<color #22b14c>**Installation of Diaspora* pod on a VM Ubuntu20**</color> {{howhard>4}}
<note important>The installation won't work on a container! \\ Use a VM!</note>

__Sources/tutos:__ https://www.howtoforge.de/anleitung/wie-man-das-dezentrale-social-media-netzwerk-diaspora-auf-debian-10-installiert/ \\
https://angristan.fr/installer-pod-diaspora-debian-ubuntu/ \\
https://wiki.diasporafoundation.org/Installation/Ubuntu/Focal#Configuration

====== Packages ======
<code>$ sudo apt-get install postfix
$ sudo apt-get install build-essential git curl gsfonts imagemagick libmagickwand-dev nodejs redis-server libssl-dev libcurl4-openssl-dev libxml2-dev libxslt1-dev libpq-dev
$ sudo apt-get install postgresql</code>

<code># systemctl start redis-server
# systemctl enable redis-server
# systemctl start postgresql
# systemctl enable postgresql</code>

====== Users and preparation of the database ======
===== Database =====
<code>$ sudo -u postgres psql</code>
<code>postgres=# CREATE USER diaspora WITH CREATEDB PASSWORD '<password_of_diaspora>';</code>
Modification of the database to avoid issues due to UTF8: <code>
postgres=# update pg_database set datallowconn = TRUE where datname = 'template0';
UPDATE 1
postgres=# \c template0
You are now connected to database "template0" as user "postgres".
template0=# update pg_database set datistemplate = FALSE where datname = 'template1';
UPDATE 1
template0=# drop database template1;
DROP DATABASE
template0=# create database template1 with template = template0 encoding = 'UTF8';
CREATE DATABASE
template0=# update pg_database set datistemplate = TRUE where datname = 'template1';
UPDATE 1
template0=# \c template1
You are now connected to database "template1" as user "postgres".
template1=# update pg_database set datallowconn = FALSE where datname = 'template0';
UPDATE 1
template1=# \q</code>

===== Diaspora =====
<code>$ sudo adduser --disabled-login diaspora</code>

====== Install RVM and Ruby ======
<code>$ sudo -iu diaspora
$ gpg2 --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3 7D2BAF1CF37B13E2069D6956105BD0E739499BDB
$ find .gnupg/ -type d -exec chmod 750 {} \;
$ find .gnupg/ -type f -exec chmod 640 {} \;
$ curl -L https://s.diaspora.software/1t | bash</code>

<code>nano ~/.bashrc         /// and add at the end:
[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm"</code>
Logout and re-login:<code>$ exit
$ sudo -iu diaspora </code>


<code>
$ rvm autolibs read-fail   => install as "root" the missing dependancies
$ rvm autolibs read-fail
$ rvm install 2.6
$ ruby -v </code>

====== Download and configure Diaspora* ======
<code>$ cd ~
$ git clone -b master https://github.com/diaspora/diaspora.git
$ cd diaspora
$ cp config/database.yml.example config/database.yml
$ cp config/diaspora.toml.example config/diaspora.toml</code>
<code>$ nano config/database.yml

  port: 5432
  username: "diaspora"
  password: "the_password_of_user_diaspora"
  encoding: unicode
</code>
<code>$ nano config/diaspora.toml     ###### let the "whitespaces" like in the commented sections!!

[configuration.environment] ## Section
url: "https://sub_domain.the_domain.tld/"
certificate_authorities: '/etc/ssl/certs/ca-certificates.crt'
require_ssl: true

[configuration.server]  ## Section
rails_environment: 'production' 

[configuration.mail]  ## Section
enable = true
sender_address = "notification@diaspora.domain.tld"
method = "sendmail"
</code>

===== bundle =====

<code>$ gem install bundler
$ script/configure_bundler
$ bin/bundle install --full-index 
  ...."Bundle complete! 142 Gemfile dependencies, 234 gems now installed......"</code>
           
===== Database setup =====
<code>$ RAILS_ENV=production bundle exec rake db:create db:migrate
$ RAILS_ENV=production bin/rake assets:precompile</code>

===== Starting diaspora* from tmux =====
<code>~/diaspora$ tmux
$ pwd
/home/diaspora/diaspora
$ ./script/server</code>
There should not be any error messages.
  * CTRL+Z to stop diaspora*
  * ''exit'' to close the tmux session

====== Nginx ======
Commands done from the user with ''sudo'' permissions
===== Installation =====
<code>$ sudo apt-get install nginx</code>

===== SSL certificate =====
Create a self-signed SSL certificate. Give the FQDN of the Diaspora* installation as the name of the cert! (here: diaspo.domain.tld)
<code>$ sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/diaspora_key.key -out /etc/ssl/certs/diaspora_crt.crt</code>

===== Configuration of nginx =====
<code>$ sudo nano /etc/nginx/sites-available/diaspora</code>

Adapt the domain name ("diaspo.domain.tld" here) and the file names of the cert+key:

<code>upstream diaspora_server {
 server unix:/home/diaspora/diaspora/tmp/diaspora.sock;
}

server {
  listen 80;
  listen [::]:80; 
  server_name diaspo.domain.tld;                                                                    /// adapt domain name
  return 301 https://diaspo.domain.tld$request_uri;                                                 /// adapt domain name

  access_log /dev/null;
  error_log /dev/null;
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name diaspo.domain.tld;                                                                    /// adapt domain name

  access_log /var/log/nginx/dspr-access.log;
  error_log /var/log/nginx/dspr-error.log;

  ssl_certificate /etc/ssl/certs/diaspora_crt.crt;                                                 /// adapt file name
  ssl_certificate_key /etc/ssl/private/diaspora_key.key;                                           /// adapt file name

  ssl_protocols TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
  ssl_ecdh_curve X25519:P-521:P-384:P-256;
  ssl_prefer_server_ciphers on;
#  ssl_stapling on;
#  ssl_stapling_verify on;
  resolver 80.67.169.40 80.67.169.12 valid=300s;
  resolver_timeout 5s;
  ssl_session_cache shared:SSL:10m;

  root /home/diaspora/diaspora/public;

  client_max_body_size 5M;
  client_body_buffer_size 256K;

  try_files $uri @diaspora;

  location /assets/ {
    expires max;
    add_header Cache-Control public;
  }

  location @diaspora {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://diaspora_server;
  }
}
</code>

<code>$ sudo ln -s /etc/nginx/sites-available/diaspora /etc/nginx/sites-enabled/diaspora
$ sudo systemctl restart nginx
$ sudo systemctl status nginx </code>

====== Services ======
Running diaspora* over services is for me more comfortable than running over a tmux console.

<code>$ sudo nano /etc/systemd/system/diaspora.target
and enter:

[Unit]
Description=Diaspora social network
Wants=postgresql.service
Wants=redis-server.service
After=redis-server.service
After=postgresql.service

[Install]
WantedBy=multi-user.target </code>

<code>$ sudo nano /etc/systemd/system/diaspora-web.service
and enter:

[Unit]
Description=Diaspora social network (unicorn)
PartOf=diaspora.target
StopWhenUnneeded=true

[Service]
User=diaspora
Environment=RAILS_ENV=production
WorkingDirectory=/home/diaspora/diaspora
ExecStart=/bin/bash -lc "bin/bundle exec unicorn -c config/unicorn.rb -E production"
Restart=always

[Install]
WantedBy=diaspora.target </code>

<code>$ sudo nano /etc/systemd/system/diaspora-sidekiq.service
and enter:

[Unit]
Description=Diaspora social network (sidekiq)
PartOf=diaspora.target
StopWhenUnneeded=true

[Service]
User=diaspora
Environment=RAILS_ENV=production
WorkingDirectory=/home/diaspora/diaspora
ExecStart=/bin/bash -lc "bin/bundle exec sidekiq"
Restart=always

[Install]
WantedBy=diaspora.target </code>

<code>$ sudo systemctl daemon-reload
$ sudo systemctl enable diaspora.target diaspora-sidekiq.service diaspora-web.service
$ sudo systemctl status diaspora.target diaspora-sidekiq.service diaspora-web.service</code>
Reboot. \\

Diaspora* should now be available over the web browser at https://diaspo.domain.tld"