# Very Simple PHP Gallery

This is a very simple PHP based image Gallery. It takes all images from one or (or potentially multiple) directories and presents them as a simple web gallery. It will autogenerate thumbnails for the gallery overview and also do variable pagination. There are some simple keyboard shortcuts as well.

DISCLAIMER: This was just quickly hacked together, it might not be up to any quality or security standards. Use at your own risk, especially if exposed to the internet unprotected.

# Running it

Copy conf/config.sample.php to config.php and edit accordingly.

A webserver with PHP (tested with 7.4 and 8.0) support and the php-gd and php-exif extensions (for image thumbnails) and installed ffmpeg (for video thumbnails) is required. An example config for nginx with php-fpm might look something like this:

    worker_processes  4;

    events {
        worker_connections  256;
    }


    http {
      include       mime.types;
      default_type  application/octet-stream;

      access_log    /var/log/nginx/access.log;
      error_log     /var/log/nginx/error.log info;

      sendfile        on;
      keepalive_timeout  65;

      upstream php-default-handler {
        server unix:/run/php-fpm7/php-fpm.sock;
      }

      server {
        listen 80;
        listen [::]:80;
        server_name gallery.example.com;

        fastcgi_buffers 64 4K;

        gzip on;
        gzip_vary on;
        gzip_comp_level 4;
        gzip_min_length 256;
        gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
        gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;

        add_header Referrer-Policy                      "no-referrer"   always;
        add_header X-Content-Type-Options               "nosniff"       always;
        add_header X-Download-Options                   "noopen"        always;
        add_header X-Frame-Options                      "SAMEORIGIN"    always;
        add_header X-Permitted-Cross-Domain-Policies    "none"          always;
        add_header X-Robots-Tag                         "none"          always;
        add_header X-XSS-Protection                     "1; mode=block" always;

        fastcgi_hide_header X-Powered-By;

        root /var/www/gallery;

        auth_basic           'Picture Gallery';
        auth_basic_user_file /etc/nginx/gallery.users;

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location ~ ^/(?:lib|conf|tpl|cache)(?:$|/)  { return 404; }

        location ~ \.php(?:$|/) {
            fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            set $path_info $fastcgi_path_info;

            try_files $fastcgi_script_name =404;

            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $path_info;
            fastcgi_param HTTPS on;

            fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
            fastcgi_param front_controller_active true;     # Enable pretty urls
            fastcgi_pass php-default-handler;

            fastcgi_intercept_errors on;
            fastcgi_read_timeout 300s;
            fastcgi_request_buffering off;
        }

        location ^~ /images {
          alias /path/to/imagedir;
        }

        location ^~ /thumbs {
          alias /path/to/thumbnail/cache;
        }

        location ~ \.(?:css|js|jpeg|png|jpg|webm|webp|gif)$ {
            expires 6M;
        }

        location / {
          index index.php;
        }
      }
    }