From 9112eda14ffa203eeca1d129d6739840f684569d Mon Sep 17 00:00:00 2001
From: Henry Jameson <me@hjkos.com>
Date: Tue, 8 Aug 2017 02:41:36 +0300
Subject: [PATCH] First attempt at installation documentation

---
 README.md                    | 74 +++++++++++++++++++++++++++++++++---
 installation/pleroma.nginx   | 26 +++++++++++++
 installation/pleroma.service | 16 ++++++++
 3 files changed, 111 insertions(+), 5 deletions(-)
 create mode 100644 installation/pleroma.nginx
 create mode 100644 installation/pleroma.service

diff --git a/README.md b/README.md
index 3ccc175fa..620b3ea1d 100644
--- a/README.md
+++ b/README.md
@@ -1,12 +1,76 @@
 # Pleroma
 
-To start your Phoenix server:
+## Installation
 
-  * Install dependencies with `mix deps.get`
-  * Create and migrate your database with `mix ecto.create && mix ecto.migrate`
-  * Start Phoenix endpoint with `mix phx.server`
+### Dependencies
+
+* Postgresql version 9.5 or newer
+* Elixir version 1.4 or newer
+* NodeJS LTS 
+
+#### Installing dependencies on Debian system
+PostgreSQL 9.6 should be available on debian stable (Jessie) from "main" area. Install it using apt: `apt install postgresql-9.6`. Make sure that `postgresql-9.5` or older is not installed, for some strange reason debian allows multiple versions to coexist, what effect it has - i don't know.
+
+You must install elixir 1.4+ from elixir-lang.org, because Debian repos only have 1.3.x version. You will need to add apt repo to sources.list(.d) and import GPG key. Follow instructions here: https://elixir-lang.org/install.html#unix-and-unix-like (See "Ubuntu or Debian 7"). This should be valid until Debian updates elixir in their repositories. Package you want is named `elixir`, so install it using `apt install elixir`
+
+NodeJS is available as `nodejs` package on debian. `apt install nodejs`. Debian stable has 4.8.x version. If that does not work, use nodesource's repo https://github.com/nodesource/distributions#deb - version 5.x confirmed to work.
+
+### Preparation
+
+  * You probably want application to run as separte user - so create a new one: `adduser pleroma`
+  * Clone the git repository into new user's dir (clone as the user to avoid permissions errors)
+  * Again, as new user, install dependencies with `mix deps.get` if it asks you to install "hex" - agree to that.
+
+### Database preparation
+
+  * You'll need to allow password-based authorisation for `postgres` superuser
+     * changing default password for superuser is probably a good idea:
+        * Open psql shell as postgres user: (as root) `su postgres -c psql`
+        * There, enter following: `ALTER USER postgres with encrypted password '<YOUR SECURE PASSWORD>';`
+        * Replace password in file `config/dev.exs` with password you supplied in previous step (look for line like `password: "postgres"`)
+     
+     * edit `/etc/postgresql/9.6/main/pg_hba.conf` (Assuming you have 9.6 version) and change the line:
+     ```
+     local   all             postgres                                peer
+     ```
+     to
+     ```
+     local   all             postgres                                md5
+     ```
+  * Create and migrate your database with `mix ecto.create && mix ecto.migrate`. If it gives errors, try running again, it should be ok.
+  * You most likely don't want having some application accessing database as superuser, so we need to create separate user for that. For now it's done manually (issue #27).
+     * Revert `/etc/postgresql/9.6/main/pg_hba.conf` to previous state (replace `md5` with `peer`)
+     * Open psql shell as postgres user: (as root) `su postgres -c psql`
+     * Create a new PostgreSQL user: 
+     ```sql
+     \c pleroma_dev
+     CREATE user pleroma;
+     ALTER user pleroma with encrypted password '<your password>';
+     GRANT ALL ON ALL tables IN SCHEMA public TO pleroma;
+     GRANT ALL ON ALL sequences IN SCHEMA public TO pleroma;
+     ```
+     * Again, change password in `config/dev.exs`, and change user too to `"pleroma"` (like like `username: "postgres"`)
+
+### Some additional configuration
+
+  * You will need to let pleroma instance to know what hostname/url it's running on.
+
+    In file `config/dev.exs`, add these lines at the end of the file:
+
+    ```elixir
+    config :pleroma, Pleroma.Web.Endpoint,
+    url: [host: "example.tld", scheme: "https", port: 443] 
+    ```
+
+    replacing `example.tld` with your (sub)domain
+    
+  * The common and convenient way for adding HTTPS is by using nginx as reverse proxy. You can look at example nginx configuration in `installation/pleroma.nginx`. If you need HTTPS certificates, you can look into letsencrypt.
+
+  * (not tested with reboots!) You'll also want to set up Pleroma to be run as a systemd service. Example .service can be found in `installation/pleroma.service` you can put it in `/etc/systemd/system/` and run it by `service pleroma start`; You can watch logs by using `journalctl -u pleroma.service`;
+
+  * Without systemd you can start Pleroma by starting Phoenix endpoint with `mix phx.server`
+    it should be available on 4000 port on localhost and proxied to 443 port by nginx.
 
-Now you can visit [`localhost:4000`](http://localhost:4000) from your browser.
 
 Ready to run in production? Please [check our deployment guides](http://www.phoenixframework.org/docs/deployment).
 
diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx
new file mode 100644
index 000000000..1bdb95ab4
--- /dev/null
+++ b/installation/pleroma.nginx
@@ -0,0 +1,26 @@
+server {
+       listen         80;
+       server_name    example.tld;
+       return         301 https://$server_name$request_uri;
+}
+
+server {
+    listen 443;
+    ssl on;
+    ssl_session_timeout 5m;
+
+    ssl_certificate           /etc/letsencrypt/live/exmaple.tld/fullchain.pem;
+    ssl_certificate_key       /etc/letsencrypt/live/example.tld/privkey.pem;
+
+    ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
+    ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
+    ssl_prefer_server_ciphers on;
+
+    server_name example.tld;
+
+    location / {
+        proxy_pass http://localhost:4000;
+    }
+    include snippets/well-known.conf;
+
+}
\ No newline at end of file
diff --git a/installation/pleroma.service b/installation/pleroma.service
new file mode 100644
index 000000000..fe314ed2b
--- /dev/null
+++ b/installation/pleroma.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=Pleroma social network
+After=network.target postgresql.service
+
+[Service]
+User=pleroma
+WorkingDirectory=/home/pleroma/pleroma
+Environment="HOME=/home/pleroma"
+ExecStart=/usr/local/bin/mix phx.server
+ExecReload=/bin/kill $MAINPID
+KillMode=process
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
+Alias=pleroma.service