Page 1 of 1

Diaspora installieren unter Ubuntu 16.04 LTS 64 Bit

Posted: Fri 1. May 2015, 16:32
by h3rb3rn
Aktualisierte Fassung vom 11.11.2017

Hier ein einfaches Tutorial um Diaspora Version 0.7.1.x Schritt für Schritt auf einem eigenen Webserver mit Ubuntu 16.04 zu installieren.

Hinweis: bei dieser Anleitung handelt es sich um meine private Dokumentation und nicht um die offizielle Diaspora Installations- und Update Anleitung der Community! Diese findet Ihr unter https://wiki.diasporafoundation.org

Quelle: https://wiki.diasporafoundation.org/Ins ... this_guide

Pakete installieren die für Diaspora notwendig sind

Code: Select all

sudo apt update && sudo apt install software-properties-common mariadb-server ssh screen mc vim htop ufw build-essential git curl imagemagick libmagickwand-dev nodejs redis-server libssl-dev libcurl4-openssl-dev libxml2-dev libxslt1-dev libgmp-dev libmysqlclient-dev libyaml-dev libsqlite3-dev sqlite3 autoconf libgdbm-dev libncurses5-dev automake bison libffi-dev libreadline6-dev libreadline-dev
Voraussetzung für das Anlegen des TLS Zertifikat installieren

Quelle: https://kofler.info/lets-encrypt-zertif ... ntu-16-04/

Code: Select all

add-apt-repository ppa:certbot/certbot

Code: Select all

apt update && apt install python-certbot-apache
TLS Zertifikat für die Domain anlegen

Code: Select all

sudo certbot --apache
Dialog folgen. Es wird nach E-Mail gefragt und die Lizenz muss akzeptiert werden.

Apache Server anpassen

Code: Select all

vim /etc/apache2/sites-available/000-default-le-ssl.conf
Wenn auf dem Server ausschließlich der Diaspora Pod läuft kann der Inhalt durch folgenden ersetzt und die Domains an die eigene Pod URL angepasst werden.
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerName dorf-post.de
ServerAlias www.dorf-post.de
ServerAdmin diaspora@dorf-post.de

DocumentRoot /home/diaspora/diaspora/public


# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn

ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf

RewriteEngine On

RewriteCond %{HTTP_HOST} !^dorf-post\.de [NC]
RewriteRule ^/(.*)$ https://dorf-post\.de/$1 [L,R,QSA]

RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*)$ balancer://upstream%{REQUEST_URI} [P,QSA,L]

<Proxy balancer://upstream>
BalancerMember http://127.0.0.1:3000
</Proxy>

ProxyRequests Off
ProxyVia On
ProxyPreserveHost On
RequestHeader set X_FORWARDED_PROTO https

<Proxy *>
# Apache < 2.4
#Order allow,deny
#Allow from all
# Apache >= 2.4
Require all granted
</Proxy>

<Directory /home/diaspora/diaspora/public>
Options -MultiViews
# Apache < 2.4
#Allow from all
#AllowOverride all
# Apache >= 2.4
Require all granted
</Directory>

SSLEngine On

Include /etc/letsencrypt/options-ssl-apache.conf


# maybe not needed, need for example for startssl to point to a local
# copy of https://www.startssl.com/certs/class1/s ... ha2.ca.pem
#SSLCertificateChainFile /path/to/chain_file

# Based on https://wiki.mozilla.org/Security/Server_Side_TLS - consider as global configuration
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK
SSLHonorCipherOrder on
SSLCompression off

SSLCertificateFile /etc/letsencrypt/live/dorf-post.de/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/dorf-post.de/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf

</VirtualHost>
</IfModule>
abschließend noch die TLS Zertifikate für die Pod Domain generieren.

Code: Select all

certbot --apache -d dorf-post.de -d www.dorf-post.de
Hinweis: bei wem das generieren der Zertifikate fehlschlägt, der sollte seine Nameserver überprüfen ob die Domian oder Subdomain auch auf die benutze Server IP Adresse zeigt.

Apache Module aktivieren

Code: Select all

sudo a2enmod ssl rewrite headers proxy proxy_http proxy_balancer lbmethod_byrequests slotmem_shm
Datenbank und Datenbankbenutzer anlegen

Quelle: https://wiki.ubuntuusers.de/MySQL/

Code: Select all

mysql -u root -p
Bei MariaDB benötigt man als root in der Shell kein Kennwort, daher einfach mit Enter bestätigen.

Code: Select all

root@dorf-post:~# mysql -u root -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 43
Server version: 10.0.31-MariaDB-0ubuntu0.16.04.2 Ubuntu 16.04

Copyright (c) 2000, 2017, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>
Folgende Befehle der Reihe nach in die MySQL Konsole eingeben und mit Enter bestätigen

Code: Select all

create user 'diaspora'@'localhost' identified by 'P4S5W0Rd';

Code: Select all

grant usage on *.* to 'diaspora'@'localhost' identified by 'P4S5W0Rd';

Code: Select all

grant all privileges on diaspora_production.* to 'diaspora'@'localhost';

Code: Select all

flush privileges; 

Code: Select all

quit;
Webserver neu starten

Code: Select all

sudo service apache2 restart
Diaspora Benutzer anlegen

Code: Select all

sudo adduser --disabled-login diaspora
! Anmelden als Benutzer Diaspora !

Code: Select all

sudo -iu diaspora
Ruby Versions Manager (RVM) installieren

Code: Select all

curl -L https://s.diaspora.software/1t | bash

Code: Select all

gpg --keyserver hkp://keys.gnupg.net --recv-keys 409B6B1796C275462A1703113804BB82D39DC0E3
\curl -sSL https://get.rvm.io | bash -s stable
Die Datei ~/.bashrc editieren

Code: Select all

vim ~/.bashrc
Folgenden Code an das Ende der Datei einfügen (sofern nicht vorhanden) und speichern

Code: Select all

[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm"
Danach alle Terminals zum Server schließen und neu verbinden!

! Erst als Benutzer Diaspora anmelden !

Code: Select all

sudo -iu diaspora
Ruby installieren

Code: Select all

rvm autolibs read-fail

Code: Select all

rvm install 2.4

Diaspora Pod Software herunterladen

Code: Select all

cd ~
git clone -b master https://github.com/diaspora/diaspora.git
cd diaspora
Diaspora Konfigurationsdateien kopieren und anpassen

Code: Select all

cp config/database.yml.example config/database.yml
cp config/diaspora.yml.example config/diaspora.yml

Code: Select all

vim config/database.yml
Datenbank Typ (mysql oder postgresql) und Datenbank Zugangsdaten hinterlegen
#postgresql: &postgresql
# adapter: postgresql
# host: localhost
# port: 5432
# username: postgres
# password:
# encoding: unicode

mysql: &mysql
adapter: mysql2
host: "localhost"
port: 3306
username: "diaspora"
password: "P4S5W0Rd"
# socket: /tmp/mysql.sock
encoding: utf8mb4
collation: utf8mb4_bin


# Comment the postgresql line and uncomment the mysql line
# if you want to use mysql
common: &common
# Choose one of the following
#<<: *postgresql
<<: *mysql

# Should match environment.sidekiq.concurrency
#pool: 25

##################################################
#### CONFIGURE ABOVE #############################
##################################################

# Normally you don't need to touch anything here

combined: &combined
<<: *common
development:
<<: *combined
database: diaspora_development
production:
<<: *combined
database: diaspora_production
test:
<<: *combined
database: "diaspora_test"
integration1:
<<: *combined
database: diaspora_integration1
integration2:
<<: *combined
database: diaspora_integration2

Code: Select all

vim config/diaspora.yml
Beispiel:
configuration: ## Section

## You need to change or at least review the settings in this section
## in order for your pod to work.
environment: ## Section

## Set the hostname of the machine you're running Diaspora on, as seen
## from the internet. This should be the URL you want to use to
## access the pod. So if you plan to use a reverse proxy, it should be
## the URL the proxy listens on. DO NOT CHANGE THIS AFTER INITIAL SETUP!
## However changing http to https is okay and has no consequences.
## If you do change the URL, you will have to start again as the URL
## will be hardcoded into the database.
url: "https://dorf-post.de/"

