mahito1594/akkoma
0
0
Fork 0
forked from AkkomaGang/akkoma
Code Issues Pull requests Projects Releases Packages Wiki Activity

Rearranging acme

Browse source
This commit is contained in:
Farhan Khan 2020-08-13 20:58:46 -04:00
parent cba9f368af
commit 24eb917dbc
1 changed files with 41 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

67
docs/installation/freebsd_en.md
View file

@ -79,36 +79,19 @@ $ MIX_ENV=prod mix ecto.migrate
You will need to do this whenever you update with `git pull`:
## Configuring nginx
As root, install the example configuration file
`/home/pleroma/pleroma/installation/pleroma.nginx` to
`/usr/local/etc/nginx/nginx.conf`.
Note that it will need to be wrapped in a `http {}` block. You should add
settings for the nginx daemon outside of the http block, for example:
```
user nginx nginx;
error_log /var/log/nginx/error.log;
worker_processes 4;
events {
}
```
Edit the defaults of `/usr/local/etc/nginx/nginx.conf`:
* Change `ssl_trusted_certificate` to `/etc/ssl/example.tld/chain.pem`.
* Change `ssl_certificate` to `/etc/ssl/example.tld/fullchain.pem`.
* Change `ssl_certificate_key` to `/etc/ssl/example.tld/privkey.pem`.
* Change all references of `example.tld` to your instance's domain name.
## Configuring acme.sh
We'll be using acme.sh in Stateless Mode for TLS certificate renewal.
First, as root, get your account fingerprint:
First, as root, allow the user `acme` to have access to the acme log file, as follows:
```
# touch /var/log/acme.sh.log
# chown acme:acme /var/log/acme.sh.log
# chmod 600 /var/log/acme.sh.log
```
Next, obtain your account fingerprint:
```
# sudo -Hu acme -g acme acme.sh --register-account
@ -156,6 +139,38 @@ Let's add auto-renewal to `/etc/daily.local`
--stateless
```
### Configuring nginx
FreeBSD's default nginx configuration does not contain an include directive, which is
typically used for multiple sites. Therefore, you will need to first create the required
directory as follows:
```
# mkdir -p /usr/local/etc/nginx/sites-available
```
Next, add an `include` directive to `/usr/local/etc/nginx/nginx.conf`, within the `http {}`
block, as follows:
```
http {
...
include /usr/local/etc/nginx/sites-available/*.conf;
}
```
As root, copy `/home/pleroma/pleroma/installation/pleroma.nginx` to
`/usr/local/etc/nginx/sites-available/pleroma.conf`.
Edit the defaults of `/usr/local/etc/nginx/sites-available/pleroma.conf`:
* Change `ssl_trusted_certificate` to `/etc/ssl/example.tld/chain.pem`.
* Change `ssl_certificate` to `/etc/ssl/example.tld/fullchain.pem`.
* Change `ssl_certificate_key` to `/etc/ssl/example.tld/privkey.pem`.
* Change all references of `example.tld` to your instance's domain name.
## Creating a startup script for Pleroma
Pleroma will need to compile when it initially starts, which typically takes a longer