Last active
April 22, 2017 11:38
Star
You must be signed in to star a gist
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#さくらVPS Ubuntu16.04 Docker | |
$ sudo apt-get update | |
$ sudo apt-get upgrade | |
$ sudo adduser mastodon | |
$ sudo gpasswd -a mastodon sudo | |
# /etc/iptables/iptables.rules | |
/etc/iptables/iptables.rules | |
*filter | |
:INPUT ACCEPT [0:0] | |
:FORWARD ACCEPT [0:0] | |
:OUTPUT ACCEPT [0:0] | |
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT | |
-A INPUT -p icmp -j ACCEPT | |
-A INPUT -i lo -j ACCEPT | |
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT | |
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT | |
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT | |
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3000 -j ACCEPT | |
-A INPUT -j REJECT --reject-with icmp-host-prohibited | |
-A FORWARD -j REJECT --reject-with icmp-host-prohibited | |
COMMIT | |
# 変更の反映 | |
sudo iptables-restore < /etc/iptables/iptables.rules | |
# ルールの確認 | |
sudo iptables -L -n -v | |
# OS再起動 | |
$ mastodon@sszk.sk | |
$ sudo apt-get install apt-transport-https | |
$ sudo apt-get install ca-certificates | |
$ sudo apt-get install curl | |
$ sudo apt-get install software-properties-common | |
#DockerのGPG鍵を追加 | |
$ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add - | |
#公式のリポジトリを追加 | |
$ sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable” | |
$ sudo apt-get update | |
$ sudo apt-get install docker-ce | |
#自身が root 権限がなくても docker コマンドを使えるように | |
$ sudo usermod -aG docker $USER | |
#再ログイン | |
$ sudo su | |
# curl -L https://github.com/docker/compose/releases/download/1.12.0/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose | |
# chmod +x /usr/local/bin/docker-compose | |
$ git clone https://github.com/tootsuite/mastodon | |
$ cd mastodon | |
#永続化されるよう、docker-compose.yml のコメントアウト削除 | |
db: | |
restart: always | |
image: postgres:alpine | |
volumes: | |
- ./postgres:/var/lib/postgresql/data | |
redis: | |
restart: always | |
image: redis:alpine | |
volumes: | |
- ./redis:/data | |
$ cp .env.production.sample .env.production | |
$ docker-compose build | |
#以下を3回してキー3つメモ | |
$ docker-compose run --rm web rake secret | |
# .env.production | |
# Service dependencies | |
REDIS_HOST=redis | |
REDIS_PORT=6379 | |
DB_HOST=db | |
DB_USER=postgres | |
DB_NAME=postgres | |
DB_PASS= | |
DB_PORT=5432 | |
# Federation | |
LOCAL_DOMAIN=mastodon.jtwp470.net | |
#仮にport80使うのでfalse | |
LOCAL_HTTPS=false | |
# Application secrets | |
# Generate each with the `rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose) | |
PAPERCLIP_SECRET=xxx | |
SECRET_KEY_BASE=xxx | |
OTP_SECRET=xxx | |
# Optionally change default language | |
DEFAULT_LOCALE=ja | |
# E-mail configuration | |
# Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers | |
SMTP_SERVER=smtp.gmail.com | |
SMTP_PORT=587 | |
SMTP_LOGIN=example@gmail.com | |
#2段階認証ON,アプリパスワード取得 | |
SMTP_PASSWORD= | |
SMTP_FROM_ADDRESS=example@gmail.com | |
#SMTP_DOMAIN=gmail.com | |
#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail | |
#SMTP_AUTH_METHOD=plain | |
SMTP_OPENSSL_VERIFY_MODE=none | |
#SMTP_ENABLE_STARTTLS_AUTO=true | |
#データベースのマイグレーション、フロントエンドのプリコンパイル | |
$ docker-compose run --rm web rails db:migrate | |
$ docker-compose run --rm web rails assets:precompile | |
$ docker-compose up -d | |
$ sudo apt-get install nginx | |
#/etc/nginx/conf.d/mastodon_proxy.conf | |
server { | |
listen 80; | |
server_name mastodon.example.com; | |
proxy_set_header Host $host; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header X-Forwarded-Host $host; | |
proxy_set_header X-Forwarded-Server $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
location / { | |
proxy_pass http://127.0.0.1:3000; | |
} | |
} | |
$ sudo systemctl enable nginx | |
$ sudo systemctl restart nginx | |
#承認 | |
$ docker-compose exec web bundle exec rails mastodon:confirm_email USER_EMAIL=example@example.com | |
#HTTPS化 | |
#Certbotインストール | |
ーーーーー | |
$ sudo add-apt-repository ppa:certbot/certbot | |
$ sudo apt-get update | |
$ sudo apt-get install certbot nginx | |
ーーーーーー | |
$ cd /usr/local | |
$ git clone https://github.com/letsencrypt/letsencrypt | |
$ cd letsencrypt ka | |
$ ./letsencrypt-auto —help | |
$ systemctl stop nginx | |
$ ./certbot-auto certonly --standalone -d mstdn.sszk.sk -m mstdn.sszk@gmail.com --agree-tos -n | |
$ cd /etc/ssl/certs | |
$ sudo openssl dhparam 2096 -out dhparam.pem | |
$ sudo vi /etc/nginx/conf.d/mastodon_proxy.conf | |
#https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Production-guide.mdからコピー | |
#ドメイン部分変更 | |
$sudo vi .env.production | |
#https を true | |
SMTP_SERVER=smtp.gmail.com | |
SMTP_PORT=587 | |
SMTP_LOGIN=example@example.com | |
SMTP_PASSWORD=xxxxxxxxxx | |
SMTP_FROM_ADDRESS=example@example.com | |
SMTP_DOMAIN=gmail.com | |
#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail | |
SMTP_AUTH_METHOD=plain | |
#SMTP_OPENSSL_VERIFY_MODE=none | |
SMTP_ENABLE_STARTTLS_AUTO=true | |
$ sudo systemctl start nginx | |
$ crontab -e | |
0 2,5 */7 * * root systemctl stop nginx && /usr/local/letsencrypt/letsencrypt-auto renew --force-renew && systemctl start nginx | |
#mastodon update | |
$ docker-compose stop | |
$ git pull | |
$ docker-compose build | |
$ docker-compose up -d |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment