Pixelfed

Updated 26 September 2019

Pixelfed

Introduction

PixelFed is an image sharing platform based on the ActivityPub protocol.

Preparing a LXC container

We recommend that you install Pixelfed in a separate container and set it up according to the manual.

Installing and configuring PostgreSQL

Install and configure PostgreSQL according to the manual. Replace the dbtest database with pixelfed, and the test user with pixelfed.

Installing and configuring Nginx

Install and configure your Nginx server, then configure PHP-FPM according to the manual.

Installing Pixelfed

Here is how to install Pixelfed from source.

Cache configuration

Redis implements a RAM caching service, based on a hash table. To enable Redis, first install it as a package:

emerge dev-db/redis

Add Redis to autostart and actually start it:

rc-update add redis
 * service redis added to runlevel default
/etc/init.d/redis start
php-fpm | * Starting redis ...                                                [ ok ]

Important

Do not install the dev-php/pecl-redis package, as this will interfere with Pixelfed caching.

Fetching and unpacking Pixelfed

First install the software Pixelfed will need:

emerge -a dev-php/composer

Download the source code from Git:

mkdir -p /var/calculate/www

cd /var/calculate/www

git clone -b dev https://github.com/pixelfed/pixelfed.git pixelfed

cd pixelfed

Assign the necessary permissions and switch to nginx:

chown -R nginx. .

su nginx -s /bin/bash

Copy the .env.example file to .env:

cp .env.example .env

Configure Pixelfed, replacing ~pixelfed.example.org~~ with your site address:

/var/calculate/www/pixelfed/.env

APP_NAME="Pixelfed Example"
APP_URL=https://pixelfed.example.org
APP_DOMAIN="pixelfed.example.org"
ADMIN_DOMAIN="pixelfed.example.org"
SESSION_DOMAIN="pixelfed.example.org"

DB_CONNECTION=pgsql
DB_HOST=localhost
DB_PORT=5432
DB_DATABASE=pixelfed
DB_USERNAME=pixelfed
DB_PASSWORD=pixelfedpass

MAIL_DRIVER=smtp
MAIL_HOST=smtp.example.org
MAIL_PORT=25
MAIL_FROM_ADDRESS="pixelfed@example.org"
MAIL_FROM_NAME="Pixelfed"

To close registration, add the following parameter:

/var/calculate/www/pixelfed/.env

OPEN_REGISTRATION=false

To connect to the distributed ActivePub, add the following parameters:

/var/calculate/www/pixelfed/.env

ACTIVITY_PUB=true
REMOTE_FOLLOW=true
ACTIVITYPUB_INBOX=true
ACTIVITYPUB_SHAREDINBOX=true

Install the required components, create a key and update the cache:

composer install --no-ansi --no-interaction --no-progress --no-scripts --optimize-autoloader

php artisan key:generate

php artisan horizon:install

php artisan config:cache

php artisan route:cache

php artisan migrate --force

php artisan horizon:purge

php artisan storage:link

php artisan cache:clear

php artisan optimize:clear

php artisan optimize

exit

Configuring Nginx for PixelFed

Configure Nginx for pixelfed.example.org:

/etc/nginx/sites-enabled/pixelfed.example.org.conf
upstream php-handler {
    server unix:/run/php-fpm.socket;
}

server {
    listen 80
    server_name pixelfed.example.org;
    root /var/calculate/www/pixelfed/public;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include /etc/nginx/fastcgi.conf;
        fastcgi_pass php-handler;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

Configuring PHP-FPM

Configure the environment PHP-FPM variables:

/etc/php/fpm-php7.2/fpm.d/www.conf
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
env[HOSTNAME] = $HOSTNAME
env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin
env[TMP] = /tmp
env[TMPDIR] = /tmp
env[TEMP] = /tmp

Restart Nginx and PHP-FPM to validate:

nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
/etc/init.d/nginx reload
nginx | * Checking nginx configuration ...                                    [ ok ]
nginx | * Refreshing nginx configuration ...                                  [ ok ]
/etc/init.d/php-fpm restart
php-fpm | * Stopping PHP FastCGI Process Manager ...                          [ ok ]
php-fpm | * Testing PHP FastCGI Process Manager config ...                    [ ok ]
php-fpm | * Starting PHP FastCGI Process Manager ...                          [ ok ]

HTTPS configuration

Getting the Let's Encrypt certificate

Get a pixelfed.example.org domain certificate for Nginx according to the manual.

