Docs: Revert formatting changes, adapted more notes/warning to mkdocs, rephrased a few phrases
ci/woodpecker/pr/woodpecker Pipeline is pending
Details
ci/woodpecker/pr/woodpecker Pipeline is pending
Details
This commit is contained in:
parent
7cf6b40dc5
commit
457661a316
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
## Transfer config from file to DB.
|
## Transfer config from file to DB.
|
||||||
|
|
||||||
!!! Note
|
!!! note
|
||||||
You need to add the following to your config before executing this command:
|
You need to add the following to your config before executing this command:
|
||||||
|
|
||||||
```elixir
|
```elixir
|
||||||
|
@ -25,7 +25,7 @@
|
||||||
|
|
||||||
## Transfer config from DB to `config/env.exported_from_db.secret.exs`
|
## Transfer config from DB to `config/env.exported_from_db.secret.exs`
|
||||||
|
|
||||||
!!! Note
|
!!! note
|
||||||
In-Database configuration will still be applied after executing this command unless you set the following in your config:
|
In-Database configuration will still be applied after executing this command unless you set the following in your config:
|
||||||
|
|
||||||
```elixir
|
```elixir
|
||||||
|
@ -179,8 +179,8 @@ it may be easier to dump the values to JSON and then modify them in a text edito
|
||||||
|
|
||||||
## Loading specific configuration values from JSON
|
## Loading specific configuration values from JSON
|
||||||
|
|
||||||
**Note:** This will overwrite any existing value in the database, and can
|
!!! note
|
||||||
cause crashes if you do not have exactly the correct formatting.
|
This will overwrite any existing value in the database, and can cause crashes if you do not have exactly the correct formatting.
|
||||||
|
|
||||||
Once you have modified the JSON file, you can load it back into the database.
|
Once you have modified the JSON file, you can load it back into the database.
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
{! administration/CLI_tasks/general_cli_task_info.include !}
|
{! administration/CLI_tasks/general_cli_task_info.include !}
|
||||||
|
|
||||||
!!! Danger
|
!!! danger
|
||||||
These mix tasks can take a long time to complete. Many of them were written to address specific database issues that happened because of bugs in migrations or other specific scenarios. Do not run these tasks "just in case" if everything is fine your instance.
|
These mix tasks can take a long time to complete. Many of them were written to address specific database issues that happened because of bugs in migrations or other specific scenarios. Do not run these tasks "just in case" if everything is fine your instance.
|
||||||
|
|
||||||
## Replace embedded objects with their references
|
## Replace embedded objects with their references
|
||||||
|
@ -99,7 +99,7 @@ Can be safely re-run
|
||||||
|
|
||||||
## Vacuum the database
|
## Vacuum the database
|
||||||
|
|
||||||
!!! Note
|
!!! note
|
||||||
By default, PostgreSQL has an autovacuum daemon running. While the tasks described here can help in some cases, they shouldn't be needed on a regular basis. See [the PostgreSQL docs on vacuuming](https://www.postgresql.org/docs/current/sql-vacuum.html) for more information on this.
|
By default, PostgreSQL has an autovacuum daemon running. While the tasks described here can help in some cases, they shouldn't be needed on a regular basis. See [the PostgreSQL docs on vacuuming](https://www.postgresql.org/docs/current/sql-vacuum.html) for more information on this.
|
||||||
|
|
||||||
### Analyze
|
### Analyze
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
Every command should be ran as the `akkoma` user from its home directory. For example, if you are superuser, you would have to wrap the command in `su akkoma -s $SHELL -lc "$COMMAND"`.
|
Every command should be ran as the `akkoma` user from its home directory. For example, if you are superuser, you would have to wrap the command in `su akkoma -s $SHELL -lc "$COMMAND"`.
|
||||||
|
|
||||||
??? Note "From source note about `MIX_ENV`"
|
??? note "From source note about `MIX_ENV`"
|
||||||
|
|
||||||
The `mix` command should be prefixed with the name of the environment your Akkoma server is running in, usually it's `MIX_ENV=prod`
|
The `mix` command should be prefixed with the name of the environment your Akkoma server is running in, usually it's `MIX_ENV=prod`
|
||||||
|
|
|
@ -3,7 +3,7 @@
|
||||||
If you run Akkoma, you may be inclined to collect metrics to ensure your instance is running smoothly,
|
If you run Akkoma, you may be inclined to collect metrics to ensure your instance is running smoothly,
|
||||||
and that there's nothing quietly failing in the background.
|
and that there's nothing quietly failing in the background.
|
||||||
|
|
||||||
To facilitate this, Akkoma exposes Prometheus metrics to be scrapped.
|
To facilitate this, Akkoma exposes Prometheus metrics to be scraped.
|
||||||
|
|
||||||
## Prometheus
|
## Prometheus
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Akkoma Clients
|
# Akkoma Clients
|
||||||
Note: Additional clients may work, but these are known to work with Akkoma.
|
!!! note
|
||||||
Apps listed here might not support all of Akkoma's features.
