Skip to content

Gemorroj/wapinet

BranchesTags

Repository files navigation

Сайт wapinet.ru

Лицензия GPL v3
Используются:
  • Symfony 8.0
  • Jquery Mobile
  • PHP 8.5
  • MySQL 8.0
  • Manticore
  • 7zip
  • ffmpeg
  • systemd

Базовая установка (актуально для Ubuntu 24.04)

apt update && sudo apt dist-upgrade && sudo apt autoremove --purge
apt install software-properties-common
add-apt-repository ppa:ondrej/php
curl -o /etc/apt/trusted.gpg.d/angie-signing.gpg https://angie.software/keys/angie-signing.gpg
echo "deb https://download.angie.software/angie/$(. /etc/os-release && echo "$ID/$VERSION_ID $VERSION_CODENAME") main" | sudo tee /etc/apt/sources.list.d/angie.list > /dev/null
apt update && apt dist-upgrade
hostnamectl set-hostname wapinet.ru
timedatectl set-timezone UTC

# edit /etc/hosts to associate domain to ip address without dns requests. see https://www.linode.com/docs/guides/getting-started/#update-your-systems-hosts-file
# edit /etc/ssh/sshd_config - set `Port 2200`
# edit /root/.ssh/authorized_keys - add public key
reboot
apt install htop mc git unzip
apt install mysql-client mysql-server
apt install angie
systemctl enable angie
apt install php8.5-fpm php8.5-curl php8.5-gd php8.5-intl php8.5-mbstring php8.5-mysql php8.5-xml php8.5-zip php8.5-apcu

mysql_secure_installation
echo '[mysqld]
skip-log-bin
skip-external-locking
skip-name-resolve

transaction_write_set_extraction=OFF

innodb_file_per_table=1
max_connections=50
innodb_flush_log_at_trx_commit=2
innodb_buffer_pool_size=512M
innodb_buffer_pool_instances=1
innodb_log_file_size=76M
key_buffer_size=0
innodb_flush_method = O_DIRECT


table_open_cache=2000
tmp_table_size=76M
max_heap_table_size=76M
join_buffer_size = 2M

innodb_fast_shutdown = 0
' > /etc/mysql/mysql.conf.d/z_wapinet.cnf

# manticore
apt install default-libmysqlclient-dev
curl -O -L https://repo.manticoresearch.com/manticore-repo.noarch.deb
dpkg -i manticore-repo.noarch.deb
rm manticore-repo.noarch.deb
apt install manticore manticore-extra
systemctl enable manticore

echo 'common {
    plugin_dir = /usr/local/lib/manticore
}
indexer
{
    mem_limit = 128M
}
searchd
{
    # listen = localhost:9312
    listen = localhost:9306:mysql
    # listen = localhost:9308:http
    log = /var/log/manticore/searchd.log
    query_log = /var/log/manticore/query.log
    query_log_format = sphinxql
    pid_file = /run/manticore/searchd.pid
    # data_dir = /var/lib/manticore
    binlog_path = # disable logging

    qcache_max_bytes = 32M
    qcache_thresh_msec = 1000
    qcache_ttl_sec = 600
    max_children = 50
    max_packet_size = 32M
    read_timeout = 10
    client_timeout = 30
    predicted_time_costs = doc=0.1, hit=0.01, skip=0.001, match=0.001
}

source config
{
    type = mysql
    sql_host = localhost
    sql_user = wapinet
    sql_pass = password
    sql_db = wapinet
    sql_port = 3306
    sql_query_pre = SET NAMES utf8mb4
}

source files:config
{
    sql_query = \
        SELECT f.id, \
        f.description, \
        f.original_file_name, \
        UNIX_TIMESTAMP(f.created_at) AS created_at_ts, \
        ( \
            SELECT GROUP_CONCAT(t.name SEPARATOR " ") \
            FROM tag AS t \
            WHERE t.id IN(SELECT file_tags.tag_id FROM file_tags WHERE file_tags.file_id = f.id) \
        ) AS tag_name \
        FROM file AS f \
        WHERE f.password IS NULL \
        AND f.hidden = 0

    sql_field_string = description
    sql_field_string = original_file_name
    sql_field_string = tag_name
    sql_attr_timestamp = created_at_ts
}

index files
{
    type = plain
    source = files
    path = /var/lib/manticore/files
    morphology = stem_ru, stem_en, soundex
    html_strip = 0
    min_infix_len = 3
    min_word_len = 2
    expand_keywords = 1
    index_exact_words = 1
    charset_table = 0..9, english, russian, _
}

source users:config
{
    sql_query = \
        SELECT u.id, \
        u.username, \
        u.email, \
        u.info \
        FROM user AS u \
        WHERE u.enabled = 1

    sql_field_string = username
    sql_field_string = email
    sql_field_string = info
}

index users
{
    type = plain
    source = users
    path = /var/lib/manticore/users
    morphology = stem_ru, stem_en, soundex
    html_strip = 0
    min_infix_len = 3
    min_word_len = 2
    expand_keywords = 1
    index_exact_words = 1
    charset_table = 0..9, english, russian, _
}

source gist:config
{
    sql_query = \
        SELECT g.id, \
        g.subject, \
        g.body, \
        UNIX_TIMESTAMP(g.created_at) AS created_at_ts \
        FROM gist AS g

    sql_field_string = subject
    sql_field_string = body
    sql_attr_timestamp = created_at_ts
}

index gist
{
    type = plain
    source = gist
    path = /var/lib/manticore/gist
    morphology = stem_ru, stem_en, soundex
    html_strip = 0
    min_infix_len = 3
    min_word_len = 2
    expand_keywords = 1
    index_exact_words = 1
    charset_table = 0..9, english, russian, _
}' > /etc/manticoresearch/manticore.conf

echo '0 * * * * manticore indexer --rotate --all' > /etc/cron.d/manticore


# composer
cd /var/www
curl -L -o composer.phar https://getcomposer.org/download/latest-stable/composer.phar
chmod 755 composer.phar

# geoip database
cd /var/www
curl -L -o GeoLite2-Country.mmdb https://github.com/P3TERX/GeoLite.mmdb/raw/download/GeoLite2-Country.mmdb

# 7zip
cd /opt
mkdir 7z2600-linux-x64
cd /opt/7z2600-linux-x64
curl -O -L https://7-zip.org/a/7z2600-linux-x64.tar.xz
tar xJvf 7z2600-linux-x64.tar.xz
rm -f 7z2600-linux-x64.tar.xz
/opt/7z2600-linux-x64/7zz i

# ffmpeg - https://ubuntuhandbook.org/index.php/2024/04/ffmpeg-7-0-ppa-ubuntu/
add-apt-repository ppa:ubuntuhandbook1/ffmpeg8
apt install ffmpeg
# edit /etc/php/8.5/fpm/php.ini & /etc/php/8.5/cli/php.ini
# cgi.fix_pathinfo=0
# memory_limit = 256M
# date.timezone = "UTC"
# post_max_size = 50M
# upload_max_filesize = 50M
# opcache.enable=1
# opcache.enable_cli=1
# opcache.memory_consumption=256
# opcache.interned_strings_buffer=18
# opcache.max_accelerated_files=100000
# opcache.validate_timestamps=0
# [apcu]
# apc.shm_size=64M
# apc.enabled = on
# apc.enable_cli = off

# edit /etc/php/8.5/fpm/pool.d/www.conf
# listen.allowed_clients = 127.0.0.1
# pm.status_path = /statusfpm
# listen = /run/php/php8.5-fpm.sock
# edit pm.* settings for performance

# edit /etc/angie/angie.conf
# user  www-data;
# server_tokens off;
# gzip  on;
# gzip_comp_level 2;
# gzip_min_length 40;
# gzip_types text/css text/plain application/json text/javascript application/javascript text/xml application/xml application/xml+rss application/x-font-ttf application/x-font-opentype application/vnd.ms-fontobject image/svg+xml image/x-icon font/ttf font/opentype;
# resolver 127.0.0.53;
# acme_client wapinet_acme_client https://acme-v02.api.letsencrypt.org/directory;
#
#    limit_conn_zone $binary_remote_addr zone=perip:10m;
#    limit_req_zone $binary_remote_addr zone=php_requests:10m rate=10r/s;
#
# server {
#     charset utf-8;
#     listen 80;
#     server_name  localhost;
#     access_log off;
# 
# 	location = /statusfpm {
# 		fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
# 		include fastcgi_params;
# 		fastcgi_pass unix:/run/php/php8.5-fpm.sock;
# 		allow 127.0.0.1;
# 		deny  all;
#     }
#     location /status/ {
#         api /status/;
#         allow 127.0.0.1;
#         deny  all;
# 	}
# }
server {
    listen 80;
    listen [::]:80;

    server_name wapinet.ru www.wapinet.ru;
	return 301 https://$server_name$request_uri;
}

server {
    if ($request_uri ~ "/forum/(.*)") {
        return 301 https://forum.$server_name/$1;
    }

    location ~ /\. {
        deny all;
    }

    ssl_protocols TLSv1.2 TLSv1.3;
    acme wapinet_acme_client;
    ssl_certificate $acme_cert_wapinet_acme_client;
    ssl_certificate_key $acme_cert_key_wapinet_acme_client;
    ssl_session_timeout 1h;
    ssl_session_cache shared:SSL:10m;

    charset utf-8;
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
    client_max_body_size 50m;

    server_name wapinet.ru www.wapinet.ru;
    root /var/www/wapinet/public;

    error_log /var/log/angie/wapinet.error.log;
    access_log /var/log/angie/wapinet.access.log;

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
    add_header X-Frame-Options "DENY";
    add_header X-Content-Type-Options nosniff;

    # Кэширование
    location = /favicon.ico {
        access_log off;
        expires 30d;
    }
    location = /robots.txt {
        access_log off;
        expires 30d;
    }
    location = /apple-touch-icon.png {
        access_log off;
        expires 30d;
    }
    location /bundles/ {
        access_log off;
        expires 30d;
    }
    location /build/ {
        access_log off;
        expires 30d;
    }
    location /media/ {
        access_log off;
        expires 30d;

        try_files $uri /index.php$is_args$args;
    }
    location ~ ^/static/ {
        # Скачивание всех файлов (в т.ч. и txt, html и проч. в обменнике), чтобы потенциальный html/js код не выполнился в браузере
        add_header Content-Disposition "attachment";
        access_log off;
        expires 30d;
    }


    location / {
        # try to serve file directly, fallback to index.php
        try_files $uri /index.php$is_args$args;
    }

    location ~ ^/index\.php(/|$) {
        limit_conn perip 15;
        limit_req zone=php_requests burst=20 nodelay;
        limit_req_status 429;

        fastcgi_pass unix:/run/php/php8.5-fpm.sock;
        fastcgi_split_path_info ^(.+
        }\.php)(/.*)$;
        include fastcgi_params;
       # When you are using symlinks to link the document root to the
       # current version of your application, you should pass the real
       # application path instead of the path to the symlink to PHP
       # FPM.
       # Otherwise, PHP OPcache may not properly detect changes to
       # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
       # for more information).
       fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
       fastcgi_param DOCUMENT_ROOT $realpath_root;
       # Prevents URIs that include the front controller. This will 404:
       # http://domain.tld/index.php/some-path
       # Remove the internal directive to allow URIs like this
       internal;
   }

    #location ~ \.php$ {
    #    return 404;
    #}
}' > /etc/angie/http.d/wapinet.ru.conf

СУБД

mysql -u root -p
CREATE USER 'wapinet'@'localhost' IDENTIFIED BY 'password';
GRANT ALL ON wapinet.* TO 'wapinet'@'localhost';
GRANT SELECT ON forum.* TO 'wapinet'@'localhost';
quit
mysql -u wapinet -p wapinet < wapinet.sql

Установка сайта

cd /var/www
git clone https://github.com/Gemorroj/wapinet.git
cd wapinet
cp .env.dist .env
# edit .env
../composer.phar install --no-dev --optimize-autoloader --apcu-autoloader
rm -rf ./var/cache/*
rm -rf ./var/log/*
rm -rf ./var/tmp/*
service php-fpm restart

cp bin/messenger/messenger.service.dist bin/messenger/messenger.service
cp bin/messenger/scheduler.service.dist bin/messenger/scheduler.service
# edit bin/messenger/messenger.service
# edit bin/messenger/scheduler.service
ln -s /var/www/wapinet/bin/messenger/messenger.service /etc/systemd/system/messenger.service
ln -s /var/www/wapinet/bin/messenger/scheduler.service /etc/systemd/system/scheduler.service
systemctl daemon-reload
systemctl enable messenger
systemctl enable scheduler

chmod 777 ./var/log
chmod 777 ./var/tmp
chmod 777 ./var/cache
chmod 777 ./public/media/cache/resolve/thumbnail/static
chmod 777 ./public/media/cache/thumbnail/static
chmod 777 ./public/static/file

TODO:

About

wapinet.ru

Resources

Readme

License

GPL-3.0 license
Activity

Stars

8 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages