Piwigo on server

So I'm reinstalling Piwigo and stuff on my little server this time.

Software

sudo tasksel

Select LAMP server, OK -> install 28 packages or so.  Test: http://kid2.lan/ (OK: apache default page).

sudo apt install php7.2-mbstring php7.2-gd php7.2-mysql

Change the following in  /etc/php/7.2/apache2/php.ini :

upload_max_filesize = 20M
post_max_size = 20M
max_file_uploads = 99

Database

Create piwigo.sql script with the necessary CREATE DATABASE and so on.

mysql -u root -p < /home/luc/Documents/Config/piwogo.sql

Piwigo

cd /tmp && wget -O piwigo.zip \
http://piwigo.org/download/dlcounter.php?code=latest
unzip piwigo.zip
sudo mv piwigo /var/www/html/
sudo chown -R www-data:www-data /var/www/html/piwigo/
sudo chmod -R 755 /var/www/html/piwigo/

Apache configuration

sudo vi /etc/apache2/sites-available/piwigo.conf

Create this file as in previous blog entry, but on port 80 and without the SSL stuff for the moment.  We want to init Piwigo before, but you could do it after the SSL/HTTPS configuration too I guess.

Piwigo initialization

Goto http://kid2.lan/piwigo/ and the initialization script starts.  Test under HTTP for the time being.

SSL (HTTPS) configuration

Install certbot:

sudo apt install certbot

The rest of the instructions for using certbot it at :
https://desec.io/#!/en/docs/certbot

Apparently certbot needs curl to be installed, but I had to first upgrade urbackup-server to 2.2.11 to remove a dependency on libcurl3 from urbackup-server-2.2.7 (otherwise installing curl would have removed urbackup-server).
When the certificate was received, I just changed piwigo.conf to activate the SSL stuff, and also had to enable the Apache ssl module:

sudo vi /etc/apache2/sites-available/piwigo.conf
sudo a2enmod ssl

Piwigo is pretty good hey

yes it it.  Also, I played a bit with port 443 forwarding and https configuration in Apache, and it finally kind of works.

Dynamic DNS

I have used  https://desec.io/ after trying also no-ip before.  Works fine.  In the Proximus BBOX I did setup the dyndns client parameters:

Provider: Custom
User Name: myhostIchoseTheNameOf.dedyn.io (as on desec.io: my domain)
Password: (my password at desec.io)
Hostname: myhostIchoseTheNameOf.dedyn.io
Custom Service:
HTTPS: On
Server: update.dedyn.io
Port: 443
Request:  ?hostname=%5BmyhostIchoseTheNameOf.dedyn.io%5D&myip=%5BIP%5D
Update Interval: 3600

DHCP

The HTTPS server needs a fixed IP address so we can do port forwarding in the next step.  Just assign one in the DSL router dialogs

Port forwarding

Forward only port 443 to the fixed IP address you assigned to the HTTPS server

SSL

Obtaining the first certificate was OK after a lot of reading, and some trial and error.  I still have to document how this can be done through let's encrypt

Apache:

 <VirtualHost *:443>
        ServerAdmin admin@myserver.lan
        DocumentRoot /var/www/html/piwigo
        ServerName myhostIchoseTheNameOf.dedyn.io

        SSLEngine on
        SSLProtocol all -SSLv2
        SSLCertificateFile /etc/letsencrypt/live/myhostIchoseTheNameOf.dedyn.io/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/myhostIchoseTheNameOf.dedyn.io/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/myhostIchoseTheNameOf.dedyn.io/fullchain.pem
     <Directory /var/www/html/piwigo/>
        Options +FollowSymlinks
        AllowOverride All
        Require all granted
     </Directory>

     ErrorLog ${APACHE_LOG_DIR}/error.log
     CustomLog ${APACHE_LOG_DIR}/access.log combined

</VirtualHost>