Overview

Below are some notes I made while installing some Mastodon instances.

Note Deviations from primary mastodon install notes

• Main doc: https://docs.joinmastodon.org/admin/install/
• Main alt: https://github.com/mastodon/documentation/tree/master/content/en/admin/install.md

Intro

Install mastodon (v4.1.5, current as of 27 July 2023) on cloud-based Ubuntu 22.04.

Generally followed install directions from above with some significant alterations, documented below.

Preliminaries

• all work done below is as root user

• Spin up a new ubuntu 22.04 server on a cloud provider of choice

• Update the server with apt-get update; apt-get dist-upgrade

• Reboot

• Setup new ssh-keys to get access

• Install basic preferred software:

  • Editors (emacs, vi, etc)
  • git
  • firewall (I prefer firewalld over ufw)
  • chrony (I prefer over default)
  • start new firewall software, stop and remove ufw

• create a secondary user on the server, username of choice

• setup this account with ssh keys

• test account access

• Change SSH port from default of 22 to an unused one of admin’s choice. This is to prevent a lot of login attempts.

  • This port change is made in /etc/ssh/sshd_config
  • Change firewall to allow this new port to access the machine: Important!!

• restart ssh ‘systemctl restart ssh (or sshd)’

• Test access with login and with ssh keys to both root and secondary accounts

• If it all tests good, use prohibit-password on /etc/ssh/sshd_config {PermitRootLogin prohibit-password}

• allow http and https on firewall

• Modifiy the server name as needed using hostnamectl set-hostname ……

• Setup DNS and rDNS for the server

Install postfix or sendmail

• basic install ok as a satellite or relay for now

• setup a smart host to rely email to for sending

• More details later

• this should be set before putting mastodon on, but not absolutely needed first.

• easier to install mastodon if postfix is working

• install bsd-mailx to get mail

• use mail to test

• also look at internal port 25

create a mastodon user

• This differs from the primary install instructions.
  • Create the mastodon user as a regular user, and set a password
  • Later will disable logins to the mastodon user

Install nginx

• apt install …

• This also differs in sequence from main instructions

• trying an idea where install letsencrypt for a simple server for the domain name planned, then edit for mastodon.

• Has the advantage of testing the basic nginx server first before doing fancy stuff with mastodon.

Install certbot for Let’s Encrypt

• apt install certbot
• will also need to install certbot for nginx, probably python now too.
  • apt install python3-certbot-nginx

Now start using main mastodon install docs more closely

Install some basic system utilities

• “Make sure curl, wget, gnupg, apt-transport-https, lsb-release and ca-certificates are installed first:”

• apt install -y curl wget gnupg apt-transport-https lsb-release ca-certificates

• Will needed for next step of installing some key external repos

Install External Repos

PostgreSQL

• wget -O /usr/share/keyrings/postgresql.asc https://www.postgresql.org/media/keys/ACCC4CF8.asc
• echo “deb [signed-by=/usr/share/keyrings/postgresql.asc] http://apt.postgresql.org/pub/repos/apt $(lsb_release -cs)-pgdg main” > /etc/apt/sources.list.d/postgresql.list
• apt update

Postgress will be installed from this repo a bit later

install nodejs

curl -sL https://deb.nodesource.com/setup_16.x | bash -

Install More System Packages

Now will also install postgreSQL from the preferred repository

• “apt update”
• “apt install -y
  imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev file git-core
  g++ libprotobuf-dev protobuf-compiler pkg-config nodejs gcc autoconf
  bison build-essential libssl-dev libyaml-dev libreadline6-dev
  zlib1g-dev libncurses5-dev libffi-dev libgdbm-dev
  nginx redis-server redis-tools postgresql postgresql-contrib
  certbot python3-certbot-nginx libidn11-dev libicu-dev libjemalloc-dev”

Run apt-get install -y nodejs to install Node.js 16.x and npm

You may also need development tools to build native addons:

  apt-get install gcc g++ make build-essential

Get some other files installed that will be needed later

apt-get install libidn-dev idn libpq-dev redis

To install the Yarn package manager, run:

 curl -sL https://dl.yarnpkg.com/debian/pubkey.gpg | gpg --dearmor | sudo tee /usr/share/keyrings/yarnkey.gpg >/dev/null
 echo "deb [signed-by=/usr/share/keyrings/yarnkey.gpg] https://dl.yarnpkg.com/debian stable main" | sudo tee /etc/apt/sources.list.d/yarn.list
 sudo apt-get update && sudo apt-get install yarn

Install Yarn

• corepack enable
• yarn set version classic

Install Ruby

• Now switch to the mastodon user by using ‘su mastodon’
• Then make sure you are in the mastodon user’s home space: ‘cd’

Install key Ruby tools

• git clone https://github.com/rbenv/rbenv.git ~/.rbenv
• echo ’export PATH="$HOME/.rbenv/bin:$PATH"’ » ~/.bashrc
• echo ’eval “$(rbenv init -)”’ » ~/.bashrc
• exec bash {do we really need this?? maybe ya to get the .bashrc change to ‘stick’}
• git clone https://github.com/rbenv/ruby-build.git ~/.rbenv/plugins/ruby-build

NB

If no system openssl version was found, ensure openssl headers are installed (https://github.com/rbenv/ruby-build/wiki#suggested-build-environment):

• apt-get install libssl-dev
• checking for library containing malloc_conf… no
• checking for jemalloc/jemalloc.h… no
• checking for jemalloc with JEMALLOC_MANGLE… no

Install Ruby

Stay in .rbenv directory (or be sure you are there) and run:

• RUBY_CONFIGURE_OPTS=–with-jemalloc rbenv install 3.0.6 –verbose {adding verbose allows you to track progress of this long step}

• rbenv global 3.0.6

Install ruby’s bundler

• gem install bundler –no-document
• return to being the root user: ’exit'
• change directory to root: ‘cd’

Install PostgreSQL

apt-get install postgresql {done earlier}

• Other than installing and using pgTune, which I skipped, I followed the PostgreSQL install directions in the main mastodon install document.

Start PostgreSQL

• systemctl enable postgresql
• systemctl restart postgresql

Create a postgresql user for mastodon

• block quote below

You will need to create a PostgreSQL user that Mastodon could use. It is easiest to go with “ident” authentication in a simple setup, i.e. the PostgreSQL user does not have a separate password and can be used by the Linux user with the same username.

• Open the prompt:

  • sudo -u postgres psql {might get error “could not change directory to “/root”: Permission denied’ ok to ignore for now}

• In the prompt, execute:

• CREATE USER mastodon CREATEDB;

• \q

Install Mastodon

fetch the mastodon code

• change back to mastodon user and it’s home directory
  • su mastodon
  • cd

Use git to download the latest stable release of Mastodon:

• git clone https://github.com/mastodon/mastodon.git live && cd live
• git checkout $(git tag -l | grep -v ‘rc[0-9]*$’ | sort -V | tail -n 1)

Install dependencies

Ruby and JavaScript dependencies

• bundle config deployment ’true’
• bundle config without ‘development test’
• bundle install -j$(getconf _NPROCESSORS_ONLN)
• yarn install –pure-lockfile

Might get:

An error occurred while installing charlock_holmes (0.7.7), and Bundler cannot continue.

• In Gemfile: charlock_holmes

• fix:

  • checking for -licui18n… no
  • -lidn… no
  • ERROR: could not find idn library!

  Please install the GNU IDN library or alternatively specify at least one of the following options if the library can only be found in a non-standard location:

• apt-get install libidn-dev idn libpq-dev redis

In once case I also had an issue with needing icu: “icu required (brew install icu4c or apt-get install libicu-dev)”

“The two bundle config commands are only needed the first time you’re installing dependencies. If you’re going to be updating or re-installing dependencies later, just bundle install will be enough.”

