From e962fe1035d22ed11cd8eedf665e2002db90dd70 Mon Sep 17 00:00:00 2001 From: David Roetzel Date: Wed, 25 Sep 2024 15:06:40 +0200 Subject: [PATCH 1/3] Update installation instructions... ...for Mastodon 4.3 on Ubuntu 24.04 and Debian 12. --- content/en/admin/install.md | 55 +++++++++++++++++++++---------------- 1 file changed, 32 insertions(+), 23 deletions(-) diff --git a/content/en/admin/install.md b/content/en/admin/install.md index ce85b782c..dca2c8a5e 100644 --- a/content/en/admin/install.md +++ b/content/en/admin/install.md @@ -9,11 +9,13 @@ menu: ## Pre-requisites {#pre-requisites} -* A machine running **Ubuntu 22.04** or **Debian 11** that you have root access to +* A machine running **Ubuntu 24.04** or **Debian 12** that you have root access to * A **domain name** (or a subdomain) for the Mastodon server, e.g. `example.com` * An e-mail delivery service or other **SMTP server** -You will be running the commands as root. If you aren’t already root, switch to root: `sudo su -` +We will be using `example.com` as the domain in the following example. Please remember to replace it with your own domain before running any commands. + +You will be running the commands as root. If you aren’t already root, switch to root: `sudo -i` ### System repositories {#system-repositories} @@ -52,9 +54,10 @@ apt install -y \ #### Yarn {#yarn} +Enable `corepack` so that the correct version of `yarn` can be installed automatically: + ```bash corepack enable -yarn set version classic ``` ### Installing Ruby {#installing-ruby} @@ -62,7 +65,7 @@ yarn set version classic We will use rbenv to manage Ruby versions as it simplifies obtaining the correct versions and updating them when new releases are available. Since rbenv needs to be installed for an individual Linux user, we must first create the user account under which Mastodon will run: ```bash -adduser --disabled-login mastodon +adduser --disabled-password mastodon ``` We can then switch to the user: @@ -84,14 +87,8 @@ git clone https://github.com/rbenv/ruby-build.git "$(rbenv root)"/plugins/ruby-b Once this is done, we can install the correct Ruby version: ```bash -RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install 3.2.3 -rbenv global 3.2.3 -``` - -We’ll also need to install the bundler: - -```bash -gem install bundler --no-document +RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install 3.3.5 +rbenv global 3.3.5 ``` Return to the root user: @@ -106,7 +103,7 @@ exit #### Performance configuration (optional) {#performance-configuration-optional} -For optimal performance, you may use [pgTune](https://pgtune.leopard.in.ua/#/) to generate an appropriate configuration and edit values in `/etc/postgresql/16/main/postgresql.conf` before restarting PostgreSQL with `systemctl restart postgresql` +For optimal performance, you may use [pgTune](https://pgtune.leopard.in.ua/#/) to generate an appropriate configuration and edit values in `/etc/postgresql/16/main/postgresql.conf` before restarting PostgreSQL with `systemctl restart postgresql`. #### Creating a user {#creating-a-user} @@ -152,7 +149,7 @@ Now to install Ruby and JavaScript dependencies: bundle config deployment 'true' bundle config without 'development test' bundle install -j$(getconf _NPROCESSORS_ONLN) -yarn install --pure-lockfile +yarn install ``` {{< hint style="info" >}} @@ -164,7 +161,7 @@ The two `bundle config` commands are only needed the first time you're installin Run the interactive setup wizard: ```bash -RAILS_ENV=production bundle exec rake mastodon:setup +RAILS_ENV=production bin/rails mastodon:setup ``` This will: @@ -204,21 +201,33 @@ rm /etc/nginx/sites-enabled/default Then edit `/etc/nginx/sites-available/mastodon` to 1. Replace `example.com` with your own domain name -2. Uncomment the `ssl_certificate` and `ssl_certificate_key` lines and replace the two lines with (ignore this step if you are bringing your own certificate) +2. Uncomment the `ssl_certificate` and `ssl_certificate_key` (ignore this step if you are bringing your own certificate): -``` -ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; -ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; -``` + ``` + ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;; + ``` 3. Make any other adjustments you might need. -Un-comment the lines starting with `ssl_certificate` and `ssl_certificate_key`, updating the path with the correct domain name. +Add nginx's `www-data` user to the `mastodon` group to allow nginx to access asset files + +```bash +usermod -aG mastodon www-data +``` + +{{< hint style="info" >}} +On Debian 12 there is one additional step, because by default the `mastodon` group may not access the `/home/mastodon` directory: + +```bash +chmod g+x /home/mastodon +``` +{{< /hint >}} -Reload nginx for the changes to take effect: +Restart nginx for the changes to take effect: ```bash -systemctl reload nginx +systemctl restart nginx ``` At this point, you should be able to visit your domain in the browser and see the elephant hitting the computer screen error page. This is because we haven’t started the Mastodon process yet. From ef63c0d76afc0fd99c85f75facd722ae6e9e867d Mon Sep 17 00:00:00 2001 From: David Roetzel Date: Thu, 26 Sep 2024 10:43:17 +0200 Subject: [PATCH 2/3] Reorder sections To get rid of specifying a ruby version. Also simplifies the steps even further. --- content/en/admin/install.md | 52 +++++++++++++++---------------------- 1 file changed, 21 insertions(+), 31 deletions(-) diff --git a/content/en/admin/install.md b/content/en/admin/install.md index dca2c8a5e..2c9270c47 100644 --- a/content/en/admin/install.md +++ b/content/en/admin/install.md @@ -60,43 +60,14 @@ Enable `corepack` so that the correct version of `yarn` can be installed automat corepack enable ``` -### Installing Ruby {#installing-ruby} +### Creating the `mastodon` user {#creating-the-mastodon-user} -We will use rbenv to manage Ruby versions as it simplifies obtaining the correct versions and updating them when new releases are available. Since rbenv needs to be installed for an individual Linux user, we must first create the user account under which Mastodon will run: +This is the user account under which Mastodon will run: ```bash adduser --disabled-password mastodon ``` -We can then switch to the user: - -```bash -su - mastodon -``` - -And proceed to install rbenv and rbenv-build: - -```bash -git clone https://github.com/rbenv/rbenv.git ~/.rbenv -echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc -echo 'eval "$(rbenv init -)"' >> ~/.bashrc -exec bash -git clone https://github.com/rbenv/ruby-build.git "$(rbenv root)"/plugins/ruby-build -``` - -Once this is done, we can install the correct Ruby version: - -```bash -RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install 3.3.5 -rbenv global 3.3.5 -``` - -Return to the root user: - -```bash -exit -``` - ## Setup {#setup} ### Setting up PostgreSQL {#setting-up-postgresql} @@ -141,6 +112,25 @@ git clone https://github.com/mastodon/mastodon.git live && cd live git checkout $(git tag -l | grep '^v[0-9.]*$' | sort -V | tail -n 1) ``` +#### Installing Ruby {#installing-ruby} + +We will use rbenv to manage Ruby versions as it simplifies obtaining the correct versions and updating them when new releases are available. +Install rbenv and ruby-build: + +```bash +git clone https://github.com/rbenv/rbenv.git ~/.rbenv +echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc +echo 'eval "$(rbenv init -)"' >> ~/.bashrc +exec bash +git clone https://github.com/rbenv/ruby-build.git "$(rbenv root)"/plugins/ruby-build +``` + +Once this is done, we can install the correct Ruby version: + +```bash +RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install +``` + #### Installing the last dependencies {#installing-the-last-dependencies} Now to install Ruby and JavaScript dependencies: From f1da250d2a8365632f25d895e9ee02898915f582 Mon Sep 17 00:00:00 2001 From: David Roetzel Date: Tue, 8 Oct 2024 12:48:30 +0200 Subject: [PATCH 3/3] Allow other users to traverse mastodon home instead of using group permissions. We heard a lot of different opinions on this and it is clearly not a solution for everyone, but in contrast to the group permissions: * `www-data` will not get write access to mastodon files * this works identical on Debian and Ubuntu --- content/en/admin/install.md | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/content/en/admin/install.md b/content/en/admin/install.md index 2c9270c47..17fa52c9c 100644 --- a/content/en/admin/install.md +++ b/content/en/admin/install.md @@ -200,20 +200,12 @@ Then edit `/etc/nginx/sites-available/mastodon` to 3. Make any other adjustments you might need. -Add nginx's `www-data` user to the `mastodon` group to allow nginx to access asset files +Allow other users to traverse the mastodon user's home directory, so that nginx's `www-data` user can access asset files: ```bash -usermod -aG mastodon www-data +chmod o+x /home/mastodon ``` -{{< hint style="info" >}} -On Debian 12 there is one additional step, because by default the `mastodon` group may not access the `/home/mastodon` directory: - -```bash -chmod g+x /home/mastodon -``` -{{< /hint >}} - Restart nginx for the changes to take effect: ```bash