From 07376bd21ae732a00c61ce55be920ddf8ba603ee Mon Sep 17 00:00:00 2001 From: Farhan Khan Date: Thu, 6 Aug 2020 00:01:57 -0400 Subject: [PATCH 01/13] Adding installation documentation for FreeBSD + rc.d script --- docs/installation/freebsd_en.md | 201 ++++++++++++++++++++++++++++++ installation/freebsd/rc.d/pleroma | 28 +++++ 2 files changed, 229 insertions(+) create mode 100644 docs/installation/freebsd_en.md create mode 100755 installation/freebsd/rc.d/pleroma diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md new file mode 100644 index 000000000..51990c5e4 --- /dev/null +++ b/docs/installation/freebsd_en.md @@ -0,0 +1,201 @@ +# Installing on FreeBSD + +This document was written for FreeBSD 12.1, but should be trivially trailerable to future releases. +Additionally, this guide document can be modified to + +## Required software + +This assumes the target system has `pkg(8)`. + +`# pkg install elixir postgresql12-server postgresql12-client postgresql12-contrib git-lite sudo nginx gmake acme.sh` + +Copy the rc.d scripts to the right directory: + +Setup the required services to automatically start at boot, using `sysrc(8)`. + +``` +# sysrc nginx_enable=YES +# sysrc postgresql_enable=YES +``` + +## Initialize postgres + +``` +# service postgresql initdb +# service postgresql start +``` + +## Configuring Pleroma + +Create a user for Pleroma: + +``` +# pw add user pleroma -m +# echo 'export LC_ALL="en_US.UTF-8"' >> /home/pleroma/.profile +# su -l pleroma +``` + +Clone the repository: + +``` +$ cd $HOME # Should be the same as /home/pleroma +$ git clone -b stable https://git.pleroma.social/pleroma/pleroma.git +``` + +Configure Pleroma. Note that you need a domain name at this point: + +``` +$ cd /home/pleroma/pleroma +$ mix deps.get +$ mix pleroma.instance gen # You will be asked a few questions here. +$ cp config/generated_config.exs config/prod.secret.exs # The default values should be sufficient but you should edit it and check that everything seems OK. +``` + +Since Postgres is configured, we can now initialize the database. There should +now be a file in `config/setup_db.psql` that makes this easier. Edit it, and +*change the password* to a password of your choice. Make sure it is secure, since +it'll be protecting your database. As root, you can now initialize the database: + +``` +# cd /home/pleroma/pleroma +# sudo -Hu postgres -g postgres psql -f config/setup_db.psql +``` + +Postgres allows connections from all users without a password by default. To +fix this, edit `/var/db/postgres/data12/pg_hba.conf`. Change every `trust` to +`password`. + +Once this is done, restart Postgres with `# service postgresql restart`. + +Run the database migrations. + +Back as the pleroma user, you will need to do this whenever you update with `git pull`: + +``` +# su -l pleroma +$ cd /home/pleroma/pleroma +$ MIX_ENV=prod mix ecto.migrate +``` + +## Configuring nginx + +Install the example configuration file +`/home/pleroma/pleroma/installation/pleroma.nginx` to +`/usr/local/etc/nginx/nginx.conf`. + +Note that it will need to be wrapped in a `http {}` block. You should add +settings for the nginx daemon outside of the http block, for example: + +``` +user nginx nginx; +error_log /var/log/nginx/error.log; +worker_processes 4; + +events { +} +``` + +Edit the defaults: + +* Change `ssl_certificate` and `ssl_trusted_certificate` to +`/etc/ssl/example.tld/fullchain`. +* Change `ssl_certificate_key` to `/etc/ssl/example.tld/key`. +* Change `example.tld` to your instance's domain name. + +## Configuring acme.sh + +We'll be using acme.sh in Stateless Mode for TLS certificate renewal. + +First, get your account fingerprint: + +``` +$ sudo -Hu nginx -g nginx acme.sh --register-account +``` + +You need to add the following to your nginx configuration for the server +running on port 80: + +``` + location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ { + default_type text/plain; + return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd"; + } +``` + +Replace the string after after `$1.` with your fingerprint. + +Start nginx: + +``` +# service nginx start +``` + +It should now be possible to issue a cert (replace `example.com` +with your domain name): + +``` +$ sudo -Hu nginx -g nginx acme.sh --issue -d example.com --stateless +$ acme.sh --install-cert -d example.com \ + --key-file /path/to/keyfile/in/nginx/key.pem \ + --fullchain-file /path/to/fullchain/nginx/cert.pem \ +``` + +Let's add auto-renewal to `/etc/daily.local` +(replace `example.com` with your domain): + +``` +/usr/pkg/bin/sudo -Hu nginx -g nginx \ + /usr/pkg/sbin/acme.sh -r \ + -d example.com \ + --cert-file /etc/nginx/tls/cert \ + --key-file /etc/nginx/tls/key \ + --ca-file /etc/nginx/tls/ca \ + --fullchain-file /etc/nginx/tls/fullchain \ + --stateless +``` + +## Creating a startup script for Pleroma + +Pleroma will need to compile when it initially starts, which typically takes a longer +period of time. Therefore, it is good practice to initially run pleroma from the +command-line before utilizing the rc.d script. That is done as follows: + +``` +# su -l pleroma +$ cd $HOME/pleroma +$ MIX_ENV=prod mix phx.server +``` + +Copy the startup script to the correct location and make sure it's executable: + +``` +# cp /home/pleroma/pleroma/installation/freebsd/rc.d/pleroma /usr/local/etc/rc.d/pleroma +# chmod +x /etc/rc.d/pleroma +``` + +Add the following to `/etc/rc.conf`: + +``` +pleroma=YES +pleroma_home="/home/pleroma" +pleroma_user="pleroma" +``` + +Run `# /etc/rc.d/pleroma start` to start Pleroma. + +## Conclusion + +Restart nginx with `# /etc/rc.d/nginx restart` and you should be up and running. + +If you need further help, contact niaa on freenode. + +Make sure your time is in sync, or other instances will receive your posts with +incorrect timestamps. You should have ntpd running. + +#### Further reading + +{! backend/installation/further_reading.include !} + +## Questions + +Questions about the installation or didn’t it work as it should be, ask in [#pleroma:matrix.org](https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org) or IRC Channel **#pleroma** on **Freenode**. diff --git a/installation/freebsd/rc.d/pleroma b/installation/freebsd/rc.d/pleroma new file mode 100755 index 000000000..1e41e57e6 --- /dev/null +++ b/installation/freebsd/rc.d/pleroma @@ -0,0 +1,28 @@ +#!/bin/sh +# REQUIRE: DAEMON postgresql +# PROVIDE: pleroma + +# sudo -u pleroma MIX_ENV=prod elixir --erl \"-detached\" -S mix phx.server + +. /etc/rc.subr + +name="pleroma" +desc="Pleroma Social Media Platform" +rcvar=${name}_enable +command="/usr/local/bin/elixir" +command_args="--erl \"-detached\" -S /usr/local/bin/mix phx.server" +pidfile="/dev/null" + +pleroma_user="pleroma" +pleroma_home="/home/pleroma" +pleroma_chdir="${pleroma_home}/pleroma" +pleroma_env="HOME=${pleroma_home} MIX_ENV=prod" + +check_pidfile() +{ + pid=$(pgrep beam.smp$) + echo -n "${pid}" +} + +load_rc_config ${name} +run_rc_command "$1" From da5aca27a8c79edcb4577c3a9f05cfa5d0463e83 Mon Sep 17 00:00:00 2001 From: Farhan Khan Date: Thu, 6 Aug 2020 23:24:12 +0000 Subject: [PATCH 02/13] Minor reorganization --- docs/installation/freebsd_en.