|
Additional clients may work, but these are known to work with Akkoma. Apps listed here might not support all of Akkoma's features.
|
||||||
|
|
||||||
## Desktop
|
## Desktop
|
||||||
### Whalebird
|
### Whalebird
|
||||||
|
|
|
@ -130,7 +130,7 @@ To add configuration to your config file, you can copy it from the base config.
|
||||||
## Federation
|
## Federation
|
||||||
### MRF policies
|
### MRF policies
|
||||||
|
|
||||||
!!! Note
|
!!! note
|
||||||
Configuring MRF policies is not enough for them to take effect. You have to enable them by specifying their module in `policies` under [:mrf](#mrf) section.
|
Configuring MRF policies is not enough for them to take effect. You have to enable them by specifying their module in `policies` under [:mrf](#mrf) section.
|
||||||
|
|
||||||
#### :mrf_simple
|
#### :mrf_simple
|
||||||
|
@ -414,7 +414,7 @@ config :pleroma, Pleroma.Web.MediaProxy.Invalidation.Http,
|
||||||
### :rich_media (consumer)
|
### :rich_media (consumer)
|
||||||
* `enabled`: if enabled, the instance will parse metadata from attached links to generate link previews.
|
* `enabled`: if enabled, the instance will parse metadata from attached links to generate link previews.
|
||||||
* `ignore_hosts`: list of hosts which will be ignored by the metadata parser. For example, `["accounts.google.com", "xss.website"]`, defaults to `[]`.
|
* `ignore_hosts`: list of hosts which will be ignored by the metadata parser. For example, `["accounts.google.com", "xss.website"]`, defaults to `[]`.
|
||||||
* `ignore_tld`: list TLDs (top-level domains) which will ignore to parse metadata. Default is ["local", "localdomain", "lan"].
|
* `ignore_tld`: list of TLDs (top-level domains) which will be ignored by the metadata parser. Default is ["local", "localdomain", "lan"].
|
||||||
* `parsers`: list of Rich Media parsers.
|
* `parsers`: list of Rich Media parsers.
|
||||||
* `failure_backoff`: Amount of milliseconds after request failure, during which the request will not be retried.
|
* `failure_backoff`: Amount of milliseconds after request failure, during which the request will not be retried.
|
||||||
|
|
||||||
|
@ -422,7 +422,7 @@ config :pleroma, Pleroma.Web.MediaProxy.Invalidation.Http,
|
||||||
|
|
||||||
### Pleroma.Web.Endpoint
|
### Pleroma.Web.Endpoint
|
||||||
|
|
||||||
!!! Note
|
!!! note
|
||||||
`Phoenix` endpoint configuration, all configuration options can be viewed [here](https://hexdocs.pm/phoenix/Phoenix.Endpoint.html#module-dynamic-configuration), only common options are listed here.
|
`Phoenix` endpoint configuration, all configuration options can be viewed [here](https://hexdocs.pm/phoenix/Phoenix.Endpoint.html#module-dynamic-configuration), only common options are listed here.
|
||||||
|
|
||||||
* `http` - a list containing HTTP protocol configuration, all configuration options can be viewed [here](https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html#module-options), only common options are listed here. For deployment using docker, you need to set this to `[ip: {0,0,0,0}, port: 4000]` to make Akkoma accessible from other containers (such as your NGINX server).
|
* `http` - a list containing HTTP protocol configuration, all configuration options can be viewed [here](https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html#module-options), only common options are listed here. For deployment using docker, you need to set this to `[ip: {0,0,0,0}, port: 4000]` to make Akkoma accessible from other containers (such as your NGINX server).
|
||||||
|
@ -456,7 +456,7 @@ This will make Akkoma listen on `127.0.0.1` port `8080` and generate URLs starti
|
||||||
|
|
||||||
### Pleroma.Web.Plugs.RemoteIp
|
### Pleroma.Web.Plugs.RemoteIp
|
||||||
|
|
||||||
!!! Warning
|
!!! warning
|
||||||
If your instance is not behind at least one reverse proxy, you should not enable this plug.
|
If your instance is not behind at least one reverse proxy, you should not enable this plug.
|
||||||
|
|
||||||
`Pleroma.Web.Plugs.RemoteIp` is a shim to call [`RemoteIp`](https://git.pleroma.social/pleroma/remote_ip) but with runtime configuration.
|
`Pleroma.Web.Plugs.RemoteIp` is a shim to call [`RemoteIp`](https://git.pleroma.social/pleroma/remote_ip) but with runtime configuration.
|
||||||
|
@ -470,7 +470,7 @@ Available options:
|
||||||
|
|
||||||
### :rate_limit
|
### :rate_limit
|
||||||
|
|
||||||
!!! Note
|
!!! note
|
||||||
If your instance is behind a reverse proxy, ensure [`Pleroma.Web.Plugs.RemoteIp`](#pleroma-plugs-remoteip) is enabled (it is enabled by default).
|
If your instance is behind a reverse proxy, ensure [`Pleroma.Web.Plugs.RemoteIp`](#pleroma-plugs-remoteip) is enabled (it is enabled by default).
|
||||||
|
|
||||||
A keyword list of rate limiters, where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where:
|
A keyword list of rate limiters, where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where:
|
||||||
|
@ -561,7 +561,7 @@ the source code is here: [kocaptcha](https://github.com/koto-bank/kocaptcha). Th
|
||||||
* `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation.
|
* `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation.
|
||||||
* `filename_display_max_length`: Set max length of a filename to display. 0 = no limit. Default: 30.
|
* `filename_display_max_length`: Set max length of a filename to display. 0 = no limit. Default: 30.
|
||||||
|
|
||||||
!!! Warning
|
!!! warning
|
||||||
`strip_exif` has been replaced by `Pleroma.Upload.Filter.Mogrify`.
|
`strip_exif` has been replaced by `Pleroma.Upload.Filter.Mogrify`.
|
||||||
|
|
||||||
### Uploaders
|
### Uploaders
|
||||||
|
@ -620,9 +620,9 @@ No specific configuration.
|
||||||
## Email
|
## Email
|
||||||
|
|
||||||
### Pleroma.Emails.Mailer
|
### Pleroma.Emails.Mailer
|
||||||
* `adapter`: one of the mail adapters listed in [Swoosh README](https://github.com/swoosh/swoosh#adapters), or `Swoosh.Adapters.Local` for in-memory mailbox.
|
* `adapter`: One of the mail adapters listed in [Swoosh README](https://github.com/swoosh/swoosh#adapters), or `Swoosh.Adapters.Local` for in-memory mailbox.
|
||||||
* `api_key` / `password` and / or other adapter-specific settings, per the above documentation.
|
* `api_key` / `password` and / or other adapter-specific settings, per the above documentation.
|
||||||
* `enabled`: Allows to enable/disable send emails. Default: `false`.
|
* `enabled`: Allows your instance to send emails. Default: `false`.
|
||||||
|
|
||||||
An example for SendGrid adapter:
|
An example for SendGrid adapter:
|
||||||
|
|
||||||
|
@ -789,7 +789,7 @@ config :logger, :ex_syslogger,
|
||||||
|
|
||||||
### RUM indexing for full text search
|
### RUM indexing for full text search
|
||||||
|
|
||||||
!!! Warning
|
!!! warning
|
||||||
It is recommended to use PostgreSQL v11 or newer. We have seen some minor issues with lower PostgreSQL versions.
|
It is recommended to use PostgreSQL v11 or newer. We have seen some minor issues with lower PostgreSQL versions.
|
||||||
|
|
||||||
* `rum_enabled`: If RUM indexes should be used. Defaults to `false`.
|
* `rum_enabled`: If RUM indexes should be used. Defaults to `false`.
|
||||||
|
@ -826,7 +826,8 @@ or
|
||||||
curl -H "X-Admin-Token: somerandomtoken" "http://localhost:4000/api/v1/pleroma/admin/users/invites"
|
curl -H "X-Admin-Token: somerandomtoken" "http://localhost:4000/api/v1/pleroma/admin/users/invites"
|
||||||
```
|
```
|
||||||
|
|
||||||
Warning: it's discouraged to use this feature because of the associated security risk: static / rarely changed instance-wide token is much weaker compared to email-password pair of a real admin user; consider using HTTP Basic Auth or OAuth-based authentication instead.
|
!!! warning
|
||||||
|
It's discouraged to use this feature because of the associated security risk: static / rarely changed instance-wide token is much weaker compared to email-password pair of a real admin user; consider using HTTP Basic Auth or OAuth-based authentication instead.
|
||||||
|
|
||||||
### :auth
|
### :auth
|
||||||
|
|
||||||
|
@ -883,13 +884,13 @@ OAuth 2.0 provider and related endpoints:
|
||||||
OAuth's consumer mode allows sign in / sign up via external OAuth providers (e.g. Twitter, Facebook, Google, Microsoft, etc.).
|
OAuth's consumer mode allows sign in / sign up via external OAuth providers (e.g. Twitter, Facebook, Google, Microsoft, etc.).
|
||||||
Implementation is based on Überauth; see the list of [available strategies](https://github.com/ueberauth/ueberauth/wiki/List-of-Strategies).
|
Implementation is based on Überauth; see the list of [available strategies](https://github.com/ueberauth/ueberauth/wiki/List-of-Strategies).
|
||||||
|
|
||||||
!!! Note
|
!!! note
|
||||||
Each strategy is shipped as a separate dependency; in order to get the strategies, run `OAUTH_CONSUMER_STRATEGIES="..." mix deps.get`, e.g. `OAUTH_CONSUMER_STRATEGIES="twitter facebook google microsoft" mix deps.get`. The server should also be started with `OAUTH_CONSUMER_STRATEGIES="..." mix phx.server` in case you enable any strategies.
