Moebooru

Moebooru is a well maintained Danbooru-style image tag system, used by Yande.re, Konachan, and many others. It is written in Ruby, and can be a bit of a challenge to install. Since many other installation guides are insufficient, we've noted down our entire installation and configuration process for Eikonos.

Assumptions
In this guide, we make certain assumptions about your configuration. Your situation may vary.

* www-data - A group used by all webservers. Make sure to add the nginx user to this group!
 * Nginx - The webserver used in this guide. Follow the instructions in that page to install Nginx. Then, you can find some sample Nginx configurations for Moebooru in sections below.
 * user - The unprivileged user that runs this app. After configuration, this will be converted to a nonlogin user.
 * - The home folder of the moebooru user, where the application data will be stored from a.
 * - The location of the UNIX sockets that puma will use. It is probably safer to put it into instead, but it is what it is and we have SELinux policies to account for it.
 * - The public directory will be moved to, and symlinked to . This way, Nginx will not have control over the entire application directory.
 * Make sure to restore this symlink every time an upgrade is run with.

Create Moebooru User
Create a specific non-login daemon user just for moebooru (Though it will have bash shell for setup purposes temporarily).

As root, we also need to move all publicly served assets to.

Setup Postgresql
The examples below use PostgreSQL 9.6, but as of 2017-01-28, Moebooru just needs greater than 9.4.

Debian: (Alternatively, you can get it from jessie-backports and newer)

RHEL/CentOS:

is required for libpq-ruby to build.

Now log in and create the moebooru database and user with createdb permissions: (make sure to give it a very good password!)

Finally, edit from  to  (except for the UNIX socket line) to allow users to log in using a password (required by moebooru's config), it should look like the following:

Once you have this file edited as seen above, restart postgresql.

sudo systemctl restart postgresql-9.6

Install Nodejs
NodeJS is necessary for the frontend. You should obtain the latest version, 7.x: by following these guides for your distro.

Setup Ruby
For most small sites, Ruby 2.3 and higher with the Unicorn server is sufficient.

A site with heavier traffic may find it helpful to use Rubinius with the Puma server make better use of concurrent multithreading, but this may require compilation.

Method 1: Set up Normal Ruby 2.3 or newer
Most distros have an outdated version of Ruby, so you must set up repositories from the official developers:


 * Debian: Brightbox PPA - Ruby 2.3
 * RHEL/CentOS: RHSCL - Ruby 2.3

Method 2: Installing Rubinius Binaries with chruby
Rubinius is particularly tough to compile, and as of 2017-01-28 we have not been able to compile it with Debian Jessie. Instead, Rubinius provides Ubuntu 14.04 binaries designed for use with Travis-Cl.

First, download and install chruby as a user with sudo privileges.

Next, log in as the user, download the latest rubinius binaries, and extract them to :

Then, activate chruby with rubinius by adding it to the bashrc.

Finally, log out and log back into the user, and set rubinius 3.70 as the default ruby version.

Method 3: Install Rubinius with RVM
For RVM, just install any ol' ruby 2.x, we won't be using it after the compilation stage. Also install all the build dependencies.

Installation with RVM (RHEL/CentOS)
One special build dependency is llvm-3.6+. Unfortunately, CentOS 7's EPEL repo only has 3.4, so we will need to get the latest build of LLVM from Fedora COPR.

Then just install llvm as normal:

Follow the RVM installation instructions, as replicated below:

Then, log out and log back in to reload bash and make the RVM command work:

Refresh the rvm repos. And since we have already installed dependencies in the sections above, disable the built-in dependency resolver:

Install rubinius. Compilation will take a while.

After installation, choose Rubinius (rbx) as the default ruby version to use.

This will list out various ruby versions.

Finally, log out and log back in, and check your current ruby version to ensure that Rubinius is default.

Now that your ruby type is set up, install bundler.

<!--

Installation (Debian/Ubuntu)
An LLVM version greater than 3.6+ is also required. You can get this in Debian Jessie from backports, or in Ubuntu from normal repositories.

Click Expand to display the commands, which activate 3.8 as the default clang/llvm version.

