Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
さくらのVPS+CentOS7でMastodonをインストールするシェルスクリプト。One-liner Mastodon Instance installer for CentOS7.2 on SakuraVPS.
#!/bin/bash
echo ""
echo "-----------------------------"
echo " ╔╦╗╔═╗╔═╗╔╦╗╔═╗╔╦╗╔═╗╔╗╔"
echo " ║║║╠═╣╚═╗ ║ ║ ║ ║║║ ║║║║"
echo " ╩ ╩╩ ╩╚═╝ ╩ ╚═╝═╩╝╚═╝╝╚╝"
echo " Mastodon Installer for"
echo " CentOS 7.x at Sakura VPS"
echo ""
echo ""
echo "Installer version:20171024"
echo "-----------------------------"
# EN:This is a setup script to install an instance of Mastodon on
# CentOS7 at Sakura VPS service.
# JA:このスクリプトはmastodonをさくらのVPSにセットアップします。
# 標準OSインストールの「CentOS7 x86_64」のOSイメージでのみ
# 動作検証しています。(2017.09.20 現在)
#
# EN:How to Install (run below as root)
# JA:インストールの仕方(以下をルート'root'ユーザーで実行してください)
#
# $ cd ~/ && curl https://gist.githubusercontent.com/KEINOS/fb59b95020f0a06fb6448565d84e23cf/raw > install_mastodon.sh && chmod 0755 install_mastodon.sh && ./install_mastodon.sh
#
# LatestScript : https://gist.github.com/KEINOS/fb59b95020f0a06fb6448565d84e23cf
# Reference : https://cloud-news.sakura.ad.jp/startup-script/mastodon/information/
# About SakuraVPS : http://vps.sakura.ad.jp/
# 免責事項 : 自己責任でお願いします。実行している内容はスクリプトの通りです。
export LANG=ja_JP.utf8
# ======================================================================
# Get basic info for installation
# ======================================================================
ask_basic_info_recursively(){
echo
echo -n "マストドンのドメイン名: "
read DOMAIN
echo -n "SSL証明書の更新通知先メールアドレス: "
read MADDR
echo "【設定】"
echo " ドメイン: "$DOMAIN
echo " メール : "$MADDR
echo -n "上記内容でインストールしますか? (y/n/q): "
read install_answer
case $install_answer in
y)
return 0
;;
q)
echo "インストールをキャンセルしました."
exit
;;
*)
echo "不正な入力です。もう一度入力してください。"
ask_basic_info_recursively
;;
esac
}
ask_basic_info_recursively
# ======================================================================
# 事前設定
# ======================================================================
# インストール時の詳細表示(進捗表示)を有効
set -x
# ネットワークの設定読み込み
source /etc/sysconfig/network-scripts/ifcfg-eth0
# ----------------------------------------------------------------------
# リポジトリの追加設定
# ----------------------------------------------------------------------
# epelリポジトリの有効化
yum install -y yum-utils
yum-config-manager --enable epel
# epelリポジトリの追加
yum install -y http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
# node.jsリポジトリ
curl -sL https://rpm.nodesource.com/setup_6.x | bash -
# ======================================================================
# 依存パッケージのインストール
# ======================================================================
# 既存パッケージのアップデート
yum update -y
# 新規パッケージのインストール
yum install -y ImageMagick
yum install -y ffmpeg
yum install -y redis
yum install -y rubygem-redis
yum install -y postgresql-{server,devel,contrib}
yum install -y authd
yum install -y nodejs
yum install -y {openssl,readline,zlib,libxml2,libxslt,protobuf,ffmpeg,libidn,libicu}-devel
yum install -y protobuf-compiler
yum install -y nginx
yum install -y jq
yum install -y bind-utils
npm install -g yarn
# ======================================================================
# インストール済み依存パッケージの設定
# ======================================================================
# ----------------------------------------------------------------------
# postgresql, redisの設定と起動
# ----------------------------------------------------------------------
export PGSETUP_INITDB_OPTIONS="--encoding=UTF-8 --no-locale"
postgresql-setup initdb
sed -i "s/ident/trust/" /var/lib/pgsql/data/pg_hba.conf
# サービスの起動(postgresql, redis)
systemctl enable postgresql redis
systemctl start postgresql redis
# 'mastodon'ユーザーでDBを作成
su - postgres -c "createuser --createdb mastodon"
# ----------------------------------------------------------------------
# 'mastodn'のユーザー作成
# ----------------------------------------------------------------------
useradd mastodon
# ----------------------------------------------------------------------
# 'mastodon'のセットアップスクリプトの作成
# ----------------------------------------------------------------------
SETUP=/home/mastodon/setup.sh
cat << _EOF_ > ${SETUP}
REPO=https://github.com/sstephenson
git clone \${REPO}/rbenv.git ~/.rbenv
echo 'export PATH="~/.rbenv/bin:$PATH"' >> ~/.bash_profile
source ~/.bash_profile
rbenv init - >> ~/.bash_profile
source ~/.bash_profile
git clone \${REPO}/ruby-build.git ~/.rbenv/plugins/ruby-build
git clone https://github.com/tootsuite/mastodon.git live
cd live
git checkout \$(git tag|grep -v rc|tail -1)
cd ..
RV=\$(cat live/.ruby-version)
rbenv install \${RV}
rbenv global \${RV}
rbenv rehash
cd live
gem install bundler
bundle install --deployment --without development test
yarn install --pure-lockfile
cp .env.production{.sample,}
export RAILS_ENV=production SAFETY_ASSURED=1
SKB=\$(bundle exec rake secret)
PS=\$(bundle exec rake secret)
OS=\$(bundle exec rake secret)
sed -i -e "s/_HOST=[rd].*/_HOST=localhost/" \
-e "s/=postgres$/=mastodon/" \
-e "s/^LOCAL_DOMAIN.*/LOCAL_DOMAIN=${DOMAIN}/" \
-e "s/^LOCAL_HTTPS.*/LOCAL_HTTPS=true/" \
-e "s/^SMTP_SERVER.*/SMTP_SERVER=localhost/" \
-e "s/^SMTP_PORT=587/SMTP_PORT=25/" \
-e "s/^SMTP_LOGIN/#SMTP_LOGIN/" \
-e "s/^SMTP_PASSWORD/#SMTP_PASSWORD/" \
-e "s/^#SMTP_AUTH_METHOD.*/SMTP_AUTH_METHOD=none/" \
-e "s/^SMTP_FROM_ADDRESS.*/SMTP_FROM_ADDRESS=${MADDR}/" \
-e "s/^SECRET_KEY_BASE=/SECRET_KEY_BASE=\${SKB}/" \
-e "s/^PAPERCLIP_SECRET=/PAPERCLIP_SECRET=\${PS}/" \
-e "s/^OTP_SECRET=/OTP_SECRET=\${OS}/" .env.production
export \$(bundle exec rake mastodon:webpush:generate_vapid_key)
sed -i -e "s/^VAPID_PRIVATE_KEY=/VAPID_PRIVATE_KEY=\${VAPID_PRIVATE_KEY}/" \
-e "s/^VAPID_PUBLIC_KEY=/VAPID_PUBLIC_KEY=\${VAPID_PUBLIC_KEY}/" .env.production
bundle exec rails db:setup
bundle exec rails assets:precompile
_EOF_
chmod 0755 ${SETUP}
chown mastodon. ${SETUP}
# ----------------------------------------------------------------------
# 'mastodon'のインストールスクリプトの実行('mastodon'ユーザーで実行)
# ----------------------------------------------------------------------
echo "---------------------------------------------"
echo " Mastodonのセットアップ開始(${SETUP} を実行)"
echo "---------------------------------------------"
su - mastodon -c "/bin/bash ${SETUP}"
echo ""
echo ""
echo " Mastodonのセットアップ終了"
echo "---------------------------------------------"
# ----------------------------------------------------------------------
# サービスの作成 'mastodon-web.service'
# ----------------------------------------------------------------------
SDIR=/etc/systemd/system
cat << "_EOF_" > ${SDIR}/mastodon-web.service
[Unit]
Description=mastodon-web
After=network.target
[Service]
Type=simple
User=mastodon
WorkingDirectory=/home/mastodon/live
Environment="RAILS_ENV=production"
Environment="PORT=3000"
ExecStart=/home/mastodon/.rbenv/shims/bundle exec puma -C config/puma.rb
TimeoutSec=15
Restart=always
[Install]
WantedBy=multi-user.target
_EOF_
# ----------------------------------------------------------------------
# サービスの作成 'mastodon-sidekiq.service'
# ----------------------------------------------------------------------
cat << "_EOF_" > ${SDIR}/mastodon-sidekiq.service
[Unit]
Description=mastodon-sidekiq
After=network.target
[Service]
Type=simple
User=mastodon
WorkingDirectory=/home/mastodon/live
Environment="RAILS_ENV=production"
Environment="DB_POOL=5"
ExecStart=/home/mastodon/.rbenv/shims/bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push
TimeoutSec=15
Restart=always
[Install]
WantedBy=multi-user.target
_EOF_
# ----------------------------------------------------------------------
# サービスの作成 'mastodon-streaming.service'
# ----------------------------------------------------------------------
cat << "_EOF_" > ${SDIR}/mastodon-streaming.service
[Unit]
Description=mastodon-streaming
After=network.target
[Service]
Type=simple
User=mastodon
WorkingDirectory=/home/mastodon/live
Environment="NODE_ENV=production"
Environment="PORT=4000"
ExecStart=/usr/bin/npm run start
TimeoutSec=15
Restart=always
[Install]
WantedBy=multi-user.target
_EOF_
# ----------------------------------------------------------------------
# サービスの起動
# ----------------------------------------------------------------------
systemctl enable mastodon-{web,sidekiq,streaming}
# ----------------------------------------------------------------------
# Webサーバーの設定ファイルの作成(nginx)
# ----------------------------------------------------------------------
sed -i -e 's/user nginx/user mastodon/' -e '1,/location/s/location \/ {/location ^~ \/.well-known\/acme-challenge\/ {}\n\tlocation \/ {\n\t\treturn 301 https:\/\/$host$request_uri;/' /etc/nginx/nginx.conf
chown -R mastodon. /var/{lib,log}/nginx
sed -i 's/ nginx nginx/ mastodon mastodon/' /etc/logrotate.d/nginx
LD=/etc/letsencrypt/live/${DOMAIN}
CERT=${LD}/fullchain.pem
PKEY=${LD}/privkey.pem
cat << _EOF_ > https.conf
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2;
server_name ${DOMAIN};
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_ecdh_curve prime256v1;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate ${CERT};
ssl_certificate_key ${PKEY};
keepalive_timeout 70;
sendfile on;
client_max_body_size 0;
root /home/mastodon/live/public;
server_tokens off;
charset utf-8;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age=31536000";
location / {
try_files \$uri @proxy;
}
location ~ ^/(packs|system/media_attachments/files|system/accounts/avatars) {
add_header Cache-Control "public, max-age=31536000, immutable";
try_files \$uri @proxy;
}
location @proxy {
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://127.0.0.1:3000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$connection_upgrade;
tcp_nodelay on;
}
location /api/v1/streaming {
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass http://localhost:4000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;
}
_EOF_
# ----------------------------------------------------------------------
# Webサーバーの起動(nginx)
# ----------------------------------------------------------------------
systemctl enable nginx
systemctl start nginx
# ----------------------------------------------------------------------
# メーラーの設定(postfix)
# ----------------------------------------------------------------------
cat <<_EOL_>> /etc/postfix/main.cf
myhostname = ${DOMAIN}
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_client_connection_count_limit = 9
disable_vrfy_command = yes
smtpd_discard_ehlo_keywords = dsn, enhancedstatuscodes, etrn
_EOL_
sed -i -e 's/^inet_interfaces.*/inet_interfaces = all/' -e 's/^inet_protocols = all/inet_protocols = ipv4/' /etc/postfix/main.cf
# ----------------------------------------------------------------------
# メーラーの再起動(postfix)
# ----------------------------------------------------------------------
systemctl reload postfix
# ----------------------------------------------------------------------
# ファイアーウォールの設定と再起動(firewall-cmd)
# ----------------------------------------------------------------------
firewall-cmd --permanent --add-port={25,80,443}/tcp
firewall-cmd --reload
# ----------------------------------------------------------------------
# SSL対応(Let's EnctyptのBOTダウンロードと証明書取得)
# Webサイトはデフォルトのページの状態で証明書を取得
# ----------------------------------------------------------------------
CPATH=/usr/local/certbot
git clone https://github.com/certbot/certbot ${CPATH}
WROOT=/usr/share/nginx/html
${CPATH}/certbot-auto -n certonly --webroot -w ${WROOT} -d ${DOMAIN} -m ${MADDR} --agree-tos
if [ ! -f ${CERT} ]
then
echo "証明書の取得に失敗しました"
_motd fail
fi
# ----------------------------------------------------------------------
# Mastodon用の https.conf を移動
# ----------------------------------------------------------------------
mv https.conf /etc/nginx/conf.d/
# ----------------------------------------------------------------------
# SSL対応(Let's Enctypt)の証明書更新(cron設定)
# ----------------------------------------------------------------------
R=${RANDOM}
echo "$((${R}%60)) $((${R}%24)) * * $((${R}%7)) root ${CPATH}/certbot-auto renew --webroot -w ${WROOT} --post-hook 'systemctl reload nginx'" > /etc/cron.d/certbot-auto
# ----------------------------------------------------------------------
# 終了メッセージ
# ----------------------------------------------------------------------
echo "--------------------------------------------------"
echo "セットアップ完了。再起動します"
shutdown -r 1
_motd end
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.