Distributed social network: Diaspora*. It’s a group of nodes (called pods) independently owned which interoperate to form a network. The project is based upon the free Diaspora software. Diaspora* can interact with other Social networks like Facebook, Twitter, Tumblr and WordPress. There are some tutorials on the wiki page, but the BSD section has inaccurate information as clearly declared in the FreeBSD page. Besides, the procedure involves Ruby on Rails as well, so let me show you a clean step by step HowTo, from installation to user login.
Let’s start with a fresh FreeBSD 9.2 setup with just the following software installed:
pkg_info|cut -d' ' -f1
autoconf-2.69
autoconf-wrapper-20130530
automake-1.14
automake-wrapper-20130530
bash-4.2.45
bison-2.7.1,1
db41-4.1.25_4
dialog4ports-0.1.5_2
gettext-0.18.3.1
gmake-3.82_1
help2man-1.43.3
libexecinfo-1.1_3
libffi-3.0.13
libiconv-1.14_1
libtool-2.4.2_2
libyaml-0.1.4_2
m4-1.4.17,1
p5-Locale-gettext-1.05_3
perl5.12-5.12.5_1
pkgconf-0.9.3
portupgrade-2.4.11.2_1,2
ruby-1.9.3.448,1
ruby19-bdb-0.6.6_1
screen-4.0.3_14About ruby: I found useful to soft link ruby19 to ruby:
ln -s /usr/local/bin/ruby19 /usr/local/bin/ruby
Ok, now install some required packages:
curl
cd /usr/ports/ftp/curl && make install clean
libxml2
cd /usr/ports/textproc/libxml2 && make install clean
libxslt
cd /usr/ports/textproc/libxslt && make install clean
postgresql
cd /usr/ports/databases/postgresql91-server && make install clean
echo 'postgresql_enable="YES"' >> /etc/rc.conf
/usr/local/etc/rc.d/postgresql initdb
/usr/local/etc/rc.d/postgresql start
su - pgsql
createuser -srdP mydiaspora-USR
choose a password
exitImageMagick (and dependencies)
Remember to deselect:
– on ghostscript9-nox11-9.06_4: cups printing support, GS_cups, from GS_omni to GS_xes, GS_mgr*
– on tiff-4.0.3 deselect X11
cd /usr/ports/graphics/ImageMagick-nox11/ && make install clean
SQLite
cd /usr/ports/databases/sqlite3 && make install clean
Redis
cd /usr/ports/databases/redis && make install clean
echo 'redis_enable="YES"' >> /etc/rc.conf
cp /usr/local/etc/redis.conf.sample /usr/local/etc/redis.confFeel free to use the following configuration file slightly edited to better suit this setup.
vi /usr/local/etc/redis.conf
# Redis configuration file example
# Note on units: when memory size is needed, it is possible to specify
# it in the usual form of 1k 5GB 4M and so forth:
#
# 1k => 1000 bytes
# 1kb => 1024 bytes
# 1m => 1000000 bytes
# 1mb => 1024*1024 bytes
# 1g => 1000000000 bytes
# 1gb => 1024*1024*1024 bytes
#
# units are case insensitive so 1GB 1Gb 1gB are all the same.
# By default Redis does not run as a daemon. Use 'yes' if you need it.
# Note that Redis will write a pid file in /var/run/redis.pid when daemonized.
daemonize yes
# When running daemonized, Redis writes a pid file in /var/run/redis.pid by
# default. You can specify a custom pid file location here.
pidfile /var/run/redis/redis.pid
# Accept connections on the specified port, default is 6379.
# If port 0 is specified Redis will not listen on a TCP socket.
port 0
# If you want you can bind a single interface, if the bind option is not
# specified all the interfaces will listen for incoming connections.
#
# bind 127.0.0.1
# Specify the path for the unix socket that will be used to listen for
# incoming connections. There is no default, so Redis will not listen
# on a unix socket when not specified.
#
unixsocket /tmp/redis.sock
unixsocketperm 755
# Close the connection after a client is idle for N seconds (0 to disable)
timeout 0
# TCP keepalive.
#
# If non-zero, use SO_KEEPALIVE to send TCP ACKs to clients in absence
# of communication. This is useful for two reasons:
#
# 1) Detect dead peers.
# 2) Take the connection alive from the point of view of network
# equipment in the middle.
#
# On Linux, the specified value (in seconds) is the period used to send ACKs.
# Note that to close the connection the double of the time is needed.
# On other kernels the period depends on the kernel configuration.
#
# A reasonable value for this option is 60 seconds.
tcp-keepalive 0
# Specify the server verbosity level.
# This can be one of:
# debug (a lot of information, useful for development/testing)
# verbose (many rarely useful info, but not a mess like the debug level)
# notice (moderately verbose, what you want in production probably)
# warning (only very important / critical messages are logged)
loglevel notice
# Specify the log file name. Also 'stdout' can be used to force
# Redis to log on the standard output. Note that if you use standard
# output for logging but daemonize, logs will be sent to /dev/null
logfile /var/log/redis/redis.log
# To enable logging to the system logger, just set 'syslog-enabled' to yes,
# and optionally update the other syslog parameters to suit your needs.
# syslog-enabled no
# Specify the syslog identity.
# syslog-ident redis
# Specify the syslog facility. Must be USER or between LOCAL0-LOCAL7.
# syslog-facility local0
# Set the number of databases. The default database is DB 0, you can select
# a different one on a per-connection basis using SELECT <dbid> where
# dbid is a number between 0 and 'databases'-1
databases 16
################################ SNAPSHOTTING #################################
#
# Save the DB on disk:
#
# save <seconds> <changes>
#
# Will save the DB if both the given number of seconds and the given
# number of write operations against the DB occurred.
#
# In the example below the behaviour will be to save:
# after 900 sec (15 min) if at least 1 key changed
# after 300 sec (5 min) if at least 10 keys changed
# after 60 sec if at least 10000 keys changed
#
# Note: you can disable saving at all commenting all the "save" lines.
#
# It is also possible to remove all the previously configured save
# points by adding a save directive with a single empty string argument
# like in the following example:
#
# save ""
save 900 1
save 300 10
save 60 10000
# By default Redis will stop accepting writes if RDB snapshots are enabled
# (at least one save point) and the latest background save failed.
# This will make the user aware (in an hard way) that data is not persisting
# on disk properly, otherwise chances are that no one will notice and some
# distater will happen.
#
# If the background saving process will start working again Redis will
# automatically allow writes again.
#
# However if you have setup your proper monitoring of the Redis server
# and persistence, you may want to disable this feature so that Redis will
# continue to work as usually even if there are problems with disk,
# permissions, and so forth.
stop-writes-on-bgsave-error yes
# Compress string objects using LZF when dump .rdb databases?
# For default that's set to 'yes' as it's almost always a win.
# If you want to save some CPU in the saving child set it to 'no' but
# the dataset will likely be bigger if you have compressible values or keys.
rdbcompression yes
# Since version 5 of RDB a CRC64 checksum is placed at the end of the file.
# This makes the format more resistant to corruption but there is a performance
# hit to pay (around 10%) when saving and loading RDB files, so you can disable it
# for maximum performances.
#
# RDB files created with checksum disabled have a checksum of zero that will
# tell the loading code to skip the check.
rdbchecksum yes
# The filename where to dump the DB
dbfilename dump.rdb
# The working directory.
#
# The DB will be written inside this directory, with the filename specified
# above using the 'dbfilename' configuration directive.
#
# The Append Only File will also be created inside this directory.
#
# Note that you must specify a directory here, not a file name.
dir /var/db/redis/
################################# REPLICATION #################################
# Master-Slave replication. Use slaveof to make a Redis instance a copy of
# another Redis server. Note that the configuration is local to the slave
# so for example it is possible to configure the slave to save the DB with a
# different interval, or to listen to another port, and so on.
#
# slaveof <masterip> <masterport>
# If the master is password protected (using the "requirepass" configuration
# directive below) it is possible to tell the slave to authenticate before
# starting the replication synchronization process, otherwise the master will
# refuse the slave request.
#
# masterauth <master-password>
# When a slave loses its connection with the master, or when the replication
# is still in progress, the slave can act in two different ways:
#
# 1) if slave-serve-stale-data is set to 'yes' (the default) the slave will
# still reply to client requests, possibly with out of date data, or the
# data set may just be empty if this is the first synchronization.
#
# 2) if slave-serve-stale-data is set to 'no' the slave will reply with
# an error "SYNC with master in progress" to all the kind of commands
# but to INFO and SLAVEOF.
#
slave-serve-stale-data yes
# You can configure a slave instance to accept writes or not. Writing against
# a slave instance may be useful to store some ephemeral data (because data
# written on a slave will be easily deleted after resync with the master) but
# may also cause problems if clients are writing to it because of a
# misconfiguration.
#
# Since Redis 2.6 by default slaves are read-only.
#
# Note: read only slaves are not designed to be exposed to untrusted clients
# on the internet. It's just a protection layer against misuse of the instance.
# Still a read only slave exports by default all the administrative commands
# such as CONFIG, DEBUG, and so forth. To a limited extend you can improve
# security of read only slaves using 'rename-command' to shadow all the
# administrative / dangerous commands.
slave-read-only yes
