1. Bootstrap new pleroma jail
I usually build FreeBSD stable branch few times a year and keep a snapshot. This allows quickly zfs clone it to bootstrap a fresh jail.
1
| zfs clone rpool/poudriere/stable/12/dist-nokern-20200806@20200806 rpool/jail/pleroma
|
Add new entry for it in /etc/jail.conf
1
2
| # PostreSQL needs allow.sysvipc = 1;
pleroma { ip4.addr = vlan2|192.168.X.X; allow.sysvipc = 1; }
|
Start the jail, enter it, and bootstrap pkg
1
2
3
| /etc/rc.d/jail start pleroma
jexec pleroma sh
pkg
|
2. Prepare jail packages
Install required packages in jail and start PostreSQL
1
2
3
4
5
6
7
8
9
| # Joe is my preferred editor and I'll use bash as Pleroma service shell
pkg install bash joe git-lite cmake gcc gmake elixir postgresql12-server postgresql12-contrib sudo
sysrc postgresql_enable=YES
/usr/local/etc/rc.d/postgresql initdb
# Change PostgreSQL conf to enable password auth
joe /var/db/postgres/data12/pg_hba.conf
# host all all 127.0.0.1/32 password
# host all all 192.168.X.X/32 password
/usr/local/etc/rc.d/postgresql start
|
3. Install Pleroma from source
Prepare service account
1
2
3
4
5
6
7
8
9
10
| NAME=pleroma ID=1244 && pw groupadd -n $NAME -g $ID && pw useradd -n $NAME -g $NAME -u $ID -s /usr/local/bin/bash -c "Pleroma User" -w no -m -d /home/pleroma
# optional, install preferred joe editor and bash settings to pleroma user
cp .joerc .bashrc /home/pleroma/ && chown pleroma:pleroma /home/pleroma/.bashrc /home/pleroma/.joerc
# this account needs UTF-8 locale
echo "export LANG=en_US.UTF-8" >>/home/pleroma/.bashrc
echo "export CHARSET=UTF-8" >>/home/pleroma/.bashrc
echo "export LC_ALL=en_US.UTF-8" >>/home/pleroma/.bashrc
# check locale is correct
su pleroma
locale
|
Install Pleroma from source, generate configuration
1
2
3
4
5
6
7
8
9
10
| su pleroma
cd
git clone -b stable https://git.pleroma.social/pleroma/pleroma.git
cd pleroma
MAKE=gmake CC=gcc mix deps.get
MAKE=gmake CC=gcc mix pleroma.instance gen
mv config/generated_config.exs config/prod.secret.exs
chmod 600 config/setup_db.psql config/prod.secret.exs
exit
su postgres -c "psql -f /home/pleroma/pleroma/config/setup_db.psql"
|
Start Pleroma first time
1
2
3
4
5
6
7
8
| # Run the database migrations. You will need to do this whenever you update with git pull:
su pleroma
cd ~/pleroma
MAKE=gmake CC=gcc MIX_ENV=prod mix ecto.migrate
# run server
MAKE=gmake CC=gcc MIX_ENV=prod mix phx.server
# create user
MAKE=gmake CC=gcc MIX_ENV=prod mix pleroma.user new <username> <your@emailaddress> --admin
|
Enable Pleroma as service in jail
As of 2020-08-30, the new Pleroma version 2.1 comes with FreeBSD rc startup script, see Pleroma Documentation - Installing on FreeBSD, install it as root user in jail
1
2
3
| install /home/pleroma/pleroma/installation/freebsd/rc.d/pleroma /usr/local/etc/rc.d
sysrc pleroma_enable=YES
/usr/local/etc/rc.d/pleroma start
|
4. Enable reverse proxy for Pleroma service
The reverse proxy which is running H2O server in another jail (192.168.Y.Y) has following configuration entry for pleroma
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
| "toot.uoga.net:80":
listen:
host: 192.168.Y.Y
port: 80
paths:
"/":
redirect:
status: 301
url: "https://toot.uoga.net/"
"/.well-known/acme-challenge":
file.dir: "/usr/local/www/dehydrated"
"toot.uoga.net:443":
listen:
host: 192.168.Y.Y
port: 443
ssl:
certificate-file: /usr/local/etc/dehydrated/certs/toot.uoga.net/fullchain.pem
key-file: /usr/local/etc/dehydrated/certs/toot.uoga.net/privkey.pem
paths:
"/":
file.send-compressed: ON # Performance: minify and pre-compress css
proxy.reverse.url: http://192.168.X.X:4000/
proxy.websocket: ON
proxy.preserve-host: ON
|
The same jail has also dehydrated package, so I simply add toot.uoga.net to /usr/local/etc/dehydrated/domains.txt and rerun dehydrated -c to install LetsEncrypt certificate for Pleroma service.
