diff options
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/api/admin_api.md | 171 | ||||
| -rw-r--r-- | docs/api/differences_in_mastoapi_responses.md | 34 | ||||
| -rw-r--r-- | docs/api/pleroma_api.md | 64 | ||||
| -rw-r--r-- | docs/clients.md | 14 | ||||
| -rw-r--r-- | docs/config.md | 139 | ||||
| -rw-r--r-- | docs/config/howto_mediaproxy.md | 8 | ||||
| -rw-r--r-- | docs/config/howto_set_richmedia_cache_ttl_based_on_image.md | 33 | ||||
| -rw-r--r-- | docs/config/howto_user_recomendation.md | 6 | ||||
| -rw-r--r-- | docs/config/small_customizations.md | 29 | ||||
| -rw-r--r-- | docs/config/static_dir.md | 51 | ||||
| -rw-r--r-- | docs/installation/alpine_linux_en.md | 13 | ||||
| -rw-r--r-- | docs/installation/arch_linux_en.md | 13 | ||||
| -rw-r--r-- | docs/installation/centos7_en.md | 13 | ||||
| -rw-r--r-- | docs/installation/debian_based_en.md | 13 | ||||
| -rw-r--r-- | docs/installation/debian_based_jp.md | 9 | ||||
| -rw-r--r-- | docs/installation/gentoo_en.md | 13 | ||||
| -rw-r--r-- | docs/installation/migrating_from_source_otp_en.md | 153 | ||||
| -rw-r--r-- | docs/installation/otp_en.md | 269 |
18 files changed, 918 insertions, 127 deletions
diff --git a/docs/api/admin_api.md b/docs/api/admin_api.md index b45c5e285..7ccb90836 100644 --- a/docs/api/admin_api.md +++ b/docs/api/admin_api.md @@ -38,7 +38,9 @@ Authentication is required and the user must be an admin. "moderator": bool }, "local": bool, - "tags": array + "tags": array, + "avatar": string, + "display_name": string }, ... ] @@ -174,17 +176,30 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret - `nickname` - `status` BOOLEAN field, false value means deactivation. -## `/api/pleroma/admin/users/:nickname` +## `/api/pleroma/admin/users/:nickname_or_id` ### Retrive the details of a user - Method: `GET` - Params: - - `nickname` + - `nickname` or `id` - Response: - On failure: `Not found` - On success: JSON of the user +## `/api/pleroma/admin/users/:nickname_or_id/statuses` + +### Retrive user's latest statuses + +- Method: `GET` +- Params: + - `nickname` or `id` + - *optional* `page_size`: number of statuses to return (default is `20`) + - *optional* `godmode`: `true`/`false` – allows to see private statuses +- Response: + - On failure: `Not found` + - On success: JSON array of user's latest statuses + ## `/api/pleroma/admin/relay` ### Follow a Relay @@ -289,7 +304,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret - `limit`: optional, the number of records to retrieve - `since_id`: optional, returns results that are more recent than the specified id - `max_id`: optional, returns results that are older than the specified id -- Response: +- Response: - On failure: 403 Forbidden error `{"error": "error_msg"}` when requested by anonymous or non-admin - On success: JSON, returns a list of reports, where: - `account`: the user who has been reported @@ -331,6 +346,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret "pleroma": {}, "sensitive": false }, + "tags": ["force_unlisted"], "statuses_count": 3, "url": "https://pleroma.example.org/users/user", "username": "user" @@ -366,6 +382,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret "pleroma": {}, "sensitive": false }, + "tags": ["force_unlisted"], "statuses_count": 1, "url": "https://pleroma.example.org/users/lain", "username": "lain" @@ -443,7 +460,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret - Params: - `id` - Response: - - On failure: + - On failure: - 403 Forbidden `{"error": "error_msg"}` - 404 Not Found `"Not found"` - On success: JSON, Report object (see above) @@ -454,8 +471,8 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret - Params: - `id` - `state`: required, the new state. Valid values are `open`, `closed` and `resolved` -- Response: - - On failure: +- Response: + - On failure: - 400 Bad Request `"Unsupported state"` - 403 Forbidden `{"error": "error_msg"}` - 404 Not Found `"Not found"` @@ -467,10 +484,10 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret - Params: - `id` - `status`: required, the message -- Response: - - On failure: - - 400 Bad Request `"Invalid parameters"` when `status` is missing - - 403 Forbidden `{"error": "error_msg"}` +- Response: + - On failure: + - 400 Bad Request `"Invalid parameters"` when `status` is missing + - 403 Forbidden `{"error": "error_msg"}` - 404 Not Found `"Not found"` - On success: JSON, created Mastodon Status entity @@ -540,10 +557,10 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret - `id` - `sensitive`: optional, valid values are `true` or `false` - `visibility`: optional, valid values are `public`, `private` and `unlisted` -- Response: - - On failure: +- Response: + - On failure: - 400 Bad Request `"Unsupported visibility"` - - 403 Forbidden `{"error": "error_msg"}` + - 403 Forbidden `{"error": "error_msg"}` - 404 Not Found `"Not found"` - On success: JSON, Mastodon Status entity @@ -552,8 +569,128 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret - Method `DELETE` - Params: - `id` -- Response: - - On failure: - - 403 Forbidden `{"error": "error_msg"}` +- Response: + - On failure: + - 403 Forbidden `{"error": "error_msg"}` - 404 Not Found `"Not found"` - On success: 200 OK `{}` + + +## `/api/pleroma/admin/config/migrate_to_db` +### Run mix task pleroma.config migrate_to_db +Copy settings on key `:pleroma` to DB. +- Method `GET` +- Params: none +- Response: + +```json +{} +``` + +## `/api/pleroma/admin/config/migrate_from_db` +### Run mix task pleroma.config migrate_from_db +Copy all settings from DB to `config/prod.exported_from_db.secret.exs` with deletion from DB. +- Method `GET` +- Params: none +- Response: + +```json +{} +``` + +## `/api/pleroma/admin/config` +### List config settings +List config settings only works with `:pleroma => :instance => :dynamic_configuration` setting to `true`. +- Method `GET` +- Params: none +- Response: + +```json +{ + configs: [ + { + "group": string, + "key": string or string with leading `:` for atoms, + "value": string or {} or [] or {"tuple": []} + } + ] +} +``` + +## `/api/pleroma/admin/config` +### Update config settings +Updating config settings only works with `:pleroma => :instance => :dynamic_configuration` setting to `true`. +Module name can be passed as string, which starts with `Pleroma`, e.g. `"Pleroma.Upload"`. +Atom keys and values can be passed with `:` in the beginning, e.g. `":upload"`. +Tuples can be passed as `{"tuple": ["first_val", Pleroma.Module, []]}`. +`{"tuple": ["some_string", "Pleroma.Some.Module", []]}` will be converted to `{"some_string", Pleroma.Some.Module, []}`. +Keywords can be passed as lists with 2 child tuples, e.g. +`[{"tuple": ["first_val", Pleroma.Module]}, {"tuple": ["second_val", true]}]`. + +If value contains list of settings `[subkey: val1, subkey2: val2, subkey3: val3]`, it's possible to remove only subkeys instead of all settings passing `subkeys` parameter. E.g.: +{"group": "pleroma", "key": "some_key", "delete": "true", "subkeys": [":subkey", ":subkey3"]}. + +Compile time settings (need instance reboot): +- all settings by this keys: + - `:hackney_pools` + - `:chat` + - `Pleroma.Web.Endpoint` + - `Pleroma.Repo` +- part settings: + - `Pleroma.Captcha` -> `:seconds_valid` + - `Pleroma.Upload` -> `:proxy_remote` + - `:instance` -> `:upload_limit` + +- Method `POST` +- Params: + - `configs` => [ + - `group` (string) + - `key` (string or string with leading `:` for atoms) + - `value` (string, [], {} or {"tuple": []}) + - `delete` = true (optional, if parameter must be deleted) + - `subkeys` [(string with leading `:` for atoms)] (optional, works only if `delete=true` parameter is passed, otherwise will be ignored) + ] + +- Request (example): + +```json +{ + configs: [ + { + "group": "pleroma", + "key": "Pleroma.Upload", + "value": [ + {"tuple": [":uploader", "Pleroma.Uploaders.Local"]}, + {"tuple": [":filters", ["Pleroma.Upload.Filter.Dedupe"]]}, + {"tuple": [":link_name", true]}, + {"tuple": [":proxy_remote", false]}, + {"tuple": [":proxy_opts", [ + {"tuple": [":redirect_on_failure", false]}, + {"tuple": [":max_body_length", 1048576]}, + {"tuple": [":http": [ + {"tuple": [":follow_redirect", true]}, + {"tuple": [":pool", ":upload"]}, + ]]} + ] + ]}, + {"tuple": [":dispatch", { + "tuple": ["/api/v1/streaming", "Pleroma.Web.MastodonAPI.WebsocketHandler", []] + }]} + ] + } + ] +} + +- Response: + +```json +{ + configs: [ + { + "group": string, + "key": string or string with leading `:` for atoms, + "value": string or {} or [] or {"tuple": []} + } + ] +} +``` diff --git a/docs/api/differences_in_mastoapi_responses.md b/docs/api/differences_in_mastoapi_responses.md index 36b47608e..f34e3dd72 100644 --- a/docs/api/differences_in_mastoapi_responses.md +++ b/docs/api/differences_in_mastoapi_responses.md @@ -16,13 +16,16 @@ Adding the parameter `with_muted=true` to the timeline queries will also return ## Statuses +- `visibility`: has an additional possible value `list` + Has these additional fields under the `pleroma` object: -- `local`: true if the post was made on the local instance. +- `local`: true if the post was made on the local instance - `conversation_id`: the ID of the conversation the status is associated with (if any) - `in_reply_to_account_acct`: the `acct` property of User entity for replied user (if any) - `content`: a map consisting of alternate representations of the `content` property with the key being it's mimetype. Currently the only alternate representation supported is `text/plain` - `spoiler_text`: a map consisting of alternate representations of the `spoiler_text` property with the key being it's mimetype. Currently the only alternate representation supported is `text/plain` +- `expires_at`: a datetime (iso8601) that states when the post will expire (be deleted automatically), or empty if the post won't expire ## Attachments @@ -32,7 +35,10 @@ Has these additional fields under the `pleroma` object: ## Accounts -- `/api/v1/accounts/:id`: The `id` parameter can also be the `nickname` of the user. This only works in this endpoint, not the deeper nested ones for following etc. +The `id` parameter can also be the `nickname` of the user. This only works in these endpoints, not the deeper nested ones for following etc. + +- `/api/v1/accounts/:id` +- `/api/v1/accounts/:id/statuses` Has these additional fields under the `pleroma` object: @@ -43,6 +49,9 @@ Has these additional fields under the `pleroma` object: - `confirmation_pending`: boolean, true if a new user account is waiting on email confirmation to be activated - `hide_followers`: boolean, true when the user has follower hiding enabled - `hide_follows`: boolean, true when the user has follow hiding enabled +- `settings_store`: A generic map of settings for frontends. Opaque to the backend. Only returned in `verify_credentials` and `update_credentials` +- `chat_token`: The token needed for Pleroma chat. Only returned in `verify_credentials` +- `deactivated`: boolean, true when the user is deactivated ### Source @@ -51,12 +60,19 @@ Has these additional fields under the `pleroma` object: - `show_role`: boolean, nullable, true when the user wants his role (e.g admin, moderator) to be shown - `no_rich_text` - boolean, nullable, true when html tags are stripped from all statuses requested from the API +## Conversations + +Has an additional field under the `pleroma` object: + +- `recipients`: The list of the recipients of this Conversation. These will be addressed when replying to this conversation. + ## Account Search Behavior has changed: - `/api/v1/accounts/search`: Does not require authentication + ## Notifications Has these additional fields under the `pleroma` object: @@ -69,6 +85,10 @@ Additional parameters can be added to the JSON body/Form data: - `preview`: boolean, if set to `true` the post won't be actually posted, but the status entitiy would still be rendered back. This could be useful for previewing rich text/custom emoji, for example. - `content_type`: string, contain the MIME type of the status, it is transformed into HTML by the backend. You can get the list of the supported MIME types with the nodeinfo endpoint. +- `to`: A list of nicknames (like `lain@soykaf.club` or `lain` on the local server) that will be used to determine who is going to be addressed by this post. Using this will disable the implicit addressing by mentioned names in the `status` body, only the people in the `to` list will be addressed. The normal rules for for post visibility are not affected by this and will still apply. +- `visibility`: string, besides standard MastoAPI values (`direct`, `private`, `unlisted` or `public`) it can be used to address a List by setting it to `list:LIST_ID`. +- `expires_in`: The number of seconds the posted activity should expire in. When a posted activity expires it will be deleted from the server, and a delete request for it will be federated. This needs to be longer than an hour. +- `in_reply_to_conversation_id`: Will reply to a given conversation, addressing only the people who are part of the recipient set of that conversation. Sets the visibility to `direct`. ## PATCH `/api/v1/update_credentials` @@ -80,6 +100,16 @@ Additional parameters can be added to the JSON body/Form data: - `hide_favorites` - if true, user's favorites timeline will be hidden - `show_role` - if true, user's role (e.g admin, moderator) will be exposed to anyone in the API - `default_scope` - the scope returned under `privacy` key in Source subentity +- `pleroma_settings_store` - Opaque user settings to be saved on the backend. +- `skip_thread_containment` - if true, skip filtering out broken threads +- `pleroma_background_image` - sets the background image of the user. + +### Pleroma Settings Store +Pleroma has mechanism that allows frontends to save blobs of json for each user on the backend. This can be used to save frontend-specific settings for a user that the backend does not need to know about. + +The parameter should have a form of `{frontend_name: {...}}`, with `frontend_name` identifying your type of client, e.g. `pleroma_fe`. It will overwrite everything under this property, but will not overwrite other frontend's settings. + +This information is returned in the `verify_credentials` endpoint. ## Authentication diff --git a/docs/api/pleroma_api.md b/docs/api/pleroma_api.md index 4d99a2d2b..b134b31a8 100644 --- a/docs/api/pleroma_api.md +++ b/docs/api/pleroma_api.md @@ -126,20 +126,6 @@ Request parameters can be passed via [query strings](https://en.wikipedia.org/wi ## `/api/pleroma/admin/`… See [Admin-API](Admin-API.md) -## `/api/v1/pleroma/flavour/:flavour` -* Method `POST` -* Authentication: required -* Response: JSON string. Returns the user flavour or the default one on success, otherwise returns `{"error": "error_msg"}` -* Example response: "glitch" -* Note: This is intended to be used only by mastofe - -## `/api/v1/pleroma/flavour` -* Method `GET` -* Authentication: required -* Response: JSON string. Returns the user flavour or the default one. -* Example response: "glitch" -* Note: This is intended to be used only by mastofe - ## `/api/pleroma/notifications/read` ### Mark a single notification as read * Method `POST` @@ -252,6 +238,21 @@ See [Admin-API](Admin-API.md) ] ``` +## `/api/v1/pleroma/accounts/update_*` +### Set and clear account avatar, banner, and background + +- PATCH `/api/v1/pleroma/accounts/update_avatar`: Set/clear user avatar image +- PATCH `/api/v1/pleroma/accounts/update_banner`: Set/clear user banner image +- PATCH `/api/v1/pleroma/accounts/update_background`: Set/clear user background image + +## `/api/v1/pleroma/accounts/confirmation_resend` +### Resend confirmation email +* Method `POST` +* Params: + * `email`: email of that needs to be verified +* Authentication: not required +* Response: 204 No Content + ## `/api/v1/pleroma/mascot` ### Gets user mascot image * Method `GET` @@ -318,3 +319,38 @@ See [Admin-API](Admin-API.md) "healthy": true # Instance state } ``` + +# Pleroma Conversations + +Pleroma Conversations have the same general structure that Mastodon Conversations have. The behavior differs in the following ways when using these endpoints: + +1. Pleroma Conversations never add or remove recipients, unless explicitly changed by the user. +2. Pleroma Conversations statuses can be requested by Conversation id. +3. Pleroma Conversations can be replied to. + +Conversations have the additional field "recipients" under the "pleroma" key. This holds a list of all the accounts that will receive a message in this conversation. + +The status posting endpoint takes an additional parameter, `in_reply_to_conversation_id`, which, when set, will set the visiblity to direct and address only the people who are the recipients of that Conversation. + + +## `GET /api/v1/pleroma/conversations/:id/statuses` +### Timeline for a given conversation +* Method `GET` +* Authentication: required +* Params: Like other timelines +* Response: JSON, statuses (200 - healthy, 503 unhealthy). + +## `GET /api/v1/pleroma/conversations/:id` +### The conversation with the given ID. +* Method `GET` +* Authentication: required +* Params: None +* Response: JSON, statuses (200 - healthy, 503 unhealthy). + +## `PATCH /api/v1/pleroma/conversations/:id` +### Update a conversation. Used to change the set of recipients. +* Method `PATCH` +* Authentication: required +* Params: + * `recipients`: A list of ids of users that should receive posts to this conversation. This will replace the current list of recipients, so submit the full list. The owner of owner of the conversation will always be part of the set of recipients, though. +* Response: JSON, statuses (200 - healthy, 503 unhealthy) diff --git a/docs/clients.md b/docs/clients.md index dc3e83bcc..9029361f8 100644 --- a/docs/clients.md +++ b/docs/clients.md @@ -31,10 +31,11 @@ Feel free to contact us to be added to this list! - Features: No Streaming ### Fedilab -- Source Code: <https://gitlab.com/tom79/mastalab/> -- Contact: [@tom79@mastodon.social](https://mastodon.social/users/tom79) +- Homepage: <https://fedilab.app/> +- Source Code: <https://framagit.org/tom79/fedilab/> +- Contact: [@fedilab@framapiaf.org](https://framapiaf.org/users/fedilab) - Platforms: Android -- Features: Streaming Ready +- Features: Streaming Ready, Moderation, Text Formatting ### Nekonium - Homepage: [F-Droid Repository](https://repo.gdgd.jp.net/), [Google Play](https://play.google.com/store/apps/details?id=com.apps.nekonium), [Amazon](https://www.amazon.co.jp/dp/B076FXPRBC/) @@ -49,13 +50,6 @@ Feel free to contact us to be added to this list! - Platforms: iOS, Android - Features: No Streaming -### Tootdon -- Homepage: <http://tootdon.club/>, <http://blog.mastodon-tootdon.com/> -- Source Code: ??? -- Contact: [@tootdon@mstdn.jp](https://mstdn.jp/users/tootdon) -- Platforms: Android, iOS -- Features: No Streaming - ### Tusky - Homepage: <https://tuskyapp.github.io/> - Source Code: <https://github.com/tuskyapp/Tusky> diff --git a/docs/config.md b/docs/config.md index 67b062fe9..414b54660 100644 --- a/docs/config.md +++ b/docs/config.md @@ -16,9 +16,17 @@ Note: `strip_exif` has been replaced by `Pleroma.Upload.Filter.Mogrify`. ## Pleroma.Uploaders.Local * `uploads`: Which directory to store the user-uploads in, relative to pleroma’s working directory +## Pleroma.Uploaders.S3 +* `bucket`: S3 bucket name +* `bucket_namespace`: S3 bucket namespace +* `public_endpoint`: S3 endpoint that the user finally accesses(ex. "https://s3.dualstack.ap-northeast-1.amazonaws.com") +* `truncated_namespace`: If you use S3 compatible service such as Digital Ocean Spaces or CDN, set folder name or "" etc. +For example, when using CDN to S3 virtual host format, set "". +At this time, write CNAME to CDN in public_endpoint. + ## Pleroma.Upload.Filter.Mogrify -* `args`: List of actions for the `mogrify` command like `"strip"` or `["strip", "auto-orient", {"impode", "1"}]`. +* `args`: List of actions for the `mogrify` command like `"strip"` or `["strip", "auto-orient", {"implode", "1"}]`. ## Pleroma.Upload.Filter.Dedupe @@ -29,11 +37,12 @@ No specific configuration. This filter replaces the filename (not the path) of an upload. For complete obfuscation, add `Pleroma.Upload.Filter.Dedupe` before AnonymizeFilename. -* `text`: Text to replace filenames in links. If empty, `{random}.extension` will be used. +* `text`: Text to replace filenames in links. If empty, `{random}.extension` will be used. You can get the original filename extension by using `{extension}`, for example `custom-file-name.{extension}`. ## Pleroma.Emails.Mailer * `adapter`: one of the mail adapters listed in [Swoosh readme](https://github.com/swoosh/swoosh#adapters), or `Swoosh.Adapters.Local` for in-memory mailbox. * `api_key` / `password` and / or other adapter-specific settings, per the above documentation. +* `enabled`: Allows enable/disable send emails. Default: `false`. An example for Sendgrid adapter: @@ -71,23 +80,36 @@ config :pleroma, Pleroma.Emails.Mailer, * `avatar_upload_limit`: File size limit of user’s profile avatars * `background_upload_limit`: File size limit of user’s profile backgrounds * `banner_upload_limit`: File size limit of user’s profile banners +* `poll_limits`: A map with poll limits for **local** polls + * `max_options`: Maximum number of options + * `max_option_chars`: Maximum number of characters per option + * `min_expiration`: Minimum expiration time (in seconds) + * `max_expiration`: Maximum expiration time (in seconds) * `registrations_open`: Enable registrations for anyone, invitations can be enabled when false. * `invites_enabled`: Enable user invitations for admins (depends on `registrations_open: false`). * `account_activation_required`: Require users to confirm their emails before signing in. * `federating`: Enable federation with other instances +* `federation_incoming_replies_max_depth`: Max. depth of reply-to activities fetching on incoming federation, to prevent out-of-memory situations while fetching very long threads. If set to `nil`, threads of any depth will be fetched. Lower this value if you experience out-of-memory crashes. * `federation_reachability_timeout_days`: Timeout (in days) of each external federation target being unreachable prior to pausing federating to it. * `allow_relay`: Enable Pleroma’s Relay, which makes it possible to follow a whole instance * `rewrite_policy`: Message Rewrite Policy, either one or a list. Here are the ones available by default: * `Pleroma.Web.ActivityPub.MRF.NoOpPolicy`: Doesn’t modify activities (default) * `Pleroma.Web.ActivityPub.MRF.DropPolicy`: Drops all activities. It generally doesn’t makes sense to use in production * `Pleroma.Web.ActivityPub.MRF.SimplePolicy`: Restrict the visibility of activities from certains instances (See ``:mrf_simple`` section) + * `Pleroma.Web.ActivityPub.MRF.TagPolicy`: Applies policies to individual users based on tags, which can be set using pleroma-fe/admin-fe/any other app that supports Pleroma Admin API. For example it allows marking posts from individual users nsfw (sensitive) + * `Pleroma.Web.ActivityPub.MRF.SubchainPolicy`: Selectively runs other MRF policies when messages match (see ``:mrf_subchain`` section) * `Pleroma.Web.ActivityPub.MRF.RejectNonPublic`: Drops posts with non-public visibility settings (See ``:mrf_rejectnonpublic`` section) * `Pleroma.Web.ActivityPub.MRF.EnsureRePrepended`: Rewrites posts to ensure that replies to posts with subjects do not have an identical subject and instead begin with re:. + * `Pleroma.Web.ActivityPub.MRF.AntiLinkSpamPolicy`: Rejects posts from likely spambots by rejecting posts from new users that contain links. + * `Pleroma.Web.ActivityPub.MRF.MediaProxyWarmingPolicy`: Crawls attachments using their MediaProxy URLs so that the MediaProxy cache is primed. + * `Pleroma.Web.ActivityPub.MRF.MentionPolicy`: Drops posts mentioning configurable users. (see `:mrf_mention` section) + * `Pleroma.Web.ActivityPub.MRF.VocabularyPolicy`: Restricts activities to a configured set of vocabulary. (see `:mrf_vocabulary` section) * `public`: Makes the client API in authentificated mode-only except for user-profiles. Useful for disabling the Local Timeline and The Whole Known Network. * `quarantined_instances`: List of ActivityPub instances where private(DMs, followers-only) activities will not be send. * `managed_config`: Whenether the config for pleroma-fe is configured in this config or in ``static/config.json`` * `allowed_post_formats`: MIME-type list of formats allowed to be posted (transformed into HTML) * `mrf_transparency`: Make the content of your Message Rewrite Facility settings public (via nodeinfo). +* `mrf_transparency_exclusions`: Exclude specific instance names from MRF transparency. The use of the exclusions feature will be disclosed in nodeinfo as a boolean value. * `scope_copy`: Copy the scope (private/unlisted/public) in replies to posts by default. * `subject_line_behavior`: Allows changing the default behaviour of subject lines in replies. Valid values: * "email": Copy and preprend re:, as in email. @@ -102,15 +124,21 @@ config :pleroma, Pleroma.Emails.Mailer, * `welcome_message`: A message that will be send to a newly registered users as a direct message. * `welcome_user_nickname`: The nickname of the local user that sends the welcome message. * `max_report_comment_size`: The maximum size of the report comment (Default: `1000`) -* `safe_dm_mentions`: If set to true, only mentions at the beginning of a post will be used to address people in direct messages. This is to prevent accidental mentioning of people when talking about them (e.g. "@friend hey i really don't like @enemy"). (Default: `false`) -* `healthcheck`: if set to true, system data will be shown on ``/api/pleroma/healthcheck``. -* `remote_post_retention_days`: the default amount of days to retain remote posts when pruning the database +* `safe_dm_mentions`: If set to true, only mentions at the beginning of a post will be used to address people in direct messages. This is to prevent accidental mentioning of people when talking about them (e.g. "@friend hey i really don't like @enemy"). Default: `false`. +* `healthcheck`: If set to true, system data will be shown on ``/api/pleroma/healthcheck``. +* `remote_post_retention_days`: The default amount of days to retain remote posts when pruning the database. +* `user_bio_length`: A user bio maximum length (default: `5000`) +* `user_name_length`: A user name maximum length (default: `100`) +* `skip_thread_containment`: Skip filter out broken threads. The default is `false`. +* `limit_to_local_content`: Limit unauthenticated users to search for local statutes and users only. Possible values: `:unauthenticated`, `:all` and `false`. The default is `:unauthenticated`. +* `dynamic_configuration`: Allow transferring configuration to DB with the subsequent customization from Admin api. +* `max_account_fields`: The maximum number of custom fields in the user profile (default: `10`) +* `max_remote_account_fields`: The maximum number of custom fields in the remote user profile (default: `20`) +* `account_field_name_length`: An account field name maximum length (default: `512`) +* `account_field_value_length`: An account field value maximum length (default: `512`) +* `external_user_synchronization`: Enabling following/followers counters synchronization for external users. + -## :app_account_creation -REST API for creating an account settings -* `enabled`: Enable/disable registration -* `max_requests`: Number of requests allowed for creating accounts -* `interval`: Interval for restricting requests for one ip (seconds) ## :logger * `backends`: `:console` is used to send logs to stdout, `{ExSyslogger, :ex_syslogger}` to log to syslog, and `Quack.Logger` to log to Slack @@ -224,6 +252,21 @@ relates to mascots on the mastodon frontend * `avatar_removal`: List of instances to strip avatars from * `banner_removal`: List of instances to strip banners from +## :mrf_subchain +This policy processes messages through an alternate pipeline when a given message matches certain criteria. +All criteria are configured as a map of regular expressions to lists of policy modules. + +* `match_actor`: Matches a series of regular expressions against the actor field. + +Example: + +``` +config :pleroma, :mrf_subchain, + match_actor: %{ + ~r/https:\/\/example.com/s => [Pleroma.Web.ActivityPub.MRF.DropPolicy] + } +``` + ## :mrf_rejectnonpublic * `allow_followersonly`: whether to allow followers-only posts * `allow_direct`: whether to allow direct messages @@ -237,6 +280,13 @@ relates to mascots on the mastodon frontend * `federated_timeline_removal`: A list of patterns which result in message being removed from federated timelines (a.k.a unlisted), each pattern can be a string or a [regular expression](https://hexdocs.pm/elixir/Regex.html) * `replace`: A list of tuples containing `{pattern, replacement}`, `pattern` can be a string or a [regular expression](https://hexdocs.pm/elixir/Regex.html) +## :mrf_mention +* `actors`: A list of actors, for which to drop any posts mentioning. + +## :mrf_vocabulary +* `accept`: A list of ActivityStreams terms to accept. If empty, all supported messages are accepted. +* `reject`: A list of ActivityStreams terms to reject. If empty, no messages are rejected. + ## :media_proxy * `enabled`: Enables proxying of remote media to the instance’s proxy * `base_url`: The base URL to access a user-uploaded file. Useful when you want to proxy the media files via another host/CDN fronts. @@ -251,7 +301,7 @@ relates to mascots on the mastodon frontend ## Pleroma.Web.Endpoint `Phoenix` endpoint configuration, all configuration options can be viewed [here](https://hexdocs.pm/phoenix/Phoenix.Endpoint.html#module-dynamic-configuration), only common options are listed here -* `http` - a list containing http protocol configuration, all configuration options can be viewed [here](https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html#module-options), only common options are listed here +* `http` - a list containing http protocol configuration, all configuration options can be viewed [here](https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html#module-options), only common options are listed here. For deployment using docker, you need to set this to `[ip: {0,0,0,0}, port: 4000]` to make pleroma accessible from other containers (such as your nginx server). - `ip` - a tuple consisting of 4 integers - `port` * `url` - a list containing the configuration for generating urls, accepts @@ -290,10 +340,10 @@ config :pleroma, Pleroma.Web.Endpoint, This will make Pleroma listen on `127.0.0.1` port `8080` and generate urls starting with `https://example.com:2020` ## :activitypub -* ``accept_blocks``: Whether to accept incoming block activities from other instances * ``unfollow_blocked``: Whether blocks result in people getting unfollowed * ``outgoing_blocks``: Whether to federate blocks to other instances * ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question +* ``sign_object_fetches``: Sign object fetches with HTTP signatures ## :http_security * ``enabled``: Whether the managed content security policy is enabled @@ -389,6 +439,9 @@ This config contains two queues: `federator_incoming` and `federator_outgoing`. ## :rich_media * `enabled`: if enabled the instance will parse metadata from attached links to generate link previews +* `ignore_hosts`: list of hosts which will be ignored by the metadata parser. For example `["accounts.google.com", "xss.website"]`, defaults to `[]`. +* `ignore_tld`: list TLDs (top-level domains) which will ignore for parse metadata. default is ["local", "localdomain", "lan"] +* `parsers`: list of Rich Media parsers ## :fetch_initial_posts * `enabled`: if enabled, when a new user is federated with, fetch some of their latest posts @@ -442,6 +495,10 @@ config :auto_linker, * `total_user_limit`: the number of scheduled activities a user is allowed to create in total (Default: `300`) * `enabled`: whether scheduled activities are sent to the job queue to be executed +## Pleroma.ActivityExpiration + +# `enabled`: whether expired activities will be sent to the job queue to be deleted + ## Pleroma.Web.Auth.Authenticator * `Pleroma.Web.Auth.PleromaAuthenticator`: default database authenticator @@ -492,7 +549,24 @@ Authentication / authorization settings. * `auth_template`: authentication form template. By default it's `show.html` which corresponds to `lib/pleroma/web/templates/o_auth/o_auth/show.html.eex`. * `oauth_consumer_template`: OAuth consumer mode authentication form template. By default it's `consumer.html` which corresponds to `lib/pleroma/web/templates/o_auth/o_auth/consumer.html.eex`. -* `oauth_consumer_strategies`: the list of enabled OAuth consumer strategies; by default it's set by OAUTH_CONSUMER_STRATEGIES environment variable. +* `oauth_consumer_strategies`: the list of enabled OAuth consumer strategies; by default it's set by `OAUTH_CONSUMER_STRATEGIES` environment variable. Each entry in this space-delimited string should be of format `<strategy>` or `<strategy>:<dependency>` (e.g. `twitter` or `keycloak:ueberauth_keycloak_strategy` in case dependency is named differently than `ueberauth_<strategy>`). + +## :email_notifications + +Email notifications settings. + + - digest - emails of "what you've missed" for users who have been + inactive for a while. + - active: globally enable or disable digest emails + - schedule: When to send digest email, in [crontab format](https://en.wikipedia.org/wiki/Cron). + "0 0 * * 0" is the default, meaning "once a week at midnight on Sunday morning" + - interval: Minimum interval between digest emails to one user + - inactivity_threshold: Minimum user inactivity threshold + +## Pleroma.Emails.UserEmail + +- `:logo` - a path to a custom logo. Set it to `nil` to use the default Pleroma logo. +- `:styling` - a map with color settings for email templates. ## OAuth consumer mode @@ -545,6 +619,24 @@ config :ueberauth, Ueberauth, providers: [ microsoft: {Ueberauth.Strategy.Microsoft, [callback_params: []]} ] + +# Keycloak +# Note: make sure to add `keycloak:ueberauth_keycloak_strategy` entry to `OAUTH_CONSUMER_STRATEGIES` environment variable +keycloak_url = "https://publicly-reachable-keycloak-instance.org:8080" + +config :ueberauth, Ueberauth.Strategy.Keycloak.OAuth, + client_id: System.get_env("KEYCLOAK_CLIENT_ID"), + client_secret: System.get_env("KEYCLOAK_CLIENT_SECRET"), + site: keycloak_url, + authorize_url: "#{keycloak_url}/auth/realms/master/protocol/openid-connect/auth", + token_url: "#{keycloak_url}/auth/realms/master/protocol/openid-connect/token", + userinfo_url: "#{keycloak_url}/auth/realms/master/protocol/openid-connect/userinfo", + token_method: :post + +config :ueberauth, Ueberauth, + providers: [ + keycloak: {Ueberauth.Strategy.Keycloak, [uid_field: :email]} + ] ``` ## OAuth 2.0 provider - :oauth2 @@ -558,6 +650,7 @@ Configure OAuth 2 provider capabilities: ## :emoji * `shortcode_globs`: Location of custom emoji files. `*` can be used as a wildcard. Example `["/emoji/custom/**/*.png"]` +* `pack_extensions`: A list of file extensions for emojis, when no emoji.txt for a pack is present. Example `[".png", ".gif"]` * `groups`: Emojis are ordered in groups (tags). This is an array of key-value pairs where the key is the groupname and the value the location or array of locations. `*` can be used as a wildcard. Example `[Custom: ["/emoji/*.png", "/emoji/custom/*.png"]]` * `default_manifest`: Location of the JSON-manifest. This manifest contains information about the emoji-packs you can download. Currently only one manifest can be added (no arrays). @@ -575,3 +668,23 @@ To enable them, both the `rum_enabled` flag has to be set and the following spec `mix ecto.migrate --migrations-path priv/repo/optional_migrations/rum_indexing/` This will probably take a long time. + +## :rate_limit + +A keyword list of rate limiters where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where: + +* The first element: `scale` (Integer). The time scale in milliseconds. +* The second element: `limit` (Integer). How many requests to limit in the time scale provided. + +It is also possible to have different limits for unauthenticated and authenticated users: the keyword value must be a list of two tuples where the first one is a config for unauthenticated users and the second one is for authenticated. + +See [`Pleroma.Plugs.RateLimiter`](Pleroma.Plugs.RateLimiter.html) documentation for examples. + +Supported rate limiters: + +* `:search` for the search requests (account & status search etc.) +* `:app_account_creation` for registering user accounts from the same IP address +* `:relations_actions` for actions on relations with all users (follow, unfollow) +* `:relation_id_action` for actions on relation with a specific user (follow, unfollow) +* `:statuses_actions` for create / delete / fav / unfav / reblog / unreblog actions on any statuses +* `:status_id_action` for fav / unfav or reblog / unreblog actions on the same status by the same user diff --git a/docs/config/howto_mediaproxy.md b/docs/config/howto_mediaproxy.md index fb731112b..16c40c5db 100644 --- a/docs/config/howto_mediaproxy.md +++ b/docs/config/howto_mediaproxy.md @@ -1,8 +1,8 @@ # How to activate mediaproxy ## Explanation -Without the `mediaproxy` function, Pleroma don't store any remote content like pictures, video etc. locally. So every time you open Pleroma, the content is loaded from the source server, from where the post is coming. This can result in slowly loading content or/and increased bandwidth usage on the source server. -With the `mediaproxy` function you can use the cache ability of nginx, to cache these content, so user can access it faster, cause it's loaded from your server. +Without the `mediaproxy` function, Pleroma doesn't store any remote content like pictures, video etc. locally. So every time you open Pleroma, the content is loaded from the source server, from where the post is coming. This can result in slowly loading content or/and increased bandwidth usage on the source server. +With the `mediaproxy` function you can use nginx to cache this content, so users can access it faster, because it's loaded from your server. ## Activate it @@ -24,7 +24,9 @@ If you came here from one of the installation guides, take a look at the example ``` config :pleroma, :media_proxy, enabled: true, - redirect_on_failure: true + proxy_opts: [ + redirect_on_failure: true + ] #base_url: "https://cache.pleroma.social" ``` If you want to use a subdomain to serve the files, uncomment `base_url`, change the url and add a comma after `true` in the previous line. diff --git a/docs/config/howto_set_richmedia_cache_ttl_based_on_image.md b/docs/config/howto_set_richmedia_cache_ttl_based_on_image.md new file mode 100644 index 000000000..bfee5a9e6 --- /dev/null +++ b/docs/config/howto_set_richmedia_cache_ttl_based_on_image.md @@ -0,0 +1,33 @@ +# How to set rich media cache ttl based on image ttl +## Explanation + +Richmedia are cached without the ttl but the rich media may have image which can expire, like aws signed url. +In such cases the old image url (expired) is returned from the media cache. + +So to avoid such situation we can define a module that will set ttl based on image. +The module must adopt behaviour `Pleroma.Web.RichMedia.Parser.TTL` + +### Example + +```exs +defmodule MyModule do + @behaviour Pleroma.Web.RichMedia.Parser.TTL + + @impl Pleroma.Web.RichMedia.Parser.TTL + def ttl(data, url) do + image_url = Map.get(data, :image) + # do some parsing in the url and get the ttl of the image + # return ttl is unix time + parse_ttl_from_url(image_url) + end +end +``` + +And update the config + +```exs +config :pleroma, :rich_media, + ttl_setters: [Pleroma.Web.RichMedia.Parser.TTL.AwsSignedUrl, MyModule] +``` + +> For reference there is a parser for AWS signed URL `Pleroma.Web.RichMedia.Parser.TTL.AwsSignedUrl`, it's enabled by default. diff --git a/docs/config/howto_user_recomendation.md b/docs/config/howto_user_recomendation.md index 27c0760dd..c4d749d0c 100644 --- a/docs/config/howto_user_recomendation.md +++ b/docs/config/howto_user_recomendation.md @@ -9,8 +9,8 @@ config :pleroma, :suggestions, third_party_engine: "http://vinayaka.distsn.org/cgi-bin/vinayaka-user-match-suggestions-api.cgi?{{host}}+{{user}}", timeout: 300_000, - limit: 23, - web: "https://vinayaka.distsn.org/?{{host}}+{{user}}" + limit: 40, + web: "https://vinayaka.distsn.org" ``` @@ -26,6 +26,6 @@ config :pleroma, :suggestions, third_party_engine: "http://vinayaka.distsn.org/cgi-bin/vinayaka-user-new-suggestions-api.cgi?{{host}}+{{user}}", timeout: 60_000, - limit: 23, + limit: 40, web: "https://vinayaka.distsn.org/user-new.html" ``` diff --git a/docs/config/small_customizations.md b/docs/config/small_customizations.md index 09e8d6041..f91657a4c 100644 --- a/docs/config/small_customizations.md +++ b/docs/config/small_customizations.md @@ -1,35 +1,12 @@ # Small customizations -Replace `dev.secret.exs` with `prod.secret.exs` according to your setup. -# Thumbnail +See also static_dir.md for visual settings. -Replace `priv/static/instance/thumbnail.jpeg` with your selfie or other neat picture. It will appear in [Pleroma Instances](http://distsn.org/pleroma-instances.html). - -# Instance-specific panel - - - -To show the instance specific panel, set `show_instance_panel` to `true` in `config/dev.secret.exs`. You can modify its content by editing `priv/static/instance/panel.html`. - -# Background - -You can change the background of your Pleroma instance by uploading it to `priv/static/static`, and then changing `"background"` in `config/dev.secret.exs` accordingly. - -# Logo - - - -If you want to give a brand to your instance, look no further. You can change the logo of your instance by uploading it to `priv/static/static`, and then changing `logo` in `config/dev.secret.exs` accordingly. - -# Theme +## Theme All users of your instance will be able to change the theme they use by going to the settings (the cog in the top-right hand corner). However, if you wish to change the default theme, you can do so by editing `theme` in `config/dev.secret.exs` accordingly. -# Terms of Service - -Terms of Service will be shown to all users on the registration page. It's the best place where to write down the rules for your instance. You can modify the rules by changing `priv/static/static/terms-of-service.html`. - -# Message Visibility +## Message Visibility To enable message visibility options when posting like in the Mastodon frontend, set `scope_options_enabled` to `true` in `config/dev.secret.exs`. diff --git a/docs/config/static_dir.md b/docs/config/static_dir.md index 0cc52b99a..5fb38c3de 100644 --- a/docs/config/static_dir.md +++ b/docs/config/static_dir.md @@ -7,7 +7,13 @@ config :pleroma, :instance, static_dir: "instance/static/", ``` -You can overwrite this value in your configuration to use a different static instance directory. +For example, edit `instance/static/instance/panel.html` . + +Alternatively, you can overwrite this value in your configuration to use a different static instance directory. + +This document is written assuming `instance/static/`. + +Or, if you want to manage your custom file in git repository, basically remove the `instance/` entry from `.gitignore`. ## robots.txt @@ -18,3 +24,46 @@ If you want to generate a restrictive `robots.txt`, you can run the following mi ``` mix pleroma.robots_txt disallow_all ``` + +## Thumbnail + +Put on `instance/static/instance/thumbnail.jpeg` with your selfie or other neat picture. It will appear in [Pleroma