Actions
Support #988
open
DC
DC
Install Pocket ID on FreeBSD
Support #988:
Install Pocket ID on FreeBSD
Description
This is a guide on setting up Pocket ID on FreeBSD 14.
Prepare the Environment¶
- Before installation of the components, make sure everything is up to date using the following command:
pkg update -f && pkg upgrade
Create PostgreSQL Databases and Users¶
- Log in to postgresql user account
su - postgres
- Connect to postgresql database
psql -d template1
- Create a user and database for Pocket ID:
CREATE USER pocketiduser WITH PASSWORD 'SuperSecretPassword' CREATEDB; CREATE DATABASE pocketiddb OWNER pocketiduser;
- Quit postgresql and exit the user:
\q exit
Install Pocket ID¶
- Install the package:
pkg install pocket-id
- Create the key file:
openssl rand -base64 32 > /usr/local/etc/pocket-id.key
- Edit the config:
vi /usr/local/etc/pocket-id.env
- And add the following:
APP_URL=https://oauth2.example.com ENCRYPTION_KEY_FILE=/usr/local/etc/pocket-id.key DB_PROVIDER=postgres DB_CONNECTION_STRING=postgres://pocketiduser:SuperSecretPassword@localhost:5432/pocketiddb
- And add the following:
- Set the permissions for the config and key file:
chown pocket-id:pocket-id /usr/local/etc/pocket-id.env chown pocket-id:pocket-id /usr/local/etc/pocket-id.key chmod 600 /usr/local/etc/pocket-id.key
- Start and enable on boot:
sysrc pocket_id_enable=YES service pocket-id start
NOTE : I needed to edit/usr/local/etc/rc.d/pocket-idand change pocket_id_chdir to "/var/db/pocket-id/data".
Nginx Config¶
The config block I used:
server {
listen 80;
server_name pocketid.example.com;
access_log /var/log/nginx/pocketid.example.com-access.log;
error_log /var/log/nginx/pocketid.example.com-error.log;
location /.well-known/acme-challenge {
allow all;
root /usr/local/www/nginx/;
}
}
server {
listen 443 ssl;
server_name pocketid.example.com;
access_log /var/log/nginx/pocketid.example.com-access.log;
error_log /var/log/nginx/pocketid.example.com-error.log;
ssl_certificate /usr/local/etc/letsencrypt/live/pocketid.example.com/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/pocketid.example.com/privkey.pem;
# Configure Strong SSL
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256';
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_prefer_server_ciphers on;
ssl_dhparam /usr/local/etc/nginx/dhparam.pem;
add_header Strict-Transport-Security max-age=63072000;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
client_max_body_size 0;
location / {
set $upstream_app 127.0.0.1;
set $upstream_port 1411;
set $upstream_proto http;
proxy_busy_buffers_size 512k;
proxy_buffers 4 512k;
proxy_buffer_size 256k;
proxy_connect_timeout 600;
proxy_send_timeout 600;
proxy_read_timeout 600;
proxy_pass $upstream_proto://$upstream_app:$upstream_port;
proxy_set_header X-Scheme https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
}
}
Resources¶
DC Updated by Daniel Curtis 1 day ago
- Description updated (diff)
- Status changed from New to In Progress
- % Done changed from 0 to 30
DC Updated by Daniel Curtis about 20 hours ago
- Description updated (diff)
- Status changed from In Progress to Resolved
- % Done changed from 30 to 100
Actions