|
|
Line 1: |
Line 1: |
| == Install the Diaspora Software Ensemble on Your Computer ==
| | #REDIRECT [[Installation]] |
| You can find instructions for installing Diaspora on your computer [[Installation|here]]. Be sure to install it within a directory tree to which nginx will have access (e.g., /usr/share/nginx). Once you've correctly installed Diaspora and started it up, you should have a thin app server listening at localhost:3000. If you put that address in your web browser's navigation bar, you should see a log-in screen. (Don't create an account yet, or it'll have an improper address, e.g., you@localhost:3000.)
| |
| | |
| == Choose Your Pod's Name ==
| |
| What will you call your pod? This how-to assumes you're going to call it diaspora.[yourdomain].net. Later, we'll show you how to actually create the domain [yourdomain].net (of which diaspora.[yourdomain].net will be a subdomain). But for now, just choose a name that will be the internet address for your pod.
| |
| | |
| == Install the nginx Web Server Software on Your Computer ==
| |
| Although you can run Diaspora without a web server (see Section 8 below), this isn't recommended. You won't have SSL, so other pods that require SSL connections won't be able to connect with your pod.
| |
| | |
| The preferred web server is nginx. You can get it with yum, rpm or apt, but try to download the latest version, because this how-to is based on it. Once you've installed nginx, you should be able to start it right away by typing, as root or sudo, in a teminal:
| |
| | |
| <pre>service nginx start</pre>
| |
| | |
| This should return "[ok]". And if you type localhost:80 in your web browser's navigation bar, you should get an nginx html page.
| |
| | |
| Now you have to edit the nginx configuration files for your particular setup. Once you've installed nginx, find its configuration files by typing, in a terminal, as root or sudo:
| |
| | |
| <pre>whereis nginx</pre>
| |
| | |
| On Fedora 16, you'll find the nginx configuration files at /etc/nginx and /etc/nginx/conf.d.
| |
| | |
| As a guide, here's my working, edited /etc/nginx/nginx.conf file:
| |
| | |
| <pre>
| |
| user nginx;
| |
| worker_processes 1;
| |
| error_log /var/log/nginx/error.log;
| |
| pid /var/run/nginx.pid;
| |
| | |
| events {
| |
| worker_connections 1024;
| |
| }
| |
| | |
| http {
| |
| | |
| include /etc/nginx/mime.types;
| |
| | |
| default_type application/octet-stream;
| |
| log_format main '$remote_addr - $remote_user [$time_local] $status '
| |
| '"$request" $body_bytes_sent "$http_referer" '
| |
| '"$http_user_agent" "$http_x_forwarded_for"';
| |
| access_log /var/log/nginx/access.log main;
| |
| sendfile on;
| |
| keepalive_timeout 65;
| |
| gzip on;
| |
| gzip_http_version 1.0;
| |
| gzip_comp_level 2;
| |
| gzip_proxied any;
| |
| gzip_buffers 16 8k;
| |
| gzip_types text/plain text/css application/x-javascript text/xml application
| |
| /xml+rss text/javascript;
| |
| gzip_disable "MSIE [1-6]\.(?!.*SV1)";
| |
| | |
| server {
| |
| listen 80;
| |
| server_name diaspora.[yourdomainname].net www.diaspora.[yourdomainname].net;
| |
| access_log /var/log/nginx/access80.log main;
| |
| | |
| location / {
| |
| rewrite ^(.*) https://diaspora.[yourdomainname].net$1 permanent;
| |
| }
| |
| | |
| location /uploads/images {
| |
| expires 1d;
| |
| add_header Cache-Control public;
| |
| }
| |
| | |
| location /assets {
| |
| expires 1d;
| |
| add_header Cache-Control public;
| |
| }
| |
| }
| |
| | |
| upstream thin_server {
| |
| server 127.0.0.1:3000;
| |
| }
| |
| | |
| server {
| |
| listen 443;
| |
| server_name diaspora.[yourdomainname].net www.diaspora.[yourdomainname].net;
| |
| access_log /var/log/nginx/access443.log main;
| |
| root /[path to your diaspora public directory]/public;
| |
| | |
| ssl on;
| |
| ssl_certificate /[path to your ssl cert]/ssl.crt;
| |
| ssl_certificate_key /[path to your ssl key]/ssl.key;
| |
| ssl_session_cache shared:SSL:10m;
| |
| ssl_session_timeout 5m;
| |
| ssl_protocols TLSv1;
| |
| ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
| |
| ssl_prefer_server_ciphers on;
| |
| add_header Strict-Transport-Security max-age=500;
| |
| ssl_ecdh_curve secp521r1;
| |
| | |
| location / {
| |
| proxy_set_header X-Real-IP $remote_addr;
| |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
| |
| proxy_set_header Host $http_host;
| |
| proxy_set_header X-Forwarded-Proto https;
| |
| proxy_redirect off;
| |
| client_max_body_size 4M;
| |
| client_body_buffer_size 128K;
| |
| proxy_pass http://thin_server;
| |
| }
| |
| | |
| location ~ ^/(images|javascripts|assets|stylesheets|uploads)/ {
| |
| root /[path to your diaspora public directory]/public;
| |
| expires 1d;
| |
| add_header Cache-Control public;
| |
| }
| |
| | |
| location /uploads/images/ {
| |
| expires 1d;
| |
| add_header Cache-Control public;
| |
| }
| |
| | |
| location /assets {
| |
| expires 1d;
| |
| add_header Cache-Control public;
| |
| }
| |
| | |
| }
| |
| }
| |
| </pre>
| |
| | |
| Once you've finished editing /etc/nginx/nginx.conf, restart the server by typing, in a terminal, as root or sudo:
| |
| | |
| <pre>service nginx restart</pre>
| |
| | |
| At this point, you should have the Diaspora thin app server listening on localhost:3000 and the nginx web server listening on localhost:80, which upgrades to localhost:443, which proxies to the app server at localhost:3000.
