How to install diaspora*, decentralized social network, on Debian 10 — installation guide for beginners
This article shows you how to install diaspora* 0.7.14.0 on Debian 10.
0. Introduction
What is “diaspora*” ?
https://www.howtoforge.com/how-to-install-diaspora-decentralized-social-media-on-debian-10/
Diaspora is an open-source, privacy-aware, and distributed social network. It consists of a group of independently deployed and owned nodes which interoperate to create the network. Diaspora is a social network that focused on three philosophy, decentralization, freedom, and privacy.
Manual installation is preferred
I assume that maybe you were looking for a way of installing diaspora* with a tool such as Docker or Ansible.
I understand you would prefer an isolated environment so that you could remove packages whenever you would like to.
However, unfortunately, neither Docker nor Ansible playbook is supported officially as of now. Technically, Docker support has been implemented here, but it lacks documentation and is mainly for development. See: https://github.com/diaspora/diaspora/pull/7870#issuecomment-429594392
Bitnami installer is officially discouraged
There is also an installer by Bitnami provided here.
However, keep in mind that it is not officially supported. It is also discouraged by the develpment team.
https://discourse.diasporafoundation.org/t/noob-using-bitnami-ports-and-security-help/3202/2
The general advice is “don’t use Bitnami or anything else that claims to be able to set up diaspora*”, because they can’t. Our official installation docs are found in the wiki, and they explain everything, including the config files.
Though it is not clear if it means that they cannot create an installer properly because of technical limitation of some sort or that they are just poor at programming, there is a lot of reports at the official forum about the bitnami installer's issue.
Basically, the only recommended way of installing diaspora* is to install packages and configure them manually, including a web server, a SSL certificate, etc.
Official instructions are for advanced users
There are instructions for installation on the official wiki page, but probably it is safe to say that they are for advanced users. There you are expected to have set up a web server and a database software and configured them already, which is a tough task for beginners.
Acknowledgement
The article is based on: https://www.howtoforge.com/how-to-install-diaspora-decentralized-social-media-on-debian-10/. I tried these commands by myself and verified it worked on Debian 10. Below I tweaked only tiny parts to improve the instruction. Huge thanks to the author of the original article!
Disclaimer
This guide is written for Debian 10. It is not tested for neither previous nor future versions. The name or version of the packages may change, so please make sure that you are installing proper packages.
For the latest information, please consult the documentations on the official wiki and the project page at GitHub. The FAQ page for server administrators is worth checking when you experience an issue.
As of now, the latest version of diaspora* is 0.7.14.0.
1. Initial server setup
Before proceeding, you should not forget to configure the basic security setting of your machine. Initial Server Setup with Debian 10 on DigitalOcean is a nice guide for beginners.
Now the basic security setting has been configured, let's start installation.
First, log in as root if you are not.
$ su - root
(If you are familiar with sudo already, you can safely run these commands below with # with sudo, after adding the current user to sudo group with root user.)
Next, update system packages.
# apt update && apt upgrade -y
Since this instruction uses vim as a text editor, install vim. You'll need sudo too.
# apt install vim sudo
Of course, you could choose your favorite text editor such as emacs and nano.
2. Install dependencies
First, install the basic packages to install diaspora* with this command:
# apt install build-essential cmake gnupg2 libssl-dev libcurl4-openssl-dev libxml2-dev libxslt-dev imagemagick ghostscript curl libmagickwand-dev git libpq-dev redis-server nodejs postgresql
Start redis-server
Let's start redis-server.
# systemctl start redis-server
# systemctl enable redis-server
Start postgresql
Start postgresql too.
# systemctl start postgresql
# systemctl enable postgresql
3. Create a new user on postgresql
Here we are going to add a user on postgresql, a database software.
Since we have installed and started it already, log in to the postgresql shell with:
# sudo -i -u postgres psql
First, change the password for the default user by running this command.
postgres=# \password postgres
Then, run the command below to create a database user diaspora. Please do not forget to replace yourpassword with a new one.
postgres=# CREATE USER diaspora WITH CREATEDB PASSWORD 'yourpassword';
Those information will be required later when we configure diaspora* (step 6), so please take a note of them.
