Dependencies for mastodonsudo apt-get updatecurl -sL https://deb.nodesou

1. Dependencies for mastodon
2.  
3. sudo apt-get update
4.  
5. curl -sL https://deb.nodesource.com/setup_6.x | sudo bash -
6. sudo apt-get install imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev nodejs pkg-config libprotobuf-dev protobuf-compiler
7. sudo npm install -g yarn
8.  
9. sudo apt-get install redis-server redis-tools
10.  
11. sudo apt-get install postgresql postgresql-contrib
12.  
13. sudo su - postgres
14. psql
15. CREATE USER mastodon CREATEDB;
16. \q
17.  
18. sudo sed -i '/^local.*postgres.*peer$/a host all all 127.0.0.1/32 ident' /etc/postgresql/9.?/main/pg_hba.conf
19.  
20. sudo apt-get install pidentd
21. sudo systemctl enable pidentd
22. sudo systemctl start pidentd
23. sudo systemctl restart postgresql
24.  
25. sudo apt-get install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev
26.  
27. adduser --disabled-password --disabled-login mastodon
28.  
29. su - mastodon
30.  
31. git clone https://github.com/rbenv/rbenv.git ~/.rbenv
32. echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
33. echo 'eval "$(rbenv init -)"' >> ~/.bashrc
34. source ~/.bashrc
35.  
36. exit
37. su - mastodon
38. git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build
39.  
40. rbenv install 2.4.1
41. rbenv global 2.4.1
42.  
43. ruby -v
44.  
45.  
46. Mastodon installation
47.  
48. cd ~
49. git clone https://github.com/tootsuite/mastodon.git live
50. cd live
51. git checkout $(git tag | tail -n 1)
52.  
53. Install bundler to manage the dependencies and disable the gem documentation
54.  
55. echo "gem: --no-document" > ~/.gemrc
56. gem install bundler --no-ri
57.  
58. Then launch the installation
59.  
60. bundle install --deployment --without development test
61. yarn install
62.  
63. You can now copy the configuration sample file and edit with your own informations
64.  
65. cp .env.production.sample .env.production
66. nano .env.production
67.  
68. You have to add the following information :
69.  
70. ////////////////////////////////////////////////////////////////////
71.  
72. # Service dependencies
73. REDIS_HOST=localhost
74. REDIS_PORT=6379
75. DB_HOST=/var/run/postgresql
76. DB_USER=mastodon
77. DB_NAME=mastodon_production
78. DB_PASS=
79. DB_PORT=5432
80.  
81. # Federation
82. LOCAL_DOMAIN=yourdomain.com
83. LOCAL_HTTPS=true
84. Ainsi que la partie SMTP qui permettra aux utilisateurs de confirmer leur inscription :
85.  
86. # E-mail configuration
87. SMTP_SERVER=mail.yourdomain.com
88. SMTP_PORT=587
89. SMTP_LOGIN=noreply@yourdomain.com
90. SMTP_PASSWORD=YourPassword
91. SMTP_FROM_ADDRESS=noreply@yourdomain.com
92.  
93. ////////////////////////////////////////////////////////////////////
94.  
95. For the application secret part, you can use the command bundle exec rake secret to generate the 3 secret keys, then you have just to copy them into the configuration file.
96.  
97. To setup the database and the assets :
98.  
99. RAILS_ENV=production bundle exec rails db:setup
100. RAILS_ENV=production bundle exec rails assets:precompile
101. Adding systemd services
102. Web service
103.  
104. nano /etc/systemd/system/mastodon-web.service
105.  
106. ////////////////////////////////////////////////////////////////////
107.  
108. [Unit]
109. Description=mastodon-web
110. After=network.target
111.  
112. [Service]
113. Type=simple
114. User=mastodon
115. WorkingDirectory=/home/mastodon/live
116. Environment="RAILS_ENV=production"
117. Environment="PORT=3000"
118. ExecStart=/home/mastodon/.rbenv/shims/bundle exec puma -C config/puma.rb
119. TimeoutSec=15
120. Restart=always
121.  
122. [Install]
123. WantedBy=multi-user.target
124. Background service
125.  
126. ////////////////////////////////////////////////////////////////////
127.  
128. nano /etc/systemd/system/mastodon-sidekiq.service
129.  
130. ////////////////////////////////////////////////////////////////////
131.  
132. [Unit]
133. Description=mastodon-sidekiq
134. After=network.target
135.  
136. [Service]
137. Type=simple
138. User=mastodon
139. WorkingDirectory=/home/mastodon/live
140. Environment="RAILS_ENV=production"
141. Environment="DB_POOL=5"
142. ExecStart=/home/mastodon/.rbenv/shims/bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push
143. TimeoutSec=15
144. Restart=always
145.  
146. [Install]
147. WantedBy=multi-user.target
148. API service
149.  
150. ////////////////////////////////////////////////////////////////////
151.  
152. nano /etc/systemd/system/mastodon-streaming.service
153.  
154. ////////////////////////////////////////////////////////////////////
155.  
156. [Unit]
157. Description=mastodon-streaming
158. After=network.target
159.  
160. [Service]
161. Type=simple
162. User=mastodon
163. WorkingDirectory=/home/mastodon/live
164. Environment="NODE_ENV=production"
165. Environment="PORT=4000"
166. ExecStart=/usr/bin/npm run start
167. TimeoutSec=15
168. Restart=always
169.  