## Set the bundle of certificate authorities (CA) certificates.
## This is specific to your operating system.
## Examples (uncomment the relevant one or add your own):
## For Debian, Ubuntu, Archlinux, Gentoo (package ca-certificates):
#certificate_authorities: '/etc/ssl/certs/ca-certificates.crt'
## For CentOS, Fedora:
#certificate_authorities: '/etc/pki/tls/certs/ca-bundle.crt'

## URL for a remote Redis (default=localhost).
## Don't forget to restrict IP access if you uncomment these!
#redis: 'redis://example_host'
#redis: 'redis://username:password@host:6379/0'
#redis: 'unix:///tmp/redis.sock'

## Require SSL (default=true).
## When set, your pod will force the use of HTTPS in production mode.
## Since OAuth2 requires SSL, Diaspora's future API might not work if
## you're not using SSL. Also there is no guarantee that posting to
## services will be possible if SSL is disabled.
## Do not change this default unless you are sure!
require_ssl: true


## General settings
settings: ## Section

## Pod name (default="diaspora*")
## The pod name displayed in various locations, including the header.
pod_name: "Dorf Post*"

## Settings affecting how ./script/server behaves.
server: ## Section
## Where the appserver should listen to (default=unix:tmp/diaspora.sock)
#listen: 'unix:tmp/diaspora.sock'
#listen: 'unix:/run/diaspora/diaspora.sock'
listen: '127.0.0.1:3000'

## Set the path for the PID file of the unicorn master process (default=tmp/pids/web.pid)
#pid: 'tmp/pids/web.pid'

## Rails environment (default='development').
## The environment in which the server should be started by default.
## Change this to 'production' if you wish to run a production environment.
#rails_environment: 'development'
rails_environment: 'production'

## Write unicorn stderr and stdout log.
stderr_log: 'log/unicorn-stderr.log'
stdout_log: 'log/unicorn-stdout.log'



## Allow your pod to send emails for notifications, password recovery
## and other purposes (disabled by default).
mail: ## Section

## First you need to enable it.
#enable: true

## Sender address used in mail sent by Diaspora.
#sender_address: 'no-reply@example.org'

## This selects which mailer should be used. Use 'smtp' for a smtp
## connection or 'sendmail' to use the sendmail binary.
#method: 'smtp'

## Ignore if method isn't 'smtp'.
smtp: ## Section

## Host and port of the smtp server handling outgoing mail.
## This should match the common name of the certificate sent by
## the SMTP server, if it sends one. (default port=587)
host: 'xxxxxx.kasserver.com'
port: 587


## Authentication required to send mail (default='plain').
## Use one of 'plain', 'login' or 'cram_md5'. Use 'none'
## if server does not support authentication.
#authentication: 'plain'

## Credentials to log in to the SMTP server.
## May be necessary if authentication is not 'none'.
username: 'US3RN4M3'
password: 'Z3N51RT'


## Automatically enable TLS (default=true).
## Leave this commented out if authentication is set to 'none'.
starttls_auto: true

## The domain for the HELO command, if needed.
domain: 'xxxxxx.kasserver.com'

## OpenSSL verify mode used when connecting to a SMTP server with TLS.
## Set this to 'none' if you have a self-signed certificate. Possible
## values: 'none', 'peer'.
#openssl_verify_mode: 'none'

## Administrator settings
admins: ## Section

## Set the admin account.
## This doesn't make the user an admin but is used when a generic
## admin contact is needed, much like the postmaster role in mail
## systems. Set only the username, NOT the full ID.
#account: "podmaster"

## E-mail address to contact the administrator.
podmin_email: 'diaspora@dorf-post.de'


## Here you can override settings defined above if you need
## to have them different in different environments.
production: ## Section
environment: ## Section
#redis: 'redis://dorf-post.de:6379'[/color]

development: ## Section
environment: ## Section
#redis: 'redis://production.example.org:6379'
Bundle installieren

Code: Select all

gem install bundler

Code: Select all

bin/bundle config --local build.sigar "--with-cppflags='-fgnu89-inline'"

Code: Select all

RAILS_ENV=production bin/bundle install --jobs $(nproc) --deployment --without test development --with mysql

Code: Select all

gem install bundle

Code: Select all

RAILS_ENV=production bin/rake db:create db:migrate

Code: Select all

RAILS_ENV=production bin/rake assets:precompile
Diaspora Server starten

Code: Select all

./script/server
Hinweis: damit der Server auch nach dem schließen der SSH Verbindung weiter läuft muss dieser in einer weiterbestehenden Session gestartet werden. Dies lässt sich mit dem Tool Screen erwirken.

