2017-04-29  mastodon  web  nginx  ssh  dns  domain  sakura  vps 

さくらVPSでマストドンインスタンスを立てたときのメモ

はじめに

マストドン(Mastodon)インスタンスを立てたときの個人的なメモです。 説明はあまり書いていません。手順を飛ばしているところもあります。

ユーザが一人しかいない、いわゆる「おひとりさまマストドンインスタンス」です。

フォロー歓迎ですが、実験的にやっているので消えるかもしれません。

実際はHerokuからさくらVPSへのお引っ越しになります。

環境

参照

さくらVPS

CentOS 7セットアップ

セキュリティ設定

[remote] $ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
[remote] $ sudo vi /etc/ssh/sshd_config
[remote] $ sudo vi /etc/services
[remote] $ sudo vi /usr/lib/firewalld/services/ssh.xml
[remote] $ sudo systemctl restart sshd

sshdポート番号の変更

[remote] $ sudo firewall-cmd --add-service=http
[remote] $ sudo firewall-cmd --permanent --add-service=http
[remote] $ sudo firewall-cmd --add-port=10XXX/tcp
[remote] $ sudo firewall-cmd --permanent --add-port=10XXX/tcp
[remote] $ sudo firewall-cmd --list-services # => dhcpv6-client http ssh
[remote] $ sudo firewall-cmd --list-ports # => 10XXX/tcp
[remote] $ sudo vi /etc/ssh/sshd_config
[remote] $ sudo vi /usr/lib/firewalld/services/ssh.xml
[remote] $ sudo systemctl restart sshd

ローカルマシンで~/.ssh/configを設定して、ポート番号変更したものに名前を付けておくと便利。

[local] $ cat ~/.ssh/config
Host remotesakura
    HostName xx.xx.xx.xx
    User alice
        Port 10xxx
    IdentityFile ~/.ssh/id_rsa.remotesakura
[local] $ ssh alice@remotesakura

準備

[remote] $ sudo yum -y install wget
[remote] $ sudo yum -y groupinstall base
[remote] $ sudo yum -y install zlib-devel
[remote] $ sudo yum install -y readline-devel
[remote] $ sudo yum update

nginx

※これ普通に sudo yum install nginx じゃだめなのかな。

[remote] $ sudo yum install http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm
[remote] $ sudo yum -y install --enablerepo=nginx nginx
[remote] $ sudo systemctl start nginx
[remote] $ sudo systemctl enable nginx
[remote] $ sudo service nginx start
[remote] $ sudo nginx -t
[remote] $ sudo nginx -s reload
[local] $ (ブラウザで http://xxx.xxx.xxx.xxx を見る)
[remote] $ sudo nginx -s stop

Docker

[remote] $ sudo vim /etc/yum.repos.d/docker.repo
[remote] $ sudo cat /etc/yum.repos.d/docker.repo
[dockerrepo]
name=Docker Repository
baseurl=https://yum.dockerproject.org/repo/main/centos/$releasever/
enabled=1
gpgcheck=1
gpgkey=https://yum.dockerproject.org/gpg
[remote] $ sudo yum install docker-engine
[remote] $ sudo systemctl start docker
[remote] $ sudo systemctl enable docker
[local] $ open -a safari https://github.com/docker/compose/blob/master/CHANGELOG.md # バージョンチェック
[remote] $ sudo -s
[remote] # sudo curl -L "https://github.com/docker/compose/releases/download/1.12.0/docker-compose-$(uname -s)-$(uname -m)" > /usr/bin/docker-compose
[remote] # exit
[remote] $ sudo chmod +x /usr/bin/docker-compose
[remote] $ sudo systemctl start docker
[remote] $ sudo usermod -aG docker USERNAME

Mastodon

※rootで作業する必要なかったんじゃないかな。

/opt/mastodon に展開してるけど、他でもいいはず

[remote] $ sudo -s
[remote] # cd /opt
[remote] # git clone https://github.com/tootsuite/mastodon.git
[remote] # cd mastodon
[remote] # git checkout $(git tag | tail -n 1)

↑で'detached HEAD'にしてるけどその必要あるのかな。

[remote] # cp .env.production.sample .env.production
[remote] # vi docker-compose.yml
  # snip...
  db:
    restart: always
    image: postgres:alpine
### Uncomment to enable DB persistance
    volumes:
      - ./postgres:/var/lib/postgresql/data

  redis:
    restart: always
    image: redis:alpine
### Uncomment to enable REDIS persistance
    volumes:
      - ./redis:/data 

  # snip...
[remote] # docker-compose pull
(時間かかる)
[remote] $ sudo -s
[remote] # cd /opt/mastodon
[remote] # docker-compose build
[remote] # docker-compose run --rm web rake secret
[remote] # docker-compose run --rm web rake secret
[remote] # docker-compose run --rm web rake secret
[remote] # vim .env.production

DB_PASS=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

[remote] # docker-compose up -d
[remote] # docker exec -it mastodon_db_1 bash
(ここでdockerに入った)
[remote] # su - postgres
[remote] $ createuser -P bobby
 Enter password for new role: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
 Enter it again: yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
[remote] $ createdb caster -O bobby
[remote] $ exit
[remote] # exit
(ここでdockerから出た)
[remote] # docker-compose run --rm web rails db:migrate
[remote] # docker-compose run --rm web rails assets:precompile
[remote] # docker stop $(docker ps -a -q) && docker-compose up -d
[remote] # docker-compose stop
[remote] # cd /opt
[remote] # git clone https://github.com/certbot/certbot
[remote] # systemctl stop nginx
[remote] # sudo firewall-cmd --add-port=443/tcp
[remote] # sudo firewall-cmd --permanent --add-port=443/tcp
[remote] # cd /opt/certbot
[remote] # ./certbot-auto certonly --standalone -d mastodon.example.com
[remote] # mkdir /etc/nginx/ssl
[remote] # cd /etc/nginx/ssl
[remote] # openssl dhparam 2048 -out dhparam.pem
[remote] # cd /opt/mastodon
[remote] # docker-compose up -d
[remote] # systemctl restart nginx
[remote] # systemctl status nginx
[remote] $ sudo firewall-cmd --permanent --add-service=https
[remote] $ sudo service firewalld restart
[remote] $ sudo systemctl restart nginx
[remote] # vim /etc/nginx/conf.d/mastodon.example.com.conf
[remote] # systemctl restart nginx

管理者になる

[remote] # cd /opt/mastodon
[remote] # docker-compose run --rm web rails mastodon:make_admin USERNAME=alice

シングルユーザに

[remote] # cd /opt/mastodon
[remote] # vim .env.production
[remote] # grep SINGLE_USER_MODE .env.production
SINGLE_USER_MODE=true
[remote] # docker stop $(docker ps -a -q) && docker-compose up -d
[remote] # systemctl restart nginx

毎日のメンテ

[remote] # crontab -e
@daily cd /opt/mastodon && docker-compose run --rm web rails mastodon:daily

タスク一覧

[remote] # docker-compose run --rm web rails rake -T

Docker停止と起動

※↓もう少し簡単にできる

[remote] # sudo docker stop $(docker ps -a -q)
[remote] # cd /opt/mastodon
[remote] # sudo docker-compose up -d

最新版pull

[remote] # cd /opt/mastodon
[remote] # git pull origin master
[remote] # docker-compose build

このあたりまだ理解してないけどメモ

[remote] # git diff $(git describe --tags `git rev-list --tags --max-count=1`)
[remote] # git checkout $(git describe --tags `git rev-list --tags --max-count=1`)
[remote] # git pull $(git describe --tags `git rev-list --tags --max-count=1`)

メモ

docker-compose build
docker-compose start
docker-compose stop
注意!  docker-compose downは要注意

(別の話題)自分のマストドンを本家に追従させる

[local] $ git clone git@github.com:hyuki0000/mastodon.git
[local] $ cd mastodon/
[local] $ git branch -a
[local] $ git remote add upstream git://github.com/tootsuite/mastodon
[local] $ git fetch upstream
[local] $ git merge upstream/master
[local] $ git status
[local] $ git push

(別の話題)nginxでカスタムエラーページ

sudo docker stop $(docker ps -a -q)
vi /etc/nginx/conf.d/mastodon.example.com.conf
vi /opt/nginx/html/custom_error_page.html
sudo systemctl restart nginx
 2017-04-29  mastodon  web  nginx  ssh  dns  domain  sakura  vps