netbsd_en.md (5609B)
- # Installing on NetBSD
- {! backend/installation/generic_dependencies.include !}
- ## Installing software used in this guide
- pkgin should have been installed by the NetBSD installer if you selected
- the right options. If it isn't installed, install it using pkg_add.
- Note that `postgresql11-contrib` is needed for the Postgres extensions
- Pleroma uses.
- The `mksh` shell is needed to run the Elixir `mix` script.
- `# pkgin install acmesh elixir git-base git-docs mksh nginx postgresql11-server postgresql11-client postgresql11-contrib sudo ffmpeg4 ImageMagick`
- You can also build these packages using pkgsrc:
- ```
- databases/postgresql11-contrib
- databases/postgresql11-client
- databases/postgresql11-server
- devel/git-base
- devel/git-docs
- devel/cmake
- lang/elixir
- security/acmesh
- security/sudo
- shells/mksh
- www/nginx
- ```
- Copy the rc.d scripts to the right directory:
- ```
- # cp /usr/pkg/share/examples/rc.d/nginx /usr/pkg/share/examples/rc.d/pgsql /etc/rc.d
- ```
- Add nginx and Postgres to `/etc/rc.conf`:
- ```
- nginx=YES
- pgsql=YES
- ```
- ## Configuring postgres
- First, run `# /etc/rc.d/pgsql start`. Then, `$ sudo -Hu pgsql -g pgsql createdb`.
- ### Install media / graphics packages (optional, see [`docs/installation/optional/media_graphics_packages.md`](../installation/optional/media_graphics_packages.md))
- `# pkgin install ImageMagick ffmpeg4 p5-Image-ExifTool`
- ## Configuring Pleroma
- Create a user for Pleroma:
- ```
- # groupadd pleroma
- # useradd -d /home/pleroma -m -g pleroma -s /usr/pkg/bin/mksh pleroma
- # echo 'export LC_ALL="en_GB.UTF-8"' >> /home/pleroma/.profile
- # su -l pleroma -c $SHELL
- ```
- Clone the repository:
- ```
- $ cd /home/pleroma
- $ git clone -b stable https://git.pleroma.social/pleroma/pleroma.git
- ```
- Configure Pleroma. Note that you need a domain name at this point:
- ```
- $ cd /home/pleroma/pleroma
- $ mix deps.get
- $ MIX_ENV=prod mix pleroma.instance gen # You will be asked a few questions here.
- ```
- Since Postgres is configured, we can now initialize the database. There should
- now be a file in `config/setup_db.psql` that makes this easier. Edit it, and
- *change the password* to a password of your choice. Make sure it is secure, since
- it'll be protecting your database. Now initialize the database:
- ```
- $ sudo -Hu pgsql -g pgsql psql -f config/setup_db.psql
- ```
- Postgres allows connections from all users without a password by default. To
- fix this, edit `/usr/pkg/pgsql/data/pg_hba.conf`. Change every `trust` to
- `password`.
- Once this is done, restart Postgres with `# /etc/rc.d/pgsql restart`.
- Run the database migrations.
- You will need to do this whenever you update with `git pull`:
- ```
- $ MIX_ENV=prod mix ecto.migrate
- ```
- ## Configuring nginx
- Install the example configuration file
- `/home/pleroma/pleroma/installation/pleroma.nginx` to
- `/usr/pkg/etc/nginx.conf`.
- Note that it will need to be wrapped in a `http {}` block. You should add
- settings for the nginx daemon outside of the http block, for example:
- ```
- user nginx nginx;
- error_log /var/log/nginx/error.log;
- worker_processes 4;
- events {
- }
- ```
- Edit the defaults:
- * Change `ssl_certificate` and `ssl_trusted_certificate` to
- `/etc/nginx/tls/fullchain`.
- * Change `ssl_certificate_key` to `/etc/nginx/tls/key`.
- * Change `example.tld` to your instance's domain name.
- ### (Strongly recommended) serve media on another domain
- Refer to the [Hardening your instance](../configuration/hardening.md) document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors.
- ## Configuring acme.sh
- We'll be using acme.sh in Stateless Mode for TLS certificate renewal.
- First, get your account fingerprint:
- ```
- $ sudo -Hu nginx -g nginx acme.sh --register-account
- ```
- You need to add the following to your nginx configuration for the server
- running on port 80:
- ```
- location ~ ^/\.well-known/acme-challenge/([-_a-zA-Z0-9]+)$ {
- default_type text/plain;
- return 200 "$1.6fXAG9VyG0IahirPEU2ZerUtItW2DHzDzD9wZaEKpqd";
- }
- ```
- Replace the string after after `$1.` with your fingerprint.
- Start nginx:
- ```
- # /etc/rc.d/nginx start
- ```
- It should now be possible to issue a cert (replace `example.com`
- with your domain name):
- ```
- $ sudo -Hu nginx -g nginx acme.sh --issue -d example.com --stateless
- ```
- Let's add auto-renewal to `/etc/daily.local`
- (replace `example.com` with your domain):
- ```
- /usr/pkg/bin/sudo -Hu nginx -g nginx \
- /usr/pkg/sbin/acme.sh -r \
- -d example.com \
- --cert-file /etc/nginx/tls/cert \
- --key-file /etc/nginx/tls/key \
- --ca-file /etc/nginx/tls/ca \
- --fullchain-file /etc/nginx/tls/fullchain \
- --stateless
- ```
- ## Creating a startup script for Pleroma
- Copy the startup script to the correct location and make sure it's executable:
- ```
- # cp /home/pleroma/pleroma/installation/netbsd/rc.d/pleroma /etc/rc.d/pleroma
- # chmod +x /etc/rc.d/pleroma
- ```
- Add the following to `/etc/rc.conf`:
- ```
- pleroma=YES
- pleroma_home="/home/pleroma"
- pleroma_user="pleroma"
- ```
- Run `# /etc/rc.d/pleroma start` to start Pleroma.
- ## Conclusion
- Restart nginx with `# /etc/rc.d/nginx restart` and you should be up and running.
- Make sure your time is in sync, or other instances will receive your posts with
- incorrect timestamps. You should have ntpd running.
- ## Instances running NetBSD
- * <https://catgirl.science>
- #### Further reading
- {! backend/installation/further_reading.include !}
- ## Questions
- Questions about the installation or didn’t it work as it should be, ask in [#pleroma:libera.chat](https://matrix.to/#/#pleroma:libera.chat) via Matrix or **#pleroma** on **libera.chat** via IRC.