Enabling HTTPS support in Nginx

Configure Nginx to support HTTPS according to the manual.

HTTPS configuration for PixelFed

Configure Nginx for pixelfed.example.org:

/etc/nginx/sites-enabled/pixelfed.example.org.conf
upstream php-handler {
    server unix:/run/php-fpm.socket;
}

server {
    listen 80;
    server_name pixelfed.example.org;
    rewrite ^ https://$server_name$request_uri? permanent;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name pixelfed.example.org;
    root /var/calculate/www/pixelfed/public;

    ssl_certificate /etc/nginx/ssl/pixelfed.example.org/fullchain.pem;
    ssl_certificate_key /etc/nginx/ssl/pixelfed.example.org/privkey.pem;

    include ssl.conf;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include /etc/nginx/fastcgi.conf;
        fastcgi_pass php-handler;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.(?!well-known).* {
        deny all;
    }
}

Launching the PixelFed daemon for background tasks

Create an OpenRC script to manage PixelFed:

/etc/init.d/pixelfed-horizon
#!/sbin/openrc-run
# Copyright 2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

name="PixelFed-Horizon daemon"
description="PixelFed-Horizon daemon"
pidfile="/run/pixelfed-horizon.log"
command_user=nginx
output_log="/var/log/pixelfed-horizon.log"
error_log="/var/log/pixelfed-horizon.log"
directory="/var/calculate/www/pixelfed"
command="php"
command_args="artisan horizon"
command_background=true

depend() {
        use net
}

start_pre() {
    checkpath -f -o nginx -m 0600 $output_log
}

Define the start permissions:

chmod 755 /etc/init.d/pixelfed-horizon

Launch the daemon:

/etc/init.d/pixelfed-horizon start

Add pixelfed to autostart:

rc-update add pixelfed-horizon

Adding a user

If you disabled registration on the site, use the following command to add your user:

su nginx -s /bin/bash

cd /var/calculate/www/pixelfed

php artisan user:create
Creating a new user...

 Name:
 > Administrator

 Username:
 > admin

 Email:
 > admin@example.org

 Password:
 > 

 Confirm Password:
 > 

 Make this user an admin? (yes/no) [no]:
 > yes

 Manually verify email address? (yes/no) [no]:
 > yes

 Are you sure you want to create this user? (yes/no) [no]:
 > yes

Created new user!

Note

Answer no to the question Manually verify email address if you need to add a user with email address verification.

Video support

Install the video decoders set:

emerge media-video/ffmpeg

Enable the video/mp4 format:

/var/calculate/www/pixelfed/.env

MEDIA_TYPES='image/jpeg,image/png,image/gif,video/mp4'

Update the settings cache of Pixelfed:

su nginx -s /bin/bash

cd /var/calculate/www/pixelfed

php artisan config:cache

Increase the maximum download size for PHP:

/etc/php/fpm-php7.2/php.ini
...
; Maximum size of POST data that PHP will accept.
; Its value may be 0 to disable the limit. It is ignored if POST data reading
; is disabled through enable_post_data_reading.
; http://php.net/post-max-size
post_max_size = 1G
...
; Maximum allowed size for uploaded files.
; http://php.net/upload-max-filesize
upload_max_filesize = 1G
...

Increase the maximum download size for Nginx:

/etc/nginx/sites-enabled/pixfield.calculate.social.conf

...
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
client_max_body_size 10G;
...

Restart Nginx and PHP-FPM:

/etc/init.d/nginx restart

/etc/init.d/php-fpm restart

Updating PixelFed

Fetch the latest source code for PixelFed:

su nginx -s /bin/bash

cd /var/calculate/www/pixelfed

git pull

Now update:

composer install --no-ansi --no-interaction --no-progress --no-scripts --optimize-autoloader

php artisan config:cache

php artisan route:cache

php artisan migrate --force

php artisan horizon:purge

php artisan storage:link

exit

Restart PHP-FPM:

/etc/init.d/php-fpm restart