170. [Install]
171. WantedBy=multi-user.target
172.  
173. ////////////////////////////////////////////////////////////////////
174.  
175.  
176. Then we can enable our systemd services :
177.  
178. systemctl enable /etc/systemd/system/mastodon-*.service
179. And we can start our mastodon instance :
180.  
181. sudo systemctl start mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
182. Add the required crons for mastodon :
183.  
184. crontab -u mastodon -e
185. RAILS_ENV=production
186. @daily cd /home/mastodon/live && /home/mastodon/.rbenv/shims/bundle exec rake mastodon:daily
187. Nginx reverse-proxy setup :
188. So we have setup mastodon, but to access to our instance directly under https and with our domain, we need to setup a reverse-proxy using Nginx.
189.  
190. At first, install Nginx :
191.  
192. wget -O - https://nginx.org/keys/nginx_signing.key | sudo apt-key add -
193. sudo echo "deb http://nginx.org/packages/ubuntu/ $(lsb_release -sc) nginx" > /etc/apt/sources.list.d/nginx.list
194. sudo apt update
195. sudo apt install nginx
196.  
197. We have now to create our nginx configuration file for ou domain, we will use the configuration based on the Angristan's model :
198.  
199. nano /etc/nginx/sites-enabled/yourdomain.com
200.  
201. ////////////////////////////////////////////////////////////////////
202.  
203. map $http_upgrade $connection_upgrade {
204. default upgrade;
205. '' close;
206. }
207. server {
208. listen 80;
209. listen [::]:80;
210. server_name www.yourdomain.com yourdomain.com;
211. return 301 https://votredomaine.com$request_uri;
212.  
213. access_log /dev/null;
214. error_log /dev/null;
215. }
216.  
217. server {
218. listen 443 ssl http2;
219. listen [::]:443 ssl http2;
220. server_name www.yourdomain.com yourdomain.com;
221.  
222. access_log /var/log/nginx/yourdomain.com-access.log;
223. error_log /var/log/nginx/yourdomain.com-error.log;
224.  
225. ssl_certificate /etc/letsencrypt/live/fullchain.pem;
226. ssl_certificate_key /etc/letsencrypt/live/privkey.pem;
227. ssl_protocols TLSv1.2;
228. ssl_ciphers EECDH+AESGCM:EECDH+AES;
229. ssl_prefer_server_ciphers on;
230. add_header Strict-Transport-Security "max-age=15552000; preload";
231.  
232. keepalive_timeout 70;
233. sendfile on;
234. client_max_body_size 0;
235. gzip off;
236.  
237. root /home/mastodon/live/public;
238.  
239. location / {
240. try_files $uri @proxy;
241. }
242.  
243. location @proxy {
244. proxy_set_header Host $host;
245. proxy_set_header X-Real-IP $remote_addr;
246. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
247. proxy_set_header X-Forwarded-Proto https;
248. proxy_pass_header Server;
249. proxy_pass http://127.0.0.1:3000;
250. proxy_buffering off;
251. proxy_redirect off;
252. proxy_http_version 1.1;
253. proxy_set_header Upgrade $http_upgrade;
254. proxy_set_header Connection $connection_upgrade;
255. tcp_nodelay on;
256. }
257.  
258. location /api/v1/streaming {
259. proxy_set_header Host $host;
260. proxy_set_header X-Real-IP $remote_addr;
261. proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
262. proxy_set_header X-Forwarded-Proto https;
263. proxy_pass http://127.0.0.1:4000;
264. proxy_buffering off;
265. proxy_redirect off;
266. proxy_http_version 1.1;
267. proxy_set_header Upgrade $http_upgrade;
268. proxy_set_header Connection $connection_upgrade;
269. tcp_nodelay on;
270. }
271.  
272. error_page 500 501 502 503 504 /500.html;
273. }
274.  
275. ////////////////////////////////////////////////////////////////////
276.  
277. You can start nginx with the command :
278.  
279. service nginx start
280. Then we will use Let's Encrypt to generate a SSL certificate.
281.  
282. cd /opt
283. git clone https://github.com/letsencrypt/letsencrypt
284. cd letsencrypt
285. ./letsencrypt-auto certonly --webroot -w /home/mastodon/live -d www.yourdomain.com -d yourdomain.com --email vous@yourdomain.com --text --rsa-key-size 4096
286. Updating Mastodon
287. Mastodon is updated very often, so if you want to keep your instance up-to-date you will have to follow the following steps :
288.  
289. cd live
290. gem install bundler --no-ri
291. git fetch
292. git pull
293. git checkout $(git tag | tail -n 1)
294. bundle install --deployment --without development test
295. yarn install
296. NODE_ENV=production npm upgrade --global yarn
297. RAILS_ENV=production bundle exec rails assets:clean
298. RAILS_ENV=production bundle exec rails assets:precompile
299. RAILS_ENV=production bundle exec rails db:migrate
300. exit
301. Then you just have to restart the instance :
302.  
303. sudo systemctl restart mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
304. If you need to update ruby with a new release use :
305.  
306. rbenv install 2.4.1
307. gem install bundler --no-ri
308. Create your administrator account
309. You instance is now running properly but you have to register to create your account and then you will be able to set this account as administrator with the following command :
310.  
311. RAILS_ENV=production bundle exec rails mastodon:make_admin USERNAME=votre-utilisateur