[Tuto]Hébergez vos images : "L.U.T.Im".
L.U.T.Im est l'acronyme de : "Let's Upload That Image!" Il permet d'héberger/partager rapidement des images.
Développé par Luc Didry, plume de
Fiat Tux, ce logiciel s'inscrit dans l'esprit des logiciels libres estampillés
"Framasoft".
Si vous souhaitez en savoir davantage, vous pouvez vous rendre sur son GitLab,
ici.
Entrons dans le vif du sujet et rendons
LUTIm accessible par un sous-domaine. Nous partons du principe que vous avez un environnement
LEMP fonctionnel sous
Debian 8 "Jessie".
1°) Mise à jour du système :
apt-get update && apt-get dist-upgrade
2°) Installation des dépendances : "Carton" :
Carton permet de gérer l'installation des dépendances
PERL. Nous allons utiliser
CPAN pour l'installer, les paquets officiels étant caducs selon l'auteur.
cpan Carton
Et on ajoute aussi :
apt-get install libssl-dev shared-mime-info
3°) Installation de "LUTIm":
cd /var/www
git clone https://git.framasoft.org/luc/lutim.git
chown -R www-data:www-data lutim
cd lutim
carton install
cp lutim.conf.template lutim.conf
4°) Configuration de "LUTIm":
Je mets ici ma configuration, en relation avec mes besoins et ma configuration actuelle. Libre à vous de l'adapter en conséquence. Aussi, le fichier de conf étant assez commenté, soyez attentifs à chaque ligne, que ce soit pour valider/invalider un paramètre et/ou pour chercher un explication relative.
nano lutim.conf
# vim:set sw=4 ts=4 sts=4 ft=perl expandtab:
{
####################
# Hypnotoad settings
####################
# see http://mojolicio.us/perldoc/Mojo/Server/Hypnotoad for a full list of settings
hypnotoad => {
# array of IP addresses and ports you want to listen to
listen => ['http://127.0.0.1:8181'],
},
################
# Lutim settings
################
# put a way to contact you here and uncomment it
# mandatory
contact => 'contact@mondomaine.net',
# random string used to encrypt cookies
# mandatory
secrets => ['dmjamzdijzmoj'],
# length of the images random URL
# optional, default is 8
length => 8,
# length of the encryption key
# optional, default is 8
crypto_key_length => 8,
# how many URLs will be provisioned in a batch ?
# optional, default is 5
provis_step => 5,
# max number of URLs to be provisioned
# optional, default is 100
provisioning => 100,
# anti-flood protection delay, in seconds
# users won't be able to ask Lutim to download images more than one per anti_flood_delay seconds
# optional, default is 5
anti_flood_delay => 5,
# twitter account which will appear on twitter cards
# see https://dev.twitter.com/docs/cards/validation/validator to register your Lutim instance on twitter
# optional, default is @framasky
#tweet_card_via => '@framasky',
# max image size, in octets
# you can write it 10*1024*1024
# optional, default is 10485760
max_file_size => 10000000000,
# if you want to have piwik statistics, provide a piwik image tracker
# only the image tracker is allowed, no javascript
# optional, no default
#piwik_img => 'https://piwik.example.org/piwik.php?idsite=1&rec=1',
# if you want to include something in the right of the screen, put it here
# here's an exemple to put the logo of your hoster
# optional, no default
#hosted_by => 'My super hoster <img src="http://hoster.example.com" alt="Hoster logo">',
# DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED DEPRECATED
# Lutim now checks if the X-Forwarded-Proto header is present and equal to https.
# set to 1 if you use Lutim behind a secure web server
# optional, default is 0
#https => 0,
# broadcast_message which will displayed on all pages of Lutim (but no in json response)
# optional, no default
#broadcast_message => 'Maintenance',
# array of authorized domains for API calls.
# if you want to authorize everyone to use the API: ['*']
# optional, no domains allowed by default
#allowed_domains => ['http://1.example.com', 'http://2.example.com'],
# default time limit for files
# valid values are 0, 1, 7, 30 and 365
# optional, default is 0 (no limit)
default_delay => 1,
# number of days after which the images will be deleted, even if they were uploaded with "no delay" (or value superior to max_delay)
# a warning message will be displayed on homepage
# optional, default is 0 (no limit)
max_delay => 0,
# if set to 1, all the images will be encrypted and the encryption option will no be displayed
# optional, default is 0
always_encrypt => 1,
# length of the image's delete token
# optional, default is 24
token_length => 24,
# URL sub-directory in which you want Lutim to be accessible
# example: you want to have Lutim under https://example.org/lutim/
# => set prefix to '/lutim' or to '/lutim/', it doesn't matter
# optional, defaut is /
#prefix => '/',
# define a path to the SQLite database
# you can define it relative to lutim directory or set an absolute path
# remember that it has to be in a directory writable by Lutim user
# optional, default is lutim.db
#db_path => 'lutim.db',
##########################
# Lutim cron jobs settings
##########################
# number of days shown in /stats page (used with script/lutim cron stats)
# optional, default is 365
stats_day_num => 365,
# number of days senders' IP addresses are kept in database
# after that delay, they will be deleted from database (used with script/lutim cron cleanbdd)
# optional, default is 365
keep_ip_during => 365,
# max size of the files directory, in octets
# used by script/lutim cron watch to trigger an action
# optional, no default
#max_total_size => 10*1024*1024*1024,
# default action when files directory is over max_total_size (used with script/lutim cron watch)
# valid values are 'warn', 'stop-upload' and 'delete'
# please, see readme
# optional, default is 'warn'
policy_when_full => 'warn',
# images which are not viewed since delete_no_longer_viewed_files days will be deleted by the cron cleanfiles task
# if delete_no_longer_viewed_files is not set, the no longer viewed files will NOT be deleted
# optional, no default
delete_no_longer_viewed_files => 90
};
5°) Migration du service vers systemd :
cp utilities/lutim.service /etc/systemd/system/
On édite le fichier :
nano /etc/systemd/system/lutim.service
Pour s'assurer qu'il ressemble à celui-ci :
[Unit]
Description=Image hosting and sharing service
Documentation=https://git.framasoft.org/luc/lutim
Requires=network.target
After=network.target
[Service]
Type=forking
User=www-data
RemainAfterExit=yes
WorkingDirectory=/var/www/lutim/
PIDFile=/var/www/lutim/script/hypnotoad.pid
ExecStart=/usr/local/bin/carton exec hypnotoad script/lutim
ExecStop=/usr/local/bin/carton exec hypnotoad -s script/lutim
ExecReload=/usr/local/bin/carton exec hypnotoad script/lutim
[Install]
WantedBy=multi-user.target
Puis :
systemctl daemon-reload
Et on lance
LUTIm :
systemctl enable lutim.service
systemctl start lutim.service
Pensez à regarder vos logs si vous rencontrez des erreurs :
journalctl -xn
Ou mieux encore :
systemctl status lutim.service -l
IMPORTANT : Quand vous modifiez le fichier de *.conf de lutim (/var/www/lutim/lutim.conf), il vous faudra à chaque fois relancer LUTIm comme suit :
systemctl restart lutim.service
6°) Configuration du vhost Nginx en sous-domaine :
Cette configuration est bien entendu à adapter, la version de nginx utilisée ici étant la 1.9.5 (support http/2). Vous pouvez également vous référer au vhost proposé par l'auteur.
nano /etc/nginx/sites-enabled/lutim.conf
server {
listen 80;
server_name lutim.domain.tld;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name lutim.domain.tld;
root /var/www/lutim/public/;
access_log /var/log/nginx/lutim.access.log;
error_log /var/log/nginx/lutim.error.log;
ssl_certificate /etc/ssl/nginx/lutim.domain.tld.crt-unified;
ssl_certificate_key /etc/ssl/nginx/server-lutim.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:AES128+EECDH:AES256+EECDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options "nosniff";
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
client_max_body_size 10G;
location ~* ^/(img|css|font|js)/ {
try_files $uri @lutim;
add_header Expires "Thu, 31 Dec 2037 23:55:55 GMT";
add_header Cache-Control "public, max-age=315360000";
# HTTPS only header, improves security
add_header Strict-Transport-Security "max-age=15768000";
}
location / {
try_files $uri @lutim;
# HTTPS only header, improves security
add_header Strict-Transport-Security "max-age=15768000";
}
location @lutim {
# Adapt this to your configuration
# My advice: put a varnish between nginx and Lutim, it's really useful when images are widely viewed
proxy_pass [url]http://127.0.0.1:8181[/url];
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# If you want to log the remote port of the image senders, you'll need that
proxy_set_header X-Remote-Port $remote_port;
proxy_set_header X-Forwarded-Proto $scheme;
# We expect the downsteam servers to redirect to the right hostname, so don't do any rewrites here.
proxy_redirect off;
}
}
La variable suivante :
client_max_body_size 10G;
Doit être en cohérence avec celle définit dans votre lutim.conf. Également, ajouté à cela, un php.ini (/etc/php5/fpm/php.ini)
correctement renseigné, notamment aux niveaux des valeurs : "upload_max_filesize" et "post_max_size".
On redémarre nginx pour prendre en compte les modifications :
systemctl restart nginx.service
6°) Mise à jour de LUTIm :
Pour mettre à jour LUTim, procédez comme suit :
cd /var/www/lutim
git pull
carton install
carton exec hypnotoad /var/www/lutim/script/lutim
systemctl restart lutim.service
Vous devriez pouvoir à présent vous rendre sur votre sous-domaine pour profiter de
LUTIm!
Si vous avez des questions, des suggestions, n'hésitez pas à m'en faire part sur le
sujet de discussion.