediaGoblin data structures. | |
343 | ||
344 | ||
4e893b6e | 345 | Test the Server |
346 | ~~~~~~~~~~~~~~~ | |
e260065a | 347 | |
4e893b6e | 348 | At this point MediaGoblin should be properly installed. You can |
076bf0cf | 349 | test the deployment with the following command:: |
e260065a | 350 | |
44db13fa | 351 | $ ./lazyserver.sh --server-name=broadcast |
e260065a | 352 | |
4e893b6e | 353 | You should be able to connect to the machine on port 6543 in your |
354 | browser to confirm that the service is operable. | |
e260065a | 355 | |
3948e44c JC |
356 | The next series of commands will need to be run as a priviledged user. Type |
357 | exit to return to the root/sudo account.:: | |
358 | ||
359 | exit | |
360 | ||
cd1abb11 CAW |
361 | .. _webserver-config: |
362 | ||
56d507b6 | 363 | |
a7d2a892 ST |
364 | FastCGI and nginx |
365 | ~~~~~~~~~~~~~~~~~ | |
366 | ||
367 | This configuration example will use nginx, however, you may | |
4e893b6e | 368 | use any webserver of your choice as long as it supports the FastCGI |
369 | protocol. If you do not already have a web server, consider nginx, as | |
370 | the configuration files may be more clear than the | |
371 | alternatives. | |
372 | ||
373 | Create a configuration file at | |
374 | ``/srv/mediagoblin.example.org/nginx.conf`` and create a symbolic link | |
375 | into a directory that will be included in your ``nginx`` configuration | |
376 | (e.g. "``/etc/nginx/sites-enabled`` or ``/etc/nginx/conf.d``) with | |
cd7af789 | 377 | one of the following commands. |
4e893b6e | 378 | |
cd7af789 JC |
379 | On a DEB-based system (e.g Debian, gNewSense, Trisquel, Ubuntu, and |
380 | derivatives) issue the following commands:: | |
381 | ||
44db13fa | 382 | sudo ln -s /srv/mediagoblin.example.org/nginx.conf /etc/nginx/sites-enabled/ |
cd7af789 JC |
383 | sudo systemctl enable nginx |
384 | ||
385 | On a RPM-based system (e.g. Fedora, RedHat, and derivatives) issue the | |
386 | following commands:: | |
4e893b6e | 387 | |
cd7af789 JC |
388 | sudo ln -s /srv/mediagoblin.example.org/nginx.conf /etc/nginx/conf.d/ |
389 | sudo systemctl enable nginx | |
390 | ||
391 | You can modify these commands and locations depending on your preferences and | |
4e893b6e | 392 | the existing configuration of your nginx instance. The contents of |
076bf0cf WKG |
393 | this ``nginx.conf`` file should be modeled on the following:: |
394 | ||
395 | server { | |
396 | ################################################# | |
397 | # Stock useful config options, but ignore them :) | |
398 | ################################################# | |
399 | include /etc/nginx/mime.types; | |
400 | ||
401 | autoindex off; | |
402 | default_type application/octet-stream; | |
403 | sendfile on; | |
404 | ||
405 | # Gzip | |
406 | gzip on; | |
407 | gzip_min_length 1024; | |
408 | gzip_buffers 4 32k; | |
cd7af789 | 409 | gzip_types text/plain application/x-javascript text/javascript text/xml text/css; |
076bf0cf WKG |
410 | |
411 | ##################################### | |
412 | # Mounting MediaGoblin stuff | |
413 | # This is the section you should read | |
414 | ##################################### | |
415 | ||
416 | # Change this to update the upload size limit for your users | |
417 | client_max_body_size 8m; | |
418 | ||
a49c741f CAW |
419 | # prevent attacks (someone uploading a .txt file that the browser |
420 | # interprets as an HTML file, etc.) | |
421 | add_header X-Content-Type-Options nosniff; | |
37b48053 | 422 | |
076bf0cf WKG |
423 | server_name mediagoblin.example.org www.mediagoblin.example.org; |
424 | access_log /var/log/nginx/mediagoblin.example.access.log; | |
425 | error_log /var/log/nginx/mediagoblin.example.error.log; | |
426 | ||
427 | # MediaGoblin's stock static files: CSS, JS, etc. | |
428 | location /mgoblin_static/ { | |
429 | alias /srv/mediagoblin.example.org/mediagoblin/mediagoblin/static/; | |
430 | } | |
431 | ||
432 | # Instance specific media: | |
433 | location /mgoblin_media/ { | |
434 | alias /srv/mediagoblin.example.org/mediagoblin/user_dev/media/public/; | |
435 | } | |
436 | ||
8d051cc0 CAW |
437 | # Theme static files (usually symlinked in) |
438 | location /theme_static/ { | |
439 | alias /srv/mediagoblin.example.org/mediagoblin/user_dev/theme_static/; | |
440 | } | |
441 | ||
24ede044 CAW |
442 | # Plugin static files (usually symlinked in) |
443 | location /plugin_static/ { | |
444 | alias /srv/mediagoblin.example.org/mediagoblin/user_dev/plugin_static/; | |
445 | } | |
446 | ||
076bf0cf WKG |
