toot/README.md

9.5 KiB

Pleroma

Configuration Serveur

Instance

  • Nom: Toot Chalec
  • Description: Le Fédivers de Chalec. Instance Pleroma avec Soapbox
  • Activation des comptes par courriel: OUI
  • Compte automatiquement suivi: admin
  • Fédérée: OUI
  • Modérée: OUI
  • Nom d'utilisateur: 50 caractères maximum
  • Limite de caractère par message: 600
  • Limite de caractères des messages distants: 1000
  • Nom des champs: 100 caractres ; Valeur 200 caractères
  • Status épinglés: 2 maximum
  • Sécurité DM : seul le premier mentionné
  • Biographie utilisateur: 2000 caractères

Installation

Reprise de la documentation officielle Installation en version OTP

Dépendances

sudo apt install  imagemagick \
                  ffmpeg \
                  libimage-exiftool-perl \
                  unzip \
                  libncurses5 \
                  nginx \
                  postgresql \
                  postgresql-contrib \
                  libmagic-dev \
                  certbot \
                  python3-certbot-nginx

Création de l'utilisateur Système: pleroma

sudo adduser --system --shell /bin/false \
            --home /opt/pleroma pleroma

# Selon le serveur
export FLAVOUR="amd64"

Téléchargement, décompression

sudo su pleroma -s $SHELL -lc "
curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' \
      -o /tmp/pleroma.zip
unzip /tmp/pleroma.zip -d /tmp/
"

Déplacement de la release

sudo su pleroma -s $SHELL -lc "
mv /tmp/release/* /opt/pleroma
rmdir /tmp/release
rm /tmp/pleroma.zip
"

Création des Dossiers

sudo mkdir -p /var/lib/pleroma/{uploads,static}
sudo mkdir -p /etc/pleroma
sudo chown -R pleroma /var/lib/pleroma
sudo chown -R pleroma /etc/pleroma

Générateur de configuration

sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql"

Configuration par le questionnaire

- What domain will your instance use? (e.g pleroma.soykaf.com) [] toot.chalec.org
- What is the name of your instance? (e.g. The Corndog Emporium) [toot.chalec.org] Le Fédivers de Chalec.org
- What is your admin email address? [] contact+toot@chalec.org
- What email address do you want to use for sending email notifications? [contact+toot@chalec.org] 
- Do you want search engines to index your site? (y/n) [y] 
- Do you want to store the configuration in the database (allows controlling it from admin-fe)? (y/n) [n] y
- What is the hostname of your database? [localhost] 
- What is the name of your database? [pleroma] 
- What is the user used to connect to your database? [pleroma] 
- What is the password used to connect to your database? [autogenerated]
- Would you like to use RUM indices? [n] 
- What port will the app listen to (leave it if you are using the default setup with nginx)? [4000]
- What ip will the app listen to (leave it if you are using the default setup with nginx)? [127.0.0.1]
- What directory should media uploads go in (when using the local uploader)? [/var/lib/pleroma/uploads] 
- What directory should custom public files be read from (custom emojis, frontend bundle overrides, robots.txt, etc.)? [/var/lib/pleroma/static] 
- Do you want to strip location (GPS) data from uploaded images? This requires exiftool, it was detected as installed. (y/n) [y] 
- Do you want to anonymize the filenames of uploads? (y/n) [n] y
- Do you want to deduplicate uploaded files? (y/n) [n]

Création de la base de données Postgresql

sudo su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"

Création du schéma de la base de données

sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"

Firewall

sudo ufw allow 443
sudo ufw allow 444
sudo ufw allow 80

Nginx

## Copy example file
sudo cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/toot.chalec.org.conf

# Change tld values
# replace listen 443 ssl http2; with listen 443 ssl proxy_protocol;
sudo nano /etc/nginx/sites-available/toot.chalec.org.conf

Let's encrypt

sudo certbot certonly -d toot.chalec.org

Service SystemD

# Copy the service into a proper directory
sudo cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
sudo systemctl start pleroma
sudo systemctl enable pleroma

