Pixelfed
Updated 19 May 2020
Introduction
PixelFed is an image sharing platform based on the ActivityPub protocol.
Preparing a LXC container
We recommend that you install Pixelfed in a separate container and set it up according to the manual.
Installing and configuring PostgreSQL
Install and configure PostgreSQL according to the manual. Replace the dbtest database with pixelfed, and the test user with pixelfed.
Installing and configuring Nginx
Install and configure your Nginx server, then configure PHP-FPM according to the manual.
Installing Pixelfed
Here is how to install Pixelfed from source.
Cache configuration
Redis implements a RAM caching service, based on a hash table. To enable Redis, first install it as a package:
emerge dev-db/redis
Add Redis to autostart and actually start it:
* service redis added to runlevel defaultphp-fpm | * Starting redis ... [ ok ]
Important
Do not install the dev-php/pecl-redis package, as this will interfere with Pixelfed caching.
Fetching and unpacking Pixelfed
First install the software Pixelfed will need:
emerge -a dev-php/composer
Download the source code from Git:
mkdir -p /var/calculate/www
cd /var/calculate/www
git clone -b dev https://github.com/pixelfed/pixelfed.git pixelfed
cd pixelfed
Assign the necessary permissions and switch to nginx:
chown -R nginx. .
su nginx -s /bin/bash
Copy the .env.example file to .env:
cp .env.example .env
Configure Pixelfed, replacing ~pixelfed.example.org~~ with your site address:
/var/calculate/www/pixelfed/.env
APP_NAME="Pixelfed Example" APP_URL=https://pixelfed.example.org APP_DOMAIN="pixelfed.example.org" ADMIN_DOMAIN="pixelfed.example.org" SESSION_DOMAIN="pixelfed.example.org" DB_CONNECTION=pgsql DB_HOST=localhost DB_PORT=5432 DB_DATABASE=pixelfed DB_USERNAME=pixelfed DB_PASSWORD=pixelfedpass MAIL_DRIVER=smtp MAIL_HOST=smtp.example.org MAIL_PORT=25 MAIL_FROM_ADDRESS="pixelfed@example.org" MAIL_FROM_NAME="Pixelfed"
To close registration, add the following parameter:
/var/calculate/www/pixelfed/.env
OPEN_REGISTRATION=false
To connect to the distributed ActivePub, add the following parameters:
/var/calculate/www/pixelfed/.env
ACTIVITY_PUB=true REMOTE_FOLLOW=true ACTIVITYPUB_INBOX=true ACTIVITYPUB_SHAREDINBOX=true
To enable the mobile API, run the following:
/var/calculate/www/pixelfed/.env
OAUTH_ENABLED=true
Install the required components, create a key and update the cache:
composer install --no-ansi --no-interaction --no-progress --no-scripts --optimize-autoloader
php artisan key:generate
php artisan horizon:install
php artisan passport:keys
php artisan config:cache
php artisan route:cache
php artisan migrate --force
php artisan horizon:purge
php artisan storage:link
php artisan cache:clear
php artisan optimize:clear
php artisan optimize
exit
Configuring Nginx for PixelFed
Configure Nginx for pixelfed.example.org:
upstream php-handler {
server unix:/run/php-fpm.socket;
}
server {
listen 80
server_name pixelfed.example.org;
root /var/calculate/www/pixelfed/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include /etc/nginx/fastcgi.conf;
fastcgi_pass php-handler;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
Configuring PHP-FPM
Configure the environment PHP-FPM variables:
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env env[HOSTNAME] = $HOSTNAME env[PATH] = /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin env[TMP] = /tmp env[TMPDIR] = /tmp env[TEMP] = /tmp
Restart Nginx and PHP-FPM to validate:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
nginx | * Checking nginx configuration ... [ ok ] nginx | * Refreshing nginx configuration ... [ ok ]
php-fpm | * Stopping PHP FastCGI Process Manager ... [ ok ] php-fpm | * Testing PHP FastCGI Process Manager config ... [ ok ] php-fpm | * Starting PHP FastCGI Process Manager ... [ ok ]
HTTPS configuration
Getting the Let's Encrypt certificate
Get a pixelfed.example.org domain certificate for Nginx according to the manual.
Enabling HTTPS support in Nginx
Configure Nginx to support HTTPS according to the manual.
