diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/API/admin_api.md | 196 | ||||
| -rw-r--r-- | docs/API/differences_in_mastoapi_responses.md | 3 | ||||
| -rw-r--r-- | docs/API/pleroma_api.md | 63 | ||||
| -rw-r--r-- | docs/admin/config.md | 79 | ||||
| -rw-r--r-- | docs/administration/CLI_tasks/config.md | 6 | ||||
| -rw-r--r-- | docs/administration/CLI_tasks/digest.md | 3 | ||||
| -rw-r--r-- | docs/configuration/cheatsheet.md | 24 | ||||
| -rw-r--r-- | docs/installation/centos7_en.md | 274 | ||||
| -rw-r--r-- | docs/installation/migrating_from_source_otp_en.md | 53 | ||||
| -rw-r--r-- | docs/installation/otp_en.md | 152 |
10 files changed, 348 insertions, 505 deletions
diff --git a/docs/API/admin_api.md b/docs/API/admin_api.md index d98a78af0..07aa7ec3f 100644 --- a/docs/API/admin_api.md +++ b/docs/API/admin_api.md @@ -3,7 +3,7 @@ Authentication is required and the user must be an admin. Configuration options: - + * `[:auth, :enforce_oauth_admin_scope_usage]` — OAuth admin scope requirement toggle. If `true`, admin actions explicitly demand admin OAuth scope(s) presence in OAuth token (client app must support admin scopes). If `false` and token doesn't have admin scope(s), `is_admin` user flag grants access to admin-specific actions. @@ -665,27 +665,16 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret - 404 Not Found `"Not found"` - On success: 200 OK `{}` -## `GET /api/pleroma/admin/config/migrate_to_db` - -### Run mix task pleroma.config migrate_to_db - -Copy settings on key `:pleroma` to DB. - -- Params: none -- Response: - -```json -{} -``` - ## `GET /api/pleroma/admin/config/migrate_from_db` ### Run mix task pleroma.config migrate_from_db -Copy all settings from DB to `config/prod.exported_from_db.secret.exs` with deletion from DB. +Copies all settings from database to `config/{env}.exported_from_db.secret.exs` with deletion from the table. Where `{env}` is the environment in which `pleroma` is running. - Params: none - Response: + - On failure: + - 400 Bad Request `"To use this endpoint you need to enable configuration from database."` ```json {} @@ -693,20 +682,24 @@ Copy all settings from DB to `config/prod.exported_from_db.secret.exs` with dele ## `GET /api/pleroma/admin/config` -### List config settings +### Get list of merged default settings with saved in database. -List config settings only works with `:pleroma => :instance => :dynamic_configuration` setting to `true`. +**Only works when configuration from database is enabled.** -- Params: none +- Params: + - `only_db`: true (*optional*, get only saved in database settings) - Response: + - On failure: + - 400 Bad Request `"To use this endpoint you need to enable configuration from database."` + - 400 Bad Request `"To use configuration from database migrate your settings to database."` ```json { configs: [ { - "group": string, - "key": string or string with leading `:` for atoms, - "value": string or {} or [] or {"tuple": []} + "group": ":pleroma", + "key": "Pleroma.Upload", + "value": [] } ] } @@ -716,44 +709,107 @@ List config settings only works with `:pleroma => :instance => :dynamic_configur ### Update config settings -Updating config settings only works with `:pleroma => :instance => :dynamic_configuration` setting to `true`. -Module name can be passed as string, which starts with `Pleroma`, e.g. `"Pleroma.Upload"`. -Atom keys and values can be passed with `:` in the beginning, e.g. `":upload"`. -Tuples can be passed as `{"tuple": ["first_val", Pleroma.Module, []]}`. -`{"tuple": ["some_string", "Pleroma.Some.Module", []]}` will be converted to `{"some_string", Pleroma.Some.Module, []}`. -Keywords can be passed as lists with 2 child tuples, e.g. -`[{"tuple": ["first_val", Pleroma.Module]}, {"tuple": ["second_val", true]}]`. +**Only works when configuration from database is enabled.** + +Some modifications are necessary to save the config settings correctly: -If value contains list of settings `[subkey: val1, subkey2: val2, subkey3: val3]`, it's possible to remove only subkeys instead of all settings passing `subkeys` parameter. E.g.: -{"group": "pleroma", "key": "some_key", "delete": "true", "subkeys": [":subkey", ":subkey3"]}. +- strings which start with `Pleroma.`, `Phoenix.`, `Tesla.` or strings like `Oban`, `Ueberauth` will be converted to modules; +``` +"Pleroma.Upload" -> Pleroma.Upload +"Oban" -> Oban +``` +- strings starting with `:` will be converted to atoms; +``` +":pleroma" -> :pleroma +``` +- objects with `tuple` key and array value will be converted to tuples; +``` +{"tuple": ["string", "Pleroma.Upload", []]} -> {"string", Pleroma.Upload, []} +``` +- arrays with *tuple objects* will be converted to keywords; +``` +[{"tuple": [":key1", "value"]}, {"tuple": [":key2", "value"]}] -> [key1: "value", key2: "value"] +``` -Compile time settings (need instance reboot): -- all settings by this keys: +Most of the settings will be applied in `runtime`, this means that you don't need to restart the instance. But some settings are applied in `compile time` and require a reboot of the instance, such as: +- all settings inside these keys: - `:hackney_pools` - `:chat` - - `Pleroma.Web.Endpoint` - - `Pleroma.Repo` -- part settings: - - `Pleroma.Captcha` -> `:seconds_valid` - - `Pleroma.Upload` -> `:proxy_remote` - - `:instance` -> `:upload_limit` - -- Params: - - `configs` => [ - - `group` (string) - - `key` (string or string with leading `:` for atoms) - - `value` (string, [], {} or {"tuple": []}) - - `delete` = true (optional, if parameter must be deleted) - - `subkeys` [(string with leading `:` for atoms)] (optional, works only if `delete=true` parameter is passed, otherwise will be ignored) +- partially settings inside these keys: + - `:seconds_valid` in `Pleroma.Captcha` + - `:proxy_remote` in `Pleroma.Upload` + - `:upload_limit` in `:instance` + +- Params: + - `configs` - array of config objects + - config object params: + - `group` - string (**required**) + - `key` - string (**required**) + - `value` - string, [], {} or {"tuple": []} (**required**) + - `delete` - true (*optional*, if setting must be deleted) + - `subkeys` - array of strings (*optional*, only works when `delete=true` parameter is passed, otherwise will be ignored) + +*When a value have several nested settings, you can delete only some nested settings by passing a parameter `subkeys`, without deleting all settings by key.* +``` +[subkey: val1, subkey2: val2, subkey3: val3] \\ initial value +{"group": ":pleroma", "key": "some_key", "delete": true, "subkeys": [":subkey", ":subkey3"]} \\ passing json for deletion +[subkey2: val2] \\ value after deletion +``` + +*Most of the settings can be partially updated through merge old values with new values, except settings value of which is list or is not keyword.* + +Example of setting without keyword in value: +```elixir +config :tesla, :adapter, Tesla.Adapter.Hackney +``` + +List of settings which support only full update by key: +```elixir +@full_key_update [ + {:pleroma, :ecto_repos}, + {:quack, :meta}, + {:mime, :types}, + {:cors_plug, [:max_age, :methods, :expose, :headers]}, + {:auto_linker, :opts}, + {:swarm, :node_blacklist}, + {:logger, :backends} ] +``` -- Request (example): +List of settings which support only full update by subkey: +```elixir +@full_subkey_update [ + {:pleroma, :assets, :mascots}, + {:pleroma, :emoji, :groups}, + {:pleroma, :workers, :retries}, + {:pleroma, :mrf_subchain, :match_actor}, + {:pleroma, :mrf_keyword, :replace} + ] +``` + +*Settings without explicit key must be sended in separate config object params.* +```elixir +config :quack, + level: :debug, + meta: [:all], + ... +``` +```json +{ + configs: [ + {"group": ":quack", "key": ":level", "value": ":debug"}, + {"group": ":quack", "key": ":meta", "value": [":all"]}, + ... + ] +} +``` +- Request: ```json { configs: [ { - "group": "pleroma", + "group": ":pleroma", "key": "Pleroma.Upload", "value": [ {"tuple": [":uploader", "Pleroma.Uploaders.Local"]}, @@ -763,7 +819,7 @@ Compile time settings (need instance reboot): {"tuple": [":proxy_opts", [ {"tuple": [":redirect_on_failure", false]}, {"tuple": [":max_body_length", 1048576]}, - {"tuple": [":http": [ + {"tuple": [":http", [ {"tuple": [":follow_redirect", true]}, {"tuple": [":pool", ":upload"]}, ]]} @@ -779,19 +835,53 @@ Compile time settings (need instance reboot): ``` - Response: - + - On failure: + - 400 Bad Request `"To use this endpoint you need to enable configuration from database."` ```json { configs: [ { - "group": string, - "key": string or string with leading `:` for atoms, - "value": string or {} or [] or {"tuple": []} + "group": ":pleroma", + "key": "Pleroma.Upload", + "value": [...] } ] } ``` +## ` GET /api/pleroma/admin/config/descriptions` + +### Get JSON with config descriptions. +Loads json generated from `config/descriptions.exs`. + +- Params: none +- Response: + +```json +[{ + "group": ":pleroma", // string + "key": "ModuleName", // string + "type": "group", // string or list with possible values, + "description": "Upload general settings", // string + "children": [ + { + "key": ":uploader", // string or module name `Pleroma.Upload` + "type": "module", + "description": "Module which will be used for uploads", + "suggestions": ["module1", "module2"] + }, + { + "key": ":filters", + "type": ["list", "module"], + "description": "List of filter modules for uploads", + "suggestions": [ + "module1", "module2", "module3" + ] + } + ] +}] +``` + ## `GET /api/pleroma/admin/moderation_log` ### Get moderation log diff --git a/docs/API/differences_in_mastoapi_responses.md b/docs/API/differences_in_mastoapi_responses.md index 7f5d7681d..3f75a13f7 100644 --- a/docs/API/differences_in_mastoapi_responses.md +++ b/docs/API/differences_in_mastoapi_responses.md @@ -29,6 +29,7 @@ Has these additional fields under the `pleroma` object: - `spoiler_text`: a map consisting of alternate representations of the `spoiler_text` property with the key being it's mimetype. Currently the only alternate representation supported is `text/plain` - `expires_at`: a datetime (iso8601) that states when the post will expire (be deleted automatically), or empty if the post won't expire - `thread_muted`: true if the thread the post belongs to is muted +- `emoji_reactions`: A list with emoji / reaction count tuples. Contains no information about the reacting users, for that use the `emoji_reactions_by` endpoint. ## Attachments @@ -46,7 +47,7 @@ The `id` parameter can also be the `nickname` of the user. This only works in th Has these additional fields under the `pleroma` object: - `tags`: Lists an array of tags for the user -- `relationship{}`: Includes fields as documented for Mastodon API https://docs.joinmastodon.org/api/entities/#relationship +- `relationship{}`: Includes fields as documented for Mastodon API https://docs.joinmastodon.org/entities/relationship/ - `is_moderator`: boolean, nullable, true if user is a moderator - `is_admin`: boolean, nullable, true if user is an admin - `confirmation_pending`: boolean, true if a new user account is waiting on email confirmation to be activated diff --git a/docs/API/pleroma_api.md b/docs/API/pleroma_api.md index 7228d805b..9ca8a5af0 100644 --- a/docs/API/pleroma_api.md +++ b/docs/API/pleroma_api.md @@ -70,59 +70,6 @@ Request parameters can be passed via [query strings](https://en.wikipedia.org/wi * Response: JSON. Returns `{"status": "success"}` if the account was successfully disabled, `{"error": "[error message]"}` otherwise * Example response: `{"error": "Invalid password."