Help installing a pod?

I help admin a FB group of 180,000 members called Psychedelics and Philosophy. We’re developing our external website, which I would like to include Diaspora as our social network, and I’ve had a tough go of it. Like a week or two working with dockers, automated install scripts, two or three flavors of linux via the official wiki, and nada.

I see that your community has also moved to Discourse. I hope I can get some help setting this up. I’m interested in using our Discourse forum in conjunction with Diaspora and another piece of software rounding out what should be a useful package of open source, security oriented, anonymity and encryption enabled suite of sites for niche communities such as ours.

I’ll keep an eye on my email, in hopes of a response.
Thank you.

Hi @cryptopher,

Sorry I can’t help you here, but FWIW I posted your call on Diaspora* too. Let’s see what that brings…

1 Like

Thanks! I appreciate the help, @Guido.

Hi @cryptopher, I’m a newbie but I just went through the process of setting up a pod. Hit plenty of issues but finally have one running. What specifically are you running into, possibly I can help.

-Mo

Thank you for responding, @mofig. I’ve had different problems on different platforms. I’m not sure what comes with the official wiki install in the way of an http server. I think I might also be having an issue with my hosts default firewall settings. Would you mind sharing the Linux distribution you’re using, and maybe the address for the instructions you used? That way if I hit an issue it’ll be a familiar territory.

I used Vagrant to install it in a virtual machine running Ubuntu 14 (trusty64). I followed the directions here: https://wiki.diasporafoundation.org/Installation/Ubuntu/Trusty?db=postgres&mode=development#Versions_of_this_guide

From what I’ve seen all the guides are pretty lacking in regards to the http server. Mostly you just need something that can forward port 80 requests to the rails server running on port 3000. Nginx seems pretty easy to setup for this.

1 Like

Also, there’s a sample config file for nginx here: https://gist.github.com/jhass/1355430

took me a little while to figure out what it was doing and what all needed changed, so can probably help there if you go that route.

2 Likes

There are example configs for Nginx, Apache and Caddy in the installation guides in the wiki.

If you run into any problems with the installation then you can ask here or on IRC, but please be specific about the problems. (Which step of the guide are you working on? What is your environment (OS, web server, database)? What exactly doesn’t work? Are there any related errors in the logfiles? etc.)

2 Likes

I have trusty64 installed on a digital ocean account. I followed the instructions here. I didn’t see any errors along the way. I ran ./script/server and it seems to start up ok. Joined the federation thing.

nmap shows the postgres running on one port, and ssh running on another, but I hadn’t installed the nginx yet. Which I have now, and I’m adding the information form this file. I’m just adding the text after the gzip entry on my nginx.conf file on the server. I changed the "example.com’ addresses to the address I’m using “fallth.ru”, and I guess I’m just going to save the file and server the service.

I see I need to set up the lets encrypt certs, as per:

 # SSL setup

# This file should also include any necessary intermediate certificates.
# For example for StartSSL that would be https://www.startssl.com/certs/class1/sha2/pem/sub.class1.server.sha2.ca.pem
# For Let's Encrypt use /etc/letsencrypt/live/diaspora.example.org/fullchain.pem
# and /etc/letsencrypt/diaspora.example.org/privkey.pem
ssl_certificate /path/to/certificate.crt;
ssl_certificate_key /path/to/private_key.key;

# Taken from https://wiki.mozilla.org/Security/Server_Side_TLS
# You might want to make these global

# generate with openssl dhparam 2048 > /path/to/dhparam.pem
ssl_dhparam /path/to/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK';
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:50m;

}

Thats all pretty new to me. i’ll report back.

2 Likes

OK fellas. I did the total encryption setup, via this tut. I had to remove the additional info I added to the nginx.conf file, for when I ran sudo nginx -t it complained that I had added the ‘server’ info in the wrong place. I got the feeling it meant I should be adding stuff to the sites-enabled/default file that seems to serve the config info.

