X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=docs%2Finstallation%2Ffreebsd_en.md;h=f4f4d0db934bafcf43a3fb447c3219e41b575d85;hb=32ae8f4906692f42bb58e7b75c79d20f268953e3;hp=b5c62bee606f3a3fbf3e33d5544c189a6c529945;hpb=33ea430f3b026f4e9b353b74bcc60846c67a5a69;p=akkoma diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md index b5c62bee6..f4f4d0db9 100644 --- a/docs/installation/freebsd_en.md +++ b/docs/installation/freebsd_en.md @@ -1,13 +1,14 @@ -# Installing on FreeBSD +# Installing on FreeBSD -This document was written for FreeBSD 12.1, but should be trivially trailerable to future releases. -Additionally, this guide document can be modified to +This document was written for FreeBSD 12.1, but should be work on future releases. -## Required software +## Required software This assumes the target system has `pkg(8)`. -`# pkg install elixir postgresql12-server postgresql12-client postgresql12-contrib git-lite sudo nginx gmake acme.sh` +``` +# pkg install elixir postgresql12-server postgresql12-client postgresql12-contrib git-lite sudo nginx gmake acme.sh cmake +``` Copy the rc.d scripts to the right directory: @@ -25,6 +26,12 @@ Setup the required services to automatically start at boot, using `sysrc(8)`. # service postgresql start ``` +### Install media / graphics packages (optional, see [`docs/installation/optional/media_graphics_packages.md`](../installation/optional/media_graphics_packages.md)) + +```shell +# pkg install imagemagick ffmpeg p5-Image-ExifTool +``` + ## Configuring Pleroma Create a user for Pleroma: @@ -46,9 +53,9 @@ Configure Pleroma. Note that you need a domain name at this point: ``` $ cd /home/pleroma/pleroma -$ mix deps.get -$ mix pleroma.instance gen # You will be asked a few questions here. -$ cp config/generated_config.exs config/prod.secret.exs # The default values should be sufficient but you should edit it and check that everything seems OK. +$ mix deps.get # Enter "y" when asked to install Hex +$ MIX_ENV=prod mix pleroma.instance gen # You will be asked a few questions here. +$ cp config/generated_config.exs config/prod.secret.exs ``` Since Postgres is configured, we can now initialize the database. There should @@ -65,7 +72,10 @@ Postgres allows connections from all users without a password by default. To fix this, edit `/var/db/postgres/data12/pg_hba.conf`. Change every `trust` to `password`. -Once this is done, restart Postgres with `# service postgresql restart`. +Once this is done, restart Postgres with: +``` +# service postgresql restart +``` Run the database migrations. @@ -79,39 +89,22 @@ $ MIX_ENV=prod mix ecto.migrate You will need to do this whenever you update with `git pull`: -## Configuring nginx +## Configuring acme.sh -As root, install the example configuration file -`/home/pleroma/pleroma/installation/pleroma.nginx` to -`/usr/local/etc/nginx/nginx.conf`. +We'll be using acme.sh in Stateless Mode for TLS certificate renewal. -Note that it will need to be wrapped in a `http {}` block. You should add -settings for the nginx daemon outside of the http block, for example: +First, as root, allow the user `acme` to have access to the acme log file, as follows: ``` -user nginx nginx; -error_log /var/log/nginx/error.log; -worker_processes 4; - -events { -} +# touch /var/log/acme.sh.log +# chown acme:acme /var/log/acme.sh.log +# chmod 600 /var/log/acme.sh.log ``` -Edit the defaults of `/usr/local/etc/nginx/nginx.conf`: - -* Change `ssl_trusted_certificate` to `/etc/ssl/example.tld/chain.pem`. -* Change `ssl_certificate` to `/etc/ssl/example.tld/fullchain.pem`. -* Change `ssl_certificate_key` to `/etc/ssl/example.tld/privkey.pem`. -* Change all references of `example.tld` to your instance's domain name. - -## Configuring acme.sh - -We'll be using acme.sh in Stateless Mode for TLS certificate renewal. - -First, get your account fingerprint: +Next, obtain your account fingerprint: ``` -$ sudo -Hu nginx -g nginx acme.sh --register-account +# sudo -Hu acme -g acme acme.sh --register-account ``` You need to add the following to your nginx configuration for the server @@ -136,26 +129,48 @@ It should now be possible to issue a cert (replace `example.com` with your domain name): ``` -$ sudo -Hu nginx -g nginx acme.sh --issue -d example.com --stateless -$ acme.sh --install-cert -d example.com \ - --key-file /path/to/keyfile/in/nginx/key.pem \ - --fullchain-file /path/to/fullchain/nginx/cert.pem \ +# sudo -Hu acme -g acme acme.sh --issue -d example.com --stateless ``` -Let's add auto-renewal to `/etc/daily.local` +Let's add auto-renewal to `/etc/crontab` (replace `example.com` with your domain): ``` -/usr/pkg/bin/sudo -Hu www -g www \ - /usr/local/sbin/acme.sh -r \ - -d example.com \ - --cert-file /etc/nginx/tls/cert \ - --key-file /etc/nginx/tls/key \ - --ca-file /etc/nginx/tls/ca \ - --fullchain-file /etc/nginx/tls/fullchain \ - --stateless +/usr/local/bin/sudo -Hu acme -g acme /usr/local/sbin/acme.sh -r -d example.com --stateless ``` +### Configuring nginx + +FreeBSD's default nginx configuration does not contain an include directive, which is +typically used for multiple sites. Therefore, you will need to first create the required +directory as follows: + + +``` +# mkdir -p /usr/local/etc/nginx/sites-available +``` + +Next, add an `include` directive to `/usr/local/etc/nginx/nginx.conf`, within the `http {}` +block, as follows: + + +``` +http { +... + include /usr/local/etc/nginx/sites-available/*; +} +``` + +As root, copy `/home/pleroma/pleroma/installation/pleroma.nginx` to +`/usr/local/etc/nginx/sites-available/pleroma.nginx`. + +Edit the defaults of `/usr/local/etc/nginx/sites-available/pleroma.nginx`: + +* Change `ssl_trusted_certificate` to `/var/db/acme/certs/example.tld/example.tld.cer`. +* Change `ssl_certificate` to `/var/db/acme/certs/example.tld/fullchain.cer`. +* Change `ssl_certificate_key` to `/var/db/acme/certs/example.tld/example.tld.key`. +* Change all references of `example.tld` to your instance's domain name. + ## Creating a startup script for Pleroma Pleroma will need to compile when it initially starts, which typically takes a longer @@ -182,8 +197,13 @@ Update the `/etc/rc.conf` and start pleroma with the following commands: # service pleroma start ``` -Now you can start pleroma with `# service pleroma start`. +#### Create your first user +If your instance is up and running, you can create your first user with administrative rights with the following task: + +```shell +sudo -Hu pleroma MIX_ENV=prod mix pleroma.user new --admin +``` ## Conclusion Restart nginx with `# service nginx restart` and you should be up and running.