使用Let’s Encrypt SSL证书在Ubuntu 18.04上安装Mastodon

Mastodon是一个免费的开源自托管社交网络服务器, AGPLv3。 Mastodon与Twitter类似,它发布可以与全球互连的微博社区共享的链接,文本,视频和照片。这篇文章解释了如何在受Let’s Encrypt SSL证书保护的Ubuntu 18.04 Linux上安装Mastodon。

Mastodon有许多需要安装的依赖项。其中包括Ruby,PostgreSQL,Node.js,Yarn,Redis和Nginx e.t.c.这是在Ubuntu 18.04 LTS上运行Mastodon所需的所有步骤。

Mastodon的主要功能

  • 我没有供应商锁n:与兼容平台完全可互操作
  • 实时时间轴更新答:通过WebSocket实时查看您关注的人的更新出现在UI中
  • 安全和调解工具:私人帖子,锁定帐户,短语过滤,静音,屏蔽和任何其他功能,以及报告和审核系统。
  • 媒体附件,例如图片和短视频:上传并显示附加到更新的图像和WebM / MP4视频。没有音轨的视频被视为GIF。普通的视频循环就像藤蔓!
  • OAuth2和一个简单的REST API: Mastodon充当OAuth2提供者,因此第三方应用程序可以使用REST和流式API,从而在丰富的应用程序生态系统中有许多选择。

设置要求

在Ubuntu 18.04 Linux上设置Mastodon需要以下软件。

  • PostgreSQL的 9.5+
  • 女士们
  • 红宝石 2.4+
  • Node.js 8+

假设您有以下准备工作:

  • 跑步 Ubuntu 18.04 机台
  • 域名名称 (或子域)Mastodon服务器,例如example.com或social.example.com
  • 电子邮件递送服务或其他 SMTP服务器 用于通知。

步骤1:更新系统

验证服务器已更新。

sudo apt -y update && sudo apt -y upgrade
sudo reboot

步骤2:安装Node.js和Yarn

安装Node.js

curl -sL https://deb.nodesource.com/setup_8.x | sudo bash -
sudo apt-get install -y nodejs

检查版本以验证安装是否成功。

$ nodejs --version
v8.10.0

安装线程:

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt update
sudo apt -y install yarn

步骤3:安装其他从属软件包

在Ubuntu 18.04上运行Mastodon需要许多依赖于系统的软件包。确保这些软件包在本地安装。

sudo apt install -y imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev file git-core g++ libprotobuf-dev protobuf-compiler pkg-config nodejs gcc autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm5 libgdbm-dev nginx redis-server redis-tools certbot python-certbot-nginx yarn libidn11-dev libicu-dev libjemalloc-dev

步骤4:安装Ruby

运行Ruby的首选方法是使用rbenv,因为它易于管理多个版本。创建一个Mastodon用户以用于这些操作。

sudo adduser --disabled-login mastodon
sudo su - mastodon

接下来,安装rbenv和rbenv-build。

git clone https://github.com/rbenv/rbenv.git ~/.rbenv
cd ~/.rbenv && src/configure && make -C src
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec bash
git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build

完成后,您可以安装正确的Ruby版本。

RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install 2.6.5
rbenv global 2.6.5

与ruby_2.6.0捆绑在一起的默认gem版本与最新的捆绑软件不兼容,因此您需要更新gem并安装捆绑软件。

gem update --system
gem install bundler --no-document
exit

步骤5:安装PostgreSQL数据库服务器

使用PostgreSQL安装指南。

安装PostgreSQL数据库Ubuntu 18.04

创建用户:

sudo -u postgres psql
CREATE USER mastodon CREATEDB;
q

第6步:设置Mastodon

现在该下载Mastodon代码了。首先从root或用户帐户切换到mastodon用户。

sudo apt -y install git
sudo su - mastodon

创建Mastodon代码的克隆。

git clone https://github.com/tootsuite/mastodon.git live && cd live
git checkout $(git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)

安装最后一个依赖项:

gem install bundler:1.17.3
bundle install -j$(getconf _NPROCESSORS_ONLN) --deployment --without development test
yarn install --pure-lockfile

运行交互式向导以生成配置。

RAILS_ENV=production bundle exec rake mastodon:setup

输入所需的信息。

/home/mastodon/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/rubygems_integration.rb:200: warning: constant Gem::ConfigMap is deprecated
Your instance is identified by its domain name. Changing it afterward will break things.
Domain name: example.com

Single user mode disables registrations and redirects the landing page to your public profile.
Do you want to enable single user mode? yes

Are you using Docker to run Mastodon? no

PostgreSQL host: /var/run/postgresql
PostgreSQL port: 5432
Name of PostgreSQL database: mastodon_production
Name of PostgreSQL user: mastodon
Password of PostgreSQL user: 
Database configuration works! ?