| |
| | |
| But the nginx webserver is not visible to the internet yet, because it is likely hidden behind NAT IP addresses assigned by your ISP and your local area network. That is to say, your nginx webserver's IP address likely is something like 192.168.2.6:443, which is not an address reachable from other computers on the internet. [http://pagekite.net/ Pagekite] is a simple way to make the nginx webserver visible to the internet. Here's how (substitute your particulars for the examples in the brackets below):
| |
| | |
| == Create a Domain Name ==
| |
| Go to name.com, register.com, or the like, and register a domain matching what you chose in Step 2 above. For example, [yourdomain].net.
| |
| | |
| == Create a Pagekite Account ==
| |
| Open an account at Pagekite, and create a pagekite, for example, [yourname].pagekite.me. Download the pagekite software and install it. Make note of where the configuration files are located on your computer afterward. For example, on Fedora 16 linux, the configuration files may be found at /etc/pagekite.d/.
| |
| | |
| == Create a CNAME Record ==
| |
| Go back to your domain registrar, log in to your domain name account, and create a CNAME record that points to your pagekite. For example, create the CNAME diaspora.[yourdomain].net, and point it to [yourname].pagekite.me. Your domain registrar will have instructions on how to do this. The process will vary by domain registrar.
| |
| | |
| == Get an SSL Cert and SSL Key for Your Subdomain ==
| |
| For SSL to work for nginx at port 443, you need an SSL cert. You can get one free at [http://www.startssl.com/ StartSSL.com]. Many domain registrars can do it for you too. Make sure it matches the CNAME you've created, e.g., diaspora.[yourdomain].net. Once you've installed your SSL certificate and key, and any intermediate CA certs you need, make sure that the SSL location info lines in /etc/nginx/nginx.confoint to the location of the cert and key.
| |
| | |
| == Edit the Pagekite Configuration Files ==
| |
| Now you want to direct the CNAME you created, diaspora.[yourdomain].net, through your [yourname].pagekite.me kite, to your local computer, where your nginx webserver is listening at ports 80 and 443. Using a text editor, edit your pagekite configuration files as follows. The file /etc/pagekite.d/10_account.rc should contain the following values:
| |
| | |
| <pre>
| |
| kitename=diaspora.[yourdomain].net
| |
| | |
| kitesecret=[your account secret from your pagekite account]
| |
| </pre>
| |
| | |
| The file /etc/pagekite.d/80_httpd.rc should contain the following:
| |
| | |
| <pre>
| |
| backend=http:[yourname].pagekite.me:localhost:80:@kitesecret
| |
| | |
| backend=https:[yourname].pagekite.me:localhost:443:@kitesecret
| |
| | |
| backend=http:@kitename:localhost:80:@kitesecret
| |
| | |
| backend=https:@kitename:localhost:443:@kitesecret
| |
| </pre>
| |
| | |
| Note: If you're having problems with nginx. While you figure the problem out, you can direct pagekite directly to the thin server listening at localhost:3000 with the following 80_httpd.rc config:
| |
| | |
| <pre>
| |
| backend=http:[yourname].pagekite.me:localhost:3000:@kitesecret
| |
| | |
| backend=http:@kitename:localhost:3000:@kitesecret
| |
| </pre>
| |
| | |
| == Test ==
| |
| Provided Diaspora and nginx are running, you can now start pagekite, by typing, as root or sudo, in a terminal:
| |
| <pre>service pagekite start</pre>
| |
| After a minute or so, you should be able to find your Diaspora login screen in a browser window at https://diaspora.[yourdomain].net. Now you can create an account, or log in if you already have one.
| |
| | |
| == Relocating Your Pod ==
| |
| If you change local network locations (for example, you take the laptop hosting your pod to an internet cafe), Pagekite will update your DNS settings automatically.
| |
| | |
| OK? Good luck. Hope to see you on Diaspora. (Oh, one last thing: operating a web server may violate your internet service provider's service terms and conditions. If you're concerned about that, review your service agreement.)
| |
| | |
| [[Category:Podmin]]
| |
| [[Category:Installation]]
| |
| [[Category:Github transfer done]]
| |