| 1 |
- [{"content":"Before you install Pixelfed, you will need to setup a webserver with the required dependencies:\nA PHP-FPM server An SQL database server An HTTPS server Composer, for PHP dependency management Git, for fetching updates Redis, for in-memory caching and background task queueing GD, for image processing JPEGOptim, for optimizing JPG OptiPNG, for lossless PNG PNGQuant, for lossy PNG ffmpeg, for generating video thumbnails Shared Hosting\nAt this stage, it\u0026rsquo;s not possible to install Pixelfed by downloading a ZIP file and uploading the files to your web server. This is because Composer needs to run on the command line.\nThis doesn\u0026rsquo;t necessarily mean you need a VPS. Some shared hosts give you SSH access, through which you should be able to install Composer and Pixelfed just fine.\nPHP-FPM [link] You can check your currently installed version of PHP-FPM by running php-fpm -v. Make sure you are running PHP \u0026gt;= 8.1.\nYou can check your currently loaded extensions by running php-fpm -m. Modules are usually enabled by editing your PHP configuration file and uncommenting the appropriate lines under the \u0026ldquo;Dynamic extensions\u0026rdquo; section. Make sure the following extensions are installed and loaded:\nbcmath ctype curl exif gd iconv intl json mbstring openssl redis tokenizer xml zip Additionally, you will need to enable extensions for database drivers:\nFor MySQL or MariaDB: enable pdo_mysql and mysqli For PostgreSQL: enable pdo_pgsql and pgsql Finally, make sure to set the desired upload limits for your PHP processes. You will want to check the following:\npost_max_size (default 8M, set this around or slightly greater than your desired post size limit) file_uploads (default On, which it needs to be) upload_max_filesize (default 2M, set this \u0026lt;= post_max_size) max_file_uploads (default 20, but make sure it is \u0026gt;= your desired attachment limit) max_execution_time (default 30, consider raising this to 600 or more so that longer tasks aren\u0026rsquo;t interrupted) Instagram imports\nInstagram imports are also affected by these settings. If you enable imports, you will want to raise post_max_size to the maximum size you expect an Instagram archive to be, upload_max_filesize to the maximum size you expect individual Instagram photos to be, and max_file_uploads to the maximum number of photos (not posts) you\u0026rsquo;d expect an Instagram archive to contain.\nDatabase [link] You can choose one of three supported database drivers for Laravel 9, the framework used by Pixelfed:\nMySQL (5.7+) MariaDB (10.3+) PostgreSQL (10+) You will need to create a database and grant permission to an SQL user identified by a password. To do this with MySQL or MariaDB, do the following:\nsudo mysql -u root -p You can then create a database and grant privileges to your SQL user. The following SQL commands will create a database named pixelfed and allow it to be managed by a user pixelfed with password strong_password:\n1create database pixelfed; 2grant all privileges on pixelfed.* to \u0026#39;pixelfed\u0026#39;@\u0026#39;localhost\u0026#39; identified by \u0026#39;strong_password\u0026#39;; 3flush privileges; To do this with PostgreSQL instead, do the following:\nsudo -u postgres psql Once in the psql shell, do the following:\nCREATE USER pixelfed CREATEDB; \\q Changing database drivers\nIf you decide to change database drivers later, please run a backup first! You can do this with php artisan backup:run --only-db\nHTTP Web server [link] The following web servers are officially supported:\nApache (with mod_rewrite enabled) nginx Pixelfed uses HTTPS URIs, so you will need to have HTTPS set up at the perimeter of your network before you proxy requests internally.\nCreating a dedicated app-user and using UNIX sockets (optional) [link] For added security, you may want to create a dedicated user specifically for running Pixelfed. To do this:\nuseradd -rU -s /bin/bash pixelfed Configuring PHP-FPM pool and socket [link] cd /etc/php/php-fpm.d/ cp www.conf pixelfed.conf $EDITOR pixelfed.conf Where to define custom PHP-FPM pools\nThe exact directory you should cd to will vary according to your distribution:\nArch Linux uses /etc/php/php-fpm.d Debian and Ubuntu use /etc/php/8.1/fpm/pool.d/ (dependent on PHP version) For other distributions, check your php-fpm.conf to see where exactly you can define *.conf with include= Make the following changes to the PHP-FPM pool:\n; use the username of the app-user as the pool name, e.g. pixelfed [pixelfed] user = pixelfed group = pixelfed ; to use a tcp socket, e.g. if running php-fpm on a different machine than your app: ; (note that the port 9001 is used, since php-fpm defaults to running on port 9000;) ; (however, the port can be whatever you want) ; listen = 127.0.0.1:9001; ; but it\u0026#39;s better to use a socket if you\u0026#39;re running locally on the same machine: listen = /run/php-fpm/pixelfed.sock listen.owner = http listen.group = http listen.mode = 0660 ; [...] Configuring Redis socket [link] Edit redis.conf and edit the following lines:\nport 6379 # change this to \u0026#34;port 0\u0026#34; to disable network packets unixsocket /run/redis/redis.sock # unixsocketperm 770 # give permission to \u0026#34;redis\u0026#34; user and group Where to find redis.conf\nThe exact location will vary according to your distribution:\nArch Linux uses /etc/redis.conf Debian and Ubuntu use /etc/redis/redis.conf For other distributions, check your documentation ","href":"https://docs.pixelfed.org/running-pixelfed/prerequisites/","title":"Preparing your machine"},{"content":" Requirements [link] Git PHP Composer Node npm Database MariaDB MySQL PostgreSQL Redis Development Setup [link] For local/non-production use only.\ngit clone https://github.com/pixelfed/pixelfed cd pixelfed composer install php artisan install php artisan serve The development server will start on: http://localhost:8000\n","href":"https://docs.pixelfed.org/developing-pixelfed/intro/","title":"Setting up your environment"},{"content":"Currently there are tests in place for the Laravel components. These can be run with the following command.\nphp artisan test Further reading: Testing with Laravel\n","href":"https://docs.pixelfed.org/developing-pixelfed/testing/","title":"Running tests locally"},{"content":"Make sure you have all prerequisites installed and the appropriate services running/enabled before continuing.\nSetting up Pixelfed files [link] Download source via Git [link] Pixelfed Beta currently uses the dev branch for deployable code. When v1.0 is released, the stable branch will be changed to stable, with dev branch being used for development and testing.\ncd /usr/share/webapps # or wherever you choose to install web applications git clone -b dev https://github.com/pixelfed/pixelfed.git pixelfed # checkout dev branch into \u0026#34;pixelfed\u0026#34; folder Set correct permissions [link] Your web server and app processes need to be able to write to the Pixelfed directory. Make sure to set the appropriate permissions. For example, if you are running your processes through the http user/group, then run the following:\ncd pixelfed sudo chown -R http:http . # change user/group to http user and http group sudo find . -type d -exec chmod 755 {} \\; # set all directories to rwx by user/group sudo find . -type f -exec chmod 644 {} \\; # set all files to rw by user/group User and group permissions\nMake sure to use the correct user/group name for your system. This may be http, www-data, or pixelfed (if using a dedicated user).\nInitialize PHP dependencies [link] Run composer install to fetch the dependencies needed by Pixelfed. It is recommended to run with the following flags:\ncomposer install --no-ansi --no-interaction --optimize-autoloader Configure environment variables [link] By default Pixelfed comes with a .env.example file for production deployments, and a .env.testing file for debug deployments. You\u0026rsquo;ll need to rename or copy one of these files to .env regardless of which environment you\u0026rsquo;re working on.\ncp .env.example .env # for production deployments cp .env.testing .env # for debug deployments You can now edit .env and change values for your setup.\nList of environment variables\nYou can find a list of additional configuration settings in-depth on the Configuration page, but the important variables will be listed in the below subsections.\nApp variables [link] Set APP_NAME to your desired title, e.g. Pixelfed. This will be shown in the header bar and other places. Ensure that APP_DEBUG is false for production environments, or true for debug environments. Set your APP_URL to the HTTPS URL that you wish to serve Pixelfed through, e.g. https://pixelfed.example Set APP_DOMAIN, ADMIN_DOMAIN, and SESSION_DOMAIN to the domain name you will be using for Pixelfed, e.g. pixelfed.example Database variables [link] By default, the values provided will allow connecting to MySQL or MariaDB over the default localhost TCP connection.\nIf you are running Postgres:\nSet DB_CONNECTION to pgsql instead of mysql. If you are running your SQL server on a different machine or port:\nSet DB_HOST to the IP of the machine Set DB_PORT to the port on which your database server is exposed Alternatively, if you are using a Unix socket:\nSet DB_SOCKET to the path of the socket, e.g. /run/mysqld/mysqld.sock To connect to the database you created:\nSet DB_DATABASE to the name of the database created for Pixelfed Set DB_USERNAME to the user that was granted privileges for that database Set DB_PASSWORD to the password that identifies the user with privileges to the database Redis variables [link] If you are running Redis over TCP on the same machine as Pixelfed, then the default settings will work.\nIf you are running Redis on another machine:\nSet REDIS_HOST to the IP of the machine your Redis server is running on Set REDIS_PORT to the port on which Redis is exposed Set REDIS_PASSWORD to the password of that Redis server If you are using a Unix socket for Redis, then:\nSet REDIS_SCHEME to unix Set REDIS_HOST to the path of the socket, e.g. /run/redis/redis.sock Set REDIS_PORT to 0 TCP server vs. Unix socket\nRedis usually comes pre-configured to listen for TCP requests on the local machine over port 6379. In your Redis configuration, typically at /etc/redis.conf, the relevant lines are bind 127.0.0.1 and port 6379.\nChanging the latter line to port 0 will disable TCP listening, in which case Redis must be configured for socket access. Lines such as unixsocket /run/redis/redis.sock and unixsocketperm 770 must be set to enable socket access. Additionally, both the app user and web user should have permission to access the socket, e.g. by being added to the redis group.\nUsing a Unix socket is optional, but may provide faster access since it does not have to create TCP packets. TCP is usually used over a network, and would be required if Redis were running on a different machine than your web server.