fuark ngninx configuration troubleshooting

  • i found out i should share my wisdom experience when it comes to installing and running a pleroma instance. so here it goes.
    maybe i should set a disclaimer here.
    i know almost nothing of what i am doing, but i know the holy commands ctrl+(c|v), and through that i will kind of ramble on about how i managed to setup a raspberry pi to run pleroma over wifi. hopefully i have managed to make my instance run smoothly the end of this guide…

you will need

a raspberry pi
a domain
an internet connection, preferably with a static ip
a sd card to put in the pi
a linux iso (preferably raspian)
keyboard & mouse wombo-combo
either a device to read this from, or have the raspberry hooked to a monitor
a portforwarded router (port 80| port 443)
the holy combination of ctrl+(c|v)
fire extinguisher
hazmat suit

note:

everytime you see “(c|v)” it means you copy and paste. also you have to take a sip of water to hydrate yourself. you have to prepare your body for the role as admin now, and admins are less functional when they are thirsty. that is science, made by the science people. dont ask me why it works, it just does.

time to get started

  1. download raspian or whatever you prefer to get your genitalia wet hands dirty with.
    for an idiot like me, raspian was the easy choice as i know i will never have driver issues with running it on a raspberry pi. if you want me to hold your hand as you download it, send me a message on xmpp pleroma gold service

  2. burn it to the sd card.
    because i am a linux user now, i used a balena etcher appimage to burn, as i am too stupid to dd or anything cli based. i blame the public school system for forcing me to use windows for years and years.
    for balena etcher 1.4.9 amd64 appimage you can run it by (c|v) in terminal:

    ./balena-etcher-electron-1.4.9-x86_64.AppImage
    open up the iso in the gui and let it uwu for a little while until you fetch some fluoride-free water. why it has to be fluoride free?
    ask cvcvcv-chan if you are ready to get shouted some galaxy-brain knowledge at.

2.1. (only for people with big pp and big brain)
if you have a massive 9001 iq, use the generic dd tool on most *nix systems. smash in your sd card and figure out where its block device is. it will probably be something like /dev/mmcblk01 or /dev/sdb.
**never ever ever ever ever ever /dev/sda, as that will basically nuke overwrite the os disk of the computer you are using dd from.
if you’re ultra paranoid, compare the outputs of lsblk before and after inserting the sd card.

lsblk
Model: blah blah blah
Disk /dev/mmcblk
dd if=rasbpian.iso of=/dev/mmcblk
this can take a minute or two, so get some cofe and revel in your big brain energy.

  1. yank that sd card into your pi(e)-hole and get it up and running.
    you need to add a powersupply for it to turn on, unless you somehow have a raspberry pi running without power. if so, hit me up because i want part of that free electricity.

  2. now, when you first boot it, make a strong password.
    instantly. just trust me. running a linux machine with weak password and default is like asking to be pwned and used as either part of a botnet or as a host for illegal 3d images.
    remember the old saying: 3d guys and gals dont matter. 2d is love, 2d is life.

  3. wireless or wired?
    anyway you have to connect it to your router or internet outlet in some way. most people will say go wired, because that is easier, and i agree that is why i did not do that.

ssh - shits secure (as) hell

so, you want to be able to check in on your sweetie when away from it?
i will guide you through it as i just managed to setup ssh and remember how to do it.
now, we want to secure it as well, so we are going to disable pure password login and make it require a key file instead.
because, you might already know, it is harder to guess a private certificate file than a password. if you didnt know that, you learned something today. congratulations (°_°)

also, we are going to use nano.
nano is a wizard craft that only gnu nerds (and seliph) use. so i am going to let you try it out as well to expose the magic behind the scenes.

so here is a crash course in nano 101:
you navigate around using the arrow keys and write over the parts you want to edit.
when finished editing, and want to save and leave, you press:

[ctrl+x] then [y] and [enter] to save.

  1. on your main computer (not pi) create a rsa keyfile
    to do that, rev up that (c|v), a terminal and repeat somewhat after me:

    ssh-keygen -t rsa

  2. configure it
    select location for it, i went with “/home/vala/.ssh/id-raspberrypi” as i already have an id-rsa for this blog.

