User:CSammy/Installation/CentOS/6: Difference between revisions

From diaspora* project wiki
(Created page with "So, here are the steps I followed to get it up and running for CentOS 6.4. This is an entirely fresh/clean install of CentOS 6.4. Nothing else is running on this box, and th...")
 
(Remove Template:Languages for maintenance reasons)
 
(10 intermediate revisions by 7 users not shown)
Line 1: Line 1:
{{Note|This guide does not follow our preferred scheme, so don't be surprised if it's partly outdated or wrong}}
So, here are the steps I followed to get it up and running for CentOS 6.4.  This is an entirely fresh/clean install of CentOS 6.4.  Nothing else is running on this box, and this tutorial covers all that needs to be installed.
So, here are the steps I followed to get it up and running for CentOS 6.4.  This is an entirely fresh/clean install of CentOS 6.4.  Nothing else is running on this box, and this tutorial covers all that needs to be installed.


First step is to install CentOS 6.4 with the base/minimal install.  Please follow other instructions to do this if you don't know how.
First step is to install CentOS 6.4 with the base/minimal install.  Please follow other instructions to do this if you don't know how.


Perform an update to ensure you've got the latest of everything in the base package.
 
==== Perform an update to ensure you've got the latest of everything in the base package. ====
{{#tag: syntaxhighlight|
{{#tag: syntaxhighlight|
# yum update
yum update
|lang="bash"}}
|lang="bash"}}


Install wget so you can download a few things.
==== Install wget so you can download a few things. ====
# yum install wget
{{#tag: syntaxhighlight|
yum install wget
|lang="bash"}}


Allow yum to locate/install redis
==== Allow yum to locate/install redis, per this page here. ====
    per this page here. http://thoughts.z-dev.org/2013/05/27/install-redis-on-centos-6-4/
http://thoughts.z-dev.org/2013/05/27/install-redis-on-centos-6-4/
# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
{{#tag: syntaxhighlight|
# wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm"
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm"
|lang="bash"}}


Now, install all the prerequisites
==== Now, install all the prerequisites ====
# yum install tar make automake gcc gcc-c++ git net-tools libcurl-devel libxml2-devel libffi-devel libxslt-devel tcl redis ImageMagick npm mysql-server mysql-devel nginx libyaml libyaml-devel patch readline-devel libtool bison
{{#tag: syntaxhighlight|
yum install tar make automake gcc gcc-c++ git net-tools libcurl-devel libxml2-devel libffi-devel libxslt-devel tcl redis ImageMagick npm mysql-server mysql-devel nginx libyaml libyaml-devel patch readline-devel libtool bison
|lang="bash"}}


Enable and start MySQL
==== Enable and start MySQL ====
# chkconfig --level 3 mysqld on
{{#tag: syntaxhighlight|
# service mysqld start
chkconfig --level 3 mysqld on
service mysqld start
|lang="bash"}}


Secure your MySQL installation by setting a password. replace 'new-password' with your secure password.
==== Secure your MySQL installation by setting a password. replace 'new-password' with your secure password. ====
# mysqladmin -u root password 'new-password'
{{#tag: syntaxhighlight|
# mysqladmin -u root -h YourHost.YourDomain.com password 'new-password'
mysqladmin -u root password 'new-password'
mysqladmin -u root -h YourHost.YourDomain.com password 'new-password'
|lang="bash"}}


Open up the necessary firewall ports
==== Open up the necessary firewall ports ====
# vi /etc/sysconfig/iptables
{{#tag: syntaxhighlight|
vi /etc/sysconfig/iptables
   copy this line.
   copy this line.
     -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
     -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
Line 35: Line 49:
     -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
     -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
     -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
     -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
|lang="bash"}}


Restart the firewall
==== Restart the firewall ====
# service iptables restart
{{#tag: syntaxhighlight|
service iptables restart
|lang="bash"}}


Next, modify the nginx configuration based on this advice I found on here.
==== Configure Nginx ====
      https://github.com/diaspora/diaspora/wiki/Nginx-Configuration
Next, modify the nginx configuration based on this advice I found on here. https://github.com/diaspora/diaspora/wiki/Nginx-Configuration
Be sure to follow all the FIXME instructions, including replacing "example.com" with your domain name.  You may also need to create a key and csr to obtain a signed SSL certificate.  That part is not covered here.
Be sure to follow all the FIXME instructions, including replacing "example.com" with your domain name.  You may also need to create a key and csr to obtain a signed SSL certificate.  That part is not covered here.
# vi /etc/nginx/nginx.conf
{{#tag: syntaxhighlight|
vi /etc/nginx/nginx.conf
-- contents of nginx.conf --
-- contents of nginx.conf --


Line 49: Line 67:


events {
events {
worker_connections 1024;
    worker_connections 1024;
}
}


Line 58: Line 76:
http {
http {


include mime.types;
    include mime.types;
default_type application/octet-stream;
    default_type application/octet-stream;
sendfile on;
    sendfile on;
keepalive_timeout 65;
    keepalive_timeout 65;
gzip on;
    gzip on;
gzip_http_version 1.0;
    gzip_http_version 1.0;
gzip_comp_level 2;
    gzip_comp_level 2;
gzip_proxied any;
    gzip_proxied any;
gzip_buffers 16 8k;
    gzip_buffers 16 8k;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";


#
    #
# FIXME: If using thin app server, specify correct number of thin servers
    # FIXME: If using thin app server, specify correct number of thin servers
# below, otherwise comment out and replace with your own solution
    # below, otherwise comment out and replace with your own solution
#
    #
# In case of unicorn - master opens a unix domain socket
    # In case of unicorn - master opens a unix domain socket
#upstream unicorn {
    #upstream unicorn {
# server unix:/var/run/sockets/unicorn.sock;
    #     server unix:/var/run/sockets/unicorn.sock;
#}
    #}


upstream thin_cluster {
    upstream thin_cluster {
server localhost:3000;
        server localhost:3000;
}
    }


#
    #
# FIXME: specify correct value(s) for `server_name` directive and
    # FIXME: specify correct value(s) for `server_name` directive and
# correct domain name in the `rewrite` directive below
    # correct domain name in the `rewrite` directive below
#
    #
server {
    server {
listen 80;
        listen 80;
server_name example.com www.example.com;
        server_name example.com www.example.com;
rewrite ^(.*) https://example.com$1 permanent;
        rewrite ^(.*) https://example.com$1 permanent;
}
    }


#
    #
# FIXME: specify correct value(s) for `server_name` directive and
    # FIXME: specify correct value(s) for `server_name` directive and
# `ssl_certificate` + `ssl_certificate_key` directives below
    # `ssl_certificate` + `ssl_certificate_key` directives below
#
    #
server {
    server {
listen 443;
        listen 443;
server_name example.com www.example.com;
        server_name example.com www.example.com;
## make sure you change location if you did clone into /usr/local/app
        ## make sure you change location if you did clone into /usr/local/app
root /usr/local/app/diaspora/public;
        root /home/diaspora/diaspora/public;


ssl on;
        ssl on;
ssl_certificate /path/to/cert_location;
        ssl_certificate /path/to/cert_location;
ssl_certificate_key /path/to/key_location;
        ssl_certificate_key /path/to/key_location;
# enable better ssl security if you like to mitigate BEAST and other exploits
        # enable better ssl security if you like to mitigate BEAST and other exploits
#ssl_session_cache shared:SSL:10m;
        #ssl_session_cache shared:SSL:10m;
#ssl_session_timeout 5m;
        #ssl_session_timeout 5m;
#ssl_protocols TLSv1;
        #ssl_protocols TLSv1;
#ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
        #ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
#ssl_prefer_server_ciphers on;
        #ssl_prefer_server_ciphers on;
#add_header Strict-Transport-Security max-age=500;
        #add_header Strict-Transport-Security max-age=500;
#ssl_ecdh_curve secp521r1;
        #ssl_ecdh_curve secp521r1;


location /uploads/images {
        location /uploads/images {
expires 1d;
            expires 1d;
add_header Cache-Control public;
            add_header Cache-Control public;
}
        }
location /assets {
        location /assets {
expires 1d;
            expires 1d;
add_header Cache-Control public;
          add_header Cache-Control public;
}
        }