# Slaves send PINGs to server in a predefined interval. It's possible to change
# this interval with the repl_ping_slave_period option. The default value is 10
# seconds.
#
# repl-ping-slave-period 10
# The following option sets a timeout for both Bulk transfer I/O timeout and
# master data or ping response timeout. The default value is 60 seconds.
#
# It is important to make sure that this value is greater than the value
# specified for repl-ping-slave-period otherwise a timeout will be detected
# every time there is low traffic between the master and the slave.
#
# repl-timeout 60
# Disable TCP_NODELAY on the slave socket after SYNC?
#
# If you select "yes" Redis will use a smaller number of TCP packets and
# less bandwidth to send data to slaves. But this can add a delay for
# the data to appear on the slave side, up to 40 milliseconds with
# Linux kernels using a default configuration.
#
# If you select "no" the delay for data to appear on the slave side will
# be reduced but more bandwidth will be used for replication.
#
# By default we optimize for low latency, but in very high traffic conditions
# or when the master and slaves are many hops away, turning this to "yes" may
# be a good idea.
repl-disable-tcp-nodelay no
# The slave priority is an integer number published by Redis in the INFO output.
# It is used by Redis Sentinel in order to select a slave to promote into a
# master if the master is no longer working correctly.
#
# A slave with a low priority number is considered better for promotion, so
# for instance if there are three slaves with priority 10, 100, 25 Sentinel will
# pick the one wtih priority 10, that is the lowest.
#
# However a special priority of 0 marks the slave as not able to perform the
# role of master, so a slave with priority of 0 will never be selected by
# Redis Sentinel for promotion.
#
# By default the priority is 100.
slave-priority 100
################################## SECURITY ###################################
# Require clients to issue AUTH <PASSWORD> before processing any other
# commands. This might be useful in environments in which you do not trust
# others with access to the host running redis-server.
#
# This should stay commented out for backward compatibility and because most
# people do not need auth (e.g. they run their own servers).
#
# Warning: since Redis is pretty fast an outside user can try up to
# 150k passwords per second against a good box. This means that you should
# use a very strong password otherwise it will be very easy to break.
#
# requirepass foobared
# Command renaming.
#
# It is possible to change the name of dangerous commands in a shared
# environment. For instance the CONFIG command may be renamed into something
# hard to guess so that it will still be available for internal-use tools
# but not available for general clients.
#
# Example:
#
# rename-command CONFIG b840fc02d524045429941cc15f59e41cb7be6c52
#
# It is also possible to completely kill a command by renaming it into
# an empty string:
#
# rename-command CONFIG ""
#
# Please note that changing the name of commands that are logged into the
# AOF file or transmitted to slaves may cause problems.
################################### LIMITS ####################################
# Set the max number of connected clients at the same time. By default
# this limit is set to 10000 clients, however if the Redis server is not
# able to configure the process file limit to allow for the specified limit
# the max number of allowed clients is set to the current file limit
# minus 32 (as Redis reserves a few file descriptors for internal uses).
#
# Once the limit is reached Redis will close all the new connections sending
# an error 'max number of clients reached'.
#
# maxclients 10000
# Don't use more memory than the specified amount of bytes.
# When the memory limit is reached Redis will try to remove keys
# accordingly to the eviction policy selected (see maxmemmory-policy).
#
# If Redis can't remove keys according to the policy, or if the policy is
# set to 'noeviction', Redis will start to reply with errors to commands
# that would use more memory, like SET, LPUSH, and so on, and will continue
# to reply to read-only commands like GET.
#
# This option is usually useful when using Redis as an LRU cache, or to set
# an hard memory limit for an instance (using the 'noeviction' policy).
#
# WARNING: If you have slaves attached to an instance with maxmemory on,
# the size of the output buffers needed to feed the slaves are subtracted
# from the used memory count, so that network problems / resyncs will
# not trigger a loop where keys are evicted, and in turn the output
# buffer of slaves is full with DELs of keys evicted triggering the deletion
# of more keys, and so forth until the database is completely emptied.
#
# In short... if you have slaves attached it is suggested that you set a lower
# limit for maxmemory so that there is some free RAM on the system for slave
# output buffers (but this is not needed if the policy is 'noeviction').
#
# maxmemory <bytes>
# MAXMEMORY POLICY: how Redis will select what to remove when maxmemory
# is reached. You can select among five behaviors:
#
# volatile-lru -> remove the key with an expire set using an LRU algorithm
# allkeys-lru -> remove any key accordingly to the LRU algorithm
# volatile-random -> remove a random key with an expire set
# allkeys-random -> remove a random key, any key
# volatile-ttl -> remove the key with the nearest expire time (minor TTL)
# noeviction -> don't expire at all, just return an error on write operations
#
# Note: with any of the above policies, Redis will return an error on write
# operations, when there are not suitable keys for eviction.
#
# At the date of writing this commands are: set setnx setex append
# incr decr rpush lpush rpushx lpushx linsert lset rpoplpush sadd
# sinter sinterstore sunion sunionstore sdiff sdiffstore zadd zincrby
# zunionstore zinterstore hset hsetnx hmset hincrby incrby decrby
# getset mset msetnx exec sort
#
# The default is:
#
# maxmemory-policy volatile-lru
# LRU and minimal TTL algorithms are not precise algorithms but approximated
# algorithms (in order to save memory), so you can select as well the sample
# size to check. For instance for default Redis will check three keys and
# pick the one that was used less recently, you can change the sample size
# using the following configuration directive.
#
# maxmemory-samples 3
############################## APPEND ONLY MODE ###############################
# By default Redis asynchronously dumps the dataset on disk. This mode is
# good enough in many applications, but an issue with the Redis process or
# a power outage may result into a few minutes of writes lost (depending on
# the configured save points).
#
# The Append Only File is an alternative persistence mode that provides
# much better durability. For instance using the default data fsync policy
# (see later in the config file) Redis can lose just one second of writes in a
# dramatic event like a server power outage, or a single write if something
# wrong with the Redis process itself happens, but the operating system is
# still running correctly.
#
# AOF and RDB persistence can be enabled at the same time without problems.
# If the AOF is enabled on startup Redis will load the AOF, that is the file
# with the better durability guarantees.
#
# Please check http://redis.io/topics/persistence for more information.
appendonly no