Source: Github Gist - LLVM-Update-Alternatives

Setup Rubinius with Zonio Repo (RHEL/CentOS)
Currently, just running normal ruby MRI should be sufficient for most tasks, but Rubinius can add significant performance boosts.

First, if you have normal ruby MRI currently installed, you should uninstall it.

Add the Zonio repository to the new file  to add Rubinius:

[zonio] name=Zonio $releasever - $basearch baseurl=https://zonio.net/repos/epel/$releasever/$basearch enabled=1 gpgcheck=1 gpgkey=https://zonio.net/repos/GPG-Key-Zonio priority=5 Then, just install rubinius, and verify that:

sudo yum install rubinius rubinius-devel ruby -v

Finally, log in as the moebooru user and install bundler:

sudo -u moebooru gem install bundler --user-install

Finally, edit moebooru's  and add the correct PATH for your bundler (for example, , may differ with your ruby version)

PATH=$PATH:/home/moe/booru/.gem/rbx/2.2/bin

Notice that you should not install normal ruby MRI afterwards. If you have a good reason to, follow these instructions:

https://zonio.net/rubinius_rpm_packages/ -->

AppArmor (Debian/Ubuntu)
anyone have apparmor profiles?

We may have to create our own through learning mode: http://www.howtogeek.com/118328/how-to-create-apparmor-profiles-to-lock-down-programs-on-ubuntu/

SELinux Permissions (RHEL/CentOS)
If using SELinux (which we highly recommend), you will need the following policies, assuming that everything is installed to :

needed for proxy pass

sudo chcon -Rt httpd_sys_content_t /var/www/ # allow nginx to access folders sudo setsebool httpd_can_network_connect 1 -P # allows reverse proxy sudo setsebool -P httpd_can_network_memcache 1 # allows memcache needed to serve from moebooru user's directory, but only  and   folders

setsebool -P httpd_enable_homedirs 1 sudo semanage fcontext -a -t httpd_sys_content_t '/home/moe/booru/shared(/.*)?' sudo restorecon -R -v /home/moe/booru/shared sudo semanage fcontext -a -t httpd_sys_content_t '/var/www/moebooru/public(/.*)?' sudo restorecon -R -v /var/www/moebooru/public https://www.pckr.co.uk/selinux-nginx-and-reverse-proxying-2/

https://www.digitalocean.com/community/tutorials/an-introduction-to-selinux-on-centos-7-part-2-files-and-processes

The last step is to run the final allows.

sudo grep nginx /var/log/audit/audit.log | audit2allow -M nginx &gt; nginx.te Open up the file and see that it is correct (such that no suspicious rule allows are inside). Then run:

sudo grep nginx /var/log/audit/audit.log | audit2allow -M nginx sudo semodule -i nginx.pp

http://axilleas.me/en/blog/2013/selinux-policy-for-nginx-and-gitlab-unix-socket-in-fedora-19/

Setup Moebooru
Now, conduct the setup and get dependencies.

Dependencies (Debian/Ubuntu)

 * build-essential - a meta-package that installs various tools and libraries necessary for program (mostly C++ and Perl) compilation and interpretation.
 * libxml2 - library that is required for XML support. It is necessary for moebooru’s external API to work.
 * libxslt1 - extension of libxml that allows better xml parsing and converting.
 * libpq-dev - library that is necessary to build postgres connection module for ruby.
 * git - version control system - we will use it for moebooru installation and updating.
 * jhead - image processing tool that extracts EXIF information from image files.
 * libgd2-noxpm - an image processing library.
 * libgs2-noxpm-dev - an extension for compiling GD2 support for applications.
 * imagemagick - collection of tools for image processing

Configure Moebooru
All commands in this section must be run as the user:

First, do a bundle config for pg since we're using a specific postgresql version:

Install the ruby packages for the moebooru user only (under the directory ):

Obtain  and   from the   files, and configure them accordingly. Then set  so only the moebooru user can read the database password.

Generate your secret key, which is used for salts and such.

Edit using your favorite editor (such as nano), and replace  with the password of your database user:

Initialize database with this command (there will be some errors reported with which is normal, proceed)

Then, migrate the database tables.