#
        #
# FIXME: modify the `rewrite` directive below to point to proper S3 bucket
        # FIXME: modify the `rewrite` directive below to point to proper S3 bucket
# and path or comment out if you will store images on local file system
        # and path or comment out if you will store images on local file system
#
        #
location / {
        location / {
proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
            proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
            proxy_set_header X-Forwarded-Proto https;
proxy_redirect off;
            proxy_redirect off;
client_max_body_size 4M;
            client_max_body_size 4M;
client_body_buffer_size 128K;
            client_body_buffer_size 128K;


if (-f $request_filename/index.html) {
            if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
                rewrite (.*) $1/index.html break;
}
            }
if (-f $request_filename.html) {
            if (-f $request_filename.html) {
rewrite (.*) $1.html break;
                rewrite (.*) $1.html break;
}
            }
if (!-f $request_filename) {
            if (!-f $request_filename) {
proxy_pass http://thin_cluster;
                proxy_pass http://thin_cluster;
break;
                break;
}
            }
#if you switch to a s3 bucket you can redirect old links to the s3
            #if you switch to a s3 bucket you can redirect old links to the s3
#rewrite ^/uploads/images/(.*)$ https://example.com/s3bucket/s3path/$1 permanent;
            #rewrite ^/uploads/images/(.*)$ https://example.com/s3bucket/s3path/$1 permanent;
}
        }


error_page 500 502 503 504 /50x.html;
        error_page 500 502 503 504 /50x.html;
location = /50x.html {
        location = /50x.html {
root html;
            root html;
}
        }
}
    }


}
}
-- end of contents of nginx.conf --
-- end of contents of nginx.conf --
|lang="bash"}}


Enable and activate nginx web server.
==== Create the diaspora user ====
# chkconfig --level 3 nginx on
{{#tag: syntaxhighlight|
# service nginx start
useradd diaspora
passwd diaspora
|lang="bash"}}


Enable and activate redis service.
==== Enable and activate nginx web server. ====
# chkconfig --level 3 redis on
{{#tag: syntaxhighlight|
# service redis start
chkconfig --level 3 nginx on
service nginx start
|lang="bash"}}


Create the diaspora user
==== Enable and activate redis service. ====
# useradd diaspora
{{#tag: syntaxhighlight|
# passwd diaspora
chkconfig --level 3 redis on
    yourpassw0rd
service redis start
|lang="bash"}}


Run all future commands as diaspora user
==== Run all future commands as diaspora user ====
# su -l diaspora
{{#tag: syntaxhighlight|
su -l diaspora
|lang="bash"}}


Install RVM - Per instructions here. http://rvm.io/
==== Install RVM - Per instructions here. http://rvm.io/ ====
# curl -L https://get.rvm.io | bash -s stable
{{#tag: syntaxhighlight|
curl -L https://get.rvm.io {{!}} bash -s stable
|lang="bash"}}


# vi .bashrc
{{#tag: syntaxhighlight|
vi .bashrc
-- begin add to .bashrc --
-- begin add to .bashrc --
[[ -s "~/.rvm/scripts/rvm" ]] && source "~/.rvm/scripts/rvm"
[[ -s "~/.rvm/scripts/rvm" ]] && source "~/.rvm/scripts/rvm"
-- end add to .bashrc --
-- end add to .bashrc --
:wq <- to save and exit
:wq <- to save and exit
|lang="bash"}}


Logout and back into the diaspora user account
==== Logout and back into the diaspora user account ====
# exit
{{#tag: syntaxhighlight|
# su -l diaspora
exit
su -l diaspora
|lang="bash"}}


{{#tag: syntaxhighlight|
$ rvm autolibs read-only
$ rvm autolibs read-only
Install the version of ruby wanted by Diaspora (installing latest version will not work)
Install the version of ruby wanted by Diaspora (installing latest version will not work)
$ rvm install 1.9.3-p448
$ rvm install 1.9.3-p448
|lang="bash"}}


Install Diaspora*
==== Install Diaspora* ====
# git clone -b master git://github.com/diaspora/diaspora.git
{{#tag: syntaxhighlight|
# cd diaspora
git clone -b master git://github.com/diaspora/diaspora.git
cd diaspora
|lang="bash"}}
Answer y[es] to the prompt about switching to '.ruby-version'
Answer y[es] to the prompt about switching to '.ruby-version'


Copy the base configuration files.
==== Copy the base configuration files. ====
# cp config/database.yml.example config/database.yml
{{#tag: syntaxhighlight|
# cp config/diaspora.yml.example config/diaspora.yml
cp config/database.yml.example config/database.yml
cp config/diaspora.yml.example config/diaspora.yml
|lang="bash"}}


Now open config/database.yml and config/diaspora.yml in your favorite text editor and carefully review them, they are extensively commented.
Now open config/database.yml and config/diaspora.yml in your favorite text editor and carefully review them, they are extensively commented.
Line 210: Line 248:
server.rails_environment: You must set this to production. The server section is read by ./script/server and most alternative startup methods to setup the correct environment.
server.rails_environment: You must set this to production. The server section is read by ./script/server and most alternative startup methods to setup the correct environment.
environment.require_ssl: If for some reason you can't run your pod on HTTPS (we highly encourage you to do it!), set this to false to prevent a redirect from http:// to https://
environment.require_ssl: If for some reason you can't run your pod on HTTPS (we highly encourage you to do it!), set this to false to prevent a redirect from http:// to https://
It's time to install the Ruby libraries required by Diaspora:
 
==== It's time to install the Ruby libraries required by Diaspora: ====
{{#tag: syntaxhighlight|
# RAILS_ENV=production bundle install --without test development
# RAILS_ENV=production bundle install --without test development
|lang="bash"}}
==== Double check your config/database.yml looks right and run: ====
{{#tag: syntaxhighlight|
RAILS_ENV=production bundle exec rake db:create db:schema:load
|lang="bash"}}


Double check your config/database.yml looks right and run:
==== Precompile assets ====
# RAILS_ENV=production bundle exec rake db:create db:schema:load
{{#tag: syntaxhighlight|
RAILS_ENV=production bundle exec rake assets:precompile
|lang="bash"}}


Precompile assets
==== It's time to start Diaspora: ====
# RAILS_ENV=production bundle exec rake assets:precompile
{{#tag: syntaxhighlight|
./script/server
|lang="bash"}}


It's time to start Diaspora:
[[Category:Installation]]
# ./script/server
[[Category:Podmin]]

Latest revision as of 08:28, 25 February 2018

NoteNote:This guide does not follow our preferred scheme, so don't be surprised if it's partly outdated or wrong

So, here are the steps I followed to get it up and running for CentOS 6.4. This is an entirely fresh/clean install of CentOS 6.4. Nothing else is running on this box, and this tutorial covers all that needs to be installed.

First step is to install CentOS 6.4 with the base/minimal install. Please follow other instructions to do this if you don't know how.


Perform an update to ensure you've got the latest of everything in the base package.

yum update

Install wget so you can download a few things.

yum install wget

Allow yum to locate/install redis, per this page here.

http://thoughts.z-dev.org/2013/05/27/install-redis-on-centos-6-4/

wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
rpm -Uvh remi-release-6*.rpm epel-release-6*.rpm"

Now, install all the prerequisites

yum install tar make automake gcc gcc-c++ git net-tools libcurl-devel libxml2-devel libffi-devel libxslt-devel tcl redis ImageMagick npm mysql-server mysql-devel nginx libyaml libyaml-devel patch readline-devel libtool bison

Enable and start MySQL

chkconfig --level 3 mysqld on
service mysqld start

Secure your MySQL installation by setting a password. replace 'new-password' with your secure password.

mysqladmin -u root password 'new-password'
mysqladmin -u root -h YourHost.YourDomain.com password 'new-password'

Open up the necessary firewall ports

vi /etc/sysconfig/iptables
  copy this line.
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
  and add two more with port 80 & 443 as well
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
    -A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT

Restart the firewall

service iptables restart

Configure Nginx

Next, modify the nginx configuration based on this advice I found on here. https://github.com/diaspora/diaspora/wiki/Nginx-Configuration Be sure to follow all the FIXME instructions, including replacing "example.com" with your domain name. You may also need to create a key and csr to obtain a signed SSL certificate. That part is not covered here.

vi /etc/nginx/nginx.conf
-- contents of nginx.conf --

worker_processes 1;
user diaspora;

events {
    worker_connections 1024;
}

#
# FIXME: You may wish to modify the value of the `log_format` directive
# below if you are not using Splunk
#
http {

    include mime.types;
    default_type application/octet-stream;
    sendfile on;
    keepalive_timeout 65;
    gzip on;
    gzip_http_version 1.0;
    gzip_comp_level 2;
    gzip_proxied any;
    gzip_buffers 16 8k;
    gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_disable "MSIE [1-6]\.(?!.*SV1)";

    #
    # FIXME: If using thin app server, specify correct number of thin servers
    # below, otherwise comment out and replace with your own solution
    #
    # In case of unicorn - master opens a unix domain socket
    #upstream unicorn {
    #     server unix:/var/run/sockets/unicorn.sock;
    #}

    upstream thin_cluster {
        server localhost:3000;
    }

    #
    # FIXME: specify correct value(s) for `server_name` directive and
    # correct domain name in the `rewrite` directive below
    #
    server {
        listen 80;
        server_name example.com www.example.com;
        rewrite ^(.*) https://example.com$1 permanent;
    }

    #
    # FIXME: specify correct value(s) for `server_name` directive and
    # `ssl_certificate` + `ssl_certificate_key` directives below
    #
    server {
        listen 443;
        server_name example.com www.example.com;
        ## make sure you change location if you did clone into /usr/local/app
        root /home/diaspora/diaspora/public;

        ssl on;
        ssl_certificate /path/to/cert_location;
        ssl_certificate_key /path/to/key_location;
        # enable better ssl security if you like to mitigate BEAST and other exploits
        #ssl_session_cache shared:SSL:10m;
        #ssl_session_timeout 5m;
        #ssl_protocols TLSv1;
        #ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
        #ssl_prefer_server_ciphers on;
        #add_header Strict-Transport-Security max-age=500;
        #ssl_ecdh_curve secp521r1;

        location /uploads/images {
            expires 1d;
            add_header Cache-Control public;
        }
        location /assets {
            expires 1d;
           add_header Cache-Control public;
        }

        #
        # FIXME: modify the `rewrite` directive below to point to proper S3 bucket
        # and path or comment out if you will store images on local file system
        #
        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-Proto https;
            proxy_redirect off;
            client_max_body_size 4M;
            client_body_buffer_size 128K;

            if (-f $request_filename/index.html) {
                rewrite (.*) $1/index.html break;
            }
            if (-f $request_filename.html) {
                rewrite (.*) $1.html break;
            }
            if (!-f $request_filename) {
                proxy_pass http://thin_cluster;
                break;
            }
            #if you switch to a s3 bucket you can redirect old links to the s3
            #rewrite ^/uploads/images/(.*)$ https://example.com/s3bucket/s3path/$1 permanent;
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
            root html;
        }
    }

}
-- end of contents of nginx.conf --

Create the diaspora user

useradd diaspora
passwd diaspora

Enable and activate nginx web server.

chkconfig --level 3 nginx on
service nginx start

Enable and activate redis service.

chkconfig --level 3 redis on
service redis start

Run all future commands as diaspora user

su -l diaspora

Install RVM - Per instructions here. http://rvm.io/

curl -L https://get.rvm.io | bash -s stable
vi .bashrc
-- begin add to .bashrc --
[[ -s "~/.rvm/scripts/rvm" ]] && source "~/.rvm/scripts/rvm"
-- end add to .bashrc --
:wq <- to save and exit

Logout and back into the diaspora user account

exit
su -l diaspora
$ rvm autolibs read-only
Install the version of ruby wanted by Diaspora (installing latest version will not work)
$ rvm install 1.9.3-p448

Install Diaspora*

git clone -b master git://github.com/diaspora/diaspora.git
cd diaspora

Answer y[es] to the prompt about switching to '.ruby-version'

Copy the base configuration files.

cp config/database.yml.example config/database.yml
cp config/diaspora.yml.example config/diaspora.yml

Now open config/database.yml and config/diaspora.yml in your favorite text editor and carefully review them, they are extensively commented.

Important values in config/diaspora.yml

environment.url: Set the public facing URL to your pod here, for example for https://pod.geraspora.de this would be https://pod.geraspora.de environment.certificate_authorities: You have to set this, one of the examples should fit. If the file in the example doesn't exist you're missing a package, in most cases it's named ca-certificates. server.rails_environment: You must set this to production. The server section is read by ./script/server and most alternative startup methods to setup the correct environment. environment.require_ssl: If for some reason you can't run your pod on HTTPS (we highly encourage you to do it!), set this to false to prevent a redirect from http:// to https://

It's time to install the Ruby libraries required by Diaspora:

# RAILS_ENV=production bundle install --without test development

Double check your config/database.yml looks right and run:

RAILS_ENV=production bundle exec rake db:create db:schema:load

Precompile assets

RAILS_ENV=production bundle exec rake assets:precompile

It's time to start Diaspora:

./script/server