|
Each strategy is shipped as a separate dependency; in order to get the strategies, run `OAUTH_CONSUMER_STRATEGIES="..." mix deps.get`, e.g. `OAUTH_CONSUMER_STRATEGIES="twitter facebook google microsoft" mix deps.get`. The server should also be started with `OAUTH_CONSUMER_STRATEGIES="..." mix phx.server` in case you enable any strategies.
|
||||||
|
|
||||||
!!! Note
|
!!! note
|
||||||
Each strategy requires separate setup (on external provider side and Akkoma side). Below are the guidelines on setting up most popular strategies.
|
Each strategy requires separate setup (on external provider side and Akkoma side). Below are the guidelines on setting up most popular strategies.
|
||||||
|
|
||||||
!!! Note
|
!!! note
|
||||||
Make sure that `"SameSite=Lax"` is set in `extra_cookie_attrs` when you have this feature enabled. OAuth's consumer mode will not work with `"SameSite=Strict"`
|
Make sure that `"SameSite=Lax"` is set in `extra_cookie_attrs` when you have this feature enabled. OAuth's consumer mode will not work with `"SameSite=Strict"`
|
||||||
|
|
||||||
* For Twitter, [register an app](https://developer.twitter.com/en/apps), configure callback URL to https://<your_host>/oauth/twitter/callback
|
* For Twitter, [register an app](https://developer.twitter.com/en/apps), configure callback URL to https://<your_host>/oauth/twitter/callback
|
||||||
|
@ -1070,7 +1071,7 @@ Control favicons for instances.
|
||||||
|
|
||||||
## Pleroma.User.Backup
|
## Pleroma.User.Backup
|
||||||
|
|
||||||
!!! Note
|
!!! note
|
||||||
Requires enabled email
|
Requires enabled email
|
||||||
|
|
||||||
* `:purge_after_days` an integer, remove backup archives after N days.
|
* `:purge_after_days` an integer, remove backup archives after N days.
|
||||||
|
|
|
@ -42,7 +42,8 @@ The configuration of Akkoma (and Pleroma) has traditionally been managed with a
|
||||||
config :pleroma, configurable_from_database: true
|
config :pleroma, configurable_from_database: true
|
||||||
```
|
```
|
||||||
|
|
||||||
4. ⚠️ **THIS IS NOT REQUIRED** ⚠️
|
!!! note
|
||||||
|
This step is not required
|
||||||
|
|
||||||
Now you can edit your config file and strip it down to the only settings which are not possible to control in the database. e.g., the PostgreSQL (Repo) and webserver (Endpoint) settings cannot be controlled in the database because the application needs the settings to start up and access the database.
|
Now you can edit your config file and strip it down to the only settings which are not possible to control in the database. e.g., the PostgreSQL (Repo) and webserver (Endpoint) settings cannot be controlled in the database because the application needs the settings to start up and access the database.
|
||||||
|
|
||||||
|
|
|
@ -32,7 +32,8 @@ Check the output of the query, and see if it matches your expectation.
|
||||||
mix pleroma.database set_text_search_config YOUR.CONFIG
|
mix pleroma.database set_text_search_config YOUR.CONFIG
|
||||||
```
|
```
|
||||||
|
|
||||||
Note: index update may take a while, and it can be done while the instance is up and running, so you may restart db connection as soon as you see `Recreate index` in task output.
|
!!! note
|
||||||
|
Index update may take a while, and it can be done while the instance is up and running, so you may restart db connection as soon as you see `Recreate index` in task output.
|
||||||
|
|
||||||
## Restart database connection
|
## Restart database connection
|
||||||
Since some changes above will only apply with a new database connection, you will have to restart either Akkoma or PostgreSQL process, or use `pg_terminate_backend` SQL command without restarting either.
|
Since some changes above will only apply with a new database connection, you will have to restart either Akkoma or PostgreSQL process, or use `pg_terminate_backend` SQL command without restarting either.
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# How to set rich media cache TTL based on image TTL
|
# How to set rich media cache TTL based on image TTL
|
||||||
## Explanation
|
## Explanation
|
||||||
|
|
||||||
Richmedia are cached without the TTL, but the rich media may have image which can expire, like AWS-signed URL.
|
Rich media is cached without the TTL, but the rich media may have an image which can expire, like AWS-signed URL.
|
||||||
In such cases, the old image URL (expired) is returned from the media cache.
|
In such cases, the old image URL (expired) is returned from the media cache.
|
||||||
|
|
||||||
So, to avoid such situation, we can define a module that will set TTL based on image.
|
So, to avoid such situation, we can define a module that will set TTL based on image.
|
||||||
|
|
|
@ -15,7 +15,8 @@ One using the config, and one using external software (fedproxy). The external s
|
||||||
|
|
||||||
### Using the Config
|
### Using the Config
|
||||||
|
|
||||||
**Warning:** So far, everytime I followed this way of federating using I2P, the rest of my federation stopped working. I'm leaving this here in case it will help with making it work.
|
!!! warning
|
||||||
|
So far, everytime I followed this way of federating using I2P, the rest of my federation stopped working. I'm leaving this here in case it will help with making it work.
