Hi friends,
this is a howto about installing Diaspora pod on NethServer.
Source:
https://wiki.diasporafoundation.org/Installation/CentOS/7
Preconfig
# Install needed packages
yum -y install tar make automake gcc gcc-c++ git net-tools cmake libcurl-devel libxml2-devel libffi-devel libxslt-devel wget nethserver-redis ImageMagick nodejs nethserver-postgresql postgresql-devel bison bzip2 libtool readline-devel sqlite-devel openssl-devel
Feel free to replace the postgres user password SECRET with a more secure one:
# Create diaspora DB user
sudo -u postgres psql
CREATE USER diaspora WITH CREATEDB PASSWORD 'SECRET';
\q
ImageMagick needs to be configured - see https://github.com/diaspora/diaspora/issues/6828
# ImageMagick policy settings for making captcha work
sed -i 's: <policy domain="coder" rights="none" pattern="LABEL" />:<!-- <policy domain="coder" rights="none" pattern="LABEL" /> -->:' /etc/ImageMagick/policy.xml
Replace diaspora.example.com
and diaspora\.example\.com
with your domain (ServerName(s), RedirectMatch, RewriteCond and RewriteRule)
# Create httpd conf with reverse proxy, I used ports, socket didn't work.
cat > /etc/httpd/conf.d/zzz_diaspora.conf << EOL
# Make sure to notice the comments at https://gist.github.com/jhass/719014#gistcomment-19774
<VirtualHost *:80>
ServerName diaspora.example.com
# To make letsencrypt work
RedirectMatch 301 ^(?!/\.well-known/acme-challenge/).* https://diaspora.example.com
</VirtualHost>
<VirtualHost *:443>
ServerName diaspora.example.com
DocumentRoot /home/diaspora/diaspora/public
RewriteEngine On
RewriteCond %{HTTP_HOST} !^diaspora\.example\.com [NC]
RewriteRule ^/(.*)$ https://diaspora\.example\.com/ [L,R,QSA]
# For Camo support
#RewriteRule ^/camo/(.*)$ balancer://camo/$1 [P,QSA,L]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://upstream%{REQUEST_URI} [P,QSA,L]
<Proxy balancer://upstream>
# Recommended, using a unix socket (Requires Apache >= 2.4)
# BalancerMember unix:///path/to/diaspora/tmp/diaspora.sock|http://
# Alternatively let diaspora listen on a local port (Use this for Apache < 2.4)
BalancerMember http://localhost:3000
</Proxy>
# For Camo support
#<Proxy balancer://camo>
# BalancerMember http://localhost:8081
#</Proxy>
ProxyRequests Off
ProxyVia On
ProxyPreserveHost On
RequestHeader set X_FORWARDED_PROTO https
<Proxy *>
# Apache < 2.4
#Order allow,deny
#Allow from all
# Apache >= 2.4
Require all granted
</Proxy>
<Directory /home/diaspora/diaspora/public>
Options -MultiViews
# Apache < 2.4
#Allow from all
#AllowOverride all
# Apache >= 2.4
Require all granted
</Directory>
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
# Based on https://wiki.mozilla.org/Security/Server_Side_TLS - consider as global configuration
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK
SSLHonorCipherOrder on
SSLCompression off
</VirtualHost>
EOL
# Restart httpd to apply configs
systemctl restart httpd
Installation
# Add user diaspora
adduser diaspora
chmod 755 /home/diaspora
# Work as user
su - diaspora
cd ~
# Get Ruby Version Manager (RVM)
command curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -
curl -L https://s.diaspora.software/1t | bash
# Setup RVM
grep '[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm"' ~/.bashrc > nul || echo '[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm"' >> ~/.bashrc
source ~/.bashrc
# Install ruby 2.4
rvm install 2.4
# Get source
git clone -b master https://github.com/diaspora/diaspora.git
cd diaspora
# Edit configuration files
cp config/database.yml.example config/database.yml
cp config/diaspora.yml.example config/diaspora.yml
sed -i '5 s!username: postgres!username: diaspora!' config/database.yml
Replace SECRET with the password you used for the diaspora postgresql user.
sed -i '6 s!password:!password: SECRET!' config/database.yml
sed -i 's!encoding: unicode!encoding: unicode\n template: template0!' config/database.yml
Replace https://diaspora.example.com/
with the URL you want to use:
sed -i 's!#url: "https://example.org/"!url: "https://diaspora.example.com/"!' config/diaspora.yml
sed -i 's!#certificate_authorities: '\''/etc/pki/tls/certs/ca-bundle.crt'\''!certificate_authorities: '\''/etc/pki/tls/certs/ca-bundle.crt'\''!' config/diaspora.yml
sed -i 's!#rails_environment: '\''development'\''!rails_environment: '\''production'\''!' config/diaspora.yml
sed -i 's!#listen: '\''127.0.0.1:3000'\''!listen: '\''127.0.0.1:3000'\''!' config/diaspora.yml
# Installation - use bundler 1.16.2, newer version has a bug -> https://discourse.diasporafoundation.org/t/pid-file-could-not-be-created/1640/2
gem install bundler -v 1.16.2
script/configure_bundler
bin/bundle install --full-index
# DB creation
RAILS_ENV=production bundle exec rake db:create db:migrate
# Precompile assets
RAILS_ENV=production bin/rake assets:precompile
# exit as diaspora to become root
exit
Configure services
# systemd config for new services
# Diaspora target
cat > /etc/systemd/system/diaspora.target << EOL
[Unit]
Description=Diaspora social network
Wants=postgresql.service
Wants=redis-server.service
After=redis-server.service
After=postgresql.service
[Install]
WantedBy=multi-user.target
EOL
# Web service
cat > /etc/systemd/system/diaspora-web.service << EOL
[Unit]
Description=Diaspora social network (unicorn)
PartOf=diaspora.target
StopWhenUnneeded=true
[Service]
User=diaspora
Environment=RAILS_ENV=production
WorkingDirectory=/home/diaspora/diaspora
PIDFile=/home/diaspora/diaspora/tmp/pids/web.pid
ExecStart=/bin/bash -lc "bin/bundle exec unicorn -c config/unicorn.rb -E production"
ExecReload=/bin/kill -USR2 $MAINPID
Restart=always
[Install]
WantedBy=diaspora.target
EOL
# Sidekiq (admin interface) service
cat > /etc/systemd/system/diaspora-sidekiq.service << EOL
[Unit]
Description=Diaspora social network (sidekiq)
PartOf=diaspora.target
StopWhenUnneeded=true
[Service]
User=diaspora
Environment=RAILS_ENV=production
WorkingDirectory=/home/diaspora/diaspora
ExecStart=/bin/bash -lc "bin/bundle exec sidekiq"
Restart=always
[Install]
WantedBy=diaspora.target
EOL
# Enable and start services
systemctl enable diaspora.target diaspora-sidekiq.service diaspora-web.service --now
Use diaspora
Browse to https://yourdomain.com and you should see the diaspora start page.
Create an (admin) user
Create a user by using āCreate accountā in the web UI (admin is reserved, youāll need another name)
In the rails console you may set the admin role. Replace āUSERā with the user created in the previous step:
# change to diaspora user
su - diaspora
cd diaspora
# start console
RAILS_ENV=production bundle exec rails console
# define admin role for "USER"
Role.add_admin User.where(username: "USER").first.person
exit
exit
You may enter the admin interface via the user menu in the top right:
The Sidekiq monitor: