Update configuration docs (#40)
Reviewed-on: https://akkoma.dev/AkkomaGang/akkoma/pulls/40 Co-authored-by: norm <normandy@biribiri.dev> Co-committed-by: norm <normandy@biribiri.dev>
This commit is contained in:
parent
0e344ac8bb
commit
74bc22ae50
17 changed files with 119 additions and 128 deletions
|
@ -1,12 +1,12 @@
|
||||||
# Configuration Cheat Sheet
|
# Configuration Cheat Sheet
|
||||||
|
|
||||||
This is a cheat sheet for Pleroma configuration file, any setting possible to configure should be listed here.
|
This is a cheat sheet for Akkoma configuration file, any setting possible to configure should be listed here.
|
||||||
|
|
||||||
For OTP installations the configuration is typically stored in `/etc/pleroma/config.exs`.
|
For OTP installations the configuration is typically stored in `/etc/akkoma/config.exs`.
|
||||||
|
|
||||||
For from source installations Pleroma configuration works by first importing the base config `config/config.exs`, then overriding it by the environment config `config/$MIX_ENV.exs` and then overriding it by user config `config/$MIX_ENV.secret.exs`. In from source installations you should always make the changes to the user config and NEVER to the base config to avoid breakages and merge conflicts. So for production you change/add configuration to `config/prod.secret.exs`.
|
For from source installations Akkoma configuration works by first importing the base config `config/config.exs`, then overriding it by the environment config `config/$MIX_ENV.exs` and then overriding it by user config `config/$MIX_ENV.secret.exs`. In from source installations you should always make the changes to the user config and NEVER to the base config to avoid breakages and merge conflicts. So for production you change/add configuration to `config/prod.secret.exs`.
|
||||||
|
|
||||||
To add configuration to your config file, you can copy it from the base config. The latest version of it can be viewed [here](https://git.pleroma.social/pleroma/pleroma/blob/develop/config/config.exs). You can also use this file if you don't know how an option is supposed to be formatted.
|
To add configuration to your config file, you can copy it from the base config. The latest version of it can be viewed [here](https://akkoma.dev/AkkomaGang/akkoma/src/branch/develop/config/config.exs). You can also use this file if you don't know how an option is supposed to be formatted.
|
||||||
|
|
||||||
## :shout
|
## :shout
|
||||||
|
|
||||||
|
@ -99,7 +99,7 @@ To add configuration to your config file, you can copy it from the base config.
|
||||||
],
|
],
|
||||||
email: [
|
email: [
|
||||||
enabled: true,
|
enabled: true,
|
||||||
sender: {"Pleroma App", "welcome@pleroma.app"},
|
sender: {"Akkoma App", "welcome@akkoma.app"},
|
||||||
subject: "Welcome to <%= instance_name %>",
|
subject: "Welcome to <%= instance_name %>",
|
||||||
html: "Welcome to <%= instance_name %>",
|
html: "Welcome to <%= instance_name %>",
|
||||||
text: "Welcome to <%= instance_name %>"
|
text: "Welcome to <%= instance_name %>"
|
||||||
|
@ -254,7 +254,7 @@ This can be used to configure a keyword list that keeps the configuration data f
|
||||||
|
|
||||||
Frontends can access these settings at `/api/v1/pleroma/frontend_configurations`
|
Frontends can access these settings at `/api/v1/pleroma/frontend_configurations`
|
||||||
|
|
||||||
To add your own configuration for PleromaFE, use it like this:
|
To add your own configuration for Pleroma-FE, use it like this:
|
||||||
|
|
||||||
```elixir
|
```elixir
|
||||||
config :pleroma, :frontend_configurations,
|
config :pleroma, :frontend_configurations,
|
||||||
|
@ -398,7 +398,7 @@ config :pleroma, Pleroma.Web.MediaProxy.Invalidation.Http,
|
||||||
!!! note
|
!!! note
|
||||||
`Phoenix` endpoint configuration, all configuration options can be viewed [here](https://hexdocs.pm/phoenix/Phoenix.Endpoint.html#module-dynamic-configuration), only common options are listed here.
|
`Phoenix` endpoint configuration, all configuration options can be viewed [here](https://hexdocs.pm/phoenix/Phoenix.Endpoint.html#module-dynamic-configuration), only common options are listed here.
|
||||||
|
|
||||||
* `http` - a list containing http protocol configuration, all configuration options can be viewed [here](https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html#module-options), only common options are listed here. For deployment using docker, you need to set this to `[ip: {0,0,0,0}, port: 4000]` to make pleroma accessible from other containers (such as your nginx server).
|
* `http` - a list containing http protocol configuration, all configuration options can be viewed [here](https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html#module-options), only common options are listed here. For deployment using docker, you need to set this to `[ip: {0,0,0,0}, port: 4000]` to make akkoma accessible from other containers (such as your nginx server).
|
||||||
- `ip` - a tuple consisting of 4 integers
|
- `ip` - a tuple consisting of 4 integers
|
||||||
- `port`
|
- `port`
|
||||||
* `url` - a list containing the configuration for generating urls, accepts
|
* `url` - a list containing the configuration for generating urls, accepts
|
||||||
|
@ -418,7 +418,7 @@ config :pleroma, Pleroma.Web.Endpoint,
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
This will make Pleroma listen on `127.0.0.1` port `8080` and generate urls starting with `https://example.com:2020`
|
This will make Akkoma listen on `127.0.0.1` port `8080` and generate urls starting with `https://example.com:2020`
|
||||||
|
|
||||||
### :http_security
|
### :http_security
|
||||||
* ``enabled``: Whether the managed content security policy is enabled.
|
* ``enabled``: Whether the managed content security policy is enabled.
|
||||||
|
@ -576,9 +576,9 @@ the source code is here: [kocaptcha](https://github.com/koto-bank/kocaptcha). Th
|
||||||
|
|
||||||
* `uploader`: Which one of the [uploaders](#uploaders) to use.
|
* `uploader`: Which one of the [uploaders](#uploaders) to use.
|
||||||
* `filters`: List of [upload filters](#upload-filters) to use.
|
* `filters`: List of [upload filters](#upload-filters) to use.
|
||||||
* `link_name`: When enabled Pleroma will add a `name` parameter to the url of the upload, for example `https://instance.tld/media/corndog.png?name=corndog.png`. This is needed to provide the correct filename in Content-Disposition headers when using filters like `Pleroma.Upload.Filter.Dedupe`
|
* `link_name`: When enabled Akkoma will add a `name` parameter to the url of the upload, for example `https://instance.tld/media/corndog.png?name=corndog.png`. This is needed to provide the correct filename in Content-Disposition headers when using filters like `Pleroma.Upload.Filter.Dedupe`
|
||||||
* `base_url`: The base URL to access a user-uploaded file. Useful when you want to host the media files via another domain or are using a 3rd party S3 provider.
|
* `base_url`: The base URL to access a user-uploaded file. Useful when you want to host the media files via another domain or are using a 3rd party S3 provider.
|
||||||
* `proxy_remote`: If you're using a remote uploader, Pleroma will proxy media requests instead of redirecting to it.
|
* `proxy_remote`: If you're using a remote uploader, Akkoma will proxy media requests instead of redirecting to it.
|
||||||
* `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation.
|
* `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation.
|
||||||
* `filename_display_max_length`: Set max length of a filename to display. 0 = no limit. Default: 30.
|
* `filename_display_max_length`: Set max length of a filename to display. 0 = no limit. Default: 30.
|
||||||
* `default_description`: Sets which default description an image has if none is set explicitly. Options: nil (default) - Don't set a default, :filename - use the filename of the file, a string (e.g. "attachment") - Use this string
|
* `default_description`: Sets which default description an image has if none is set explicitly. Options: nil (default) - Don't set a default, :filename - use the filename of the file, a string (e.g. "attachment") - Use this string
|
||||||
|
@ -683,7 +683,7 @@ Email notifications settings.
|
||||||
|
|
||||||
### Pleroma.Emails.UserEmail
|
### Pleroma.Emails.UserEmail
|
||||||
|
|
||||||
- `:logo` - a path to a custom logo. Set it to `nil` to use the default Pleroma logo.
|
- `:logo` - a path to a custom logo. Set it to `nil` to use the default Akkoma logo.
|
||||||
- `:styling` - a map with color settings for email templates.
|
- `:styling` - a map with color settings for email templates.
|
||||||
|
|
||||||
### Pleroma.Emails.NewUsersDigestEmail
|
### Pleroma.Emails.NewUsersDigestEmail
|
||||||
|
@ -703,7 +703,7 @@ Configuration options described in [Oban readme](https://github.com/sorentwo/oba
|
||||||
* `queues` - job queues (see below)
|
* `queues` - job queues (see below)
|
||||||
* `crontab` - periodic jobs, see [`Oban.Cron`](#obancron)
|
* `crontab` - periodic jobs, see [`Oban.Cron`](#obancron)
|
||||||
|
|
||||||
Pleroma has the following queues:
|
Akkoma has the following queues:
|
||||||
|
|
||||||
* `activity_expiration` - Activity expiration
|
* `activity_expiration` - Activity expiration
|
||||||
* `federator_outgoing` - Outgoing federation
|
* `federator_outgoing` - Outgoing federation
|
||||||
|
@ -715,7 +715,7 @@ Pleroma has the following queues:
|
||||||
|
|
||||||
#### Oban.Cron
|
#### Oban.Cron
|
||||||
|
|
||||||
Pleroma has these periodic job workers:
|
Akkoma has these periodic job workers:
|
||||||
|
|
||||||
* `Pleroma.Workers.Cron.DigestEmailsWorker` - digest emails for users with new mentions and follows
|
* `Pleroma.Workers.Cron.DigestEmailsWorker` - digest emails for users with new mentions and follows
|
||||||
* `Pleroma.Workers.Cron.NewUsersDigestWorker` - digest emails for admins with new registrations
|
* `Pleroma.Workers.Cron.NewUsersDigestWorker` - digest emails for admins with new registrations
|
||||||
|
@ -874,11 +874,11 @@ Authentication / authorization settings.
|
||||||
|
|
||||||
### :ldap
|
### :ldap
|
||||||
|
|
||||||
Use LDAP for user authentication. When a user logs in to the Pleroma
|
Use LDAP for user authentication. When a user logs in to the Akkoma
|
||||||
instance, the name and password will be verified by trying to authenticate
|
instance, the name and password will be verified by trying to authenticate
|
||||||
(bind) to an LDAP server. If a user exists in the LDAP directory but there
|
(bind) to an LDAP server. If a user exists in the LDAP directory but there
|
||||||
is no account with the same name yet on the Pleroma instance then a new
|
is no account with the same name yet on the Akkoma instance then a new
|
||||||
Pleroma account will be created with the same name as the LDAP user name.
|
Akkoma account will be created with the same name as the LDAP user name.
|
||||||
|
|
||||||
* `enabled`: enables LDAP authentication
|
* `enabled`: enables LDAP authentication
|
||||||
* `host`: LDAP server hostname
|
* `host`: LDAP server hostname
|
||||||
|
@ -893,7 +893,7 @@ Pleroma account will be created with the same name as the LDAP user name.
|
||||||
Note, if your LDAP server is an Active Directory server the correct value is commonly `uid: "cn"`, but if you use an
|
Note, if your LDAP server is an Active Directory server the correct value is commonly `uid: "cn"`, but if you use an
|
||||||
OpenLDAP server the value may be `uid: "uid"`.
|
OpenLDAP server the value may be `uid: "uid"`.
|
||||||
|
|
||||||
### :oauth2 (Pleroma as OAuth 2.0 provider settings)
|
### :oauth2 (Akkoma as OAuth 2.0 provider settings)
|
||||||
|
|
||||||
OAuth 2.0 provider settings:
|
OAuth 2.0 provider settings:
|
||||||
|
|
||||||
|
@ -918,7 +918,7 @@ Implementation is based on Ueberauth; see the list of [available strategies](htt
|
||||||
Each strategy is shipped as a separate dependency; in order to get the strategies, run `OAUTH_CONSUMER_STRATEGIES="..." mix deps.get`, e.g. `OAUTH_CONSUMER_STRATEGIES="twitter facebook google microsoft" mix deps.get`. The server should also be started with `OAUTH_CONSUMER_STRATEGIES="..." mix phx.server` in case you enable any strategies.
|
Each strategy is shipped as a separate dependency; in order to get the strategies, run `OAUTH_CONSUMER_STRATEGIES="..." mix deps.get`, e.g. `OAUTH_CONSUMER_STRATEGIES="twitter facebook google microsoft" mix deps.get`. The server should also be started with `OAUTH_CONSUMER_STRATEGIES="..." mix phx.server` in case you enable any strategies.
|
||||||
|
|
||||||
!!! note
|
!!! note
|
||||||
Each strategy requires separate setup (on external provider side and Pleroma side). Below are the guidelines on setting up most popular strategies.
|
Each strategy requires separate setup (on external provider side and Akkoma side). Below are the guidelines on setting up most popular strategies.
|
||||||
|
|
||||||
!!! note
|
!!! note
|
||||||
Make sure that `"SameSite=Lax"` is set in `extra_cookie_attrs` when you have this feature enabled. OAuth consumer mode will not work with `"SameSite=Strict"`
|
Make sure that `"SameSite=Lax"` is set in `extra_cookie_attrs` when you have this feature enabled. OAuth consumer mode will not work with `"SameSite=Strict"`
|
||||||
|
@ -988,7 +988,7 @@ config :ueberauth, Ueberauth,
|
||||||
|
|
||||||
### Pleroma.Formatter
|
### Pleroma.Formatter
|
||||||
|
|
||||||
Configuration for Pleroma's link formatter which parses mentions, hashtags, and URLs.
|
Configuration for Akkoma's link formatter which parses mentions, hashtags, and URLs.
|
||||||
|
|
||||||
* `class` - specify the class to be added to the generated link (default: `false`)
|
* `class` - specify the class to be added to the generated link (default: `false`)
|
||||||
* `rel` - specify the rel attribute (default: `ugc`)
|
* `rel` - specify the rel attribute (default: `ugc`)
|
||||||
|
@ -1080,7 +1080,7 @@ Control favicons for instances.
|
||||||
|
|
||||||
* `:purge_after_days` an integer, remove backup achives after N days.
|
* `:purge_after_days` an integer, remove backup achives after N days.
|
||||||
* `:limit_days` an integer, limit user to export not more often than once per N days.
|
* `:limit_days` an integer, limit user to export not more often than once per N days.
|
||||||
* `:dir` a string with a path to backup temporary directory or `nil` to let Pleroma choose temporary directory in the following order:
|
* `:dir` a string with a path to backup temporary directory or `nil` to let Akkoma choose temporary directory in the following order:
|
||||||
1. the directory named by the TMPDIR environment variable
|
1. the directory named by the TMPDIR environment variable
|
||||||
2. the directory named by the TEMP environment variable
|
2. the directory named by the TEMP environment variable
|
||||||
3. the directory named by the TMP environment variable
|
3. the directory named by the TMP environment variable
|
||||||
|
@ -1089,9 +1089,9 @@ Control favicons for instances.
|
||||||
|
|
||||||
## Frontend management
|
## Frontend management
|
||||||
|
|
||||||
Frontends in Pleroma are swappable - you can specify which one to use here.
|
Frontends in Akkoma are swappable - you can specify which one to use here.
|
||||||
|
|
||||||
You can set a frontends for the key `primary` and `admin` and the options of `name` and `ref`. This will then make Pleroma serve the frontend from a folder constructed by concatenating the instance static path, `frontends` and the name and ref.
|
You can set a frontends for the key `primary` and `admin` and the options of `name` and `ref`. This will then make Akkoma serve the frontend from a folder constructed by concatenating the instance static path, `frontends` and the name and ref.
|
||||||
|
|
||||||
The key `primary` refers to the frontend that will be served by default for general requests. The key `admin` refers to the frontend that will be served at the `/pleroma/admin` path.
|
The key `primary` refers to the frontend that will be served by default for general requests. The key `admin` refers to the frontend that will be served at the `/pleroma/admin` path.
|
||||||
|
|
||||||
|
|
|
@ -13,7 +13,7 @@ To add custom emoji:
|
||||||
file in that directory and specify a custom shortcode using the following format:
|
file in that directory and specify a custom shortcode using the following format:
|
||||||
`shortcode, file-path, tag1, tag2, etc`. One emoji per line. Note that if you do so,
|
`shortcode, file-path, tag1, tag2, etc`. One emoji per line. Note that if you do so,
|
||||||
you'll have to list all other emojis in the pack too.
|
you'll have to list all other emojis in the pack too.
|
||||||
* Either restart pleroma or connect to the iex session pleroma's running and
|
* Either restart Akkoma or connect to the iex session Akkoma's running and
|
||||||
run `Pleroma.Emoji.reload/0` in it.
|
run `Pleroma.Emoji.reload/0` in it.
|
||||||
|
|
||||||
Example:
|
Example:
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
# Hardening your instance
|
# Hardening your instance
|
||||||
Here are some suggestions which improve the security of parts of your Pleroma instance.
|
Here are some suggestions which improve the security of parts of your Akkoma instance.
|
||||||
|
|
||||||
## Configuration file
|
## Configuration file
|
||||||
|
|
||||||
|
@ -9,13 +9,13 @@ These changes should go into `prod.secret.exs` or `dev.secret.exs`, depending on
|
||||||
|
|
||||||
> Recommended value: `[ip: {127, 0, 0, 1}]`
|
> Recommended value: `[ip: {127, 0, 0, 1}]`
|
||||||
|
|
||||||
This sets the Pleroma application server to only listen to the localhost interface. This way, you can only reach your server over the Internet by going through the reverse proxy. By default, Pleroma listens on all interfaces.
|
This sets the Akkoma application server to only listen to the localhost interface. This way, you can only reach your server over the Internet by going through the reverse proxy. By default, Akkoma listens on all interfaces.
|
||||||
|
|
||||||
### `secure_cookie_flag`
|
### `secure_cookie_flag`
|
||||||
|
|
||||||
> Recommended value: `true`
|
> Recommended value: `true`
|
||||||
|
|
||||||
This sets the `secure` flag on Pleroma’s session cookie. This makes sure, that the cookie is only accepted over encrypted HTTPs connections. This implicitly renames the cookie from `pleroma_key` to `__Host-pleroma-key` which enforces some restrictions. (see [cookie prefixes](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Cookie_prefixes))
|
This sets the `secure` flag on Akkoma’s session cookie. This makes sure, that the cookie is only accepted over encrypted HTTPs connections. This implicitly renames the cookie from `pleroma_key` to `__Host-pleroma-key` which enforces some restrictions. (see [cookie prefixes](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Cookie_prefixes))
|
||||||
|
|
||||||
### `:http_security`
|
### `:http_security`
|
||||||
|
|
||||||
|
@ -76,7 +76,7 @@ Use private `/tmp` and `/var/tmp` folders inside a new file system namespace, wh
|
||||||
|
|
||||||
> Recommended value: `true`
|
> Recommended value: `true`
|
||||||
|
|
||||||
The `/home`, `/root`, and `/run/user` folders can not be accessed by this service anymore. If your Pleroma user has its home folder in one of the restricted places, or use one of these folders as its working directory, you have to set this to `false`.
|
The `/home`, `/root`, and `/run/user` folders can not be accessed by this service anymore. If your Akkoma user has its home folder in one of the restricted places, or use one of these folders as its working directory, you have to set this to `false`.
|
||||||
|
|
||||||
### ProtectSystem
|
### ProtectSystem
|
||||||
|
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# How to activate Pleroma in-database configuration
|
# How to activate Akkoma in-database configuration
|
||||||
## Explanation
|
## Explanation
|
||||||
|
|
||||||
The configuration of Pleroma has traditionally been managed with a config file, e.g. `config/prod.secret.exs`. This method requires a restart of the application for any configuration changes to take effect. We have made it possible to control most settings in the AdminFE interface after running a migration script.
|
The configuration of Akkoma (and Pleroma) has traditionally been managed with a config file, e.g. `config/prod.secret.exs`. This method requires a restart of the application for any configuration changes to take effect. We have made it possible to control most settings in the AdminFE interface after running a migration script.
|
||||||
|
|
||||||
## Migration to database config
|
## Migration to database config
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@ The configuration of Pleroma has traditionally been managed with a config file,
|
||||||
|
|
||||||
**OTP:**
|
**OTP:**
|
||||||
|
|
||||||
*Note: OTP users need Pleroma to be running for `pleroma_ctl` commands to work*
|
*Note: OTP users need Akkoma to be running for `pleroma_ctl` commands to work*
|
||||||
|
|
||||||
```
|
```
|
||||||
$ ./bin/pleroma_ctl config migrate_to_db
|
$ ./bin/pleroma_ctl config migrate_to_db
|
||||||
|
@ -36,7 +36,7 @@ The configuration of Pleroma has traditionally been managed with a config file,
|
||||||
cp config/dev.secret.exs config/dev.secret.exs.orig
|
cp config/dev.secret.exs config/dev.secret.exs.orig
|
||||||
```
|
```
|
||||||
|
|
||||||
3. Edit your Pleroma config to enable database configuration:
|
3. Edit your Akkoma config to enable database configuration:
|
||||||
|
|
||||||
```
|
```
|
||||||
config :pleroma, configurable_from_database: true
|
config :pleroma, configurable_from_database: true
|
||||||
|
@ -66,9 +66,9 @@ The configuration of Pleroma has traditionally been managed with a config file,
|
||||||
|
|
||||||
config :pleroma, Pleroma.Repo,
|
config :pleroma, Pleroma.Repo,
|
||||||
adapter: Ecto.Adapters.Postgres,
|
adapter: Ecto.Adapters.Postgres,
|
||||||
username: "pleroma",
|
username: "akkoma",
|
||||||
password: "MySecretPassword",
|
password: "MySecretPassword",
|
||||||
database: "pleroma_prod",
|
database: "akkoma_prod",
|
||||||
hostname: "localhost"
|
hostname: "localhost"
|
||||||
|
|
||||||
config :pleroma, configurable_from_database: true
|
config :pleroma, configurable_from_database: true
|
||||||
|
|
|
@ -1,29 +1,29 @@
|
||||||
# Configuring Ejabberd (XMPP Server) to use Pleroma for authentication
|
# Configuring Ejabberd (XMPP Server) to use Akkoma for authentication
|
||||||
|
|
||||||
If you want to give your Pleroma users an XMPP (chat) account, you can configure [Ejabberd](https://github.com/processone/ejabberd) to use your Pleroma server for user authentication, automatically giving every local user an XMPP account.
|
If you want to give your Akkoma users an XMPP (chat) account, you can configure [Ejabberd](https://github.com/processone/ejabberd) to use your Akkoma server for user authentication, automatically giving every local user an XMPP account.
|
||||||
|
|
||||||
In general, you just have to follow the configuration described at [https://docs.ejabberd.im/admin/configuration/authentication/#external-script](https://docs.ejabberd.im/admin/configuration/authentication/#external-script). Please read this section carefully.
|
In general, you just have to follow the configuration described at [https://docs.ejabberd.im/admin/configuration/authentication/#external-script](https://docs.ejabberd.im/admin/configuration/authentication/#external-script). Please read this section carefully.
|
||||||
|
|
||||||
Copy the script below to suitable path on your system and set owner and permissions. Also do not forget adjusting `PLEROMA_HOST` and `PLEROMA_PORT`, if necessary.
|
Copy the script below to suitable path on your system and set owner and permissions. Also do not forget adjusting `AKKOMA_HOST` and `AKKOMA_PORT`, if necessary.
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
cp pleroma_ejabberd_auth.py /etc/ejabberd/pleroma_ejabberd_auth.py
|
cp akkoma_ejabberd_auth.py /etc/ejabberd/akkoma_ejabberd_auth.py
|
||||||
chown ejabberd /etc/ejabberd/pleroma_ejabberd_auth.py
|
chown ejabberd /etc/ejabberd/akkoma_ejabberd_auth.py
|
||||||
chmod 700 /etc/ejabberd/pleroma_ejabberd_auth.py
|
chmod 700 /etc/ejabberd/akkoma_ejabberd_auth.py
|
||||||
```
|
```
|
||||||
|
|
||||||
Set external auth params in ejabberd.yaml file:
|
Set external auth params in ejabberd.yaml file:
|
||||||
|
|
||||||
```bash
|
```bash
|
||||||
auth_method: [external]
|
auth_method: [external]
|
||||||
extauth_program: "python3 /etc/ejabberd/pleroma_ejabberd_auth.py"
|
extauth_program: "python3 /etc/ejabberd/akkoma_ejabberd_auth.py"
|
||||||
extauth_instances: 3
|
extauth_instances: 3
|
||||||
auth_use_cache: false
|
auth_use_cache: false
|
||||||
```
|
```
|
||||||
|
|
||||||
Restart / reload your ejabberd service.
|
Restart / reload your ejabberd service.
|
||||||
|
|
||||||
After restarting your Ejabberd server, your users should now be able to connect with their Pleroma credentials.
|
After restarting your Ejabberd server, your users should now be able to connect with their Akkoma credentials.
|
||||||
|
|
||||||
|
|
||||||
```python
|
```python
|
||||||
|
@ -34,18 +34,18 @@ from base64 import b64encode
|
||||||
import logging
|
import logging
|
||||||
|
|
||||||
|
|
||||||
PLEROMA_HOST = "127.0.0.1"
|
AKKOMA_HOST = "127.0.0.1"
|
||||||
PLEROMA_PORT = "4000"
|
AKKOMA_PORT = "4000"
|
||||||
AUTH_ENDPOINT = "/api/v1/accounts/verify_credentials"
|
AUTH_ENDPOINT = "/api/v1/accounts/verify_credentials"
|
||||||
USER_ENDPOINT = "/api/v1/accounts"
|
USER_ENDPOINT = "/api/v1/accounts"
|
||||||
LOGFILE = "/var/log/ejabberd/pleroma_auth.log"
|
LOGFILE = "/var/log/ejabberd/akkoma_auth.log"
|
||||||
|
|
||||||
logging.basicConfig(filename=LOGFILE, level=logging.INFO)
|
logging.basicConfig(filename=LOGFILE, level=logging.INFO)
|
||||||
|
|
||||||
|
|
||||||
# Pleroma functions
|
# Akkoma functions
|
||||||
def create_connection():
|
def create_connection():
|
||||||
return http.client.HTTPConnection(PLEROMA_HOST, PLEROMA_PORT)
|
return http.client.HTTPConnection(AKKOMA_HOST, AKKOMA_PORT)
|
||||||
|
|
||||||
|
|
||||||
def verify_credentials(user: str, password: str) -> bool:
|
def verify_credentials(user: str, password: str) -> bool:
|
||||||
|
@ -124,7 +124,7 @@ def write(result):
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
logging.info("Starting pleroma ejabberd auth daemon...")
|
logging.info("Starting akkoma ejabberd auth daemon...")
|
||||||
while True:
|
while True:
|
||||||
try:
|
try:
|
||||||
read()
|
read()
|
||||||
|
@ -133,4 +133,4 @@ if __name__ == "__main__":
|
||||||
"Error while processing data from ejabberd %s", str(e))
|
"Error while processing data from ejabberd %s", str(e))
|
||||||
pass
|
pass
|
||||||
|
|
||||||
```
|
```
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
# How to activate mediaproxy
|
# How to activate mediaproxy
|
||||||
## Explanation
|
## Explanation
|
||||||
|
|
||||||
Without the `mediaproxy` function, Pleroma doesn't store any remote content like pictures, video etc. locally. So every time you open Pleroma, the content is loaded from the source server, from where the post is coming. This can result in slowly loading content or/and increased bandwidth usage on the source server.
|
Without the `mediaproxy` function, Akkoma doesn't store any remote content like pictures, video etc. locally. So every time you open Akkoma, the content is loaded from the source server, from where the post is coming. This can result in slowly loading content or/and increased bandwidth usage on the source server.
|
||||||
With the `mediaproxy` function you can use nginx to cache this content, so users can access it faster, because it's loaded from your server.
|
With the `mediaproxy` function you can use nginx to cache this content, so users can access it faster, because it's loaded from your server.
|
||||||
|
|
||||||
## Activate it
|
## Activate it
|
||||||
|
@ -9,16 +9,16 @@ With the `mediaproxy` function you can use nginx to cache this content, so users
|
||||||
* Edit your nginx config and add the following location:
|
* Edit your nginx config and add the following location:
|
||||||
```
|
```
|
||||||
location /proxy {
|
location /proxy {
|
||||||
proxy_cache pleroma_media_cache;
|
proxy_cache akkoma_media_cache;
|
||||||
proxy_cache_lock on;
|
proxy_cache_lock on;
|
||||||
proxy_pass http://localhost:4000;
|
proxy_pass http://localhost:4000;
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
Also add the following on top of the configuration, outside of the `server` block:
|
Also add the following on top of the configuration, outside of the `server` block:
|
||||||
```
|
```
|
||||||
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
|
proxy_cache_path /tmp/akkoma-media-cache levels=1:2 keys_zone=akkoma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
|
||||||
```
|
```
|
||||||
If you came here from one of the installation guides, take a look at the example configuration `/installation/pleroma.nginx`, where this part is already included.
|
If you came here from one of the installation guides, take a look at the example configuration `/installation/akkoma.nginx`, where this part is already included.
|
||||||
|
|
||||||
* Append the following to your `prod.secret.exs` or `dev.secret.exs` (depends on which mode your instance is running):
|
* Append the following to your `prod.secret.exs` or `dev.secret.exs` (depends on which mode your instance is running):
|
||||||
```
|
```
|
||||||
|
@ -27,8 +27,8 @@ config :pleroma, :media_proxy,
|
||||||
proxy_opts: [
|
proxy_opts: [
|
||||||
redirect_on_failure: true
|
redirect_on_failure: true
|
||||||
]
|
]
|
||||||
#base_url: "https://cache.pleroma.social"
|
#base_url: "https://cache.akkoma.social"
|
||||||
```
|
```
|
||||||
If you want to use a subdomain to serve the files, uncomment `base_url`, change the url and add a comma after `true` in the previous line.
|
If you want to use a subdomain to serve the files, uncomment `base_url`, change the url and add a comma after `true` in the previous line.
|
||||||
|
|
||||||
* Restart nginx and Pleroma
|
* Restart nginx and Akkoma
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
# Configuring MongooseIM (XMPP Server) to use Pleroma for authentication
|
# Configuring MongooseIM (XMPP Server) to use Akkoma for authentication
|
||||||
|
|
||||||
If you want to give your Pleroma users an XMPP (chat) account, you can configure [MongooseIM](https://github.com/esl/MongooseIM) to use your Pleroma server for user authentication, automatically giving every local user an XMPP account.
|
If you want to give your Akkoma users an XMPP (chat) account, you can configure [MongooseIM](https://github.com/esl/MongooseIM) to use your Akkoma server for user authentication, automatically giving every local user an XMPP account.
|
||||||
|
|
||||||
In general, you just have to follow the configuration described at [https://mongooseim.readthedocs.io/en/latest/authentication-backends/HTTP-authentication-module/](https://mongooseim.readthedocs.io/en/latest/authentication-backends/HTTP-authentication-module/) and do these changes to your mongooseim.cfg.
|
In general, you just have to follow the configuration described at [https://mongooseim.readthedocs.io/en/latest/authentication-backends/HTTP-authentication-module/](https://mongooseim.readthedocs.io/en/latest/authentication-backends/HTTP-authentication-module/) and do these changes to your mongooseim.cfg.
|
||||||
|
|
||||||
1. Set the auth_method to `{auth_method, http}`.
|
1. Set the auth_method to `{auth_method, http}`.
|
||||||
2. Add the http auth pool like this: `{http, global, auth, [{workers, 50}], [{server, "https://yourpleromainstance.com"}]}`
|
2. Add the http auth pool like this: `{http, global, auth, [{workers, 50}], [{server, "https://yourakkomainstance.com"}]}`
|
||||||
|
|
||||||
Restart your MongooseIM server, your users should now be able to connect with their Pleroma credentials.
|
Restart your MongooseIM server, your users should now be able to connect with their Akkoma credentials.
|
||||||
|
|
|
@ -1,12 +1,12 @@
|
||||||
# How to configure upstream proxy for federation
|
# How to configure upstream proxy for federation
|
||||||
If you want to proxify all http requests (e.g. for TOR) that pleroma makes to an upstream proxy server, edit you config file (`dev.secret.exs` or `prod.secret.exs`) and add the following:
|
If you want to proxify all http requests (e.g. for TOR) that Akkoma makes to an upstream proxy server, edit your config file (`dev.secret.exs` or `prod.secret.exs`) and add the following:
|
||||||
|
|
||||||
```
|
```
|
||||||
config :pleroma, :http,
|
config :pleroma, :http,
|
||||||
proxy_url: "127.0.0.1:8123"
|
proxy_url: "127.0.0.1:8123"
|
||||||
```
|
```
|
||||||
|
|
||||||
The other way to do it, for example, with Tor you would most likely add something like this:
|
The other way to do it, for example, with Tor can be done like so:
|
||||||
```
|
```
|
||||||
config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}
|
config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}
|
||||||
```
|
```
|
||||||
|
|
|
@ -1,11 +1,11 @@
|
||||||
# How to enable text search for Chinese, Japanese and Korean
|
# How to enable text search for Chinese, Japanese and Korean
|
||||||
|
|
||||||
Pleroma's full text search feature is powered by PostgreSQL's native [text search](https://www.postgresql.org/docs/current/textsearch.html), it works well out of box for most of languages, but needs extra configurations for some asian languages like Chinese, Japanese and Korean (CJK).
|
Akkoma's full text search feature is powered by PostgreSQL's native [text search](https://www.postgresql.org/docs/current/textsearch.html), it works well out of box for most of languages, but needs extra configurations for some asian languages like Chinese, Japanese and Korean (CJK).
|
||||||
|
|
||||||
|
|
||||||
## Setup and test the new search config
|
## Setup and test the new search config
|
||||||
|
|
||||||
In most cases, you would need an extension installed to support parsing CJK text. Here are a few extensions you may choose from, or you are more than welcome to share additional ones you found working for you with the rest of Pleroma community.
|
In most cases, you would need an extension installed to support parsing CJK text. Here are a few extensions you may choose from, or you are more than welcome to share additional ones you found working for you with the rest of Akkoma community.
|
||||||
|
|
||||||
* [a generic n-gram parser](https://github.com/huangjimmy/pg_cjk_parser) supports Simplifed/Traditional Chinese, Japanese, and Korean
|
* [a generic n-gram parser](https://github.com/huangjimmy/pg_cjk_parser) supports Simplifed/Traditional Chinese, Japanese, and Korean
|
||||||
* [a Korean parser](https://github.com/i0seph/textsearch_ko) based on mecab
|
* [a Korean parser](https://github.com/i0seph/textsearch_ko) based on mecab
|
||||||
|
@ -37,6 +37,6 @@ Check output of the query, and see if it matches your expectation.
|
||||||
Note: index update may take a while, and it can be done while the instance is up and running, so you may restart db connection as soon as you see `Recreate index` in task output.
|
Note: index update may take a while, and it can be done while the instance is up and running, so you may restart db connection as soon as you see `Recreate index` in task output.
|
||||||
|
|
||||||
## Restart database connection
|
## Restart database connection
|
||||||
Since some changes above will only apply with a new database connection, you will have to restart either Pleroma or PostgreSQL process, or use `pg_terminate_backend` SQL command without restarting either.
|
Since some changes above will only apply with a new database connection, you will have to restart either Akkoma or PostgreSQL process, or use `pg_terminate_backend` SQL command without restarting either.
|
||||||
|
|
||||||
Now the search results of statuses should be much more friendly for your language of choice, the results for searching users and tags were not changed, as the default parsing/matching should work for most cases.
|
Now the search results of statuses should be much more friendly for your language of choice, the results for searching users and tags were not changed, as the default parsing/matching should work for most cases.
|
||||||
|
|
|
@ -43,11 +43,11 @@ Example of `styles.json` where we add our own `my-awesome-theme.json`
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
Now you'll already be able to select the theme in Pleroma FE from the drop-down. You don't need to restart Pleroma because we only changed static served files. You may need to refresh the page in your browser. You'll notice however that the theme doesn't have a name, it's just an empty entry in the drop-down.
|
Now you'll already be able to select the theme in Pleroma FE from the drop-down. You don't need to restart Akkoma because we only changed static served files. You may need to refresh the page in your browser. You'll notice however that the theme doesn't have a name, it's just an empty entry in the drop-down.
|
||||||
|
|
||||||
### Give the theme a name
|
### Give the theme a name
|
||||||
|
|
||||||
When you open one of the themes that ship with Pleroma, you'll notice that the json has a `"name"` key. Add a key-value pair to your theme where the key name is `"name"` and the value the name you want to give your theme. After this you can refresh te page in your browser and the name should be visible in the drop-down.
|
When you open one of the themes that ship with Akkoma, you'll notice that the json has a `"name"` key. Add a key-value pair to your theme where the key name is `"name"` and the value the name you want to give your theme. After this you can refresh te page in your browser and the name should be visible in the drop-down.
|
||||||
|
|
||||||
Example of `my-awesome-theme.json` where we add the name "My Awesome Theme"
|
Example of `my-awesome-theme.json` where we add the name "My Awesome Theme"
|
||||||
```json
|
```json
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# I2P Federation and Accessability
|
# I2P Federation and Accessability
|
||||||
|
|
||||||
This guide is going to focus on the Pleroma federation aspect. The actual installation is neatly explained in the official documentation, and more likely to remain up-to-date.
|
This guide is going to focus on the Akkoma federation aspect. The actual installation is neatly explained in the official documentation, and more likely to remain up-to-date.
|
||||||
It might be added to this guide if there will be a need for that.
|
It might be added to this guide if there will be a need for that.
|
||||||
|
|
||||||
We're going to use I2PD for its lightweightness over the official client.
|
We're going to use I2PD for its lightweightness over the official client.
|
||||||
|
@ -17,13 +17,13 @@ One using the config, and one using external software (fedproxy). The external s
|
||||||
|
|
||||||
**Warning:** So far, everytime I followed this way of federating using I2P, the rest of my federation stopped working. I'm leaving this here in case it will help with making it work.
|
**Warning:** So far, everytime I followed this way of federating using I2P, the rest of my federation stopped working. I'm leaving this here in case it will help with making it work.
|
||||||
|
|
||||||
Assuming you're running in prod, cd to your Pleroma folder and append the following to `config/prod.secret.exs`:
|
Assuming you're running in prod, cd to your Akkoma folder and append the following to `config/prod.secret.exs`:
|
||||||
```
|
```
|
||||||
config :pleroma, :http, proxy_url: {:socks5, :localhost, 4447}
|
config :pleroma, :http, proxy_url: {:socks5, :localhost, 4447}
|
||||||
```
|
```
|
||||||
And then run the following:
|
And then run the following:
|
||||||
```
|
```
|
||||||
su pleroma
|
su akkoma
|
||||||
MIX_ENV=prod mix deps.get
|
MIX_ENV=prod mix deps.get
|
||||||
MIX_ENV=prod mix ecto.migrate
|
MIX_ENV=prod mix ecto.migrate
|
||||||
exit
|
exit
|
||||||
|
@ -45,7 +45,7 @@ To use [fedproxy](https://github.com/majestrate/fedproxy) you'll need to install
|
||||||
```
|
```
|
||||||
apt install golang
|
apt install golang
|
||||||
```
|
```
|
||||||
Use a different user than pleroma or root. Run the following to add the Gopath to your ~/.bashrc.
|
Use a different user than akkoma or root. Run the following to add the Gopath to your ~/.bashrc.
|
||||||
```
|
```
|
||||||
echo "export GOPATH=/home/ren/.go" >> ~/.bashrc
|
echo "export GOPATH=/home/ren/.go" >> ~/.bashrc
|
||||||
```
|
```
|
||||||
|
@ -60,15 +60,15 @@ And then the following to start it for I2P only.
|
||||||
fedproxy 127.0.0.1:2000 127.0.0.1:4447
|
fedproxy 127.0.0.1:2000 127.0.0.1:4447
|
||||||
```
|
```
|
||||||
If you want to also use it for Tor, add `127.0.0.1:9050` to that command.
|
If you want to also use it for Tor, add `127.0.0.1:9050` to that command.
|
||||||
You'll also need to modify your Pleroma config.
|
You'll also need to modify your Akkoma config.
|
||||||
|
|
||||||
Assuming you're running in prod, cd to your Pleroma folder and append the following to `config/prod.secret.exs`:
|
Assuming you're running in prod, cd to your Akkoma folder and append the following to `config/prod.secret.exs`:
|
||||||
```
|
```
|
||||||
config :pleroma, :http, proxy_url: {:socks5, :localhost, 2000}
|
config :pleroma, :http, proxy_url: {:socks5, :localhost, 2000}
|
||||||
```
|
```
|
||||||
And then run the following:
|
And then run the following:
|
||||||
```
|
```
|
||||||
su pleroma
|
su akkoma
|
||||||
MIX_ENV=prod mix deps.get
|
MIX_ENV=prod mix deps.get
|
||||||
MIX_ENV=prod mix ecto.migrate
|
MIX_ENV=prod mix ecto.migrate
|
||||||
exit
|
exit
|
||||||
|
@ -89,11 +89,11 @@ Make your instance accessible using I2P.
|
||||||
|
|
||||||
Add the following to your I2PD config `/etc/i2pd/tunnels.conf`:
|
Add the following to your I2PD config `/etc/i2pd/tunnels.conf`:
|
||||||
```
|
```
|
||||||
[pleroma]
|
[akkoma]
|
||||||
type = http
|
type = http
|
||||||
host = 127.0.0.1
|
host = 127.0.0.1
|
||||||
port = 14447
|
port = 14447
|
||||||
keys = pleroma.dat
|
keys = akkoma.dat
|
||||||
```
|
```
|
||||||
Restart I2PD:
|
Restart I2PD:
|
||||||
```
|
```
|
||||||
|
@ -108,7 +108,7 @@ Or you'll need to access your web-console on localhost:7070.
|
||||||
If you don't have a GUI, you'll have to SSH tunnel into it like this:
|
If you don't have a GUI, you'll have to SSH tunnel into it like this:
|
||||||
`ssh -L 7070:127.0.0.1:7070 user@ip -p port`.
|
`ssh -L 7070:127.0.0.1:7070 user@ip -p port`.
|
||||||
Now you can access it at localhost:7070.
|
Now you can access it at localhost:7070.
|
||||||
Go to I2P tunnels page. Look for Server tunnels and you will see an address that ends with `.b32.i2p` next to "pleroma".
|
Go to I2P tunnels page. Look for Server tunnels and you will see an address that ends with `.b32.i2p` next to "akkoma".
|
||||||
This is your site's address.
|
This is your site's address.
|
||||||
|
|
||||||
### I2P-only Instance
|
### I2P-only Instance
|
||||||
|
@ -121,10 +121,10 @@ In addition to that, replace the existing nginx config's contents with the examp
|
||||||
|
|
||||||
### Existing Instance (Clearnet Instance)
|
### Existing Instance (Clearnet Instance)
|
||||||
|
|
||||||
If not an I2P-only instance, add the nginx config below to your existing config at `/etc/nginx/sites-enabled/pleroma.nginx`.
|
If not an I2P-only instance, add the nginx config below to your existing config at `/etc/nginx/sites-enabled/akkoma.nginx`.
|
||||||
|
|
||||||
And for both cases, disable CSP in Pleroma's config (STS is disabled by default) so you can define those yourself separately from the clearnet (if your instance is also on the clearnet).
|
And for both cases, disable CSP in Akkoma's config (STS is disabled by default) so you can define those yourself separately from the clearnet (if your instance is also on the clearnet).
|
||||||
Copy the following into the `config/prod.secret.exs` in your Pleroma folder (/home/pleroma/pleroma/):
|
Copy the following into the `config/prod.secret.exs` in your Akkoma folder (/home/akkoma/akkoma/):
|
||||||
```
|
```
|
||||||
config :pleroma, :http_security,
|
config :pleroma, :http_security,
|
||||||
enabled: false
|
enabled: false
|
||||||
|
@ -132,7 +132,7 @@ config :pleroma, :http_security,
|
||||||
|
|
||||||
Use this as the Nginx config:
|
Use this as the Nginx config:
|
||||||
```
|
```
|
||||||
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
|
proxy_cache_path /tmp/akkoma-media-cache levels=1:2 keys_zone=akkoma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
|
||||||
# The above already exists in a clearnet instance's config.
|
# The above already exists in a clearnet instance's config.
|
||||||
# If not, add it.
|
# If not, add it.
|
||||||
|
|
||||||
|
@ -173,7 +173,7 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
location /proxy {
|
location /proxy {
|
||||||
proxy_cache pleroma_media_cache;
|
proxy_cache akkoma_media_cache;
|
||||||
proxy_cache_lock on;
|
proxy_cache_lock on;
|
||||||
proxy_ignore_client_abort on;
|
proxy_ignore_client_abort on;
|
||||||
proxy_pass http://localhost:4000;
|
proxy_pass http://localhost:4000;
|
||||||
|
|
|
@ -11,7 +11,7 @@ Possible uses include:
|
||||||
* removing media from messages
|
* removing media from messages
|
||||||
* sending only public messages to a specific instance
|
* sending only public messages to a specific instance
|
||||||
|
|
||||||
The MRF provides user-configurable policies. The default policy is `NoOpPolicy`, which disables the MRF functionality. Pleroma also includes an easy to use policy called `SimplePolicy` which maps messages matching certain pre-defined criterion to actions built into the policy module.
|
The MRF provides user-configurable policies. The default policy is `NoOpPolicy`, which disables the MRF functionality. Akkoma also includes an easy to use policy called `SimplePolicy` which maps messages matching certain pre-defined criterion to actions built into the policy module.
|
||||||
|
|
||||||
It is possible to use multiple, active MRF policies at the same time.
|
It is possible to use multiple, active MRF policies at the same time.
|
||||||
|
|
||||||
|
@ -122,7 +122,7 @@ defmodule Pleroma.Web.ActivityPub.MRF.RewritePolicy do
|
||||||
end
|
end
|
||||||
```
|
```
|
||||||
|
|
||||||
If you save this file as `lib/pleroma/web/activity_pub/mrf/rewrite_policy.ex`, it will be included when you next rebuild Pleroma. You can enable it in the configuration like so:
|
If you save this file as `lib/pleroma/web/activity_pub/mrf/rewrite_policy.ex`, it will be included when you next rebuild Akkoma. You can enable it in the configuration like so:
|
||||||
|
|
||||||
```elixir
|
```elixir
|
||||||
config :pleroma, :mrf,
|
config :pleroma, :mrf,
|
||||||
|
@ -132,7 +132,7 @@ config :pleroma, :mrf,
|
||||||
]
|
]
|
||||||
```
|
```
|
||||||
|
|
||||||
Please note that the Pleroma developers consider custom MRF policy modules to fall under the purview of the AGPL. As such, you are obligated to release the sources to your custom MRF policy modules upon request.
|
Please note that the Akkoma developers consider custom MRF policy modules to fall under the purview of the AGPL. As such, you are obligated to release the sources to your custom MRF policy modules upon request.
|
||||||
|
|
||||||
### MRF policies descriptions
|
### MRF policies descriptions
|
||||||
|
|
||||||
|
|
|
@ -1,31 +1,22 @@
|
||||||
# Easy Onion Federation (Tor)
|
# Easy Onion Federation (Tor)
|
||||||
Tor can free people from the necessity of a domain, in addition to helping protect their privacy. As Pleroma's goal is to empower the people and let as many as possible host an instance with as little resources as possible, the ability to host an instance with a small, cheap computer like a RaspberryPi along with Tor, would be a great way to achieve that.
|
Tor can free people from the necessity of a domain, in addition to helping protect their privacy. As Akkoma's goal is to empower the people and let as many as possible host an instance with as little resources as possible, the ability to host an instance with a small, cheap computer like a Raspberry Pi along with Tor, would be a great way to achieve that.
|
||||||
In addition, federating with such instances will also help furthering that goal.
|
In addition, federating with such instances will also help furthering that goal.
|
||||||
|
|
||||||
This is a guide to show you how it can be easily done.
|
This is a guide to show you how it can be easily done.
|
||||||
|
|
||||||
This guide assumes you already got Pleroma working, and that it's running on the default port 4000.
|
This guide assumes you already got Akkoma working, and that it's running on the default port 4000.
|
||||||
Currently only has an Nginx example.
|
This guide also assumes you're using Nginx as the reverse proxy.
|
||||||
|
|
||||||
To install Tor on Debian / Ubuntu:
|
To install Tor on Debian / Ubuntu:
|
||||||
```
|
```
|
||||||
apt -yq install tor
|
apt -yq install tor
|
||||||
```
|
```
|
||||||
If using an old server version (older than Debian Stretch or Ubuntu 18.04), install from backports or PPA.
|
|
||||||
I recommend using a newer server version instead.
|
|
||||||
|
|
||||||
To have the newest, V3 onion addresses (which I recommend) in Debian, install Tor from backports.
|
|
||||||
If you do not have backports, uncomment the stretch-backports links at the end of `/etc/apt/sources.list`.
|
|
||||||
Then install:
|
|
||||||
```
|
|
||||||
apt update
|
|
||||||
apt -t stretch-backports -yq install tor
|
|
||||||
```
|
|
||||||
**WARNING:** Onion instances not using a Tor version supporting V3 addresses will not be able to federate with you.
|
**WARNING:** Onion instances not using a Tor version supporting V3 addresses will not be able to federate with you.
|
||||||
|
|
||||||
Create the hidden service for your Pleroma instance in `/etc/tor/torrc`:
|
Create the hidden service for your Akkoma instance in `/etc/tor/torrc`:
|
||||||
```
|
```
|
||||||
HiddenServiceDir /var/lib/tor/pleroma_hidden_service/
|
HiddenServiceDir /var/lib/tor/akkoma_hidden_service/
|
||||||
HiddenServicePort 80 127.0.0.1:8099
|
HiddenServicePort 80 127.0.0.1:8099
|
||||||
HiddenServiceVersion 3 # Remove if Tor version is below 0.3 ( tor --version )
|
HiddenServiceVersion 3 # Remove if Tor version is below 0.3 ( tor --version )
|
||||||
```
|
```
|
||||||
|
@ -35,28 +26,28 @@ systemctl restart tor@default.service
|
||||||
```
|
```
|
||||||
Get the address:
|
Get the address:
|
||||||
```
|
```
|
||||||
cat /var/lib/tor/pleroma_hidden_service/hostname
|
cat /var/lib/tor/akkoma_hidden_service/hostname
|
||||||
```
|
```
|
||||||
|
|
||||||
# Federation
|
# Federation
|
||||||
|
|
||||||
Next, edit your Pleroma config.
|
Next, edit your Akkoma config.
|
||||||
If running in prod, cd to your Pleroma directory, edit `config/prod.secret.exs`
|
If running in prod, navigate to your Akkoma directory, edit `config/prod.secret.exs`
|
||||||
and append this line:
|
and append this line:
|
||||||
```
|
```
|
||||||
config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}
|
config :pleroma, :http, proxy_url: {:socks5, :localhost, 9050}
|
||||||
```
|
```
|
||||||
In your Pleroma directory, assuming you're running prod,
|
In your Akkoma directory, assuming you're running prod,
|
||||||
run the following:
|
run the following:
|
||||||
```
|
```
|
||||||
su pleroma
|
su akkoma
|
||||||
MIX_ENV=prod mix deps.get
|
MIX_ENV=prod mix deps.get
|
||||||
MIX_ENV=prod mix ecto.migrate
|
MIX_ENV=prod mix ecto.migrate
|
||||||
exit
|
exit
|
||||||
```
|
```
|
||||||
restart Pleroma (if using systemd):
|
restart Akkoma (if using systemd):
|
||||||
```
|
```
|
||||||
systemctl restart pleroma
|
systemctl restart akkoma
|
||||||
```
|
```
|
||||||
|
|
||||||
# Tor Instance Access
|
# Tor Instance Access
|
||||||
|
@ -64,7 +55,7 @@ systemctl restart pleroma
|
||||||
Make your instance accessible using Tor.
|
Make your instance accessible using Tor.
|
||||||
|
|
||||||
## Tor-only Instance
|
## Tor-only Instance
|
||||||
If creating a Tor-only instance, open `config/prod.secret.exs` and under "config :pleroma, Pleroma.Web.Endpoint," edit "https" and "port: 443" to the following:
|
If creating a Tor-only instance, open `config/prod.secret.exs` and under "config :pleroma, Akkoma.Web.Endpoint," edit "https" and "port: 443" to the following:
|
||||||
```
|
```
|
||||||
url: [host: "onionaddress", scheme: "http", port: 80],
|
url: [host: "onionaddress", scheme: "http", port: 80],
|
||||||
```
|
```
|
||||||
|
@ -72,11 +63,11 @@ In addition to that, replace the existing nginx config's contents with the examp
|
||||||
|
|
||||||
## Existing Instance (Clearnet Instance)
|
## Existing Instance (Clearnet Instance)
|
||||||
If not a Tor-only instance,
|
If not a Tor-only instance,
|
||||||
add the nginx config below to your existing config at `/etc/nginx/sites-enabled/pleroma.nginx`.
|
add the nginx config below to your existing config at `/etc/nginx/sites-enabled/akkoma.nginx`.
|
||||||
|
|
||||||
---
|
---
|
||||||
For both cases, disable CSP in Pleroma's config (STS is disabled by default) so you can define those yourself separately from the clearnet (if your instance is also on the clearnet).
|
For both cases, disable CSP in Akkoma's config (STS is disabled by default) so you can define those yourself separately from the clearnet (if your instance is also on the clearnet).
|
||||||
Copy the following into the `config/prod.secret.exs` in your Pleroma folder (/home/pleroma/pleroma/):
|
Copy the following into the `config/prod.secret.exs` in your Akkoma folder (/home/akkoma/akkoma/):
|
||||||
```
|
```
|
||||||
config :pleroma, :http_security,
|
config :pleroma, :http_security,
|
||||||
enabled: false
|
enabled: false
|
||||||
|
@ -84,7 +75,7 @@ config :pleroma, :http_security,
|
||||||
|
|
||||||
Use this as the Nginx config:
|
Use this as the Nginx config:
|
||||||
```
|
```
|
||||||
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
|
proxy_cache_path /tmp/akkoma-media-cache levels=1:2 keys_zone=akkoma_media_cache:10m max_size=10g inactive=720m use_temp_path=off;
|
||||||
# The above already exists in a clearnet instance's config.
|
# The above already exists in a clearnet instance's config.
|
||||||
# If not, add it.
|
# If not, add it.
|
||||||
|
|
||||||
|
@ -125,7 +116,7 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
location /proxy {
|
location /proxy {
|
||||||
proxy_cache pleroma_media_cache;
|
proxy_cache akkoma_media_cache;
|
||||||
proxy_cache_lock on;
|
proxy_cache_lock on;
|
||||||
proxy_ignore_client_abort on;
|
proxy_ignore_client_abort on;
|
||||||
proxy_pass http://localhost:4000;
|
proxy_pass http://localhost:4000;
|
||||||
|
@ -143,17 +134,17 @@ You should now be able to both access your instance using Tor and federate with
|
||||||
|
|
||||||
### Possible Issues
|
### Possible Issues
|
||||||
|
|
||||||
* In Debian, make sure your hidden service folder `/var/lib/tor/pleroma_hidden_service/` and its contents, has debian-tor as both owner and group by using
|
* In Debian, make sure your hidden service folder `/var/lib/tor/akkoma_hidden_service/` and its contents, has debian-tor as both owner and group by using
|
||||||
```
|
```
|
||||||
ls -la /var/lib/tor/
|
ls -la /var/lib/tor/
|
||||||
```
|
```
|
||||||
If it's not, run:
|
If it's not, run:
|
||||||
```
|
```
|
||||||
chown -R debian-tor:debian-tor /var/lib/tor/pleroma_hidden_service/
|
chown -R debian-tor:debian-tor /var/lib/tor/akkoma_hidden_service/
|
||||||
```
|
```
|
||||||
* Make sure *only* the owner has *only* read and write permissions.
|
* Make sure *only* the owner has *only* read and write permissions.
|
||||||
If not, run:
|
If not, run:
|
||||||
```
|
```
|
||||||
chmod -R 600 /var/lib/tor/pleroma_hidden_service/
|
chmod -R 600 /var/lib/tor/akkoma_hidden_service/
|
||||||
```
|
```
|
||||||
* If you have trouble logging in to the Mastodon Frontend when using Tor, use the Tor Browser Bundle.
|
* If you have trouble logging in to the Mastodon Frontend when using Tor, use the Tor Browser Bundle.
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
# Optimizing the BEAM
|
# Optimizing the BEAM
|
||||||
|
|
||||||
Pleroma is built upon the Erlang/OTP VM known as BEAM. The BEAM VM is highly optimized for latency, but this has drawbacks in environments without dedicated hardware. One of the tricks used by the BEAM VM is [busy waiting](https://en.wikipedia.org/wiki/Busy_waiting). This allows the application to pretend to be busy working so the OS kernel does not pause the application process and switch to another process waiting for the CPU to execute its workload. It does this by spinning for a period of time which inflates the apparent CPU usage of the application so it is immediately ready to execute another task. This can be observed with utilities like **top(1)** which will show consistently high CPU usage for the process. Switching between procesess is a rather expensive operation and also clears CPU caches further affecting latency and performance. The goal of busy waiting is to avoid this penalty.
|
Akkoma is built upon the Erlang/OTP VM known as BEAM. The BEAM VM is highly optimized for latency, but this has drawbacks in environments without dedicated hardware. One of the tricks used by the BEAM VM is [busy waiting](https://en.wikipedia.org/wiki/Busy_waiting). This allows the application to pretend to be busy working so the OS kernel does not pause the application process and switch to another process waiting for the CPU to execute its workload. It does this by spinning for a period of time which inflates the apparent CPU usage of the application so it is immediately ready to execute another task. This can be observed with utilities like **top(1)** which will show consistently high CPU usage for the process. Switching between procesess is a rather expensive operation and also clears CPU caches further affecting latency and performance. The goal of busy waiting is to avoid this penalty.
|
||||||
|
|
||||||
This strategy is very successful in making a performant and responsive application, but is not desirable on Virtual Machines or hardware with few CPU cores. Pleroma instances are often deployed on the same server as the required PostgreSQL database which can lead to situations where the Pleroma application is holding the CPU in a busy-wait loop and as a result the database cannot process requests in a timely manner. The fewer CPUs available, the more this problem is exacerbated. The latency is further amplified by the OS being installed on a Virtual Machine as the Hypervisor uses CPU time-slicing to pause the entire OS and switch between other tasks.
|
This strategy is very successful in making a performant and responsive application, but is not desirable on Virtual Machines or hardware with few CPU cores. Akkoma instances are often deployed on the same server as the required PostgreSQL database which can lead to situations where the Akkoma application is holding the CPU in a busy-wait loop and as a result the database cannot process requests in a timely manner. The fewer CPUs available, the more this problem is exacerbated. The latency is further amplified by the OS being installed on a Virtual Machine as the Hypervisor uses CPU time-slicing to pause the entire OS and switch between other tasks.
|
||||||
|
|
||||||
More adventurous admins can be creative with CPU affinity (e.g., *taskset* for Linux and *cpuset* on FreeBSD) to pin processes to specific CPUs and eliminate much of this contention. The most important advice is to run as few processes as possible on your server to achieve the best performance. Even idle background processes can occasionally create [software interrupts](https://en.wikipedia.org/wiki/Interrupt) and take attention away from the executing process creating latency spikes and invalidation of the CPU caches as they must be cleared when switching between processes for security.
|
More adventurous admins can be creative with CPU affinity (e.g., *taskset* for Linux and *cpuset* on FreeBSD) to pin processes to specific CPUs and eliminate much of this contention. The most important advice is to run as few processes as possible on your server to achieve the best performance. Even idle background processes can occasionally create [software interrupts](https://en.wikipedia.org/wiki/Interrupt) and take attention away from the executing process creating latency spikes and invalidation of the CPU caches as they must be cleared when switching between processes for security.
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@ Please only change these settings if you are experiencing issues or really know
|
||||||
|
|
||||||
Tuning the BEAM requires you provide a config file normally called [vm.args](http://erlang.org/doc/man/erl.html#emulator-flags). If you are using systemd to manage the service you can modify the unit file as such:
|
Tuning the BEAM requires you provide a config file normally called [vm.args](http://erlang.org/doc/man/erl.html#emulator-flags). If you are using systemd to manage the service you can modify the unit file as such:
|
||||||
|
|
||||||
`ExecStart=/usr/bin/elixir --erl '-args_file /opt/pleroma/config/vm.args' -S /usr/bin/mix phx.server`
|
`ExecStart=/usr/bin/elixir --erl '-args_file /opt/akkoma/config/vm.args' -S /usr/bin/mix phx.server`
|
||||||
|
|
||||||
Check your OS documentation to adopt a similar strategy on other platforms.
|
Check your OS documentation to adopt a similar strategy on other platforms.
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Optimizing PostgreSQL performance
|
# Optimizing PostgreSQL performance
|
||||||
|
|
||||||
Pleroma performance is largely dependent on performance of the underlying database. Better performance can be achieved by adjusting a few settings.
|
Akkoma performance is largely dependent on performance of the underlying database. Better performance can be achieved by adjusting a few settings.
|
||||||
|
|
||||||
## PGTune
|
## PGTune
|
||||||
|
|
||||||
|
@ -10,10 +10,10 @@ Pleroma performance is largely dependent on performance of the underlying databa
|
||||||
|
|
||||||
When PostgreSQL receives a query, it decides on a strategy for searching the requested data, this is called a query plan. The query planner has two modes: generic and custom. Generic makes a plan for all queries of the same shape, ignoring the parameters, which is then cached and reused. Custom, on the contrary, generates a unique query plan based on query parameters.
|
When PostgreSQL receives a query, it decides on a strategy for searching the requested data, this is called a query plan. The query planner has two modes: generic and custom. Generic makes a plan for all queries of the same shape, ignoring the parameters, which is then cached and reused. Custom, on the contrary, generates a unique query plan based on query parameters.
|
||||||
|
|
||||||
By default PostgreSQL has an algorithm to decide which mode is more efficient for particular query, however this algorithm has been observed to be wrong on some of the queries Pleroma sends, leading to serious performance loss. Therefore, it is recommended to disable generic mode.
|
By default PostgreSQL has an algorithm to decide which mode is more efficient for particular query, however this algorithm has been observed to be wrong on some of the queries Akkoma sends, leading to serious performance loss. Therefore, it is recommended to disable generic mode.
|
||||||
|
|
||||||
|
|
||||||
Pleroma already avoids generic query plans by default, however the method it uses is not the most efficient because it needs to be compatible with all supported PostgreSQL versions. For PostgreSQL 12 and higher additional performance can be gained by adding the following to Pleroma configuration:
|
Akkoma already avoids generic query plans by default, however the method it uses is not the most efficient because it needs to be compatible with all supported PostgreSQL versions. For PostgreSQL 12 and higher additional performance can be gained by adding the following to Akkoma configuration:
|
||||||
```elixir
|
```elixir
|
||||||
config :pleroma, Pleroma.Repo,
|
config :pleroma, Pleroma.Repo,
|
||||||
prepare: :named,
|
prepare: :named,
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
# Static Directory
|
# Static Directory
|
||||||
|
|
||||||
Static frontend files are shipped with pleroma. If you want to overwrite or update these without problems during upgrades, you can write your custom versions to the static directory.
|
Static frontend files are shipped with Akkoma. If you want to overwrite or update these without problems during upgrades, you can write your custom versions to the static directory.
|
||||||
|
|
||||||
You can find the location of the static directory in the [configuration](../cheatsheet/#instance).
|
You can find the location of the static directory in the [configuration](../cheatsheet/#instance).
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ You can find the location of the static directory in the [configuration](../chea
|
||||||
|
|
||||||
```elixir
|
```elixir
|
||||||
config :pleroma, :instance,
|
config :pleroma, :instance,
|
||||||
static_dir: "/var/lib/pleroma/static/"
|
static_dir: "/var/lib/akkoma/static/"
|
||||||
```
|
```
|
||||||
|
|
||||||
=== "From Source"
|
=== "From Source"
|
||||||
|
@ -53,7 +53,7 @@ Create and Edit your file at `$static_dir/instance/panel.html`.
|
||||||
|
|
||||||
## Background
|
## Background
|
||||||
|
|
||||||
You can change the background of your Pleroma instance by uploading it to `$static_dir/`, and then changing `background` in [your configuration](../cheatsheet/#frontend_configurations) accordingly.
|
You can change the background of your Akkoma instance by uploading it to `$static_dir/`, and then changing `background` in [your configuration](../cheatsheet/#frontend_configurations) accordingly.
|
||||||
|
|
||||||
E.g. if you put `$static_dir/images/background.jpg`
|
E.g. if you put `$static_dir/images/background.jpg`
|
||||||
|
|
||||||
|
|
|
@ -1,17 +1,17 @@
|
||||||
# Storing Remote Media
|
# Storing Remote Media
|
||||||
|
|
||||||
Pleroma does not store remote/federated media by default. The best way to achieve this is to change Nginx to keep its reverse proxy cache
|
Akkoma does not store remote/federated media by default. The best way to achieve this is to change Nginx to keep its reverse proxy cache
|
||||||
for a year and to activate the `MediaProxyWarmingPolicy` MRF policy in Pleroma which will automatically fetch all media through the proxy
|
for a year and to activate the `MediaProxyWarmingPolicy` MRF policy in Akkoma which will automatically fetch all media through the proxy
|
||||||
as soon as the post is received by your instance.
|
as soon as the post is received by your instance.
|
||||||
|
|
||||||
## Nginx
|
## Nginx
|
||||||
|
|
||||||
```
|
```
|
||||||
proxy_cache_path /long/term/storage/path/pleroma-media-cache levels=1:2
|
proxy_cache_path /long/term/storage/path/akkoma-media-cache levels=1:2
|
||||||
keys_zone=pleroma_media_cache:10m inactive=1y use_temp_path=off;
|
keys_zone=akkoma_media_cache:10m inactive=1y use_temp_path=off;
|
||||||
|
|
||||||
location ~ ^/(media|proxy) {
|
location ~ ^/(media|proxy) {
|
||||||
proxy_cache pleroma_media_cache;
|
proxy_cache akkoma_media_cache;
|
||||||
slice 1m;
|
slice 1m;
|
||||||
proxy_cache_key $host$uri$is_args$args$slice_range;
|
proxy_cache_key $host$uri$is_args$args$slice_range;
|
||||||
proxy_set_header Range $slice_range;
|
proxy_set_header Range $slice_range;
|
||||||
|
@ -28,7 +28,7 @@ as soon as the post is received by your instance.
|
||||||
}
|
}
|
||||||
```
|
```
|
||||||
|
|
||||||
## Pleroma
|
## Akkoma
|
||||||
|
|
||||||
Add to your `prod.secret.exs`:
|
Add to your `prod.secret.exs`:
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue