※mastodonインスタンス作成をまとめています。
【使用した物】
さくらVPS 1G CentOS 7.3
【インストール手順】
OSのパッケージインストールして再起動
# yum -y update
# reboot
docker、docker-composeのインストール
# yum -y install docker
# curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
firewalldの設定
http(80)とhttps(443)ポートを開ける。
# firewall-cmd –add-service=http –zone=public –permanen
# firewall-cmd –add-service=https –zone=public –permanen
# firewall-cmd –reload
success
# firewall-cmd –list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client http https ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
enginxのインストール
# rpm -ivh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
# yum -y update nginx-release-centos
# yum -y –enablerepo=nginx install nginx
# nginx -v
nginx version: nginx/1.12.0
Mastodonをgit cloneからダウンロード
# cd /home
# git clone https://github.com/tootsuite/mastodon.git
remote: Counting objects: 26012, done.
remote: Compressing objects: 100% (9/9), done.
remote: Total 26012 (delta 0), reused 0 (delta 0), pack-reused 26002
Receiving objects: 100% (26012/26012), 34.36 MiB | 9.02 MiB/s, done.
Resolving deltas: 100% (15651/15651), done.
# cd mastodon/
データの永続化設定
# vi docker-compose.yml
(コメントの#文字を外す)
# volumes: # - ./postgres:/var/lib/postgresql/data # volumes: # - ./redis:/data
シークレットキーの発行
# docker-compose run –rm web rake secret ※3回実行
.env.production設定ファイルを編集
# cp .env.production.sample .env.production
# Federation LOCAL_DOMAIN=使用サイトのドメイン名を入れる LOCAL_HTTPS=true # Application secrets # Generate each with the `rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose) PAPERCLIP_SECRET=シークレットキーの発行で作成したキー SECRET_KEY_BASE=シークレットキーの発行で作成したキー OTP_SECRET=シークレットキーの発行で作成したキー # E-mail configuration # Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers # If you want to use an SMTP server without authentication (e.g local Postfix relay) # then set SMTP_AUTH_METHOD to 'none' and *comment* SMTP_LOGIN and SMTP_PASSWORD. # Leaving them blank is not enough for authentication method 'none'. SMTP_SERVER=smtp.sparkpostmail.com ※SparkPostでの設定例 SMTP_PORT=587 SMTP_LOGIN=SMTP_Injection SMTP_PASSWORD=XXXXXXXX ※SparkPostで取得したパスワードを入力 SMTP_FROM_ADDRESS=送信するアドレス SMTP_AUTH_METHOD=plain SMTP_OPENSSL_VERIFY_MODE=none SMTP_ENABLE_STARTTLS_AUTO=true
nginxプロキシ設定ファイル作成
mastodon.confを作成し「https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Production-guide.md」から内容を持ってくる。
vi /etc/nginx/conf.d/mastodon.conf
map $http_upgrade $connection_upgrade { default upgrade; '' close; } server { listen 80; listen [::]:80; server_name example.com; # Useful for Let's Encrypt location /.well-known/acme-challenge/ { allow all; } location / { return 301 https://$host$request_uri; } } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name example.com; ssl_protocols TLSv1.2; ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; #ssl_dhparam /etc/ssl/certs/dhparam.pem; 使用しないのでコメントアウト error_log /var/log/nginx/mastodon/error.log warn; #ログを出力するため記載 access_log /var/log/nginx/mastodon/access.log main; #ログを出力するため記載 keepalive_timeout 70; sendfile on; client_max_body_size 0; root /home/mastodon/public; #/home/mastodon/live/public⇒/home/mastodon/publicに修正 gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; add_header Strict-Transport-Security "max-age=31536000"; location / { try_files $uri @proxy; } location ~ ^/(assets|system/media_attachments/files|system/accounts/avatars) { add_header Cache-Control "public, max-age=31536000, immutable"; } location @proxy { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Proxy ""; proxy_pass_header Server; proxy_pass http://127.0.0.1:3000; proxy_buffering off; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; tcp_nodelay on; } location /api/v1/streaming { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Proxy ""; proxy_pass http://localhost:4000; proxy_buffering off; proxy_redirect off; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; tcp_nodelay on; } error_page 500 501 502 503 504 /500.html; }
certbotインストール
# yum -y install epel-release
# yum -y install certbot python-certbot-apache
No Responses