|
||||||
|
|
||||||
Assuming you're running in prod, `cd` to your Akkoma folder and append the following to `config/prod.secret.exs`:
|
Assuming you're running in prod, `cd` to your Akkoma folder and append the following to `config/prod.secret.exs`:
|
||||||
```
|
```
|
||||||
|
|
|
@ -12,7 +12,8 @@ To install Tor on Debian / Ubuntu:
|
||||||
apt -yq install tor
|
apt -yq install tor
|
||||||
```
|
```
|
||||||
|
|
||||||
**WARNING:** Onion instances not using a Tor version supporting V3 addresses will not be able to federate with you.
|
!!! warning
|
||||||
|
Onion instances not using a Tor version supporting V3 addresses will not be able to federate with you.
|
||||||
|
|
||||||
Create the hidden service for your Akkoma instance in `/etc/tor/torrc`, with an HTTP tunnel:
|
Create the hidden service for your Akkoma instance in `/etc/tor/torrc`, with an HTTP tunnel:
|
||||||
```
|
```
|
||||||
|
|
|
@ -124,7 +124,8 @@ depends on the amount of text in posts.
|
||||||
|
|
||||||
## Elasticsearch
|
## Elasticsearch
|
||||||
|
|
||||||
**Note: This requires at least Elasticsearch 7**
|
!!! note
|
||||||
|
This requires at least Elasticsearch 7
|
||||||
|
|
||||||
As with Meilisearch, this can be rather memory-hungry, but it is very good at what it does.
|
As with Meilisearch, this can be rather memory-hungry, but it is very good at what it does.
|
||||||
|
|
||||||
|
|
|
@ -66,7 +66,7 @@ config :pleroma, :frontend_configurations,
|
||||||
|
|
||||||
## Logo
|
## Logo
|
||||||
|
|
||||||
!!! Important
|
!!! important
|
||||||
Note the extra `static` folder for the default logo.png location
|
Note the extra `static` folder for the default logo.png location
|
||||||
|
|
||||||
If you want to give a brand to your instance, you can change the logo of your instance by uploading it to the static directory `$static_dir/static/logo.png`.
|
If you want to give a brand to your instance, you can change the logo of your instance by uploading it to the static directory `$static_dir/static/logo.png`.
|
||||||
|
@ -84,7 +84,7 @@ config :pleroma, :frontend_configurations,
|
||||||
|
|
||||||
## Terms of Service
|
## Terms of Service
|
||||||
|
|
||||||
!!! Important
|
!!! important
|
||||||
Note the extra `static` folder for the terms-of-service.html
|
Note the extra `static` folder for the terms-of-service.html
|
||||||
|
|
||||||
Terms of Service will be shown to all users on the registration page. It's the best place where to write down the rules for your instance. You can modify the rules by adding and changing `$static_dir/static/terms-of-service.html`.
|
Terms of Service will be shown to all users on the registration page. It's the best place where to write down the rules for your instance. You can modify the rules by adding and changing `$static_dir/static/terms-of-service.html`.
|
||||||
|
|
|
@ -151,7 +151,8 @@ Backwards-compatibility for admin API endpoints without version prefixes (`/api/
|
||||||
|
|
||||||
## `GET /api/v1/pleroma/admin/users/:nickname/permission_group/:permission_group`
|
## `GET /api/v1/pleroma/admin/users/:nickname/permission_group/:permission_group`
|
||||||
|
|
||||||
Note: Available `:permission_group` is currently moderator and admin. 404 is returned when the permission group doesn’t exist.
|
!!! note
|
||||||
|
Available `:permission_group` is currently moderator and admin. 404 is returned when the permission group doesn’t exist.
|
||||||
|
|
||||||
### Get user permission groups membership per permission group
|
### Get user permission groups membership per permission group
|
||||||
|
|
||||||
|
@ -363,8 +364,8 @@ Removes the user(s) from follower recommendations.
|
||||||
|
|
||||||
### Delete all users and activities from a remote instance
|
### Delete all users and activities from a remote instance
|
||||||
|
|
||||||
Note: this will trigger a job to remove instance content in the background.
|
!!! note
|
||||||
It may take some time.
|
This will trigger a job to remove instance content in the background. It may take some time.
|
||||||
|
|
||||||
- Params:
|
- Params:
|
||||||
- `instance`: remote instance host
|
- `instance`: remote instance host
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
**Note:** Akkoma documentation is still being updated, so you may still see references to Pleroma in many places.
|
!!! note
|
||||||
|
Akkoma documentation is still being updated, so you may still see references to Pleroma in many places.
|
||||||
|
|
||||||
# Introduction to Akkoma
|
# Introduction to Akkoma
|
||||||
## What is Akkoma?
|
## What is Akkoma?
|
||||||
|
|
|
@ -111,7 +111,8 @@ su akkoma -s $SHELL -lc "./bin/pleroma stop"
|
||||||
## Setting up a system service
|
## Setting up a system service
|
||||||
OTP releases have different service files than from-source installs, so they need to be copied over again.
