Cover Image

Pleroma Hosting on Raspberry Pi

May, 14. 2019f 2019 - Reading time: 13 minutes

Would you like to be your own social network provider? I just wanted to try something again. After looking at Friendica and the PHP based Hubzilla (and its successor Zap) I thought I'd try Pleroma.

Pleroma is basically very similar to the new promoted network Mastodon, only that it has much fewer components. It actually consists of only one program and one database. It comes with its own frontend, which runs in your browser and the backend runs in my case on my Raspberry Pi and currently consumes just over 200 MB! So it would probably even run on the 10 € cheap Raspbarry Pi Zero W. Additionally the user interface of Mastodon is installed, which can be used optionally.

This installation guide for the Raspberry Pi is based on the installation for Debian in the Pleroma Wiki, check it out in parallel. My manual differs in that I don't use the certbot for the Letsencrypt certificates, but the simpler acme.sh.

What do you need?

  • A Raspberry Pi - in my case the new model 3+
  • A data carrier. I recommend an SSD connected via USB because of its durability.
  • A domain, possibly from a DynDNS provider - here exemplary meinedomain.de
  • Electricity and about one hour time

How to install a Raspberry Pi that I write down another time. In the following I assume that you already have the Raspi running with the Raspian operating system and that you can log in with ssh.

Installation

First you see what operating system release you have and write it down for later:

cat /etc/os-release

For me it's "stretch", the current version of Raspbian. Now we add package sources for the Erlang virtual machine, which is something like the Java VM, just for another programming language:

wget https://packages.erlang-solutions.com/erlang-solutions_1.0_all.deb &&
sudo dpkg -i erlang-solutions_1.0_all.deb &&
rm erlang-solutions_1.0_all.deb

Here we are asked for the "system codename", there we indicate "stretch". Once we have added the package sources, we now install the runtime environment Elixir, which we need for Pleroma:

sudo apt update &&
sudo apt install elixir

... and now our database Postgres:

sudo apt install git build-essential postgresql postgresql-contrib

Create a System User

Next, we create a user "pleroma" in the Linux system in such a way that he cannot log in. It serves only to have an own user for the installation.

sudo useradd -r -s /bin/false -m -d /var/lib/pleroma -U pleroma

Get the Software

Now we create a directory for the installation and clone the program from the git repository:

sudo mkdir -p /opt/pleroma
sudo chown -R pleroma:pleroma /opt/pleroma
sudo -u pleroma git clone -b v0.9.9 https://git.pleroma.social/pleroma/pleroma /opt/pleroma

Since the user pleroma cannot log in himself for security reasons, we must now call every command with "sudo -u pleroma" in front of it. So we pretend to be this user.

At the moment Pleroma is still in development. To get the release branch of the software we have to explicitly specify -b v0.9.9. This will change later when the release 1.0 is out!

Alternatively you can download the software without git, but then you have to import the files manually with every update.

Now that we have downloaded the code for Pleroma ourselves, we get with the command "mix" the further dependencies or program parts that Pleroma needs for itself. Important: If we do something with the command mix in the future, we always have to be in the directory /opt/pleroma!

cd /opt/pleroma
sudo -u pleroma mix deps.get

Wenn wir gefragt werden, ob wir Hex installieren wollen, sagen wir ja.

Generate the Configuration

Now we generate a configuration for Pleroma. If we are asked for rebar, we say yes again. The domain is called here as an example meinedomain.de:

sudo -u pleroma mix pleroma.instance gen

Generated pleroma app
What domain will your instance use? (e.g pleroma.soykaf.com) [] meinedomain.de
What is the name of your instance? (e.g. Pleroma/Soykaf) [] Superpleroma
What is your admin email address? [] admin@meinedomain.de
What is the hostname of your database? [localhost]
What is the name of your database? [pleroma_dev] pleroma_prod
What is the user used to connect to your database? [pleroma]
What is the password used to connect to your database? [autogenerated]

14bc6bd40f0ea7879cd75444939669ee6e6ac85c

Versuchen Sie --always oder erstellen Sie einige Tags.
Writing config to config/generated_config.exs. You should rename it to config/prod.secret.exs or config/dev.secret.exs.
Writing config/setup_db.psql.