Den Benutzer Diaspora abmelden und als root anmelden

Code: Select all

screen bash

Code: Select all

sudo -iu diaspora

Code: Select all

cd ~/diaspora

Code: Select all

./script/server


Optional

Twitter API generieren und einbinden

Quelle: https://wiki.diasporafoundation.org/Int ... l_networks

Zuerst die Pod spezifischen Zugangsdaten mit dem eigenen Twitter Account erstellen unter https://apps.twitter.com/

Die API Daten anschließend in der ~/diaspora/config/diaspora.yml hinterlegen
## Posting from Diaspora to external services (all are disabled by default).
services: ## Section

## OAuth credentials for Facebook
facebook: ## Section

#enable: true
#app_id: 'abcdef'
#secret: 'change_me'

## This setting is required to define whether the Facebook app has permissions to post
## false == No permissions (default)
## true == Permissions for all users to post. App MUST have 'publish_actions' approved by Facebook!
## "username" == Set to local username to allow a single user to cross-post. The person who has created
## the Facebook app will always be able to cross-post, even without 'publish_actions'.
#authorized: false

## OAuth credentials for Twitter
twitter: ## Section

enable: true
key: 'dasistmeinaccountnimmdeineneigenen'
secret: 'dassindmeinedatenunddieverrateichicht'




Prosody XMPP Server installieren und einbinden

Quelle: https://thomas-leister.de/prosody-xmpp-server-ubuntu/

Prosody installieren

Code: Select all

apt update && apt install prosody lua-dbi-mysql lua-sql-mysql lua-sec
Datenbankbenutzer und Datenbank anlegen

Code: Select all

sudo mysql -u root -p

Code: Select all

create user 'prosody'@'localhost' identified by 'nimmeinvernünftigespasswortohneumlaute';

Code: Select all

create database prosody;

Code: Select all

grant all on prosody.* to 'prosody'@'localhost';

Code: Select all

quit;
Prosody Konfiguration anpassen

Code: Select all

sudo vim /etc/prosody/prosody.cfg.lua
Inhalt anpassen

Code: Select all

pidfile = "/var/run/prosody/prosody.pid"

--
-- Datenbankanbindung
---------------------------------

storage = "sql"

sql = {
    driver = "MySQL";
    database = "prosody";
    host = "localhost";
    username = "prosody";
    password = "nimmeinvernünftigespasswortohneumlaute";
}


Bestehenden Diaspora-Pod updaten

Quelle: https://wiki.diasporafoundation.org/Updating

Login als Diaspora Benutzer in der Shell

Diaspora-pod stoppen

Backup der Datenbank und der Dateien anlegen

Code: Select all

mysqldump -u diaspora -p diaspora_production > db_diaspora_$(date +%Y%m%d).sql

Code: Select all

tar czf diaspora_$(date +%Y%m%d).tar.gz db_diaspora_$(date +%Y%m%d).sql diaspora/
in das Diaspora Verzeichnis wechseln

Code: Select all

cd ~/diaspora

Code: Select all

rvm get latest
git checkout Gemfile.lock
git pull
cd .. && cd -
gem install bundler
bin/bundle
RAILS_ENV=production bin/rake db:migrate
RAILS_ENV=production bin/rake assets:precompile
Server starten

Code: Select all

./script/server

*** Tutorial noch in Arbeit, ab hier ignorieren!!! ***

https://wiki.diasporafoundation.org/Ins ... production

Hastags von anderen PODs synchronisieren:

Datei diaspora im Verzeichnis /etc/logrotate.d/anlegen und folgenden Inhalt einfügen

Code: Select all

/home/diaspora/diaspora/log/*.log {
   notifempty
   copytruncate
   missingok
   compress
   monthly
   delaycompress
   rotate 5
}