Installation du réseau social Diaspora* sous Debian 8 avec Apache2 (support Let’s Encrypt) et MySql.
Serveur :
Localisation : Bissen, Luxembourg (LU-BI1) Cœur(s) CPU : 2 RAM : 2048 Mo Disque : 10 Go Système d'exploitation : Debian 8 Nom du disque système : sysdiskdia Nom (Hostname) : serverdia Identifiant administrateur : admin Adresse ipv4 : 92.243.7.222
1/ Modification de la zone DNS du nom de domaine.
Ajouter le sous-domaine : pod.espace-bidouilleur.fr
2/ Connexion au serveur Debian.
➜ ~ ssh admin@92.243.7.222 admin@92.243.7.222's password: Linux serverdia 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2+deb8u5 (2017-09-19) x86_64 GNU/Linux ... admin@serverdia:~$
3/ Passage à l’utilisateur ‘root‘.
admin@serverdia:~$ su Password: root@serverdia:/home/admin#
4/ Initialisation des locales.
root@serverdia:/home/admin# export LANGUAGE=fr_FR.UTF-8 root@serverdia:/home/admin# export LANG=fr_FR.UTF-8 root@serverdia:/home/admin# export LC_ALL=fr_FR.UTF-8
5/ Configuration des locales.
Ouvrir :
/etc/locale.gen
Chercher :
# fr_FR.UTF-8
Remplacer par :
fr_FR.UTF-8
Action :
# locale-gen
6/ Création de l’utilisation ‘root‘.
root@serverdia:/home/admin# su diaspora diaspora@serverdia:/home/admin$ cd diaspora@serverdia:~$
7/ Mise-à-jour du système d’exploitation.
root@serverdia:/home/admin# apt-get update && apt-get upgrade
8/ Installation des paquets de base.
root@serverdia:/home/admin# apt-get install screen mc vim htop
9/ Installation des paquets pour Diaspora*.
root@serverdia:/home/admin# apt-get install build-essential libssl-dev libcurl4-openssl-dev libxml2-dev libxslt-dev imagemagick ghostscript curl libmagickwand-dev git libmysqlclient-dev redis-server nodejs root@serverdia:/home/admin# apt-get install gawk libyaml-dev libsqlite3-dev sqlite3 autoconf libgmp-dev libgdbm-dev libncurses5-dev automake libtool bison libffi-dev libgmp-dev libreadline6-dev
10/ Installation des paquets de MySql.
root@serverdia:/home/admin# apt-get install mysql-server mysql-client
11/ Installation de Apache2.
root@serverdia:/home/admin# apt-get install apache2
12/ Activation des modules Apache2.
root@serverdia:/home/admin# a2enmod rewrite root@serverdia:/home/admin# a2enmod proxy root@serverdia:/home/admin# a2enmod proxy_http root@serverdia:/home/admin# a2enmod headers root@serverdia:/home/admin# a2enmod ssl root@serverdia:/home/admin# a2enmod proxy_balancer root@serverdia:/home/admin# a2enmod lbmethod_byrequests
13/ Installation de ‘certbot‘ pour Let’s Encrypt.
root@serverdia:/home/admin# echo 'deb http://ftp.debian.org/debian jessie-backports main' | tee /etc/apt/sources.list.d/backports.list root@serverdia:/home/admin# apt-get update root@serverdia:/home/admin# apt-get install python-certbot-apache -t jessie-backports
14/ Arrêt du serveur Apache2.
root@serverdia:/home/admin# service apache2 stop
15/ Génération des fichiers Let’s Encrypt.
root@serverdia:/home/admin# certbot certonly --standalone ... Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel):lesanglierdesardennes@gmail.com ... Please enter in your domain name(s) (comma and/or space separated) (Enter 'c' to cancel):pod.espace-bidouilleur.fr ...
16/ Vérification.
root@serverdia:/home/admin# ls -l /etc/letsencrypt/live/pod.espace-bidouilleur.fr/* lrwxrwxrwx 1 root root 49 janv. 20 09:50 /etc/letsencrypt/live/pod.espace-bidouilleur.fr/cert.pem -> ../../archive/pod.espace-bidouilleur.fr/cert1.pem lrwxrwxrwx 1 root root 50 janv. 20 09:50 /etc/letsencrypt/live/pod.espace-bidouilleur.fr/chain.pem -> ../../archive/pod.espace-bidouilleur.fr/chain1.pem lrwxrwxrwx 1 root root 54 janv. 20 09:50 /etc/letsencrypt/live/pod.espace-bidouilleur.fr/fullchain.pem -> ../../archive/pod.espace-bidouilleur.fr/fullchain1.pem lrwxrwxrwx 1 root root 52 janv. 20 09:50 /etc/letsencrypt/live/pod.espace-bidouilleur.fr/privkey.pem -> ../../archive/pod.espace-bidouilleur.fr/privkey1.pem -rw-r--r-- 1 root root 543 janv. 20 09:50 /etc/letsencrypt/live/pod.espace-bidouilleur.fr/README
17/ Configuration du vhost par défaut.
Ouvrir :
/etc/apache2/sites-enabled/000-default.conf
Supprimer tout et remplacer par :
ServerName pod.espace-bidouilleur.fr ServerAlias www.pod.espace-bidouilleur.fr RedirectPermanent / https://pod.espace-bidouilleur.fr/ ServerName pod.espace-bidouilleur.fr ServerAlias www.pod.espace-bidouilleur.fr DocumentRoot /home/diaspora/diaspora/public RewriteEngine On RewriteCond %{HTTP_HOST} !^pod\.espace-bidouilleur\.fr [NC] RewriteRule ^/(.*)$ https://pod\.espace-bidouilleur\.fr/$1 [L,R,QSA] RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f RewriteRule ^/(.*)$ balancer://upstream%{REQUEST_URI} [P,QSA,L] BalancerMember unix:///home/diaspora/diaspora/tmp/diaspora.sock|http:// ProxyRequests Off ProxyVia On ProxyPreserveHost On RequestHeader set X_FORWARDED_PROTO httpsRequire all granted Options -MultiViews Require all granted SSLEngine On SSLCertificateFile /etc/letsencrypt/live/pod.espace-bidouilleur.fr/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/pod.espace-bidouilleur.fr/privkey.pem # Might not needed, needs for example for StartSSL to point to a local # copy of https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem # For Let's encrypt it should point to /etc/letsencrypt/live/pod.espace-bidouilleur.fr/chain.pem SSLCertificateChainFile /etc/letsencrypt/live/pod.espace-bidouilleur.fr/chain.pem # Based on https://wiki.mozilla.org/Security/Server_Side_TLS - consider as global configuration SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK SSLHonorCipherOrder on SSLCompression off
18/ Vérification de la configuration Apache2.
root@serverdia:/home/admin# apache2ctl configtest
19/ Redémarrage de Apache2.
root@serverdia:/home/admin# service apache2 restart
20/ Création de l’utilisateur ‘diaspora‘.
root@serverdia:/home/admin# adduser --disabled-login diaspora Adding user `diaspora' ... Adding new group `diaspora' (1000) ... Adding new user `diaspora' (1001) with group `diaspora' ... Creating home directory `/home/diaspora' ... Copying files from `/etc/skel' ... Changing the user information for diaspora Enter the new value, or press ENTER for the default Full Name []: Room Number []: Work Phone []: Home Phone []: Other []: Is the information correct? [Y/n] root@serverdia:/home/admin#
21/ Passage à l’utilisateur ‘diaspora‘.
root@serverdia:/home/admin# su diaspora diaspora@serverdia:/home/admin$ cd diaspora@serverdia:~$
22/ Connexion au serveur MySql.
diaspora@serverdia:~$ mysql -u root -p Enter password: Welcome to the MySQL monitor. Commands end with ; or \g. Your MySQL connection id is 43 Server version: 5.5.59-0+deb8u1 (Debian) ... mysql>
23/ Création de l’utilisateur de base de données ‘diaspora‘.
mysql> CREATE USER 'diaspora'@'localhost' IDENTIFIED BY ''; mysql> GRANT ALL PRIVILEGES ON `diaspora_%`.* TO 'diaspora'@'localhost'; mysql> exit; Bye diaspora@serverdia:~$
24/ Préparation de Diaspora*.
diaspora@serverdia:~$ command curl -sSL https://rvm.io/mpapis.asc | gpg --import - diaspora@serverdia:~$ curl -L https://s.diaspora.software/1t | bash
25/ Configuration de ‘bashrc‘.
Ouvrir :
~/.bashrc
Ajouter à la fin :
[[ -s "$HOME/.rvm/scripts/rvm" ]] && source "$HOME/.rvm/scripts/rvm"
Action :
source ~/.bashrc
26/ Installation de ‘rvm‘.
diaspora@serverdia:~$ rvm autolibs read-fail diaspora@serverdia:~$ rvm install 2.4
27/ Installation du code source de Diaspora*.
diaspora@serverdia:~$ git clone -b master https://github.com/diaspora/diaspora.git
28/ Changement vers le répertoire ‘diaspora‘.
diaspora@serverdia:~$ cd diaspora ruby-2.4.1 - #gemset created /home/diaspora/.rvm/gems/ruby-2.4.1@diaspora ruby-2.4.1 - #generating diaspora wrappers.......... Using /home/diaspora/.rvm/gems/ruby-2.4.1 with gemset diaspora diaspora@serverdia:~/diaspora$
29/ Initialisation des fichiers de configuration.
diaspora@serverdia:~/diaspora$ cp config/database.yml.example config/database.yml diaspora@serverdia:~/diaspora$ cp config/diaspora.yml.example config/diaspora.yml
30/ Configuration de la base de données de Diaspora*.
Ouvrir :
config/database.yml
Chercher :
mysql: &mysql adapter: mysql2 host: "localhost" port: 3306 username: "root" password: "" # socket: /tmp/mysql.sock encoding: utf8mb4 collation: utf8mb4_bin
Remplacer par:
mysql: &mysql adapter: mysql2 host: "localhost" port: 3306 username: "root" password: "" #socket: /tmp/mysql.sock encoding: utf8mb4 collation: utf8mb4_bin
Chercher :
<<: *postgresql #<<: *mysql
Remplacer par :
#<<: *postgresql <<: *mysql
31/ Configuration de Diaspora*.
Ouvrir :
config/diaspora.yml
Chercher :
#url: "https://example.org/"
Remplacer par :
url: "https://pod.espace-bidouilleur.fr"
Chercher :
#certificate_authorities: '/etc/ssl/certs/ca-certificates.crt'
Remplacer par :
certificate_authorities: '/etc/ssl/certs/ca-certificates.crt'
Chercher :
#rails_environment: 'development'
Remplacer :
rails_environment: 'production'
Chercher :
#require_ssl: true
Remplacer par :
require_ssl: true
32/ Installation de 'bundler'.
diaspora@serverdia:~/diaspora$ gem update --system 2.6.14 diaspora@serverdia:~/diaspora$ gem install bundler diaspora@serverdia:~/diaspora$ script/configure_bundler
33/ Vérification.
diaspora@serverdia:~/diaspora$ bin/bundle install diaspora@serverdia:~/diaspora$ bin/bundle install ... Bundle complete! 139 Gemfile dependencies, 223 gems now installed. Gems in the groups test and development were not installed. Bundled gems are installed into `./vendor/bundle`
34/ Installation de la base de données de Diaspora*.
diaspora@serverdia:~/diaspora$ RAILS_ENV=production bin/rake db:create db:migrate
35/ Installation des 'assets' de Diaspora*.
diaspora@serverdia:~/diaspora$ RAILS_ENV=production bin/rake assets:precompile
36/ Lancement du serveur sous 'screen'.
diaspora@serverdia:~/diaspora$ ./script/server Starting Diaspora in production mode with 1 Sidekiq worker(s). I, [2018-01-21T02:51:38.917829 #22650] INFO -- : [diaspora:__default__] call: I, [2018-01-21T02:51:38.917972 #22650] INFO -- : [diaspora:__default__] schedule :monitor (load by user) I, [2018-01-21T02:51:38.918235 #22650] INFO -- : [diaspora:__default__] => monitor (load by user) I, [2018-01-21T02:51:38.918619 #22650] INFO -- : [diaspora:sidekiq] call: I, [2018-01-21T02:51:38.918710 #22650] INFO -- : [diaspora:__default__] starting async with 0.2s chain monitor I, [2018-01-21T02:51:38.918794 #22650] INFO -- : [diaspora:sidekiq] schedule :monitor (load by user) I, [2018-01-21T02:51:38.919092 #22650] INFO -- : [diaspora:sidekiq] => monitor (load by user) I, [2018-01-21T02:51:38.919150 #22650] INFO -- : [diaspora:sidekiq] starting async with 0.2s chain monitor I, [2018-01-21T02:51:38.920039 #22650] INFO -- : [diaspora:web] schedule :monitor (monitor by user) I, [2018-01-21T02:51:38.920172 #22650] INFO -- : [Eye] <= loading: ["/home/diaspora/diaspora/config/eye.rb"] I, [2018-01-21T02:51:38.920341 #22650] INFO -- : [diaspora:sidekiq:sidekiq1] schedule :monitor (monitor by user) I, [2018-01-21T02:51:38.920641 #22650] INFO -- : [diaspora:web] => monitor (monitor by user) I, [2018-01-21T02:51:38.921848 #22650] INFO -- : [diaspora:__default__] <= monitor I, [2018-01-21T02:51:38.931924 #22650] INFO -- : [Eye] <= command: load /home/diaspora/diaspora/config/eye.rb (0.118974817s) I, [2018-01-21T02:51:38.932308 #22650] INFO -- : [diaspora:sidekiq:sidekiq1] => monitor (monitor by user) I, [2018-01-21T02:51:38.932461 #22650] INFO -- : [diaspora:sidekiq] <= monitor I, [2018-01-21T02:51:39.032838 #22650] INFO -- : [diaspora:web] load_external_pid_file: pid_file not found I, [2018-01-21T02:51:39.033309 #22650] INFO -- : [diaspora:sidekiq:sidekiq1] load_external_pid_file: pid_file not found I, [2018-01-21T02:51:39.033605 #22650] INFO -- : [diaspora:web] switch :starting [:unmonitored => :starting] monitor by user I, [2018-01-21T02:51:39.034013 #22650] INFO -- : [diaspora:sidekiq:sidekiq1] switch :starting [:unmonitored => :starting] monitor by user I, [2018-01-21T02:51:39.034340 #22650] INFO -- : [diaspora:web] executing: `bin/bundle exec unicorn -c config/unicorn.rb -D` with start_timeout: 15.0s, start_grace: 2.5s, env: 'RAILS_ENV=production PORT=' (in /home/diaspora/diaspora) I, [2018-01-21T02:51:39.036080 #22650] INFO -- : [diaspora:sidekiq:sidekiq1] daemonizing: `bin/bundle exec sidekiq` with start_grace: 2.5s, env: 'RAILS_ENV=production', <22799> (in /home/diaspora/diaspora) I, [2018-01-21T02:51:39.036705 #22650] INFO -- : [diaspora:sidekiq:sidekiq1] sleeping for :start_grace 2.5 I, [2018-01-21T02:51:41.538043 #22650] INFO -- : [diaspora:sidekiq:sidekiq1] switch :started [:starting => :up] monitor by user I, [2018-01-21T02:51:41.538272 #22650] INFO -- : [diaspora:sidekiq:sidekiq1] <= monitor I, [2018-01-21T02:51:45.729739 #22650] INFO -- : [diaspora:web] sleeping for :start_grace 2.5 I, [2018-01-21T02:51:48.230804 #22650] INFO -- : [diaspora:web] load_external_pid_file: process <22809> from pid_file found and running (identity: ok) (unicorn master -c config/unicorn.rb -D) I, [2018-01-21T02:51:48.231220 #22650] INFO -- : [diaspora:web] switch :started [:starting => :up] monitor by user I, [2018-01-21T02:51:48.240435 #22650] INFO -- : [diaspora:web] <= monitor
37/ Test.
https://pod.espace-bidouilleur.fr
- Page d'accueil du pod :
- Page d'un utilisateur :
[…] https://www.memoinfo.fr/tutoriels-linux/configurer-lets-encrypt-apache/ http://rockstarninja.labak.xyz/installation-du-reseau-social-diaspora-sous-debian-8-avec-apache2-sup… […]