Installing on Linux using OTP releases¶
Packaged (OTP) installation vs Manual (from-source) installations¶
There is multiple ways to install Pleroma.
- Distro-provided packages
- This is the recommended method, where you can get the strongest compatibility guarantees and the best dependency-management
- Pleroma-provided OTP binaries
- Intended as fallback for Alpine/Debian-compatible systems lacking a proper Pleroma package, they are heavier than proper distro packages as they also contain Erlang/Elixir and can break after system updates
- Manual from-source installation
- Needs build-dependencies to be installed and manual updates+rebuilds. Allows for easier source-customisations.
This guide covers a installation using OTP releases as built by the Pleroma project, it is meant as a fallback to distribution packages/recipes which are the preferred installation method.
To install Pleroma from source, please check out the corresponding guide for your distro.
- A machine you have root access to running Debian GNU/Linux or compatible (eg. Ubuntu), or Alpine on
armv7lCPU. If you are not sure what you are running see Detecting flavour section below
- A (sub)domain pointed to the machine
You will be running commands as root. If you aren't root already, please elevate your privileges by executing
Similarly to other binaries, OTP releases tend to be only compatible with the distro they are built on, as such this guide focuses only on Debian/Ubuntu and Alpine.
Paste the following into the shell:
arch="$(uname -m)";if [ "$arch" = "x86_64" ];then arch="amd64";elif [ "$arch" = "armv7l" ];then arch="arm";elif [ "$arch" = "aarch64" ];then arch="arm64";else echo "Unsupported arch: $arch">&2;fi;if getconf GNU_LIBC_VERSION>/dev/null;then libc_postfix="";elif [ "$(ldd 2>&1|head -c 9)" = "musl libc" ];then libc_postfix="-musl";elif [ "$(find /lib/libc.musl*|wc -l)" ];then libc_postfix="-musl";else echo "Unsupported libc">&2;fi;echo "$arch$libc_postfix"
This should give your flavour string. If not this just means that we don't build releases for your platform, you can still try installing from source.
Installing the required packages¶
Other than things bundled in the OTP release Pleroma depends on:
- curl (to download the release build)
- unzip (needed to unpack release builds)
- ncurses (ERTS won't run without it)
- PostgreSQL (also utilizes extensions in postgresql-contrib)
- nginx (could be swapped with another reverse proxy but this guide covers only it)
- certbot (for Let's Encrypt certificates, could be swapped with another ACME client, but this guide covers only it)
awk 'NR==2' /etc/apk/repositories | sed 's/main/community/' | tee -a /etc/apk/repositories apk update apk add curl unzip ncurses postgresql postgresql-contrib nginx certbot file-dev
apt install curl unzip libncurses5 postgresql postgresql-contrib nginx certbot libmagic-dev
Installing optional packages¶
apk update apk add imagemagick ffmpeg exiftool
apt install imagemagick ffmpeg libimage-exiftool-perl
(Optional) Installing RUM indexes¶
It is recommended to use PostgreSQL v11 or newer. We have seen some minor issues with lower PostgreSQL versions.
RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. You can read more about them on the Configuration page. They are completely optional and most of the time are not worth it, especially if you are running a single user instance (unless you absolutely need ordered search results).
apk add git build-base postgresql-dev git clone https://github.com/postgrespro/rum /tmp/rum cd /tmp/rum make USE_PGXS=1 make USE_PGXS=1 install cd rm -r /tmp/rum
# Available only on Buster/19.04 apt install postgresql-11-rum
(Optional) Performance configuration¶
It is encouraged to check Optimizing your PostgreSQL performance document, for tips on PostgreSQL tuning.
Restart PostgreSQL to apply configuration changes:
rc-service postgresql restart
systemctl restart postgresql
# Create a Pleroma user adduser --system --shell /bin/false --home /opt/pleroma pleroma # Set the flavour environment variable to the string you got in Detecting flavour section. # For example if the flavour is `amd64-musl` the command will be export FLAVOUR="amd64-musl" # Clone the release build into a temporary directory and unpack it sudo -Hu pleroma " curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip unzip /tmp/pleroma.zip -d /tmp/ " # Move the release to the home directory and delete temporary files sudo -Hu pleroma " mv /tmp/release/* /opt/pleroma rmdir /tmp/release rm /tmp/pleroma.zip " # Create uploads directory and set proper permissions (skip if planning to use a remote uploader) # Note: It does not have to be `/var/lib/pleroma/uploads`, the config generator will ask about the upload directory later mkdir -p /var/lib/pleroma/uploads chown -R pleroma /var/lib/pleroma # Create custom public files directory (custom emojis, frontend bundle overrides, robots.txt, etc.) # Note: It does not have to be `/var/lib/pleroma/static`, the config generator will ask about the custom public files directory later mkdir -p /var/lib/pleroma/static chown -R pleroma /var/lib/pleroma # Create a config directory mkdir -p /etc/pleroma chown -R pleroma /etc/pleroma # Run the config generator sudo -Hu pleroma "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql" # Create the postgres database sudo -u postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql" # Create the database schema sudo -Hu pleroma "./bin/pleroma_ctl migrate" # If you have installed RUM indexes uncommend and run # sudo -Hu pleroma "./bin/pleroma_ctl migrate --migrations-path priv/repo/optional_migrations/rum_indexing/" # Start the instance to verify that everything is working as expected sudo -Hu pleroma "./bin/pleroma daemon" # Wait for about 20 seconds and query the instance endpoint, if it shows your uri, name and email correctly, you are configured correctly sleep 20 && curl http://localhost:4000/api/v1/instance # Stop the instance sudo -Hu pleroma "./bin/pleroma stop"
Setting up nginx and getting Let's Encrypt SSL certificaties¶
Get a Let's Encrypt certificate¶
certbot certonly --standalone --preferred-challenges http -d yourinstance.tld
Copy Pleroma nginx configuration to the nginx folder¶
The location of nginx configs is dependent on the distro
cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/conf.d/pleroma.conf
cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.conf ln -s /etc/nginx/sites-available/pleroma.conf /etc/nginx/sites-enabled/pleroma.conf
If your distro does not have either of those you can append
include /etc/nginx/pleroma.conf to the end of the http section in /etc/nginx/nginx.conf and
cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/pleroma.conf
Edit the nginx config¶
# Replace example.tld with your (sub)domain $EDITOR path-to-nginx-config # Verify that the config is valid nginx -t
(Strongly recommended) serve media on another domain¶
Refer to the Hardening your instance document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors.
rc-service nginx start
systemctl start nginx
At this point if you open your (sub)domain in a browser you should see a 502 error, that's because Pleroma is not started yet.
Setting up a system service¶
# Copy the service into a proper directory cp /opt/pleroma/installation/init.d/pleroma /etc/init.d/pleroma # Start pleroma and enable it on boot rc-service pleroma start rc-update add pleroma
# Copy the service into a proper directory cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service # Start pleroma and enable it on boot systemctl start pleroma systemctl enable pleroma
If everything worked, you should see Pleroma-FE when visiting your domain. If that didn't happen, try reviewing the installation steps, starting Pleroma in the foreground and seeing if there are any errrors.
Setting up auto-renew of the Let's Encrypt certificate¶
# Create the directory for webroot challenges mkdir -p /var/lib/letsencrypt # Uncomment the webroot method $EDITOR path-to-nginx-config # Verify that the config is valid nginx -t
# Restart nginx rc-service nginx restart # Start the cron daemon and make it start on boot rc-service crond start rc-update add crond # Ensure the webroot menthod and post hook is working certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'rc-service nginx reload' # Add it to the daily cron echo '#!/bin/sh certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "rc-service nginx reload" ' > /etc/periodic/daily/renew-pleroma-cert chmod +x /etc/periodic/daily/renew-pleroma-cert # If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert run-parts --test /etc/periodic/daily
# Restart nginx systemctl restart nginx # Ensure the webroot menthod and post hook is working certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'systemctl reload nginx' # Add it to the daily cron echo '#!/bin/sh certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx" ' > /etc/cron.daily/renew-pleroma-cert chmod +x /etc/cron.daily/renew-pleroma-cert # If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert run-parts --test /etc/cron.daily
Create your first user and set as admin¶
cd /opt/pleroma su pleroma -s $SHELL -lc "./bin/pleroma_ctl user new joeuser email@example.com --admin"
- How Federation Works/Why is my Federated Timeline empty?
- Backup your instance
- Updating your instance
- Hardening your instance
- How to activate mediaproxy