elmau
/
capsula-gemini
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
capsula-gemini/source/notes/bookwyrm.gmi

181 lines
3.8 KiB
Plaintext
Raw Permalink Blame History

apt update
apt upgrade -y
localectl set-locale LANG=en_US.UTF-8 LANGUAGE="en_US:en"
vim /etc/environment
LANG=en_US.UTF-8
LC_ALL=en_US.UTF-8
locale-gen en_US.UTF-8
dpkg-reconfigure locales
hostnamectl set-hostname lectura.social
vim /etc/security/limits.conf
* soft nofile 20480
adduser bookwyrm
gpasswd -a bookwyrm sudo
sudo apt install python3-pip python3-venv python-is-python3
sudo pip3 install --upgrade pip wheel
sudo apt install vim libpq-dev postgresql redis nginx certbot git
sudo vim /etc/postgresql/14/main/pg_hba.conf
local all postgres trust
local all all scram-sha-256
sudo systemctl restart postgresql
CREATE ROLE bookwyrm WITH LOGIN ENCRYPTED PASSWORD 'Super_Secret';
CREATE DATABASE bookwyrm WITH OWNER bookwyrm;
ALTER USER bookwyrm WITH SUPERUSER;
ALTER USER bookwyrm WITH NOSUPERUSER;
sudo mkdir /opt/bookwyrm
sudo chown bookwyrm:bookwyrm /opt/bookwyrm
cd /opt/bookwyrm
git clone https://github.com/bookwyrm-social/bookwyrm.git ./
git config --global --add safe.directory /opt/bookwyrm
git checkout production
cp .env.example .env
python3 -m venv venv
source venv/bin/activate.fish
pip install --upgrade pip wheel
pip install -r requirements.txt
vim .env
python manage.py migrate
python manage.py initdb
python manage.py collectstatic --no-input
python manage.py admin_code
9dac9b40-c47e-4e56-a00f-0917979e3fd0
sudo systemctl stop nginx
sudo certbot register --agree-tos -m CORREO
sudo certbot certonly --standalone --preferred-challenges http-01 -d lectura.social
/etc/letsencrypt/live/lectura.social/fullchain.pem
/etc/letsencrypt/live/lectura.social/privkey.pem
openssl dhparam -dsaparam -out /etc/letsencrypt/ssl-dhparams.pem 4096
Crear el archivo "options-ssl-nginx.conf"
```
vim /etc/letsencrypt/options-ssl-nginx.conf
```
Con el siguiente contenido:
```
ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA38";
add_header Strict-Transport-Security "max-age=63072000; preload";
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Permissions-Policy interest-cohort=();
```
Crear el archivo "certbot.conf"
```
vim /etc/letsencrypt/certbot.conf
```
Con el siguiente contenido. Asegurate de reemplazar "social.elmau.net" por tu dominio.
```
ssl_certificate /etc/letsencrypt/live/social.elmau.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/social.elmau.net/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
```
sudo rm /etc/nginx/sites-enabled/default
Reemplazar el contenido del archivo "nginx.conf"
```
vim /etc/nginx/nginx.conf
```
Por:
```
user www-data;
worker_processes auto;
worker_rlimit_nofile 20480;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
error_log /var/log/nginx/error.log warn;
events {
worker_connections 5120;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
server_tokens off;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
types_hash_max_size 2048;
keepalive_timeout 60;
include /etc/nginx/sites-enabled/*.conf;
disable_symlinks off;
}
```
sudo cp nginx/production /etc/nginx/sites-available/lectura.social.conf
sudo vim /etc/nginx/sites-available/lectura.social.conf
Reference in New Issue View Git Blame Copy Permalink