Skip to content

Instantly share code, notes, and snippets.

@tingley

tingley/README.md

Forked from ceejbot/README.md
Created April 4, 2017 22:03
Show Gist options
  • Save tingley/dbed08e8bd10a2fd55ea886074a90516 to your computer and use it in GitHub Desktop.
Save tingley/dbed08e8bd10a2fd55ea886074a90516 to your computer and use it in GitHub Desktop.
Download ZIP
How I set up a mastodon instance on AWS with ansible on ubuntu trusty
Raw
README.md
  1. Register a domain name. Buy a cert for it.
  2. Spin up Ubuntu Trusty 14.04 on AWS & point DNS at the instance. Don't bother making user accounts or anything; only somebody with your key should be able to ssh in. Add security group rules allowing https from anywhere, or maybe http if you want to redirect.
  3. Make an EBS volume or raid up some instance stores and mount them on /mnt/mastodon, owned by ubuntu.
  4. Download all the files in this gist to your local controlling host, e.g., your laptop.
  5. Make a file named inventory with [general]\nyour-host.tld in it.
  6. Put all of the *.conf files in this gist into a subdirectory named files.
  7. Put your certs somewhere in the directory & make sure the ansible playbook services.yml is pointing to them.
  8. Run ansible-playbook -i inventory host-setup.yml
  9. Run ansible-playbook -i inventory mastodon.yml
  10. you might get ruby 2.3.3 instead of 2.3.1 in which case you should just edit the Gemfile.
  11. Copy .env.production.sample file into files/env.production. Edit. Set up any implied required external services, like S3 buckets & a mailer. This will take you a bit. Have https://github.com/Tootsuite/mastodon/blob/master/docs/Running-Mastodon/Production-guide.md up while you do this.
  12. NOTE that you need to replace mastodon with ubuntu in the postgres setup. This still needs to be done by hand. (Sorry!)
  13. Run ansible-playbook -i inventory services.yml.

BUGS

  • Not yet in the ansible scripts: cron job setup.
  • Postgres is still on the default volume! Argh.
  • No backups. Argh.
  • Need to write handlers so we stop/start only when the files change.
  • Should use rbenv to get ruby 2.3.1 instead of ruby 2.3.3.
Raw
host-setup.yml
---
- hosts: general
remote_user: ubuntu
vars:
node_version: 6
packages:
- ack-grep
- build-essential
- ffmpeg
- git
- imagemagick
- libpq-dev
- libxml2-dev
- libxslt1-dev
- nginx
- postgresql
- postgresql-contrib
- redis-server
- redis-tools
- ruby2.3
- ruby2.3-dev
tasks:
- name: set readable host name
become: true
hostname: name="{{inventory_hostname}}"
- name: nginx ppa
become: true
apt_repository: >
repo='ppa:nginx/stable'
state=present
- name: ffmpeg for trusty
become: true
apt_repository: >
repo='ppa:mc3man/trusty-media'
state=present
- name: brightbox's ppa for ruby
become: true
apt_repository: >
repo='ppa:brightbox/ruby-ng'
state=present
- name: node ppa
become: true
shell: curl -sL https://deb.nodesource.com/setup_{{node_version}}.x | sudo bash -
- name: install node
become: true
apt: pkg={{item}}={{node_version}}* force=true update_cache=yes
with_items:
- nodejs
- nodejs-dbg
- name: npm install some things
become: true
command: "npm install -g npm@latest json@latest json-diff@latest yarn"
- name: install all apt packages
become: true
apt: pkg={{item}} state=present force=true update_cache=yes
with_items: "{{packages}}"
- name: create cert dir
become: true
file:
path: /mnt/mastodon/certs
state: directory
mode: 0600
- name: copy TLS certs
become: true
copy:
src: "/local/path/to/certs/{{item}}"
dest: "/mnt/mastodon/certs/{{item}}"
mode: 0600
with_items:
- your-cert.pem
- your-cert.key
- name: install bundler
become: true
command: gem install bundler
Raw
mastodon-sidekiq.conf
description "mastodon worker services"
start on filesystem and static-network-up
stop on deconfiguring-networking
respawn
setuid ubuntu
setgid ubuntu
script
cd /mnt/mastodon/live
HOME=/mnt/mastodon/live RAILS_ENV=production DB_POOL=5 bundle exec sidekiq -c 5 -q default -q pull -q mailers -q push
end script
Raw
mastodon-streaming.conf
description "mastodon streaming service"
start on filesystem and static-network-up
stop on deconfiguring-networking
respawn
setuid ubuntu
setgid ubuntu
script
cd /mnt/mastodon/live
NODE_ENV=production PORT=4000 npm start
end script
Raw
mastodon-web.conf
description "mastodon web service"
start on filesystem and static-network-up
stop on deconfiguring-networking
respawn
setuid ubuntu
setgid ubuntu
script
cd /mnt/mastodon/live
RAILS_ENV=production PORT=3000 bundle exec puma -C config/puma.rb
end script
Raw
mastodon.yml
---
- hosts: general
remote_user: ubuntu
vars:
livedir: /mnt/mastodon/live
tasks:
- name: create live dir
become: true
file:
path: "{{livedir}}"
state: directory
owner: ubuntu
group: ubuntu
- name: clone the repo
git: >
repo=https://github.com/Gargron/mastodon.git
dest="{{livedir}}"
update=yes
accept_hostkey=true
- name: install bundler deps
command: bundle install --deployment --without development test chdir="{{livedir}}"
- name: install npm deps
command: yarn install chdir="{{livedir}}"
Raw
nginx.conf
server {
listen 80;
server_name yourserver.tld;
location / {
rewrite ^(.*) https://yourserver.tld$1 permanent;
}
}
server {
listen 443;
server_name yourserver.tld;
ssl on;
ssl_certificate /mnt/mastodon/certs/your-cert.pem;
ssl_certificate_key /mnt/mastodon/certs/your-cert.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
sendfile on;
client_max_body_size 0;
gzip off;
root /home/mastodon/live/public;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
try_files $uri @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass_header Server;
proxy_pass http://localhost:3000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
# this needs 1.13
# proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
location /api/v1/streaming {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://localhost:4000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
# this needs 1.13
# proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;
}
Raw
services.yml
---
- hosts: general
remote_user: ubuntu
vars:
livedir: /mnt/mastodon/live
services:
- web
- sidekiq
- streaming
tasks:
- name: copy production variables
copy:
src: files/env.production
dest: "{{livedir}}/.env.production"
- name: copy nginx config
become: true
copy:
src: files/nginx.conf
dest: /etc/nginx/sites-enabled/rafting.io
- name: restart nginx
become: true
service: name=nginx state=restarted
- name: create upstart config
become: true
copy:
src: "files/mastodon-{{item}}.conf"
dest: "/etc/init/mastodon-{{item}}.conf"
with_items: "{{services}}"
- name: enable all upstart services
become: true
with_items: "{{services}}"
service:
name: "mastodon-{{item}}"
enabled: yes
- name: stop them all
become: true
with_items: "{{services}}"
service:
name: "mastodon-{{item}}"
state: stopped
- name: start them all
become: true
with_items: "{{services}}"
service:
name: "mastodon-{{item}}"
state: started
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment