Check out my first novel, midnight's simulacra!
Mastodon: Difference between revisions
(11 intermediate revisions by the same user not shown) | |||
Line 9: | Line 9: | ||
** You will now have a PostgreSQL instance running on localhost:tcp/5432, if you didn't before. | ** You will now have a PostgreSQL instance running on localhost:tcp/5432, if you didn't before. | ||
** You will now have a Redis instance running on localhost:tcp/6379, if you didn't before. | ** You will now have a Redis instance running on localhost:tcp/6379, if you didn't before. | ||
* Restrict Redis to 127.0.0.1 by ensuring the following line is in <tt>/etc/redis/redis.conf</tt>: | |||
** <tt>bind 127.0.0.1 ::1</tt> | |||
** If necessary, run <tt>sudo systemctl restart redis</tt> | |||
* So far as I can tell, you must now symlink <tt>/usr/bin/yarnpkg</tt> to <tt>yarn</tt> in some PATH directory 🤮: | * So far as I can tell, you must now symlink <tt>/usr/bin/yarnpkg</tt> to <tt>yarn</tt> in some PATH directory 🤮: | ||
** <tt>ln -s /usr/bin/yarnpkg /usr/local/bin/yarn</tt> | ** <tt>ln -s /usr/bin/yarnpkg /usr/local/bin/yarn</tt> | ||
Line 20: | Line 23: | ||
* <tt>git clone https://github.com/tootsuite/mastodon.git ~/live</tt> | * <tt>git clone https://github.com/tootsuite/mastodon.git ~/live</tt> | ||
* <tt>cd live</tt> | * <tt>cd live</tt> | ||
* <tt>bundle config set --local deployment true</tt> | * <tt>RAILS_ENV=production bundle config set --local deployment true</tt> | ||
* <tt>bundle config set --local without development:test</tt> | * <tt>RAILS_ENV=production bundle config set --local without development:test</tt> | ||
* <tt>bundle install</tt> | * <tt>RAILS_ENV=production bundle install</tt> | ||
* <tt>RAILS_ENV=production bundle exec rake mastodon:setup</tt> | * <tt>RAILS_ENV=production bundle exec rake mastodon:setup</tt> | ||
** Use the same PostgreSQL user name you created earlier. | ** Use the same PostgreSQL user name you created earlier. | ||
Line 33: | Line 36: | ||
* Set up LetsEncrypt: <tt>certbot certonly --apache -d FQDN</tt> | * Set up LetsEncrypt: <tt>certbot certonly --apache -d FQDN</tt> | ||
* Prepare non-TLS upgrade config: | * Prepare non-TLS upgrade config: try [https://gist.github.com/dankamongmen/529de45dc4dff3835f272ca5d3fd430e something like this] | ||
* Prepare TLS proxy config: try [https://gist.github.com/dankamongmen/3bd66ec624a683f2c2be9ce7ab86a63b something like this] | * Prepare TLS proxy config: try [https://gist.github.com/dankamongmen/3bd66ec624a683f2c2be9ce7ab86a63b something like this] | ||
* <tt>sudo a2ensite mastodon-ssl</tt> | * <tt>sudo a2ensite mastodon-ssl</tt> | ||
Line 44: | Line 47: | ||
* <tt>for in in web sidekiq streaming ; do sudo systemctl start mastodon-$i ; done</tt> | * <tt>for in in web sidekiq streaming ; do sudo systemctl start mastodon-$i ; done</tt> | ||
* Check the status of all three units with <tt>systemctl status</tt> and, if necessary, <tt>journalctl</tt> | * Check the status of all three units with <tt>systemctl status</tt> and, if necessary, <tt>journalctl</tt> | ||
** You ought have a <tt>puma</tt> process listening on port 3000 | |||
** You ought have a <tt>node</tt> process listening on port 4000 | ** You ought have a <tt>node</tt> process listening on port 4000 | ||
* If good, <tt>for in in web sidekiq streaming ; do sudo systemctl enable mastodon-$i ; done</tt> | * If good, <tt>for in in web sidekiq streaming ; do sudo systemctl enable mastodon-$i ; done</tt> | ||
Line 52: | Line 56: | ||
* <tt>sudo apt-get install default-jre-headless</tt> | * <tt>sudo apt-get install default-jre-headless</tt> | ||
* <tt> | ** You might ask, "But [[User:Dank|dank]], surely <tt>elasticsearch</tt> Depends on <tt>default-jre-headless</tt>?" | ||
** '''Narrator:''' It does not Depend on <tt>default-jre-headless</tt>. | |||
* <tt>apt-key adv --fetch-keys https://artifacts.elastic.co/GPG-KEY-elasticsearch</tt> | |||
* <tt>echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list</tt> | * <tt>echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list</tt> | ||
* <tt>sudo apt-get update && sudo apt-get install elasticsearch</tt> | * <tt>sudo apt-get update && sudo apt-get install elasticsearch</tt> | ||
* <tt>sudoedit /etc/elasticsearch/elasticsearch.yml</tt> and change <tt>network.host</tt> to 127.0.0.1 | |||
** unless you love Romanian botnets all up in your shit | |||
* <tt>systemctl start elasticsearch</tt> | |||
** You ought now have a <tt>java</tt> process listening on tcp/9200 ''shudder'' | |||
* Add the following to <tt>.env.production</tt>: | |||
<pre> | |||
ES_ENABLED=true | |||
ES_HOST=localhost | |||
ES_PORT=9200 | |||
</pre> | |||
* Restart <tt>mastodon-sidekiq</tt> and <tt>mastodon-web</tt> units | |||
* <tt>RAILS_ENV=production bin/tootctl search deploy</tt> | |||
* <tt>sudo systemctl enable elasticsearch</tt> for persistence |
Latest revision as of 08:26, 10 January 2021
Setting up a Masotdon server on Debian is somewhat annoying, due to the node- and ruby-based implementation. Most guides involve downloading and installing a large number of sources outside of APT. There's little need for such vulgarisms.
My running install uses the 3.2 branch of Mastodon atop Debian Unstable.
First, determine your domain name. You'll likely be serving Mastodon as a virtual host in your main nginx/apache config, so give it its own, distinct FQDN. It is not trivial to change your server's name later (it will, at a minimum, break existing federations), so choose wisely.
System work
- Via APT, install nodejs, redis-server, ruby-redis, rake, rbenv, ruby-bundler, postgresql-contrib, libpq-dev, libprotobuf-dev, protobuf-compiler, libidn11-dev, and yarnpkg ("yarn").
- You will now have a PostgreSQL instance running on localhost:tcp/5432, if you didn't before.
- You will now have a Redis instance running on localhost:tcp/6379, if you didn't before.
- Restrict Redis to 127.0.0.1 by ensuring the following line is in /etc/redis/redis.conf:
- bind 127.0.0.1 ::1
- If necessary, run sudo systemctl restart redis
- So far as I can tell, you must now symlink /usr/bin/yarnpkg to yarn in some PATH directory 🤮:
- ln -s /usr/bin/yarnpkg /usr/local/bin/yarn
- Prep the database:
- echo "CREATE USER mastodon CREATEDB;" | sudo -u postgres psql
- Create mastodon user (salt to taste):
- sudo adduser --disabled-login --gecos "Mastodon service account" mastodon
User work
Remaining work will be done as the mastodon user, in its home directory.
- git clone https://github.com/tootsuite/mastodon.git ~/live
- cd live
- RAILS_ENV=production bundle config set --local deployment true
- RAILS_ENV=production bundle config set --local without development:test
- RAILS_ENV=production bundle install
- RAILS_ENV=production bundle exec rake mastodon:setup
- Use the same PostgreSQL user name you created earlier.
- So far as I can tell, use a blank password for PostgresQDL and Redis.
- I do (n)ot upload files to the "cloud", whatever that even means
- You are (n)ot running in a Docker (presumably)
Webserver work
Most guides assume you're running nginx. My directions assume Apache.
- Set up LetsEncrypt: certbot certonly --apache -d FQDN
- Prepare non-TLS upgrade config: try something like this
- Prepare TLS proxy config: try something like this
- sudo a2ensite mastodon-ssl
- sudo a2ensite mastodon
- sudo a2enmod proxy_http (if not already enabled)
- sudo systemctl restart apache2
Start it
- sudo cp ~mastodon/live/dist/*service /etc/systemd/system
- for in in web sidekiq streaming ; do sudo systemctl start mastodon-$i ; done
- Check the status of all three units with systemctl status and, if necessary, journalctl
- You ought have a puma process listening on port 3000
- You ought have a node process listening on port 4000
- If good, for in in web sidekiq streaming ; do sudo systemctl enable mastodon-$i ; done
- The units are now persistent, and ought start at system boot
Full text search
If you're willing to run Java and a potentially-dodgy elasticsearch package (or build it from source), you can have full text search. Building from source is normally a pleasant endeavor, but who wants to fuck with gradle and all it implies?
- sudo apt-get install default-jre-headless
- You might ask, "But dank, surely elasticsearch Depends on default-jre-headless?"
- Narrator: It does not Depend on default-jre-headless.
- apt-key adv --fetch-keys https://artifacts.elastic.co/GPG-KEY-elasticsearch
- echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list
- sudo apt-get update && sudo apt-get install elasticsearch
- sudoedit /etc/elasticsearch/elasticsearch.yml and change network.host to 127.0.0.1
- unless you love Romanian botnets all up in your shit
- systemctl start elasticsearch
- You ought now have a java process listening on tcp/9200 shudder
- Add the following to .env.production:
ES_ENABLED=true ES_HOST=localhost ES_PORT=9200
- Restart mastodon-sidekiq and mastodon-web units
- RAILS_ENV=production bin/tootctl search deploy
- sudo systemctl enable elasticsearch for persistence