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index 51990c5e4..c98992fe5 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -69,7 +69,7 @@ Once this is done, restart Postgres with `# service postgresql restart`. Run the database migrations. -Back as the pleroma user, you will need to do this whenever you update with `git pull`: +Back as the pleroma user, run the following to implement any database migrations. ``` # su -l pleroma @@ -77,9 +77,11 @@ $ cd /home/pleroma/pleroma $ MIX_ENV=prod mix ecto.migrate ``` +You will need to do this whenever you update with `git pull`: + ## Configuring nginx -Install the example configuration file +As root, install the example configuration file `/home/pleroma/pleroma/installation/pleroma.nginx` to `/usr/local/etc/nginx/nginx.conf`. From f6686a64afceb775d775e623c847d413fecf65f8 Mon Sep 17 00:00:00 2001 From: Farhan Khan Date: Thu, 6 Aug 2020 23:35:33 +0000 Subject: [PATCH 03/13] Updated ssl and domain name updates Removed the reference to niaa --- docs/installation/freebsd_en.md | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index c98992fe5..9c5caa4d3 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -97,12 +97,12 @@ events { } ``` -Edit the defaults: +Edit the defaults of `/usr/local/etc/nginx/nginx.conf`: -* Change `ssl_certificate` and `ssl_trusted_certificate` to -`/etc/ssl/example.tld/fullchain`. -* Change `ssl_certificate_key` to `/etc/ssl/example.tld/key`. -* Change `example.tld` to your instance's domain name. +* Change `ssl_trusted_certificate` to `/etc/ssl/example.tld/chain.pem`. +* Change `ssl_certificate` to `/etc/ssl/example.tld/fullchain.pem`. +* Change `ssl_certificate_key` to `/etc/ssl/example.tld/privkey.pem`. +* Change all references of `example.tld` to your instance's domain name. ## Configuring acme.sh @@ -189,8 +189,6 @@ Run `# /etc/rc.d/pleroma start` to start Pleroma. Restart nginx with `# /etc/rc.d/nginx restart` and you should be up and running. -If you need further help, contact niaa on freenode. - Make sure your time is in sync, or other instances will receive your posts with incorrect timestamps. You should have ntpd running. From 53c4215ef1d65300ffbf8d47cdb5a713558df528 Mon Sep 17 00:00:00 2001 From: Farhan Khan Date: Fri, 7 Aug 2020 01:04:33 +0000 Subject: [PATCH 04/13] Updated some more instruction specifics. --- docs/installation/freebsd_en.md | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index 9c5caa4d3..ee42b9427 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -172,18 +172,16 @@ Copy the startup script to the correct location and make sure it's executable: ``` # cp /home/pleroma/pleroma/installation/freebsd/rc.d/pleroma /usr/local/etc/rc.d/pleroma -# chmod +x /etc/rc.d/pleroma +# chmod +x /usr/local/etc/rc.d/pleroma ``` -Add the following to `/etc/rc.conf`: +Update the `/etc/rc.conf` file with the following command: ``` -pleroma=YES -pleroma_home="/home/pleroma" -pleroma_user="pleroma" +# sysrc pleroma_enable=YES ``` -Run `# /etc/rc.d/pleroma start` to start Pleroma. +Now you can start pleroma with `# service pleroma start`. ## Conclusion From 33ea430f3b026f4e9b353b74bcc60846c67a5a69 Mon Sep 17 00:00:00 2001 From: Farhan Khan Date: Fri, 7 Aug 2020 01:52:39 +0000 Subject: [PATCH 05/13] acme.sh and netbsd to freebsd updates --- docs/installation/freebsd_en.md | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index ee42b9427..b5c62bee6 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -146,8 +146,8 @@ Let's add auto-renewal to `/etc/daily.local` (replace `example.com` with your domain): ``` -/usr/pkg/bin/sudo -Hu nginx -g nginx \ - /usr/pkg/sbin/acme.sh -r \ +/usr/pkg/bin/sudo -Hu www -g www \ + /usr/local/sbin/acme.sh -r \ -d example.com \ --cert-file /etc/nginx/tls/cert \ --key-file /etc/nginx/tls/key \ @@ -175,25 +175,22 @@ Copy the startup script to the correct location and make sure it's executable: # chmod +x /usr/local/etc/rc.d/pleroma ``` -Update the `/etc/rc.conf` file