使用Let’s Encrypt SSL證書在Ubuntu 18.04上安裝Mastodon

Mastodon是一個免費的開源自託管社交網絡服務器, AGPLv3。 Mastodon與Twitter類似,它發布可以與全球互連的微博社區共享的鏈接,文本,視頻和照片。這篇文章解釋了如何在受Let’s Encrypt SSL證書保護的Ubuntu 18.04 Linux上安裝Mastodon。

Mastodon有許多需要安裝的依賴項。其中包括Ruby,PostgreSQL,Node.js,Yarn,Redis和Nginx e.t.c.這是在Ubuntu 18.04 LTS上運行Mastodon所需的所有步驟。

Mastodon的主要功能

  • 我沒有供應商鎖n:與兼容平台完全可互操作
  • 實時時間軸更新答:通過WebSocket實時查看您關注的人的更新出現在UI中
  • 安全和調解工具:私人帖子,鎖定帳戶,短語過濾,靜音,屏蔽和任何其他功能,以及報告和審核系統。
  • 媒體附件,例如圖片和短視頻:上傳並顯示附加到更新的圖像和WebM / MP4視頻。沒有音軌的視頻被視為GIF。普通的視頻循環就像藤蔓!
  • OAuth2和一個簡單的REST API: Mastodon充當OAuth2提供者,因此第三方應用程序可以使用REST和流式API,從而在豐富的應用程序生態系統中有許多選擇。

設置要求

在Ubuntu 18.04 Linux上設置Mastodon需要以下軟件。

  • PostgreSQL的 9.5+
  • 女士們
  • 紅寶石 2.4+
  • Node.js 8+

假設您有以下準備工作:

  • 跑步 Ubuntu 18.04 機台
  • 域名名稱 (或子域)Mastodon服務器,例如example.com或social.example.com
  • 電子郵件遞送服務或其他 SMTP服務器 用於通知。

步驟1:更新系統

驗證服務器已更新。

sudo apt -y update && sudo apt -y upgrade
sudo reboot

步驟2:安裝Node.js和Yarn

安裝Node.js

curl -sL https://deb.nodesource.com/setup_8.x | sudo bash -
sudo apt-get install -y nodejs

檢查版本以驗證安裝是否成功。

$ nodejs --version
v8.10.0

安裝線程:

curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add -
echo "deb https://dl.yarnpkg.com/debian/ stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
sudo apt update
sudo apt -y install yarn

步驟3:安裝其他從屬軟件包

在Ubuntu 18.04上運行Mastodon需要許多依賴於系統的軟件包。確保這些軟件包在本地安裝。

sudo apt install -y imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev file git-core g++ libprotobuf-dev protobuf-compiler pkg-config nodejs gcc autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm5 libgdbm-dev nginx redis-server redis-tools certbot python-certbot-nginx yarn libidn11-dev libicu-dev libjemalloc-dev

步驟4:安裝Ruby

運行Ruby的首選方法是使用rbenv,因為它易於管理多個版本。創建一個Mastodon用戶以用於這些操作。

sudo adduser --disabled-login mastodon
sudo su - mastodon

接下來,安裝rbenv和rbenv-build。

git clone https://github.com/rbenv/rbenv.git ~/.rbenv
cd ~/.rbenv && src/configure && make -C src
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec bash
git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build

完成後,您可以安裝正確的Ruby版本。

RUBY_CONFIGURE_OPTS=--with-jemalloc rbenv install 2.6.5
rbenv global 2.6.5

與ruby_2.6.0捆綁在一起的默認gem版本與最新的捆綁軟件不兼容,因此您需要更新gem並安裝捆綁軟件。

gem update --system
gem install bundler --no-document
exit

步驟5:安裝PostgreSQL數據庫服務器

使用PostgreSQL安裝指南。

安裝PostgreSQL數據庫Ubuntu 18.04

創建用戶:

sudo -u postgres psql
CREATE USER mastodon CREATEDB;
q

第6步:設置Mastodon

現在該下載Mastodon代碼了。首先從root或用戶帳戶切換到mastodon用戶。

sudo apt -y install git
sudo su - mastodon

創建Mastodon代碼的克隆。

git clone https://github.com/tootsuite/mastodon.git live && cd live
git checkout $(git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)

安裝最後一個依賴項:

gem install bundler:1.17.3
bundle install -j$(getconf _NPROCESSORS_ONLN) --deployment --without development test
yarn install --pure-lockfile

運行交互式嚮導以生成配置。

RAILS_ENV=production bundle exec rake mastodon:setup

輸入所需的信息。

/home/mastodon/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/rubygems_integration.rb:200: warning: constant Gem::ConfigMap is deprecated
Your instance is identified by its domain name. Changing it afterward will break things.
Domain name: example.com

Single user mode disables registrations and redirects the landing page to your public profile.
Do you want to enable single user mode? yes

Are you using Docker to run Mastodon? no

PostgreSQL host: /var/run/postgresql
PostgreSQL port: 5432
Name of PostgreSQL database: mastodon_production
Name of PostgreSQL user: mastodon
Password of PostgreSQL user: 
Database configuration works! ?

Redis host: localhost
Redis port: 6379
Redis password: 
Redis configuration works! ?

