Based on official Mastodon instructions - yet more paranoid, setup on Raspberry Pi, and made to work over Tor without SSL. This runbook will get you to a working instance, yet some work remains for this runbook:
systemd scripts - so you don't have to restart Mastodon processes manually after rebooting the Pi;
Torify all outgoing connections for additional privacy for your instance;
SD card image (a la mynode) for those who don't have time to learn linux system administration.
Known bugs:
Following external clearnet users seems to be broken. No errors when trying to follow. Yet the number "Followed" on the profile does not change. For one of the users I'm gettting the following warning error in the sidekiq service (this seems to be the only error or warning on the backend):
2021-02-06T16:25:51.361Z pid=9301 tid=3r35 WARN: {"context":"Job raised exception","job":{"retry":16,"queue":"push","dead":false,"class":"ActivityPub::DeliveryWorker","args":["{\"@context\":\"https://www.w3.org/ns/activitystreams\",\"id\":\"http://3vih3yegheqftg4pavy3v3vhf734zevwi3qbragl3uuc26cre7hk5hyd.onion/456fd875-c446-4990-949f-114c74165609\",\"type\":\"Follow\",\"actor\":\"http://3vih3yegheqftg4pavy3v3vhf734zevwi3qbragl3uuc26cre7hk5hyd.onion/users/admin4\",\"object\":\"https://x0f.org/users/orionwl\"}",4,"https://x0f.org/users/orionwl/inbox"],"jid":"e3e4f111f4763a56c3d126d3","created_at":1612627346.7334015,"enqueued_at":1612628750.4727335,"error_message":"https://x0f.org/users/orionwl/inbox returned code 401","error_class":"Mastodon::UnexpectedResponseError","failed_at":1612627347.4861543,"retry_count":5,"retried_at":1612627942.162155},"jobstr":"{\"retry\":16,\"queue\":\"push\",\"dead\":false,\"class\":\"ActivityPub::DeliveryWorker\",\"args\":[\"{\\\"@context\\\":\\\"https://www.w3.org/ns/activitystreams\\\",\\\"id\\\":\\\"http://3vih3yegheqftg4pavy3v3vhf734zevwi3qbragl3uuc26cre7hk5hyd.onion/456fd875-c446-4990-949f-114c74165609\\\",\\\"type\\\":\\\"Follow\\\",\\\"actor\\\":\\\"http://3vih3yegheqftg4pavy3v3vhf734zevwi3qbragl3uuc26cre7hk5hyd.onion/users/admin4\\\",\\\"object\\\":\\\"https://x0f.org/users/orionwl\\\"}\",4,\"https://x0f.org/users/orionwl/inbox\"],\"jid\":\"e3e4f111f4763a56c3d126d3\",\"created_at\":1612627346.7334015,\"enqueued_at\":1612628750.4727335,\"error_message\":\"https://x0f.org/users/orionwl/inbox returned code 401\",\"error_class\":\"Mastodon::UnexpectedResponseError\",\"failed_at\":1612627347.4861543,\"retry_count\":5,\"retried_at\":1612627942.162155}"}
sudo service tor restart
sudo service tor status # check that it's running
sudo cat /var/lib/tor/hidden_service_mastodon/hostname # print your .onion address
We already did convenience in the admin account (host operating system), now it's time to do the same inside the schroot
sudo schroot -c mastodon64
and go thru Convenience Stuff - to make it comfortable inside the schroot. Yet:
Skip "Name your Pi" and "Timezone"
Don't include sudo in the commands
6. Build node.js and yarn
Prerequisit: you need to be logged in as "mastodon" followed by going into schroot:
sudo su -l mastodon
schroot -c mastodon64
Build node.js (includes NPM)
git clone https://github.com/nodejs/node.git ~/src/node
cd ~/src/node
git fetch
git checkout $(git tag | grep v12 | sort -V | grep -v rc | tail -n1) # latest minor version of 12
./configure --prefix $HOME/bin
make # negtive (-): this will take all day; postitive (+): building from source has transparency advantages
make install
and when prompted, paste the following line-by-line:
replace DB_PASSWORD with the password you generated in setp 5
CREATE USER mastodon CREATEDB;
ALTER USER mastodon PASSWORD 'DB_PASSWORD';
\q
9. Install Redis
On "admin" account (not inside schroot), install default system Redis:
sudo apt install -y redis-server
10. Setup Mastodon
Prerequisit: you need to be logged in as "mastodon" followed by going into schroot:
sudo su -l mastodon
schroot -c mastodon64
Get Mastodon source code:
git clone https://github.com/tootsuite/mastodon.git ~/live
cd ~/live
git fetch
git checkout $(git tag | grep v3.3 | sort -V | tail -n1) # latest minor version of v3.3
Install Ruby and JavaScript dependencies
cd ~/live
bundle config deployment 'true'
bundle config without 'development test'
bundle install -j$(getconf _NPROCESSORS_ONLN)
yarn install --pure-lockfile
Run the setup wizard
this will take a long time and interactively ask questions
RAILS_ENV=production bundle exec rake mastodon:setup # if you are re-running this command AND want to destory current data and create an empty database, add DISABLE_DATABASE_ENVIRONMENT_CHECK=1
Domain name: put your onion address from earlier step
Single user mode: No
Docker: No
PostgreSQL host: localhost
Port: Enter (uses the default)
Name of PostgreSQL database: press Enter
Name of PostgreSQL user: press Enter
Password of PostgreSQL user: DB_PASSWORD from earlier step (password does not echo back, so just pasted it and press Enter)
Redis host: press Enter
Redis port: 6379
Redis password: press Enter
Do you want to store uploaded files on the cloud?: press Enter
Do you want to send e-mails from localhost? press Enter
press Enter for many email related questions
Send a test e-mail with this configuration right now? no
press Enter for the rest of the questions
Write down your admin E-mail and password. Ok if you loose it - it's easy to re-create like this:
sudo su -l mastodon
schroot -c mastodon64
cd ~/live
RAILS_ENV=production ./bin/tootctl accounts create admin2 --role admin --email [email protected]
replace ONION_SITE_GOES_HERE with the onion address you generated earlier (e.g. a1b2c3.onion)
Start 3 mastodon services. Later, we'll setup these as systemd services that get restarted automatically if they crash. Yet, at this stage you'll need to learn how to use multiple virtual windowns in Screen and run all 3 services in parallel:
# in screen window 1
sudo su -l mastodon
schroot -c mastodon64
cd ~/live
PORT=3001 RAILS_ENV=production bundle exec rails s
# in sceen window 2
sudo su -l mastodon
schroot -c mastodon64
cd ~/live
RAILS_ENV=production DB_POOL=25 MALLOC_ARENA_MAX=2 /home/mastodon/.rbenv/shims/bundle exec sidekiq -c 25
# in screen window 3
sudo su -l mastodon
schroot -c mastodon64
cd ~/live
NODE_ENV=production PORT=4000 /home/mastodon/bin/bin/node ./streaming
11. Setup Nginx
On "admin" account (not inside schroot), install nginx
sudo apt install -y nginx
Create new config
sudo vi /etc/nginx/sites-available/mastodon
Paste the following, yet replace ONION_SITE_GOES_HERE with your .onion address generated at an earlier step (e.g. a1b2c3.onion)
Tor does not need HTTPS. Moreover it does damage, signing SSL Certrficates is costly and cetralized (most authorities will not even sign a .onion address). Self-singned cettificated generate warnings that are very hard to bypass and get users acistomed to ignoring warnings that are imporatnt on clearnet.
Yet Mastadon is hardcoded to use HTTPS. So lets de-hardcode it.
Check that everything was installed correctly:
cd ~/live
git log -n1 # should say "commit 444b21b55ff5768e4cbbaf7cfa8285c65a4b54f9 (HEAD, tag: v3.3.0rc3)"
git status # should say "nothing to commit, working tree clean"
sha256sum vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.4.4/lib/action_controller/metal/redirecting.rb
# shuld say "da60d1e6315e4ef7e88ebb08a30b283cfcea588c0df3f610cd898f6b5fbd7ad9"
sha256sum vendor/bundle/ruby/2.7.0/gems/actionpack-5.2.4.4/lib/action_dispatch/http/url.rb
# should say "cccb04f6a65890672fffc1b7a6fd7f9d55367e7e0bfc55521a2e5f334db7b06d"
If step 1 does not produce the correct hashes then the following step is probably not going to work. I encoruage you to reach out to me on @[email protected], send by the hashes you get, and I'll help you debug.
Copy the following lage command (all the way to, and including "EOF"), and run it:
请发表评论