• sudo apt install libpq-dev

Might also need to add redis

• redis - Persistent key-value database with network interface (metapackage)
• redis-redisearch - Full-text and secondary search index engine module for Redis
• redis-redisearch-doc - Full-text and secondary search index engine module for Redis (documentation)
• redis-sentinel - Persistent key-value database with network interface (monitoring) redis-server - Persistent key-value database with network interface redis-tools

Run interactive setup wizard

• RAILS_ENV=production bundle exec rake mastodon:setup

This will:

• Create a configuration file
• Run asset precompilation
• Create the database schema

The configuration file is saved as .env.production. You can review and edit it to your liking. Refer to the documentation on configuration.

the config wizard will run. remember your new admin username and temporary password

• you will need to have email working soon to get other folks onboard

You’re done with the mastodon user for now, so switch back to root:

• exit
• cd

Setting up nginx

Deviation

This is where I had to make the most changes from the joinmastodon instructions. Ngnix as installed and configured out of the box wasn’t ready for running ssh. I needed to edit the basic nginx config to remove the ssh portion temporarily. Then ran certbot to get a Let’s Encrypt certificate for my site.

• certbot -d example.com

This needs to be done again and take closer notes.

Back to joinmastodon instructions

Copy the configuration template for nginx from the Mastodon directory:

• cp /home/mastodon/live/dist/nginx.conf /etc/nginx/sites-available/mastodon
• ln -s /etc/nginx/sites-available/mastodon /etc/nginx/sites-enabled/mastodon

Then edit /etc/nginx/sites-available/mastodon to replace example.com with your own domain name, and make any other adjustments you might need.

Reload nginx for the changes to take effect:

• systemctl reload nginx

Skip certificate instructions, since already did that

At this point you should be able to visit your domain in the browser and see the elephant hitting the computer screen error page. This is because we haven’t started the Mastodon process yet.

Setting up systemd services

Copy the systemd service templates from the Mastodon directory:

• cp /home/mastodon/live/dist/mastodon-*.service /lib/systemd/system/ {NOT /etc/systemd/system/}

If you deviated from the defaults at any point, check that the username and paths are correct:

• $EDITOR /etc/systemd/system/mastodon-*.service {where $EDITOR is your preferred editor like emacs etc}

Finally, start and enable the new systemd services:

• systemctl daemon-reload
• systemctl enable –now mastodon-web mastodon-sidekiq mastodon-streaming

They will now automatically start at boot. Browserslist: caniuse-lite is outdated. Please run: npx update-browserslist-db@latest Why you should do it regularly: https://github.com/browserslist/update-db#readme

Done!

tarting A high performance web server and a reverse proxy server… Jul 28 19:06:04 moth.orchids.social nginx[60318]: nginx: [emerg] no “ssl_certificate” is defined for the “listen … ssl” directive in /etc/nginx/sites-enabled/mastodon-orchid.conf:25

Jul 28 19:06:04 moth.orchids.social nginx[60318]: nginx: configuration file /etc/nginx/nginx.conf test failed

Jul 28 19:06:04 moth.orchids.social systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE

Jul 28 19:06:04 moth.orchids.social systemd[1]: nginx.service: Failed with result ’exit-code'.

Jul 28 19:06:04 moth.orchids.social systemd[1]: Failed to start A high performance web server and a reverse proxy server.

comment out the listen until get a cert

server {

listen 443 ssl http2;

listen [::]:443 ssl http2;

server_name moth.orchids.social;

then edit the server file to rejoin what certbot did with what should also be in for ssl

“/home/mastodon/live/public/” failed (13: Permission denied), client: 51.81.167.146, server: moth.orchids.social,

chmod ugo+wx mastodon/

install plocate is helpful

Need to fix this

ERROR: Missing RAILS_ENV environment variable, please set it to “production”, “development”, or “test”.