Do you want to store uploaded files on the cloud? No

Do you want to send e-mails from localhost? yes
E-mail address to send e-mails "from": Mastodon <[email protected]>
Send a test e-mail with this configuration right now? no

This configuration will be written to .env.production
Save configuration? Yes

出現提示時,同意編譯資產。

Done!

The final step is compiling CSS/JS assets.
This may take a while and consume a lot of RAM.
Compile the assets now? Yes
Running `RAILS_ENV=production rails assets:precompile` ...


/home/mastodon/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/rubygems_integration.rb:200: warning: constant Gem::ConfigMap is deprecated
/home/mastodon/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/rubygems_integration.rb:200: warning: constant Gem::ConfigMap is deprecated
/home/mastodon/.rbenv/versions/2.6.5/lib/ruby/gems/2.6.0/gems/bundler-1.17.3/lib/bundler/rubygems_integration.rb:200: warning: constant Gem::ConfigMap is deprecated
yarn install v1.21.1
[1/6] Validating package.json...
[2/6] Resolving packages...
[3/6] Fetching packages...
info [email protected]: The platform "linux" is incompatible with this module.
info "[email protected]" is an optional dependency and failed compatibility check. Excluding it from installation.
info [email protected]: The platform "linux" is incompatible with this module.
info "[email protected]" is an optional dependency and failed compatibility check. Excluding it from installation.
[4/6] Linking dependencies...
warning " > [email protected]" has incorrect peer dependency "[email protected]^3.0.0 || ^4.0.0 || ^5.0.0".
[5/6] Building fresh packages...
[6/6] Cleaning modules...
Done in 12.60s.
.....

我同意創建一個管理員帳戶

Done!

All done! You can now power on the Mastodon server ?

Do you want to create an admin user straight away? Yes
Username: admin
E-mail: [email protected]
You can login with the password: 1b417e401f44c3db5d30f2f2f2a2328b
You can change your password once you login.

紗線升級:

yarn upgrade

步驟7:為Mastodon設置Nginx

使用Nginx作為Mastodon應用程序的反向代理。檢查Nginx服務是否正在運行。

$ systemctl status nginx
● nginx.service - A high performance web server and a reverse proxy server
   Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2020-01-07 08:25:31 UTC; 7h ago
     Docs: man:nginx(8)
 Main PID: 14626 (nginx)
    Tasks: 2 (limit: 2361)
   CGroup: /system.slice/nginx.service
           ├─14626 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
           └─14629 nginx: worker process

接下來,從mastodon目錄複製nginx配置模板。

sudo cp /home/mastodon/live/dist/nginx.conf /etc/nginx/sites-available/mastodon.conf

編輯文件以為應用程序設置正確的DNS名稱。

sudo vim /etc/nginx/sites-available/mastodon.conf

完成後,激活配置。

sudo ln -s /etc/nginx/sites-available/mastodon.conf /etc/nginx/sites-enabled/mastodon.conf
sudo systemctl restart nginx

如果運行ufw防火牆,請允許服務端口。

sudo ufw allow 'Nginx Full'

使用我們加密SSL證書

如果使用“讓我們加密證書”,請執行以下命令:

sudo certbot --nginx -d example.com

樣本輸出:

$ sudo certbot --nginx -d social.computingforgeeks.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): [email protected]

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for social.computingforgeeks.com
Waiting for verification...
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/mastodon.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
Redirecting all traffic on port 80 to ssl in /etc/nginx/sites-enabled/mastodon.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations! You have successfully enabled
https://social.computingforgeeks.com

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=social.computingforgeeks.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/social.computingforgeeks.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/social.computingforgeeks.com/privkey.pem
   Your cert will expire on 2020-04-06. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

用Mastodon應用程序的實際域名替換example.com。

步驟8:設置systemd服務

從Mastodon目錄複製systemd服務模板。

sudo cp /home/mastodon/live/dist/mastodon-*.service /etc/systemd/system/

接下來,編輯文件並驗證用戶名和路徑正確。

  • /etc/systemd/system/mastodon-web.service
  • /etc/systemd/system/mastodon-sidekiq.service
  • /etc/systemd/system/mastodon-streaming.service

最後,啟動並啟用新的systemd服務。

sudo systemctl daemon-reload
for i in web sidekiq streaming; do sudo systemctl enable mastodon-$i && sudo systemctl restart mastodon-$i; done

檢查所有服務的狀態。

for i in web sidekiq streaming; do systemctl status mastodon-$i; done

步驟9:訪問Mastodon儀錶板

在瀏覽器中導航到您的域並訪問Mastdon儀錶板。

單擊登錄按鈕登錄。我用 管理員 先前生成的用戶名的電子郵件地址和密碼。

使用Let's Encrypt SSL證書在Ubuntu 18.04上安裝Mastodon

運行第一個教程以完成設置。

使用Let's Encrypt SSL證書在Ubuntu 18.04上安裝Mastodon使用Let's Encrypt SSL證書在Ubuntu 18.04上安裝Mastodon

現在,您應該會看到漂亮的Mastodon儀錶板。

使用Let's Encrypt SSL證書在Ubuntu 18.04上安裝Mastodon

萬歲! ,Mastodon已成功安裝在Ubuntu 18.04 Linux上。

請參閱:

Sidebar