Activation de nginx

sudo ln -s /etc/nginx/sites-available/toot.chalec.org.conf /etc/nginx/sites-enabled/toot.chalec.org
sudo nginx -t && sudo systemctl restart nginx

Création de l'utilisateur admin

cd /opt/pleroma
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl user new admin contact+toot@chalec.org --admin"

Installation et mise à jour du front-end soapbox

# Pour la première installation
sudo apt install busybox

# Installation et mise à jour
cd /tmp
curl -L https://gitlab.com/soapbox-pub/soapbox-fe/-/jobs/artifacts/v2.0.0/download?job=build-production -o soapbox-fe.zip
sudo busybox unzip soapbox-fe.zip -o -d /var/lib/pleroma

Optimisation de Postgresql

sudo nano /etc/postgresql/13/main/postgresql.conf

Valeurs changées dans postgresql

# Values to change according to https://pgtune.leopard.in.ua/
# DB Version: 13
# OS Type: linux
# DB Type: web
# Total Memory (RAM): 4 GB
# CPUs num: 4
# Connections num: 100
# Data Storage: ssd

max_connections = 100
shared_buffers = 1GB
effective_cache_size = 3GB
maintenance_work_mem = 256MB
checkpoint_completion_target = 0.9
wal_buffers = 16MB
default_statistics_target = 100
random_page_cost = 1.1
effective_io_concurrency = 200
work_mem = 5242kB
min_wal_size = 1GB
max_wal_size = 4GB
max_worker_processes = 4
max_parallel_workers_per_gather = 2
max_parallel_workers = 4
max_parallel_maintenance_workers = 2

Redémarrage de la base de donnée postgresql

sudo systemctl restart postgresql

Mise à jour de Pleroma

sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl update"
sudo su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"

Configuration de nginx

# default nginx site config for Pleroma
#
# Simple installation instructions:
# 1. Install your TLS certificate, possibly using Let's Encrypt.
# 2. Replace 'example.tld' with your instance's domain wherever it appears.
# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
#    in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.

proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
                 inactive=720m use_temp_path=off;

# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
# and `localhost.` resolves to [::0] on some systems: see issue #930
upstream phoenix {
    server 127.0.0.1:4000 max_fails=5 fail_timeout=60s;
}

server {
    server_name    toot.chalec.org;

    # Uncomment this if you need to use the 'webroot' method with certbot. Make sure
    # that the directory exists and that it is accessible by the webserver. If you followed
    # the guide, you already ran 'mkdir -p /var/lib/letsencrypt' to create the folder.
    # You may need to load this file with the ssl server block commented out, run certbot
    # to get the certificate, and then uncomment it.
    #
    # location ~ /\.well-known/acme-challenge {
    #     root /var/lib/letsencrypt/;
    # }

    return         302 https://$server_name$request_uri;

    listen [::]:80; # managed by Certbot
    listen 80; # managed by Certbot
}

# Enable SSL session caching for improved performance
ssl_session_cache shared:ssl_session_cache:10m;

server {
 
    set_real_ip_from  192.168.1.1;
    real_ip_header proxy_protocol;

    server_name toot.chalec.org;

    listen 0.0.0.0:443 ssl proxy_protocol;
    listen [::]:443 ssl ipv6only=on;

    ssl_certificate /etc/letsencrypt/live/toot.chalec.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/toot.chalec.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;

    # the nginx default is 1m, not enough for large media uploads
    client_max_body_size 16m;
    ignore_invalid_headers off;

    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    location / {
        proxy_pass http://phoenix;
    }

    location ~ ^/(media|proxy) {
        proxy_cache        pleroma_media_cache;
        slice              1m;
        proxy_cache_key    $host$uri$is_args$args$slice_range;
        proxy_set_header   Range $slice_range;
        proxy_cache_valid  200 206 301 304 1h;
        proxy_cache_lock   on;
        proxy_ignore_client_abort on;
        proxy_buffering    on;
        chunked_transfer_encoding on;
        proxy_pass         http://phoenix;
    }

}

Sources