Mise à jour du README

This commit is contained in:
Cyrille L 2022-06-30 10:15:27 +02:00
parent 50e91e4799
commit 042186a06c
3 changed files with 1613 additions and 2 deletions

135
README.md
View File

@ -39,7 +39,9 @@ sudo apt install imagemagick \
certbot \
python3-certbot-nginx
```
### Création de l'utilisateur Système: pleroma
```
sudo adduser --system --shell /bin/false \
--home /opt/pleroma pleroma
@ -50,6 +52,7 @@ export FLAVOUR="amd64"
### Téléchargement, décompression
```
sudo su pleroma -s $SHELL -lc "
curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' \
@ -59,6 +62,7 @@ unzip /tmp/pleroma.zip -d /tmp/
```
### Déplacement de la release
```
sudo su pleroma -s $SHELL -lc "
mv /tmp/release/* /opt/pleroma
@ -68,6 +72,7 @@ rm /tmp/pleroma.zip
```
### Création des Dossiers
```
sudo mkdir -p /var/lib/pleroma/{uploads,static}
sudo mkdir -p /etc/pleroma
@ -76,11 +81,14 @@ sudo chown -R pleroma /etc/pleroma
```
## Générateur de configuration
```
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql"
```
## Configuration:par le questionnaire
```
- What domain will your instance use? (e.g pleroma.soykaf.com) [] toot.chalec.org
- What is the name of your instance? (e.g. The Corndog Emporium) [toot.chalec.org] Le Fédivers de Chalec.org
- What is your admin email address? [] contact+toot@chalec.org
@ -90,7 +98,7 @@ sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pler
- What is the hostname of your database? [localhost]
- What is the name of your database? [pleroma]
- What is the user used to connect to your database? [pleroma]
- What is the password used to connect to your database? [autogenerated] ***
- What is the password used to connect to your database? [autogenerated]
- Would you like to use RUM indices? [n]
- What port will the app listen to (leave it if you are using the default setup with nginx)? [4000]
- What ip will the app listen to (leave it if you are using the default setup with nginx)? [127.0.0.1]
@ -99,17 +107,22 @@ sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pler
- Do you want to strip location (GPS) data from uploaded images? This requires exiftool, it was detected as installed. (y/n) [y]
- Do you want to anonymize the filenames of uploads? (y/n) [n] y
- Do you want to deduplicate uploaded files? (y/n) [n]
```
# Création de la base de données Postgresql
```
sudo su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
```
## Création du schéma de la base de données
```
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
```
# Firewall
```
sudo ufw allow 443
sudo ufw allow 80
@ -117,6 +130,7 @@ sudo ufw allow 4000
```
# Nginx
```
## Copy example file
sudo cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/toot.chalec.org.conf
@ -127,11 +141,13 @@ sudo nano /etc/nginx/sites-available/toot.chalec.org.conf
```
# Let's encrypt
```
sudo certbot certonly -d toot.chalec.org
```
# Service SystemD
```
# Copy the service into a proper directory
sudo cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
@ -140,31 +156,39 @@ sudo systemctl enable pleroma
```
# Activation de nginx
```
sudo ln -s /etc/nginx/sites-available/toot.chalec.org.conf /etc/nginx/sites-enabled/toot.chalec.org
sudo nginx -t && sudo systemctl restart nginx
```
# Création de l'utilisateur admin
```
cd /opt/pleroma
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl user new admin contact+toot@chalec.org --admin"
```
# Installation du front-end soapbox
# Installation et mise à jour du front-end soapbox
```
# Pour la première installation
sudo apt install busybox
# Installation et mise à jour
cd /tmp
curl -L https://gitlab.com/soapbox-pub/soapbox-fe/-/jobs/artifacts/v1.3.0/download?job=build-production -o soapbox-fe.zip
sudo busybox unzip soapbox-fe.zip -o -d /var/lib/pleroma
```
# Optimisation de Postgresql
```
sudo nano /etc/postgresql/13/main/postgresql.conf
```
## Valeurs changées dans postgresql
```
# Values to change according to https://pgtune.leopard.in.ua/
# DB Version: 13
@ -198,3 +222,110 @@ max_parallel_maintenance_workers = 2
```
sudo systemctl restart postgresql
```
# Mise à jour de Pleroma
```
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl update"
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
```
# Configuration de nginx
```
# default nginx site config for Pleroma
#
# Simple installation instructions:
# 1. Install your TLS certificate, possibly using Let's Encrypt.
# 2. Replace 'example.tld' with your instance's domain wherever it appears.
# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
# in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
inactive=720m use_temp_path=off;
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
# and `localhost.` resolves to [::0] on some systems: see issue #930
upstream phoenix {
server 127.0.0.1:4000 max_fails=5 fail_timeout=60s;
}
server {
server_name toot.chalec.org;
# Uncomment this if you need to use the 'webroot' method with certbot. Make sure
# that the directory exists and that it is accessible by the webserver. If you followed
# the guide, you already ran 'mkdir -p /var/lib/letsencrypt' to create the folder.
# You may need to load this file with the ssl server block commented out, run certbot
# to get the certificate, and then uncomment it.
#
# location ~ /\.well-known/acme-challenge {
# root /var/lib/letsencrypt/;
# }
return 302 https://$server_name$request_uri;
listen [::]:80; # managed by Certbot
listen 80; # managed by Certbot
}
# Enable SSL session caching for improved performance
ssl_session_cache shared:ssl_session_cache:10m;
server {
set_real_ip_from 192.168.1.1;
real_ip_header proxy_protocol;
server_name toot.chalec.org;
listen 0.0.0.0:443 ssl proxy_protocol;
listen [::]:443 ssl ipv6only=on;
ssl_certificate /etc/letsencrypt/live/toot.chalec.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/toot.chalec.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
# the nginx default is 1m, not enough for large media uploads
client_max_body_size 16m;
ignore_invalid_headers off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://phoenix;
}
location ~ ^/(media|proxy) {
proxy_cache pleroma_media_cache;
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
proxy_cache_valid 200 206 301 304 1h;
proxy_cache_lock on;
proxy_ignore_client_abort on;
proxy_buffering on;
chunked_transfer_encoding on;
proxy_pass http://phoenix;
}
}
```
# Sources
- OTP Installation : https://docs-develop.pleroma.social/backend/installation/otp_en/
- Mise à jour de Pleroma : https://docs.pleroma.social/backend/administration/updating/
- Soapbox: https://gitlab.com/soapbox-pub/soapbox-fe/
- logo : https://git.a-lec.org/a-lec/commissions/chalec/identite-visuelle/-/blob/main/vecteurs/chalecolor/toot.chalec.org.svg

76
check_update_pleroma Normal file
View File

@ -0,0 +1,76 @@
#!/bin/bash
# GNU AGPLv3+
# Nagios plugin to check Gitea version
function usage()
{
echo "Usage : $0"
}
function getCurrentVersion
{
local result
local json=$(curl -s -X GET "https://forge.chalec.org/api/v1/version" -H "accept: application/json")
#echo "[$json]"
# {"version":"1.11.1"}
local regexp='\{"version":"(.*)"}'
if [[ $json =~ $regexp ]]; then
result=${BASH_REMATCH[1]}
else
result=
fi
echo "$result"
}
function getLastVersionFromGithub
{
local result
local owner="$1"
local repo="$2"
local json=$(curl -s -X GET https://api.github.com/repos/$owner/$repo/releases/latest |grep tag_name)
#echo "[$json]"
# [ "tag_name": "v1.11.1",]
local regexp='.*"tag_name": "v(.+)".*'
if [[ $json =~ $regexp ]]; then
result=${BASH_REMATCH[1]}
else
result=
fi
echo "$result"
}
#
if [ "$#" -ne 0 ]; then
usage
else
currentVersion=$(getCurrentVersion)
#echo "Current version = $currentVersion"
lastVersion=$(getLastVersionFromGithub "go-gitea" "gitea")
#echo "Last version = $lastVersion"
if [ $currentVersion = $lastVersion ]; then
echo "OK"
result=0
else
echo "WARNING : new version available, current is $currentVersion, last is $lastVersion."
result=1
fi
fi
exit $result
#
# LAST_VERSION=$(curl --silent https://gitlab.com/api/v4/projects/21505091/repository/tags | jq -r '.[0].name')
# lastVersion=$(curl -s https://framagit.org/api/v4/projects/20125/releases | jshon -a -e name 2>/dev/null | sed -e "/rc/d" | cut -d '"' -f2 | grep -v '[\^\(alpha\)]'|head -n 1)
# lastVersion=$(curl -s https://framagit.org/api/v4/projects/16/releases | jshon -a -e name|cut -d '"' -f2|grep -v '[\^\(alpha\)]'|sort -rV|head -n 1)

1404
metrics.properties Normal file

File diff suppressed because it is too large Load Diff