From 56b5221c732b27d25ea7a13fa7fc1ed18e5e87be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 8 Mar 2023 19:03:14 +0100 Subject: [PATCH] Fix --- conf/.env.example | 52 +++++++++++++++++++++++++++++++++++------------ conf/nginx.conf | 2 +- scripts/install | 3 +-- 3 files changed, 41 insertions(+), 16 deletions(-) diff --git a/conf/.env.example b/conf/.env.example index 4265b91..52aede9 100644 --- a/conf/.env.example +++ b/conf/.env.example @@ -28,23 +28,47 @@ DB_USERNAME=__DB_USER__ DB_PASSWORD=__DB_PWD__ DB_LOG_SQL=false +# List foreign keys in diagnostic page +DB_LIST_FOREIGN_KEYS=true + +# Application timezone. If not specified, the server's default timezone is used. +# Requires a named timezone identifier. +# See https://www.php.net/manual/en/timezones.php for the list of supported timezones. +# Don't use a timezone offset (like +01:00) or a timezone abbreviation (like CEST) TIMEZONE=__TIMEZONE__ +# Visibility of directories and (media) files in LYCHEE_UPLOADS +# Possible values are: +# +# - private: world group has neither read nor write access +# - public: world group has read access but no write access (the default) +# - world: world group has read and write access +# +# The default should suffice for most installations. +# For improved security, change this setting to "private". +# Some rare setups may require directories and files to be world writeable. +# In this case, use "world" here. +# USE WITH PRECAUTIONS: world writeable files and folders may be a SECURITY RISK. +LYCHEE_IMAGE_VISIBILITY=public + # folders in which the files will be stored -LYCHEE_DIST="__INSTALL_DIR__/public/dist/" LYCHEE_UPLOADS="__DATA_DIR__/uploads/" - +LYCHEE_DIST="__INSTALL_DIR__/public/dist/" +# LYCHEE_SYM="/var/www/html/Lychee-Laravel/public/sym/" # url to access those files -# LYCHEE_DIST_URL="dist/" # LYCHEE_UPLOADS_URL="uploads/" +# LYCHEE_DIST_URL="dist/" +# LYCHEE_SYM_URL="sym/" + +# Support for token based authentication used by API requests. Enabled by default. +ENABLE_TOKEN_AUTH=false -BROADCAST_DRIVER=log CACHE_DRIVER=file SESSION_DRIVER=file SESSION_LIFETIME=120 -QUEUE_DRIVER=sync SECURITY_HEADER_HSTS_ENABLE=false +SESSION_SECURE_COOKIE=false REDIS_HOST=127.0.0.1 REDIS_PASSWORD=null @@ -56,13 +80,15 @@ MAIL_PORT= MAIL_USERNAME= MAIL_PASSWORD= MAIL_ENCRYPTION= +MAIL_FROM_NAME= +MAIL_FROM_ADDRESS= -PUSHER_APP_ID= -PUSHER_APP_KEY= -PUSHER_APP_SECRET= -PUSHER_APP_CLUSTER=mt1 +# The trusted proxies if Lychee is behind a reverse proxy +# Accepted values: +# - `null`: no proxy +# - `*`: any proxy +# - [,]: a comma-seperated list of IP addresses +TRUSTED_PROXIES=null -MIX_PUSHER_APP_KEY="${PUSHER_APP_KEY}" -MIX_PUSHER_APP_CLUSTER="${PUSHER_APP_CLUSTER}" - -ENABLE_TOKEN_AUTH=false +# Comma-separated list of class names of diagnostics checks that should be skipped. +#SKIP_DIAGNOSTICS_CHECKS= diff --git a/conf/nginx.conf b/conf/nginx.conf index ece5e5f..5570236 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -26,7 +26,7 @@ location ^~ __PATH__/ { } location __PATH__/uploads/ { - alias __DATA_DIR__/uploads/ ; + alias __DATA_DIR__/uploads/; } # Include SSOWAT user panel. diff --git a/scripts/install b/scripts/install index 7da6032..5241276 100755 --- a/scripts/install +++ b/scripts/install @@ -66,8 +66,7 @@ ynh_script_progression --message="Creating a data directory..." --weight=1 mkdir -p $data_dir/uploads mkdir -p $data_dir/uploads/{big,import,medium,raw,small,thumb} -chmod 775 "$data_dir/uploads/" -chmod 2775 "$data_dir/uploads/import/" +chmod 770 "$data_dir/uploads/" chmod -R o-rwx "$data_dir/uploads/" chown -R $app:$app "$data_dir/uploads/"