Now, you need to provide the correct permissions to the public folder:

Start the server: or  if using Rubinius. Note that this will start the server in development mode, which is somewhat slower. See the Production Mode section once you are ready to serve the site.

Customize Header Image and Branding
By default, Moebooru comes with the Yande.re header image and branding, as the site developed the moebooru engine. You should definitely consider removing the original branding unless your site is private.

app/assets/images

public/favicon.ico

Enable Memcached
Memcached is a high performance caching solution and is needed to have Moebooru enumerate posts and create the /posts pagination bar. Follow these instructions to install Memcached. You need at least 2GB free RAM to provide.

Installation (Debian/Ubuntu)
https://kyup.com/tutorials/install-use-memcache/

Installation (RHEL/CentOS)
http://www.liquidweb.com/kb/how-to-install-memcached-on-centos-7/

Configuration
Edit  and set   (2GB RAM) if possible.

Then set memcached to start at every boot:

Config-based Activation
Add these options to the following file. When you start moebooru again, memcached will be active.

ENV-based Memcached Activation
Activate it by appending a bash variable to the puma command:. Here are some examples.

TCP:

UNIX Socket:

SELinux Permissions
You will probably need to allow it through SELinux:

https://major.io/2011/09/07/getting-apache-php-and-memcached-working-with-selinux/

Production Mode
By default, Moebooru runs in development mode, which can be slow (since it's designed to allow debug and automatic recompilation). Here are the steps to set up Production mode.

Preparation
First, you need to create the database, and pregenerate the javascript/css (do this every time you update):

RAILS_ENV=production bundle exec rake db:reset RAILS_ENV=production bundle exec rake assets:precompile Then, you need to provide the correct permissions to the public folder:

chmod 755 /var/www/moebooru/public

Serve static files with Nginx
Create an Nginx config under. Make sure to change the.

Note: If you are using a different port for puma, (by adding  to the serving command), also change the port accordingly below. server { listen 80; server_name booru.eikonos.org; # directory of static assets, first generate with the command: # RAILS_ENV=production bundle exec rake assets:precompile root /var/www/moebooru/public;

try_files $uri/index.html $uri @app;

location @app { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; # Fix the &quot;It appears that your reverse proxy set up is broken&quot; error. proxy_pass http://127.0.0.1:9292; proxy_read_timeout 90; proxy_redirect http://127.0.0.1:9292 http://$server_name; }   error_page 500 502 503 504 /500.html; client_max_body_size 4G; keepalive_timeout 10; }

Run the Server
Finally, to run the server at, for example, port 9292, run one of the following commands:

Ruby:

Rubinius:


 * Source: StackOverflow - Rails 4: assets not loading in production

Serve with UNIX Socks in Production Mode
for even more effectiveness, use a UNIX sock: https://www.digitalocean.com/community/tutorials/how-to-deploy-a-rails-app-with-puma-and-nginx-on-ubuntu-14-04

Figure out the amount of CPU cores you have:

grep -c processor /proc/cpuinfo

Create a folder to store your UNIX sockets and PIDs in:

Create the following folders in your application directory to store logs:

mkdir -p shared/log Place the following into :

Change the Nginx server config to the following:

Finally, to run the server, use the following:

Separate subdomain for images and static content
It's often a better idea to have static content served from another subdomain entirely, where it will be cached for much longer than ever changing text. And sometimes the files could be located on an entirely different server.

Edit your to activate the  and  subdomains.

Then, create these two nginx configs (customize the server_name to your subdomains, must start with and ):

Systemd Service
https://github.com/puma/puma/blob/master/docs/systemd.md

Save this to. There are two versions, one for TCP and one for unix socket. Change the WorkingDirectory accordingly.

UNIX Socket
Two Systemd services are needed: one for the socket and one for the application.

Grab some code from here?

https://github.com/puma/puma/issues/976

SSL Certificates
While this is beyond the scope of this guide, you should strongly consider using SSL certificates, which are now free with Let's Encrypt.

https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-centos-7

Full Backup
PostgreSQL Database (run as moebooru user!):

Images and thumbs and other generated items:

Code only, no binaries or image data:

PostgreSQL database
First, create the user with CreateDB permissions:

then import the sql dump with that user.