X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=docs%2Finstallation%2Ffreebsd_en.md;h=9cbe0f2030c76cc060a19905ab139785d346fc16;hb=438ad0d3f9fa354b4b59825d7dcfc48ee2fd7e0a;hp=c98992fe50713de2ac3d399f12a9d95e350a9de1;hpb=da5aca27a8c79edcb4577c3a9f05cfa5d0463e83;p=akkoma diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index c98992fe5..9cbe0f203 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -1,13 +1,16 @@ -# Installing on FreeBSD +# Installing on FreeBSD -This document was written for FreeBSD 12.1, but should be trivially trailerable to future releases. -Additionally, this guide document can be modified to +This document was written for FreeBSD 12.1, but should be work on future releases. -## Required software +{! backend/installation/generic_dependencies.include !} + +## Installing software used in this guide This assumes the target system has `pkg(8)`. -`# pkg install elixir postgresql12-server postgresql12-client postgresql12-contrib git-lite sudo nginx gmake acme.sh` +``` +# pkg install elixir postgresql12-server postgresql12-client postgresql12-contrib git-lite sudo nginx gmake acme.sh cmake +``` Copy the rc.d scripts to the right directory: @@ -25,6 +28,12 @@ Setup the required services to automatically start at boot, using `sysrc(8)`. # service postgresql start ``` +### Install media / graphics packages (optional, see [`docs/installation/optional/media_graphics_packages.md`](../installation/optional/media_graphics_packages.md)) + +```shell +# pkg install imagemagick ffmpeg p5-Image-ExifTool +``` + ## Configuring Pleroma Create a user for Pleroma: @@ -46,9 +55,9 @@ Configure Pleroma. Note that you need a domain name at this point: ``` $ cd /home/pleroma/pleroma -$ mix deps.get -$ mix pleroma.instance gen # You will be asked a few questions here. -$ cp config/generated_config.exs config/prod.secret.exs # The default values should be sufficient but you should edit it and check that everything seems OK. +$ mix deps.get # Enter "y" when asked to install Hex +$ MIX_ENV=prod mix pleroma.instance gen # You will be asked a few questions here. +$ cp config/generated_config.exs config/prod.secret.exs ``` Since Postgres is configured, we can now initialize the database. There should @@ -65,7 +74,10 @@ Postgres allows connections from all users without a password by default. To fix this, edit `/var/db/postgres/data12/pg_hba.conf`. Change every `trust` to `password`. -Once this is done, restart Postgres with `# service postgresql restart`. +Once this is done, restart Postgres with: +``` +# service postgresql restart +``` Run the database migrations. @@ -79,39 +91,22 @@ $ MIX_ENV=prod mix ecto.migrate You will need to do this whenever you update with `git pull`: -## Configuring nginx +## Configuring acme.sh -As root, install the example configuration file -`/home/pleroma/pleroma/installation/pleroma.nginx` to -`/usr/local/etc/nginx/nginx.conf`. +We'll be using acme.sh in Stateless Mode for TLS certificate renewal. -Note that it will need to be wrapped in a `http {}` block. You should add -settings for the nginx daemon outside of the http block, for example: +First, as root, allow the user `acme` to have access to the acme log file, as follows: ``` -user nginx nginx; -error_log /var/log/nginx/error.log; -worker_processes 4; - -events { -} +# touch /var/log/acme.sh.log +# chown acme:acme /var/log/acme.sh.log +# chmod 600 /var/log/acme.sh.log ``` -Edit the defaults: - -* Change `ssl_certificate` and `ssl_trusted_certificate` to -`/etc/ssl/example.tld/fullchain`. -* Change `ssl_certificate_key` to `/etc/ssl/example.tld/key`. -* Change `example.tld` to your instance's domain name. - -## Configuring acme.sh - -We'll be using acme.sh in Stateless Mode for TLS certificate renewal. - -First, get your account fingerprint: +Next, obtain your account fingerprint: ``` -$ sudo -Hu nginx -g nginx acme.sh --register-account +# sudo -Hu acme -g acme acme.sh --register-account ``` You need to add the following to your nginx configuration for the server @@ -136,26 +131,48 @@ It should now be possible to issue a cert (replace `example.com` with your domain name): ``` -$ sudo -Hu nginx -g nginx acme.sh --issue -d example.com --stateless -$ acme.sh --install-cert -d example.com \ - --key-file /path/to/keyfile/in/nginx/key.pem \ - --fullchain-file /path/to/fullchain/nginx/cert.pem \ +# sudo -Hu acme -g acme acme.sh --issue -d example.com --stateless ``` -Let's add auto-renewal to `/etc/daily.local` +Let's add auto-renewal to `/etc/crontab` (replace `example.com` with your domain): ``` -/usr/pkg/bin/sudo -Hu nginx -g nginx \ - /usr/pkg/sbin/acme.sh -r \ - -d example.com \ - --cert-file /etc/nginx/tls/cert \ - --key-file /etc/nginx/tls/key \ - --ca-file /etc/nginx/tls/ca \ - --fullchain-file /etc/nginx/tls/fullchain \ - --stateless +/usr/local/bin/sudo -Hu acme -g acme /usr/local/sbin/acme.sh -r -d example.com --stateless +``` + +### Configuring nginx + +FreeBSD's default nginx configuration does not contain an include directive, which is +typically used for multiple sites. Therefore, you will need to first create the required +directory as follows: + + +``` +# mkdir -p /usr/local/etc/nginx/sites-available ``` +Next, add an `include` directive to `/usr/local/etc/nginx/nginx.conf`, within the `http {}` +block, as follows: + + +``` +http { +... + include /usr/local/etc/nginx/sites-available/*; +} +``` + +As root, copy `/home/pleroma/pleroma/installation/pleroma.nginx` to +`/usr/local/etc/nginx/sites-available/pleroma.nginx`. + +Edit the defaults of `/usr/local/etc/nginx/sites-available/pleroma.nginx`: + +* Change `ssl_trusted_certificate` to `/var/db/acme/certs/example.tld/example.tld.cer`. +* Change `ssl_certificate` to `/var/db/acme/certs/example.tld/fullchain.cer`. +* Change `ssl_certificate_key` to `/var/db/acme/certs/example.tld/example.tld.key`. +* Change all references of `example.tld` to your instance's domain name. + ## Creating a startup script for Pleroma Pleroma will need to compile when it initially starts, which typically takes a longer @@ -172,32 +189,30 @@ Copy the startup script to the correct location and make sure it's executable: ``` # cp /home/pleroma/pleroma/installation/freebsd/rc.d/pleroma /usr/local/etc/rc.d/pleroma -# chmod +x /etc/rc.d/pleroma +# chmod +x /usr/local/etc/rc.d/pleroma ``` -Add the following to `/etc/rc.conf`: +Update the `/etc/rc.conf` and start pleroma with the following commands: ``` -pleroma=YES -pleroma_home="/home/pleroma" -pleroma_user="pleroma" +# sysrc pleroma_enable=YES +# service pleroma start ``` -Run `# /etc/rc.d/pleroma start` to start Pleroma. +#### Create your first user -## Conclusion +If your instance is up and running, you can create your first user with administrative rights with the following task: -Restart nginx with `# /etc/rc.d/nginx restart` and you should be up and running. +```shell +sudo -Hu pleroma MIX_ENV=prod mix pleroma.user new --admin +``` +## Conclusion -If you need further help, contact niaa on freenode. +Restart nginx with `# service nginx restart` and you should be up and running. Make sure your time is in sync, or other instances will receive your posts with incorrect timestamps. You should have ntpd running. -#### Further reading - -{! backend/installation/further_reading.include !} - ## Questions -Questions about the installation or didn’t it work as it should be, ask in [#pleroma:matrix.org](https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org) or IRC Channel **#pleroma** on **Freenode**. +Questions about the installation or didn’t it work as it should be, ask in [#pleroma:libera.chat](https://matrix.to/#/#pleroma:libera.chat) via Matrix or **#pleroma** on **libera.chat** via IRC.