\nEmail variables [link] By default, Pixelfed will not send any emails, but will instead write messages to the Laravel log.\nTo setup a mailer for production deployments, you have several options for supported mail services. Pixelfed currently supports SMTP, Mailgun, Postmark, Amazon SES, and sendmail for sending emails to users.\nSet MAIL_FROM_ADDRESS to the email address you want to send from Set MAIL_FROM_NAME to the name you want to appear on emails Set MAIL_ENCRYPTION to tls in order to have emails be properly delivered SMTP (Mailtrap) [link] Set up your SMTP server. Or, create an account with Mailtrap.\nSet MAIL_DRIVER to smtp Set MAIL_HOST to your host, e.g. smtp.mailtrap.io Set MAIL_PORT to your port, e.g. 587 or 2525 Set MAIL_USERNAME and MAIL_PASSWORD if your SMTP server requires authorization. (Mailtrap.io does not.) Mailgun [link] Create an account with Mailgun.\nSet MAIL_DRIVER to mailgun Set MAIL_HOST to smtp.mailgun.org Set MAIL_PORT to 587 Set MAIL_USERNAME to your Mailgun domain Set MAIL_PASSWORD to your Mailgun API key If you are not using the \u0026ldquo;US\u0026rdquo; Mailgun region, you may define your region\u0026rsquo;s endpoint in the services.php configuration file located in the config/ directory:\n\u0026#39;mailgun\u0026#39; =\u0026gt; [ \u0026#39;domain\u0026#39; =\u0026gt; env(\u0026#39;MAILGUN_DOMAIN\u0026#39;), \u0026#39;secret\u0026#39; =\u0026gt; env(\u0026#39;MAILGUN_SECRET\u0026#39;), \u0026#39;endpoint\u0026#39; =\u0026gt; \u0026#39;api.eu.mailgun.net\u0026#39;, ], Postmark [link] To use the Postmark driver, install Postmark\u0026rsquo;s SwiftMailer transport via Composer:\ncomposer require wildbit/swiftmailer-postmark Next, install Guzzle and set the driver option in your config/mail.php configuration file to postmark. Finally, verify that your config/services.php configuration file contains the following options:\n\u0026#39;postmark\u0026#39; =\u0026gt; [ \u0026#39;token\u0026#39; =\u0026gt; \u0026#39;your-postmark-token\u0026#39;, ], Amazon SES [link] Create an account with Amazon AWS.\nSet MAIL_DRIVER to ses Set SES_KEY Set SES_SECRET Set SES_REGION (if not using the default of us-east-1) sendmail [link] Set MAIL_DRIVER to sendmail Additional variables [link] If you are using ImageMagick, then:\nSet IMAGE_DRIVER to imagick If you want to enable ActivityPub federation:\nSet ACTIVITY_PUB to true Set AP_REMOTE_FOLLOW to true If you want to enable OAuth support for external clients:\nSet OAUTH_ENABLED to true Setting up services [link] One-time setup tasks [link] One time only, you need to generate the secret APP_KEY:\nphp artisan key:generate One time only, the storage/ directory must be linked to the application:\nphp artisan storage:link Database migrations must be run:\nphp artisan migrate --force If you want to enable support for location data:\nphp artisan import:cities If you enabled ActivityPub federation:\nphp artisan instance:actor If you enabled OAuth:\nphp artisan passport:keys Routes should be cached whenever the source code changes or whenever you change routes:\nphp artisan route:cache php artisan view:cache Every time you edit your .env file, you must run this command to have the changes take effect:\nphp artisan config:cache Running Pixelfed without a cache\nIt is possible to not use a cache by not running the above cache commands, but it is recommended to run these for production deployments. If you choose not to run these commands, then you can freely edit the .env file and source code instead, and your changes will be reflected instantly, but performance may take a slight hit. You can also undo these commands by running :clear commands:\nphp artisan route:clear php artisan view:clear php artisan config:clear Job queueing [link] Pixelfed supports both Laravel Horizon and Queue Workers to power the job queue. The main difference between Horizon and Queue Worker is the dashboard provided by Horizon as well as advanced load balancing. We recommend using Horizon. Horizon provides a beautiful dashboard which allows you to easily monitor key metrics of your queue system such as job throughput, runtime, and job failures.\nUsing Laravel Horizon [link] If you want admins to be able to access the Horizon web dashboard, you will need to run the following commands:\nphp artisan horizon:install php artisan horizon:publish If your user has the correct permissions to access Redis and the Pixelfed installation folder, then you can simply run php artisan horizon as that user in a terminal. This may be fine, but if you close the terminal then Horizon will also be terminated. Running directly is recommended only in deployments where a terminal can run uninterrupted, e.g. in a VM or using a utility such as GNU Screen or tmux.\nIf you are running in production, it is more ideal to create a background service for running Pixelfed\u0026rsquo;s task queue. You will need to use a task manager like systemd or Supervisor. For more information, refer to the Laravel Documentation.\nMost distributions will already come with systemd, so you may set up this unit file at /etc/systemd/system/pixelfed.service:\n[Unit] Description=Pixelfed task queueing via Laravel Horizon After=network.target Requires=mariadb Requires=php-fpm Requires=redis Requires=nginx [Service] Type=simple ExecStart=/usr/bin/php /usr/share/webapps/pixelfed/artisan horizon User=http Restart=on-failure [Install] WantedBy=multi-user.target Using correct paths and service names\nThe example above assumes you are using MariaDB and Nginx, that your distribution\u0026rsquo;s PHP packages do not have versioned names, and that your distribution uses the http user to serve Nginx. It also assumes that you have installed Pixelfed in /usr/share/webapps/pixelfed in accordance with the rest of the installation process documentation. Some changes you may need to make include:\nReplacing mariadb with postgresql or mysql Replacing php-fpm with your distro\u0026rsquo;s PHP-FPM package name, e.g. php8.1-fpm Replacing nginx with apache, or replacing Requires with Wants if you are not running in a production environment Replacing /usr/bin/php or /usr/share/webapps/pixelfed/artisan with the correct paths, e.g. /usr/bin/php8.1 or /path/to/pixelfed/artisan Replacing User=http to reflect the app user, e.g. User=pixelfed or commenting this line in order to run in the system slice. You can now use systemd to manage Pixelfed like any other background service:\nsudo systemctl enable --now pixelfed Alternatively, if you do not wish to use systemd, then you can install Supervisor and create this sample Supervisor configuration file at /etc/supervisor/conf.d/pixelfed.conf, making sure to use the correct path to your Pixelfed installation and the appropriate app-user:\n[program:pixelfed] command=/usr/bin/php /usr/share/webapps/pixelfed/artisan horizon user=http autorestart=true redirect_stderr=true stdout_logfile=/usr/share/webapps/pixelfed/horizon.log stopwaitsecs=3600 Using correct paths\nYou may need to replace /usr/bin/php or /usr/share/webapps/pixelfed/artisan with the correct paths, e.g. /usr/bin/php8.1 or /path/to/pixelfed/artisan\nYou will then need to run these commands:\nsudo supervisorctl reread sudo supervisorctl update sudo supervisorctl start pixelfed Using Queue Worker [link] Pixelfed also includes a queue worker that will process new jobs as they are pushed onto the queue. You may run the worker using the queue:work command. Note that once the command has started, it will continue to run until it is manually stopped or you close your terminal:\nphp artisan queue:work Again, you can use Supervisor or systemd as described above, substituting horizon for queue:work.\nScheduling periodic tasks [link] The task scheduler is used to run periodic commands in the background, such as media optimization, garbage collection, and other time-based tasks that should be run every once in a while.\nTo set up scheduled tasks using Cron:\nEDITOR=nano crontab -e Paste the following cronjob into your crontab:\n* * * * * /usr/bin/php /usr/share/webapps/pixelfed/artisan schedule:run \u0026gt;\u0026gt; /dev/null 2\u0026gt;\u0026amp;1 Using correct paths\nYou may need to replace /usr/bin/php or /usr/share/webapps/pixelfed/artisan with the correct paths, e.g. /usr/bin/php7.3 or /path/to/pixelfed/artisan\nHandling web requests [link] To translate HTTPS web requests to PHP workers, you will need to configure a reverse proxy.\nApache [link] Pixelfed includes a public/.htaccess file that is used to provide URLs without the index.php front controller in the path. Before serving Pixelfed with Apache, be sure to enable the mod_rewrite module in your Apache configuration so the .htaccess file will be honored by the server.\nIf the .htaccess file that ships with Pixelfed does not work with your Apache installation, try this alternative:\nOptions +FollowSymLinks -Indexes RewriteEngine On RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] Nginx [link] Pixelfed includes a sample NGINX configuration at contrib/nginx.conf. You can copy the contents of this file or include it within your nginx.conf. Take note of the comments, and make sure to set the correct domain name and root path.\nserver { listen 443 ssl http2; listen [::]:443 ssl http2; server_name pixelfed.example; # change this to your fqdn root /usr/share/webapps/pixelfed/public; # path to repo/public ssl_certificate /etc/nginx/ssl/server.crt; # generate your own ssl_certificate_key /etc/nginx/ssl/server.key; # or use letsencrypt ssl_protocols TLSv1.2; ssl_ciphers EECDH+AESGCM:EECDH+CHACHA20:EECDH+AES; ssl_prefer_server_ciphers on; add_header X-Frame-Options \u0026#34;SAMEORIGIN\u0026#34;; add_header X-XSS-Protection \u0026#34;1; mode=block\u0026#34;; add_header X-Content-Type-Options \u0026#34;nosniff\u0026#34;; index index.html index.htm index.php; charset utf-8; client_max_body_size 15M; # or your desired limit location / { try_files $uri $uri/ /index.php?$query_string; } location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { access_log off; log_not_found off; } error_page 404 /index.php; location ~ \\.php$ { fastcgi_split_path_info ^(.+\\.php)(/.+)$; fastcgi_pass unix:/run/php-fpm/php-fpm.sock; # make sure this is correct fastcgi_index index.php; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; # or $request_filename } location ~ /\\.(?!well-known).* { deny all; } } server { # Redirect http to https server_name pixelfed.example; # change this to your fqdn listen 80; listen [::]:80; return 301 https://$host$request_uri; } FastCGI path\nMake sure to use the correct fastcgi_pass socket path for your distribution and version of PHP-FPM. For example, on Arch, this is /run/php-fpm/php-fpm.sock, but on Ubuntu it may be /run/php/php8.1-fpm.sock, on Debian it may be /var/run/php/php8.1-fpm.sock, and so on. If you have configured a PHP server over TCP, you may also pass to its IP and port, e.g. localhost:9000 by default.\nNginx web root\nMake sure to use the /public folder as your server root. For example:\nserver { root /var/www/pixelfed/public; If you set root to the install directory (example: root /var/www/pixelfed;) Pixelfed will not work.\nNginx client max body size\nMake sure to set an appropriate client_max_body_size setting in the nginx.conf file. Set this slightly greater than your desired post size limit for file uploads. The nginx.conf file location will vary based on your server. /etc/nginx/nginx.conf\nExample:http {client_max_body_size 9m;}\nObtaining an HTTPS certificate [link] For testing deployments, you may generate a self-signed SSL certificate. For example:\nsudo mkdir /etc/nginx/ssl sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt For production deployments, you will need to obtain a certificate from a certificate authority. You may automate certification from LetsEncrypt, a free certificate authority, by using a utility such as EFF Certbot or acme.sh.\nSample usage of certbot:\ncertbot --nginx -d pixelfed.example ","href":"https://docs.pixelfed.org/running-pixelfed/installation/","title":"Generic installation guide"},{"content":" Updating Pixelfed [link] After you have installed Pixelfed, you may update to the latest commits by pulling the dev branch and doing necessary updates/migration/caching:\ncd /path/to/pixelfed git pull origin dev composer install php artisan config:cache php artisan route:cache php artisan migrate --force Artisan commands [link] User management [link] user:admin\tMake a user an admin, or remove admin privileges. user:create\tCreate a new user user:delete\tDelete account user:show\tShow user info user:suspend\tSuspend a local user. user:unsuspend\tUnsuspend a local user. user:table\tDisplay latest users For example, you can give a user the admin role with the following command:\nphp artisan user:admin username_here Fix accounts with reserved names [link] You can run this command to fix accounts created before that username was reserved.\nphp artisan fix:usernames Remove unused media [link] With this command you can trigger the garbage collection on the media files. This frees up disk space. All files being older than one hour and which are not used in any status are removed.\nphp artisan media:gc Create an OAuth client [link] You can create an OAuth client from the command line using this command:\nphp artisan passport:client --personal ","href":"https://docs.pixelfed.org/running-pixelfed/administration/","title":"Administering your website"},{"content":" Installing and Configuring Nginx-RTMP [link] Begin by running the following commands as a non-root user to update your package listings and install the Nginx module:\nsudo apt update sudo apt install libnginx-mod-rtmp Installing the module won’t automatically start providing a stream. You’ll need to add a configuration block to your Nginx configuration file that defines where and how the stream will be available.\nUsing nano or your favorite text editor, open Nginx’s main configuration file, /etc/nginx/nginx.conf, and add this configuration block to the end of the file:\nsudo nano /etc/nginx/nginx.conf Make sure you edit lines 16, 17 with your domain (leave http:// and the path as is), and line 29 with the path to your storage/app/public/live-hls directory\nrtmp { server { listen 1935; chunk_size 4096; application live { live on; record off; interleave on; wait_key on; deny play all; push rtmp://127.0.0.1:1935/hls-live flashver=FMLE/3.0; on_publish http://localhost/api/live/broadcast/publish; on_publish_done http://localhost/api/live/broadcast/finish; } application hls-live { live on; hls on; interleave on; deny play all; allow publish 127.0.0.1; deny publish all; hls_path /home/pixelfed/storage/app/public/live-hls; hls_nested on; hls_fragment 5s; hls_playlist_length 30s; hls_fragment_naming system; } } } Save and close the file. If you are using nano, press Ctrl+X, then when prompted, Y and Enter.\nThis provides the beginning of your RTMP configuration. By default, it listens on port 1935, which means you’ll need to open that port in your firewall. If you configured ufw as part of your initial server setup run the following command.\nsudo ufw allow 1935/tcp Now you can reload Nginx with your changes:\nsudo systemctl reload nginx.service You should now have a working RTMP server. In the next section, we’ll configure the environment settings.\nConfigure Livestreaming Settings [link] Now you have the RTMP server setup, you can proceed to add the following environment variables to your .env file.\nBasic configuration [link] // Enable Pixelfed Live HLS_LIVE=true // RTMP server domain HLS_LIVE_HOST=pixelfed.social // Enable livestreaming from the Pixelfed Live app HLS_LIVE_BROADCAST_SOURCE_APP=true Advanced configuration [link] In addition to the basic configuration variables, the following variables can be used optionally\nStream Limits [link] // Max concurrent live streams HLS_LIVE_BROADCAST_MAX_ACTIVE=10 // Max stream duration in minutes HLS_LIVE_BROADCAST_MAX_DURATION=60 User Limits [link] Advanced control over who can livestream\n// Enable broadcast limits HLS_LIVE_BROADCAST_LIMITS=true // Only allow users with over 1000 followers to go live HLS_LIVE_BROADCAST_LIMITS_MIN_FOLLOWERS=1000 // Only allow users with accounts older than 90 days to go live HLS_LIVE_BROADCAST_LIMITS_MIN_ACCOUNT_AGE=90 // Only allow admin accounts to go live HLS_LIVE_BROADCAST_LIMITS_ADMINS_ONLY=true ","href":"https://docs.pixelfed.org/running-pixelfed/optional-features/livestreaming/","title":"Livestreaming (Pixelfed Live)"},{"content":" When using websockets as a Pusher replacement without having used Pusher before, it does not matter what you set as your PUSHER_ variables. Just make sure they are unique and not empty. Pusher Configuration [link] When broadcasting events from your Pixelfed server to your WebSocket server, the default behavior is to send the event information to the official Pusher server. But since the Pixelfed WebSockets package comes with its own Pusher API implementation, we need to tell Pixelfed to send the events to our own server.