From 0fa3fbf55e8522e7c4fd0281082e711f151c60b9 Mon Sep 17 00:00:00 2001 From: Norm Date: Sun, 21 Apr 2024 18:34:38 -0400 Subject: [PATCH] Update OTP install docs to use certbot nginx plugin --- docs/docs/installation/otp_en.md | 49 ++++++++------------------------ 1 file changed, 12 insertions(+), 37 deletions(-) diff --git a/docs/docs/installation/otp_en.md b/docs/docs/installation/otp_en.md index 8a8ae077b..cdd1ba95d 100644 --- a/docs/docs/installation/otp_en.md +++ b/docs/docs/installation/otp_en.md @@ -9,7 +9,7 @@ This guide covers a installation using an OTP release. To install Akkoma from so * For installing OTP releases on RedHat-based distros like Fedora and Centos Stream, please follow [this guide](./otp_redhat_en.md) instead. * A (sub)domain pointed to the machine -You will be running commands as root. If you aren't root already, please elevate your priviledges by executing `sudo su`/`su`. +You will be running commands as root. If you aren't root already, please elevate your priviledges by executing `sudo -i`/`su`. While in theory OTP releases are possbile to install on any compatible machine, for the sake of simplicity this guide focuses only on Debian/Ubuntu and Alpine. @@ -176,11 +176,6 @@ su akkoma -s $SHELL -lc "./bin/pleroma stop" ### Setting up nginx and getting Let's Encrypt SSL certificaties -#### Get a Let's Encrypt certificate -```sh -certbot certonly --standalone --preferred-challenges http -d yourinstance.tld -``` - #### Copy Akkoma nginx configuration to the nginx folder The location of nginx configs is dependent on the distro @@ -209,6 +204,14 @@ $EDITOR path-to-nginx-config # Verify that the config is valid nginx -t ``` + +#### Get a Let's Encrypt certificate +```sh +certbot --nginx -d yourinstance.tld -d media.yourinstance.tld +``` + +If that doesn't work the first time, add `--dry-run` to further attempts to avoid being ratelimited as you identify the issue, and do not remove it until the dry run succeeds. A common source of problems are nginx config syntax errors; this can be checked for by running `nginx -t`. + #### Start nginx === "Alpine" @@ -252,32 +255,19 @@ If everything worked, you should see Akkoma-FE when visiting your domain. If tha ## Post installation ### Setting up auto-renew of the Let's Encrypt certificate -```sh -# Create the directory for webroot challenges -mkdir -p /var/lib/letsencrypt - -# Uncomment the webroot method -$EDITOR path-to-nginx-config - -# Verify that the config is valid -nginx -t -``` === "Alpine" ``` - # Restart nginx - rc-service nginx restart - # Start the cron daemon and make it start on boot rc-service crond start rc-update add crond # Ensure the webroot menthod and post hook is working - certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'rc-service nginx reload' + certbot renew --cert-name yourinstance.tld --nginx --dry-run # Add it to the daily cron echo '#!/bin/sh - certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "rc-service nginx reload" + certbot renew --cert-name yourinstance.tld --nginx ' > /etc/periodic/daily/renew-akkoma-cert chmod +x /etc/periodic/daily/renew-akkoma-cert @@ -286,22 +276,7 @@ nginx -t ``` === "Debian/Ubuntu" - ``` - # Restart nginx - systemctl restart nginx - - # Ensure the webroot menthod and post hook is working - certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'systemctl reload nginx' - - # Add it to the daily cron - echo '#!/bin/sh - certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx" - ' > /etc/cron.daily/renew-akkoma-cert - chmod +x /etc/cron.daily/renew-akkoma-cert - - # If everything worked the output should contain /etc/cron.daily/renew-akkoma-cert - run-parts --test /etc/cron.daily - ``` + This should be automatically enabled with the `certbot-renew.timer` systemd unit. ## Create your first user and set as admin ```sh