  3. secure it
    now make a password, and make it strong. if you have a password manager, it is recommended that you generate and save one from there to secure your pi-chan from unwanted penetrations connections.

  4. enable it
    enable ssh on the raspberry pi. for this i have (c|v) from the official raspberry pi guide:

    sudo systemctl enable ssh
    sudo systemctl start ssh

  5. access it
    do you know the wey ip of the raspberry pi?
    if not, find out by either checking on your routers admin panel or from the raspberry pi itself.
    to check from the pi, you can run:

    hostname -I
    ssh pi@192.168.x.xxx where you change x.xxx to the ip you have your pi on.

  6. hacker voice im in.
    now, if you have accessed it, the command line should say something along the lines of pi@raspberrypi instead of the usual stuff on your computer, but it is still available to access with just a password. so now we are going to copy the id-raspberrypi.pub file we created earlier. it has to be the .pub as the other one is like sharing pictures of both sides of a credit-card online. (c|v):

    ssh-copy-id pi@192.168.x.xxx

  7. type it

    now try logging into the machine, with: "ssh pi@192.168.x.xxx" and check to make sure that only the key(s) you wanted were added.

  8. disable it
    i am talking about the password login ability, but the names of the ssh chapter here was too perfect for me to not say disable it. sorry, i am a weak person. anyway, here we go (c|v):

    sudo nano /etc/ssh/sshd_config
    go to line 32 and remove the # in front of “permitrootlogin” and change the line to say “permitrootlogin without-password”

  9. exit it
    and try connecting again (c|v):

    ssh pi@192.168.x.xxx
    if successful you get in by typing your chosen password.

  10. restart it
    restart the ssh thing by (c|v):

    sudo systemctl reload sshd.service
    if that didnt work, try this instead
    sudo systemctl reload ssh.service

time to reboot the system

yeah, you heard me. it is time to check if the settings work after a reboot. for a nice and easy way to let it restart without yanking the power cable out (c|v):

sudo reboot

  1. post-reboot, you should now be able to access it again from ssh
    if you remember from just a few lines ago, you should be able to access it by (c|v):

    ssh pi@192.168.x.xxx

  2. update and upgrade the repos.
    we will now update and upgrade the system. to do that (c|v)
    sudo apt update && sudo apt full-upgrade
    and if you are not familiar with the command, it basically means “stupid machine update the source list where you get updates && stupid machine from that list install the available upgrades”
    i am very pedagogically correct with computer stuff /satire

with me so far?

good. because my hyperactive ass personality is ready to shove some pleroma into your system.
prepare your pi-chan machine.

  1. erlang is a bit of a bitch
    because the right version of erlang stuff is not available from the debian repositories, we have to fetch it from the erlang website.
    to get the armhf (aka the processor stuff on the pi) version (c|v):

    echo "deb https://packages.erlang-solutions.com/debian stretch contrib" | sudo tee /etc/apt/sources.list.d/erlang-solutions.list
    wget https://packages.erlang-solutions.com/debian/erlang_solutions.asc
    sudo apt-key add erlang_solutions.asc && sudo apt update

  2. getting prepared for pleroma. nyaa~~
    the stuff you need here is:

    postgresql (9.6+)
    postgresql-contrib (9.6+)
    elixir (1.5+)
    erlang-dev
    erlang-tools
    erlang-parsetools
    erlang-xmerl
    git
    build-essential
    ssh
    openssl
    nginx (preferred, example configs for other reverse proxies can be found in the repo)
    certbot (or any other acme client for lets encrypt certificates)
    programing socks (comes later in the process, if applied now, adds +2 to intelligence and +1 to wisdom to character stats)
    cat girl folder (optional, but not really required unless you start contributing)
    from now on, you just (c|v):

    sudo apt install git build-essential openssl ssh sudo postgresql postgresql-contrib elixir erlang-dev erlang-parsetools erlang-xmerl erlang-tools

  3. create a meuw~ user
    have you learned the perfect technique of (c|v) yet? if so apply it here:

    sudo useradd -r -s /bin/false -m -d /var/lib/pleroma -U pleroma

  4. prepare to clone the git stuff
    git it?
    no worries, me neither. i just know the holy combo (c|v)

    `sudo mkdir -p /opt/pleroma && sudo chown -R pleroma:pleroma /opt/pleroma

fork pleroma

after reading a long thread about gentoo and pleroma from anna, i have come to the conclusion that you should fork pleroma before i clone it.
after all, it saves your chesticles when you are to upgrade to a newer release and git refuses to upgrade before you take some kind of backup of your local changes.
to save your precious instance modifications, fork it first, then clone.

