|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211 |
- # Installing on NetBSD
-
- {! backend/installation/generic_dependencies.include !}
-
- ## Installing software used in this guide
-
- pkgin should have been installed by the NetBSD installer if you selected
- the right options. If it isn't installed, install it using pkg_add.
-
- Note that `postgresql11-contrib` is needed for the Postgres extensions
- Pleroma uses.
-
- The `mksh` shell is needed to run the Elixir `mix` script.
-
- `# pkgin install acmesh elixir git-base git-docs mksh nginx postgresql11-server postgresql11-client postgresql11-contrib sudo ffmpeg4 ImageMagick`
-
- You can also build these packages using pkgsrc:
- ```
- databases/postgresql11-contrib
- databases/postgresql11-client
- databases/postgresql11-server
- devel/git-base
- devel/git-docs
- devel/cmake
- lang/elixir
- security/acmesh
- security/sudo
- shells/mksh
- www/nginx
- ```
-
- Copy the rc.d scripts to the right directory:
-
- ```
- # cp /usr/pkg/share/examples/rc.d/nginx /usr/pkg/share/examples/rc.d/pgsql /etc/rc.d
- ```
-
- Add nginx and Postgres to `/etc/rc.conf`:
-
- ```
- nginx=YES
- pgsql=YES
- ```
-
- ## Configuring postgres
-
- First, run `# /etc/rc.d/pgsql start`. Then, `$ sudo -Hu pgsql -g pgsql createdb`.
-
- ### Install media / graphics packages (optional, see [`docs/installation/optional/media_graphics_packages.md`](../installation/optional/media_graphics_packages.md))
-
- `# pkgin install ImageMagick ffmpeg4 p5-Image-ExifTool`
-
- ## Configuring Pleroma
-
- Create a user for Pleroma:
-
- ```
- # groupadd pleroma
- # useradd -d /home/pleroma -m -g pleroma -s /usr/pkg/bin/mksh pleroma
- # echo 'export LC_ALL="en_GB.UTF-8"' >> /home/pleroma/.profile
- # su -l pleroma -c $SHELL
- ```
-
- Clone the repository:
-
- ```
- $ cd /home/pleroma
- $ git clone -b stable https://git.pleroma.social/pleroma/pleroma.git
- ```
-
- Configure Pleroma. Note that you need a domain name at this point:
-
- ```
- $ cd /home/pleroma/pleroma
- $ mix deps.get
- $ MIX_ENV=prod mix pleroma.instance gen # You will be asked a few questions here.
- ```
-
- Since Postgres is configured, we can now initialize the database. There should
- now be a file in `config/setup_db.psql` that makes this easier. Edit it, and
- *change the password* to a password of your choice. Make sure it is secure, since
- it'll be protecting your database. Now initialize the database:
-
- ```
- $ sudo -Hu pgsql -g pgsql psql -f config/setup_db.psql
- ```
-
- Postgres allows connections from all users without a password by default. To
- fix this, edit `/usr/pkg/pgsql/data/pg_hba.conf`. Change every `trust` to
- `password`.
-
- Once this is done, restart Postgres with `# /etc/rc.d/pgsql restart`.
-
- Run the database migrations.
- You will need to do this whenever you update with `git pull`:
-
- ```
- $ MIX_ENV=prod mix ecto.migrate
- ```
-
- ## Configuring nginx
-
- Install the example configuration file
- `/home/pleroma/pleroma/installation/pleroma.nginx` to
- `/usr/pkg/etc/nginx.conf`.
-
- Note that it will need to be wrapped in a `http {}` block. You should add
- settings for the nginx daemon outside of the http block, for example:
-
- ```
- user nginx nginx;
- error_log /var/log/nginx/error.log;
- worker_processes 4;
-
- events {
- }
- ```
-
- Edit the defaults:
-
- * Change `ssl_certificate` and `ssl_trusted_certificate` to
- `/etc/nginx/tls/fullchain`.
- * Change `ssl_certificate_key` to `/etc/nginx/tls/key`.
- * Change `example.tld` to your instance's domain name.
-
- ## Configuring acme.sh
-
- We'll be using acme.sh in Stateless Mode for TLS certificate renewal.
-
- First, get your account fingerprint:
-
- ```
- $ sudo -Hu nginx -g nginx acme.sh --register-account
- ```
-
- You need to add the following to your nginx configuration for the server
- running on port 80:
-
- ```
- location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ {
- default_type text/plain;
- return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd";
- }
- ```
-
- Replace the string after after `$1.` with your fingerprint.
-
- Start nginx:
-
- ```
- # /etc/rc.d/nginx start
- ```
-
- It should now be possible to issue a cert (replace `example.com`
- with your domain name):
-
- ```
- $ sudo -Hu nginx -g nginx acme.sh --issue -d example.com --stateless
- ```
-
- Let's add auto-renewal to `/etc/daily.local`
- (replace `example.com` with your domain):
-
- ```
- /usr/pkg/bin/sudo -Hu nginx -g nginx \
- /usr/pkg/sbin/acme.sh -r \
- -d example.com \
- --cert-file /etc/nginx/tls/cert \
- --key-file /etc/nginx/tls/key \
- --ca-file /etc/nginx/tls/ca \
- --fullchain-file /etc/nginx/tls/fullchain \
- --stateless
- ```
-
- ## Creating a startup script for Pleroma
-
- Copy the startup script to the correct location and make sure it's executable:
-
- ```
- # cp /home/pleroma/pleroma/installation/netbsd/rc.d/pleroma /etc/rc.d/pleroma
- # chmod +x /etc/rc.d/pleroma
- ```
-
- Add the following to `/etc/rc.conf`:
-
- ```
- pleroma=YES
- pleroma_home="/home/pleroma"
- pleroma_user="pleroma"
- ```
-
- Run `# /etc/rc.d/pleroma start` to start Pleroma.
-
- ## Conclusion
-
- Restart nginx with `# /etc/rc.d/nginx restart` and you should be up and running.
-
- Make sure your time is in sync, or other instances will receive your posts with
- incorrect timestamps. You should have ntpd running.
-
- ## Instances running NetBSD
-
- * <https://catgirl.science>
-
- #### Further reading
-
- {! backend/installation/further_reading.include !}
-
- ## Questions
-
- Questions about the installation or didn’t it work as it should be, ask in [#pleroma:libera.chat](https://matrix.to/#/#pleroma:libera.chat) via Matrix or **#pleroma** on **libera.chat** via IRC.
|