搭建 Mastodon 实例 | How to install a Mastodon instance

搭建 Mastodon 实例比较耗内存以及宽带,要想好哦 ~

这里有几个推荐的中文 Mastodon 实例

2017 年 9 月 12 日更新手动方式安装

1、手动安装

一步一步安装 Mastodon 实例,Ubuntu 16.04 LTS,root 环境。推荐内存大于 2G,若为 KVM 内存小于 2G,可以设置个 SWAP

搭建 Mastodon

更新系统并安装 Nodejs

apt-get update && apt-get upgrade -y && apt-get install imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev git curl wget zip vim -y && curl -sL https://deb.nodesource.com/setup_6.x | bash - && apt-get install nodejs && npm install -g yarn

安装 PostgresSQL 及 Redis 数据库

apt-get install redis-server redis-tools postgresql postgresql-contrib -y

创建数据库用户

su - postgres
psql
CREATE USER mastodon CREATEDB;
\q
exit

使用户可以免密码登陆

sed -i '/^local.*postgres.*peer$/a host all     all     127.0.0.1/32    ident' \
/etc/postgresql/9.?/main/pg_hba.conf

安装 ident daemon

apt-get install pidentd
systemctl enable pidentd
systemctl start pidentd
systemctl restart postgresql

安装 Ruby

安装依赖

apt-get install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev libidn11-dev pkg-config libprotobuf-dev protobuf-compiler -y

新建 Mastodon 用户并切换过去

adduser --disabled-password --disabled-login mastodon
su - mastodon

安装 rbenv and rbenv-build

git clone https://github.com/rbenv/rbenv.git ~/.rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
source ~/.bashrc

退出以生效

exit

重新切换回去

su - mastodon
git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build

然后为 Mastodon 用户安装 ruby 2.4.1, install 的时候大概会卡 10 分钟

rbenv install 2.4.1
rbenv global 2.4.1

检测是否安装成功

ruby -v

开始安装 Mastodon

cd ~
git clone https://github.com/tootsuite/mastodon.git live
cd live
git checkout $(git tag | tail -n 1)

安装 bundler

echo "gem: --no-document" > ~/.gemrc
gem install bundler --no-ri

开始安装

bundle install --deployment --without development test
yarn install

复制配置文件并编辑

cp .env.production.sample .env.production
vim .env.production

然后编辑以下内容

# 数据库
REDIS_HOST=localhost
REDIS_PORT=6379
DB_HOST=/var/run/postgresql
DB_USER=mastodon
DB_NAME=mastodon_production
DB_PASS=
DB_PORT=5432

# 域名

LOCAL_DOMAIN=yourdomain.com
LOCAL_HTTPS=true

# 发件设置,推荐使用 Mailgun
# E-mail configuration
SMTP_SERVER=mail.yourdomain.com
SMTP_PORT=587
[email protected]
SMTP_PASSWORD=YourPassword
[email protected]

# 保存退出后,执行 3 次 'RAILS_ENV=production bundle exec rake secret' 并将结果分别填入下方
PAPERCLIP_SECRET=
SECRET_KEY_BASE=
OTP_SECRET=

# 保存退出后,执行 1 次 `RAILS_ENV=production bundle exec rake mastodon:webpush:generate_vapid_key` 并将结果填入下方内容
VAPID_PRIVATE_KEY=
VAPID_PUBLIC_KEY=

同步数据库

RAILS_ENV=production bundle exec rails db:setup

同步静态资源

RAILS_ENV=production bundle exec rails assets:precompile

退出 Mastodon 用户

exit

将 Mastodon 加入系统服务

Web service

vim /etc/systemd/system/mastodon-web.service
[Unit]
 Description=mastodon-web
 After=network.target
 
[Service]
Type=simple
User=mastodon
WorkingDirectory=/home/mastodon/live
Environment="RAILS_ENV=production"
Environment="PORT=3000"
ExecStart=/home/mastodon/.rbenv/shims/bundle exec puma -C config/puma.rb
TimeoutSec=15
Restart=always

[Install]
WantedBy=multi-user.target

Background service

vim /etc/systemd/system/mastodon-sidekiq.service
[Unit]
 Description=mastodon-sidekiq
 After=network.target

[Service]
 Type=simple
 User=mastodon
 WorkingDirectory=/home/mastodon/live
 Environment="RAILS_ENV=production"
 Environment="DB_POOL=5"
 ExecStart=/home/mastodon/.rbenv/shims/bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push
 TimeoutSec=15
 Restart=always

[Install]
 WantedBy=multi-user.target

API service

vim /etc/systemd/system/mastodon-streaming.service
[Unit]
 Description=mastodon-streaming
 After=network.target

[Service]
 Type=simple
 User=mastodon
 WorkingDirectory=/home/mastodon/live
 Environment="NODE_ENV=production"
 Environment="PORT=4000"
 ExecStart=/usr/bin/npm run start
 TimeoutSec=15
 Restart=always

[Install]
 WantedBy=multi-user.target

启用系统服务

systemctl enable /etc/systemd/system/mastodon-*.service

运行 Mastodon

systemctl start mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service

为 Mastodon 加入定时任务

crontab -u mastodon -e
RAILS_ENV=production
@daily cd /home/mastodon/live && RAILS_ENV=production /home/mastodon/.rbenv/shims/bundle exec rails mastodon:media:remove_remote

安装 Nginx 及配置 SSL

安装 acme.sh 以生成 SSL 证书

curl -L get.acme.sh | bash - && cp /root/.acme.sh/acme.sh /usr/local/bin/ && chmod +x /usr/local/bin/acme.sh

将域名解析到 VPS 所在 IP,能访问了以后,签发证书

acme.sh --issue --standalone -d example.com

生成的

/root/.acme.sh/example.com/fullchain.cer
/root/.acme.sh/example.com/example.com.key

是我们需要的,安装 Nginx

wget -O - https://nginx.org/keys/nginx_signing.key | sudo apt-key add - && echo "deb http://nginx.org/packages/mainline/ubuntu/ $(lsb_release -sc) nginx" > /etc/apt/sources.list.d/nginx.list && apt-get update && apt-get install nginx

创建配置文件

vim /etc/nginx/conf.d/mastodon.conf
map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

server {
  listen 80;
  listen [::]:80;
  server_name example.com;
  # Useful for Let's Encrypt
  location /.well-known/acme-challenge/ { allow all; }
  location / { return 301 https://$host$request_uri; }
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name example.com;

  ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;

  ssl_certificate /root/.acme.sh/example.com/example.com.cer;
  ssl_certificate_key /root/.acme.sh/example.com/example.com.key;

  keepalive_timeout    70;
  sendfile on;
  client_max_body_size 0;

  root /home/mastodon/live/public;

  gzip on;
  gzip_disable "msie6";
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_buffers 16 8k;
  gzip_http_version 1.1;
  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

  add_header Strict-Transport-Security "max-age=31536000";

  location / {
    try_files $uri @proxy;
  }

  location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
    add_header Cache-Control "public, max-age=31536000, immutable";
    try_files $uri @proxy;
  }

  location @proxy {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Proxy "";
    proxy_pass_header Server;

    proxy_pass http://127.0.0.1:3000;
    proxy_buffering off;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    tcp_nodelay on;
  }

  location /api/v1/streaming {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Proxy "";

    proxy_pass http://127.0.0.1:4000;
    proxy_buffering off;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    tcp_nodelay on;
  }

  error_page 500 501 502 503 504 /500.html;
}

运行 Nginx

service nginx start

然后注册一个账号,设置为管理员:

su - mastodon
cd ~/live
RAILS_ENV=production bundle exec rails mastodon:make_admin USERNAME=your-user-name

更新 Mastodon

su - mastodon
cd ~/live
gem install bundler --no-ri
git fetch
git checkout v1.X.X
bundle install --deployment --without development test
NODE_ENV=production npm upgrade --global yarn
yarn install
RAILS_ENV=production bundle exec rails assets:clean
RAILS_ENV=production bundle exec rails assets:precompile
RAILS_ENV=production bundle exec rails db:migrate
exit

然后重启

systemctl restart mastodon-web.service mastodon-sidekiq.service mastodon-streaming.service

2、Docker 方式安装

以下环境为基于 KVM 虚化的 Debian 8, root 用户

VPS 内存

必须为基于 KVM/XEN/HyperV 虚化的 VPS,基于 OpenVZ 虚化的 VPS 不行。推荐内存为 2G 以上,如果内存小于 2G 的话,可以设置个 Swap

dd if=/dev/zero of=/var/swap bs=1024 count=1048576 && mkswap /var/swap && swapon /var/swap && echo '/var/swap   swap   swap   default 0 0' >> /etc/fstab

安装 Docker、Nginx 及 Docker Composer

先查看 VPS 内核是否大于 3.10

uname -r

一般来说 KVM 虚化下的 Debian 8 内核是 3.16,支持 Docker

安装 Docker CE 及 Nginx

wget http://nginx.org/keys/nginx_signing.key && apt-key add nginx_signing.key && rm nginx_signing.key && echo "deb http://nginx.org/packages/mainline/ubuntu/ xenial nginx" >> /etc/apt/sources.list.d/nginx.list && echo "deb-src http://nginx.org/packages/mainline/ubuntu/ xenial nginx  " >> /etc/apt/sources.list.d/nginx.list && echo "deb http://httpredir.debian.org/debian/ jessie-backports main contrib non-free" >> /etc/apt/sources.list.d/backports.list && echo "deb-src http://httpredir.debian.org/debian/ jessie-backports main contrib non-free" >> /etc/apt/sources.list.d/backports.list && apt-get update && apt-get -y install apt-transport-https ca-certificates curl software-properties-common git vim wget && curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - && add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/debian  $(lsb_release -cs) stable" && apt-get update && apt-get install -t jessie-backports openssl -y && apt-get -y install docker-ce nginx

安装 Docker Compose

curl -L https://github.com/docker/compose/releases/download/1.13.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose

安装 Mastodon

Clone Mastodon

mkdir /home/mastodon && git clone https://github.com/tootsuite/mastodon.git /home/mastodon/live && cd /home/mastodon/live

编辑 .env.production 配置文件

cp .env.production.sample .env.production && vim .env.production

i 进入编辑模式

# 以下两项保持不动
REDIS_HOST=redis
REDIS_PORT=6379

# 以下五项保持不动
DB_HOST=db
DB_USER=postgres
DB_NAME=postgres
DB_PASS=
DB_PORT=5432

# 你的域名
LOCAL_DOMAIN=example.com 
LOCAL_HTTPS=true

# 以下三项稍后设置
PAPERCLIP_SECRET=
SECRET_KEY_BASE=
OTP_SECRET=

# 若只是自己一个人用,去掉下方的井号
# SINGLE_USER_MODE=true

# 邮件设置,去 https://mailgun.com 注册账号并验证域名
SMTP_SERVER=smtp.mailgun.org
SMTP_PORT=587
# SMTP_LOGIN 为 SMTP 登陆用户,例如 [email protected]
SMTP_LOGIN=
# SMTP 密码
SMTP_PASSWORD=
# 发件人
[email protected]

# 默认图片储存在本地,你也可以配置储存到 AWS S3 上
# S3 (optional)
# S3_ENABLED=true
# S3_BUCKET=
# AWS_ACCESS_KEY_ID=
# AWS_SECRET_ACCESS_KEY=
# S3_REGION=
# S3_PROTOCOL=http
# S3_HOSTNAME=192.168.1.123:9000

# 其余保持不动

编辑完毕后,按 ESC 退出编辑模式,输入 :wq 保存退出

编译镜像

docker-compose build

生成密钥

以下命令需要运行 3 次,每运行一次后,需要将生成结果最下方一长串字符分别复制到 .env.production 文件稍后设置的那三项
PAPERCLIP_SECRET SECRET_KEY_BASE OTP_SECRET 等于号后面,用单引号包裹(PAPERCLIP_SECRET='XXXXXXXX'

docker-compose run --rm web rake secret

创建数据库

docker-compose run --rm web rake db:migrate

同步静态资源

docker-compose run --rm web rake assets:precompile

后台运行

docker-compose up -d

配置 Nginx

安装 acme.sh 以生成 SSL 证书

curl -L get.acme.sh | bash - && cp /root/.acme.sh/acme.sh /usr/local/bin/ && chmod +x /usr/local/bin/acme.sh

将域名解析到 VPS 所在 IP,能访问了以后,签发证书

service nginx stop && acme.sh --issue --standalone -d example.com

生成的

/root/.acme.sh/example.com/fullchain.cer
/root/.acme.sh/example.com/example.com.key

这两个文件是我们需要的

编辑 Nginx 配置文件

vim /etc/nginx/conf.d/live.conf

i 进入编辑模式,粘贴下方内容进去

map $http_upgrade $connection_upgrade {
  default upgrade;
  ''      close;
}

server {
  listen 80;
  listen [::]:80;
  # 将 example.com 更换为您的域名
  server_name example.com;
  location / { return 301 https://$host$request_uri; }
}

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  # 将 example.com 更换为您的域名
  server_name example.com;

  ssl_protocols TLSv1.2;
  ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5; 
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:10m;

  # 将下方证书换成刚才生成的
  ssl_certificate /root/.acme.sh/example.com/fullchain.cer;
  ssl_certificate_key /root/.acme.sh/example.com/example.com.key;

  keepalive_timeout    70;
  sendfile             on;
  client_max_body_size 0;

  root /home/mastodon/live/public;

  gzip on;
  gzip_disable "msie6";
  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_buffers 16 8k;
  gzip_http_version 1.1;
  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

  add_header Strict-Transport-Security "max-age=31536000";

  location / {
    try_files $uri @proxy;
  }

  location ~ ^/(packs|system/media_attachments/files|system/accounts/avatars) {
    add_header Cache-Control "public, max-age=31536000, immutable";
    try_files $uri @proxy;
  }

  location @proxy {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Proxy "";
    proxy_pass_header Server;

    proxy_pass http://127.0.0.1:3000;
    proxy_buffering off;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    tcp_nodelay on;
  }

  location /api/v1/streaming {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto https;
    proxy_set_header Proxy "";

    proxy_pass http://127.0.0.1:4000;
    proxy_buffering off;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;

    tcp_nodelay on;
  }

  error_page 500 501 502 503 504 /500.html;
}

编辑完毕后,按 ESC 退出编辑模式,输入 :wq 保存退出

运行

service nginx start

启动 Nginx,访问您的域名,注册一个用户

然后在终端运行

# 将 用户名 更换为您注册的用户
docker-compose run --rm web rails mastodon:make_admin USERNAME=用户名

大功告成


  2017-09-12     Docker, Debian8, Nginx, mastodon     返回顶部