# Pleroma ## Configuration Serveur - RAM: 4Go - Proc: 4 - URL: https://toot.chalec.org ## Instance - Nom: Toot Chalec - Description: Le Fédivers de Chalec. Instance Pleroma avec Soapbox - Activation des comptes par courriel: OUI - Compte automatiquement suivi: admin - Fédérée: OUI - Modérée: OUI - Nom d'utilisateur: 50 caractères maximum - Limite de caractère par message: 600 - Limite de caractères des messages distants: 1000 - Nom des champs: 100 caractres ; Valeur 200 caractères - Status épinglés: 2 maximum - Sécurité DM : seul le premier mentionné - Biographie utilisateur: 2000 caractères ## Installation Reprise de la documentation officielle Installation en version OTP ### Dépendances ``` sudo apt install imagemagick \ ffmpeg \ libimage-exiftool-perl \ unzip \ libncurses5 \ nginx \ postgresql \ postgresql-contrib \ libmagic-dev \ certbot \ python3-certbot-nginx ``` ### Création de l'utilisateur Système: pleroma ``` sudo adduser --system --shell /bin/false \ --home /opt/pleroma pleroma # Selon le serveur export FLAVOUR="amd64" ``` ### Téléchargement, décompression ``` sudo su pleroma -s $SHELL -lc " curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' \ -o /tmp/pleroma.zip unzip /tmp/pleroma.zip -d /tmp/ " ``` ### Déplacement de la release ``` sudo su pleroma -s $SHELL -lc " mv /tmp/release/* /opt/pleroma rmdir /tmp/release rm /tmp/pleroma.zip " ``` ### Création des Dossiers ``` sudo mkdir -p /var/lib/pleroma/{uploads,static} sudo mkdir -p /etc/pleroma sudo chown -R pleroma /var/lib/pleroma sudo chown -R pleroma /etc/pleroma ``` ## Générateur de configuration ``` sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql" ``` ## Configuration par le questionnaire ``` - What domain will your instance use? (e.g pleroma.soykaf.com) [] toot.chalec.org - What is the name of your instance? (e.g. The Corndog Emporium) [toot.chalec.org] Le Fédivers de Chalec.org - What is your admin email address? [] contact+toot@chalec.org - What email address do you want to use for sending email notifications? [contact+toot@chalec.org] - Do you want search engines to index your site? (y/n) [y] - Do you want to store the configuration in the database (allows controlling it from admin-fe)? (y/n) [n] y - What is the hostname of your database? [localhost] - What is the name of your database? [pleroma] - What is the user used to connect to your database? [pleroma] - What is the password used to connect to your database? [autogenerated] - Would you like to use RUM indices? [n] - What port will the app listen to (leave it if you are using the default setup with nginx)? [4000] - What ip will the app listen to (leave it if you are using the default setup with nginx)? [127.0.0.1] - What directory should media uploads go in (when using the local uploader)? [/var/lib/pleroma/uploads] - What directory should custom public files be read from (custom emojis, frontend bundle overrides, robots.txt, etc.)? [/var/lib/pleroma/static] - Do you want to strip location (GPS) data from uploaded images? This requires exiftool, it was detected as installed. (y/n) [y] - Do you want to anonymize the filenames of uploads? (y/n) [n] y - Do you want to deduplicate uploaded files? (y/n) [n] ``` # Création de la base de données Postgresql ``` sudo su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql" ``` ## Création du schéma de la base de données ``` sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate" ``` # Firewall ``` sudo ufw allow 443 sudo ufw allow 80 sudo ufw allow 4000 ``` # Nginx ``` ## Copy example file sudo cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/toot.chalec.org.conf # Change tld values # replace listen 443 ssl http2; with listen 443 ssl proxy_protocol; sudo nano /etc/nginx/sites-available/toot.chalec.org.conf ``` # Let's encrypt ``` sudo certbot certonly -d toot.chalec.org ``` # Service SystemD ``` # Copy the service into a proper directory sudo cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service sudo systemctl start pleroma sudo systemctl enable pleroma ``` # Activation de nginx ``` sudo ln -s /etc/nginx/sites-available/toot.chalec.org.conf /etc/nginx/sites-enabled/toot.chalec.org sudo nginx -t && sudo systemctl restart nginx ``` # Création de l'utilisateur admin ``` cd /opt/pleroma sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl user new admin contact+toot@chalec.org --admin" ``` # Installation et mise à jour du front-end soapbox ``` # Pour la première installation sudo apt install busybox # Installation et mise à jour cd /tmp curl -L https://gitlab.com/soapbox-pub/soapbox-fe/-/jobs/artifacts/v2.0.0/download?job=build-production -o soapbox-fe.zip sudo busybox unzip soapbox-fe.zip -o -d /var/lib/pleroma ``` # Optimisation de Postgresql ``` sudo nano /etc/postgresql/13/main/postgresql.conf ``` ## Valeurs changées dans postgresql ``` # Values to change according to https://pgtune.leopard.in.ua/ # DB Version: 13 # OS Type: linux # DB Type: web # Total Memory (RAM): 4 GB # CPUs num: 4 # Connections num: 100 # Data Storage: ssd max_connections = 100 shared_buffers = 1GB effective_cache_size = 3GB maintenance_work_mem = 256MB checkpoint_completion_target = 0.9 wal_buffers = 16MB default_statistics_target = 100 random_page_cost = 1.1 effective_io_concurrency = 200 work_mem = 5242kB min_wal_size = 1GB max_wal_size = 4GB max_worker_processes = 4 max_parallel_workers_per_gather = 2 max_parallel_workers = 4 max_parallel_maintenance_workers = 2 ``` # Redémarrage de la base de donnée postgresql ``` sudo systemctl restart postgresql ``` # Mise à jour de Pleroma ``` sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl update" sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate" ``` # Configuration de nginx ``` # default nginx site config for Pleroma # # Simple installation instructions: # 1. Install your TLS certificate, possibly using Let's Encrypt. # 2. Replace 'example.tld' with your instance's domain wherever it appears. # 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it # in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx. proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g inactive=720m use_temp_path=off; # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only # and `localhost.` resolves to [::0] on some systems: see issue #930 upstream phoenix { server 127.0.0.1:4000 max_fails=5 fail_timeout=60s; } server { server_name toot.chalec.org; # Uncomment this if you need to use the 'webroot' method with certbot. Make sure # that the directory exists and that it is accessible by the webserver. If you followed # the guide, you already ran 'mkdir -p /var/lib/letsencrypt' to create the folder. # You may need to load this file with the ssl server block commented out, run certbot # to get the certificate, and then uncomment it. # # location ~ /\.well-known/acme-challenge { # root /var/lib/letsencrypt/; # } return 302 https://$server_name$request_uri; listen [::]:80; # managed by Certbot listen 80; # managed by Certbot } # Enable SSL session caching for improved performance ssl_session_cache shared:ssl_session_cache:10m; server { set_real_ip_from 192.168.1.1; real_ip_header proxy_protocol; server_name toot.chalec.org; listen 0.0.0.0:443 ssl proxy_protocol; listen [::]:443 ssl ipv6only=on; ssl_certificate /etc/letsencrypt/live/toot.chalec.org/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/toot.chalec.org/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml; # the nginx default is 1m, not enough for large media uploads client_max_body_size 16m; ignore_invalid_headers off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; location / { proxy_pass http://phoenix; } location ~ ^/(media|proxy) { proxy_cache pleroma_media_cache; slice 1m; proxy_cache_key $host$uri$is_args$args$slice_range; proxy_set_header Range $slice_range; proxy_cache_valid 200 206 301 304 1h; proxy_cache_lock on; proxy_ignore_client_abort on; proxy_buffering on; chunked_transfer_encoding on; proxy_pass http://phoenix; } } ``` # Sources - OTP Installation : https://docs-develop.pleroma.social/backend/installation/otp_en/ - Mise à jour de Pleroma : https://docs.pleroma.social/backend/administration/updating/ - Soapbox: https://gitlab.com/soapbox-pub/soapbox-fe/ - logo : https://git.a-lec.org/a-lec/commissions/chalec/identite-visuelle/-/blob/main/vecteurs/chalecolor/toot.chalec.org.svg