|
OTP releases have different service files than from-source installs, so they need to be copied over again.
|
||||||
|
|
||||||
**Warning:** The service files assume Akkoma user's home directory is `/opt/akkoma`, please make sure all paths fit your installation.
|
!!! warning
|
||||||
|
The service files assume Akkoma user's home directory is `/opt/akkoma`, please make sure all paths fit your installation.
|
||||||
|
|
||||||
=== "Alpine"
|
=== "Alpine"
|
||||||
```sh
|
```sh
|
||||||
|
|
|
@ -35,9 +35,9 @@ pkg_add ffmpeg p5-Image-ExifTool
|
||||||
Akkoma will be run by a dedicated user, `_akkoma`. Before creating it, insert the following lines in `/etc/login.conf`:
|
Akkoma will be run by a dedicated user, `_akkoma`. Before creating it, insert the following lines in `/etc/login.conf`:
|
||||||
```
|
```
|
||||||
akkoma:\
|
akkoma:\
|
||||||
:datasize-max=1536M:\
|
:datasize-max=1536M:\
|
||||||
:datasize-cur=1536M:\
|
:datasize-cur=1536M:\
|
||||||
:openfiles-max=4096
|
:openfiles-max=4096
|
||||||
```
|
```
|
||||||
This creates a `akkoma` login class and sets higher values than default for datasize and openfiles (see [login.conf(5)](https://man.openbsd.org/login.conf)), this is required to avoid having akkoma crash some time after starting.
|
This creates a `akkoma` login class and sets higher values than default for datasize and openfiles (see [login.conf(5)](https://man.openbsd.org/login.conf)), this is required to avoid having akkoma crash some time after starting.
|
||||||
|
|
||||||
|
@ -80,20 +80,20 @@ ext_inet="<IPv4 address>"
|
||||||
ext_inet6="<IPv6 address>"
|
ext_inet6="<IPv6 address>"
|
||||||
|
|
||||||
server "default" {
|
server "default" {
|
||||||
listen on $ext_inet port 80 # Comment to disable listening on IPv4
|
listen on $ext_inet port 80 # Comment to disable listening on IPv4
|
||||||
listen on $ext_inet6 port 80 # Comment to disable listening on IPv6
|
listen on $ext_inet6 port 80 # Comment to disable listening on IPv6
|
||||||
listen on 127.0.0.1 port 80 # Do NOT comment this line
|
listen on 127.0.0.1 port 80 # Do NOT comment this line
|
||||||
|
|
||||||
log syslog
|
log syslog
|
||||||
directory no index
|
directory no index
|
||||||
|
|
||||||
location "/.well-known/acme-challenge/*" {
|
location "/.well-known/acme-challenge/*" {
|
||||||
root "/acme"
|
root "/acme"
|
||||||
request strip 2
|
request strip 2
|
||||||
}
|
}
|
||||||
|
|
||||||
location "/robots.txt" { root "/htdocs/local/" }
|
location "/robots.txt" { root "/htdocs/local/" }
|
||||||
location "/*" { block return 302 "https://$HTTP_HOST$REQUEST_URI" }
|
location "/*" { block return 302 "https://$HTTP_HOST$REQUEST_URI" }
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
Do not forget to change *<IPv4/6 address\>* to your server's address(es). If httpd should only listen on one protocol family, comment one of the two first *listen* options.
|
Do not forget to change *<IPv4/6 address\>* to your server's address(es). If httpd should only listen on one protocol family, comment one of the two first *listen* options.
|
||||||
|
@ -114,17 +114,17 @@ Insert the following configuration in `/etc/acme-client.conf`:
|
||||||
#
|
#
|
||||||
|
|
||||||
authority letsencrypt-<domain name> {
|
authority letsencrypt-<domain name> {
|
||||||
#agreement url "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
|
#agreement url "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"
|
||||||
api url "https://acme-v02.api.letsencrypt.org/directory"
|
api url "https://acme-v02.api.letsencrypt.org/directory"
|
||||||
account key "/etc/acme/letsencrypt-privkey-<domain name>.pem"
|
account key "/etc/acme/letsencrypt-privkey-<domain name>.pem"
|
||||||
}
|
}
|
||||||
|
|
||||||
domain <domain name> {
|
domain <domain name> {
|
||||||
domain key "/etc/ssl/private/<domain name>.key"
|
domain key "/etc/ssl/private/<domain name>.key"
|
||||||
domain certificate "/etc/ssl/<domain name>.crt"
|
domain certificate "/etc/ssl/<domain name>.crt"
|
||||||
domain full chain certificate "/etc/ssl/<domain name>.fullchain.pem"
|
domain full chain certificate "/etc/ssl/<domain name>.fullchain.pem"
|
||||||
sign with letsencrypt-<domain name>
|
sign with letsencrypt-<domain name>
|
||||||
challengedir "/var/www/acme/"
|
challengedir "/var/www/acme/"
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
Replace *<domain name\>* by the domain name you'll use for your instance. As root, run `acme-client -n` to check the config, then `acme-client -ADv <domain name>` to create account and domain keys, and request a certificate for the first time.
