«

»

Avr 05

Installation d’une instance Mastodon

Installation d’une instance Mastodon.

Avec l’aide de Valère : https://hostux.social/about

Serveur Gandi

Localisation : Bissen, Luxembourg
Coeurs : 2
Ram : 2 Go
Disque système : 10 Go
Système d'exploitation : Debian 8 64 bits (HVM)
Nom du disque système : sysdisk01mas
Nom (Hostname) : server01mas
Identifiant administrateur : admin

Sommaire

1/ Connexion au serveur Gandi
2/ Mise-à-jour du système
3/ Installation des paquets de base
4/ Création de l’utilisateur ‘mastodon
5/ Installation des dépendances
6/ Installation de Redis
7/ Installation de PostgreSql
8/ Installation de Rbenv
9/ Installation de Mastodon
10/ Installation du serveur Nginx
11/ Gestion des tâches planifiées
12/ Administration
13/ Liens

Procédure

1/ Connexion au serveur Gandi.

[~] ➔ ssh admin@185.26.166.73
...
admin@185.26.166.73's password: 
...
[-----------------------------------------]
  Gandi - Welcome to your new OS image.
...
[-----------------------------------------]
admin@server01mas:~$ 

2/ Mise-à-jour du système.

– Connexion en root :

admin@server01mas:~$ su 
Password: 
root@server01mas:/home/admin# 

– Mise-à-jour des dépôts et mise-à-jour des paquets :

root@server01mas:/home/admin# apt-get update && apt-get upgrade

3/ Installation des paquets de base.

root@server01mas:/home/admin# apt-get install mc screen htop wget links vim curl git-core

4/ Création de l’utilisateur ‘mastodon‘.

root@server01mas:/home/admin# adduser mastodon

5/ Installation des dépendances.

– Installation de Nodejs :

root@server01mas:/home/admin# curl -sL https://deb.nodesource.com/setup_4.x |  bash -
root@server01mas:/home/admin# apt-get install nodejs

– Installation des dépendances :

root@server01mas:/home/admin# apt-get install imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev

– Installation de module Nodejs :

root@server01mas:/home/admin# npm install -g yarn

6/ Installation de Redis.

root@server01mas:/home/admin# apt-get install redis-server redis-tools

7/ Installation de PostgreSql.

– Installation des paquets :

root@server01mas:/home/admin# apt-get install postgresql postgresql-contrib

– Configuration de la base de données et de l’utilisateur :

root@server01mas:/home/admin# su - postgres
postgres@server01mas:~$ psql
psql (9.4.10)
...
postgres=# CREATE USER mastodon CREATEDB;
CREATE ROLE
postgres=# \q
postgres@server01mas:~$ exit
logout
root@server01mas:/home/admin# 

8/ Installation de Rbenv.

– Installation des prérequis :

root@server01mas:/home/admin# apt-get install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev

Lien :
https://github.com/rbenv/ruby-build/wiki#suggested-build-environment

– Utilisateur ‘mastodon‘ :

root@server01mas:/home/admin# su mastodon
mastodon@server01mas:/home/admin$ cd
mastodon@server01mas:~$ 

– Installation de rbenv :

mastodon@server01mas:~$ git clone https://github.com/rbenv/rbenv.git ~/.rbenv
mastodon@server01mas:~$ echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bash_profile
mastodon@server01mas:~$ echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
mastodon@server01mas:~$ echo 'eval "$(rbenv init -)"' >> ~/.bashrc
mastodon@server01mas:~$ ~/.rbenv/bin/rbenv init

– Vérification :

mastodon@server01mas:~$ source ~/.bash_profile 
mastodon@server01mas:~$ type rbenv
rbenv is /home/mastodon/.rbenv/bin/rbenv
mastodon@server01mas:~$ source ~/.bashrc
mastodon@server01mas:~$ type rbenv
rbenv is a function
rbenv () 
{ 
    local command;
    command="$1";
    if [ "$#" -gt 0 ]; then
        shift;
    fi;
    case "$command" in 
        rehash | shell)
            eval "$(rbenv "sh-$command" "$@")"
        ;;
        *)
            command rbenv "$command" "$@"
        ;;
    esac
}

Liens :
https://github.com/rbenv/rbenv#installation
https://www.digitalocean.com/community/tutorials/how-to-install-ruby-on-rails-with-rbenv-on-debian-8

– Installation de rbenv-build :

mastodon@server01mas:~$ git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build

– Installation de Ruby :

mastodon@server01mas:~$ rbenv install 2.3.1
mastodon@server01mas:~$ rbenv global 2.3.1
mastodon@server01mas:~$ ruby -v
ruby 2.3.1p112 (2016-04-26 revision 54768) [x86_64-linux]

9/ Installation de Mastodon.

