Skip to content

Instantly share code, notes, and snippets.

@KEINOS

KEINOS/mastodon-installer-for-CentOS7x-with-KUSANAGI-at-SakuraVPS.sh

Last active March 6, 2023 05:27
Show Gist options
  • Save KEINOS/044296632e363fad065ff9a17b01d143 to your computer and use it in GitHub Desktop.
Save KEINOS/044296632e363fad065ff9a17b01d143 to your computer and use it in GitHub Desktop.
Download ZIP
さくらのVPS+KUSANAGI+CentOS7でMastodonをインストールするシェルスクリプト。One-liner Mastodon Instance installer for CentOS7.2 with KUSANAGI on SakuraVPS.
Raw
mastodon-installer-for-CentOS7x-with-KUSANAGI-at-SakuraVPS.sh
#!/bin/bash
echo
echo "-----------------------------"
echo " ╔╦╗╔═╗╔═╗╔╦╗╔═╗╔╦╗╔═╗╔╗╔"
echo " ║║║╠═╣╚═╗ ║ ║ ║ ║║║ ║║║║"
echo " ╩ ╩╩ ╩╚═╝ ╩ ╚═╝═╩╝╚═╝╝╚╝"
echo " Installer for Sakura VPS"
echo " (CentOS7x with KUSANAGI)"
echo "-----------------------------"
echo
# This is a setup script to install an instance
# of Mastodon on CentOS7 with KUSANAGI at Sakura
# VPS service.
# このスクリプトはmastodonをさくらのVPSにセットアップします。
# 標準OSインストールの「KUSANAGI(CentOS7 x86_64)」のOS
# イメージでのみ動作検証しています。(2017.06.21現在)
#
# How To Install (run below as root)
# $ cd ~/ && curl https://gist.githubusercontent.com/KEINOS/044296632e363fad065ff9a17b01d143/raw > install_mastodon.sh && chmod 0755 install_mastodon.sh && ./install_mastodon.sh
#
# LatestScript : https://gist.github.com/KEINOS/044296632e363fad065ff9a17b01d143
# Reference : https://cloud-news.sakura.ad.jp/startup-script/mastodon/information/
# About SakuraVPS : http://vps.sakura.ad.jp/
# 免責事項  : 自己責任でお願いします。実行している内容はスクリプトの通りです。
export LANG=ja_JP.utf8
install_input_recursive(){
echo
printf "[入力]マストドンのドメイン名:\t"
read DOMAIN
printf "[入力]SSL更新通知先メールアドレス:\t"
read MADDR
printf "[入力]kusanagiアカウントのパスワード:\t"
read PWDKSNG
echo
echo "【設定内容の確認】"
printf "\tマストドンのドメイン名\t: ${DOMAIN}\n"
printf "\t連絡先メールアドレス\t: ${MADDR}\n"
printf "\tkusanagiのパスワード\t: ${PWDKSNG}\n"
echo
echo -n "上記内容でインストールしますか? (y/n/q): "
read install_answer
case $install_answer in
y)
echo
echo "インストールを開始します..."
echo
return 0
;;
q)
echo
echo "インストールはキャンセルされました。"
echo
exit
;;
*)
echo
echo "不正な入力です。もう一度入力してください。"
echo
install_input_recursive
;;
esac
}
install_input_recursive
# リポジトリの設定
yum install -y yum-utils
yum-config-manager --enable epel
yum install -y http://li.nux.ro/download/nux/dextop/el7/x86_64/nux-dextop-release-0-5.el7.nux.noarch.rpm
curl -sL https://rpm.nodesource.com/setup_6.x | bash -
# システムのアップデート
yum --enablerepo=remi,remi-php56 update -y
# Kusanagi環境の初期化
kusanagi init --tz tokyo --lang ja --keyboard ja --passwd ${PWDKSNG} --no-phrase --dbrootpass ${PWDKSNG} --nginx --hhvm
# LEMP環境の構築とLets EncryptSSL証明書の取得
kusanagi provision --lamp --fqdn ${DOMAIN} --email ${MADDR} --dbname dummy --dbuser dummy --dbpass ${PWDKSNG} ${DOMAIN}
# SSLのみの設定に切り替え&1週間に1度のSSL認証更新
kusanagi ssl --https redirect --hsts weak --auto on
# mastodon用追加パッケージのインストール
yum install -y ImageMagick ffmpeg redis rubygem-redis postgresql-{server,devel,contrib} authd nodejs {openssl,readline,zlib,libxml2,libxslt,protobuf,ffmpeg}-devel protobuf-compiler nginx jq bind-utils
npm install -g yarn
# postgresql, redisのインストール
echo "postgresql, redisのインストールをします..."
export PGSETUP_INITDB_OPTIONS="--encoding=UTF-8 --no-locale"
postgresql-setup initdb
sed -i "s/ident/trust/" /var/lib/pgsql/data/pg_hba.conf
systemctl enable postgresql redis
systemctl start postgresql redis
su - postgres -c "createuser --createdb mastodon"
# ruby, mastodonのインストール
echo "ruby, mastodonのインストールファイルを作成します..."
#useradd -g www mastodon
#passwd ${PASWDMSTDN}
SETUP=/home/kusanagi/setup.sh
cat << _EOF_ > ${SETUP}
set -x
git clone https://github.com/sstephenson/rbenv.git ~/.rbenv
echo 'export PATH="~/.rbenv/bin:$PATH"' >> ~/.bash_profile
source ~/.bash_profile
rbenv init - >> ~/.bash_profile
source ~/.bash_profile
git clone https://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
rbenv install 2.4.1
rbenv global 2.4.1
rbenv rehash
git clone https://github.com/tootsuite/mastodon.git live
cd live
git checkout \$(git tag|grep -v rc|tail -n 1)
gem install bundler
bundle install --deployment --without development test
yarn install --pure-lockfile
cp .env.production.sample .env.production
export RAILS_ENV=production
SECRET_KEY_BASE=\$(bundle exec rake secret)
PAPERCLIP_SECRET=\$(bundle exec rake secret)
OTP_SECRET=\$(bundle exec rake secret)
sed -i -e "s/_HOST=[rd].*/_HOST=localhost/" \
-e "s/=postgres$/=mastodon/" \
-e "s/^LOCAL_DOMAIN=.*/LOCAL_DOMAIN=${DOMAIN}/" \
-e "s/^LOCAL_HTTPS.*/LOCAL_HTTPS=true/" \
-e "s/^SMTP_SERVER.*/SMTP_SERVER=localhost/" \
-e "s/^SMTP_PORT=587/SMTP_PORT=25/" \
-e "s/^SMTP_LOGIN/#SMTP_LOGIN/" \
-e "s/^SMTP_PASSWORD/#SMTP_PASSWORD/" \
-e "s/^#SMTP_AUTH_METHOD.*/SMTP_AUTH_METHOD=none/" \
-e "s/^SMTP_FROM_ADDRESS=.*/SMTP_FROM_ADDRESS=${MADDR}/" \
-e "s/^SECRET_KEY_BASE=/SECRET_KEY_BASE=\$(printf \${SECRET_KEY_BASE})/" \
-e "s/^PAPERCLIP_SECRET=/PAPERCLIP_SECRET=\$(printf \${PAPERCLIP_SECRET})/" \
-e "s/^OTP_SECRET=/OTP_SECRET=\$(printf \${OTP_SECRET})/" .env.production
bundle exec rails db:setup
bundle exec rails assets:precompile
_EOF_
echo "ruby, mastodonのインストールを実行します...(/home/mastodon/setup.sh)"
chmod 755 ${SETUP}
#chown mastodon. ${SETUP}
chown kusanagi. ${SETUP}
#su - mastodon -c "/bin/bash ${SETUP}"
su - kusanagi -c "/bin/bash ${SETUP}"
SDIR=/etc/systemd/system
echo "サービスの登録をします...(mastodon-web.service -> ${SDIR})"
cat << "_EOF_" > ${SDIR}/mastodon-web.service
[Unit]
Description=mastodon-web
After=network.target
[Service]
Type=simple
#User=mastodon
User=kusanagi
#WorkingDirectory=/home/mastodon/live
WorkingDirectory=/home/kusanagi/live
Environment="RAILS_ENV=production"
Environment="PORT=3000"
#ExecStart=/home/mastodon/.rbenv/shims/bundle exec puma -C config/puma.rb
ExecStart=/home/kusanagi/.rbenv/shims/bundle exec puma -C config/puma.rb
TimeoutSec=15
Restart=always
[Install]
WantedBy=multi-user.target
_EOF_
echo "サービスの登録をします...(mastodon-sidekiq.service -> ${SDIR})"
cat << "_EOF_" > ${SDIR}/mastodon-sidekiq.service
[Unit]
Description=mastodon-sidekiq
After=network.target
[Service]
Type=simple
#User=mastodon
User=kusanagi
#WorkingDirectory=/home/mastodon/live
WorkingDirectory=/home/kusanagi/live
Environment="RAILS_ENV=production"
Environment="DB_POOL=5"
#ExecStart=/home/mastodon/.rbenv/shims/bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push
ExecStart=/home/kusanagi/.rbenv/shims/bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push
TimeoutSec=15
Restart=always
[Install]
WantedBy=multi-user.target
_EOF_
echo "サービスの登録をします...(mastodon-streaming.service -> ${SDIR})"
cat << "_EOF_" > ${SDIR}/mastodon-streaming.service
[Unit]
Description=mastodon-streaming
After=network.target
[Service]
Type=simple
#User=mastodon
User=kusanagi
#WorkingDirectory=/home/mastodon/live
WorkingDirectory=/home/kusanagi/live
Environment="NODE_ENV=production"
Environment="PORT=4000"
ExecStart=/usr/bin/npm run start
TimeoutSec=15
Restart=always
[Install]
WantedBy=multi-user.target
_EOF_
echo "サービスを有効にします...(mastodon-web,mastodon-sidekiq,mastodon-streaming)"
systemctl enable mastodon-{web,sidekiq,streaming}
systemctl start mastodon-{web,sidekiq,streaming}
echo "mastodonのcron登録を行います...(/etc/cron.d/mastodon)"
#echo "5 0 * * * mastodon cd /home/mastodon/live && RAILS_ENV=production /home/mastodon/.rbenv/shims/bundle exec rake mastodon:daily 2>&1 | logger -t mastodon-daily -p local0.info" > /etc/cron.d/mastodon
echo "5 0 * * * kusanagi cd /home/kusanagi/live && RAILS_ENV=production /home/kusanagi/.rbenv/shims/bundle exec rake mastodon:daily 2>&1 | logger -t mastodon-daily -p local0.info" > /etc/cron.d/mastodon
# nginx
echo "nginxを一時停止します..."
systemctl stop nginx
#echo "httpd -> mastodonに変更(/etc/nginx/nginx.conf)※要注意箇所"
#sed -i 's/user nginx/user mastodon/' /etc/nginx/nginx.conf
#sed -i 's/user httpd/user mastodon/' /etc/nginx/nginx.conf
#chown -R mastodon. /var/{lib,log}/nginx
#echo "mastodonのlogrotateを追加(/etc/logrotate.d/nginx)"
#sed -i 's/create 0644 nginx nginx/create 0644 mastodon mastodon/' /etc/logrotate.d/nginx
echo "nginxのconfファイルの書き込みを行います...(/etc/nginx/conf.d/${DOMAIN}_ssl.conf"
cat << _EOF_ > /etc/nginx/conf.d/${DOMAIN}_ssl.conf
map \$http_upgrade \$connection_upgrade {
default upgrade;
'' close;
}
server {
listen 443 ssl http2 default_server;
server_name ${DOMAIN};
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_ecdh_curve prime256v1;
ssl_prefer_server_ciphers on;
# /etc/nginx/nginx.conf でSSLのキャッシュサイズ定義済みのためコメントアウト
#ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/letsencrypt/live/${DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${DOMAIN}/privkey.pem;
keepalive_timeout 70;
sendfile on;
client_max_body_size 0;
#root /home/mastodon/live/public;
root /home/kusanagi/live/public;
server_tokens off;
charset utf-8;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age=31536000";
location / {
try_files \$uri @proxy;
}
location ~ ^/(packs|system/media_attachments/files|system/accounts/avatars) {
add_header Cache-Control "public, max-age=31536000, immutable";
try_files \$uri @proxy;
}
location @proxy {
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://127.0.0.1:3000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$connection_upgrade;
tcp_nodelay on;
}
location /api/v1/streaming {
proxy_set_header Host \$host;
proxy_set_header X-Real-IP \$remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass http://localhost:4000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade \$http_upgrade;
proxy_set_header Connection \$connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;
}
_EOF_
# postfix
echo "postfixの設定を行います...(/etc/postfix/main.cf)"
cat <<_EOL_>> /etc/postfix/main.cf
myhostname = ${DOMAIN}
smtp_tls_CAfile = /etc/pki/tls/certs/ca-bundle.crt
smtp_tls_security_level = may
smtp_tls_loglevel = 1
smtpd_client_connection_count_limit = 5
smtpd_client_message_rate_limit = 5
smtpd_client_recipient_rate_limit = 5
disable_vrfy_command = yes
smtpd_discard_ehlo_keywords = dsn, enhancedstatuscodes, etrn
_EOL_
sed -i -e 's/^inet_interfaces.*/inet_interfaces = all/' -e 's/^inet_protocols = all/inet_protocols = ipv4/' /etc/postfix/main.cf
echo "postfixを再起動します..."
systemctl restart postfix
# firewall
echo "firewallにポートを追加します...(port25,port443)"
firewall-cmd --permanent --add-port=25/tcp --add-port=443/tcp
firewall-cmd --reload
echo "nginxを有効にします..."
systemctl enable nginx
systemctl start nginx
echo
echo
echo "--------------------------------"
echo "マストドンのセットアップが完了しました!"
echo "下記URLを開いて動作を確認してください。"
echo
echo "https://${DOMAIN}/"
echo
echo "【注意:WARNING】"
echo "rootおよびkusanagiのアカウントによるSSHのアクセス否定、SSHのポート番号の変更も行うことをおすすめします。"
echo "--------------------------------"
echo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment