Ci-dessous, les différences entre deux révisions de la page.
— |
welcome:ubuntu:mastodon [2021/05/14 10:56] (Version actuelle) |
||
---|---|---|---|
Ligne 1: | Ligne 1: | ||
+ | <color # | ||
+ | <note important> | ||
+ | |||
+ | https:// | ||
+ | \\ | ||
+ | |||
+ | Activate the user " | ||
+ | ====== Postfix ====== | ||
+ | Installation of postfix: https:// | ||
+ | Reading package lists... Done | ||
+ | Building dependency tree | ||
+ | Reading state information... Done | ||
+ | postfix is already the newest version (3.3.0-1ubuntu0.3). | ||
+ | 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.</ | ||
+ | |||
+ | ====== Node.js ====== | ||
+ | < | ||
+ | # curl -sL https:// | ||
+ | |||
+ | ====== Yarn ====== | ||
+ | < | ||
+ | # echo "deb https:// | ||
+ | |||
+ | ====== System packages ====== | ||
+ | < | ||
+ | # apt install -y imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev file git-core \ | ||
+ | g++ libprotobuf-dev protobuf-compiler pkg-config nodejs gcc autoconf \ | ||
+ | bison build-essential libssl-dev libyaml-dev libreadline6-dev \ | ||
+ | zlib1g-dev libncurses5-dev libffi-dev libgdbm-dev \ | ||
+ | nginx redis-server redis-tools postgresql postgresql-contrib | ||
+ | certbot python-certbot-nginx yarn libidn11-dev libicu-dev libjemalloc-dev </ | ||
+ | |||
+ | ====== User mastodon ====== | ||
+ | < | ||
+ | Change user " | ||
+ | < | ||
+ | |||
+ | ====== Ruby ====== | ||
+ | < | ||
+ | $ cd ~/.rbenv && src/ | ||
+ | $ echo ' | ||
+ | $ echo 'eval " | ||
+ | $ exec bash /// to restart the users shell | ||
+ | $ type rbenv /// to check if rbenv is correctly installed | ||
+ | $ git clone https:// | ||
+ | |||
+ | < | ||
+ | rbenv global 2.7.2 </ | ||
+ | |||
+ | Install bundler and switch back to root: | ||
+ | < | ||
+ | $ exit </ | ||
+ | |||
+ | ====== Database ====== | ||
+ | ===== Create the database and the user ===== | ||
+ | |||
+ | < | ||
+ | CREATE USER mastodon CREATEDB; | ||
+ | \q </ | ||
+ | ===== Modify the database ===== | ||
+ | < | ||
+ | could not change directory to "/ | ||
+ | psql (12.6 (Ubuntu 12.6-0ubuntu0.20.04.1)) | ||
+ | Type " | ||
+ | |||
+ | postgres=# update pg_database set datallowconn = TRUE where datname = ' | ||
+ | UPDATE 1 | ||
+ | postgres=# \c template0 | ||
+ | You are now connected to database " | ||
+ | template0=# update pg_database set datistemplate = FALSE where datname = ' | ||
+ | UPDATE 1 | ||
+ | template0=# drop database template1; | ||
+ | DROP DATABASE | ||
+ | template0=# create database template1 with template = template0 encoding = ' | ||
+ | CREATE DATABASE | ||
+ | template0=# update pg_database set datistemplate = TRUE where datname = ' | ||
+ | UPDATE 1 | ||
+ | template0=# \c template1 | ||
+ | You are now connected to database " | ||
+ | template1=# update pg_database set datallowconn = FALSE where datname = ' | ||
+ | UPDATE 1 | ||
+ | template1=# \q </ | ||
+ | |||
+ | ====== Mastodon ====== | ||
+ | ===== Installation ===== | ||
+ | < | ||
+ | |||
+ | < | ||
+ | $ git checkout $(git tag -l | grep -v ' | ||
+ | |||
+ | < | ||
+ | $ bundle config without ' | ||
+ | $ bundle install -j$(getconf _NPROCESSORS_ONLN) </ | ||
+ | |||
+ | <note important> | ||
+ | removed it. You'll need to update your bundle to a version other than mimemagic (0.3.5) that hasn't been removed in order to install.</ | ||
+ | |||
+ | < | ||
+ | < | ||
+ | $ bundle update mimemagic --minor | ||
+ | $ bundle config deployment false | ||
+ | $ bundle update mimemagic --minor | ||
+ | $ bundle config deployment true </ | ||
+ | |||
+ | < | ||
+ | |||
+ | ===== Configuration ===== | ||
+ | < | ||
+ | $ exit </ | ||
+ | |||
+ | ====== Nginx ====== | ||
+ | |||
+ | |||
+ | < | ||
+ | # ln -s / | ||
+ | |||
+ | ===== Create a self signed SSL-cert ===== | ||
+ | Give the FQDN of the mastodon installation as the name of the cert! (here: masto.domain.tld) | ||
+ | < | ||
+ | |||
+ | ===== Adjust the nginx conf file ===== | ||
+ | < | ||
+ | |||
+ | |||
+ | map $http_upgrade $connection_upgrade { | ||
+ | default upgrade; | ||
+ | '' | ||
+ | } | ||
+ | |||
+ | upstream backend { | ||
+ | server 127.0.0.1: | ||
+ | } | ||
+ | |||
+ | upstream streaming { | ||
+ | server 127.0.0.1: | ||
+ | } | ||
+ | |||
+ | proxy_cache_path / | ||
+ | |||
+ | server { | ||
+ | listen 80; | ||
+ | listen [::]:80; | ||
+ | server_name masto.domain.tld; | ||
+ | root / | ||
+ | location / | ||
+ | location / { return 301 https:// | ||
+ | } | ||
+ | |||
+ | server { | ||
+ | listen 443 ssl http2; | ||
+ | listen [::]:443 ssl http2; | ||
+ | server_name masto.domain.tld; | ||
+ | |||
+ | ssl_protocols TLSv1.2 TLSv1.3; | ||
+ | ssl_ciphers HIGH: | ||
+ | ssl_prefer_server_ciphers on; | ||
+ | ssl_session_cache shared: | ||
+ | |||
+ | # Uncomment these lines once you acquire a certificate: | ||
+ | ssl_certificate | ||
+ | ssl_certificate_key / | ||
+ | |||
+ | keepalive_timeout | ||
+ | sendfile | ||
+ | client_max_body_size 80m; | ||
+ | |||
+ | root / | ||
+ | |||
+ | gzip on; | ||
+ | gzip_disable " | ||
+ | gzip_vary on; | ||
+ | gzip_proxied any; | ||
+ | gzip_comp_level 6; | ||
+ | gzip_buffers 16 8k; | ||
+ | gzip_http_version 1.1; | ||
+ | gzip_types text/plain text/css application/ | ||
+ | |||
+ | add_header Strict-Transport-Security " | ||
+ | |||
+ | location / { | ||
+ | try_files $uri @proxy; | ||
+ | } | ||
+ | |||
+ | location ~ ^/ | ||
+ | add_header Cache-Control " | ||
+ | add_header Strict-Transport-Security " | ||
+ | try_files $uri @proxy; | ||
+ | } | ||
+ | |||
+ | location /sw.js { | ||
+ | add_header Cache-Control " | ||
+ | add_header Strict-Transport-Security " | ||
+ | try_files $uri @proxy; | ||
+ | } | ||
+ | |||
+ | location @proxy { | ||
+ | proxy_set_header Host $host; | ||
+ | proxy_set_header X-Real-IP $remote_addr; | ||
+ | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
+ | proxy_set_header X-Forwarded-Proto https; | ||
+ | proxy_set_header Proxy ""; | ||
+ | proxy_pass_header Server; | ||
+ | |||
+ | proxy_pass http:// | ||
+ | proxy_buffering on; | ||
+ | proxy_redirect off; | ||
+ | proxy_http_version 1.1; | ||
+ | proxy_set_header Upgrade $http_upgrade; | ||
+ | proxy_set_header Connection $connection_upgrade; | ||
+ | |||
+ | proxy_cache CACHE; | ||
+ | proxy_cache_valid 200 7d; | ||
+ | proxy_cache_valid 410 24h; | ||
+ | proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; | ||
+ | add_header X-Cached $upstream_cache_status; | ||
+ | add_header Strict-Transport-Security " | ||
+ | |||
+ | tcp_nodelay on; | ||
+ | } | ||
+ | |||
+ | location / | ||
+ | proxy_set_header Host $host; | ||
+ | proxy_set_header X-Real-IP $remote_addr; | ||
+ | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
+ | proxy_set_header X-Forwarded-Proto https; | ||
+ | proxy_set_header Proxy ""; | ||
+ | |||
+ | proxy_pass http:// | ||
+ | proxy_buffering off; | ||
+ | proxy_redirect off; | ||
+ | proxy_http_version 1.1; | ||
+ | proxy_set_header Upgrade $http_upgrade; | ||
+ | proxy_set_header Connection $connection_upgrade; | ||
+ | |||
+ | tcp_nodelay on; | ||
+ | } | ||
+ | |||
+ | error_page 500 501 502 503 504 /500.html; | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | < | ||
+ | |||
+ | ====== Setting up systemd services ====== | ||
+ | < | ||
+ | # systemctl daemon-reload | ||
+ | # systemctl start mastodon-web mastodon-sidekiq mastodon-streaming | ||
+ | # systemctl enable --now mastodon-web mastodon-sidekiq mastodon-streaming | ||
+ | # systemctl status mastodon-*.service </ | ||
+ | |||
+ | Mastodon should now be available at https:// | ||
+ | |||