git.squeep.com Git - akkoma/blob - docs/installation/otp_en.md

   1 # Installing on Linux using OTP releases
   2
   3 ## Pre-requisites
   4 * A machine running Linux with GNU (e.g. Debian, Ubuntu) or musl (e.g. Alpine) libc and `x86_64`, `aarch64` or `armv7l` CPU, you have root access to. If you are not sure if it's compatible see [Detecting flavour section](#detecting-flavour) below
   5 * A (sub)domain pointed to the machine
   6
   7 You will be running commands as root. If you aren't root already, please elevate your priviledges by executing `sudo su`/`su`.
   8
   9 While in theory OTP releases are possbile to install on any compatible machine, for the sake of simplicity this guide focuses only on Debian/Ubuntu and Alpine.
  10
  11 ### Detecting flavour
  12
  13 Paste the following into the shell:
  14 ```sh
  15 arch="$(uname -m)";if [ "$arch" = "x86_64" ];then arch="amd64";elif [ "$arch" = "armv7l" ];then arch="arm";elif [ "$arch" = "aarch64" ];then arch="arm64";else echo "Unsupported arch: $arch">&2;fi;if getconf GNU_LIBC_VERSION>/dev/null;then libc_postfix="";elif [ "$(ldd 2>&1|head -c 9)" = "musl libc" ];then libc_postfix="-musl";elif [ "$(find /lib/libc.musl*|wc -l)" ];then libc_postfix="-musl";else echo "Unsupported libc">&2;fi;echo "$arch$libc_postfix"
  16 ```
  17
  18 If your platform is supported the output will contain the flavour string, you will need it later. If not, this just means that we don't build releases for your platform, you can still try installing from source.
  19
  20 ### Installing the required packages
  21
  22 Other than things bundled in the OTP release Pleroma depends on:
  23
  24 * curl (to download the release build)
  25 * unzip (needed to unpack release builds)
  26 * ncurses (ERTS won't run without it)
  27 * PostgreSQL (also utilizes extensions in postgresql-contrib)
  28 * nginx (could be swapped with another reverse proxy but this guide covers only it)
  29 * certbot (for Let's Encrypt certificates, could be swapped with another ACME client, but this guide covers only it)
  30 * libmagic/file
  31
  32 ```sh tab="Alpine"
  33 echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories
  34 apk update
  35 apk add curl unzip ncurses postgresql postgresql-contrib nginx certbot file-dev
  36 ```
  37
  38 ```sh tab="Debian/Ubuntu"
  39 apt install curl unzip libncurses5 postgresql postgresql-contrib nginx certbot libmagic-dev
  40 ```
  41
  42 ## Setup
  43 ### Configuring PostgreSQL
  44 #### (Optional) Installing RUM indexes
  45
  46 !!! warning
  47     It is recommended to use PostgreSQL v11 or newer. We have seen some minor issues with lower PostgreSQL versions.
  48
  49 RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. You can read more about them on the [Configuration page](../configuration/cheatsheet.md#rum-indexing-for-full-text-search). They are completely optional and most of the time are not worth it, especially if you are running a single user instance (unless you absolutely need ordered search results).
  50
  51 ```sh tab="Alpine"
  52 apk add git build-base postgresql-dev
  53 git clone https://github.com/postgrespro/rum /tmp/rum
  54 cd /tmp/rum
  55 make USE_PGXS=1
  56 make USE_PGXS=1 install
  57 cd
  58 rm -r /tmp/rum
  59 ```
  60
  61 ```sh tab="Debian/Ubuntu"
  62 # Available only on Buster/19.04
  63 apt install postgresql-11-rum
  64 ```
  65
  66 #### (Optional) Performance configuration
  67 It is encouraged to check [Optimizing your PostgreSQL performance](../configuration/postgresql.md) document, for tips on PostgreSQL tuning.