\nTo do this, you should add the host and port configuration key to your config/broadcasting.php and add it to the pusher section. The default port of the Pixelfed WebSocket server is 6001.\n\u0026#39;pusher\u0026#39; =\u0026gt; [ \u0026#39;driver\u0026#39; =\u0026gt; \u0026#39;pusher\u0026#39;, \u0026#39;key\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_KEY\u0026#39;), \u0026#39;secret\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_SECRET\u0026#39;), \u0026#39;app_id\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_ID\u0026#39;), \u0026#39;options\u0026#39; =\u0026gt; [ \u0026#39;cluster\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_CLUSTER\u0026#39;), \u0026#39;encrypted\u0026#39; =\u0026gt; true, \u0026#39;host\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_HOST\u0026#39;, \u0026#39;127.0.0.1\u0026#39;), \u0026#39;port\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_PORT\u0026#39;, 6001), \u0026#39;scheme\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_SCHEME\u0026#39;, \u0026#39;http\u0026#39;), \u0026#39;curl_options\u0026#39; =\u0026gt; [ CURLOPT_SSL_VERIFYHOST =\u0026gt; 0, CURLOPT_SSL_VERIFYPEER =\u0026gt; 0, ], ], ], Starting the WebSocket server [link] Once you have configured your WebSocket apps and Pusher settings, you can start the Pixelfed WebSocket server by issuing the artisan command:\nphp artisan websockets:serve Using a different port [link] The default port of the Pixelfed WebSocket server is 6001. You may pass a different port to the command using the --port option.\nphp artisan websockets:serve --port=3030 This will start listening on port 3030.\nRestricting the listening host [link] By default, the Pixelfed WebSocket server will listen on 0.0.0.0 and will allow incoming connections from all networks. If you want to restrict this, you can start the server with a --host option, followed by an IP.\nFor example, by using 127.0.0.1, you will only allow WebSocket connections from localhost.\nphp artisan websockets:serve --host=127.0.0.1 Restarting Server [link] If you use Supervisor to keep your server alive, you might want to restart it just like queue:restart does.\nTo do so, consider using the websockets:restart. In a maximum of 10 seconds since issuing the command, the server will be restarted.\nphp artisan websockets:restart SSL Support [link] Since most of the web\u0026rsquo;s traffic is going through HTTPS, it\u0026rsquo;s also crucial to secure your WebSocket server. Luckily, adding SSL support to this package is really simple.\nConfiguration [link] The SSL configuration takes place in your config/websockets.php file.\nThe default configuration has a SSL section that looks like this:\n\u0026#39;ssl\u0026#39; =\u0026gt; [ \u0026#39;local_cert\u0026#39; =\u0026gt; env(\u0026#39;LARAVEL_WEBSOCKETS_SSL_LOCAL_CERT\u0026#39;, null), \u0026#39;capath\u0026#39; =\u0026gt; env(\u0026#39;LARAVEL_WEBSOCKETS_SSL_CA\u0026#39;, null), \u0026#39;local_pk\u0026#39; =\u0026gt; env(\u0026#39;LARAVEL_WEBSOCKETS_SSL_LOCAL_PK\u0026#39;, null), \u0026#39;passphrase\u0026#39; =\u0026gt; env(\u0026#39;LARAVEL_WEBSOCKETS_SSL_PASSPHRASE\u0026#39;, null), \u0026#39;verify_peer\u0026#39; =\u0026gt; env(\u0026#39;APP_ENV\u0026#39;) === \u0026#39;production\u0026#39;, \u0026#39;allow_self_signed\u0026#39; =\u0026gt; env(\u0026#39;APP_ENV\u0026#39;) !== \u0026#39;production\u0026#39;, ], But this is only a subset of all the available configuration options.\nThis packages makes use of the official PHP SSL context options.\nSo if you find yourself in the need of adding additional configuration settings, take a look at the PHP documentation and simply add the configuration parameters that you need.\nAfter setting up your SSL settings, you can simply (re)start your WebSocket server using:\nphp artisan websockets:serve Server configuration [link] When broadcasting events from your Pixelfed server to the WebSocket server, you also need to tell Pixelfed to make use of HTTPS instead of HTTP. You can do this by setting the PUSHER_APP_SCHEME variable to https\nPUSHER_APP_SCHEME=https Your connection from config/broadcasting.php would look like this:\n\u0026#39;pusher\u0026#39; =\u0026gt; [ \u0026#39;driver\u0026#39; =\u0026gt; \u0026#39;pusher\u0026#39;, \u0026#39;key\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_KEY\u0026#39;), \u0026#39;secret\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_SECRET\u0026#39;), \u0026#39;app_id\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_ID\u0026#39;), \u0026#39;options\u0026#39; =\u0026gt; [ \u0026#39;cluster\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_CLUSTER\u0026#39;), \u0026#39;encrypted\u0026#39; =\u0026gt; true, \u0026#39;host\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_HOST\u0026#39;, \u0026#39;127.0.0.1\u0026#39;), \u0026#39;port\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_PORT\u0026#39;, 6001), \u0026#39;scheme\u0026#39; =\u0026gt; env(\u0026#39;PUSHER_APP_SCHEME\u0026#39;, \u0026#39;http\u0026#39;), ], ], Since the SSL configuration can vary quite a lot, depending on your setup, let\u0026rsquo;s take a look at the most common approaches.\nUsage with a reverse proxy (like Nginx) [link] Alternatively, you can also use a proxy service - like Nginx, HAProxy or Caddy - to handle the SSL configurations and proxy all requests in plain HTTP to your echo server.\nA basic Nginx configuration would look like this, but you might want to tweak the SSL parameters to your liking.\nserver { listen 443 ssl; listen [::]:443 ssl; server_name socket.yourapp.tld; # Start the SSL configurations ssl on; ssl_certificate /etc/letsencrypt/live/socket.yourapp.tld/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/socket.yourapp.tld/privkey.pem; location / { proxy_pass http://127.0.0.1:6001; proxy_read_timeout 60; proxy_connect_timeout 60; proxy_redirect off; # Allow the use of websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection \u0026#39;upgrade\u0026#39;; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } You can now talk HTTPS to socket.yourapp.tld. You would configure your config/broadcasting.php like the example above, treating your socket server as an https endpoint.\nSame location for websockets and web contents [link] To have the websockets be served at the same location and port as your other web content, Nginx can be taught to map incoming requests based on their type to special sub-locations.\nmap $http_upgrade $type { default \u0026#34;web\u0026#34;; websocket \u0026#34;ws\u0026#34;; } server { # Your default configuration comes here... location / { try_files /nonexistent @$type; } location @web { try_files $uri $uri/ /index.php?$query_string; } location @ws { proxy_pass http://127.0.0.1:6001; proxy_set_header Host $host; proxy_read_timeout 60; proxy_connect_timeout 60; proxy_redirect off; # Allow the use of websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection \u0026#39;upgrade\u0026#39;; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } This configuration is useful if you do not want to open multiple ports or you are restricted to which ports are already opened on your server. Alternatively, a second Nginx location can be used on the server-side, while the Pusher configuration wsPath can be used on the client-side (note: \u0026quot;pusher-js\u0026quot;: \u0026quot;\u0026gt;=4.2.2\u0026quot; is required for this configuration option).\nserver { # Your default configuration comes here... location /ws { proxy_pass http://127.0.0.1:6001; proxy_set_header Host $host; proxy_read_timeout 60; proxy_connect_timeout 60; proxy_redirect off; # Allow the use of websockets proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection \u0026#39;upgrade\u0026#39;; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } } Nginx worker connections [link] Note that you might need to increase the amount of worker_connections in Nginx. Your WebSocket connections will now be sent to Nginx, which in turn will send those along to the websocket server.\nBy default, that will have a sane limit of 1024 connections. If you are expecting more concurrent connections to your WebSockets, you can increase this in your global nginx.conf.\nevents { worker_connections 1024; } You know you\u0026rsquo;ve reached this limit of your Nginx error logs contain similar messages to these:\n[alert] 1024 worker_connections are not enough while connecting to upstream Remember to restart your Nginx after you\u0026rsquo;ve modified the worker_connections.\nExample using Caddy v2 [link] Caddy can also be used to automatically obtain a TLS certificate from Let\u0026rsquo;s Encrypt and terminate TLS before proxying to your websocket server.\nAn example configuration would look like this:\nsocket.yourapp.tld { @ws { header Connection *Upgrade* header Upgrade websocket } reverse_proxy @ws 127.0.0.1:6001 } Note that you should change 127.0.0.1 to the hostname of your websocket server. For example, if you\u0026rsquo;re running in a Docker environment, this might be the container name of your websocket server.\nDeploying [link] When your application is ready to get deployed, here are some tips to improve your WebSocket server.\nOpen Connection Limit [link] On Unix systems, every user that connects to your WebSocket server is represented as a file somewhere on the system. As a security measurement of every Unix based OS, the number of \u0026ldquo;file descriptors\u0026rdquo; an application may have open at a time is limited - most of the time to a default value of 1024 - which would result in a maximum number of 1024 concurrent users on your WebSocket server.\nIn addition to the OS restrictions, this package makes use of an event loop called \u0026ldquo;stream_select\u0026rdquo;, which has a hard limit of 1024.\nIncreasing the maximum number of file descriptors [link] The operating system limit of open \u0026ldquo;file descriptors\u0026rdquo; can be increased using the ulimit command. The -n option modifies the number of open file descriptors.\nulimit -n 10000 The ulimit command only temporarily increases the maximum number of open file descriptors. To permanently modify this value, you can edit it in your operating system limits.conf file.