Where should I add the custom config information? To the sites-enabled/default file, the nginx.conf file, another place?

Talk to me like I’m stupid.
Thanks for the help, I really appreciate it!

If you’re only running one site I don’t think there’s a problem having it all in nginx.conf. Want to post your nginx.conf somewhere?

Thanks, give this a shot.

So with only diaspora running you should be able to comment out the includes at the bottom and just put in the server blocks from the example. Like so, but with all the example.com and /path/to/whatever stuff updated:

1 Like

Thanks for that, intricate part of the puzzle.

I’m trying to triage the cascade fail that my server has become. ATM, Nginx fires up, from what ps aux tells me, but it’s got no open ports, from what nmap localhost tells me.

Diaspora will start on command, but it seems to loop. It warns that I should adjust the start up time to greater than 15 seconds, and I’d love to, but I’ve no idea how or where.

PostgreSQL has a port open. I haven’t touched the database config.

I’m think it all wnet pear shaped after I switched from development mode to production. I am installing this on a headless digital ocean trusty64 server. No desktop, and I’m not tony starks enough to use a browser via command line. So, from what I gleemed from another thread, there’s a dev mode app server that serves on localhost, which does fuckall for me, using ssh poorly from the house.

So I switched it to production mode, I think, and compiled the assests, which populated the html folder. I pointed all the shit in nginx to the right encryption stuffs, diaspora/diaspora folder, but I have no idea where to find the socket it wants (unix:path/to/socket). Like I said, only ssh and sql ports open.

I’ve touched diaspora.yml. I changed the url to ‘https://fallth.ru’, updated the path to certificate_authorities, require_ssl: false, rails_environment: ‘production’.

I haven’t touched database.yml.

The socket is important, you can find it in your diaspora.yml. Default is ‘unix:tmp/diaspora.sock’

As for ports, does Digital Ocean have a separate config for opening ports? I usually use AWS, and you have to open up ports in the security configuration.

If none of that, hopefully someone more knowledgeable can chime in.

1 Like

DO runs firewall software. All but http and https are shut down. I’ll check that out in the morning.
'unix:tmp/diaspora.sock'
If that’s where I find the socket setting, awesome.
Thanks for your help, @mofig. You rock.

If you installed diaspora in /path/to/diaspora, then the socket is in /path/to/diaspora/tmp/diaspora.sock.

You should. Otherwise diaspora* can’t connect to the database. Also this step in the installation instructions should have failed: https://wiki.diasporafoundation.org/Installation/Ubuntu/Trusty#Database_setup

1 Like

I appreciate you reaching out, Stephen. Honestly, this project has long outlived it’s worth, and is really just me shaking my fist at the software gods for creating such complicated material.

I’m not smart enough to run this software.

It took a long time to get decent at apache and mysql, not being a programmer, and thinking that I admin because I can identify software packages that seem to work towards my agenda. I know nothing about postresql and nginx and its fucked this project up.

All right, before I sparkle and fade, here was my intent.
I was thinking of having a gluu auth server to create a chain of authenticity for those that want it.
That would secure my nextcloud service. Due to the nature of our community, anonymous access is necessary, and we have a forum as the destination. To be accessible via .onion when I get off my ass and set it up. ANd I was hoping to use Diaspora* for the authenticated or anon social network.

Nextcloud is awesome and I’m not connected to them in anyway. They rep your software hard, using it as a platform for announcements, integrating Diaspora with their shit, and giving Diaspora some legitimacy. There needs to be a way to create a pod that’s not insane.

You don’t need to be a programmer, but you need to be an admin or at least know how to run mysql or postgres and apache or nginx. It should be pretty easy to install to anyone with basic knowledge about how to run a server, but it needs a bit more than only “identify software packages” to run a server securely. So please stop if you don’t know what you’re doing! Try and error with a server reachable from the internet is a pretty bad idea …