  68
  69 ```sh tab="Alpine"
  70 rc-service postgresql restart
  71 ```
  72
  73 ```sh tab="Debian/Ubuntu"
  74 systemctl restart postgresql
  75 ```
  76
  77 If you are using PostgreSQL 12 or higher, add this to your Ecto database configuration
  78
  79 ```elixir
  80 prepare: :named,
  81 parameters: [
  82   plan_cache_mode: "force_custom_plan"
  83 ]
  84 ```
  85
  86 ### Installing Pleroma
  87 ```sh
  88 # Create a Pleroma user
  89 adduser --system --shell  /bin/false --home /opt/pleroma pleroma
  90
  91 # Set the flavour environment variable to the string you got in Detecting flavour section.
  92 # For example if the flavour is `amd64-musl` the command will be
  93 export FLAVOUR="amd64-musl"
  94
  95 # Clone the release build into a temporary directory and unpack it
  96 su pleroma -s $SHELL -lc "
  97 curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip
  98 unzip /tmp/pleroma.zip -d /tmp/
  99 "
 100
 101 # Move the release to the home directory and delete temporary files
 102 su pleroma -s $SHELL -lc "
 103 mv /tmp/release/* /opt/pleroma
 104 rmdir /tmp/release
 105 rm /tmp/pleroma.zip
 106 "
 107 # Create uploads directory and set proper permissions (skip if planning to use a remote uploader)
 108 # Note: It does not have to be `/var/lib/pleroma/uploads`, the config generator will ask about the upload directory later
 109
 110 mkdir -p /var/lib/pleroma/uploads
 111 chown -R pleroma /var/lib/pleroma
 112
 113 # Create custom public files directory (custom emojis, frontend bundle overrides, robots.txt, etc.)
 114 # Note: It does not have to be `/var/lib/pleroma/static`, the config generator will ask about the custom public files directory later
 115 mkdir -p /var/lib/pleroma/static
 116 chown -R pleroma /var/lib/pleroma
 117
 118 # Create a config directory
 119 mkdir -p /etc/pleroma
 120 chown -R pleroma /etc/pleroma
 121
 122 # Run the config generator
 123 su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql"
 124
 125 # Create the postgres database
 126 su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
 127
 128 # Create the database schema
 129 su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
 130
 131 # If you have installed RUM indexes uncommend and run
 132 # su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate --migrations-path priv/repo/optional_migrations/rum_indexing/"
 133
 134 # Start the instance to verify that everything is working as expected
 135 su pleroma -s $SHELL -lc "./bin/pleroma daemon"
 136
 137 # Wait for about 20 seconds and query the instance endpoint, if it shows your uri, name and email correctly, you are configured correctly
 138 sleep 20 && curl http://localhost:4000/api/v1/instance
 139
 140 # Stop the instance
 141 su pleroma -s $SHELL -lc "./bin/pleroma stop"
 142 ```
 143
 144 ### Setting up nginx and getting Let's Encrypt SSL certificaties
 145
 146 #### Get a Let's Encrypt certificate
 147 ```sh
 148 certbot certonly --standalone --preferred-challenges http -d yourinstance.tld
 149 ```
 150
 151 #### Copy Pleroma nginx configuration to the nginx folder
 152
 153 The location of nginx configs is dependent on the distro
 154
 155 ```sh tab="Alpine"
 156 cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/conf.d/pleroma.conf
 157 ```
 158
 159 ```sh tab="Debian/Ubuntu"
 160 cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.conf
 161 ln -s /etc/nginx/sites-available/pleroma.conf /etc/nginx/sites-enabled/pleroma.conf
 162 ```
 163
 164 If your distro does not have either of those you can append `include /etc/nginx/pleroma.conf` to the end of the http section in /etc/nginx/nginx.conf and
 165 ```sh
 166 cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/pleroma.conf
 167 ```
 168
 169 #### Edit the nginx config
 170 ```sh
 171 # Replace example.tld with your (sub)domain
 172 $EDITOR path-to-nginx-config
 173
 174 # Verify that the config is valid
 175 nginx -t
 176 ```
 177 #### Start nginx
 178
 179 ```sh tab="Alpine"
 180 rc-service nginx start
 181 ```
 182
 183 ```sh tab="Debian/Ubuntu"
 184 systemctl start nginx
 185 ```
 186
 187 At this point if you open your (sub)domain in a browser you should see a 502 error, that's because Pleroma is not started yet.
 188
 189 ### Setting up a system service
 190
 191 ```sh tab="Alpine"
 192 # Copy the service into a proper directory
 193 cp /opt/pleroma/installation/init.d/pleroma /etc/init.d/pleroma
 194
 195 # Start pleroma and enable it on boot
 196 rc-service pleroma start
 197 rc-update add pleroma
 198 ```
 199
 200 ```sh tab="Debian/Ubuntu"
 201 # Copy the service into a proper directory
 202 cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
 203
 204 # Start pleroma and enable it on boot
 205 systemctl start pleroma
 206 systemctl enable pleroma
 207 ```
 208
 209 If everything worked, you should see Pleroma-FE when visiting your domain. If that didn't happen, try reviewing the installation steps, starting Pleroma in the foreground and seeing if there are any errrors.
 210
 211 Still doesn't work? Feel free to contact us on [#pleroma on freenode](https://irc.pleroma.social) or via matrix at <https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org>, you can also [file an issue on our Gitlab](https://git.pleroma.social/pleroma/pleroma-support/issues/new)
 212
 213 ## Post installation
 214
 215 ### Setting up auto-renew of the Let's Encrypt certificate
 216 ```sh
 217 # Create the directory for webroot challenges
 218 mkdir -p /var/lib/letsencrypt
 219
 220 # Uncomment the webroot method
 221 $EDITOR path-to-nginx-config
 222
 223 # Verify that the config is valid
 224 nginx -t
 225 ```
 226
 227 ```sh tab="Alpine"
 228 # Restart nginx
 229 rc-service nginx restart
 230
 231 # Start the cron daemon and make it start on boot
 232 rc-service crond start
 233 rc-update add crond
 234
 235 # Ensure the webroot menthod and post hook is working
 236 certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'rc-service nginx reload'
 237
 238 # Add it to the daily cron
 239 echo '#!/bin/sh
 240 certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "rc-service nginx reload"
 241 ' > /etc/periodic/daily/renew-pleroma-cert
 242 chmod +x /etc/periodic/daily/renew-pleroma-cert
 243
 244 # If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert
 245 run-parts --test /etc/periodic/daily
 246 ```
 247
 248 ```sh tab="Debian/Ubuntu"
 249 # Restart nginx
 250 systemctl restart nginx
 251
 252 # Ensure the webroot menthod and post hook is working
 253 certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'systemctl reload nginx'
 254
 255 # Add it to the daily cron
 256 echo '#!/bin/sh
 257 certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"
 258 ' > /etc/cron.daily/renew-pleroma-cert
 259 chmod +x /etc/cron.daily/renew-pleroma-cert
 260
 261 # If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert
 262 run-parts --test /etc/cron.daily
 263 ```
 264
 265 ## Create your first user and set as admin
 266 ```sh
 267 cd /opt/pleroma/bin
 268 su pleroma -s $SHELL -lc "./bin/pleroma_ctl user new joeuser joeuser@sld.tld --admin"
 269 ```
 270 This will create an account withe the username of 'joeuser' with the email address of joeuser@sld.tld, and set that user's account as an admin. This will result in a link that you can paste into the browser, which logs you in and enables you to set the password.
 271
 272 ## Further reading
 273
 274 * [Backup your instance](../administration/backup.md)
 275 * [Hardening your instance](../configuration/hardening.md)
 276 * [How to activate mediaproxy](../configuration/howto_mediaproxy.md)
 277 * [Updating your instance](../administration/updating.md)
 278
 279 ## Questions
 280
 281 Questions about the installation or didn’t it work as it should be, ask in [#pleroma:matrix.org](https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org) or IRC Channel **#pleroma** on **Freenode**.
 282