}` -## `/api/account/register` -### Register a new user -* Method `POST` -* Authentication: not required -* Params: - * `nickname` - * `fullname` - * `bio` - * `email` - * `password` - * `confirm` - * `captcha_solution`: optional, contains provider-specific captcha solution, - * `captcha_token`: optional, contains provider-specific captcha token - * `token`: invite token required when the registrations aren't public. -* Response: JSON. Returns a user object on success, otherwise returns `{"error": "error_msg"}` -* Example response: -```json -{ - "background_image": null, - "cover_photo": "https://pleroma.soykaf.com/images/banner.png", - "created_at": "Tue Dec 18 16:55:56 +0000 2018", - "default_scope": "public", - "description": "blushy-crushy fediverse idol + pleroma dev\nlet's be friends \nぷれろまの生徒会長。謎の外人。日本語OK. \n公主病.", - "description_html": "blushy-crushy fediverse idol + pleroma dev.<br />let's be friends <br />ぷれろまの生徒会長。謎の外人。日本語OK. <br />公主病.", - "favourites_count": 0, - "fields": [], - "followers_count": 0, - "following": false, - "follows_you": false, - "friends_count": 0, - "id": 6, - "is_local": true, - "locked": false, - "name": "lain", - "name_html": "lain", - "no_rich_text": false, - "pleroma": { - "tags": [] - }, - "profile_image_url": "https://pleroma.soykaf.com/images/avi.png", - "profile_image_url_https": "https://pleroma.soykaf.com/images/avi.png", - "profile_image_url_original": "https://pleroma.soykaf.com/images/avi.png", - "profile_image_url_profile_size": "https://pleroma.soykaf.com/images/avi.png", - "rights": { - "delete_others_notice": false - }, - "screen_name": "lain", - "statuses_count": 0, - "statusnet_blocking": false, - "statusnet_profile_url": "https://pleroma.soykaf.com/users/lain" -} -``` - ## `/api/pleroma/admin/`… See [Admin-API](admin_api.md) @@ -504,11 +451,11 @@ Emoji reactions work a lot like favourites do. They make it possible to react to * Method: `GET` * Authentication: optional * Params: None -* Response: JSON, a map of emoji to account list mappings. +* Response: JSON, a list of emoji/account list tuples, sorted by emoji insertion date, in ascending order, e.g, the first emoji in the list is the oldest. * Example Response: ```json -{ - "😀" => [{"id" => "xyz.."...}, {"id" => "zyx..."}], - "🗡" => [{"id" => "abc..."}] -} +[ + ["😀", [{"id" => "xyz.."...}, {"id" => "zyx..."}]], + ["☕", [{"id" => "abc..."}]] +] ``` diff --git a/docs/admin/config.md b/docs/admin/config.md new file mode 100644 index 000000000..35e43b6a9 --- /dev/null +++ b/docs/admin/config.md @@ -0,0 +1,79 @@ +# Configuring instance +You can configure your instance from admin interface. You need account with admin rights and little change in config file, which will allow settings configuration from database. + +```elixir +config :pleroma, configurable_from_database: true +``` + +## How it works +Settings are stored in database and are applied in `runtime` after each change. Most of the settings take effect immediately, except some, which need instance reboot. These settings are needed in `compile time`, that's why settings are duplicated to the file. + +File with duplicated settings is located in `config/{env}.exported_from_db.exs` if pleroma is runned from source. For prod env it will be `config/prod.exported_from_db.exs`. + +For releases: `/etc/pleroma/prod.exported_from_db.secret.exs` or `PLEROMA_CONFIG_PATH/prod.exported_from_db.exs`. + +## How to set it up +You need to migrate your existing settings to the database. This task will migrate only added by user settings. +For example you add settings to `prod.secret.exs` file, only these settings will be migrated to database. For release it will be `/etc/pleroma/config.exs` or `PLEROMA_CONFIG_PATH`. +You can do this with mix task (all config files will remain untouched): + +```sh tab="OTP" + ./bin/pleroma_ctl config migrate_to_db +``` + +```sh tab="From Source" +mix pleroma.config migrate_to_db +``` + +Now you can change settings in admin interface. After each save, settings from database are duplicated to the `config/{env}.exported_from_db.exs` file. + +<span style="color:red">**ATTENTION**</span> + +**<span style="color:red">Be careful while changing the settings. Every inaccurate configuration change can break the federation or the instance load.</span>** + +*Compile time settings, which require instance reboot and can break instance loading:* +- all settings inside these keys: + - `:hackney_pools` + - `:chat` +- partially settings inside these keys: + - `:seconds_valid` in `Pleroma.Captcha` + - `:proxy_remote` in `Pleroma.Upload` + - `:upload_limit` in `:instance` + +## How to dump settings from database to file + +*Adding `-d` flag will delete migrated settings from database table.