避难所

如何在 Debian 9 上安装 Pleroma

五星冷剔's Avatar 2020-07-04 技术应用 阅读: 0

  1. 1. 预备
  2. 2. 安装 Pleroma
  3. 3. 设置系统服务
  4. 4. 测试 Pleroma
  5. 5. 申请数字证书
  6. 6. 设置 Nginx
  7. 7. 创建管理员账户

预备

条件

  • 一台运行Linux的机器,你有root访问权限。
  • 一个域名

您将以root用户身份运行命令。如果您还不是root用户,请通过执行sudo su/su来提升您的权限。虽然理论上OTP版本可以安装在任何兼容的机器上,但是为了简单起见,本文只关注 X86 平台的 Debian 9 和 Pleroma - 2.0.7 。


安装依赖

1
apt install curl unzip libncurses5 postgresql postgresql-contrib nginx

Postgresql 性能调优(可选)

为了优化性能,你可以使用 pgTune 生成一个合适的配置文件。编辑/etc/postgresql/9.6/main/postgresql.conf 中的相应数值并使用以下命令重启 PostgreSQL 。

1
systemctl restart postgresql

安装 Pleroma

创建一个 pleroma 用户

1
adduser --system --shell  /bin/false --home /opt/pleroma pleroma

设置环境变量 FLAVOUR

1
export FLAVOUR="amd64"

下载安装 Pleroma 所需的文件到/tmp文件夹并解压

1
2
3
4
su pleroma -s $SHELL -lc "
curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip
unzip /tmp/pleroma.zip -d /tmp/
"

移动文件到 /opt/pleroma 并删除临时文件夹

1
2
3
4
5
su pleroma -s $SHELL -lc "
mv /tmp/release/* /opt/pleroma
rmdir /tmp/release
rm /tmp/pleroma.zip
"

创建/uploads文件夹并设置适当的权限

1
2
3
mkdir -p /var/lib/pleroma/uploads

chown -R pleroma /var/lib/pleroma

创建存放配置文件的文件夹并设置适当的权限

1
2
3
mkdir -p /etc/pleroma

chown -R pleroma /etc/pleroma

生成配置文件

1
su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql"

开始填表

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
What domain will your instance use? (e.g pleroma.soykaf.com) []  abc.xyz.com
你的网站的网址是什么?

What is the name of your instance? (e.g. Pleroma/Soykaf) [] abc.xyz.com
你的网站叫什么名字?

What is your admin email address? [] abc@163.com
网站管理员的电子邮箱地址是什么?

What email address do you want to use for sending email notifications?
[abc@163.com]
你想要用哪一个电子邮件地址来发送邮件通知?

Do you want search engines to index your site? (y/n) [n]
你希望搜索引擎收录你的网站吗?

Do you want to store the configuration in the database (allows controlling it from admin-fe)? (y/n) [n] y
你希望将配置信息存入数据库吗(允许从管理后台进行控制)?

剩下的全部按回车,保持默认即可

1
2
3
4
5
6
7
8
9
What is the hostname of your database? [localhost]
What is the name of your database? [pleroma]
What is the user used to connect to your database? [pleroma]
What is the password used to connect to your database? [autogenerated]
Would you like to use RUM indices? [n] n
What port will the app listen to (leave it if you are using the default setup with nginx)? [4000]
What ip will the app listen to (leave it if you are using the default setup with nginx)? [127.0.0.1]
What directory should media uploads go in (when using the local uploader)? [/var/lib/pleroma/uploads]
What directory should custom public files be read from (custom emojis, frontend bundle overrides, robots.txt, etc.)? [/var/lib/pleroma/static]

如果没有出错的话,你能看见以下内容

1
2
3
4
5
6
7
What directory should custom public files be read from (custom emojis, frontend bundle overrides, robots.txt, etc.)? [/var/lib/pleroma/static]
Writing config to /etc/pleroma/config.exs.
Writing the postgres script to /tmp/setup_db.psql.
Writing /var/lib/pleroma/static/robots.txt.

All files successfully written! Refer to the installation instructions for your platform for next steps.
Please transfer your config to the database after running database migrations. Refer to "Transfering the config to/from the database" section of the docs for more information.

创建 postgres 数据库

1
su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"

创建数据表

1
su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"

设置系统服务

pleroma.service复制到适当的文件夹中

1
cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service

启动 pleroma 并设置开机自启动

1
2
3
systemctl start pleroma

systemctl enable pleroma

测试 Pleroma

启动实例以验证一切都按预期工作

1
su pleroma -s $SHELL -lc "./bin/pleroma daemon"

等待大约20秒并检测实例运行状况,如果它正确地显示了您的网址、网站名称和电子邮件地址,则说明实例已经安装成功

1
sleep 20 && curl http://localhost:4000/api/v1/instance

暂停实例的运行

1
su pleroma -s $SHELL -lc "./bin/pleroma stop"

Ctrl+C 返回


申请数字证书

下面以申请 RSA 证书为例 如何申请 ECC 证书 ?

安装 socat

1
apt install socat -y

安装 acme.sh

1
curl https://get.acme.sh | sh

将 DNS解析商的 API KEY 加入临时系统变量 如何获取 API key ?

1
2
3
export GD_Key="****"   # 填写GoDaddy的 KEY

export GD_Secret="****" # 填写GoDaddy的 Secret

开始获取通配符证书

1
~/.acme.sh/acme.sh --issue --dns dns_gd -d xyz.com -d *.xyz.com --dns dns_dg --log # 要把xyz.com替换成你的域名

证书成功签发后,你会看见以下内容

1
2
3
4
5
-----END CERTIFICATE-----
[Sun Jul 5 02:35:19 UTC 2020] Your cert is in /root/.acme.sh/xyz.com/xyz.com.cer
[Sun Jul 5 02:35:19 UTC 2020] Your cert key is in /root/.acme.sh/xyz.com/xyz.com.key
[Sun Jul 5 02:35:19 UTC 2020] The intermediate CA cert is in /root/.acme.sh/xyz.com/ca.cer
[Sun Jul 5 02:35:19 UTC 2020] And the full chain certs is there: /root/.acme.sh/xyz.com/fullchain.cer

签发成功后,请求文件 csr、密钥 key 以及证书 cert 和完整证书链均保存在 /root/.acme.sh/xyz.com/ 下


设置 Nginx

复制 pleroma.nginx 到 Nginx 的配置文件夹

1
2
3
cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.conf

ln -s /etc/nginx/sites-available/pleroma.conf /etc/nginx/sites-enabled/pleroma.conf

编辑 Nginx 配置文件

1
nano /etc/nginx/sites-available/pleroma.conf

可参考下方修改

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# default nginx site config for Pleroma
#
# Simple installation instructions:
# 1. Install your TLS certificate, possibly using Let's Encrypt.
# 2. Replace 'example.tld' with your instance's domain wherever it appears.
# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
# in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.

proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
inactive=720m use_temp_path=off;

server {
server_name abc.xyz.com; # 把abc.xyz.com替换成pleroma实例的网址

listen 80;
listen [::]:80;

# security


# Uncomment this if you need to use the 'webroot' method with certbot. Make sure
# that the directory exists and that it is accessible by the webserver. If you followed
# the guide, you already ran 'mkdir -p /var/lib/letsencrypt' to create the folder.
# You may need to load this file with the ssl server block commented out, run certbot
# to get the certificate, and then uncomment it.
#
# location ~ /\.well-known/acme-challenge {
# root /var/lib/letsencrypt/;
# }
location / {
return 301 https://abc.xyz.com$request_uri; # 把abc.xyz.com替换成pleroma实例的网址
}
}

# Enable SSL session caching for improved performance
ssl_session_cache shared:ssl_session_cache:10m;

server {
server_name social.3cat.icu; # 把abc.xyz.com替换成pleroma实例的网址

# security


listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_session_timeout 5m;

ssl_trusted_certificate /root/.acme.sh/xyz.com/ca.cer; # 把xyz.com替换成你的域名
ssl_certificate /root/.acme.sh/xyz.com/fullchain.cer; # 把xyz.com替换成你的域名
ssl_certificate_key /root/.acme.sh/xyz.com/xyz.com.key; # 把xyz.com替换成你的域名

# Add TLSv1.0 to support older devices
ssl_protocols TLSv1.2;
# Uncomment line below if you want to support older devices (Before Android 4.4.2, IE 8, etc.)
# ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_prefer_server_ciphers on;
# In case of an old server with an OpenSSL version of 1.0.2 or below,
# leave only prime256v1 or comment out the following line.
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
ssl_stapling on;
ssl_stapling_verify on;

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;

# the nginx default is 1m, not enough for large media uploads
client_max_body_size 16m;

location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
# and `localhost.` resolves to [::0] on some systems: see issue #930
proxy_pass http://127.0.0.1:4000;

client_max_body_size 16m;
}

location ~ ^/(media|proxy) {
proxy_cache pleroma_media_cache;
slice 1m;
proxy_cache_key $host$uri$is_args$args$slice_range;
proxy_set_header Range $slice_range;
proxy_http_version 1.1;
proxy_cache_valid 200 206 301 304 1h;
proxy_cache_lock on;
proxy_ignore_client_abort on;
proxy_buffering on;
chunked_transfer_encoding on;
proxy_pass http://127.0.0.1:4000;
}
}

重启 Nginx

1
systemctl restart nginx


创建管理员账户

启动 Pleroma 实例

1
su pleroma -s $SHELL -lc "./bin/pleroma daemon"

创建管理员账户

1
2
3
cd /opt/pleroma/bin

su pleroma -s $SHELL -lc "./bin/pleroma_ctl user new afgp abc@163.com --password sswr1e --admin"

弹出提示Continue? [Continue?] ,输入 y 。命令中的 afgp 是管理员账户的用户名 ,abc@163.com 是 管理员的电子邮箱地址,sswr1e 是管理员账户的密码。

本文最后更新于 天前,其中的信息可能已发生改变