Now the database user has been added, run exit to log out from postgres shell.
postgres=# exit
4. Create a new user on Debian to install diaspora*
Now let's add a new user diaspora to Debian, with which you'll install diaspora*.
First, make sure you are on root. If you are not, run this command to log in to root user: $ su - root.
Please run this command to add diaspora.
# adduser --disabled-login diaspora
Do not forget to set a password of the user.
# passwd diaspora
Let's add the user to sudo group.
# usermod -aG sudo diaspora
5. Install ruby with rvm
Before installing diaspora*, we need to install ruby for the user.
In this instruction we are going to use RVM (Ruby Bersion Manager) to install ruby 2.6, the supported version for diaspora* as of now.
Install GPG keys
First, before installing RVM, log in to diaspora with this command:
# su - diaspora
Then, add GPG keys to proceed with RVM installation.
In order to add them, run the command on this official page here: https://rvm.io/rvm/install#install-gpg-keys.
Since the GPG keys can be revoked and replaced with new ones any time, please do not forget to check the latest information. Also, please remember not to copy and paste GPG key values from a third party website.
Install and load RVM
After installing the keys, let's install the stable RVM.
$ curl -sSL https://get.rvm.io | bash -s stable
Then, load the RVM's script with:
$ source /home/diaspora/.rvm/scripts/rvm
Install ruby 2.6
Note: the required version of ruby may change in the future. Before installing ruby, please consult the installation guide on the official wiki for the supported version.
As of now, ruby 2.6 is recommended, so let's install it with RVM:
$ rvm install 2.6
6. Install and configure diaspora*
In this step we are finally going to install diaspora*.
At first, confirm you are logged in as diaspora. If not, run this command: $ su - diaspora.
Download source code
Run this command to download the latest stable source code of diaspora*.
$ git clone -b master https://github.com/diaspora/diaspora.git
If you are willing to test/develop diaspora*, switch to develop branch.
Note: if master branch cannot be found, it is likely that it has been renamed to main branch. In this case, run instead: $ git clone -b main https://github.com/diaspora/diaspora.git.
Copy configuration files
Next, move to the source code directory, where you are going to install diaspora*.
$ cd diaspora
Here you are required to configure two configuration files, one for the database connection (database.yml) and the other for diaspora* itself (diaspora.yml).
First, let's copy example configuration files by running these two commands.
$ cp config/database.yml.example config/database.yml
$ cp config/diaspora.yml.example config/diaspora.yml
Note: in a future version, diaspora.yml.example will be replaced with dispora.toml.example. In case you cannot find diaspora.yml.example, try this command instead: $ cp config/diaspora.toml.example config/diaspora.toml.
Edit database configuration file
At first, we are going to configure database.yml. Open the file on vim with:
$ vim config/database.yml
Inside the file, there should be a postgresql section.
postgresql: &postgresql
adapter: postgresql
host: "localhost"
port: 5432
username: "diaspora"
password: "yourpassword"
encoding: unicode
Please replace yourpassword with your own password which you have set on the step 3 above.
After editing, save the change and close the file.
Edit diaspora* configuration file
Next, open diaspora.yml inside config folder.
$ vim config/diaspora.yml
Note: If you cannot find diaspora.yml, try this command: $ vim config/diaspora.toml.
There are many options you would like to change later (enabling/disabling of account creation, captcha on creating account, etc.), but for now let's just edit something important.
The critical configurations are url, certificate_authorities, and rails_environment.
url
First, look for url under environment, and replace it with the domain where you are going to host a diaspora* instance.
Since we are going to serve a diaspora* instance on HTTPS, do not forget add the domain with https://.
As said explicitly in the configuration file, you cannot change the value later. So please be careful to pick a right domain!
certificate_authorities
Next, we need to set certificate authorities.
Just under the url setting, there should be the line which starts from #certificate_authorities.
Since we are on Debian, remove # of the first one. It should be like certificate_authorities = "/etc/ssl/certs/ca-certificates.crt".
rails_environment
Then, let's set the rails environment value to production.
Under server section, there should be the line which starts with #rails_environment. Please remove the hash and set it to rails_environment = "production".
Disable captcha on registration
Since captcha does not work well, you have to disable it as of now. See: https://github.com/diaspora/diaspora/issues/6828
Under settings and captcha section, there should be option enable. Please set it to enable: false.
After those changes, the configuration file should be set as below.
configuration: ## Section
...
environment: ## Section
...
url: "https://example.com"
certificate_authorities: '/etc/ssl/certs/ca-certificates.crt'
...
server: ## Section
rails_environment: 'production'
...
settings: ## Section
...
captcha: ## Section
enable: false
...
where https://example.com should be your own domain with https://.
Install gem and ruby libraries
Here we are going to install applications required for diaspora*. On diaspora user, run these commands to install them.
$ gem install bundler
$ script/configure_bundler
$ bin/bundle install --full-index
Migrate database
Run this command to migrate the database.
$ RAILS_ENV=production bundle exec rake db:create db:migrate
Compile assets
Run this command to compile assets.
$ RAILS_ENV=production bin/rake assets:precompile
Here diaspora* has been installed on your system. Below we are going to prepare the system for running and serving it properly.
7. Set up diaspora* as a service
Now, we are going to set up diaspora* to run as a service.
First, log in as root.
$ su - root
Next, move to the directory below:
# cd /etc/systemd/system/
Inside the directory, we are going to create three files, diaspora.target, diaspora-web.service, and diaspora-sidekiq.service.
diaspora.target
Create a new file with vim.
# vim diaspora.target
Copy and paste the configuration below to the file.
[Unit]
Description=Diaspora social network
Wants=postgresql.service
Wants=redis-server.service
After=redis-server.service
After=postgresql.service
[Install]
WantedBy=multi-user.target
Save and close it.
diaspora-web.service
Next, create a new service for diaspora web interface:
# vim diaspora-web.service
Copy and paste the configuration:
[Unit]
Description=Diaspora social network (unicorn)
PartOf=diaspora.target
StopWhenUnneeded=true
[Service]
User=diaspora
Environment=RAILS_ENV=production
WorkingDirectory=/home/diaspora/diaspora
ExecStart=/bin/bash -lc "bin/bundle exec unicorn -c config/unicorn.rb -E production"
Restart=always
[Install]
WantedBy=diaspora.target
Save and close it.
diaspora-sidekiq.service
Finally, create a new service for the monitoring service:
# vim diaspora-sidekiq.service
Copy and paste the configuration:
[Unit]
Description=Diaspora social network (sidekiq)
PartOf=diaspora.target
StopWhenUnneeded=true
[Service]
User=diaspora
Environment=RAILS_ENV=production
WorkingDirectory=/home/diaspora/diaspora
ExecStart=/bin/bash -lc "bin/bundle exec sidekiq"
Restart=always
[Install]
WantedBy=diaspora.target
Save and close it.
Register services
Here we are going to set those services to run automatically on reboot.
First, reload the systemctl daemon.
# systemctl daemon-reload
Next, enable those services with this command.
# systemctl enable diaspora.target diaspora-sidekiq.service diaspora-web.service
Run diaspora.target to start the two services.
# systemctl start diaspora.target
In order to check if they are up and running, run these commands.
# systemctl status diaspora-web
# systemctl status diaspora-sidekiq
8. Install SSL certificate with certbot
Install certbot
In this instruction we are going to use certbot by EFF to obtain Let's Encrypt certificates automatically.
First, install certbot.
# apt install certbot
Obtain Let's Encrypt certificate
Then, run this command to make certbot obtain the SSL certificate.
# certbot certonly --rsa-key-size 2048 --standalone --agree-tos --no-eff-email --email example@example.com -d example.com
Please do not forget to replace the email address (example@example.com) and domain (example.com). Since you may receive important information later, such as a SSL expiration warning, you should use a reachable email address.
Also, please note that there are rate limits on Let's Encrypt. You should be careful not to exceed the limit, otherwise you would need to wait one week until it becomes possible again to obtain the certificate for the same domain.
Renewals are treated specially: they don’t count against your Certificates per Registered Domain limit, but they are subject to a Duplicate Certificate limit of 5 per week.
Exceeding the Duplicate Certificate limit is reported with the error message
too many certificates already issued for exact set of domains.
9. Install and configure the web server
Here, we are going to install and configure nginx to serve diaspora* with HTTPS.
First, let's install nginx.
# apt install nginx
Create a configuration file
Then, create a configuration file with vim.
# vim /etc/nginx/sites-available/diaspora
Copy and paste the configuration below. Please don't forget to replace example.com with your own domain.
upstream diaspora_server {
server unix:/home/diaspora/diaspora/tmp/diaspora.sock;
}
server {
listen 80;
listen [::]:80;
server_name example.com;
return 301 https://example.com$request_uri;
access_log /dev/null;
error_log /dev/null;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
access_log /var/log/nginx/dspr-access.log;
error_log /var/log/nginx/dspr-error.log;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
ssl_ecdh_curve X25519:P-521:P-384:P-256;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
root /home/diaspora/diaspora/public;
client_max_body_size 5M;
client_body_buffer_size 256K;
try_files $uri @diaspora;
location /assets/ {
expires max;
add_header Cache-Control public;
}
location @diaspora {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://diaspora_server;
}
}
Activate and run nginx
Next, activate the server configuration with the command below.
# ln -s /etc/nginx/sites-available/diaspora /etc/nginx/sites-enabled/
Before enabling nginx, let's check if configuration is correct.
# nginx -t
Please correct an error if any.
After checking the configuration, restart the server and set it to run on reboot automatically.
# systemctl restart nginx
# systemctl enable nginx
Install certbot plug-in for nginx
Next, install python-certbot-nginx. This is required for certbot to renew a SSL certificate for you.
# apt install certbot python-certbot-nginx
Let's test if certbot should work properly. With --dry-run you can simulate the renewal and test if there would be something wrong.
# certbot renew --dry-run
If you get the message Congratulations, all renewals succeeded. it should be fine. From now on, certbot will take care of certificate renewal for you.
Now, your diaspora* instance should be up and ready!
Please go to your domain for diaspora* on a web browser, and you should be able to visit your diaspora* instance.
10. Maintenance
Update diaspora*
Courtesy of: https://stanislas.blog/2018/02/setup-diaspora-pod-debian-ubuntu/
If you are doing a major version update, please follow the instruction on the official wiki page.
In order to update diaspora*, log in to diaspora user with this command.
# su - diaspora
Before updating, stop the diaspora* services with this command (with sudo).
$ sudo systemctl stop diaspora.target
To update diaspora* source code, go to the diaspora* directory and get the latest source code with this command.
$ cd diaspora && git pull
In order to update dependencies, run these commands.
$ gem install bundler
$ bin/bundle --full-index
To update the database, run this command.
$ RAILS_ENV=production bin/rake db:migrate
To compile assets again, run:
$ RAILS_ENV=production bin/rake assets:precompile
To reflect those changes, start diaspora* services.
$ sudo systemctl start diaspora.target
Backup
To backup the database, run this command to make a dump of it.
$ sudo -u postgres pg_dump diaspora_production > diaspora.sql
To backup the whole folder of the diaspora* installation, this command creates a zipped archive for you.
$ tar -czvf diaspora.tar.gz /home/diaspora/diaspora
Please do not forget to download them on a safe and isolated environment.
Too difficult?
If those steps are too complex and difficult for you, you can open your account on any public instances as advised on the official wiki page.
However, before doing so, you are expected to conduct due diligence. For there could be server administrators who were going to spy on you on their diaspora* instance.
https://mastodon.technology/@ctonysem/105621677595253667
Unless #E2EE is implemented you would still have to trust someone, and there could be malicious actors too.
If you are going to use public instances, please be careful. You should conduct due diligence by yourself; who manages the server, how they are financed etc...
Copyright © 2021 Suguru Hirahara. This work is available under GNU Free Documentation License, Version 1.3 or any later version published by the Free Software Foundation. See https://blog.progressiv.dev/yq31akw3jj for copying conditions.