332 lines
9.5 KiB
Markdown
332 lines
9.5 KiB
Markdown
# Pleroma
|
|
|
|
## Configuration Serveur
|
|
- RAM: 4Go
|
|
- Proc: 4
|
|
- URL: https://toot.chalec.org
|
|
|
|
## Instance
|
|
- Nom: Toot Chalec
|
|
- Description: Le Fédivers de Chalec. Instance Pleroma avec Soapbox
|
|
- Activation des comptes par courriel: OUI
|
|
- Compte automatiquement suivi: admin
|
|
- Fédérée: OUI
|
|
- Modérée: OUI
|
|
- Nom d'utilisateur: 50 caractères maximum
|
|
- Limite de caractère par message: 600
|
|
- Limite de caractères des messages distants: 1000
|
|
- Nom des champs: 100 caractres ; Valeur 200 caractères
|
|
- Status épinglés: 2 maximum
|
|
- Sécurité DM : seul le premier mentionné
|
|
- Biographie utilisateur: 2000 caractères
|
|
|
|
## Installation
|
|
Reprise de la documentation officielle
|
|
Installation en version OTP
|
|
|
|
### Dépendances
|
|
|
|
```
|
|
sudo apt install imagemagick \
|
|
ffmpeg \
|
|
libimage-exiftool-perl \
|
|
unzip \
|
|
libncurses5 \
|
|
nginx \
|
|
postgresql \
|
|
postgresql-contrib \
|
|
libmagic-dev \
|
|
certbot \
|
|
python3-certbot-nginx
|
|
```
|
|
|
|
### Création de l'utilisateur Système: pleroma
|
|
|
|
```
|
|
sudo adduser --system --shell /bin/false \
|
|
--home /opt/pleroma pleroma
|
|
|
|
# Selon le serveur
|
|
export FLAVOUR="amd64"
|
|
```
|
|
|
|
|
|
### Téléchargement, décompression
|
|
|
|
```
|
|
sudo su pleroma -s $SHELL -lc "
|
|
curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' \
|
|
-o /tmp/pleroma.zip
|
|
unzip /tmp/pleroma.zip -d /tmp/
|
|
"
|
|
```
|
|
|
|
### Déplacement de la release
|
|
|
|
```
|
|
sudo su pleroma -s $SHELL -lc "
|
|
mv /tmp/release/* /opt/pleroma
|
|
rmdir /tmp/release
|
|
rm /tmp/pleroma.zip
|
|
"
|
|
```
|
|
|
|
### Création des Dossiers
|
|
|
|
```
|
|
sudo mkdir -p /var/lib/pleroma/{uploads,static}
|
|
sudo mkdir -p /etc/pleroma
|
|
sudo chown -R pleroma /var/lib/pleroma
|
|
sudo chown -R pleroma /etc/pleroma
|
|
```
|
|
|
|
## Générateur de configuration
|
|
|
|
```
|
|
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql"
|
|
```
|
|
|
|
## Configuration:par le questionnaire
|
|
|
|
```
|
|
- What domain will your instance use? (e.g pleroma.soykaf.com) [] toot.chalec.org
|
|
- What is the name of your instance? (e.g. The Corndog Emporium) [toot.chalec.org] Le Fédivers de Chalec.org
|
|
- What is your admin email address? [] contact+toot@chalec.org
|
|
- What email address do you want to use for sending email notifications? [contact+toot@chalec.org]
|
|
- Do you want search engines to index your site? (y/n) [y]
|
|
- Do you want to store the configuration in the database (allows controlling it from admin-fe)? (y/n) [n] y
|
|
- What is the hostname of your database? [localhost]
|
|
- What is the name of your database? [pleroma]
|
|
- What is the user used to connect to your database? [pleroma]
|
|
- What is the password used to connect to your database? [autogenerated]
|
|
- Would you like to use RUM indices? [n]
|
|
- What port will the app listen to (leave it if you are using the default setup with nginx)? [4000]
|
|
- What ip will the app listen to (leave it if you are using the default setup with nginx)? [127.0.0.1]
|
|
- What directory should media uploads go in (when using the local uploader)? [/var/lib/pleroma/uploads]
|
|