* + +```sh tab="OTP" + ./bin/pleroma_ctl config migrate_from_db [-d] +``` + +```sh tab="From Source" +mix pleroma.config migrate_from_db [-d] +``` + + +## How to completely remove it + +1. Truncate or delete all values from `config` table +```sql +TRUNCATE TABLE config; +``` +2. Delete `config/{env}.exported_from_db.exs`. + +For `prod` env: +```bash +cd /opt/pleroma +cp config/prod.exported_from_db.exs config/exported_from_db.back +rm -rf config/prod.exported_from_db.exs +``` +*If you don't want to backup settings, you can skip step with `cp` command.* + +3. Set configurable_from_database to `false`. +```elixir +config :pleroma, configurable_from_database: false +``` +4. Restart pleroma instance +```bash +sudo service pleroma restart +``` diff --git a/docs/administration/CLI_tasks/config.md b/docs/administration/CLI_tasks/config.md index e9d44b9a4..2af51c247 100644 --- a/docs/administration/CLI_tasks/config.md +++ b/docs/administration/CLI_tasks/config.md @@ -18,11 +18,11 @@ mix pleroma.config migrate_to_db ## Transfer config from DB to `config/env.exported_from_db.secret.exs` +To delete transfered settings from database optional flag `-d` can be used. <env> is `prod` by default. ```sh tab="OTP" - ./bin/pleroma_ctl config migrate_from_db <env> + ./bin/pleroma_ctl config migrate_from_db [--env=<env>] [-d] ``` ```sh tab="From Source" -mix pleroma.config migrate_from_db <env> +mix pleroma.config migrate_from_db [--env=<env>] [-d] ``` - diff --git a/docs/administration/CLI_tasks/digest.md b/docs/administration/CLI_tasks/digest.md index a70f24c06..1badda8c3 100644 --- a/docs/administration/CLI_tasks/digest.md +++ b/docs/administration/CLI_tasks/digest.md @@ -14,8 +14,9 @@ mix pleroma.digest test <nickname> [<since_date>] Example: + ```sh tab="OTP" - ./bin/pleroma_ctl digest test donaldtheduck 2019-05-20 +./bin/pleroma_ctl digest test donaldtheduck 2019-05-20 ``` ```sh tab="From Source" diff --git a/docs/configuration/cheatsheet.md b/docs/configuration/cheatsheet.md index ef2711e3c..30d673eba 100644 --- a/docs/configuration/cheatsheet.md +++ b/docs/configuration/cheatsheet.md @@ -70,11 +70,6 @@ You shouldn't edit the base config directly to avoid breakages and merge conflic * `account_field_value_length`: An account field value maximum length (default: `2048`). * `external_user_synchronization`: Enabling following/followers counters synchronization for external users. -!!! danger - This is a Work In Progress, not usable just yet - -* `dynamic_configuration`: Allow transferring configuration to DB with the subsequent customization from Admin api. - ## Federation ### MRF policies @@ -355,7 +350,7 @@ Available caches: * `proxy_url`: an upstream proxy to fetch posts and/or media with, (default: `nil`) * `send_user_agent`: should we include a user agent with HTTP requests? (default: `true`) -* `user_agent`: what user agent should we use? (default: `:default`), must be string or `:default` +* `user_agent`: what user agent should we use? (default: `:default`), must be string or `:default` * `adapter`: array of hackney options @@ -379,13 +374,19 @@ For each pool, the options are: ## Captcha ### Pleroma.Captcha + * `enabled`: Whether the captcha should be shown on registration. * `method`: The method/service to use for captcha. * `seconds_valid`: The time in seconds for which the captcha is valid. ### Captcha providers +#### Pleroma.Captcha.Native + +A built-in captcha provider. Enabled by default. + #### Pleroma.Captcha.Kocaptcha + Kocaptcha is a very simple captcha service with a single API endpoint, the source code is here: https://github.com/koto-bank/kocaptcha. The default endpoint `https://captcha.kotobank.ch` is hosted by the developer. @@ -447,6 +448,7 @@ An example for Sendgrid adapter: ```elixir config :pleroma, Pleroma.Emails.Mailer, + enabled: true, adapter: Swoosh.Adapters.Sendgrid, api_key: "YOUR_API_KEY" ``` @@ -455,13 +457,13 @@ An example for SMTP adapter: ```elixir config :pleroma, Pleroma.Emails.Mailer, + enabled: true, adapter: Swoosh.Adapters.SMTP, relay: "smtp.gmail.com", username: "YOUR_USERNAME@gmail.com", password: "YOUR_SMTP_PASSWORD", port: 465, ssl: true, - tls: :always, auth: :always ``` @@ -830,3 +832,11 @@ config :auto_linker, rel: "ugc" ] ``` + +## Custom Runtime Modules (`:modules`) + +* `runtime_dir`: A path to custom Elixir modules (such as MRF policies). + + +## :configurable_from_database +Enable/disable configuration from database. diff --git a/docs/installation/centos7_en.md b/docs/installation/centos7_en.md deleted file mode 100644 index ad4f58dc1..000000000 --- a/docs/installation/centos7_en.md +++ /dev/null @@ -1,274 +0,0 @@ -# Installing on CentOS 7 -## Installation - -This guide is a step-by-step installation guide for CentOS 7. It also assumes that you have administrative rights, either as root or a user with [sudo permissions](https://www.digitalocean.com/community/tutorials/how-to-create-a-sudo-user-on-centos-quickstart). If you want to run this guide with root, ignore the `sudo` at the beginning of the lines, unless it calls a user like `sudo -Hu pleroma`; in this case, use `su <username> -s $SHELL -c 'command'` instead. - -### Required packages - -* `postgresql` (9,6+, CentOS 7 comes with 9.2, we will install version 11 in this guide) -* `elixir` (1.5+) -* `erlang` -* `erlang-parsetools` -* `erlang-xmerl` -* `git` -* Development Tools - -#### Optional packages used in this guide - -* `nginx` (preferred, example configs for other reverse proxies can be found in the repo) -* `certbot` (or any other ACME client for Let’s Encrypt certificates) - -### Prepare the system - -* First update the system, if not already done: - -```shell -sudo yum update -``` - -* Install some of the above mentioned programs: - -```shell -sudo yum install wget git unzip -``` - -* Install development tools: - -```shell -sudo yum group install "Development Tools" -``` - -### Install Elixir and Erlang - -* Add the EPEL repo: - -```shell -sudo yum install epel-release -sudo yum -y update -``` - -* Install Erlang repository: - -```shell -wget -P /tmp/ https://packages.erlang-solutions.com/erlang-solutions-1.0-1.noarch.rpm -sudo rpm -Uvh erlang-solutions-1.0-1.noarch.rpm -``` - -* Install Erlang: - -```shell -sudo yum install erlang erlang-parsetools erlang-xmerl -``` - -* Download [latest Elixir release from Github](https://github.com/elixir-lang/elixir/releases/tag/v1.8.1) (Example for the newest version at the time when this manual was written) - -```shell -wget -P /tmp/ https://github.com/elixir-lang/elixir/releases/download/v1.8.1/Precompiled.zip -``` - -* Create folder where you want to install Elixir, we’ll use: - -```shell -sudo mkdir -p /opt/elixir -``` - -* Unzip downloaded file there: - -```shell -sudo unzip /tmp/Precompiled.zip -d /opt/elixir -``` - -* Create symlinks for the pre-compiled binaries: - -```shell -for e in elixir elixirc iex mix; do sudo ln -s /opt/elixir/bin/${e} /usr/local/bin/${e}; done -``` - -### Install PostgreSQL - -* Add the Postgresql repository: - -```shell -sudo yum install https://download.postgresql.org/pub/repos/yum/11/redhat/rhel-7-x86_64/pgdg-centos11-11-2.noarch.rpm -``` - -* Install the Postgresql server: - -```shell -sudo yum install postgresql11-server postgresql11-contrib -``` - -* Initialize database: - -```shell -sudo /usr/pgsql-11/bin/postgresql-11-setup initdb -``` - -* Open configuration file `/var/lib/pgsql/11/data/pg_hba.conf` and change the following lines from: - -```plain -# IPv4 local connections: -host all all 127.0.0.1/32 ident -# IPv6 local connections: -host all all ::1/128 ident -``` - -to - -```plain -# IPv4 local connections: -host all all 127.0.0.1/32 md5 -# IPv6 local connections: -host all all ::1/128 md5 -``` - -* Enable and start postgresql server: - -```shell -sudo systemctl enable --now postgresql-11.service -``` - -### Install PleromaBE - -* Add a new system user for the Pleroma service: - -```shell -sudo useradd -r -s /bin/false -m -d /var/lib/pleroma -U pleroma -``` - -**Note**: To execute a single command as the Pleroma system user, use `sudo -Hu pleroma command`. You can also switch to a shell by using `sudo -Hu pleroma $SHELL`. If you don’t have and want `sudo` on your system, you can use `su` as root user (UID 0) for a single command by using `su -l pleroma -s $SHELL -c 'command'` and `su -l pleroma -s $SHELL` for starting a shell. - -* Git clone the PleromaBE repository and make the Pleroma user the owner of the directory: - -```shell -sudo mkdir -p /opt/pleroma -sudo chown -R pleroma:pleroma /opt/pleroma -sudo -Hu pleroma git clone -b stable https://git.pleroma.social/pleroma/pleroma /opt/pleroma -``` - -* Change to the new directory: - -```shell -cd /opt/pleroma -``` - -* Install the dependencies for Pleroma and answer with `yes` if it asks you to install `Hex`: - -```shell -sudo -Hu pleroma mix deps.get -``` - -* Generate the configuration: `sudo -Hu pleroma mix pleroma.instance gen` - * Answer with `yes` if it asks you to install `rebar3`. - * This may take some time, because parts of pleroma get compiled first. - * After that it will ask you a few questions about your instance and generates a configuration file in `config/generated_config.exs`. - -* Check the configuration and if all looks right, rename it, so Pleroma will load it (`prod.secret.exs` for productive instance, `dev.secret.exs` for development instances): - -```shell -mv config/{generated_config.exs,prod.secret.exs} -``` - -* The previous command creates also the file `config/setup_db.psql`, with which you can create the database: - -```shell -sudo -Hu postgres psql -f config/setup_db.psql -``` - -* Now run the database migration: - -```shell -sudo -Hu pleroma MIX_ENV=prod mix ecto.migrate -``` - -* Now you can start Pleroma already - -```shell -sudo -Hu pleroma MIX_ENV=prod mix phx.server -``` - -### Finalize installation - -If you want to open your newly installed instance to the world, you should run nginx or some other webserver/proxy in front of Pleroma and you should consider to create a systemd service file for Pleroma. - -#### Nginx - -* Install nginx, if not already done: - -```shell -sudo yum install nginx -``` - -* Setup your SSL cert, using your method of choice or certbot. If using certbot, first install it: - -```shell -sudo yum install certbot-nginx -``` - -and then set it up: - -```shell -sudo mkdir -p /var/lib/letsencrypt/ -sudo certbot certonly --email <your@emailaddress> -d <yourdomain> --standalone -``` - -If that doesn’t work, make sure, that nginx is not already running. If it still doesn’t work, try setting up nginx first (change ssl “on” to “off” and try again). - ---- - -* Copy the example nginx configuration to the nginx folder - -```shell -sudo cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/conf.d/pleroma.conf -``` - -* Before starting nginx edit the configuration and change it to your needs (e.g. change servername, change cert paths) -* Enable and start nginx: - -```shell -sudo systemctl enable --now nginx -``` - -If you need to renew the certificate in the future, uncomment the relevant location block in the nginx config and run: - -```shell -sudo certbot certonly --email <your@emailaddress> -d <yourdomain> --webroot -w /var/lib/letsencrypt/ -``` - -#### Other webserver/proxies - -You can find example configurations for them in `/opt/pleroma/installation/`. - -#### Systemd service - -* Copy example service file - -```shell -sudo cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service -``` - -* Edit the service file and make sure that all paths fit your installation -* Enable and start `pleroma.service`: - -```shell -sudo systemctl enable --now pleroma.service -``` - -#### Create your first user - -If your instance is up and running, you can create your first user with administrative rights with the following task: - -```shell -sudo -Hu pleroma MIX_ENV=prod mix pleroma.user new <username> <your@emailaddress> --admin -``` - -#### Further reading - -* [Backup your instance](../administration/backup.md) -* [Hardening your instance](../configuration/hardening.md) -* [How to activate mediaproxy](../configuration/howto_mediaproxy.md) -* [Updating your instance](../administration/updating.md) - -## Questions - -Questions about the installation or didn’t it work as it should be, ask in [#pleroma:matrix.org](https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org) or IRC Channel **#pleroma** on **Freenode**. diff --git a/docs/installation/migrating_from_source_otp_en.md b/docs/installation/migrating_from_source_otp_en.md index 87568faad..31c2f1294 100644 --- a/docs/installation/migrating_from_source_otp_en.md +++ b/docs/installation/migrating_from_source_otp_en.md @@ -1,42 +1,28 @@ # Switching a from-source install to OTP releases + ## What are OTP releases? OTP releases are as close as you can get to binary releases with Erlang/Elixir. The release is self-contained, and provides everything needed to boot it, it is easily administered via the provided shell script to open up a remote console, start/stop/restart the release, start in the background, send remote commands, and more. -### Can I still run the develop branch if I decide to use them? -Yes, we produce builds for every commit in `develop`. However `develop` is considered unstable, please don't use it in production because of faster access to new features, unless you need them as an app developer. -## Why would one want to switch? -Benefits of OTP releases over from-source installs include: -* **Less space used.** OTP releases come without source code, build tools, have docs and debug symbols stripped from the compiled bytecode and do not cointain tests, docs, revision history. -* **Minimal system dependencies.** Excluding the database and reverse proxy, only `curl`, `unzip` and `ncurses` are needed to download and run the release. Because Erlang runtime and Elixir are shipped with Pleroma, one can use the latest BEAM optimizations and Pleroma features, without having to worry about outdated system repos or a missing `erlang-*` package. -* **Potentially less bugs and better performance.** This extends on the previous point, because we have control over exactly what gets shipped, we can tweak the VM arguments and forget about weird bugs due to Erlang/Elixir version mismatches. -* **Faster and less bug-prone mix tasks.** On a from-source install one has to wait untill a new Pleroma node is started for each mix task and they execute outside of the instance context (for example if a user was deleted via a mix task, the instance will have no knowledge of that and continue to display status count and follows before the cache expires). Mix tasks in OTP releases are executed by calling into a running instance via RPC, which solves both of these problems. - -### Sounds great, how do I switch? -Currently we support Linux machines with GNU (e.g. Debian, Ubuntu) or musl (e.g. Alpine) libc and `x86_64`, `aarch64` or `armv7l` CPUs. If you are unsure, check the [Detecting flavour](otp_en.md#detecting-flavour) section in OTP install guide. If your platform is supported, proceed with the guide, if not check the [My platform is not supported](#my-platform-is-not-supported) section. -### I don't think it is worth the effort, can I stay on a from-source install? -Yes, currently there are no plans to deprecate them. - -### My platform is not supported -If you think your platform is a popular choice for running Pleroma instances, or has the potential to become one, you can [file an issue on our Gitlab](https://git.pleroma.social/pleroma/pleroma/issues/new). If not, guides on how to build and update releases by yourself will be available soon. + ## Pre-requisites You will be running commands as root. If you aren't root already, please elevate your priviledges by executing `sudo su`/`su`. The system needs to have `curl` and `unzip` installed for downloading and unpacking release builds. -Debian/Ubuntu: -```sh -apt install curl unzip -``` -Alpine: -``` +```sh tab="Alpine" apk add curl unzip +``` +```sh tab="Debian/Ubuntu" +apt install curl unzip ``` + ## Moving content out of the application directory When using OTP releases the application directory changes with every version so it would be a bother to keep content there (and also dangerous unless `--no-rm` option is used when updating). Fortunately almost all paths in Pleroma are configurable, so it is possible to move them out of there. Pleroma should be stopped before proceeding. ### Moving uploads/custom public files directory + ```sh # Create uploads directory and set proper permissions (skip if using a remote uploader) # Note: It does not have to be `/var/lib/pleroma/uploads`, you can configure it to be something else later @@ -92,8 +78,8 @@ Before proceeding, get the flavour from [Detecting flavour](otp_en.md#detecting- rm -r ~pleroma/* # Set the flavour environment variable to the string you got in Detecting flavour section. -# For example if the flavour is `arm64-musl` the command will be -export FLAVOUR="arm64-musl" +# For example if the flavour is `amd64-musl` the command will be +export FLAVOUR="amd64-musl" # Clone the release build into a temporary directory and unpack it # Replace `stable` with `unstable` if you want to run the unstable branch @@ -124,8 +110,15 @@ OTP releases have different service files than from-source installs so they need **Warning:** The service files assume pleroma user's home directory is `/opt/pleroma`, please make sure all paths fit your installation. -Debian/Ubuntu: -```sh +```sh tab="Alpine" +# Copy the service into a proper directory +cp -f ~pleroma/installation/init.d/pleroma /etc/init.d/pleroma + +# Start pleroma +rc-service pleroma start +``` + +```sh tab="Debian/Ubuntu" # Copy the service into a proper directory cp ~pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service @@ -139,14 +132,6 @@ systemctl reenable pleroma systemctl start pleroma ``` -Alpine: -```sh -# Copy the service into a proper directory -cp -f ~pleroma/installation/init.d/pleroma /etc/init.d/pleroma - -# Start pleroma -rc-service pleroma start -``` ## Running mix tasks Refer to [Running mix tasks](otp_en.md#running-mix-tasks) section from OTP release installation guide. ## Updating diff --git a/docs/installation/otp_en.md b/docs/installation/otp_en.md index 965e30e2a..93230806c 100644 --- a/docs/installation/otp_en.md +++ b/docs/installation/otp_en.md @@ -6,7 +6,7 @@ You will be running commands as root. If you aren't root already, please elevate your priviledges by executing `sudo su`/`su`. -While in theory OTP releases are possbile to install on any compatible machine, for the sake of simplicity this guide focuses only on Debian/Ubuntu/Alpine. +While in theory OTP releases are possbile to install on any compatible machine, for the sake of simplicity this guide focuses only on Debian/Ubuntu and Alpine. ### Detecting flavour @@ -20,6 +20,7 @@ If your platform is supported the output will contain the flavour string, you wi ### Installing the required packages Other than things bundled in the OTP release Pleroma depends on: + * curl (to download the release build) * unzip (needed to unpack release builds) * ncurses (ERTS won't run without it) @@ -27,18 +28,16 @@ Other than things bundled in the OTP release Pleroma depends on: * nginx (could be swapped with another reverse proxy but this guide covers only it) * certbot (for Let's Encrypt certificates, could be swapped with another ACME client, but this guide covers only it) -Debian/Ubuntu: -```sh -apt install curl unzip libncurses5 postgresql postgresql-contrib nginx certbot -``` -Alpine: - -```sh +```sh tab="Alpine" echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories apk update apk add curl unzip ncurses postgresql postgresql-contrib nginx certbot ``` +```sh tab="Debian/Ubuntu" +apt install curl unzip libncurses5 postgresql postgresql-contrib nginx certbot +``` + ## Setup ### Configuring PostgreSQL #### (Optional) Installing RUM indexes @@ -48,12 +47,7 @@ apk add curl unzip ncurses postgresql postgresql-contrib nginx certbot RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. You can read more about them on the [Configuration page](../configuration/cheatsheet.md#rum-indexing-for-full-text-search). They are completely optional and most of the time are not worth it, especially if you are running a single user instance (unless you absolutely need ordered search results). -Debian/Ubuntu (available only on Buster/19.04): -```sh -apt install postgresql-11-rum -``` -Alpine: -```sh +```sh tab="Alpine" apk add git build-base postgresql-dev git clone https://github.com/postgrespro/rum /tmp/rum cd /tmp/rum @@ -62,25 +56,31 @@ make USE_PGXS=1 install cd rm -r /tmp/rum ``` + +```sh tab="Debian/Ubuntu" +# Available only on Buster/19.04 +apt install postgresql-11-rum +``` + #### (Optional) Performance configuration For optimal performance, you may use [PGTune](https://pgtune.leopard.in.ua), don't forget to restart postgresql after editing the configuration -Debian/Ubuntu: -```sh -systemctl restart postgresql -``` -Alpine: -```sh +```sh tab="Alpine" rc-service postgresql restart ``` + +```sh tab="Debian/Ubuntu" +systemctl restart postgresql +``` + ### Installing Pleroma ```sh -# Create the Pleroma user +# Create a Pleroma user adduser --system --shell /bin/false --home /opt/pleroma pleroma # Set the flavour environment variable to the string you got in Detecting flavour section. -# For example if the flavour is `arm64-musl` the command will be -export FLAVOUR="arm64-musl" +# For example if the flavour is `amd64-musl` the command will be +export FLAVOUR="amd64-musl" # Clone the release build into a temporary directory and unpack it su pleroma -s $SHELL -lc " @@ -133,49 +133,52 @@ su pleroma -s $SHELL -lc "./bin/pleroma stop" ### Setting up nginx and getting Let's Encrypt SSL certificaties +#### Get a Let's Encrypt certificate ```sh -# Get a Let's Encrypt certificate certbot certonly --standalone --preferred-challenges http -d yourinstance.tld +``` + +#### Copy Pleroma nginx configuration to the nginx folder -# Copy the Pleroma nginx configuration to the nginx folder -# The location of nginx configs is dependent on the distro +The location of nginx configs is dependent on the distro -# For Debian/Ubuntu: +```sh tab="Alpine" +cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/conf.d/pleroma.conf +``` + +```sh tab="Debian/Ubuntu" cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx -# For Alpine: -cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/conf.d/pleroma.conf -# If your distro does not have either of those you can append -# `include /etc/nginx/pleroma.conf` to the end of the http section in /etc/nginx/nginx.conf and +``` + +If your distro does not have either of those you can append `include /etc/nginx/pleroma.conf` to the end of the http section in /etc/nginx/nginx.conf and +```sh cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/pleroma.conf +``` -# Edit the nginx config replacing example.tld with your (sub)domain +#### Edit the nginx config +```sh +# Replace example.tld with your (sub)domain $EDITOR path-to-nginx-config # Verify that the config is valid nginx -t +``` +#### Start nginx -# Start nginx -# For Debian/Ubuntu: -systemctl start nginx -# For Alpine: +```sh tab="Alpine" rc-service nginx start ``` -At this point if you open your (sub)domain in a browser you should see a 502 error, that's because pleroma is not started yet. +```sh tab="Debian/Ubuntu" +systemctl start nginx +``` + +At this point if you open your (sub)domain in a browser you should see a 502 error, that's because Pleroma is not started yet. ### Setting up a system service -Debian/Ubuntu: -```sh -# Copy the service into a proper directory -cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service -# Start pleroma and enable it on boot -systemctl start pleroma -systemctl enable pleroma -``` -Alpine: -```sh +```sh tab="Alpine" # Copy the service into a proper directory cp /opt/pleroma/installation/init.d/pleroma /etc/init.d/pleroma @@ -184,13 +187,22 @@ rc-service pleroma start rc-update add pleroma ``` +```sh tab="Debian/Ubuntu" +# Copy the service into a proper directory +cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service + +# Start pleroma and enable it on boot +systemctl start pleroma +systemctl enable pleroma +``` + If everything worked, you should see Pleroma-FE when visiting your domain. If that didn't happen, try reviewing the installation steps, starting Pleroma in the foreground and seeing if there are any errrors. -Still doesn't work? Feel free to contact us on [#pleroma on freenode](https://webchat.freenode.net/?channels=%23pleroma) or via matrix at <https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org>, you can also [file an issue on our Gitlab](https://git.pleroma.social/pleroma/pleroma/issues/new) +Still doesn't work? Feel free to contact us on [#pleroma on freenode](https://irc.pleroma.social) or via matrix at <https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org>, you can also [file an issue on our Gitlab](https://git.pleroma.social/pleroma/pleroma-support/issues/new) ## Post installation -### Setting up auto-renew Let's Encrypt certificate +### Setting up auto-renew of the Let's Encrypt certificate ```sh # Create the directory for webroot challenges mkdir -p /var/lib/letsencrypt @@ -201,25 +213,8 @@ $EDITOR path-to-nginx-config # Verify that the config is valid nginx -t ``` -Debian/Ubuntu: -```sh -# Restart nginx -systemctl restart nginx -# Ensure the webroot menthod and post hook is working -certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'systemctl nginx reload' - -# Add it to the daily cron -echo '#!/bin/sh -certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx" -' > /etc/cron.daily/renew-pleroma-cert -chmod +x /etc/cron.daily/renew-pleroma-cert - -# If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert -run-parts --test /etc/cron.daily -``` -Alpine: -```sh +```sh tab="Alpine" # Restart nginx rc-service nginx restart @@ -236,15 +231,25 @@ certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ -- ' > /etc/periodic/daily/renew-pleroma-cert chmod +x /etc/periodic/daily/renew-pleroma-cert -# If everything worked this should output /etc/periodic/daily/renew-pleroma-cert +# If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert run-parts --test /etc/periodic/daily ``` -### Running mix tasks -Throughout the wiki and guides there is a lot of references to mix tasks. Since `mix` is a build tool, you can't just call `mix pleroma.task`, instead you should call `pleroma_ctl` stripping pleroma/ecto namespace. -So for example, if the task is `mix pleroma.user set admin --admin`, you should run it like this: -```sh -su pleroma -s $SHELL -lc "./bin/pleroma_ctl user set admin --admin" +```sh tab="Debian/Ubuntu" +# Restart nginx +systemctl restart nginx + +# Ensure the webroot menthod and post hook is working +certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'systemctl reload nginx' + +# Add it to the daily cron +echo '#!/bin/sh +certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx" +' > /etc/cron.daily/renew-pleroma-cert +chmod +x /etc/cron.daily/renew-pleroma-cert + +# If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert +run-parts --test /etc/cron.daily ``` ## Create your first user and set as admin @@ -270,4 +275,3 @@ But you should **always check the release notes/changelog** in case there are co * [Backup your instance](../administration/backup.md) * [Hardening your instance](../configuration/hardening.md) * [How to activate mediaproxy](../configuration/howto_mediaproxy.md) -* [Updating your instance](../administration/updating.md) |