  1. register a git user on git.pleroma.social
    i hope you know how to register a user on a website, so that step i wont help you with (unless you mail me at vala[at]tfwno(.)gf, asking for it specifically).

  2. spork
    (as i am writing this, i am testing out how to fork as i havent done that shit in ages).
    after creating an user, and confirmed it if you have to(?), you go to this specific repository (project page with lots of files).
    this part will probably be updated when the other guide i am reading gets finished. probably

    https://git.pleroma.social/pleroma/pleroma
    click [fork]
    select your username
    congrats, you have now forked the codebase.

  3. time to clone the fork (so we have two forks)
    this time i cant let you copy paste like usual, because you have your own fork. just like i wouldnt take a fork you have licked on. unless you are my type. dont judge me too hard here.
    change yourusername to your git username without the dumb characters.

    sudo -Hu pleroma git clone https://git.pleroma.social/"yourusername"/pleroma /opt/pleroma

  4. slide into those pleroma dirs
    have you heard of my lord and saviour (c|v)?:

    cd /opt/pleroma

  5. witching and hexing
    did you know pleroma runs on witchcraft, cofe and smug anime avatars?
    the more you know…
    (when it asks for anything to be installed, say yes to that dress uwu.)

    sudo -Hu pleroma mix deps.get

  6. generating the configuration
    now it is time to let the gray matter utilize its potential. we are going to answer some questions here, dont worry i will not be looking through your answers.
    (when it asks for you to install rebar3, you answer the same as to free candy. yes of course)

    sudo -Hu pleroma mix pleroma.instance gen

  7. you managed to say yes, huh?
    good for you pal, have an internet cookie.
    now we are just going to check in on the file we created just now. it is located in /opt/pleroma/config and is named generated_config.exs. so lets open it with a scawy uwu command line text editor again. hold my paw~hand if you feel scared as we (c|v):

    sudo nano /opt/pleroma/config/generated_config.exs

configuring pleroma

now that it didnt burn down the whole room opened nicely, lets look through the file.
a few things you might want to take a look at is:

limit: 5000, (how many characters your users will have to express themselves with per post)
registrations_open: true, (if you are making a single user instance, this will have to be closed after you make your user)

in my case, i was looking for a way to get those “wall of text” length posts, so i increased the “limit: 5000” to “limit: 42069”.
because i can. there is no admin around to tell me what to do here.

  1. now, to the actual editing of the file
    remember that most of this is stuff i have no clue what does, so dont ask me what to do if it your hand get stuck in a toaster.

  2. now, we run what it tells us to
    run mv as sudo. it wont do anything without.
    (c|v) like usual:

    sudo -Hu postgres psql -f 'config/setup_db.psql'
    sudo mv '/opt/pleroma/config/generated_config.exs' '/opt/pleroma/config/prod.secret.exs'

  3. the great database migration
    time to get the database into some action here with the good ol (c|v)

    sudo -Hu pleroma MIX_ENV=prod mix ecto.migrate

  4. and start the local server

    sudo -Hu pleroma MIX_ENV=prod mix phx.server

  5. test if it kind of works on the machine
    do not close the terminal for now, as it will shut down the server open your browser and go to the local ip of the site (something along the lines of http://192.168.0.110:4000/ or something). the site is served from port 4000, so add that after the local-ip.
    on my machine it was http://192.168.0.110:4000/.
    this address is not the same as your ip when browsing the net

if it works, you should see the user interface of pleroma and the command line will output whatever you are doing. great, you just installed pleroma!

