I already started over, I’ll check the directory after my next try…
It would make sense that the directory is empty as the db cannot be created due to the connection error.
EDIT:
I have a file dump.rdb but same redis connection error.
[root@testserver2 mastodon]# ls -lisa redis/
total 8
52230906 0 drwxr-xr-x 2 polkitd root 22 Nov 3 19:54 .
50865494 4 drwxr-xr-x 21 root root 4096 Nov 3 19:47 ..
52230918 4 -rw------- 1 polkitd 1000 3430 Nov 3 19:54 dump.rdb
The redis error can be ignored. It’s working (login, mailing, registration, fave) but with nginx on port 443 so one needs to disable httpd which is a NethServer base package required for all apps.
I used this gist in addition to the documentation provided by @danb35
So next step is migrating the nginx reverse proxy configuration to apache if possible…
Installation:
yum -y install https://mrmarkuz.dynu.net/mirror/mrmarkuz/7/noarch/nethserver-mrmarkuz-0.0.1-6.ns7.noarch.rpm
yum -y install nethserver-docker nethserver-nginx
curl -L "https://github.com/docker/compose/releases/download/1.28.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
mkdir /opt/mastodon
cd /opt/mastodon
Just get docker-compose.yml from github, the whole build environment isn’t needed:
wget https://raw.githubusercontent.com/mastodon/mastodon/main/docker-compose.yml
Comment the build statements to not build the images, this saves a lot of time (only needed if we like to change mastodon code)
sed -i "s/ build/#build/g" docker-compose.yml
Start setup:
touch .env.production
docker-compose run --rm web bundle exec rake mastodon:setup
As already explained set a password for postgres, no password for redis needed.
Copy the admin password and write the configuration output of the setup to the file .env.production.
Start docker and connect required aqua network for reverse proxy:
docker-compose up -d
docker network connect aqua mastodon_web_1
Add https redirect and reverse proxy by creating /etc/nginx/conf.d/mastodon.conf with following content and replace domain.org with the used domain name:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
server_name domain.org;
root /opt/mastodon/public;
# Useful for Let's Encrypt
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.org;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/pki/tls/certs/localhost.crt;
ssl_certificate_key /etc/pki/tls/private/localhost.key;
keepalive_timeout 70;
sendfile on;
client_max_body_size 80m;
root /opt/mastodon/public;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age=31536000";
location / {
try_files $uri @proxy;
}
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
add_header Cache-Control "public, max-age=31536000, immutable";
try_files $uri @proxy;
}
location /sw.js {
add_header Cache-Control "public, max-age=0";
try_files $uri @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://127.0.0.1:3000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
location /api/v1/streaming {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass http://127.0.0.1:4000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;
}
Disable httpd and enable nginx
systemctl disable httpd --now
systemctl enable nginx
systemctl restart nginx
Browse to the configured domain and login with admin mail and the noted password from the setup.
Just curious, is there a reason why not using the latest version v2.12.2?
Is there a reason Mastodon has to use nginx rather than Apache as the reverse proxy?
The oldstable centos apache used in Neth doesn’t support the HTTP/2 module that is required for mastodon. I’m afraid that an upgrade isn’t easily possible but I didn’t test it yet.
I guess because of copy/paste from older howtos, the latest version should work too.
Thanks for the wiki entry. In my tests I didn’t need to create a database user manually but I just used the defaults (postgres user, postgres db with a password given at the setup)
For that is simply easy (testing) or is the postgreSQL instance and db confined to be used by only by Mastodon Docker setup?
Yes, postgresql runs in a docker container so it’s just used by Mastodon.
ps. I changed it to this:
/download/v2.12.2/docker-compose-linux-$(uname -m)
for the naming convention of the git repo changed to use lower case ‘linux’ and uname -s only returns ‘Linux’ (Capitalized L).
I’ve cleaned up some formatting on the wiki page–added a few headings and formatted tables for the setup wizard. But I’m noticing that the container names I’d given above–mastodon_db_1 and mastodon_redis_1–have changed and they’re now mastodon-db-1 and mastodon-redis-1 respectively. I assume this is due to the newer docker-compose version; I’ve updated this in the wiki as well. But with those changes, it’s working for me, at least to the point of being to log in as admin.
You’re right, they replaced the underscore with a dash in v2.8:
Maybe I am not understanding correctly, but does this mean that Apache is disabled, thus the Nethserver webserver?
Yes, unfortunately.
The reverse proxy works with the SCL package httpd24-httpd but not with the used older httpd package and it needs the default ports.
News OT -
According to the italian online newspaper “ilPost”, Mastodon is gaining quite traction after Mr PayPal started to mess around with his new toy, the blue bird.
There are issue related to registration on Mastodon instances, which is going timeout. Currently the user number is about 15k (not detailed if it’s about an instance, a nation, or the world), three times April value (5k).
OT Off.
Yep, Mastodon is drawing a LOT of attention today. But I think one is intrigued by the idea of a real federated system opposed to a closed vendor ecosystem.
So the current Twitter actualities are a good thing for the awareness of the general public. For as how long it will last for history shows that our collective memory is very short lived.
The moment a new ‘gems and perls’ toy shows up, we tend to sell our souls (privacy and data) in a blink of an eye again.
Sorry for going out of track…
If Mr PayPal make the blue bird crash, a federated system won’t have in the future the same traction that bluebird had to few days ago.
No company or person which would love a public recognition and PR capability can ignore now the bluebird. But without some degree of certainty about:
no company is going to considered interesting that federation. And no company is going to buy space on that market, allowing growth and economical sustainability.
I cannot say if its good or bad but…
If you’re debating in a world level plaza, reachable for anyone which can search for you, terms, hashtags, the crowd can be huge.
If youre debating even in NYC ad Central Park Speaker’s corner, maybe only the persons at the park will know. Unless debate is relayed into some bigger plaza
Is this a feasible thing to do on Nethserver atm, and leaving existing webserver functionality in tact, or do the defaults port requirements come into play?
Yes, Mastodon requires the default HTTPS port which is the real problem because Neth httpd requires the same port but doesn’t support proxying.
I tried httpd24-httpd from SCL and it worked for Mastodon but I found no easy way to migrate, the new conf dir is /opt/rh/httpd24/root/etc/httpd/conf.d/ but just linking or copying files did not work in all cases, I got blank pages.