– Configuration :

mastodon@server01mas:~$ echo "gem: --no-document" > ~/.gemrc

– Téléchargement de Mastodon :

mastodon@server01mas:~$ git clone https://github.com/Gargron/mastodon.git live
mastodon@server01mas:~$ cd live/

– Installation de bundler :

mastodon@server01mas:~/live$ gem install bundler
Fetching: bundler-1.14.6.gem (100%)
Successfully installed bundler-1.14.6
1 gem installed

– Installation des dépendences gem :

mastodon@server01mas:~/live$ bundle install --deployment --without development test
mastodon@server01mas:~/live$ yarn install

– Configuration du serveur :

mastodon@server01mas:~/live$ cp .env.production.sample .env.production

Ouvrir :

.env.production

Chercher :

# Service dependencies
REDIS_HOST=redis
REDIS_PORT=6379
DB_HOST=db
DB_USER=postgres
DB_NAME=postgres
DB_PASS=
DB_PORT=5432

# Federation
LOCAL_DOMAIN=example.com
LOCAL_HTTPS=true

Remplacer par :

# Service dependencies
REDIS_HOST=localhost
REDIS_PORT=6379
DB_HOST=/var/run/postgresql
DB_USER=mastodon
DB_NAME=mastodon_production
DB_PASS=
DB_PORT=5432

# Federation
LOCAL_DOMAIN=minimes.hacklab.science
LOCAL_HTTPS=true

– Configuration du serveur de mail Gandi :

Chercher :

# E-mail configuration
SMTP_SERVER=
SMTP_PORT=
SMTP_LOGIN=
SMTP_PASSWORD=
SMTP_FROM_ADDRESS=

Remplacer par :

SMTP_SERVER=mail.gandi.net
SMTP_PORT=587
SMTP_LOGIN=contact@hacklab-bidouilleur.fr
SMTP_PASSWORD=Mot2P@$$e
SMTP_FROM_ADDRESS=contact@hacklab-bidouilleur.fr

– Génération du secret :

mastodon@server01mas:~/live$ bundle exec rake secret
fe814ad09733f3d25acc0b43bb93bdb9d45e1f2a41754432af3d193576f54740c8d88418ea8d8FAKE3ab281844747fc2f7c8d585059ef82dd1f7d84bff51e8
mastodon@server01mas:~/live$ bundle exec rake secret
01a02a0ca068f65455f7dfd86de0f768cc8524c474e8278c865a45cd48cda19a48f73e7ee2f4FAKE4ea04d90496e745069bf0fcde399d8dc864910057496fb52
mastodon@server01mas:~/live$ bundle exec rake secret
fff3bf9df413c3c7d4c63c5d2969c39e099c4d4e91f3bc681e565c3457f90c8a6389a92ce1c7f9FAKE0a6dd2d72d4f1638b9b1004fd331a887559cb82893ac

Ouvrir :

.env.production

Chercher :

PAPERCLIP_SECRET=
SECRET_KEY_BASE=
OTP_SECRET=

Remplacer par :

PAPERCLIP_SECRET=fe814ad09733f3d25acc0b43bb93bdb9d45e1f2a41754432af3d193576f54740c8d88418ea8d8FAKE3ab281844747fc2f7c8d585059ef82dd1f7d84bff51e8
SECRET_KEY_BASE=01a02a0ca068f65455f7dfd86de0f768cc8524c474e8278c865a45cd48cda19a48f73e7ee2f4FAKE4ea04d90496e745069bf0fcde399d8dc864910057496fb52
OTP_SECRET=fff3bf9df413c3c7d4c63c5d2969c39e099c4d4e91f3bc681e565c3457f90c8a6389a92ce1c7f9FAKE0a6dd2d72d4f1638b9b1004fd331a887559cb82893ac

– Installation :

mastodon@server01mas:~/live$ RAILS_ENV=production bundle exec rails db:setup

– Pré-compilation des CSS et des JS :

mastodon@server01mas:~/live$ RAILS_ENV=production bundle exec rails assets:precompile

– Configuration de systemd :

mastodon@server01mas:~/live$ exit
exit
root@server01mas:/home/admin# 

Ouvrir :

/etc/systemd/system/mastodon-web.service

Ajouter :

[Unit]
Description=mastodon-web
After=network.target

[Service]
Type=simple
User=mastodon
WorkingDirectory=/home/mastodon/live
Environment="RAILS_ENV=production"
Environment="PORT=3000"
ExecStart=/home/mastodon/.rbenv/shims/bundle exec puma -C config/puma.rb
TimeoutSec=15
Restart=always

[Install]
WantedBy=multi-user.target

Ouvrir :

/etc/systemd/system/mastodon-sidekiq.service

Ajouter :

[Unit]
Description=mastodon-sidekiq
After=network.target

[Service]
Type=simple
User=mastodon
WorkingDirectory=/home/mastodon/live
Environment="RAILS_ENV=production"
Environment="DB_POOL=5"
ExecStart=/home/mastodon/.rbenv/shims/bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push
TimeoutSec=15
Restart=always

[Install]
WantedBy=multi-user.target

Ouvrir :

/etc/systemd/system/mastodon-streaming.service

Ajouter :

[Unit]
Description=mastodon-streaming
After=network.target

[Service]
Type=simple
User=mastodon
WorkingDirectory=/home/mastodon/live
Environment="NODE_ENV=production"
Environment="PORT=4000"
ExecStart=/usr/bin/npm run start
TimeoutSec=15
Restart=always

[Install]
WantedBy=multi-user.target

– Activation des services :

root@server01mas:/home/admin# screen
root@server01mas:/home/admin# systemctl enable /etc/systemd/system/mastodon-*.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mastodon-sidekiq.service to /etc/systemd/system/mastodon-sidekiq.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mastodon-streaming.service to /etc/systemd/system/mastodon-streaming.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/mastodon-web.service to /etc/systemd/system/mastodon-web.service.

– Lancement des services :

root@server01mas:/home/admin# systemctl start mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service

– Rédemarrage des services après modification du fichier de configuration :

root@server01mas:/home/admin# systemctl restart mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service

– Status des services :

root@server01mas:/home/admin# systemctl status mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service
● mastodon-web.service - mastodon-web
   Loaded: loaded (/etc/systemd/system/mastodon-web.service; enabled)
   Active: active (running) since Tue 2017-04-04 20:20:43 CEST; 15h ago
...
● mastodon-sidekiq.service - mastodon-sidekiq
...
Apr 04 20:20:43 server01mas systemd[1]: Started mastodon-sidekiq.
Apr 04 20:20:48 server01mas bundle[779]: 2017-04-04T18:20:48.057Z 779 TID-ovnjsa58w INFO: Booting Sidekiq 4.2.7 with...=>nil}
...
● mastodon-streaming.service - mastodon-streaming
...
 Main PID: 738 (npm)
   CGroup: /system.slice/mastodon-streaming.service
           ├─738 npm
           ├─806 sh -c babel-node ./streaming/index.js --presets es2015,stage-2
           ├─808 node /home/mastodon/live/node_modules/.bin/babel-node ./streaming/index.js --presets es2015,stage-2
           └─815 /usr/bin/nodejs /home/mastodon/live/node_modules/babel-cli/lib/_babel-node ./streaming/index.js --presets...
...
Apr 04 20:20:46 server01mas npm[738]: info Starting streaming API server on port 4000
Hint: Some lines were ellipsized, use -l to show in full.

10/ Installation du serveur Nginx.

– Installation de Nginx :

Ouvrir :

/etc/apt/sources.list.d/nginx.list

Ajouter à la fin :

deb http://nginx.org/packages/debian/ jessie nginx

Action :

# apt-get update
# apt-get install nginx

– Installation du reverse proxy Nginx :

Ouvrir :

/etc/nginx/conf.d/minimes.hacklab.science.conf

Ajouter :

map $http_upgrade $connection_upgrade {
	default upgrade;
	''      close;
}

server {
	listen 80;
	#listen [::]:80;	
	server_name minimes.hacklab.science;
	return 301 https://minimes.hacklab.science$request_uri;
}


server {
	listen 443 ssl http2;
	#listen [::]:443 ssl http2;
	server_name minimes.hacklab.science;

	ssl on;
	ssl_certificate /etc/letsencrypt/live/minimes.hacklab.science/fullchain.pem;
	ssl_certificate_key /etc/letsencrypt/live/minimes.hacklab.science/privkey.pem;
	ssl_dhparam /etc/ssl/certs/dhparam.pem;
	
	ssl_session_timeout 1d;
    	ssl_session_cache shared:SSL:50m;
    	ssl_session_tickets off;
	
	ssl_protocols TLSv1.2;
 	ssl_ciphers EECDH+AESGCM:EECDH+AES;
 	ssl_prefer_server_ciphers on;

	resolver 8.8.4.4 8.8.8.8 valid=300s;
	resolver_timeout 10s;
	ssl_stapling on;
	ssl_stapling_verify on;

 	add_header Strict-Transport-Security "max-age=15552000; includeSubdomains; preload";
	add_header X-Content-Type-Options nosniff;
	add_header X-XSS-Protection "1; mode=block";
	add_header X-Frame-Options SAMEORIGIN;


	keepalive_timeout    70;
	sendfile             on;
	client_max_body_size 0;

	gzip on;
	gzip_disable "msie6";

	gzip_vary on;
	gzip_proxied any;
	gzip_comp_level 6;
	gzip_buffers 16 8k;
	gzip_http_version 1.1;
	gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;


	root /home/mastodon/live/public;


	location / {
		try_files $uri @proxy;
	}

	location @proxy {
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto https;

		proxy_pass_header Server;

		proxy_pass http://127.0.0.1:3000;
		proxy_buffering off;
		proxy_redirect off;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;

		tcp_nodelay on;
	}

	location /api/v1/streaming {
		proxy_set_header Host $host;
		proxy_set_header X-Real-IP $remote_addr;
		proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
		proxy_set_header X-Forwarded-Proto https;

		proxy_pass http://127.0.0.1:4000;
		proxy_buffering off;
		proxy_redirect off;
		proxy_http_version 1.1;
		proxy_set_header Upgrade $http_upgrade;
		proxy_set_header Connection $connection_upgrade;

		tcp_nodelay on;
	}

	error_page 500 501 502 503 504 /500.html;
}

– Installation de Let’s Encrypt :

Ouvrir :

/etc/apt/sources.list

Ajouter à la fin :

deb http://httpredir.debian.org/debian jessie-backports main

Action :

# apt-get  update
# apt-get  install -t jessie-backports letsencrypt

– Arrêter le serveur Nginx :

root@server01mas:/home/admin# service nginx stop

– Génération du certificat Let’s Encrypt :

root@server01mas:/home/admin# letsencrypt certonly -d minimes.hacklab.science --agree-tos -m lesanglierdesardennes@gmail.com --rsa-key-size 4096 --standalone

– Génération de dhparam :

root@server01mas:/home/admin# openssl dhparam -out /etc/ssl/certs/dhparam.pem 4096

– Démarrage de Nginx :

root@server01mas:/home/admin# service nginx start

– Test :

https://minimes.hacklab.science/

– Après l’enregistrement, page d’accueil :

11/ Gestion des tâches planifiées.

root@server01mas:/home/admin# crontab -e -u mastodon

Ajouter à la fin :

@hourly cd /home/mastodon/live && RAILS_ENV=production /home/mastodon/.rbenv/shims/bundle exec rake mastodon:media:clear
@hourly cd /home/mastodon/live && RAILS_ENV=production /home/mastodon/.rbenv/shims/bundle exec rake mastodon:push:refresh
@hourly cd /home/mastodon/live && RAILS_ENV=production /home/mastodon/.rbenv/shims/bundle exec rake mastodon:feeds:clear

12/ Administration.

– Activation d’un administrateur :

mastodon@server01mas:~/live$ RAILS_ENV=production bundle exec rake mastodon:make_admin USERNAME=Satanik666
...
Congrats! Satanik666 is now an admin. \o/
Navigate to https://minimes.hacklab.science/admin/settings to get started

– Test :

Page d’administration :
https://minimes.hacklab.science/admin/settings

– Lien :

https://github.com/tootsuite/mastodon/blob/master/docs/Running-Mastodon/Administration-guide.md

13/ Liens.

https://github.com/tootsuite/mastodon/blob/master/docs/Running-Mastodon/Production-guide.md
https://angristan.fr/installer-instance-mastodon-debian-8/