with the following command: +Update the `/etc/rc.conf` and start pleroma with the following commands: ``` # sysrc pleroma_enable=YES +# service pleroma start ``` Now you can start pleroma with `# service pleroma start`. ## Conclusion -Restart nginx with `# /etc/rc.d/nginx restart` and you should be up and running. +Restart nginx with `# service nginx restart` and you should be up and running. Make sure your time is in sync, or other instances will receive your posts with incorrect timestamps. You should have ntpd running. -#### Further reading - -{! backend/installation/further_reading.include !} - ## Questions Questions about the installation or didn’t it work as it should be, ask in [#pleroma:matrix.org](https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org) or IRC Channel **#pleroma** on **Freenode**. From b5f48275c5a0802ac5e7da0caf3d3af0bfbb7c6c Mon Sep 17 00:00:00 2001 From: Farhan Khan Date: Thu, 13 Aug 2020 19:08:13 -0400 Subject: [PATCH 06/13] Minor patch update --- docs/installation/freebsd_en.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index b5c62bee6..12c870322 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -108,10 +108,10 @@ Edit the defaults of `/usr/local/etc/nginx/nginx.conf`: We'll be using acme.sh in Stateless Mode for TLS certificate renewal. -First, get your account fingerprint: +First, as root, get your account fingerprint: ``` -$ sudo -Hu nginx -g nginx acme.sh --register-account +# sudo -Hu acme -g acme acme.sh --register-account ``` You need to add the following to your nginx configuration for the server @@ -136,7 +136,7 @@ It should now be possible to issue a cert (replace `example.com` with your domain name): ``` -$ sudo -Hu nginx -g nginx acme.sh --issue -d example.com --stateless +$ sudo -Hu acme -g acme acme.sh --issue -d example.com --stateless $ acme.sh --install-cert -d example.com \ --key-file /path/to/keyfile/in/nginx/key.pem \ --fullchain-file /path/to/fullchain/nginx/cert.pem \ @@ -146,7 +146,7 @@ Let's add auto-renewal to `/etc/daily.local` (replace `example.com` with your domain): ``` -/usr/pkg/bin/sudo -Hu www -g www \ +/usr/local/bin/sudo -Hu acme -g acme \ /usr/local/sbin/acme.sh -r \ -d example.com \ --cert-file /etc/nginx/tls/cert \ From cba9f368af13768f7c0161074ab3f25deae5b5a6 Mon Sep 17 00:00:00 2001 From: Farhan Khan Date: Thu, 13 Aug 2020 19:34:04 -0400 Subject: [PATCH 07/13] Added comment --- docs/installation/freebsd_en.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index 12c870322..38afd76e4 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -46,7 +46,7 @@ Configure Pleroma. Note that you need a domain name at this point: ``` $ cd /home/pleroma/pleroma -$ mix deps.get +$ mix deps.get # Enter "y" when asked to install Hex $ mix pleroma.instance gen # You will be asked a few questions here. $ cp config/generated_config.exs config/prod.secret.exs # The default values should be sufficient but you should edit it and check that everything seems OK. ``` From 24eb917dbc752a81716699ebd23ad9ff9cbd6a24 Mon Sep 17 00:00:00 2001 From: Farhan Khan Date: Thu, 13 Aug 2020 20:58:46 -0400 Subject: [PATCH 08/13] Rearranging acme --- docs/installation/freebsd_en.md | 67 ++++++++++++++++++++------------- 1 file changed, 41 insertions(+), 26 deletions(-) diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index 38afd76e4..a8741e565 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -79,36 +79,19 @@ $ MIX_ENV=prod mix ecto.migrate You will need to do this whenever you update with `git pull`: -## Configuring nginx - -As root, install the example configuration file -`/home/pleroma/pleroma/installation/pleroma.nginx` to -`/usr/local/etc/nginx/nginx.conf`. - -Note that it will