- What directory should custom public files be read from (custom emojis, frontend bundle overrides, robots.txt, etc.)? [/var/lib/pleroma/static]
|
|
- Do you want to strip location (GPS) data from uploaded images? This requires exiftool, it was detected as installed. (y/n) [y]
|
|
- Do you want to anonymize the filenames of uploads? (y/n) [n] y
|
|
- Do you want to deduplicate uploaded files? (y/n) [n]
|
|
```
|
|
|
|
# Création de la base de données Postgresql
|
|
|
|
```
|
|
sudo su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
|
|
```
|
|
|
|
## Création du schéma de la base de données
|
|
|
|
```
|
|
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
|
|
```
|
|
|
|
# Firewall
|
|
|
|
```
|
|
sudo ufw allow 443
|
|
sudo ufw allow 80
|
|
sudo ufw allow 4000
|
|
```
|
|
|
|
# Nginx
|
|
|
|
```
|
|
## Copy example file
|
|
sudo cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/toot.chalec.org.conf
|
|
|
|
# Change tld values
|
|
# replace listen 443 ssl http2; with listen 443 ssl proxy_protocol;
|
|
sudo nano /etc/nginx/sites-available/toot.chalec.org.conf
|
|
```
|
|
|
|
# Let's encrypt
|
|
|
|
```
|
|
sudo certbot certonly -d toot.chalec.org
|
|
```
|
|
|
|
# Service SystemD
|
|
|
|
```
|
|
# Copy the service into a proper directory
|
|
sudo cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
|
|
sudo systemctl start pleroma
|
|
sudo systemctl enable pleroma
|
|
```
|
|
|
|
# Activation de nginx
|
|
|
|
```
|
|
sudo ln -s /etc/nginx/sites-available/toot.chalec.org.conf /etc/nginx/sites-enabled/toot.chalec.org
|
|
sudo nginx -t && sudo systemctl restart nginx
|
|
```
|
|
|
|
# Création de l'utilisateur admin
|
|
|
|
```
|
|
cd /opt/pleroma
|
|
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl user new admin contact+toot@chalec.org --admin"
|
|
```
|
|
|
|
# Installation et mise à jour du front-end soapbox
|
|
|
|
```
|
|
# Pour la première installation
|
|
sudo apt install busybox
|
|
|
|
# Installation et mise à jour
|
|
cd /tmp
|
|
curl -L https://gitlab.com/soapbox-pub/soapbox-fe/-/jobs/artifacts/v1.3.0/download?job=build-production -o soapbox-fe.zip
|
|
sudo busybox unzip soapbox-fe.zip -o -d /var/lib/pleroma
|
|
```
|
|
|
|
# Optimisation de Postgresql
|
|
|
|
```
|
|
sudo nano /etc/postgresql/13/main/postgresql.conf
|
|
```
|
|
|
|
## Valeurs changées dans postgresql
|
|
|
|
```
|
|
# Values to change according to https://pgtune.leopard.in.ua/
|
|
# DB Version: 13
|
|
# OS Type: linux
|
|
# DB Type: web
|
|
# Total Memory (RAM): 4 GB
|
|
# CPUs num: 4
|
|
# Connections num: 100
|
|
# Data Storage: ssd
|
|
|
|
max_connections = 100
|
|
shared_buffers = 1GB
|
|
effective_cache_size = 3GB
|
|
maintenance_work_mem = 256MB
|
|
checkpoint_completion_target = 0.9
|
|
wal_buffers = 16MB
|
|
default_statistics_target = 100
|
|
random_page_cost = 1.1
|
|
effective_io_concurrency = 200
|
|
work_mem = 5242kB
|
|
min_wal_size = 1GB
|
|
max_wal_size = 4GB
|
|
max_worker_processes = 4
|
|
max_parallel_workers_per_gather = 2
|
|
max_parallel_workers = 4
|
|
max_parallel_maintenance_workers = 2
|
|
```
|
|
|
|
# Redémarrage de la base de donnée postgresql
|
|
|
|
```
|
|
sudo systemctl restart postgresql
|
|
```
|
|
|
|
# Mise à jour de Pleroma
|
|
|
|
```
|
|
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl update"