  1. kill it
    yeah, you heard me. you do so by:

    ctrl+c followed by [k] and then ctrl+c again

we are not done yet

the worst is actually yet to come, as we have to figure out how to actually announce the service and connect it to the rest of the network. for that, we need nginx (pronounced engine-x), a systemd thing that makes it run when you turn the raspberry pi on and of course you need to create an admin account on your instance. the priority list goes like this:

nginx
certbot (highly recommended obligatory to secure the traffic to and from the server with https)
systemd (some people hate it, but when it works, it is pretty ok)
make yourself administrator
optional: customize the different parts of the interface from default to your liking (if you forked the pleroma repo, this step gets way easier to have consistent when upgrading versions).

  1. nginx
    open a new terminal window and lets install nginx (c|v):

    sudo apt-get install nginx -y

  2. certbot
    to encrypt the traffic between your devices and the pleroma server, so nobody steals your original memes and post them before you reach the server (c|v):

    sudo apt-get install certbot python3-certbot-nginx -y

  3. get started with the nginx configuration
    remember that stuff that starts with 192.168.x.xxx is not a domain you can reach outside your network and 127.0.0.1 is the same as localhost.
    none of these will do for your site. you have to use either a static ip you own, or gamble that your dynamic ip doesnt change that often and have to deal with it as it changes.
    a third alternative is to get a dynamic dns, but that is something i am unable to help you with because i am an idiot.
    to be able to confirm that you own a domain, you have to set it to the *public ip* of your pi in the domain registrars settings.
    this, i cant help you with the domain registrar stuff, but (c|v):

    curl ifconfig.me
    will output the ip your computer is showing on the world wide web.

  4. adding your domain to the nginx config bear with me here as this is a going to be a long one (c|v):

    sudo nano /opt/pleroma/installation/pleroma.nginx
    ctrl+w
    crtl+r
    type in ‘example.tld’
    enter
    replace with yourdomain.tld
    enter
    ctrl+x followed by [y] and [enter]

  5. get that ssl cert for free baby
    this one is clean copy and paste, just enter the details about your instance at the prompts.
    it will also ask you to agree to the letsencrypt terms and conditions for using the service. might be worth to read through, but as with most terms and conditions, people tend to just say yes.
    the second thing it will ask is if you want to recieve news from eff. unless you like to recieve mail, say no. now lets (c|v):

    sudo certbot --nginx
    go ahead and follow the prompts, telling it your domain, email, etc

  6. now we move that to the nginx folders
    this makes nginx recognize that you want this to be accessible outside of your own network, something i personally find practical for running a social media.
    like you have done times before now, (c|v) that stuff:

    sudo cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx
    sudo ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx

  7. start the nginx

    sudo systemctl enable --now nginx.service
    sudo systemctl start nginx.service
    congrats, you have now managed to install nginx and set it up to provide you memes over that sweet, sweet ssl encryption.

pleroma + systemd = angery arch users

the install should have some nifty files that you can slot into your services and stuff, so we will add a pleroma.service file to systemd so that we can control it like any other service.

sudo cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
sudo systemctl enable --now pleroma.service

congratulations, your pleroma instance is online and ready to serve the world. if only it had some users…

creating an administrator

time to create your first user on a selfhosted instance. this is a big moment and it is okay to fetch a camera to save the moment for all of eternity.
to create an admin account, we go (c|v):

sudo -Hu pleroma MIX_ENV=prod mix pleroma.user new username your@emailaddress.com --admin

you are done?

yeah, after doing all the steps here, you are actually running a fully fletched pleroma instance on the world wide interwebz. only your domain provider, local laws, isp, broken internet connection and broken power lines can stop you now. use that power for the greater good, and take a moment to consider donating to pleroma for futher development.

words of acknowledgement

i would like to personally thank jg for helping me write this post and giving me complete access to his raspberry pi for testing the guide.
seliph, who have yelled on my lazy ass when i asked for it, so i could finish the post within reasonable time.
tA have been around, let me be a tard on his instance and helped me with my own instance, so thank you for that.
anna for the post that opened my eyes to the forking option.
the rest of the wll crew for giving me the motivation to write this in the first place (°_°)/

backstreets back, alright!