# Installing on FreeBSD
-This document was written for FreeBSD 12.1, but should be trivially trailerable to future releases.
-Additionally, this guide document can be modified to
+This document was written for FreeBSD 12.1, but should be work on future releases.
## Required software
This assumes the target system has `pkg(8)`.
-`# pkg install elixir postgresql12-server postgresql12-client postgresql12-contrib git-lite sudo nginx gmake acme.sh`
+```
+# pkg install elixir postgresql12-server postgresql12-client postgresql12-contrib git-lite sudo nginx gmake acme.sh cmake
+```
Copy the rc.d scripts to the right directory:
# service postgresql start
```
+### Install media / graphics packages (optional, see [`docs/installation/optional/media_graphics_packages.md`](docs/installation/optional/media_graphics_packages.md))
+
+```shell
+# pkg install imagemagick ffmpeg p5-Image-ExifTool
+```
+
## Configuring Pleroma
Create a user for Pleroma:
```
$ cd /home/pleroma/pleroma
-$ mix deps.get
+$ mix deps.get # Enter "y" when asked to install Hex
$ mix pleroma.instance gen # You will be asked a few questions here.
-$ cp config/generated_config.exs config/prod.secret.exs # The default values should be sufficient but you should edit it and check that everything seems OK.
+$ cp config/generated_config.exs config/prod.secret.exs
```
Since Postgres is configured, we can now initialize the database. There should
fix this, edit `/var/db/postgres/data12/pg_hba.conf`. Change every `trust` to
`password`.
-Once this is done, restart Postgres with `# service postgresql restart`.
+Once this is done, restart Postgres with:
+```
+# service postgresql restart
+```
Run the database migrations.
You will need to do this whenever you update with `git pull`:
-## Configuring nginx
+## Configuring acme.sh
-As root, install the example configuration file
-`/home/pleroma/pleroma/installation/pleroma.nginx` to
-`/usr/local/etc/nginx/nginx.conf`.
+We'll be using acme.sh in Stateless Mode for TLS certificate renewal.
-Note that it will need to be wrapped in a `http {}` block. You should add
-settings for the nginx daemon outside of the http block, for example:
+First, as root, allow the user `acme` to have access to the acme log file, as follows:
```
-user nginx nginx;
-error_log /var/log/nginx/error.log;
-worker_processes 4;
-
-events {
-}
+# touch /var/log/acme.sh.log
+# chown acme:acme /var/log/acme.sh.log
+# chmod 600 /var/log/acme.sh.log
```
-Edit the defaults of `/usr/local/etc/nginx/nginx.conf`:
-
-* Change `ssl_trusted_certificate` to `/etc/ssl/example.tld/chain.pem`.
-* Change `ssl_certificate` to `/etc/ssl/example.tld/fullchain.pem`.
-* Change `ssl_certificate_key` to `/etc/ssl/example.tld/privkey.pem`.
-* Change all references of `example.tld` to your instance's domain name.
-
-## Configuring acme.sh
-
-We'll be using acme.sh in Stateless Mode for TLS certificate renewal.
-
-First, get your account fingerprint:
+Next, obtain your account fingerprint:
```
-$ sudo -Hu nginx -g nginx acme.sh --register-account
+# sudo -Hu acme -g acme acme.sh --register-account
```
You need to add the following to your nginx configuration for the server
with your domain name):
```
-$ sudo -Hu nginx -g nginx acme.sh --issue -d example.com --stateless
-$ acme.sh --install-cert -d example.com \
- --key-file /path/to/keyfile/in/nginx/key.pem \
- --fullchain-file /path/to/fullchain/nginx/cert.pem \
+# sudo -Hu acme -g acme acme.sh --issue -d example.com --stateless
```
-Let's add auto-renewal to `/etc/daily.local`
+Let's add auto-renewal to `/etc/crontab`
(replace `example.com` with your domain):
```
-/usr/pkg/bin/sudo -Hu nginx -g nginx \
- /usr/pkg/sbin/acme.sh -r \
- -d example.com \
- --cert-file /etc/nginx/tls/cert \
- --key-file /etc/nginx/tls/key \
- --ca-file /etc/nginx/tls/ca \
- --fullchain-file /etc/nginx/tls/fullchain \
- --stateless
+/usr/local/bin/sudo -Hu acme -g acme /usr/local/sbin/acme.sh -r -d example.com --stateless
+```
+
+### Configuring nginx
+
+FreeBSD's default nginx configuration does not contain an include directive, which is
+typically used for multiple sites. Therefore, you will need to first create the required
+directory as follows:
+
+
+```
+# mkdir -p /usr/local/etc/nginx/sites-available
```
+Next, add an `include` directive to `/usr/local/etc/nginx/nginx.conf`, within the `http {}`
+block, as follows:
+
+
+```
+http {
+...
+ include /usr/local/etc/nginx/sites-available/*;
+}
+```
+
+As root, copy `/home/pleroma/pleroma/installation/pleroma.nginx` to
+`/usr/local/etc/nginx/sites-available/pleroma.nginx`.
+
+Edit the defaults of `/usr/local/etc/nginx/sites-available/pleroma.nginx`:
+
+* Change `ssl_trusted_certificate` to `/var/db/acme/certs/example.tld/example.tld.cer`.
+* Change `ssl_certificate` to `/var/db/acme/certs/example.tld/fullchain.cer`.
+* Change `ssl_certificate_key` to `/var/db/acme/certs/example.tld/example.tld.key`.
+* Change all references of `example.tld` to your instance's domain name.
+
## Creating a startup script for Pleroma
Pleroma will need to compile when it initially starts, which typically takes a longer
# chmod +x /usr/local/etc/rc.d/pleroma
```
-Update the `/etc/rc.conf` file with the following command:
+Update the `/etc/rc.conf` and start pleroma with the following commands:
```
# sysrc pleroma_enable=YES
+# service pleroma start
```
-Now you can start pleroma with `# service pleroma start`.
+#### Create your first user
+If your instance is up and running, you can create your first user with administrative rights with the following task:
+
+```shell
+sudo -Hu pleroma MIX_ENV=prod mix pleroma.user new <username> <your@emailaddress> --admin
+```
## Conclusion
-Restart nginx with `# /etc/rc.d/nginx restart` and you should be up and running.
+Restart nginx with `# service nginx restart` and you should be up and running.
Make sure your time is in sync, or other instances will receive your posts with
incorrect timestamps. You should have ntpd running.
-#### Further reading
-
-{! backend/installation/further_reading.include !}
-
## Questions
Questions about the installation or didn’t it work as it should be, ask in [#pleroma:matrix.org](https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org) or IRC Channel **#pleroma** on **Freenode**.
projects / akkoma / blobdiff