|
|
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
|
|
```
|
|
|
|
# Configuration de nginx
|
|
|
|
```
|
|
# default nginx site config for Pleroma
|
|
#
|
|
# Simple installation instructions:
|
|
# 1. Install your TLS certificate, possibly using Let's Encrypt.
|
|
# 2. Replace 'example.tld' with your instance's domain wherever it appears.
|
|
# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
|
|
# in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
|
|
|
|
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
|
|
inactive=720m use_temp_path=off;
|
|
|
|
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
|
|
# and `localhost.` resolves to [::0] on some systems: see issue #930
|
|
upstream phoenix {
|
|
server 127.0.0.1:4000 max_fails=5 fail_timeout=60s;
|
|
}
|
|
|
|
server {
|
|
server_name toot.chalec.org;
|
|
|
|
# Uncomment this if you need to use the 'webroot' method with certbot. Make sure
|
|
# that the directory exists and that it is accessible by the webserver. If you followed
|
|
# the guide, you already ran 'mkdir -p /var/lib/letsencrypt' to create the folder.
|
|
# You may need to load this file with the ssl server block commented out, run certbot
|
|
# to get the certificate, and then uncomment it.
|
|
#
|
|
# location ~ /\.well-known/acme-challenge {
|
|
# root /var/lib/letsencrypt/;
|
|
# }
|
|
|
|
return 302 https://$server_name$request_uri;
|
|
|
|
listen [::]:80; # managed by Certbot
|
|
listen 80; # managed by Certbot
|
|
}
|
|
|
|
# Enable SSL session caching for improved performance
|
|
ssl_session_cache shared:ssl_session_cache:10m;
|
|
|
|
server {
|
|
|
|
set_real_ip_from 192.168.1.1;
|
|
real_ip_header proxy_protocol;
|
|
|
|
server_name toot.chalec.org;
|
|
|
|
listen 0.0.0.0:443 ssl proxy_protocol;
|
|
listen [::]:443 ssl ipv6only=on;
|
|
|
|
ssl_certificate /etc/letsencrypt/live/toot.chalec.org/fullchain.pem; # managed by Certbot
|
|
ssl_certificate_key /etc/letsencrypt/live/toot.chalec.org/privkey.pem; # managed by Certbot
|
|
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
|
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
|
|
|
|
gzip_vary on;
|
|
gzip_proxied any;
|
|
gzip_comp_level 6;
|
|
gzip_buffers 16 8k;
|
|
gzip_http_version 1.1;
|
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
|
|
|
|
# the nginx default is 1m, not enough for large media uploads
|
|
client_max_body_size 16m;
|
|
ignore_invalid_headers off;
|
|
|
|
proxy_http_version 1.1;
|
|
proxy_set_header Upgrade $http_upgrade;
|
|
proxy_set_header Connection "upgrade";
|
|
proxy_set_header Host $http_host;
|
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
|
|
location / {
|
|
proxy_pass http://phoenix;
|
|
}
|
|
|
|
location ~ ^/(media|proxy) {
|
|
proxy_cache pleroma_media_cache;
|
|
slice 1m;
|
|
proxy_cache_key $host$uri$is_args$args$slice_range;
|
|
proxy_set_header Range $slice_range;
|
|
proxy_cache_valid 200 206 301 304 1h;
|
|
proxy_cache_lock on;
|
|
proxy_ignore_client_abort on;
|
|
proxy_buffering on;
|
|
chunked_transfer_encoding on;
|
|
proxy_pass http://phoenix;
|
|
}
|
|
|
|
}
|
|
```
|
|
|
|
# Sources
|
|
- OTP Installation : https://docs-develop.pleroma.social/backend/installation/otp_en/
|
|
- Mise à jour de Pleroma : https://docs.pleroma.social/backend/administration/updating/
|
|
- Soapbox: https://gitlab.com/soapbox-pub/soapbox-fe/
|
|
- logo : https://git.a-lec.org/a-lec/commissions/chalec/identite-visuelle/-/blob/main/vecteurs/chalecolor/toot.chalec.org.svg
|