mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2024-11-22 19:56:39 +00:00
[documentation] Add section for systemd service and nginx to installation guide (#353)
* add nginx and systemd section * fix typso * fix mkdoc and dots in config guide * specify port * Update nginx.md * add section about configuring gts to nginx docs * Update nginx.md Co-authored-by: zoe <z8V54gHftevp7LeRVyys$8@DosKq^FeQKUWU!WGpTyiLaxGojNdgnWkaWiv673Twg$aPm&hU>
This commit is contained in:
parent
a01b178467
commit
14c472c1ab
|
@ -46,12 +46,12 @@ cp ./example/config.yaml .
|
||||||
|
|
||||||
Now open the file in your text editor of choice so that you can set some important configuration values. Change the following settings:
|
Now open the file in your text editor of choice so that you can set some important configuration values. Change the following settings:
|
||||||
|
|
||||||
* Set `host` to whatever hostname you're going to be running the server on (eg., `example.org`).
|
- Set `host` to whatever hostname you're going to be running the server on (eg., `example.org`).
|
||||||
* Set `port` to `443`.
|
- Set `port` to `443`.
|
||||||
* Set `db-type` to `sqlite`.
|
- Set `db-type` to `sqlite`.
|
||||||
* Set `db-address` to `sqlite.db`.
|
- Set `db-address` to `sqlite.db`.
|
||||||
* Set `storage-local-base-path` to the storage directory you created above (eg., `/gotosocial/storage`).
|
- Set `storage-local-base-path` to the storage directory you created above (eg., `/gotosocial/storage`).
|
||||||
* Set `letsencrypt-cert-dir` to the certificate storage directory you created above (eg., `/gotosocial/storage/certs`).
|
- Set `letsencrypt-cert-dir` to the certificate storage directory you created above (eg., `/gotosocial/storage/certs`).
|
||||||
|
|
||||||
The above options assume you're using SQLite as your database. If you want to use Postgres instead, see [here](../configuration/database.md) for the config options.
|
The above options assume you're using SQLite as your database. If you want to use Postgres instead, see [here](../configuration/database.md) for the config options.
|
||||||
|
|
||||||
|
@ -101,6 +101,42 @@ Replace `some_username` with the username of the account you just created.
|
||||||
|
|
||||||
You should now be able to log in to your instance using the email address and password of the account you just created. We recommend using [Pinafore](https://pinafore.social) or [Tusky](https://tusky.app) for this.
|
You should now be able to log in to your instance using the email address and password of the account you just created. We recommend using [Pinafore](https://pinafore.social) or [Tusky](https://tusky.app) for this.
|
||||||
|
|
||||||
## 7. Install the Admin Control Panel (optional)
|
## 7. Enable the systemd service
|
||||||
|
|
||||||
|
If you don't like manually starting GoToSocial on every boot you might want to create a systemd service that does that for you.
|
||||||
|
First create a new user and group for your gotosocial installation.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo useradd -r gotosocial
|
||||||
|
sudo groupadd gotosocial
|
||||||
|
sudo usermod -a -G gotosocial gotosocial
|
||||||
|
```
|
||||||
|
|
||||||
|
Then make them the owner of your GoToSocial installation since they will need to read and write in it.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo chown -R gotosocial:gotosocial /gotosocial
|
||||||
|
```
|
||||||
|
|
||||||
|
You can find a `gotosocial.service` file in the `example` folder on [github](https://raw.githubusercontent.com/superseriousbusiness/gotosocial/main/example/gotosocial.service) or your installation.
|
||||||
|
Copy it to `/etc/systemd/system/gotosocial.service`.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo cp /gotosocial/example/gotosocial.service /etc/systemd/system/
|
||||||
|
```
|
||||||
|
|
||||||
|
Then use `sudoedit /etc/systemd/system/gotosocial.service` to change the `ExecStart=` and `WorkingDirectory=` lines according to your installation.
|
||||||
|
If you have been following this guide word for word the defaults should be fine.
|
||||||
|
After you're done enable the service.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo systemctl enable --now gotosocial.service
|
||||||
|
```
|
||||||
|
|
||||||
|
## 8. Install the Admin Control Panel (optional)
|
||||||
|
|
||||||
At some point you'll likely want to do things like change instance information, and block domains you don't want to interact with. See the [admin panel](../admin/admin_panel.md) instructions for this.
|
At some point you'll likely want to do things like change instance information, and block domains you don't want to interact with. See the [admin panel](../admin/admin_panel.md) instructions for this.
|
||||||
|
|
||||||
|
## 9. Reverse proxy with nginx (optional)
|
||||||
|
|
||||||
|
If you want to run other webservers on port 433 or simply want to add an additional layer of security you might want to [use nginx as a reverse proxy](./nginx.md).
|
||||||
|
|
113
docs/installation_guide/nginx.md
Normal file
113
docs/installation_guide/nginx.md
Normal file
|
@ -0,0 +1,113 @@
|
||||||
|
# Reverse proxy with nginx
|
||||||
|
|
||||||
|
## Requirements
|
||||||
|
|
||||||
|
For this you will need certbot, the certbot nginx plugin and of course nginx.
|
||||||
|
These are popular packages so your distro will probably have them.
|
||||||
|
|
||||||
|
### Ubuntu
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo apt install certbot python3-certbot-nginx nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
### Arch
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo pacman -S certbot certbot-nginx nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
### OpenSuse
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo zypper install nginx python3-certbot python3-certbot-nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
## Configure GoToSocial
|
||||||
|
|
||||||
|
In your GoToSocial config turn off letsencrypt.
|
||||||
|
First open the file in your text editor.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudoedit /gotosocial/config.yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
Then set `letsencrypt-enabled: false`.
|
||||||
|
|
||||||
|
If GoToSocial is already running, restart it.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo systemctl restart gotosocial.service
|
||||||
|
```
|
||||||
|
|
||||||
|
Or if you don't have a systemd service just restart it manually.
|
||||||
|
|
||||||
|
## Set up nginx
|
||||||
|
|
||||||
|
First we will set up nginx to serve GoToSocial as unsecured http and then later use certbot to automatically upgrade to https.
|
||||||
|
Please do not try to use it until that's done or you'll be transmitting passwords over clear text.
|
||||||
|
|
||||||
|
First we'll write a configuration for nginx and put it in `/etc/nginx/sites-available`.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo mkdir /etc/nginx/sites-available/
|
||||||
|
sudoedit /etc/nginx/sites-available/yourgotosocial.url.conf
|
||||||
|
```
|
||||||
|
|
||||||
|
The file you're about to create should look a bit like this:
|
||||||
|
|
||||||
|
```nginx.conf
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
server_name example.com;
|
||||||
|
location / {
|
||||||
|
proxy_pass http://localhost:8080;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
Change `proxy_pass` to the ip and port that you're actually serving GoToSocial on and change `server_name` to your own domain name.
|
||||||
|
If your domain name is `gotosocial.example.com` then `server_name gotosocial.example.com;` would be the correct value.
|
||||||
|
If you're running GoToSocial on another machine with the local ip of 192.168.178.69 and on port 8080 then `proxy_pass http://192.168.178.69:8080;` would be the correct value.
|
||||||
|
|
||||||
|
Next we'll need to link the file we just created to the folder that nginx reads configurations for active sites from.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo mkdir /etc/nginx/sites-enabled
|
||||||
|
sudo ln -s /etc/nginx/sites-available/yourgotosocial.url.conf /etc/nginx/sites-enabled/
|
||||||
|
```
|
||||||
|
|
||||||
|
Now check for configuration errors.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo nginx -t
|
||||||
|
```
|
||||||
|
|
||||||
|
If everything is fine you should get this as output:
|
||||||
|
|
||||||
|
```
|
||||||
|
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
|
||||||
|
nginx: configuration file /etc/nginx/nginx.conf test is successful
|
||||||
|
```
|
||||||
|
|
||||||
|
Everything working? Great! Then restart nginx to load your new config file.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo systemctl restart nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
## Setting up SSL with certbot
|
||||||
|
|
||||||
|
You should now be able to run certbot and it will guide you through the steps required to enable https for your instance.
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo certbot --nginx
|
||||||
|
```
|
||||||
|
|
||||||
|
After you do, it should have automatically edited your configuration file to enable https.
|
||||||
|
Just reload it one last time and after that you should be good to go!
|
||||||
|
|
||||||
|
```bash
|
||||||
|
sudo systemctl restart nginx
|
||||||
|
```
|
|
@ -17,6 +17,7 @@ nav:
|
||||||
- "installation_guide/index.md"
|
- "installation_guide/index.md"
|
||||||
- "installation_guide/binary.md"
|
- "installation_guide/binary.md"
|
||||||
- "installation_guide/docker.md"
|
- "installation_guide/docker.md"
|
||||||
|
- "installation_guide/nginx.md"
|
||||||
- "Configuration":
|
- "Configuration":
|
||||||
- "configuration/index.md"
|
- "configuration/index.md"
|
||||||
- "configuration/general.md"
|
- "configuration/general.md"
|
||||||
|
|
Loading…
Reference in a new issue