need to be wrapped in a `http {}` block. You should add -settings for the nginx daemon outside of the http block, for example: - -``` -user nginx nginx; -error_log /var/log/nginx/error.log; -worker_processes 4; - -events { -} -``` - -Edit the defaults of `/usr/local/etc/nginx/nginx.conf`: - -* Change `ssl_trusted_certificate` to `/etc/ssl/example.tld/chain.pem`. -* Change `ssl_certificate` to `/etc/ssl/example.tld/fullchain.pem`. -* Change `ssl_certificate_key` to `/etc/ssl/example.tld/privkey.pem`. -* Change all references of `example.tld` to your instance's domain name. - ## Configuring acme.sh We'll be using acme.sh in Stateless Mode for TLS certificate renewal. -First, as root, get your account fingerprint: +First, as root, allow the user `acme` to have access to the acme log file, as follows: + +``` +# touch /var/log/acme.sh.log +# chown acme:acme /var/log/acme.sh.log +# chmod 600 /var/log/acme.sh.log +``` + +Next, obtain your account fingerprint: ``` # sudo -Hu acme -g acme acme.sh --register-account @@ -156,6 +139,38 @@ Let's add auto-renewal to `/etc/daily.local` --stateless ``` +### Configuring nginx + +FreeBSD's default nginx configuration does not contain an include directive, which is +typically used for multiple sites. Therefore, you will need to first create the required +directory as follows: + + +``` +# mkdir -p /usr/local/etc/nginx/sites-available +``` + +Next, add an `include` directive to `/usr/local/etc/nginx/nginx.conf`, within the `http {}` +block, as follows: + + +``` +http { +... + include /usr/local/etc/nginx/sites-available/*.conf; +} +``` + +As root, copy `/home/pleroma/pleroma/installation/pleroma.nginx` to +`/usr/local/etc/nginx/sites-available/pleroma.conf`. + +Edit the defaults of `/usr/local/etc/nginx/sites-available/pleroma.conf`: + +* Change `ssl_trusted_certificate` to `/etc/ssl/example.tld/chain.pem`. +* Change `ssl_certificate` to `/etc/ssl/example.tld/fullchain.pem`. +* Change `ssl_certificate_key` to `/etc/ssl/example.tld/privkey.pem`. +* Change all references of `example.tld` to your instance's domain name. + ## Creating a startup script for Pleroma Pleroma will need to compile when it initially starts, which typically takes a longer From f2665547f59a7043cf8bac9d39c56a9b717d5099 Mon Sep 17 00:00:00 2001 From: Farhan Khan Date: Thu, 13 Aug 2020 21:24:08 -0400 Subject: [PATCH 09/13] acme updates --- docs/installation/freebsd_en.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index a8741e565..386a0ae10 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -119,10 +119,11 @@ It should now be possible to issue a cert (replace `example.com` with your domain name): ``` -$ sudo -Hu acme -g acme acme.sh --issue -d example.com --stateless -$ acme.sh --install-cert -d example.com \ - --key-file /path/to/keyfile/in/nginx/key.pem \ - --fullchain-file /path/to/fullchain/nginx/cert.pem \ +# mkdir -p /etc/ssl/example.com +# sudo -Hu acme -g acme acme.sh --issue -d example.com --stateless +# acme.sh --home /var/db/acme/.acme.sh/ --install-cert -d example.com \ + --key-file /etc/ssl/example.com/key.pem + --fullchain-file /etc/ssl/example.com/fullchain.pem ``` Let's add auto-renewal to `/etc/daily.local` From b0c456d18d3b4e20233a7dbaef3c55d0586a1946 Mon Sep 17 00:00:00 2001 From: Farhan Khan Date: Thu, 13 Aug 2020 22:18:33 -0400 Subject: [PATCH 10/13] more acme.sh updates --- docs/installation/freebsd_en.