Instances](http://distsn.org/pleroma-instances.html). + +## Instance-specific panel + + + +Create and Edit your file on `instance/static/instance/panel.html`. + +## Background + +You can change the background of your Pleroma instance by uploading it to `instance/static/`, and then changing `background` in `config/prod.secret.exs` accordingly. + +If you put `instance/static/images/background.jpg` + +``` +config :pleroma, :frontend_configurations, + pleroma_fe: %{ + background: "/images/background.jpg" + } +``` + +## Logo + + + +If you want to give a brand to your instance, You can change the logo of your instance by uploading it to `instance/static/`. + +Alternatively, you can specify the path with config. +If you put `instance/static/static/mylogo-file.png` + +``` +config :pleroma, :frontend_configurations, + pleroma_fe: %{ + logo: "/static/mylogo-file.png" + } +``` + +## Terms of Service + +Terms of Service will be shown to all users on the registration page. It's the best place where to write down the rules for your instance. You can modify the rules by changing `instance/static/static/terms-of-service.html`. diff --git a/docs/installation/alpine_linux_en.md b/docs/installation/alpine_linux_en.md index e1d69c873..1f300f353 100644 --- a/docs/installation/alpine_linux_en.md +++ b/docs/installation/alpine_linux_en.md @@ -202,13 +202,12 @@ sudo -Hu pleroma MIX_ENV=prod mix pleroma.user new <username> <your@emailaddress #### Further reading -* [Admin tasks](Admin tasks) -* [Backup your instance](Backup-your-instance) -* [Configuration tips](General tips for customizing pleroma fe) -* [Hardening your instance](Hardening-your-instance) -* [How to activate mediaproxy](How-to-activate-mediaproxy) -* [Small Pleroma-FE customizations](Small customizations) -* [Updating your instance](Updating-your-instance) +* [Backup your instance](backup.html) +* [Configuration tips](general-tips-for-customizing-pleroma-fe.html) +* [Hardening your instance](hardening.html) +* [How to activate mediaproxy](howto_mediaproxy.html) +* [Small Pleroma-FE customizations](small_customizations.html) +* [Updating your instance](updating.html) ## Questions diff --git a/docs/installation/arch_linux_en.md b/docs/installation/arch_linux_en.md index 26e1ab86a..fd8b5d107 100644 --- a/docs/installation/arch_linux_en.md +++ b/docs/installation/arch_linux_en.md @@ -200,13 +200,12 @@ sudo -Hu pleroma MIX_ENV=prod mix pleroma.user new <username> <your@emailaddress #### Further reading -* [Admin tasks](Admin tasks) -* [Backup your instance](Backup-your-instance) -* [Configuration tips](General tips for customizing pleroma fe) -* [Hardening your instance](Hardening-your-instance) -* [How to activate mediaproxy](How-to-activate-mediaproxy) -* [Small Pleroma-FE customizations](Small customizations) -* [Updating your instance](Updating-your-instance) +* [Backup your instance](backup.html) +* [Configuration tips](general-tips-for-customizing-pleroma-fe.html) +* [Hardening your instance](hardening.html) +* [How to activate mediaproxy](howto_mediaproxy.html) +* [Small Pleroma-FE customizations](small_customizations.html) +* [Updating your instance](updating.html) ## Questions diff --git a/docs/installation/centos7_en.md b/docs/installation/centos7_en.md index 19bff7461..729fcab72 100644 --- a/docs/installation/centos7_en.md +++ b/docs/installation/centos7_en.md @@ -264,13 +264,12 @@ sudo -Hu pleroma MIX_ENV=prod mix pleroma.user new <username> <your@emailaddress #### Further reading -* [Admin tasks](Admin tasks) -* [Backup your instance](Backup-your-instance) -* [Configuration tips](General tips for customizing pleroma fe) -* [Hardening your instance](Hardening-your-instance) -* [How to activate mediaproxy](How-to-activate-mediaproxy) -* [Small Pleroma-FE customizations](Small customizations) -* [Updating your instance](Updating-your-instance) +* [Backup your instance](backup.html) +* [Configuration tips](general-tips-for-customizing-pleroma-fe.html) +* [Hardening your instance](hardening.html) +* [How to activate mediaproxy](howto_mediaproxy.html) +* [Small Pleroma-FE customizations](small_customizations.html) +* [Updating your instance](updating.html) ## Questions diff --git a/docs/installation/debian_based_en.md b/docs/installation/debian_based_en.md index 7d39ca5f9..46165e2c1 100644 --- a/docs/installation/debian_based_en.md +++ b/docs/installation/debian_based_en.md @@ -190,13 +190,12 @@ sudo -Hu pleroma MIX_ENV=prod mix pleroma.user new <username> <your@emailaddress #### Further reading -* [Admin tasks](Admin tasks) -* [Backup your instance](Backup-your-instance) -* [Configuration tips](General tips for customizing pleroma fe) -* [Hardening your instance](Hardening-your-instance) -* [How to activate mediaproxy](How-to-activate-mediaproxy) -* [Small Pleroma-FE customizations](Small customizations) -* [Updating your instance](Updating-your-instance) +* [Backup your instance](backup.html) +* [Configuration tips](general-tips-for-customizing-pleroma-fe.html) +* [Hardening your instance](hardening.html) +* [How to activate mediaproxy](howto_mediaproxy.html) +* [Small Pleroma-FE customizations](small_customizations.html) +* [Updating your instance](updating.html) ## Questions diff --git a/docs/installation/debian_based_jp.md b/docs/installation/debian_based_jp.md index 84b9666c8..caf72363b 100644 --- a/docs/installation/debian_based_jp.md +++ b/docs/installation/debian_based_jp.md @@ -180,9 +180,12 @@ mix set_moderator username [true|false] #### コンフィギュレーションとカスタマイズ -* [Configuration tips](General tips for customizing pleroma fe) -* [Small Pleroma-FE customizations](Small customizations) -* [Admin tasks](Admin tasks) +* [Backup your instance](backup.html) +* [Configuration tips](general-tips-for-customizing-pleroma-fe.html) +* [Hardening your instance](hardening.html) +* [How to activate mediaproxy](howto_mediaproxy.html) +* [Small Pleroma-FE customizations](small_customizations.html) +* [Updating your instance](updating.html) ## 質問ある? diff --git a/docs/installation/gentoo_en.md b/docs/installation/gentoo_en.md index b7c42a477..5b62344b1 100644 --- a/docs/installation/gentoo_en.md +++ b/docs/installation/gentoo_en.md @@ -283,13 +283,12 @@ If you opted to allow sudo for the `pleroma` user but would like to remove the a #### Further reading -* [Admin tasks](Admin tasks) -* [Backup your instance](Backup-your-instance) -* [Configuration tips](General tips for customizing pleroma fe) -* [Hardening your instance](Hardening-your-instance) -* [How to activate mediaproxy](How-to-activate-mediaproxy) -* [Small Pleroma-FE customizations](Small customizations) -* [Updating your instance](Updating-your-instance) +* [Backup your instance](backup.html) +* [Configuration tips](general-tips-for-customizing-pleroma-fe.html) +* [Hardening your instance](hardening.html) +* [How to activate mediaproxy](howto_mediaproxy.html) +* [Small Pleroma-FE customizations](small_customizations.html) +* [Updating your instance](updating.html) ## Questions diff --git a/docs/installation/migrating_from_source_otp_en.md b/docs/installation/migrating_from_source_otp_en.md new file mode 100644 index 000000000..b779be8cc --- /dev/null +++ b/docs/installation/migrating_from_source_otp_en.md @@ -0,0 +1,153 @@ +# Switching a from-source install to OTP releases +## What are OTP releases? +OTP releases are as close as you can get to binary releases with Erlang/Elixir. The release is self-contained, and provides everything needed to boot it, it is easily administered via the provided shell script to open up a remote console, start/stop/restart the release, start in the background, send remote commands, and more. +### Can I still run the develop branch if I decide to use them? +Yes, we produce builds for every commit in `develop`. However `develop` is considered unstable, please don't use it in production because of faster access to new features, unless you need them as an app developer. +## Why would one want to switch? +Benefits of OTP releases over from-source installs include: +* **Less space used.** OTP releases come without source code, build tools, have docs and debug symbols stripped from the compiled bytecode and do not cointain tests, docs, revision history. +* **Minimal system dependencies.** Excluding the database and reverse proxy, only `curl`, `unzip` and `ncurses` are needed to download and run the release. Because Erlang runtime and Elixir are shipped with Pleroma, one can use the latest BEAM optimizations and Pleroma features, without having to worry about outdated system repos or a missing `erlang-*` package. +* **Potentially less bugs and better performance.** This extends on the previous point, because we have control over exactly what gets shipped, we can tweak the VM arguments and forget about weird bugs due to Erlang/Elixir version mismatches. +* **Faster and less bug-prone mix tasks.** On a from-source install one has to wait untill a new Pleroma node is started for each mix task and they execute outside of the instance context (for example if a user was deleted via a mix task, the instance will have no knowledge of that and continue to display status count and follows before the cache expires). Mix tasks in OTP releases are executed by calling into a running instance via RPC, which solves both of these problems. + +### Sounds great, how do I switch? +Currently we support Linux machines with GNU (e.g. Debian, Ubuntu) or musl (e.g. Alpine) libc and `x86_64`, `aarch64` or `armv7l` CPUs. If you are unsure, check the [Detecting flavour](otp_en.html#detecting-flavour) section in OTP install guide. If your platform is supported, proceed with the guide, if not check the [My platform is not supported](#my-platform-is-not-supported) section. +### I don't think it is worth the effort, can I stay on a from-source install? +Yes, currently there are no plans to deprecate them. + +### My platform is not supported +If you think your platform is a popular choice for running Pleroma instances, or has the potential to become one, you can [file an issue on our Gitlab](https://git.pleroma.social/pleroma/pleroma/issues/new). If not, guides on how to build and update releases by yourself will be available soon. +## Pre-requisites +You will be running commands as root. If you aren't root already, please elevate your priviledges by executing `sudo su`/`su`. + +The system needs to have `curl` and `unzip` installed for downloading and unpacking release builds. + +Debian/Ubuntu: +```sh +apt install curl unzip +``` +Alpine: +``` +apk add curl unzip + +``` +## Moving content out of the application directory +When using OTP releases the application directory changes with every version so it would be a bother to keep content there (and also dangerous unless `--no-rm` option is used when updating). Fortunately almost all paths in Pleroma are configurable, so it is possible to move them out of there. + +Pleroma should be stopped before proceeding. + +### Moving uploads/custom public files directory +```sh +# Create uploads directory and set proper permissions (skip if using a remote uploader) +# Note: It does not have to be `/var/lib/pleroma/uploads`, you can configure it to be something else later +mkdir -p /var/lib/pleroma/uploads +chown -R pleroma /var/lib/pleroma + +# Create custom public files directory +# Note: It does not have to be `/var/lib/pleroma/static`, you can configure it to be something else later +mkdir -p /var/lib/pleroma/static +chown -R pleroma /var/lib/pleroma + +# If you use the local uploader with default settings your uploads should be located in `~pleroma/uploads` +mv ~pleroma/uploads/* /var/lib/pleroma/uploads + +# If you have created the custom public files directory with default settings it should be located in `~pleroma/instance/static` +mv ~pleroma/instance/static /var/lib/pleroma/static +``` + +### Moving emoji +Assuming you have all emojis in subdirectories of `priv/static/emoji` moving them can be done with +```sh +mkdir /var/lib/pleroma/static/emoji +ls -d ~pleroma/priv/static/emoji/*/ | xargs -i sh -c 'mv "{}" "/var/lib/pleroma/static/emoji/$(basename {})"' +``` + +But, if for some reason you have custom emojis in the root directory you should copy the whole directory instead. +```sh +mv ~pleroma/priv/static/emoji /var/lib/pleroma/static/emoji +``` +and then copy custom emojis to `/var/lib/pleroma/static/emoji/custom`. + +This is needed because storing custom emojis in the root directory is deprecated, but if you just move them to `/var/lib/pleroma/static/emoji/custom` it will break emoji urls on old posts. + +Note that globs have been replaced with `pack_extensions`, so if your emojis are not in png/gif you should [modify the default value](config.html#emoji). + +### Moving the config +```sh +# Create the config directory +# The default path for Pleroma config is /etc/pleroma/config.exs +# but it can be set via PLEROMA_CONFIG_PATH environment variable +mkdir -p /etc/pleroma + +# Move the config file +mv ~pleroma/config/prod.secret.exs /etc/pleroma/config.exs + +# Change `use Mix.Config` at the top to `import Config` +$EDITOR /etc/pleroma/config.exs +``` +## Installing the release +Before proceeding, get the flavour from [Detecting flavour](otp_en.html#detecting-flavour) section in OTP installation guide. +```sh +# Delete all files in pleroma user's directory +rm -r ~pleroma/* + +# Set the flavour environment variable to the string you got in Detecting flavour section. +# For example if the flavour is `arm64-musl` the command will be +export FLAVOUR="arm64-musl" + +# Clone the release build into a temporary directory and unpack it +# Replace `master` with `develop` if you want to run the develop branch +su pleroma -s $SHELL -lc " +curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/master/download?job=$FLAVOUR' -o /tmp/pleroma.zip +unzip /tmp/pleroma.zip -d /tmp/ +" + +# Move the release to the home directory and delete temporary files +su pleroma -s $SHELL -lc " +mv /tmp/release/* ~pleroma/ +rmdir /tmp/release +rm /tmp/pleroma.zip +" + +# Start the instance to verify that everything is working as expected +su pleroma -s $SHELL -lc "./bin/pleroma daemon" + +# Wait for about 20 seconds and query the instance endpoint, if it shows your uri, name and email correctly, you are configured correctly +sleep 20 && curl http://localhost:4000/api/v1/instance + +# Stop the instance +su pleroma -s $SHELL -lc "./bin/pleroma stop" +``` + +## Setting up a system service +OTP releases have different service files than from-source installs so they need to be copied over again. + +**Warning:** The service files assume pleroma user's home directory is `/opt/pleroma`, please make sure all paths fit your installation. + +Debian/Ubuntu: +```sh +# Copy the service into a proper directory +cp ~pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service + +# Reload service files +systemctl daemon-reload + +# Reenable pleroma to start on boot +systemctl reenable pleroma + +# Start pleroma +systemctl start pleroma +``` + +Alpine: +```sh +# Copy the service into a proper directory +cp -f ~pleroma/installation/init.d/pleroma /etc/init.d/pleroma + +# Start pleroma +rc-service pleroma start +``` +## Running mix tasks +Refer to [Running mix tasks](otp_en.html#running-mix-tasks) section from OTP release installation guide. +## Updating +Refer to [Updating](otp_en.html#updating) section from OTP release installation guide. diff --git a/docs/installation/otp_en.md b/docs/installation/otp_en.md new file mode 100644 index 000000000..5b50e1838 --- /dev/null +++ b/docs/installation/otp_en.md @@ -0,0 +1,269 @@ +# Installing on Linux using OTP releases + +## Pre-requisites +* A machine running Linux with GNU (e.g. Debian, Ubuntu) or musl (e.g. Alpine) libc and `x86_64`, `aarch64` or `armv7l` CPU, you have root access to. If you are not sure if it's compatible see [Detecting flavour section](#detecting-flavour) below +* A (sub)domain pointed to the machine + +You will be running commands as root. If you aren't root already, please elevate your priviledges by executing `sudo su`/`su`. + +While in theory OTP releases are possbile to install on any compatible machine, for the sake of simplicity this guide focuses only on Debian/Ubuntu/Alpine. + +### Detecting flavour + +Paste the following into the shell: +```sh +arch="$(uname -m)";if [ "$arch" = "x86_64" ];then arch="amd64";elif [ "$arch" = "armv7l" ];then arch="arm";elif [ "$arch" = "aarch64" ];then arch="arm64";else echo "Unsupported arch: $arch">&2;fi;if getconf GNU_LIBC_VERSION>/dev/null;then libc_postfix="";elif [ "$(ldd 2>&1|head -c 9)" = "musl libc" ];then libc_postfix="-musl";elif [ "$(find /lib/libc.musl*|wc -l)" ];then libc_postfix="-musl";else echo "Unsupported libc">&2;fi;echo "$arch$libc_postfix" +``` + +If your platform is supported the output will contain the flavour string, you will need it later. If not, this just means that we don't build releases for your platform, you can still try installing from source. + +### Installing the required packages + +Other than things bundled in the OTP release Pleroma depends on: +* curl (to download the release build) +* unzip (needed to unpack release builds) +* ncurses (ERTS won't run without it) +* PostgreSQL (also utilizes extensions in postgresql-contrib) +* nginx (could be swapped with another reverse proxy but this guide covers only it) +* certbot (for Let's Encrypt certificates, could be swapped with another ACME client, but this guide covers