Skip to content

Instantly share code, notes, and snippets.

@vim13
Last active April 22, 2017 11:38
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save vim13/b32c25ba2cc53e3415bac103c49403cc to your computer and use it in GitHub Desktop.
#さくらVPS Ubuntu16.04 Docker
$ sudo apt-get update
$ sudo apt-get upgrade
$ sudo adduser mastodon
$ sudo gpasswd -a mastodon sudo
# /etc/iptables/iptables.rules
/etc/iptables/iptables.rules
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# 変更の反映
sudo iptables-restore < /etc/iptables/iptables.rules
# ルールの確認
sudo iptables -L -n -v
# OS再起動
$ mastodon@sszk.sk
$ sudo apt-get install apt-transport-https
$ sudo apt-get install ca-certificates
$ sudo apt-get install curl
$ sudo apt-get install software-properties-common
#DockerのGPG鍵を追加
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
#公式のリポジトリを追加
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable”
$ sudo apt-get update
$ sudo apt-get install docker-ce
#自身が root 権限がなくても docker コマンドを使えるように
$ sudo usermod -aG docker $USER
#再ログイン
$ sudo su
# curl -L https://github.com/docker/compose/releases/download/1.12.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
# chmod +x /usr/local/bin/docker-compose
$ git clone https://github.com/tootsuite/mastodon
$ cd mastodon
#永続化されるよう、docker-compose.yml のコメントアウト削除
db:
restart: always
image: postgres:alpine
volumes:
- ./postgres:/var/lib/postgresql/data
redis:
restart: always
image: redis:alpine
volumes:
- ./redis:/data
$ cp .env.production.sample .env.production
$ docker-compose build
#以下を3回してキー3つメモ
$ docker-compose run --rm web rake secret
# .env.production
# Service dependencies
REDIS_HOST=redis
REDIS_PORT=6379
DB_HOST=db
DB_USER=postgres
DB_NAME=postgres
DB_PASS=
DB_PORT=5432
# Federation
LOCAL_DOMAIN=mastodon.jtwp470.net
#仮にport80使うのでfalse
LOCAL_HTTPS=false
# Application secrets
# Generate each with the `rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
PAPERCLIP_SECRET=xxx
SECRET_KEY_BASE=xxx
OTP_SECRET=xxx
# Optionally change default language
DEFAULT_LOCALE=ja
# E-mail configuration
# Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers
SMTP_SERVER=smtp.gmail.com
SMTP_PORT=587
SMTP_LOGIN=example@gmail.com
#2段階認証ON,アプリパスワード取得
SMTP_PASSWORD=
SMTP_FROM_ADDRESS=example@gmail.com
#SMTP_DOMAIN=gmail.com
#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
#SMTP_AUTH_METHOD=plain
SMTP_OPENSSL_VERIFY_MODE=none
#SMTP_ENABLE_STARTTLS_AUTO=true
#データベースのマイグレーション、フロントエンドのプリコンパイル
$ docker-compose run --rm web rails db:migrate
$ docker-compose run --rm web rails assets:precompile
$ docker-compose up -d
$ sudo apt-get install nginx
#/etc/nginx/conf.d/mastodon_proxy.conf
server {
listen 80;
server_name mastodon.example.com;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
location / {
proxy_pass http://127.0.0.1:3000;
}
}
$ sudo systemctl enable nginx
$ sudo systemctl restart nginx
#承認
$ docker-compose exec web bundle exec rails mastodon:confirm_email USER_EMAIL=example@example.com
#HTTPS化
#Certbotインストール
ーーーーー
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot nginx
ーーーーーー
$ cd /usr/local
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt ka
$ ./letsencrypt-auto —help
$ systemctl stop nginx
$ ./certbot-auto certonly --standalone -d mstdn.sszk.sk -m mstdn.sszk@gmail.com --agree-tos -n
$ cd /etc/ssl/certs
$ sudo openssl dhparam 2096 -out dhparam.pem
$ sudo vi /etc/nginx/conf.d/mastodon_proxy.conf
#https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Production-guide.mdからコピー
#ドメイン部分変更
$sudo vi .env.production
#https を true
SMTP_SERVER=smtp.gmail.com
SMTP_PORT=587
SMTP_LOGIN=example@example.com
SMTP_PASSWORD=xxxxxxxxxx
SMTP_FROM_ADDRESS=example@example.com
SMTP_DOMAIN=gmail.com
#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
SMTP_AUTH_METHOD=plain
#SMTP_OPENSSL_VERIFY_MODE=none
SMTP_ENABLE_STARTTLS_AUTO=true
$ sudo systemctl start nginx
$ crontab -e
0 2,5 */7 * * root systemctl stop nginx && /usr/local/letsencrypt/letsencrypt-auto renew --force-renew && systemctl start nginx
#mastodon update
$ docker-compose stop
$ git pull
$ docker-compose build
$ docker-compose up -d
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment