Lychee照片管理系统 作者: Hogwarts 发布于: 2022-12-30 更新于: 2024-01-19 分类: 默认分类 <!--more--> Lychee传说中的优点:免费、开源、界面简洁。 ~~本教程仅适合搭建V4版本,V5版本还未测试。~~ ~~实际上的缺点:免费版仅能搭建在80端口;自行搭建设置数据库和PHP操作繁琐,虽然这是PHP语言的问题。~~ ~~- 问题的解决 1.在VPS中设置443端口设置反代本机的80端口。看个人喜好防火墙是否阻止80端口。 2.推荐运用Docker搭建(仅理论,未进行测试)。一是可以解决80端口的问题;宿主机随意端口映射容器的80端口。然后443反代宿主机的映射端口。二是可以减少Lychee安装时的繁琐操作。~~ **脑子抽抽了,上面的话有误** 我感觉最大的优点就是换域名时,不用进行数据库更换操作。仅仅将nginx的 server_name 选项更换即可。 #一、搭建前的准备 以Debian11为例 apt update && apt upgrade -y ##1.1 安装 Nginx apt install nginx -y #默认安装1.18.0版本 最新稳定版安装参考:`https://winamp.top/191.html` ##1.2 安装 PHP 8.2 目前 Lychee 4.6.5 版本最低要求 PHP 8.1 apt install curl gnupg2 ca-certificates lsb-release debian-archive-keyring -y wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' apt install php8.2 php8.2-{curl,bcmath,gd,mbstring,mysql,pgsql,xml,zip,fpm} -y php -v apt install imagemagick apt install php8.2-imagick php -m | grep imagick 参考:`https://winamp.top/227.html` ##1.3 安装数据库 安装MySQL没有成功,以MariaDB替代。 #安装 apt install mariadb-server #访问 mysql #配置 mysql -u root -p #创建数据库root用户密码 CREATE DATABASE lychee; #创建名称为lychee的数据库 CREATE USER 'lychee'@'localhost' IDENTIFIED BY '大小写字母加数字不小于12位'; #创建用户名为lychee的密码 GRANT ALL PRIVILEGES ON lychee.* TO 'lychee'@'localhost' WITH GRANT OPTION; exit 需学习简单的数据库操作命令。 #查看 show databases; #删除 drop database <数据库名>; #退出 exit #查看所有用户 SELECT user FROM mysql.user; #删除用户 drop user 'user'@'localhost'; #user为用户名 drop user 'user'@'%'; #user为用户名 #强制刷新 flush privileges; #数据库备份命令 mysqldump -u数据库表用户名 -p数据库表密码 --databases 数据库表名 > 数据库表备份名.sql; #数据库恢复命令 mysql -u 数据库表用户名 -p数据库表密码 数据库表名 < 数据库表名.sql; ~~1.4 安装Composer~~ 参考:`https://getcomposer.org/`二选一 #简单安装 curl -sS https://getcomposer.org/installer | php mv composer.phar /usr/local/bin/composer #命令行安装 php -r "copy('https://getcomposer.org/installer', 'composer-setup.php');" php -r "if (hash_file('sha384', 'composer-setup.php') === '55ce33d7678c5a611085589f1f3ddf8b3c52d662cd01d4ba75c0ee0459970c2200a51f492d557530c71c15d8dba01eae') { echo 'Installer verified'; } else { echo 'Installer corrupt'; unlink('composer-setup.php'); } echo PHP_EOL;" php composer-setup.php php -r "unlink('composer-setup.php');" mv composer.phar /usr/local/bin/composer~~ #二、Lychee安装 ##2.1 下载 Lychee 源码 cd /var/www #Nginx默认网站目录,可根据实际情况修改 git clone https://github.com/LycheeOrg/Lychee.git ##2.2 安装 PHP 依赖 cd Lychee curl -sS https://getcomposer.org/installer | php #安装compose mv composer.phar /usr/local/bin/composer composer install --no-dev ##2.3 创建环境变量文件 cp .env.example .env vim .env #修改以下字段 APP_URL=IP或指向VPS的域名 DB_CONNECTION=填写mysql DB_HOST=填写127.0.0.1 DB_PORT=填写3306 DB_DATABASE=填写数据库名称,本例以lychee为例 #字段前的#号要删掉,坑 DB_USERNAME=填写数据库用户名,本例以lychee为例 DB_PASSWORD=填写本例lychee数据库的密码 #大小写字母加数字不小于12位 ##2.4 编辑生成 APP_KEY php artisan key:generate #生成密钥以确保cookies无法解密 ##2.5 数据库迁移 php artisan migrate 如果不能执行则运行 ./artisan migrate ##2.6 可能还需要给予目录权限 chmod -R 775 storage/* app/* public/uploads public/sym public/dist chown -R www-data:www-data storage/* app/* public/uploads public/sym public/dist chmod -R 777 public #三、配置 Nginx ##3.1 用80端口测试配置 可用此配置检测网站的搭建情况,不推荐用于生产环境 server { listen 80; server_name [IP]; ##### Path to the Lychee public/ directory. root /var/www/Lychee/public/; index index.php; # If the request is not for a valid file (image, js, css, etc.), send to bootstrap if (!-e $request_filename) { rewrite ^/(.*)$ /index.php?/$1 last; break; } # Serve /index.php through PHP location = /index.php { fastcgi_split_path_info ^(.+?\.php)(/.*)$; # Mitigate https://httpoxy.org/ vulnerabilities fastcgi_param HTTP_PROXY ""; ######### Make sure this is the correct socket for your system fastcgi_pass unix:/run/php/php8.2-fpm.sock; fastcgi_index index.php; ######## You may need to replace $document_root with the absolute path to your public folder. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PHP_VALUE "post_max_size=100M max_execution_time=200 upload_max_filesize=30M memory_limit=300M"; fastcgi_param PATH /usr/local/bin:/usr/bin:/bin; include fastcgi_params; } # Deny access to other .php files, rather than exposing their contents location ~ [^/]\.php(/|$) { return 403; } # [Optional] Lychee-specific logs error_log /var/log/nginx/lychee.error.log; access_log /var/log/nginx/lychee.access.log; # [Optional] Remove trailing slashes from requests (prevents SEO duplicate content issues) rewrite ^/(.+)/$ /$1 permanent; } - 如能正常运行,可将80端口改为其它任意端口。 - 改完后重启nginx,再运行`http://domain.com:your port`测试能否正常运行。注意防火墙开启端口。 #3.2 推荐配置 server{ listen 80; listen [::]:80; server_name yourdomain.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name yourdomain.com; ssl_certificate /etc/ssl/path/fullchain.cer; ssl_certificate_key /etc/ssl/path/private.key; ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; ssl_prefer_server_ciphers on; ssl_early_data on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; add_header Strict-Transport-Security "max-age=31536000"; root /var/www/Lychee/public; index index.php; ##### Path to the Lychee public/ directory. # If the request is not for a valid file (image, js, css, etc.), send to bootstrap if (!-e $request_filename) { rewrite ^/(.*)$ /index.php?/$1 last; break; } # Serve /index.php through PHP location = /index.php { fastcgi_split_path_info ^(.+?\.php)(/.*)$; # Mitigate https://httpoxy.org/ vulnerabilities fastcgi_param HTTP_PROXY ""; ######### Make sure this is the correct socket for your system fastcgi_pass unix:/run/php/php8.2-fpm.sock; fastcgi_index index.php; ######## You may need to replace $document_root with the absolute path to your public folder. fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PHP_VALUE "post_max_size=100M max_execution_time=200 upload_max_filesize=30M memory_limit=300M"; fastcgi_param PATH /usr/local/bin:/usr/bin:/bin; include fastcgi_params; } # Deny access to other .php files, rather than exposing their contents location ~ [^/]\.php(/|$) { return 403; } # [Optional] Lychee-specific logs error_log /var/log/nginx/lychee.error.log; access_log /var/log/nginx/lychee.access.log; # [Optional] Remove trailing slashes from requests (prevents SEO duplicate content issues) rewrite ^/(.+)/$ /$1 permanent; } 20230104PS: - 每日前进一小步。上文nginx中用443反代lychee端口简直就是画蛇添足。直接443运行不行么,经测试,没有问题的,现已改正。 - Nginx和PHP中的限制参数可根据自行情况修改。 - 关于Nginx监听80和443的IPv4和IPv6的写法还不熟悉,还需指正。 #四、参考 1. [Lychee 相片管理系统搭建](https://azhuge233.com/lychee-%E7%9B%B8%E7%89%87%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F%E6%90%AD%E5%BB%BA/ "Lychee 相片管理系统搭建") 1. [Lychee自建图床配置教程](https://zhaiyunfan.github.io/2020/01/21/lychee%E8%87%AA%E5%BB%BA%E5%9B%BE%E5%BA%8A%E9%85%8D%E7%BD%AE%E6%95%99%E7%A8%8B/ "Lychee自建图床配置教程") 1. [自建 Lychee 图床指南](https://www.higgs.xyz/archives/10/ "自建 Lychee 图床指南") 1. 抄太多记不住了 #五、手动更新 ##仅适合最高版本V4.13.0。 ##更新V5版本:按下列顺序升级V5版本后,需将 `APP_URL=http://localhost` 改为 `APP_URL=https://your-lychee-domain.com` 。注意是 https 。 以下载 zip 文件为例(简便) cd /data/www/ #进入网站目录 mv Lychee Lycheeold wget https://github.com/LycheeOrg/Lychee/releases/download/v4.10.0/Lychee.zip unzip Lychee.zip #####将`public/uploads/`,`public/dist/user.css`和`.env`文件移动到新版本下。 cp -R /data/www/Lycheeold/public/uploads/ /data/www/Lychee/public/ cp /data/www/Lycheeold/public/dist/user.css /data/www/Lychee/public/dist/ cp /data/www/Lycheeold/.env /data/www/Lychee/ #####给予权限 chown -R www-data:www-data /data/www/Lychee cd Lychee chmod -R 2775 storage/* app/* public/uploads public/sym public/dist chown -R www-data:www-data storage/* app/* public/uploads public/sym public/dist chmod -R 2775 public #####数据库迁移 php artisan migrate 参考:`https://lycheeorg.github.io/docs/update.html#update-manually` #六、小问题 ##6.1 在“诊断”中报错 Warning: /data/www/Lychee/public/uploads/ has permissions 0777, but should have 2775 Warning: /data/www/Lychee/public/uploads/tracks has permissions 0777, but should have 2775 Warning: /data/www/Lychee/public/uploads/thumb has permissions 0775, but should have 2775 Warning: /data/www/Lychee/public/uploads/import has permissions 0775, but should have 2775 Warning: /data/www/Lychee/public/uploads/small2x has permissions 0775, but should have 2775 给权限即可 chown -R 2775 /data/www/Lychee/public/uploads/ chown -R 2775 /data/www/Lychee/public/uploads/tracks chown -R 2775 /data/www/Lychee/public/uploads/thumb chown -R 2775 /data/www/Lychee/public/uploads/import chown -R 2775 /data/www/Lychee/public/uploads/small2x chown -R 0777 /data/www/Lychee/.git 不过有小问题 不能上传图片,报错:`unable to create temporary file`。将测试机`/var/www/Lychee`中的文件打包,并上传至生产机,正常运行。 测试机和生产机搭建运行的命令完全相同,仅文件存放路径不同。可能`var`目录有特殊加成吧。 PS20230426:问题找到了,从4.7.2升到4.7.3后也出现此问题,看文档后一一排查发现:web和PHP用户www-data对storage的使用权限不足。`chown -R www-data:www-data pathto/storage/` ##6.2 不能上传视频 报错:server error 查看网页端日志显示 file_exists(): open_basedir restriction in effect. File(/usr/bin/ffprobe) is not within the allowed path(s): (/data/www/Lychee/:/tmp/:/proc/) App\Metadata\Extractor::createFromFile:98 file_exists(): open_basedir restriction in effect. File(/usr/bin/ffprobe) is not within the allowed path(s): (/data/www/Lychee/:/tmp/:/proc/); caused by 经搜索得知为php.ini中open_basedir的问题 open_basedir = /usr/bin/ffprobe:/data/www/Lychee/:/tmp/:/proc 给予权限,并将其加入到nginx.conf中。具体有何风险,不懂,先这样用吧。 fastcgi_param PHP_VALUE "open_basedir=/usr/bin/ffprobe:/data/www/Lychee/:/tmp/:/proc/"; 参考:[FFMpeg/FFProbe 无法加载二进制文件](https://community.fly.io/t/ffmpeg-ffprobe-cannot-load-binaries-unable-to-load-ffprobe/11738 "FFMpeg/FFProbe 无法加载二进制文件") 标签: PHP, nginx, lychee, php8.2, mariadb, mysql