AkkomaGang/akkoma
AkkomaGang/akkoma
13
63
Fork 84
Code Issues 163 Pull requests 12 Packages Projects 2 Releases 14 Wiki Activity

Update configuration docs #40

Merged
floatingghost merged 17 commits from norm/akkoma:docs-configuration into develop 2022-07-03 15:21:22 +00:00
Conversation 1 Commits 17 Files changed 17 +21 -30
1 changed files with 21 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 0849a63064 - Show all commits

51
docs/configuration/onion_federation.md
View file

@ -1,31 +1,22 @@
# Easy Onion Federation (Tor)
Tor can free people from the necessity of a domain, in addition to helping protect their privacy. As Pleroma's goal is to empower the people and let as many as possible host an instance with as little resources as possible, the ability to host an instance with a small, cheap computer like a RaspberryPi along with Tor, would be a great way to achieve that.
Tor can free people from the necessity of a domain, in addition to helping protect their privacy. As Akkoma's goal is to empower the people and let as many as possible host an instance with as little resources as possible, the ability to host an instance with a small, cheap computer like a Raspberry Pi along with Tor, would be a great way to achieve that.
In addition, federating with such instances will also help furthering that goal.
This is a guide to show you how it can be easily done.
This guide assumes you already got Pleroma working, and that it's running on the default port 4000.
Currently only has an Nginx example.
This guide assumes you already got Akkoma working, and that it's running on the default port 4000.
This guide also assumes you're using Nginx as the reverse proxy.
To install Tor on Debian / Ubuntu:
```
apt -yq install tor
```
If using an old server version (older than Debian Stretch or Ubuntu 18.04), install from backports or PPA.
I recommend using a newer server version instead.
To have the newest, V3 onion addresses (which I recommend) in Debian, install Tor from backports.
If you do not have backports, uncomment the stretch-backports links at the end of `/etc/apt/sources.list`.
Then install:
```
apt update
apt -t stretch-backports -yq install tor
```
**WARNING:** Onion instances not using a Tor version supporting V3 addresses will not be able to federate with you.
Create the hidden service for your Pleroma instance in `/etc/tor/torrc`:
Create the hidden service for your Akkoma instance in `/etc/tor/torrc`:
```
HiddenServiceDir /var/lib/tor/pleroma_hidden_service/
HiddenServiceDir /var/lib/tor/akkoma_hidden_service/
HiddenServicePort 80 127.0.0.1:8099
HiddenServiceVersion 3 # Remove if Tor version is below 0.3 ( tor --version )
```
@ -35,28 +26,28 @@ systemctl restart tor@default.service
```
Get the address:
```
cat /var/lib/tor/pleroma_hidden_service/hostname
cat /var/lib/tor/akkoma_hidden_service/hostname
```
# Federation
Next, edit your Pleroma config.
If running in prod, cd to your Pleroma directory, edit `config/prod.secret.exs`
Next, edit your Akkoma config.
If running in prod, navigate to your Akkoma directory, edit `config/prod.secret.exs`
and append this line:
```
config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}
```
In your Pleroma directory, assuming you're running prod,
In your Akkoma directory, assuming you're running prod,
run the following:
```
su pleroma
su akkoma
MIX_ENV=prod mix deps.get
MIX_ENV=prod mix ecto.migrate
exit
```
restart Pleroma (if using systemd):
restart Akkoma (if using systemd):
```
systemctl restart pleroma
systemctl restart akkoma
```
# Tor Instance Access
@ -64,7 +55,7 @@ systemctl restart pleroma
Make your instance accessible using Tor.
## Tor-only Instance
If creating a Tor-only instance, open `config/prod.secret.exs` and under "config :pleroma, Pleroma.Web.Endpoint," edit "https" and "port: 443" to the following:
If creating a Tor-only instance, open `config/prod.secret.exs` and under "config :pleroma, Akkoma.Web.Endpoint," edit "https" and "port: 443" to the following:
```
url: [host: "onionaddress", scheme: "http", port: 80],
```
@ -72,11 +63,11 @@ In addition to that, replace the existing nginx config's contents with the examp
## Existing Instance (Clearnet Instance)
If not a Tor-only instance,
add the nginx config below to your existing config at `/etc/nginx/sites-enabled/pleroma.nginx`.
add the nginx config below to your existing config at `/etc/nginx/sites-enabled/akkoma.nginx`.
---
For both cases, disable CSP in Pleroma's config (STS is disabled by default) so you can define those yourself separately from the clearnet (if your instance is also on the clearnet).
Copy the following into the `config/prod.secret.exs` in your Pleroma folder (/home/pleroma/pleroma/):
For both cases, disable CSP in Akkoma's config (STS is disabled by default) so you can define those yourself separately from the clearnet (if your instance is also on the clearnet).
Copy the following into the `config/prod.secret.exs` in your Akkoma folder (/home/akkoma/akkoma/):
```
config :pleroma, :http_security,
enabled: false
@ -84,7 +75,7 @@ config :pleroma, :http_security,
Use this as the Nginx config:
```
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
proxy_cache_path /tmp/akkoma-media-cache levels=1:2 keys_zone=akkoma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
# The above already exists in a clearnet instance's config.
# If not, add it.
@ -125,7 +116,7 @@ server {
}
location /proxy {
proxy_cache pleroma_media_cache;
proxy_cache akkoma_media_cache;
proxy_cache_lock on;
proxy_ignore_client_abort on;
proxy_pass http://localhost:4000;
@ -143,17 +134,17 @@ You should now be able to both access your instance using Tor and federate with
### Possible Issues
* In Debian, make sure your hidden service folder `/var/lib/tor/pleroma_hidden_service/` and its contents, has debian-tor as both owner and group by using
* In Debian, make sure your hidden service folder `/var/lib/tor/akkoma_hidden_service/` and its contents, has debian-tor as both owner and group by using
```
ls -la /var/lib/tor/
```
If it's not, run:
```
chown -R debian-tor:debian-tor /var/lib/tor/pleroma_hidden_service/
chown -R debian-tor:debian-tor /var/lib/tor/akkoma_hidden_service/
```
* Make sure *only* the owner has *only* read and write permissions.
If not, run:
```
chmod -R 600 /var/lib/tor/pleroma_hidden_service/
chmod -R 600 /var/lib/tor/akkoma_hidden_service/
```
* If you have trouble logging in to the Mastodon Frontend when using Tor, use the Tor Browser Bundle.