Plume

来自MalacoKnowledge
imported>Malacology2022年5月30日 (一) 00:18的版本 (init)
(差异) ←上一版本 | 最后版本 (差异) | 下一版本→ (差异)

安装

本文介绍更为复杂的 postgres,sqlite 操作也包括在内

$ yay -S plume-postgres
$ yay -S plume-sqlite

Postgresql

前期操作见 PostgreSQL

# sudo -u postgres createuser -d -P plume
# sudo -u postgres createdb -O plume plume

配置

根据你的需要修改 /usr/share/webapps/plume/.env

openssl rand -base64 32

得到ROCKET_SECRET_KEY的数值

cd /usr/share/webapps/plume

plm migration run plm search init plm instance new --private --domain DOMAIN --name 'Site_Name' -l 'CC-BY' plm users new --admin --name 'admin_name' --display-name 'display_name' --password 'passwd' --bio "I'm Kate." --email '[email protected]'

chown -R plume:plume *

openssl

openssl dhparam -out /etc/letsencrypt/ssl-dhparam_plume.pem 4096

为 Nginx 配置使用 ## nginx

server {
   listen 80;
   listen [::]:80;
   server_name DOMAIN;
   location /.well-known/acme-challenge {}
   location / {
       return 301 https://$host$request_uri;
   }

}

server {

   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   server_name DOMAIN;
   access_log  /var/log/nginx/access.log;
   root /usr/share/webapps/plume ;
   ssl_certificate /etc/letsencrypt/live/DOMAIN/fullchain.pem;
   ssl_certificate_key /etc/letsencrypt/live/DOMAIN/privkey.pem;
   # for ssl conf: https://cipherli.st/
   ssl_protocols TLSv1.2 TLSv1.3;# Requires nginx >= 1.13.0 else use TLSv1.2
   ssl_prefer_server_ciphers on;
   ssl_dhparam /etc/letsencrypt/ssl-dhparam_plume.pem;# openssl dhparam -out /etc/letsencrypt/ssl-dhparam.pem 4096
   ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384;
   ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
   ssl_session_timeout  10m;
   ssl_session_cache shared:SSL:10m;
   ssl_session_tickets off; # Requires nginx >= 1.5.9
   ssl_stapling on; # Requires nginx >= 1.3.7
   ssl_stapling_verify on; # Requires nginx => 1.3.7
   resolver 9.9.9.9 80.67.169.12 valid=300s;
   resolver_timeout 5s;
   add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
   add_header X-Frame-Options DENY;
   add_header X-Content-Type-Options nosniff;
   add_header X-XSS-Protection "1; mode=block";
   add_header Content-Security-Policy "default-src 'self' 'unsafe-inline'; frame-ancestors 'self'; frame-src https:";
   location / {
       proxy_pass http://localhost:7878/;
       proxy_set_header Host $http_host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       client_max_body_size 10m;
   }

}

custom

可以修改env设置站点信息和主题

DEFAULT_THEME=guoyi-light
PLUME_LOGO=icons/logo.png

DEFAULT_THEME 必须和 /usr/share/webapps/plume/static/css 下的文件名一致,默认的路径是/usr/share/webapps/plume/static 下。 ## 启动

systemctl enable plume
systemctl start plume