We ignore this message with the funny hex number and the tags. It won't happen again once Pleroma is out of development and has real releases. Then we do exactly what the penultimate message told us: We copy generated_config.exs to prod.secret.exs. Pleroma assumes that there is a test system and a production system.

mv config/{generated_config.exs,prod.secret.exs}

In the generated configuration you may have to change some things, for example whether you want other users to be able to register themselves and also the access to your mail server. New users have to confirm with their mail and Pleroma has to be able to send mails:

config :pleroma, :instance,
  name: "Superpleroma",
email: "admin@meineemail.de",
  limit: 5000,
  registrations_open: false,
  dedupe_media: false

...

# Enable Strict-Transport-Security once SSL is working:
config :pleroma, :http_security,
  sts: true

...

config :pleroma, Pleroma.Mailer,
  adapter: Swoosh.Adapters.SMTP,
  relay: "deinmailserver.de",
  username: "admin@meinedomain.de",
  password: "vollgeheim!",
  port: 465,
  ssl: true,
  tls: :always,
  auth: :always

Create the Database

Now we'll create a postgres database. A password is generated, which we have to remember or copy away.

sudo -u postgres psql -f 'config/setup_db.psql'
PW: Gcwr9LNlSoiJmtWjE15ORGTTXfoG4bAZvIg2s8xs5c3scs09igihzUobAS4LKmNp

Now that our database and user exist, we start the so-called migration:

sudo -Hu pleroma MIX_ENV=prod mix ecto.migrate

Nginx Reverse Proxy

In order for our Pleroma instance to be secure, we need an upstream reverse proxy that secures our web presence with HTTPS. How to do this with Nginx is described here:

If you don't want a wildcard certificate for your Raspberry Pi, but only a certificate for a single domain, then you can get it manually (Nginx must be switched off, if already installed):

acme.sh --issue --standalone -d meinedomain.de

Back to the reverse proxy again: Pleroma comes with a completely optimized configuration for the reverse proxy, which we simply copy to the sites-available directory at Nginx. All you have to do is change the server name.

sudo apt install nginx
sudo cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx

Don't forget that this configuration for Nginx has to be activated by linking it:

sudo ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx
sudo systemctl restart nginx.service

Create Pleroma User

Now we have to create at least one user who is admin. You can also create normal users or moderator users:

cd /opt/pleroma
sudo -u pleroma MIX_ENV=prod mix pleroma.user new username deine@email.de --admin
Generated password reset token for admin
URL: https://meinedomain.de/api/pleroma/password_reset/Eaa2YOlsYUaM_NcOGceW5EHRO2YH7ajDnqMcwC2rm8v%3D

It is best to copy the link into your browser and reset your password. With Linux you can usually click with + mouse on it.

Error Messages?

If we get a report from Pleroma, like this one,

17:45:06.366 [warn] !!!DEPRECATION WARNING!!!
You are using the old configuration mechanism for the frontend. Please check config.md.

Then this is because there is a section in the /opt/pleroma/config/config.exs file that starts like this:

# Deprecated, will be gone in 1.0
config :pleroma, :fe,
...

... and which can be switched off or eliminated via our configuration prod.secret.exs by inserting at the end:

config :pleroma, :fe, false

This should no longer be the case in the upcoming release.

Start and System Integration

That's it. We can now start our instance and quit with pressing CTRL+C and then a:

sudo -Hu pleroma MIX_ENV=prod mix phx.server

To embed the whole thing into the system, so that it starts automatically even after a reboot, here are the commands:

sudo cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
sudo systemctl enable --now pleroma.service

Software Update

If you want to update your system, you can do this with these commands:

sudo systemctl stop pleroma.service
cd /opt/pleroma
sudo -u pleroma git pull
sudo -u pleroma MIX_ENV=prod mix deps.get
sudo -u pleroma MIX_ENV=prod mix ecto.migrate
sudo systemctl start pleroma.service

So, I hope everything went smoothly. In English you can read more details here and maybe clarify one or two questions if there were problems. I myself got pretty bitten by it, because the Runtime Elixir and the whole approach was new to me.

About

The World in the Eyes of Mr. Doering.

Experiences, Mentions, Inspirations, Emotions and Experiences

Der deutsche Blog ist hier.