HTTPS configuration for PixelFed
Configure Nginx for pixelfed.example.org:
upstream php-handler { server unix:/run/php-fpm.socket; } server { listen 80; server_name pixelfed.example.org; rewrite ^ https://$server_name$request_uri? permanent; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name pixelfed.example.org; root /var/calculate/www/pixelfed/public; ssl_certificate /etc/nginx/ssl/pixelfed.example.org/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/pixelfed.example.org/privkey.pem; include ssl.conf; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff"; index index.html index.htm index.php; charset utf-8; location / { try_files $uri $uri/ /index.php?$query_string; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } error_page 404 /index.php; location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi.conf; fastcgi_pass php-handler; fastcgi_index index.php; include fastcgi_params; } location ~ /\.(?!well-known).* { deny all; } }
Launching the PixelFed daemon for background tasks
Create an OpenRC script to manage PixelFed:
#!/sbin/openrc-run # Copyright 2019 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 name="PixelFed-Horizon daemon" description="PixelFed-Horizon daemon" pidfile="/run/pixelfed-horizon.log" command_user=nginx output_log="/var/log/pixelfed-horizon.log" error_log="/var/log/pixelfed-horizon.log" directory="/var/calculate/www/pixelfed" command="php" command_args="artisan horizon" command_background=true depend() { use net } start_pre() { checkpath -f -o nginx -m 0600 $output_log }
Define the start permissions:
chmod 755 /etc/init.d/pixelfed-horizon
Launch the daemon:
/etc/init.d/pixelfed-horizon start
Add pixelfed to autostart:
rc-update add pixelfed-horizon
Adding a user
If you disabled registration on the site, use the following command to add your user:
su nginx -s /bin/bash
cd /var/calculate/www/pixelfed
Creating a new user... Name: > Administrator Username: > admin Email: > admin@example.org Password: > Confirm Password: > Make this user an admin? (yes/no) [no]: > yes Manually verify email address? (yes/no) [no]: > yes Are you sure you want to create this user? (yes/no) [no]: > yes Created new user!
Note
Answer no to the question Manually verify email address if you need to add a user with email address verification.
Video support
Install the video decoders set:
emerge media-video/ffmpeg
Enable the video/mp4 format:
/var/calculate/www/pixelfed/.env
MEDIA_TYPES='image/jpeg,image/png,image/gif,video/mp4'
Update the settings cache of Pixelfed:
su nginx -s /bin/bash
cd /var/calculate/www/pixelfed
php artisan config:cache
Increase the maximum download size for PHP:
... ; Maximum size of POST data that PHP will accept. ; Its value may be 0 to disable the limit. It is ignored if POST data reading ; is disabled through enable_post_data_reading. ; http://php.net/post-max-size post_max_size = 1G ... ; Maximum allowed size for uploaded files. ; http://php.net/upload-max-filesize upload_max_filesize = 1G ...
Increase the maximum download size for Nginx:
/etc/nginx/sites-enabled/pixfield.calculate.social.conf
...
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
client_max_body_size 10G;
...
Restart Nginx and PHP-FPM:
/etc/init.d/nginx restart
/etc/init.d/php-fpm restart
Configuration update
Reset the cache every time you edit the settings in /var/calculate/www/pixelfed/.env. To do this, run the following:
su nginx -s /bin/bash
cd /var/calculate/www/pixelfed
php artisan config:cache
php artisan route:cache
exit
su nginx -s /bin/bash
cd /var/calculate/www/pixelfed
php artisan passport:keys
echo OAUTH_ENABLED=true >>/var/calculate/www/pixelfed/.env
php artisan config:cache
php artisan route:cache
exit
Updating PixelFed
Fetch the latest source code for PixelFed:
su nginx -s /bin/bash
cd /var/calculate/www/pixelfed
git pull
Update the source code with all its components:
composer install --no-ansi --no-interaction --no-progress --no-scripts --optimize-autoloader
Generate OAUTH keys, if you have not done it yet:
php artisan passport:keys
Update the settings and the database:
php artisan config:cache
php artisan route:cache
php artisan migrate --force
php artisan horizon:purge
php artisan storage:link
exit
Restart PHP-FPM:
/etc/init.d/php-fpm restart