Support #988
Updated by Daniel Curtis 1 day ago
This is a guide on setting up Pocket ID on FreeBSD 14. h2. Prepare the Environment * Before installation of the components, make sure everything is up to date using the following command: <pre> pkg update -f && pkg upgrade </pre> h3. Create PostgreSQL Databases and Users * Log in to postgresql user account <pre> su - postgres pgsql </pre> * Connect to postgresql database <pre> psql -d template1 </pre> * Create a user and database for Pocket ID: <pre> CREATE USER pocketiduser WITH PASSWORD 'SuperSecretPassword' CREATEDB; CREATE DATABASE pocketiddb OWNER pocketiduser; </pre> * Quit postgresql and exit the user: <pre> \q exit </pre> h2. Install Pocket ID * Install the package: <pre> pkg install pocket-id </pre> * Create the key file: <pre> openssl rand -base64 32 > /usr/local/etc/pocket-id.key </pre> * Edit the config: <pre> vi /usr/local/etc/pocket-id.env </pre> #* And add the following: <pre> APP_URL=https://oauth2.example.com ENCRYPTION_KEY_FILE=/usr/local/etc/pocket-id.key DB_PROVIDER=postgres DB_CONNECTION_STRING=postgres://pocketiduser:SuperSecretPassword@localhost:5432/pocketiddb </pre> * Set the permissions for the config and key file: <pre> chown pocket-id:pocket-id /usr/local/etc/pocket-id.env chown pocket-id:pocket-id /usr/local/etc/pocket-id.key chmod 600 /usr/local/etc/pocket-id.key </pre> * Start and enable on boot: <pre> sysrc pocket_id_enable=YES service pocket-id start </pre> *NOTE* : I needed to edit @/usr/local/etc/rc.d/pocket-id@ and change +pocket_id_chdir+ to "/var/db/pocket-id/data". h3. Nginx Config The config block I used: <pre> server { listen 80; server_name pocketid.example.com; access_log /var/log/nginx/pocketid.example.com-access.log; error_log /var/log/nginx/pocketid.example.com-error.log; location /.well-known/acme-challenge { allow all; root /usr/local/www/nginx/; } } server { listen 443 ssl; server_name pocketid.example.com; access_log /var/log/nginx/pocketid.example.com-access.log; error_log /var/log/nginx/pocketid.example.com-error.log; ssl_certificate /usr/local/etc/letsencrypt/live/pocketid.example.com/fullchain.pem; ssl_certificate_key /usr/local/etc/letsencrypt/live/pocketid.example.com/privkey.pem; # Configure Strong SSL ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256'; ssl_protocols TLSv1.2 TLSv1.3; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_prefer_server_ciphers on; ssl_dhparam /usr/local/etc/nginx/dhparam.pem; add_header Strict-Transport-Security max-age=63072000; add_header X-Frame-Options SAMEORIGIN; add_header X-Content-Type-Options nosniff; client_max_body_size 0; location / { set $upstream_app 127.0.0.1; set $upstream_port 1411; set $upstream_proto http; proxy_busy_buffers_size 512k; proxy_buffers 4 512k; proxy_buffer_size 256k; proxy_connect_timeout 600; proxy_send_timeout 600; proxy_read_timeout 600; proxy_pass $upstream_proto://$upstream_app:$upstream_port; proxy_set_header X-Scheme https; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; } } </pre> h2. Resources * https://github.com/pocket-id/pocket-id * https://www.freshports.org/www/pocket-id * https://pocket-id.org/docs/setup/installation