# The name of the append only file (default: "appendonly.aof")
# appendfilename appendonly.aof
# The fsync() call tells the Operating System to actually write data on disk
# instead to wait for more data in the output buffer. Some OS will really flush
# data on disk, some other OS will just try to do it ASAP.
#
# Redis supports three different modes:
#
# no: don't fsync, just let the OS flush the data when it wants. Faster.
# always: fsync after every write to the append only log . Slow, Safest.
# everysec: fsync only one time every second. Compromise.
#
# The default is "everysec", as that's usually the right compromise between
# speed and data safety. It's up to you to understand if you can relax this to
# "no" that will let the operating system flush the output buffer when
# it wants, for better performances (but if you can live with the idea of
# some data loss consider the default persistence mode that's snapshotting),
# or on the contrary, use "always" that's very slow but a bit safer than
# everysec.
#
# More details please check the following article:
# http://antirez.com/post/redis-persistence-demystified.html
#
# If unsure, use "everysec".
# appendfsync always
appendfsync everysec
# appendfsync no
# When the AOF fsync policy is set to always or everysec, and a background
# saving process (a background save or AOF log background rewriting) is
# performing a lot of I/O against the disk, in some Linux configurations
# Redis may block too long on the fsync() call. Note that there is no fix for
# this currently, as even performing fsync in a different thread will block
# our synchronous write(2) call.
#
# In order to mitigate this problem it's possible to use the following option
# that will prevent fsync() from being called in the main process while a
# BGSAVE or BGREWRITEAOF is in progress.
#
# This means that while another child is saving, the durability of Redis is
# the same as "appendfsync none". In practical terms, this means that it is
# possible to lose up to 30 seconds of log in the worst scenario (with the
# default Linux settings).
#
# If you have latency problems turn this to "yes". Otherwise leave it as
# "no" that is the safest pick from the point of view of durability.
no-appendfsync-on-rewrite no
# Automatic rewrite of the append only file.
# Redis is able to automatically rewrite the log file implicitly calling
# BGREWRITEAOF when the AOF log size grows by the specified percentage.
#
# This is how it works: Redis remembers the size of the AOF file after the
# latest rewrite (if no rewrite has happened since the restart, the size of
# the AOF at startup is used).
#
# This base size is compared to the current size. If the current size is
# bigger than the specified percentage, the rewrite is triggered. Also
# you need to specify a minimal size for the AOF file to be rewritten, this
# is useful to avoid rewriting the AOF file even if the percentage increase
# is reached but it is still pretty small.
#
# Specify a percentage of zero in order to disable the automatic AOF
# rewrite feature.
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
################################ LUA SCRIPTING ###############################
# Max execution time of a Lua script in milliseconds.
#
# If the maximum execution time is reached Redis will log that a script is
# still in execution after the maximum allowed time and will start to
# reply to queries with an error.
#
# When a long running script exceed the maximum execution time only the
# SCRIPT KILL and SHUTDOWN NOSAVE commands are available. The first can be
# used to stop a script that did not yet called write commands. The second
# is the only way to shut down the server in the case a write commands was
# already issue by the script but the user don't want to wait for the natural
# termination of the script.
#
# Set it to 0 or a negative value for unlimited execution without warnings.
lua-time-limit 5000
################################## SLOW LOG ###################################
# The Redis Slow Log is a system to log queries that exceeded a specified
# execution time. The execution time does not include the I/O operations
# like talking with the client, sending the reply and so forth,
# but just the time needed to actually execute the command (this is the only
# stage of command execution where the thread is blocked and can not serve
# other requests in the meantime).
#
# You can configure the slow log with two parameters: one tells Redis
# what is the execution time, in microseconds, to exceed in order for the
# command to get logged, and the other parameter is the length of the
# slow log. When a new command is logged the oldest one is removed from the
# queue of logged commands.
# The following time is expressed in microseconds, so 1000000 is equivalent
# to one second. Note that a negative number disables the slow log, while
# a value of zero forces the logging of every command.
slowlog-log-slower-than 10000
# There is no limit to this length. Just be aware that it will consume memory.
# You can reclaim memory used by the slow log with SLOWLOG RESET.
slowlog-max-len 128
############################### ADVANCED CONFIG ###############################
# Hashes are encoded using a memory efficient data structure when they have a
# small number of entries, and the biggest entry does not exceed a given
# threshold. These thresholds can be configured using the following directives.
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
# Similarly to hashes, small lists are also encoded in a special way in order
# to save a lot of space. The special representation is only used when
# you are under the following limits:
list-max-ziplist-entries 512
list-max-ziplist-value 64
# Sets have a special encoding in just one case: when a set is composed
# of just strings that happens to be integers in radix 10 in the range
# of 64 bit signed integers.
# The following configuration setting sets the limit in the size of the
# set in order to use this special memory saving encoding.
set-max-intset-entries 512
# Similarly to hashes and lists, sorted sets are also specially encoded in
# order to save a lot of space. This encoding is only used when the length and
# elements of a sorted set are below the following limits:
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
# Active rehashing uses 1 millisecond every 100 milliseconds of CPU time in
# order to help rehashing the main Redis hash table (the one mapping top-level
# keys to values). The hash table implementation Redis uses (see dict.c)
# performs a lazy rehashing: the more operation you run into an hash table
# that is rehashing, the more rehashing "steps" are performed, so if the
# server is idle the rehashing is never complete and some more memory is used
# by the hash table.
#
# The default is to use this millisecond 10 times every second in order to
# active rehashing the main dictionaries, freeing memory when possible.
#
# If unsure:
# use "activerehashing no" if you have hard latency requirements and it is
# not a good thing in your environment that Redis can reply form time to time
# to queries with 2 milliseconds delay.
#
# use "activerehashing yes" if you don't have such hard requirements but
# want to free memory asap when possible.
activerehashing yes