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index 386a0ae10..458b8032d 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -122,22 +122,22 @@ with your domain name): # mkdir -p /etc/ssl/example.com # sudo -Hu acme -g acme acme.sh --issue -d example.com --stateless # acme.sh --home /var/db/acme/.acme.sh/ --install-cert -d example.com \ - --key-file /etc/ssl/example.com/key.pem + --ca-file /etc/ssl/example.com/ca.pem \ + --key-file /etc/ssl/example.com/key.pem \ + --cert-file /etc/ssl/example.com/cert.pem \ --fullchain-file /etc/ssl/example.com/fullchain.pem ``` -Let's add auto-renewal to `/etc/daily.local` +Let's add auto-renewal to `/etc/crontab` (replace `example.com` with your domain): ``` -/usr/local/bin/sudo -Hu acme -g acme \ - /usr/local/sbin/acme.sh -r \ - -d example.com \ - --cert-file /etc/nginx/tls/cert \ - --key-file /etc/nginx/tls/key \ - --ca-file /etc/nginx/tls/ca \ - --fullchain-file /etc/nginx/tls/fullchain \ - --stateless +/usr/local/bin/sudo -Hu acme -g acme /usr/local/sbin/acme.sh -r -d example.com --stateless +/usr/local/sbin/acme.sh --home /var/db/acme/.acme.sh/ --install-cert -d example.com \ + --ca-file /etc/ssl/example.com/ca.pem \ + --key-file /etc/ssl/example.com/key.pem \ + --cert-file /etc/ssl/test-app.mailchar.com/cert.pem \ + --fullchain-file /etc/ssl/example.com/fullchain.pem ``` ### Configuring nginx From 816c04abdc2e8045f3fa52071b953c5ac608d0bd Mon Sep 17 00:00:00 2001 From: Farhan Khan Date: Thu, 13 Aug 2020 22:38:23 -0400 Subject: [PATCH 11/13] Updates --- docs/installation/freebsd_en.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index 458b8032d..f1e06892c 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -123,8 +123,8 @@ with your domain name): # sudo -Hu acme -g acme acme.sh --issue -d example.com --stateless # acme.sh --home /var/db/acme/.acme.sh/ --install-cert -d example.com \ --ca-file /etc/ssl/example.com/ca.pem \ - --key-file /etc/ssl/example.com/key.pem \ - --cert-file /etc/ssl/example.com/cert.pem \ + --key-file /etc/ssl/example.com/privkey.pem \ + --cert-file /etc/ssl/example.com/chain.pem \ --fullchain-file /etc/ssl/example.com/fullchain.pem ``` @@ -135,8 +135,8 @@ Let's add auto-renewal to `/etc/crontab` /usr/local/bin/sudo -Hu acme -g acme /usr/local/sbin/acme.sh -r -d example.com --stateless /usr/local/sbin/acme.sh --home /var/db/acme/.acme.sh/ --install-cert -d example.com \ --ca-file /etc/ssl/example.com/ca.pem \ - --key-file /etc/ssl/example.com/key.pem \ - --cert-file /etc/ssl/test-app.mailchar.com/cert.pem \ + --key-file /etc/ssl/example.com/privkey.pem \ + --cert-file /etc/ssl/example.com/chain.pem \ --fullchain-file /etc/ssl/example.com/fullchain.pem ``` @@ -158,7 +158,7 @@ block, as follows: ``` http { ... - include /usr/local/etc/nginx/sites-available/*.conf; + include /usr/local/etc/nginx/sites-available/*; } ``` From a5144f05c2245c5043f2469955e8960b5d80b48e Mon Sep 17 00:00:00 2001 From: Farhan Khan Date: Thu, 13 Aug 2020 22:49:50 -0400 Subject: [PATCH 12/13] Removed a trailing comment --- docs/installation/freebsd_en.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index f1e06892c..ce0cdead6 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -198,8 +198,6 @@ Update the `/etc/rc.conf` and start pleroma with the following commands: # service pleroma start ``` -Now you can start pleroma with `# service pleroma start`. - ## Conclusion Restart nginx with `# service nginx restart` and you should be up and running. From e8c20c42cd02cc4dcbcb420cec98f68951a1609d Mon Sep 17 00:00:00 2001 From: Farhan Khan Date: Fri, 14 Aug 2020 00:21:42 -0400 Subject: [PATCH 13/13] minor changes --- docs/installation/freebsd_en.md | 42 ++++++++++++++++----------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index ce0cdead6..130d68766 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -1,13 +1,14 @@ # Installing on FreeBSD -This document was written for FreeBSD 12.1, but should be trivially trailerable to future releases. -Additionally, this guide document can be modified to +This document was written for FreeBSD 12.1, but should be work on future releases. ## Required software This assumes the target system has `pkg(8)`. -`# pkg install elixir postgresql12-server postgresql12-client postgresql12-contrib git-lite sudo nginx gmake acme.sh` +``` +# pkg install elixir postgresql12-server postgresql12-client postgresql12-contrib git-lite sudo nginx gmake acme.sh +``` Copy the rc.d scripts to the right directory: @@ -48,7 +49,7 @@ Configure Pleroma. Note that you need a domain name at this point: $ cd /home/pleroma/pleroma $ mix deps.get # Enter "y" when asked to install Hex $ mix pleroma.instance gen # You will be asked a few questions here. -$ cp config/generated_config.exs config/prod.secret.exs # The default values should be sufficient but you should edit it and check that everything seems OK. +$ cp config/generated_config.exs config/prod.secret.exs ``` Since Postgres is configured, we can now initialize the database. There should @@ -65,7 +66,10 @@ Postgres allows connections from all users without a password by default. To fix this, edit `/var/db/postgres/data12/pg_hba.conf`. Change every `trust` to `password`. -Once this is done, restart Postgres with `# service postgresql restart`. +Once this is done, restart Postgres with: +``` +# service postgresql restart +``` Run the database migrations. @@ -119,13 +123,7 @@ It should now be possible to issue a cert (replace `example.com` with your domain name): ``` -# mkdir -p /etc/ssl/example.com # sudo -Hu acme -g acme acme.sh --issue -d example.com --stateless -# acme.sh --home /var/db/acme/.acme.sh/ --install-cert -d example.com \ - --ca-file /etc/ssl/example.com/ca.pem \ - --key-file /etc/ssl/example.com/privkey.pem \ - --cert-file /etc/ssl/example.com/chain.pem \ - --fullchain-file /etc/ssl/example.com/fullchain.pem ``` Let's add auto-renewal to `/etc/crontab` @@ -133,11 +131,6 @@ Let's add auto-renewal to `/etc/crontab` ``` /usr/local/bin/sudo -Hu acme -g acme /usr/local/sbin/acme.sh -r -d example.com --stateless -/usr/local/sbin/acme.sh --home /var/db/acme/.acme.sh/ --install-cert -d example.com \ - --ca-file /etc/ssl/example.com/ca.pem \ - --key-file /etc/ssl/example.com/privkey.pem \ - --cert-file /etc/ssl/example.com/chain.pem \ - --fullchain-file /etc/ssl/example.com/fullchain.pem ``` ### Configuring nginx @@ -163,13 +156,13 @@ http { ``` As root, copy `/home/pleroma/pleroma/installation/pleroma.nginx` to -`/usr/local/etc/nginx/sites-available/pleroma.conf`. +`/usr/local/etc/nginx/sites-available/pleroma.nginx`. -Edit the defaults of `/usr/local/etc/nginx/sites-available/pleroma.conf`: +Edit the defaults of `/usr/local/etc/nginx/sites-available/pleroma.nginx`: -* Change `ssl_trusted_certificate` to `/etc/ssl/example.tld/chain.pem`. -* Change `ssl_certificate` to `/etc/ssl/example.tld/fullchain.pem`. -* Change `ssl_certificate_key` to `/etc/ssl/example.tld/privkey.pem`. +* Change `ssl_trusted_certificate` to `/var/db/acme/certs/example.tld/example.tld.cer`. +* Change `ssl_certificate` to `/var/db/acme/certs/example.tld/fullchain.cer`. +* Change `ssl_certificate_key` to `/var/db/acme/certs/example.tld/example.tld.key`. * Change all references of `example.tld` to your instance's domain name. ## Creating a startup script for Pleroma @@ -198,6 +191,13 @@ Update the `/etc/rc.conf` and start pleroma with the following commands: # service pleroma start ``` +#### Create your first user + +If your instance is up and running, you can create your first user with administrative rights with the following task: + +```shell +sudo -Hu pleroma MIX_ENV=prod mix pleroma.user new --admin +``` ## Conclusion Restart nginx with `# service nginx restart` and you should be up and running.