only it) + +Debian/Ubuntu: +```sh +apt install curl unzip libncurses5 postgresql postgresql-contrib nginx certbot +``` +Alpine: + +```sh +echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories +apk update +apk add curl unzip ncurses postgresql postgresql-contrib nginx certbot +``` + +## Setup +### Configuring PostgreSQL +#### (Optional) Installing RUM indexes +RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. You can read more about them on the [Configuration page](config.html#rum-indexing-for-full-text-search). They are completely optional and most of the time are not worth it, especially if you are running a single user instance (unless you absolutely need ordered search results). + +Debian/Ubuntu (available only on Buster/19.04): +```sh +apt install postgresql-11-rum +``` +Alpine: +```sh +apk add git build-base postgresql-dev +git clone https://github.com/postgrespro/rum /tmp/rum +cd /tmp/rum +make USE_PGXS=1 +make USE_PGXS=1 install +cd +rm -r /tmp/rum +``` +#### (Optional) Performance configuration +For optimal performance, you may use [PGTune](https://pgtune.leopard.in.ua), don't forget to restart postgresql after editing the configuration + +Debian/Ubuntu: +```sh +systemctl restart postgresql +``` +Alpine: +```sh +rc-service postgresql restart +``` +### Installing Pleroma +```sh +# Create the Pleroma user +adduser --system --shell /bin/false --home /opt/pleroma pleroma + +# Set the flavour environment variable to the string you got in Detecting flavour section. +# For example if the flavour is `arm64-musl` the command will be +export FLAVOUR="arm64-musl" + +# Clone the release build into a temporary directory and unpack it +su pleroma -s $SHELL -lc " +curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/master/download?job=$FLAVOUR' -o /tmp/pleroma.zip +unzip /tmp/pleroma.zip -d /tmp/ +" + +# Move the release to the home directory and delete temporary files +su pleroma -s $SHELL -lc " +mv /tmp/release/* /opt/pleroma +rmdir /tmp/release +rm /tmp/pleroma.zip +" +# Create uploads directory and set proper permissions (skip if planning to use a remote uploader) +# Note: It does not have to be `/var/lib/pleroma/uploads`, the config generator will ask about the upload directory later + +mkdir -p /var/lib/pleroma/uploads +chown -R pleroma /var/lib/pleroma + +# Create custom public files directory (custom emojis, frontend bundle overrides, robots.txt, etc.) +# Note: It does not have to be `/var/lib/pleroma/static`, the config generator will ask about the custom public files directory later +mkdir -p /var/lib/pleroma/static +chown -R pleroma /var/lib/pleroma + +# Create a config directory +mkdir -p /etc/pleroma +chown -R pleroma /etc/pleroma + +# Run the config generator +su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql" + +# Create the postgres database +su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql" + +# Create the database schema +su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate" + +# If you have installed RUM indexes uncommend and run +# su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate --migrations-path priv/repo/optional_migrations/rum_indexing/" + +# Start the instance to verify that everything is working as expected +su pleroma -s $SHELL -lc "./bin/pleroma daemon" + +# Wait for about 20 seconds and query the instance endpoint, if it shows your uri, name and email correctly, you are configured correctly +sleep 20 && curl http://localhost:4000/api/v1/instance + +# Stop the instance +su pleroma -s $SHELL -lc "./bin/pleroma stop" +``` + +### Setting up nginx and getting Let's Encrypt SSL certificaties + +```sh +# Get a Let's Encrypt certificate +certbot certonly --standalone --preferred-challenges http -d yourinstance.tld + +# Copy the Pleroma nginx configuration to the nginx folder +# The location of nginx configs is dependent on the distro + +# For Debian/Ubuntu: +cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx +ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx +# For Alpine: +cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/conf.d/pleroma.conf +# If your distro does not have either of those you can append +# `include /etc/nginx/pleroma.conf` to the end of the http section in /etc/nginx/nginx.conf and +cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/pleroma.conf + +# Edit the nginx config replacing example.tld with your (sub)domain +$EDITOR path-to-nginx-config + +# Verify that the config is valid +nginx -t + +# Start nginx +# For Debian/Ubuntu: +systemctl start nginx +# For Alpine: +rc-service nginx start +``` + +At this point if you open your (sub)domain in a browser you should see a 502 error, that's because pleroma is not started yet. + +### Setting up a system service +Debian/Ubuntu: +```sh +# Copy the service into a proper directory +cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service + +# Start pleroma and enable it on boot +systemctl start pleroma +systemctl enable pleroma +``` +Alpine: +```sh +# Copy the service into a proper directory +cp /opt/pleroma/installation/init.d/pleroma /etc/init.d/pleroma + +# Start pleroma and enable it on boot +rc-service pleroma start +rc-update add pleroma +``` + +If everything worked, you should see Pleroma-FE when visiting your domain. If that didn't happen, try reviewing the installation steps, starting Pleroma in the foreground and seeing if there are any errrors. + +Still doesn't work? Feel free to contact us on [#pleroma on freenode](https://webchat.freenode.net/?channels=%23pleroma) or via matrix at <https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org>, you can also [file an issue on our Gitlab](https://git.pleroma.social/pleroma/pleroma/issues/new) + +## Post installation + +### Setting up auto-renew Let's Encrypt certificate +```sh +# Create the directory for webroot challenges +mkdir -p /var/lib/letsencrypt + +# Uncomment the webroot method +$EDITOR path-to-nginx-config + +# Verify that the config is valid +nginx -t +``` +Debian/Ubuntu: +```sh +# Restart nginx +systemctl restart nginx + +# Ensure the webroot menthod and post hook is working +certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'systemctl nginx reload' + +# Add it to the daily cron +echo '#!/bin/sh +certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "systemctl reload nginx" +' > /etc/cron.daily/renew-pleroma-cert +chmod +x /etc/cron.daily/renew-pleroma-cert + +# If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert +run-parts --test /etc/cron.daily +``` +Alpine: +```sh +# Restart nginx +rc-service nginx restart + +# Start the cron daemon and make it start on boot +rc-service crond start +rc-update add crond + +# Ensure the webroot menthod and post hook is working +certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'rc-service nginx reload' + +# Add it to the daily cron +echo '#!/bin/sh +certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --post-hook "rc-service nginx reload" +' > /etc/periodic/daily/renew-pleroma-cert +chmod +x /etc/periodic/daily/renew-pleroma-cert + +# If everything worked this should output /etc/periodic/daily/renew-pleroma-cert +run-parts --test /etc/periodic/daily +``` +### Running mix tasks +Throughout the wiki and guides there is a lot of references to mix tasks. Since `mix` is a build tool, you can't just call `mix pleroma.task`, instead you should call `pleroma_ctl` stripping pleroma/ecto namespace. + +So for example, if the task is `mix pleroma.user set admin --admin`, you should run it like this: +```sh +su pleroma -s $SHELL -lc "./bin/pleroma_ctl user set admin --admin" +``` + +## Create your first user and set as admin +```sh +cd /opt/pleroma/bin +su pleroma -s $SHELL -lc "./bin/pleroma_ctl user new joeuser joeuser@sld.tld --admin" +``` +This will create an account withe the username of 'joeuser' with the email address of joeuser@sld.tld, and set that user's account as an admin. This will result in a link that you can paste into the browser, which logs you in and enables you to set the password. + +### Updating +Generally, doing the following is enough: +```sh +# Download the new release +su pleroma -s $SHELL -lc "./bin/pleroma_ctl update" + +# Migrate the database, you are advised to stop the instance before doing that +su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate" +``` +But you should **always check the release notes/changelog** in case there are config deprecations, special update steps, etc. + +## Further reading +* [Configuration](config.html) +* [Pleroma's base config.exs](https://git.pleroma.social/pleroma/pleroma/blob/master/config/config.exs) +* [Hardening your instance](hardening.html) +* [Pleroma Clients](clients.html) +* [Emoji pack manager](Mix.Tasks.Pleroma.Emoji.html) |