|
Replace *<domain name\>* by the domain name you'll use for your instance. As root, run `acme-client -n` to check the config, then `acme-client -ADv <domain name>` to create account and domain keys, and request a certificate for the first time.
|
||||||
|
@ -137,8 +137,8 @@ ln -s /etc/ssl/private/<domain name>.key /etc/ssl/private/<IP address>.key
|
||||||
```
|
```
|
||||||
This will have to be done for each IPv4 and IPv6 address relayd listens on.
|
This will have to be done for each IPv4 and IPv6 address relayd listens on.
|
||||||
|
|
||||||
#### relayd
|
#### Relayd
|
||||||
relayd will be used as the reverse proxy sitting in front of Akkoma.
|
Relayd will be used as the reverse proxy sitting in front of Akkoma.
|
||||||
Insert the following configuration in `/etc/relayd.conf`:
|
Insert the following configuration in `/etc/relayd.conf`:
|
||||||
```
|
```
|
||||||
# $OpenBSD: relayd.conf,v 1.4 2018/03/23 09:55:06 claudio Exp $
|
# $OpenBSD: relayd.conf,v 1.4 2018/03/23 09:55:06 claudio Exp $
|
||||||
|
@ -150,42 +150,42 @@ table <akkoma_server> { 127.0.0.1 }
|
||||||
table <httpd_server> { 127.0.0.1 }
|
table <httpd_server> { 127.0.0.1 }
|
||||||
|
|
||||||
http protocol plerup { # Protocol for upstream akkoma server
|
http protocol plerup { # Protocol for upstream akkoma server
|
||||||
#tcp { nodelay, sack, socket buffer 65536, backlog 128 } # Uncomment and adjust as you see fit
|
#tcp { nodelay, sack, socket buffer 65536, backlog 128 } # Uncomment and adjust as you see fit
|
||||||
tls ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305"
|
tls ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305"
|
||||||
tls ecdhe secp384r1
|
tls ecdhe secp384r1
|
||||||
|
|
||||||
# Forward some paths to the local server (as akkoma won't respond to them as you might want)
|
# Forward some paths to the local server (as akkoma won't respond to them as you might want)
|
||||||
pass request quick path "/robots.txt" forward to <httpd_server>
|
pass request quick path "/robots.txt" forward to <httpd_server>
|
||||||
|
|
||||||
# Append a bunch of headers
|
# Append a bunch of headers
|
||||||
match request header append "X-Forwarded-For" value "$REMOTE_ADDR" # This two header and the next one are not strictly required by akkoma but adding them won't hurt
|
match request header append "X-Forwarded-For" value "$REMOTE_ADDR" # This two header and the next one are not strictly required by akkoma but adding them won't hurt
|
||||||
match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
|
match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
|
||||||
|
|
||||||
match response header append "X-XSS-Protection" value "0"
|
match response header append "X-XSS-Protection" value "0"
|
||||||
match response header append "X-Permitted-Cross-Domain-Policies" value "none"
|
match response header append "X-Permitted-Cross-Domain-Policies" value "none"
|
||||||
match response header append "X-Frame-Options" value "DENY"
|
match response header append "X-Frame-Options" value "DENY"
|
||||||
match response header append "X-Content-Type-Options" value "nosniff"
|
match response header append "X-Content-Type-Options" value "nosniff"
|
||||||
match response header append "Referrer-Policy" value "same-origin"
|
match response header append "Referrer-Policy" value "same-origin"
|
||||||
match response header append "Content-Security-Policy" value "default-src 'none'; base-uri 'none'; form-action 'self'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://CHANGEME.tld; upgrade-insecure-requests;" # Modify "CHANGEME.tld" and set your instance's domain here
|
match response header append "Content-Security-Policy" value "default-src 'none'; base-uri 'none'; form-action 'self'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://CHANGEME.tld; upgrade-insecure-requests;" # Modify "CHANGEME.tld" and set your instance's domain here
|
||||||
match request header append "Connection" value "upgrade"
|
match request header append "Connection" value "upgrade"
|
||||||
#match response header append "Strict-Transport-Security" value "max-age=63072000; includeSubDomains; preload" # Uncomment this only after you get HTTPS working.
|
#match response header append "Strict-Transport-Security" value "max-age=63072000; includeSubDomains; preload" # Uncomment this only after you get HTTPS working.
|
||||||
|
|
||||||
# If you do not want remote frontends to be able to access your Akkoma backend server, comment these lines
|
# If you do not want remote frontends to be able to access your Akkoma backend server, comment these lines
|
||||||
match response header append "Access-Control-Allow-Origin" value "*"
|
match response header append "Access-Control-Allow-Origin" value "*"
|
||||||
match response header append "Access-Control-Allow-Methods" value "POST, PUT, DELETE, GET, PATCH, OPTIONS"
|
match response header append "Access-Control-Allow-Methods" value "POST, PUT, DELETE, GET, PATCH, OPTIONS"
|
||||||
match response header append "Access-Control-Allow-Headers" value "Authorization, Content-Type, Idempotency-Key"
|
match response header append "Access-Control-Allow-Headers" value "Authorization, Content-Type, Idempotency-Key"
|
||||||
match response header append "Access-Control-Expose-Headers" value "Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id"
|
match response header append "Access-Control-Expose-Headers" value "Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id"
|
||||||
# Stop commenting lines here
|
# Stop commenting lines here
|
||||||
}
|
}
|
||||||
|
|
||||||
relay wwwtls {
|
relay wwwtls {
|
||||||
listen on $ext_inet port https tls # Comment to disable listening on IPv4
|
listen on $ext_inet port https tls # Comment to disable listening on IPv4
|
||||||
listen on $ext_inet6 port https tls # Comment to disable listening on IPv6
|
listen on $ext_inet6 port https tls # Comment to disable listening on IPv6
|
||||||
|
|
||||||
protocol plerup
|
protocol plerup
|
||||||
|
|
||||||
forward to <akkoma_server> port 4000 check http "/" code 200
|
forward to <akkoma_server> port 4000 check http "/" code 200
|
||||||
forward to <httpd_server> port 80 check http "/robots.txt" code 200
|
forward to <httpd_server> port 80 check http "/robots.txt" code 200
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
Again, change *<IPv4/6 address\>* to your server's address(es) and comment one of the two *listen* options if needed. Also change *wss://CHANGEME.tld* to *wss://<your instance's domain name\>*.
|
Again, change *<IPv4/6 address\>* to your server's address(es) and comment one of the two *listen* options if needed. Also change *wss://CHANGEME.tld* to *wss://<your instance's domain name\>*.
|
||||||
|
|
|
@ -7,7 +7,8 @@ For specific Pleroma functionality (which is disabled by default) some or all of
|
||||||
|
|
||||||
Please refer to documentation in `docs/installation` on how to install them on specific OS.
|
Please refer to documentation in `docs/installation` on how to install them on specific OS.
|
||||||
|
|
||||||
Note: the packages are not required with the current default settings of Pleroma.
|
!!! note
|
||||||
|
The packages are not required with the current default settings of Pleroma.
|
||||||
|
|
||||||
## `ImageMagick`
|
## `ImageMagick`
|
||||||
|
|
||||||
|
|
|
@ -75,7 +75,7 @@ Per [`docs/installation/optional/media_graphics_packages.md`](optional/media_gra
|
||||||
### Configuring PostgreSQL
|
### Configuring PostgreSQL
|
||||||
#### (Optional) Installing RUM indexes
|
#### (Optional) Installing RUM indexes
|
||||||
|
|
||||||
!!! Warning
|
!!! warning
|
||||||
It is recommended to use PostgreSQL v11 or newer. We have seen some minor issues with lower PostgreSQL versions.
|
It is recommended to use PostgreSQL v11 or newer. We have seen some minor issues with lower PostgreSQL versions.
|
||||||
|
|
||||||
RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. You can read more about them on the [Configuration page](../configuration/cheatsheet.md#rum-indexing-for-full-text-search). They are completely optional and most of the time are not worth it, especially if you are running a single user instance (unless you absolutely need ordered search results).
|
RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. You can read more about them on the [Configuration page](../configuration/cheatsheet.md#rum-indexing-for-full-text-search). They are completely optional and most of the time are not worth it, especially if you are running a single user instance (unless you absolutely need ordered search results).
|
||||||
|
|
|
@ -10,7 +10,8 @@ However, you may compile your own OTP release from scratch. This is particularly
|
||||||
|
|
||||||
In order to compile a RedHat-compatible OTP release, you will need to run a Red Hat Linux distribution. This guide will assume you run Fedora 36, though it should also work on older Fedora releases and other Red Hat distributions. It also assumes that you have administrative rights and sufficient knowledge on how to perform common CLI tasks in Linux. If you want to run this guide with root, ignore the `sudo` at the beginning of the lines.
|
In order to compile a RedHat-compatible OTP release, you will need to run a Red Hat Linux distribution. This guide will assume you run Fedora 36, though it should also work on older Fedora releases and other Red Hat distributions. It also assumes that you have administrative rights and sufficient knowledge on how to perform common CLI tasks in Linux. If you want to run this guide with root, ignore the `sudo` at the beginning of the lines.
|
||||||
|
|
||||||
Important: keep in mind that you must build your OTP release for the specific Red Hat distribution you wish to use it on. A build on Fedora will only be compatible with a specific Fedora release version.
|
!!! important
|
||||||
|
Keep in mind that you must build your OTP release for the specific Red Hat distribution you wish to use it on. A build on Fedora will only be compatible with a specific Fedora release version.
|
||||||
|
|
||||||
## Building an OTP release for Fedora 36
|
## Building an OTP release for Fedora 36
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue