diff --git a/pages/02.linux/16.kavita/default.en.md b/pages/02.linux/16.kavita/default.en.md new file mode 100644 index 0000000..9c20757 --- /dev/null +++ b/pages/02.linux/16.kavita/default.en.md @@ -0,0 +1,71 @@ +--- +title: Kavita +--- + +## Create directories +`# mkdir -p /var/kavita/{config,content}` +`# mkdir -p /var/kavita/content/{manga,books,tech}` + +## Run Kavita +``` +# podman run --name kavita -p 5000:5000 \ + -v /var/kavita/content:/content \ + -v /var/kavita/config:/kavita/config \ + --restart unless-stopped \ + -d docker.io/kizaing/kavita:latest +``` + +## Nginx Config +``` +server { + server_name kavita.exu.li; + + # Security / XSS Mitigation Headers + add_header X-Frame-Options "SAMEORIGIN"; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Content-Type-Options "nosniff"; + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; + + location / { + # Proxy main traffic + proxy_pass http://172.16.53.100:5000; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Protocol $scheme; + proxy_set_header X-Forwarded-Host $http_host; + } + + listen *:443 ssl http2; #set ipv6 address + ssl_certificate_key /etc/acme-sh/kavita.exu.li/key.pem; + ssl_certificate /etc/acme-sh/kavita.exu.li/cert.pem; +} + +server { + if ($host = kavita.exu.li) { + return 301 https://$host$request_uri; + } + + listen *:80; #set ipv6 address + server_name kavita.exu.li; + return 404; +} +``` + +## Systemd Service +*don't do this, use [Podman](/linux/services/podman) to generate a service file.* +`/etc/systemd/system/kavita.service` +``` +[Unit] +Description=Kavita Podman container +[Service] +Restart=always +ExecStart=/usr/bin/podman start -a kavita +ExecStop=/usr/bin/podman stop -t 10 kavita +[Install] +WantedBy=multi-user.target +``` + +`# systemctl daemon-reload` +`# systemctl enable --now kavita` \ No newline at end of file