forked from AkkomaGang/akkoma
Update OTP install docs to use certbot nginx plugin
This commit is contained in:
parent
e5f4282cca
commit
0fa3fbf55e
1 changed files with 12 additions and 37 deletions
|
@ -9,7 +9,7 @@ This guide covers a installation using an OTP release. To install Akkoma from so
|
||||||
* For installing OTP releases on RedHat-based distros like Fedora and Centos Stream, please follow [this guide](./otp_redhat_en.md) instead.
|
* For installing OTP releases on RedHat-based distros like Fedora and Centos Stream, please follow [this guide](./otp_redhat_en.md) instead.
|
||||||
* A (sub)domain pointed to the machine
|
* A (sub)domain pointed to the machine
|
||||||
|
|
||||||
You will be running commands as root. If you aren't root already, please elevate your priviledges by executing `sudo su`/`su`.
|
You will be running commands as root. If you aren't root already, please elevate your priviledges by executing `sudo -i`/`su`.
|
||||||
|
|
||||||
While in theory OTP releases are possbile to install on any compatible machine, for the sake of simplicity this guide focuses only on Debian/Ubuntu and Alpine.
|
While in theory OTP releases are possbile to install on any compatible machine, for the sake of simplicity this guide focuses only on Debian/Ubuntu and Alpine.
|
||||||
|
|
||||||
|
@ -176,11 +176,6 @@ su akkoma -s $SHELL -lc "./bin/pleroma stop"
|
||||||
|
|
||||||
### Setting up nginx and getting Let's Encrypt SSL certificaties
|
### Setting up nginx and getting Let's Encrypt SSL certificaties
|
||||||
|
|
||||||
#### Get a Let's Encrypt certificate
|
|
||||||
```sh
|
|
||||||
certbot certonly --standalone --preferred-challenges http -d yourinstance.tld
|
|
||||||
```
|
|
||||||
|
|
||||||
#### Copy Akkoma nginx configuration to the nginx folder
|
#### Copy Akkoma nginx configuration to the nginx folder
|
||||||
|
|
||||||
The location of nginx configs is dependent on the distro
|
The location of nginx configs is dependent on the distro
|
||||||
|
@ -209,6 +204,14 @@ $EDITOR path-to-nginx-config
|
||||||
# Verify that the config is valid
|
# Verify that the config is valid
|
||||||
nginx -t
|
nginx -t
|
||||||
```
|
```
|
||||||
|
|
||||||
|
#### Get a Let's Encrypt certificate
|
||||||
|
```sh
|
||||||
|
certbot --nginx -d yourinstance.tld -d media.yourinstance.tld
|
||||||
|
```
|
||||||
|
|
||||||
|
If that doesn't work the first time, add `--dry-run` to further attempts to avoid being ratelimited as you identify the issue, and do not remove it until the dry run succeeds. A common source of problems are nginx config syntax errors; this can be checked for by running `nginx -t`.
|
||||||
|
|
||||||
#### Start nginx
|
#### Start nginx
|
||||||
|
|
||||||
=== "Alpine"
|
=== "Alpine"
|
||||||
|
@ -252,32 +255,19 @@ If everything worked, you should see Akkoma-FE when visiting your domain. If tha
|
||||||
## Post installation
|
## Post installation
|
||||||
|
|
||||||
### Setting up auto-renew of the Let's Encrypt certificate
|
### Setting up auto-renew of the Let's Encrypt certificate
|
||||||
```sh
|
|
||||||
# Create the directory for webroot challenges
|
|
||||||
mkdir -p /var/lib/letsencrypt
|
|
||||||
|
|
||||||
# Uncomment the webroot method
|
|
||||||
$EDITOR path-to-nginx-config
|
|
||||||
|
|
||||||
# Verify that the config is valid
|
|
||||||
nginx -t
|
|
||||||
```
|
|
||||||
|
|
||||||
=== "Alpine"
|
=== "Alpine"
|
||||||
```
|
```
|
||||||
# Restart nginx
|
|
||||||
rc-service nginx restart
|
|
||||||
|
|
||||||
# Start the cron daemon and make it start on boot
|
# Start the cron daemon and make it start on boot
|
||||||
rc-service crond start
|
rc-service crond start
|
||||||
rc-update add crond
|
rc-update add crond
|
||||||
|
|
||||||
# Ensure the webroot menthod and post hook is working
|
# Ensure the webroot menthod and post hook is working
|
||||||
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'rc-service nginx reload'
|
certbot renew --cert-name yourinstance.tld --nginx --dry-run
|
||||||
|
|
||||||
# Add it to the daily cron
|
# Add it to the daily cron
|
||||||
echo '#!/bin/sh
|
echo '#!/bin/sh
|
||||||
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "rc-service nginx reload"
|
certbot renew --cert-name yourinstance.tld --nginx
|
||||||
' > /etc/periodic/daily/renew-akkoma-cert
|
' > /etc/periodic/daily/renew-akkoma-cert
|
||||||
chmod +x /etc/periodic/daily/renew-akkoma-cert
|
chmod +x /etc/periodic/daily/renew-akkoma-cert
|
||||||
|
|
||||||
|
@ -286,22 +276,7 @@ nginx -t
|
||||||
```
|
```
|
||||||
|
|
||||||
=== "Debian/Ubuntu"
|
=== "Debian/Ubuntu"
|
||||||
```
|
This should be automatically enabled with the `certbot-renew.timer` systemd unit.
|
||||||
# Restart nginx
|
|
||||||
systemctl restart nginx
|
|
||||||
|
|
||||||
# Ensure the webroot menthod and post hook is working
|
|
||||||
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'systemctl reload nginx'
|
|
||||||
|
|
||||||
# Add it to the daily cron
|
|
||||||
echo '#!/bin/sh
|
|
||||||
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx"
|
|
||||||
' > /etc/cron.daily/renew-akkoma-cert
|
|
||||||
chmod +x /etc/cron.daily/renew-akkoma-cert
|
|
||||||
|
|
||||||
# If everything worked the output should contain /etc/cron.daily/renew-akkoma-cert
|
|
||||||
run-parts --test /etc/cron.daily
|
|
||||||
```
|
|
||||||
|
|
||||||
## Create your first user and set as admin
|
## Create your first user and set as admin
|
||||||
```sh
|
```sh
|
||||||
|
|
Loading…
Reference in a new issue