1 # Installing on FreeBSD
3 This document was written for FreeBSD 12.1, but should be trivially trailerable to future releases.
4 Additionally, this guide document can be modified to
8 This assumes the target system has `pkg(8)`.
10 `# pkg install elixir postgresql12-server postgresql12-client postgresql12-contrib git-lite sudo nginx gmake acme.sh`
12 Copy the rc.d scripts to the right directory:
14 Setup the required services to automatically start at boot, using `sysrc(8)`.
17 # sysrc nginx_enable=YES
18 # sysrc postgresql_enable=YES
21 ## Initialize postgres
24 # service postgresql initdb
25 # service postgresql start
28 ## Configuring Pleroma
30 Create a user for Pleroma:
33 # pw add user pleroma -m
34 # echo 'export LC_ALL="en_US.UTF-8"' >> /home/pleroma/.profile
41 $ cd $HOME # Should be the same as /home/pleroma
42 $ git clone -b stable https://git.pleroma.social/pleroma/pleroma.git
45 Configure Pleroma. Note that you need a domain name at this point:
48 $ cd /home/pleroma/pleroma
50 $ mix pleroma.instance gen # You will be asked a few questions here.
51 $ cp config/generated_config.exs config/prod.secret.exs # The default values should be sufficient but you should edit it and check that everything seems OK.
54 Since Postgres is configured, we can now initialize the database. There should
55 now be a file in `config/setup_db.psql` that makes this easier. Edit it, and
56 *change the password* to a password of your choice. Make sure it is secure, since
57 it'll be protecting your database. As root, you can now initialize the database:
60 # cd /home/pleroma/pleroma
61 # sudo -Hu postgres -g postgres psql -f config/setup_db.psql
64 Postgres allows connections from all users without a password by default. To
65 fix this, edit `/var/db/postgres/data12/pg_hba.conf`. Change every `trust` to
68 Once this is done, restart Postgres with `# service postgresql restart`.
70 Run the database migrations.
72 Back as the pleroma user, run the following to implement any database migrations.
76 $ cd /home/pleroma/pleroma
77 $ MIX_ENV=prod mix ecto.migrate
80 You will need to do this whenever you update with `git pull`:
84 As root, install the example configuration file
85 `/home/pleroma/pleroma/installation/pleroma.nginx` to
86 `/usr/local/etc/nginx/nginx.conf`.
88 Note that it will need to be wrapped in a `http {}` block. You should add
89 settings for the nginx daemon outside of the http block, for example:
93 error_log /var/log/nginx/error.log;
100 Edit the defaults of `/usr/local/etc/nginx/nginx.conf`:
102 * Change `ssl_trusted_certificate` to `/etc/ssl/example.tld/chain.pem`.
103 * Change `ssl_certificate` to `/etc/ssl/example.tld/fullchain.pem`.
104 * Change `ssl_certificate_key` to `/etc/ssl/example.tld/privkey.pem`.
105 * Change all references of `example.tld` to your instance's domain name.
107 ## Configuring acme.sh
109 We'll be using acme.sh in Stateless Mode for TLS certificate renewal.
111 First, get your account fingerprint:
114 $ sudo -Hu nginx -g nginx acme.sh --register-account
117 You need to add the following to your nginx configuration for the server
121 location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ {
122 default_type text/plain;
123 return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd";
127 Replace the string after after `$1.` with your fingerprint.
132 # service nginx start
135 It should now be possible to issue a cert (replace `example.com`
136 with your domain name):
139 $ sudo -Hu nginx -g nginx acme.sh --issue -d example.com --stateless
140 $ acme.sh --install-cert -d example.com \
141 --key-file /path/to/keyfile/in/nginx/key.pem \
142 --fullchain-file /path/to/fullchain/nginx/cert.pem \
145 Let's add auto-renewal to `/etc/daily.local`
146 (replace `example.com` with your domain):
149 /usr/pkg/bin/sudo -Hu nginx -g nginx \
150 /usr/pkg/sbin/acme.sh -r \
152 --cert-file /etc/nginx/tls/cert \
153 --key-file /etc/nginx/tls/key \
154 --ca-file /etc/nginx/tls/ca \
155 --fullchain-file /etc/nginx/tls/fullchain \
159 ## Creating a startup script for Pleroma
161 Pleroma will need to compile when it initially starts, which typically takes a longer
162 period of time. Therefore, it is good practice to initially run pleroma from the
163 command-line before utilizing the rc.d script. That is done as follows:
168 $ MIX_ENV=prod mix phx.server
171 Copy the startup script to the correct location and make sure it's executable:
174 # cp /home/pleroma/pleroma/installation/freebsd/rc.d/pleroma /usr/local/etc/rc.d/pleroma
175 # chmod +x /usr/local/etc/rc.d/pleroma
178 Update the `/etc/rc.conf` file with the following command:
181 # sysrc pleroma_enable=YES
184 Now you can start pleroma with `# service pleroma start`.
188 Restart nginx with `# /etc/rc.d/nginx restart` and you should be up and running.
190 Make sure your time is in sync, or other instances will receive your posts with
191 incorrect timestamps. You should have ntpd running.
195 {! backend/installation/further_reading.include !}
199 Questions about the installation or didn’t it work as it should be, ask in [#pleroma:matrix.org](https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org) or IRC Channel **#pleroma** on **Freenode**.