# The client output buffer limits can be used to force disconnection of clients
# that are not reading data from the server fast enough for some reason (a
# common reason is that a Pub/Sub client can't consume messages as fast as the
# publisher can produce them).
#
# The limit can be set differently for the three different classes of clients:
#
# normal -> normal clients
# slave -> slave clients and MONITOR clients
# pubsub -> clients subcribed to at least one pubsub channel or pattern
#
# The syntax of every client-output-buffer-limit directive is the following:
#
# client-output-buffer-limit <class> <hard limit> <soft limit> <soft seconds>
#
# A client is immediately disconnected once the hard limit is reached, or if
# the soft limit is reached and remains reached for the specified number of
# seconds (continuously).
# So for instance if the hard limit is 32 megabytes and the soft limit is
# 16 megabytes / 10 seconds, the client will get disconnected immediately
# if the size of the output buffers reach 32 megabytes, but will also get
# disconnected if the client reaches 16 megabytes and continuously overcomes
# the limit for 10 seconds.
#
# By default normal clients are not limited because they don't receive data
# without asking (in a push way), but just after a request, so only
# asynchronous clients may create a scenario where data is requested faster
# than it can read.
#
# Instead there is a default limit for pubsub and slave clients, since
# subscribers and slaves receive data in a push fashion.
#
# Both the hard or the soft limit can be disabled by setting them to zero.
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
# Redis calls an internal function to perform many background tasks, like
# closing connections of clients in timeot, purging expired keys that are
# never requested, and so forth.
#
# Not all tasks are perforemd with the same frequency, but Redis checks for
# tasks to perform accordingly to the specified "hz" value.
#
# By default "hz" is set to 10. Raising the value will use more CPU when
# Redis is idle, but at the same time will make Redis more responsive when
# there are many keys expiring at the same time, and timeouts may be
# handled with more precision.
#
# The range is between 1 and 500, however a value over 100 is usually not
# a good idea. Most users should use the default of 10 and raise this up to
# 100 only in environments where very low latency is required.
hz 10
# When a child rewrites the AOF file, if the following option is enabled
# the file will be fsync-ed every 32 MB of data generated. This is useful
# in order to commit the file to the disk more incrementally and avoid
# big latency spikes.
aof-rewrite-incremental-fsync yes
################################## INCLUDES ###################################
# Include one or more other config files here. This is useful if you
# have a standard template that goes to all Redis server but also need
# to customize a few per-server settings. Include files can include
# other files, so use this wisely.
#
# include /path/to/local.conf
# include /path/to/other.conf
Start redis key valued data store:
/usr/local/etc/rc.d/redis start
Keep on installing packages:
Git
cd /usr/ports/devel/git && make install clean
RubyGems
cd /usr/ports/devel/ruby-gems/ && make install clean
Gcc
Remember to deselect JAVA
cd /usr/ports/lang/gcc && make install clean
Install the bundler:
gem install bundler
Now clone the core software using git:
cd /usr/local/www
git clone -b master git://github.com/diaspora/diaspora.git
cd diaspora
cp config/database.yml.example config/database.yml
cp config/diaspora.yml.example config/diaspora.ymlYou can use my
database.yml:
postgres: &postgres
adapter: postgresql
host: localhost
port: 5432
username: mydiaspora-USR
password: mydiaspora-PASS
encoding: unicode
# Comment the the mysql line and uncomment the postgres line
# if you want to use postgres
common: &common
<<: *postgres
# Should match environment.sidekiq.concurrency
#pool: 25
##################################################
#### CONFIGURE ABOVE #############################
##################################################
# Normally you don't need to touch anything here
postgres_travis: &postgres_travis
adapter: postgresql
username: postgres
combined: &combined
<<: *common
development:
<<: *combined
database: diaspora_development
production:
<<: *combined
database: diaspora_production
test:
<<: *combined
database: "diaspora_test"
integration1:
<<: *combined
database: diaspora_integration1
integration2:
<<: *combined
database: diaspora_integration2
and
my diaspora.yml:
## Some notes about this file:
## - All comments start with a double #
## - All settings are by default commented out with a single #
## You need to uncomment them in order to work.
## - Take care to keep proper indentation, that is keeping the indentation
## of the original #, with no additional space before the settings
## name.
## - Take care to keep proper quoting. All ' should have a matching ' at
## the end of the same line. Same goes for "
## - Lines containing "## Section" are sections, categories or however you
## like to name them. Do not edit those!
## - Lists need the space after the -
## - true, false and numbers should have no quoting.
## Single words could have none, but doesn't do any harm to them.
##
## You can set and/or override all this settings through environment variables
## with the following conversion rules:
## - Strip the top level namespace (configuration, production, etc.)
## - Build the path to the setting, for example environment.s3.enable
## - Replace the dots with underscores: environment_s3_enable
## - Upcase everything: ENVIRONMENT_S3_ENABLE
## - Specify lists/arrays as comma separated values
##
## - For example, on Heroku:
## heroku config:set SERVICES_FACEBOOK_APP_ID=whateeryourappid SERVICES_FACEBOOK_SECRET=whateeryourappsecret
configuration: ## Section
## Settings you need to change or at least review
## in order for your pod to basically work
environment: ## Section
## Set the hostname of the machine you're running Diaspora on, as seen
## from the internet. This should be the URL you want to use to
## access the pod. So if you plan to reverse proxy it, it should be
## the URL the proxy listens on.
## DO NOT CHNANGE THIS AFTER INITIAL SETUP
## UNLESS YOU KNOW WHAT YOU'RE DOING!
## However changing http to https is okay and has no consequences.
## If you do change it you have to start over as it's hardcoded into
## the database.
url: "https://mydiaspora.tld/"
## Setting the bundle of certificate authorities (CA) certificates.
## This is operating system specific.
## Examples, uncomment one or add your own:
## Debian, Ubuntu, Archlinux, Gentoo (package ca-certificates)
#certificate_authorities: '/etc/ssl/certs/ca-certificates.crt'
## CentOS, Fedora
#certificate_authorities: '/etc/pki/tls/certs/ca-bundle.crt'
certificate_authorities: '/etc/ssl/cert.pem'
## URL for a remote redis.
## Don't forget to restrict the IP access!
## Leave it commented out for the default (localhost)
#redis: 'redis://exmaple_host'
#redis: 'redis://username:[email protected]:6379/0'
redis: 'unix:///tmp/redis.sock'
## Require SSL, default true.
## When set, your pod will force you to use https in production.
## Since OAuth2 requires SSL Diasporas future API might not work if you're not
## on SSL. Also no gurantee that posting to services is given if SSL
## is disabled.
require_ssl: true
## Single process mode
## If set to true Diaspora will work with just the appserver,
## thin by default, running, however this makes it quite slow as
## all the time intensive jobs must be run inside the request cycle.
## So this is higly unrecommended for production setups.
#single_process_mode: true
## Sidekiq - background processing
sidekiq: ## Section
## Number of parallel threads Sidekiq uses
## If you touch this please set the pool setting
## in your database.yml to a value that's at minimum
## close to this! The default value is 5 but you can safely
## increase it to 25 and more on a medium sized pod.
## This applies per started Sidekiq worker, so if you set it to
## 25 and start two workers you'll process up to 50 jobs in parallel.
#concurrency: 25
## Number of times a job is retried
## There's an exponential backoff, if you set this too
## high you might get too many jobs in the queue
## Set this to false to disable it completely
#retry: 10
## Namespace to use in Redis, useful if you need to run
## multiple instances of Diaspora using the same Redis instance
#namespace: "diaspora"
## Lines of backtrace that is stored on failure
## Set this to false if you're not interested in this data to
## reduce memory usage (and log size)
#backtrace: 15
## Log file for Sidekiq
log: "log/sidekiq.log"
## Use Amazon S3 instead of your local filesystem
## to handle uploaded pictures.
s3: ## Section
#enable: true
#key: 'changeme'
#secret: 'changeme'
#bucket: 'my_photos'
#region: 'us-east-1'
# Use max-age header on Amazon S3 resources.
# this would set a max-age value of 1 year
#cache : true
## Related to S3 you can set a url to redirect all requests to uploaded
## images to another host. If you for example set
## https://images.example.org here, all requests made to
## pictures under /uploads/images will be redirected to
## https://images.example.org/uploads/images/...
#image_redirect_url: 'https://images.example.org'
assets: ## Section
## Serve static assets via the appserver.
## This is highly discouraged for production use,
## let your reverse proxy/webserver do it by serving the files
## under public/ directly.
#serve: true
## Upload your assets to S3
#upload: true
## Specify an asset host. Ensure it does not have a trailing slash (/).
#host: http://cdn.example.org/diaspora
## Diaspora is only tested against this default pubsub server.
## You likely don't want to change this.
pubsub_server: 'https://pubsubhubbub.appspot.com/'
## Settings affecting how ./script/server behaves.
server: ## Section
## The port on which the appserver should listen
port: 3000
## The environment in which the server should be started by default.
rails_environment: 'production'
## Write unicorn stderr and stdout log
stderr_log: '/var/log/diaspora/unicorn-stderr.log'
stdout_log: '/var/log/diaspora/unicorn-stdout.log'
## The database type the server should use by default.
## Valid choices are 'mysql' and 'postgres'
database: 'postgres'
## Number of Unicorn worker processes, increase this if
## you have many users
#unicorn_worker: 2
## Number of seconds before a request is aborted, increase if
## you get empty responses, or large image uploads fail.
## Decrease if you're under heavy load and don't care for some
## requests to fail.
#unicorn_timeout: 90
## Embed a Sidekiq worker inside the unicorn process, useful for
## minimal Heroku setups
#embed_sidekiq_worker: true
## Number of Sidekiq worker processes
## Most of the time you want to increase
## environment.sidekiq.concurrency instead!
#sidekiq_workers: 1
## Settings probably affecting the privacy of your users
privacy: ## Section
## Include jQuery from Google's CDN
## This potentially saves you some traffic and speeds up
## load time since most clients already have this one cached
jquery_cdn: true
## Provide a key to enable tracking by Google Analytics
#google_analytics_key:
## Piwik Tracking
## Provide a site ID and the host piwik is running on to enable
## tracking through Piwik.
piwik: ## Section
#enable: true
#host: 'stats.example.org'
#site_id: 1
## Mixpanel event tracking
#mixpanel_uid:
## Chartbeat tracking
#chartbeat_uid:
## General settings
settings: ## Section
## The name of your pod displayed in various locations,
## including the header.
pod_name: "Diaspora*"
## Set this to false to prevent people from signing up for your pod
## without an invitation. Note that this needs to be true even for
## the first registration (you).
enable_registrations: true
## Users will automatically follow a specified account on creation
## Set this to false if you don't want your users to automatically
## follow an account upon creation.
#autofollow_on_join: true
## The diasporahq account helps users start with some activity in
## their stream and get news about Diaspora, but if you don't want
## your server to contact joindiaspora.com, you can change account
## below or set autofollow_on_join to false
#autofollow_on_join_user: '[email protected]'
## Settings about invitations
invitations: ## Section
## Set this to true if you want users to be able to send invites.
open: true
## The default amount of invitiations an invite link has.
## Every user has such a link. Default count is 25, uncomment to set
## another value.
count: 25
## Paypal donations
## You can provide the ID of a hosted Paypal button here to kindly ask
## your users for donations to run their pod. If you leave this out
## we kindly ask your users to donate to the Diaspora Foundation :)
#paypal_hosted_button_id: ""
## Bitcoin donations
## You can provide the bitcoin address here to kindly ask
## your users for donations to run their pod.
#bitcoin_wallet_id: ""
## Community Spotlight
## The community spotlight gives new users a starting point on who
## could be interesting Diasporas community. To add a person
## to the spotlight add the 'spotlight' role to it.
community_spotlight: ## Section
#enable: false
## E-Mail address users can make suggestions about who should be
## in the spotlight to.
#suggest_email: '[email protected]'
## Maximum number of parallel HTTP requests made to other pods
## Be careful, raising this setting will heavily increase the
## memory usage of your Sidekiq workers
#typhoeus_concurrency: 20
## CURL debug
## Turn on extra verbose output when sending stuff. No you
## don't need to touch this unless explicitly told to.
#typhoeus_verbose: true
## Setup E-Mail
mail: ## Section
## First you need to enable it ;)
enable: true
## Sender address used in mail send by Diaspora
sender_address: '[email protected]'
## This selects which mailer should be used. Take 'smtp' for a smtp
## connection, 'sendmail' to use the sendmail binary or
## 'messagebus' to use the messagebus service.
method: 'sendmail'
## Ignore if method isn't 'smtp'
smtp: ## Section
## Host and port of the smtp server handling outgoing mail.
## This should match the common name of the certificate
## the SMTP server sends. If he sends one.
#host: 'smtp.example.org'
#port: 587
## Authentication required to send mail. Use one of 'plain',
## 'login' or 'cram_md5'. Use 'none' if server does not support
## authentication
#authentication: 'plain'
## Credentials to log in to the SMTP server - may be necessary if
## authentication is not 'none'
#username: 'changeme'
#password: 'changeme'
## Automatically enable TLS? Ignored if authentication is set to none
#starttls_auto: true
## The domain for the HELO command if needed
#domain: 'smtp.example.org'
## OpenSSL verify mode used when connecting to a
## SMTP server with TLS. Set this to none if you have
## a self signed certificate. Possible values:
## 'none', 'peer', 'client_once', 'fail_if_no_peer_cert'
#openssl_verify_mode: 'none'
## Ignore if method isn't 'sendmail'
sendmail: ## Section
## The path to the sendmail binary.
location: '/usr/sbin/sendmail'
## Set this to true if you want to use exim and sendmail
#exim_fix: true
## Ignore if method isn't 'messagebus'
#message_bus_api_key: 'abcdef'
## Settings around Diasporas capabilities to post to services
services: ## Section
## OAuth credentials for Facebook:
facebook: ## Section
#enable: true
#app_id: 'abcdef'
#secret: 'changeme'
## OAuth credentials for Twitter:
twitter: ## Section
#enable: true
#key: 'abcdef'
#secret: 'changeme'
## OAuth credentials for Tumblr
tumblr: ## Section
#enable: true
#key: 'abcdef'
#secret: 'changeme'
## OAuth credentials for Wordpress
wordpress: ## Section
#enable: true
#client_id: 'abcdef'
#secret: 'changeme'
## Settings relevant to administrators
admins: ## Section
## Set the admin account.
## This doesn't make the user an admin but is used when a generic
## admin contact is neeeded, much like the postmaster role in mail
## systems. Set only the username, NOT the full ID.
account: "podmaster"
## E-Mail address users can contact the administrator
podmin_email: '[email protected]'
## Here you can make overides to settings defined above if you need
## to have them different in different environments.
production: ## Section
environment: ## Section
#redis_url: 'redis://production.example.org:6379'
development: ## Section
environment: ## Section
#redis_url: 'redis://production.example.org:6379'
Here is the Gemfile adjusted to properly work with postgresql.
vi Gemfile
########################################################
source 'https://rubygems.org'
gem 'rails', '3.2.13'
# Appserver
gem 'unicorn', '4.6.3', :require => false
# API and JSON
gem 'acts_as_api', '0.4.1'
gem 'json', '1.8.0'
# Authentication
gem 'devise', '3.0.2'
# Background processing
gem 'sidekiq', '2.11.1'
gem 'sinatra', '1.3.3'
gem 'slim', '1.3.9'
# Configuration
gem 'configurate', '0.0.8'
# Cross-origin resource sharing
gem 'rack-cors', '0.2.8', :require => 'rack/cors'
# Database
ENV['DB'] ||= 'pg'
gem 'mysql2', '0.3.13' if ENV['DB'] == 'all' || ENV['DB'] == 'mysql'
gem 'pg', '0.17.0' if ENV['DB'] == 'all' || ENV['DB'] == 'postgres'
gem 'activerecord-import', '0.3.1'
gem 'activerecord-postgresql-adapter', '0.0.1'
gem 'foreigner', '1.4.2'
# File uploading
gem 'carrierwave', '0.9.0'
gem 'fog', '1.14.0'
gem 'mini_magick', '3.6.0'
gem 'remotipart', '1.2.1'
# Localization
gem 'http_accept_language', '1.0.2'
gem 'i18n-inflector-rails', '~> 1.0'
gem 'rails-i18n', '0.7.4'
# Mail
gem 'markerb', '1.0.1'
gem 'messagebus_ruby_api', '1.0.3'
# Parsing
gem 'nokogiri', '1.6.0'
gem 'rails_autolink', '1.1.0'
gem 'redcarpet', '3.0.0'
gem 'roxml', '3.1.6'
gem 'ruby-oembed', '0.8.8'
gem 'opengraph_parser', '0.2.3'
# Please remove when migrating to Rails 4
gem 'strong_parameters'
# Services
gem 'omniauth', '1.1.4'
gem 'omniauth-facebook', '1.4.1'
gem 'omniauth-tumblr', '1.1'
gem 'omniauth-twitter', '1.0.0'
gem 'twitter', '4.8.1'
gem 'omniauth-wordpress','0.2.0'
# Tags
gem 'acts-as-taggable-on', '2.4.1'
# URIs and HTTP
gem 'addressable', '2.3.5', :require => 'addressable/uri'
gem 'faraday', '0.8.8'
gem 'faraday_middleware', '0.9.0'
gem 'typhoeus', '0.6.3'
# Views
gem 'client_side_validations', '3.2.5'
gem 'gon', '4.1.1'
gem 'haml', '4.0.3'
gem 'mobile-fu', '1.2.1'
gem 'will_paginate', '3.0.4'
### GROUPS ####
group :assets do
# Icons
gem 'entypo-rails'
# CSS
gem 'bootstrap-sass', '2.2.2.0'
gem 'compass-rails', '1.0.3'
gem 'sass-rails', '3.2.6'
# Compression
gem 'uglifier', '2.1.2'
# JavaScript
gem 'handlebars_assets', '0.12.0'
gem 'jquery-rails', '2.1.4'
# Windows and OSX have an execjs compatible runtime built-in, Linux users should
# install Node.js or use 'therubyracer'.
#
# See https://github.com/sstephenson/execjs#readme for more supported runtimes
gem 'therubyracer', :platform => :ruby
end
group :production do # we don't install these on travis to speed up test runs
# Administration
gem 'rails_admin', '0.4.9'
# Analytics
gem 'rack-google-analytics', '0.11.0', :require => 'rack/google-analytics'
gem 'rack-piwik', '0.2.2', :require => 'rack/piwik'
# Click-jacking protection
gem 'rack-protection', '1.2'
# Process management
gem 'foreman', '0.62'
# Redirects
gem 'rack-rewrite', '1.3.3', :require => false
gem 'rack-ssl', '1.3.3', :require => 'rack/ssl'
# Third party asset hosting
gem 'asset_sync', '1.0.0', :require => false
end
group :development do
# Comparison images
gem 'rmagick', '2.13.2', :require => false
# Automatic test runs
gem 'guard-cucumber', '1.4.0'
gem 'guard-rspec', '3.0.2'
gem 'rb-fsevent', '0.9.3', :require => false
gem 'rb-inotify', '0.9.0', :require => false
# Preloading environment
gem 'guard-spork', '1.5.1'
gem 'spork', '1.0.0rc3'
end
group :test do
# RSpec (unit tests, some integration tests)
gem 'fixture_builder', '0.3.6'
gem 'fuubar', '1.1.1'
gem 'rspec-instafail', '0.2.4', :require => false
gem 'test_after_commit', '0.2.0'
# Cucumber (integration tests)
gem 'capybara', '2.1.0'
gem 'database_cleaner', '1.1.0'
gem 'selenium-webdriver', '2.34.0'
# General helpers
gem 'factory_girl_rails', '4.2.1'
gem 'timecop', '0.6.1'
gem 'webmock', '1.13.0', :require => false
end
group :development, :test do
# RSpec (unit tests, some integration tests)
gem "rspec-rails", '2.13.2'
# Cucumber (integration tests)
gem 'cucumber-rails', '1.3.1', :require => false
# Jasmine (client side application tests (JS))
gem 'jasmine', '1.3.2'
gem 'sinon-rails', '1.7.3'
end
Proceed with gems installation:
RAILS_ENV=production bundle install --without test development
RAILS_ENV=production bundle exec rake db:create db:schema:load
bundle exec rake assets:precompileYou know, it’s possible to put a reverse proxy in front of diaspora. Let’s install nginx and remember to select http_ssl.
cd /usr/ports/www/nginx && make install clean
echo 'nginx_enable="YES"' >> /etc/rc.conf
cd /usr/local/etc/nginx
mkdir ssl
cd ssl
openssl genrsa -out mydiaspora.tld.key 2048
openssl req -new -x509 -key mydiaspora.tld.key -out mydiaspora.tld.cert -days 3650 -subj /CN=mydiaspora.tld
cd ..You can use the following configuration to get a reverse proxy for diaspora*.
vi nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
gzip on;
upstream diaspora_server {
server 127.0.0.1:3000;
}
server {
listen 80;
listen [::]:80;
server_name mydiaspora.tld;
rewrite ^/(.*) https://mydiaspora.tld/$1 permanent;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root /usr/local/www/nginx;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/local/www/nginx-dist;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
server {
listen 443;
listen [::]:443;
server_name mydiaspora.tld;
client_max_body_size 5M;
root /usr/local/www/diaspora/public;
ssl on;
ssl_certificate ssl/mydiaspora.tld.cert;
ssl_certificate_key ssl/mydiaspora.tld.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH;
ssl_session_cache shared:SSL:10m;
ssl_prefer_server_ciphers on;
try_files $uri @diaspora;
location @diaspora {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://diaspora_server;
}
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}
}
}
Start the http daemon:
/usr/local/etc/rc.d/nginx start
Verify nginx is listening as supposed to:
[[email protected] ~]# sockstat |grep www
www nginx 4205 6 tcp4 *:80 *:*
www nginx 4205 7 tcp6 *:80 *:*
www nginx 4205 8 tcp4 *:443 *:*
www nginx 4205 9 tcp6 *:443 *:*
www nginx 4205 10 stream -> ??
[[email protected] ~]#
Everything is ready now, so it’s time to start diaspora. I wrote down a weird startup script you can launch from rc.local (actually old-fashioned, I know):
cd /usr/local/www/diaspora
vi start-diaspora.sh
#!/bin/sh
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:~/bin
export PATH
cd /usr/local/www/diaspora/
./script/server &
Make it executable:
chmod +x start-diaspora.sh
Call it from rc.local (touch it if it’s not there already):
vi /etc/rc.local
#!/bin/sh
/usr/local/www/diaspora/start-diaspora.sh
Let rc.local be executable:
chmod +x /etc/rc.local
Fire up:
/etc/rc.local
Verify the tcp socket:
[[email protected] ~]# sockstat |grep ruby
root ruby19 864 11 tcp4 *:3000 *:*
root ruby19 864 12 tcp4 127.0.0.1:48779 127.0.0.1:5432
root ruby19 863 11 tcp4 *:3000 *:*
root ruby19 863 12 tcp4 127.0.0.1:37397 127.0.0.1:5432
root ruby19 853 9 tcp4 127.0.0.1:42653 127.0.0.1:5432
root ruby19 853 12 stream -> /tmp/redis.sock
root ruby19 853 13 stream -> /tmp/redis.sock
root ruby19 852 11 tcp4 *:3000
Well, point your browser to https://mydiaspora.tld and sign in. What you have now is a working deployment of Diaspora* on a FreeBSD system.
Last recommended step is to make yourself admin (using the username):
bundle exec rails console production
Role.add_admin User.where(username: "the_username").first.person
exit
You can now connect to https://mydiaspora.tld/admin_panel . That’s it.
Be aware that this is just a quick step by step guide: you should read all the documents on Diaspora website to make any sort of customisation.
How to install and configure Diaspora* 0.2.0.0 on FreeBSD 9.2 by Antonio Prado is licensed under a Creative Commons Attribution-ShareAlike 4.0 International