toot/README.md

332 lines
9.5 KiB
Markdown

# Pleroma
## Configuration Serveur
- RAM: 4Go
- Proc: 4
- URL: https://toot.chalec.org
## Instance
- Nom: Toot Chalec
- Description: Le Fédivers de Chalec. Instance Pleroma avec Soapbox
- Activation des comptes par courriel: OUI
- Compte automatiquement suivi: admin
- Fédérée: OUI
- Modérée: OUI
- Nom d'utilisateur: 50 caractères maximum
- Limite de caractère par message: 600
- Limite de caractères des messages distants: 1000
- Nom des champs: 100 caractres ; Valeur 200 caractères
- Status épinglés: 2 maximum
- Sécurité DM : seul le premier mentionné
- Biographie utilisateur: 2000 caractères
## Installation
Reprise de la documentation officielle
Installation en version OTP
### Dépendances
```
sudo apt install imagemagick \
ffmpeg \
libimage-exiftool-perl \
unzip \
libncurses5 \
nginx \
postgresql \
postgresql-contrib \
libmagic-dev \
certbot \
python3-certbot-nginx
```
### Création de l'utilisateur Système: pleroma
```
sudo adduser --system --shell /bin/false \
--home /opt/pleroma pleroma
# Selon le serveur
export FLAVOUR="amd64"
```
### Téléchargement, décompression
```
sudo su pleroma -s $SHELL -lc "
curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' \
-o /tmp/pleroma.zip
unzip /tmp/pleroma.zip -d /tmp/
"
```
### Déplacement de la release
```
sudo su pleroma -s $SHELL -lc "
mv /tmp/release/* /opt/pleroma
rmdir /tmp/release
rm /tmp/pleroma.zip
"
```
### Création des Dossiers
```
sudo mkdir -p /var/lib/pleroma/{uploads,static}
sudo mkdir -p /etc/pleroma
sudo chown -R pleroma /var/lib/pleroma
sudo chown -R pleroma /etc/pleroma
```
## Générateur de configuration
```
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql"
```
## Configuration:par le questionnaire
```
- What domain will your instance use? (e.g pleroma.soykaf.com) [] toot.chalec.org
- What is the name of your instance? (e.g. The Corndog Emporium) [toot.chalec.org] Le Fédivers de Chalec.org
- What is your admin email address? [] contact+toot@chalec.org
- What email address do you want to use for sending email notifications? [contact+toot@chalec.org]
- Do you want search engines to index your site? (y/n) [y]
- Do you want to store the configuration in the database (allows controlling it from admin-fe)? (y/n) [n] y
- What is the hostname of your database? [localhost]
- What is the name of your database? [pleroma]
- What is the user used to connect to your database? [pleroma]
- What is the password used to connect to your database? [autogenerated]
- Would you like to use RUM indices? [n]
- What port will the app listen to (leave it if you are using the default setup with nginx)? [4000]
- What ip will the app listen to (leave it if you are using the default setup with nginx)? [127.0.0.1]
- What directory should media uploads go in (when using the local uploader)? [/var/lib/pleroma/uploads]
- What directory should custom public files be read from (custom emojis, frontend bundle overrides, robots.txt, etc.)? [/var/lib/pleroma/static]
- Do you want to strip location (GPS) data from uploaded images? This requires exiftool, it was detected as installed. (y/n) [y]
- Do you want to anonymize the filenames of uploads? (y/n) [n] y
- Do you want to deduplicate uploaded files? (y/n) [n]
```
# Création de la base de données Postgresql
```
sudo su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
```
## Création du schéma de la base de données
```
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
```
# Firewall
```
sudo ufw allow 443
sudo ufw allow 80
sudo ufw allow 4000
```
# Nginx
```
## Copy example file
sudo cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/toot.chalec.org.conf
# Change tld values
# replace listen 443 ssl http2; with listen 443 ssl proxy_protocol;
sudo nano /etc/nginx/sites-available/toot.chalec.org.conf
```
# Let's encrypt
```
sudo certbot certonly -d toot.chalec.org
```
# Service SystemD
```
# Copy the service into a proper directory
sudo cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
sudo systemctl start pleroma
sudo systemctl enable pleroma
```
# Activation de nginx
```
sudo ln -s /etc/nginx/sites-available/toot.chalec.org.conf /etc/nginx/sites-enabled/toot.chalec.org
sudo nginx -t && sudo systemctl restart nginx
```
# Création de l'utilisateur admin
```
cd /opt/pleroma
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl user new admin contact+toot@chalec.org --admin"
```
# Installation et mise à jour du front-end soapbox
```
# Pour la première installation
sudo apt install busybox
# Installation et mise à jour
cd /tmp
curl -L https://gitlab.com/soapbox-pub/soapbox-fe/-/jobs/artifacts/v1.3.0/download?job=build-production -o soapbox-fe.zip
sudo busybox unzip soapbox-fe.zip -o -d /var/lib/pleroma
```
# Optimisation de Postgresql
```
sudo nano /etc/postgresql/13/main/postgresql.conf
```
## Valeurs changées dans postgresql
```
# Values to change according to https://pgtune.leopard.in.ua/
# DB Version: 13
# OS Type: linux
# DB Type: web
# Total Memory (RAM): 4 GB
# CPUs num: 4
# Connections num: 100
# Data Storage: ssd
max_connections = 100
shared_buffers = 1GB
effective_cache_size = 3GB
maintenance_work_mem = 256MB
checkpoint_completion_target = 0.9
wal_buffers = 16MB
default_statistics_target = 100
random_page_cost = 1.1
effective_io_concurrency = 200
work_mem = 5242kB
min_wal_size = 1GB
max_wal_size = 4GB
max_worker_processes = 4
max_parallel_workers_per_gather = 2
max_parallel_workers = 4
max_parallel_maintenance_workers = 2
```
# Redémarrage de la base de donnée postgresql
```
sudo systemctl restart postgresql
```
# Mise à jour de Pleroma
```
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl update"
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
```
# Configuration de nginx
```
# default nginx site config for Pleroma
#
# Simple installation instructions:
# 1. Install your TLS certificate, possibly using Let's Encrypt.
# 2. Replace 'example.tld' with your instance's domain wherever it appears.
# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
# in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
inactive=720m use_temp_path=off;
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
# and `localhost.` resolves to [::0] on some systems: see issue #930
upstream phoenix {
server 127.0.0.1:4000 max_fails=5 fail_timeout=60s;
}
server {
server_name toot.chalec.org;
# Uncomment this if you need to use the 'webroot' method with certbot. Make sure
# that the directory exists and that it is accessible by the webserver. If you followed
# the guide, you already ran 'mkdir -p /var/lib/letsencrypt' to create the folder.
# You may need to load this file with the ssl server block commented out, run certbot
# to get the certificate, and then uncomment it.
#
# location ~ /\.well-known/acme-challenge {
# root /var/lib/letsencrypt/;
# }
return 302 https://$server_name$request_uri;
listen [::]:80; # managed by Certbot
listen 80; # managed by Certbot
}
# Enable SSL session caching for improved performance
ssl_session_cache shared:ssl_session_cache:10m;
server {
set_real_ip_from 192.168.1.1;
real_ip_header proxy_protocol;
server_name toot.chalec.org;
listen 0.0.0.0:443 ssl proxy_protocol;
listen [::]:443 ssl ipv6only=on;
ssl_certificate /etc/letsencrypt/live/toot.chalec.org/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/toot.chalec.org/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
# the nginx default is 1m, not enough for large media uploads
client_max_body_size 16m;
ignore_invalid_headers off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://phoenix;
}
location ~ ^/(media|proxy) {
proxy_cache pleroma_media_cache;
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
proxy_cache_valid 200 206 301 304 1h;
proxy_cache_lock on;
proxy_ignore_client_abort on;
proxy_buffering on;
chunked_transfer_encoding on;
proxy_pass http://phoenix;
}
}
```
# Sources
- OTP Installation : https://docs-develop.pleroma.social/backend/installation/otp_en/
- Mise à jour de Pleroma : https://docs.pleroma.social/backend/administration/updating/
- Soapbox: https://gitlab.com/soapbox-pub/soapbox-fe/
- logo : https://git.a-lec.org/a-lec/commissions/chalec/identite-visuelle/-/blob/main/vecteurs/chalecolor/toot.chalec.org.svg