diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/migrating.md | 17 | ||||
| -rw-r--r-- | docs/nginx.md | 67 |
2 files changed, 84 insertions, 0 deletions
diff --git a/docs/migrating.md b/docs/migrating.md new file mode 100644 index 0000000..f461c98 --- /dev/null +++ b/docs/migrating.md @@ -0,0 +1,17 @@ +### Migrate from v3 to v4 +This version introduces a few breaking changes and updating requires some manual work. +For starters we recommend cloning the new version somewhere else instead of `git pull` on your v3 version. + +- After cloning move your `uploads` folder from the v3 folder to the new v4 folder. +- Then copy your `database/db` file from your v3 folder to the root of your v4 folder. +- You then need to run `yarn setup` or `npm start setup` from the v4 folder and finish the setup process. +- Once that's done you need to manually run `node src/api/databaseMigration.js` from the root folder of v4. +- This will migrate the v3 database to v4 and regenerate every single thumbnail in webp to save bandwidth. +- After the migration finishes, the last step is to update your nginx config with the [newly provided script](./nginx.md). +- Restart nginx with `sudo nginx -s reload`. +- And lastly start your chibisafe instance with `pm2 start pm2.json`. + +### Breaking changes +- If you are using the chibisafe extension from one of the stores, the new version has been submitted already. You can also load the unpacked extension by cloning [this repo](https://github.com/WeebDev/chibisafe-extension). +- The chibisafe browser extension needs your new token. Instead of pasting your jwt token into it like before, you need to log in to chibisafe, go to your user settings and generate an `API KEY`, which you will use to access the service from 3rd party apps like the browser extension, ShareX, etc. +- To upload a file to an album directly users used to use the endpoint `/api/upload/${albumId}`. This is no longer the case. To upload directly to an album now it's necessary to pass a header called `albumid` with an integer as the value of the album to which you want to upload the file to. diff --git a/docs/nginx.md b/docs/nginx.md new file mode 100644 index 0000000..bdf1112 --- /dev/null +++ b/docs/nginx.md @@ -0,0 +1,67 @@ +### Nginx config for SSL +Make sure that: +- `backend` port matches your wizard config +- `client_max_body_size` matches your wizard config +- You replace `your.domain` where pertinent + + +```nginx +upstream backend { + server 127.0.0.1:5000; +} + +server { + listen 80; + listen [::]:80; + server_name your.domain; + + return 301 https://$server_name$request_uri; +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + + server_name your.domain; + + ssl_certificate /path/to/certificate.pem; + ssl_certificate_key /path/to/certificate.key; + ssl_trusted_certificate /path/to/certificate.pem; + + access_log /var/log/nginx/your.domain.access.log; + error_log /var/log/nginx/your.domain.error.log; + + # Security + ssl_session_timeout 1d; + ssl_session_cache shared:SSL:50m; + ssl_session_tickets off; + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; + ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128- + GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SH + A:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM + -SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; + ssl_prefer_server_ciphers on; + add_header X-XSS-Protection "1; mode=block"; + ssl_stapling on; + ssl_stapling_verify on; + resolver 8.8.8.8 8.8.4.4 valid=300s; + resolver_timeout 5s; + + client_max_body_size 90M; + client_body_timeout 600s; + + location / { + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $http_host; + proxy_set_header X-NginX-Proxy true; + proxy_pass http://backend; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_redirect off; + proxy_set_header X-Forwarded-Proto $scheme; + } +} +``` |