projects / akkoma / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: cba9f36)
Rearranging acme
authorFarhan Khan <farhan@farhan.codes>
Fri, 14 Aug 2020 00:58:46 +0000 (20:58 -0400)
committerFarhan Khan <farhan@farhan.codes>
Fri, 14 Aug 2020 00:58:46 +0000 (20:58 -0400)
docs/installation/freebsd_en.md patch | blob | history

diff --git a/docs/installation/freebsd_en.md b/docs/installation/freebsd_en.md
index 38afd76e48aa50c4c5372ec450b328e3c94b3efa..a8741e56581dd280b6e0535beb5c71f903b027c8 100644 (file)
--- a/docs/installation/freebsd_en.md
+++ b/docs/installation/freebsd_en.md
@@ -79,36 +79,19 @@ $ MIX_ENV=prod mix ecto.migrate
 
 You will need to do this whenever you update with `git pull`:
 
-## Configuring nginx
+## Configuring acme.sh
 
-As root, install the example configuration file
-`/home/pleroma/pleroma/installation/pleroma.nginx` to
-`/usr/local/etc/nginx/nginx.conf`.
+We'll be using acme.sh in Stateless Mode for TLS certificate renewal.
 
-Note that it will need to be wrapped in a `http {}` block. You should add
-settings for the nginx daemon outside of the http block, for example:
+First, as root, allow the user `acme` to have access to the acme log file, as follows:
 
 ```
-user                    nginx  nginx;
-error_log               /var/log/nginx/error.log;
-worker_processes        4;
-
-events {
-}
+# touch /var/log/acme.sh.log
+# chown acme:acme /var/log/acme.sh.log
+# chmod 600 /var/log/acme.sh.log
 ```
 
-Edit the defaults of `/usr/local/etc/nginx/nginx.conf`:
-
-* Change `ssl_trusted_certificate` to `/etc/ssl/example.tld/chain.pem`.
-* Change `ssl_certificate` to `/etc/ssl/example.tld/fullchain.pem`.
-* Change `ssl_certificate_key` to `/etc/ssl/example.tld/privkey.pem`.
-* Change all references of `example.tld` to your instance's domain name.
-
-## Configuring acme.sh
-
-We'll be using acme.sh in Stateless Mode for TLS certificate renewal.
-
-First, as root, get your account fingerprint:
+Next, obtain your account fingerprint:
 
 ```
 # sudo -Hu acme -g acme acme.sh --register-account
@@ -156,6 +139,38 @@ Let's add auto-renewal to `/etc/daily.local`
     --stateless
 ```
 
+### Configuring nginx
+
+FreeBSD's default nginx configuration does not contain an include directive, which is
+typically used for multiple sites. Therefore, you will need to first create the required
+directory as follows:
+
+
+```
+# mkdir -p /usr/local/etc/nginx/sites-available
+```
+
+Next, add an `include` directive to `/usr/local/etc/nginx/nginx.conf`, within the `http {}`
+block, as follows:
+
+
+```
+http {
+...
+       include /usr/local/etc/nginx/sites-available/*.conf;
+}
+```
+
+As root, copy `/home/pleroma/pleroma/installation/pleroma.nginx` to
+`/usr/local/etc/nginx/sites-available/pleroma.conf`.
+
+Edit the defaults of `/usr/local/etc/nginx/sites-available/pleroma.conf`:
+
+* Change `ssl_trusted_certificate` to `/etc/ssl/example.tld/chain.pem`.
+* Change `ssl_certificate` to `/etc/ssl/example.tld/fullchain.pem`.
+* Change `ssl_certificate_key` to `/etc/ssl/example.tld/privkey.pem`.
+* Change all references of `example.tld` to your instance's domain name.
+
 ## Creating a startup script for Pleroma
 
 Pleroma will need to compile when it initially starts, which typically takes a longer
Fork of https://akkoma.dev/AkkomaGang/akkoma.git