Redis host: localhost
Redis port: 6379
Redis password: 
Redis configuration works! ?

Do you want to store uploaded files on the cloud? No

Do you want to send e-mails from localhost? yes
E-mail address to send e-mails "from": Mastodon <[email protected]>
Send a test e-mail with this configuration right now? no

This configuration will be written to .env.production
Save configuration? Yes

出现提示时,同意编译资产。

Done!

The final step is compiling CSS/JS assets.
This may take a while and consume a lot of RAM.
Compile the assets now? Yes
Running `RAILS_ENV=production rails assets:precompile` ...


/home/mastodon/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/rubygems_integration.rb:200: warning: constant Gem::ConfigMap is deprecated
/home/mastodon/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/rubygems_integration.rb:200: warning: constant Gem::ConfigMap is deprecated
/home/mastodon/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/rubygems_integration.rb:200: warning: constant Gem::ConfigMap is deprecated
yarn install v1.21.1
[1/6] Validating package.json...
[2/6] Resolving packages...
[3/6] Fetching packages...
info [email protected]: The platform "linux" is incompatible with this module.
info "[email protected]" is an optional dependency and failed compatibility check. Excluding it from installation.
info [email protected]: The platform "linux" is incompatible with this module.
info "[email protected]" is an optional dependency and failed compatibility check. Excluding it from installation.
[4/6] Linking dependencies...
warning " > [email protected]" has incorrect peer dependency "[email protected]^3.0.0 || ^4.0.0 || ^5.0.0".
[5/6] Building fresh packages...
[6/6] Cleaning modules...
Done in 12.60s.
.....

我同意创建一个管理员帐户

Done!

All done! You can now power on the Mastodon server ?

Do you want to create an admin user straight away? Yes
Username: admin
E-mail: [email protected]
You can login with the password: 1b417e401f44c3db5d30f2f2f2a2328b
You can change your password once you login.

纱线升级:

yarn upgrade

步骤7:为Mastodon设置Nginx

使用Nginx作为Mastodon应用程序的反向代理。检查Nginx服务是否正在运行。

$ systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-01-07 08:25:31 UTC; 7h ago
     Docs: man:nginx(8)
 Main PID: 14626 (nginx)
    Tasks: 2 (limit: 2361)
   CGroup: /system.slice/nginx.service
           ├─14626 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           └─14629 nginx: worker process

接下来,从mastodon目录复制nginx配置模板。

sudo cp /home/mastodon/live/dist/nginx.conf /etc/nginx/sites-available/mastodon.conf

编辑文件以为应用程序设置正确的DNS名称。

sudo vim /etc/nginx/sites-available/mastodon.conf

完成后,激活配置。

sudo ln -s /etc/nginx/sites-available/mastodon.conf /etc/nginx/sites-enabled/mastodon.conf
sudo systemctl restart nginx

如果运行ufw防火墙,请允许服务端口。

sudo ufw allow 'Nginx Full'

使用我们加密SSL证书

如果使用“让我们加密证书”,请执行以下命令:

sudo certbot --nginx -d example.com

样本输出:

$ sudo certbot --nginx -d social.computingforgeeks.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for social.computingforgeeks.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/mastodon.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/mastodon.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://social.computingforgeeks.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=social.computingforgeeks.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/social.computingforgeeks.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/social.computingforgeeks.com/privkey.pem
   Your cert will expire on 2020-04-06. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

用Mastodon应用程序的实际域名替换example.com。

步骤8:设置systemd服务

从Mastodon目录复制systemd服务模板。

sudo cp /home/mastodon/live/dist/mastodon-*.service /etc/systemd/system/

接下来,编辑文件并验证用户名和路径正确。

  • /etc/systemd/system/mastodon-web.service
  • /etc/systemd/system/mastodon-sidekiq.service
  • /etc/systemd/system/mastodon-streaming.service

最后,启动并启用新的systemd服务。

sudo systemctl daemon-reload
for i in web sidekiq streaming; do sudo systemctl enable mastodon-$i && sudo systemctl restart mastodon-$i; done

检查所有服务的状态。

for i in web sidekiq streaming; do systemctl status mastodon-$i; done

步骤9:访问Mastodon仪表板

在浏览器中导航到您的域并访问Mastdon仪表板。

单击登录按钮登录。我用 管理员 先前生成的用户名的电子邮件地址和密码。

使用Let's Encrypt SSL证书在Ubuntu 18.04上安装Mastodon

运行第一个教程以完成设置。

使用Let's Encrypt SSL证书在Ubuntu 18.04上安装Mastodon使用Let's Encrypt SSL证书在Ubuntu 18.04上安装Mastodon

现在,您应该会看到漂亮的Mastodon仪表板。

使用Let's Encrypt SSL证书在Ubuntu 18.04上安装Mastodon

万岁! ,Mastodon已成功安装在Ubuntu 18.04 Linux上。

请参阅:

Sidebar