447 | # Mounting MediaGoblin itself via FastCGI. |
448 | location / { | |
449 | fastcgi_pass 127.0.0.1:26543; | |
450 | include /etc/nginx/fastcgi_params; | |
451 | ||
452 | # our understanding vs nginx's handling of script_name vs | |
453 | # path_info don't match :) | |
454 | fastcgi_param PATH_INFO $fastcgi_script_name; | |
455 | fastcgi_param SCRIPT_NAME ""; | |
4e893b6e | 456 | } |
076bf0cf | 457 | } |
4e893b6e | 458 | |
f44bd7dc CAW |
459 | The first four ``location`` directives instruct Nginx to serve the |
460 | static and uploaded files directly rather than through the MediaGoblin | |
461 | process. This approach is faster and requires less memory. | |
462 | ||
463 | .. note:: | |
464 | ||
cd7af789 | 465 | The user who owns the Nginx process, normally ``www-data`` or ``nginx``, |
f44bd7dc CAW |
466 | requires execute permission on the directories ``static``, |
467 | ``public``, ``theme_static`` and ``plugin_static`` plus all their | |
468 | parent directories. This user also requires read permission on all | |
469 | the files within these directories. This is normally the default. | |
470 | ||
cd7af789 JC |
471 | Nginx is now configured to serve the MediaGoblin application. Perform a quick |
472 | test to ensure that this configuration works:: | |
473 | ||
474 | nginx -t | |
475 | ||
476 | If you encounter any errors, review your nginx configuration files, and try to | |
477 | resolve them. If you do not encounter any errors, you can start your nginx | |
478 | server with one of the following commands (depending on your environment):: | |
4e893b6e | 479 | |
076bf0cf WKG |
480 | sudo /etc/init.d/nginx restart |
481 | sudo /etc/rc.d/nginx restart | |
44db13fa | 482 | sudo systemctl restart nginx |
4e893b6e | 483 | |
484 | Now start MediaGoblin. Use the following command sequence as an | |
076bf0cf | 485 | example:: |
4e893b6e | 486 | |
076bf0cf | 487 | cd /srv/mediagoblin.example.org/mediagoblin/ |
cd7af789 | 488 | su mediagoblin -s /bin/bash |
076bf0cf | 489 | ./lazyserver.sh --server-name=fcgi fcgi_host=127.0.0.1 fcgi_port=26543 |
4e893b6e | 490 | |
491 | Visit the site you've set up in your browser by visiting | |
518c5eb3 | 492 | <http://mediagoblin.example.org>. You should see MediaGoblin! |
4e893b6e | 493 | |
4e893b6e | 494 | .. note:: |
495 | ||
a085dda5 | 496 | The configuration described above is sufficient for development and |
497 | smaller deployments. However, for larger production deployments | |
498 | with larger processing requirements, see the | |
499 | ":doc:`production-deployments`" documentation. | |
a7d2a892 ST |
500 | |
501 | ||
502 | Apache | |
503 | ~~~~~~ | |
504 | ||
041d2fd7 CAW |
505 | Instructions and scripts for running MediaGoblin on an Apache server |
506 | can be found on the `MediaGoblin wiki <http://wiki.mediagoblin.org/Deployment>`_. | |
b835e153 E |
507 | |
508 | ||
f5ac2b61 CAW |
509 | Should I Keep Open Registration Enabled? |
510 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
3f088a3f CAW |
511 | |
512 | Unfortunately, in this current release of MediaGoblin we are suffering | |
513 | from spammers registering to public instances en masse. As such, you | |
514 | may want to either: | |
515 | ||
516 | a) Disable registration on your instance and just make | |
517 | accounts for people you know and trust (eg via the `gmg adduser` | |
518 | command). You can disable registration in your mediagoblin.ini | |
519 | like so:: | |
520 | ||
521 | [mediagoblin] | |
522 | allow_registration = false | |
523 | ||
524 | b) Enable a captcha plugin. But unfortunately, though some captcha | |
525 | plugins exist, for various reasons we do not have any general | |
526 | recommendations we can make at this point. | |
527 | ||
528 | We hope to have a better solution to this situation shortly. We | |
529 | apologize for the inconvenience in the meanwhile. | |
530 | ||
531 | ||
b835e153 E |
532 | Security Considerations |
533 | ~~~~~~~~~~~~~~~~~~~~~~~ | |
534 | ||
535 | .. warning:: | |
536 | ||
537 | The directory ``user_dev/crypto/`` contains some very | |
538 | sensitive files. | |
539 | Especially the ``itsdangeroussecret.bin`` is very important | |
540 | for session security. Make sure not to leak its contents anywhere. | |
541 | If the contents gets leaked nevertheless, delete your file | |
542 | and restart the server, so that it creates a new secret key. | |
fd5c35e5 JC |
543 | All previous sessions will be invalidated. |
544 | ||
f44bd7dc CAW |
545 | .. |
546 | Local variables: | |
547 | fill-column: 70 | |
548 | End: |