\nYou are best to do so by creating a file in the limits.d directory. This will work for both Red Hat \u0026amp; Ubuntu derivatives.\n$ cat /etc/security/limits.d/laravel-echo.conf laravel-echo soft nofile 10000 The above example assumes you will run your echo server as the laravel-echo user, you are free to change that to your liking.\nChanging the event loop [link] To make use of a different event loop, that does not have a hard limit of 1024 concurrent connections, you can either install the ev or event PECL extension using:\nsudo pecl install ev # or sudo pecl install event Deploying on Laravel Forge [link] If your are using Laravel Forge for the deployment this article by Alex Bouma might help you out.\nKeeping the socket server running with supervisord [link] The websockets:serve daemon needs to always be running in order to accept connections. This is a prime use case for supervisor, a task runner on Linux.\nFirst, make sure supervisor is installed.\n# On Debian / Ubuntu apt install supervisor # On Red Hat / CentOS yum install supervisor systemctl enable supervisord Once installed, add a new process that supervisor needs to keep running. You place your configurations in the /etc/supervisor/conf.d (Debian/Ubuntu) or /etc/supervisord.d (Red Hat/CentOS) directory.\nWithin that directory, create a new file called websockets.conf.\n[program:websockets] command=/usr/bin/php /home/laravel-echo/laravel-websockets/artisan websockets:serve numprocs=1 autostart=true autorestart=true user=laravel-echo Once created, instruct supervisor to reload its configuration files (without impacting the already running supervisor jobs).\nsupervisorctl update supervisorctl start websockets Your echo server should now be running (you can verify this with supervisorctl status). If it were to crash, supervisor will automatically restart it.\nPlease note that, by default, just like file descriptiors, supervisor will force a maximum number of open files onto all the processes that it manages. This is configured by the minfds parameter in supervisord.conf.\nIf you want to increase the maximum number of open files, you may do so in /etc/supervisor/supervisord.conf (Debian/Ubuntu) or /etc/supervisord.conf (Red Hat/CentOS):\n[supervisord] minfds=10240; (min. avail startup file descriptors;default 1024) After changing this setting, you\u0026rsquo;ll need to restart the supervisor process (which in turn will restart all your processes that it manages).\nCloudflare [link] In some cases, you might use Cloudflare and notice that your production server does not seem to respond to your :6001 port.\nThis is because Cloudflare does not seem to open ports, excepting a few of them.\nTo mitigate this issue, for example, you can run your server on port 2096:\nphp artisan websockets:serve --port=2096 You will notice that the new :2096 websockets server will work properly.\n","href":"https://docs.pixelfed.org/running-pixelfed/optional-features/websockets/","title":"Websockets"},{"content":" Prerequisites [link] Enable the ext-ldap PHP extension in your servers php.ini configuration\nRun the following command in Pixelfed root directory (the one with app, bootstrap, public, storage)\ncomposer require directorytree/ldaprecord-laravel Step 1: Updating user model [link] You need to edit the app/User.php file and add the first two lines\nuse LdapRecord\\Laravel\\Auth\\LdapAuthenticatable; use LdapRecord\\Laravel\\Auth\\AuthenticatesWithLdap; Then change the following line to include implements LdapAuthenticatable\nclass User extends Authenticatable implements LdapAuthenticatable And finally add AuthenticatesWithLdap after the other traits.\nuse Notifiable, SoftDeletes, HasApiTokens, UserRateLimit, HasFactory, AuthenticatesWithLdap; Afterwards your app/User.php file should look like this:\n\u0026lt;?php namespace App; use Laravel\\Passport\\HasApiTokens; use Illuminate\\Notifications\\Notifiable; use Illuminate\\Database\\Eloquent\\SoftDeletes; use Illuminate\\Foundation\\Auth\\User as Authenticatable; use App\\Util\\RateLimit\\User as UserRateLimit; use Illuminate\\Database\\Eloquent\\Factories\\HasFactory; use LdapRecord\\Laravel\\Auth\\LdapAuthenticatable; use LdapRecord\\Laravel\\Auth\\AuthenticatesWithLdap; class User extends Authenticatable implements LdapAuthenticatable { use Notifiable, SoftDeletes, HasApiTokens, UserRateLimit, HasFactory, AuthenticatesWithLdap; /** * The attributes that should be mutated to dates. * * @var array */ protected $dates = [\u0026#39;deleted_at\u0026#39;, \u0026#39;email_verified_at\u0026#39;, \u0026#39;2fa_setup_at\u0026#39;]; Step 2: Configuring session driver [link] Open the config/auth.php file and comment out or delete the following code:\n// Comment out or remove below for LDAP \u0026#39;users\u0026#39; =\u0026gt; [ \u0026#39;driver\u0026#39; =\u0026gt; \u0026#39;eloquent\u0026#39;, \u0026#39;model\u0026#39; =\u0026gt; App\\User::class, ], Insert the following code immediately after the previous lines you commented out or deleted:\n\u0026#39;users\u0026#39; =\u0026gt; [ \u0026#39;driver\u0026#39; =\u0026gt; \u0026#39;ldap\u0026#39;, \u0026#39;model\u0026#39; =\u0026gt; LdapRecord\\Models\\ActiveDirectory\\User::class, \u0026#39;rules\u0026#39; =\u0026gt; [], \u0026#39;database\u0026#39; =\u0026gt; [ \u0026#39;model\u0026#39; =\u0026gt; App\\User::class, \u0026#39;sync_passwords\u0026#39; =\u0026gt; false, \u0026#39;sync_attributes\u0026#39; =\u0026gt; [ \u0026#39;name\u0026#39; =\u0026gt; \u0026#39;cn\u0026#39;, \u0026#39;email\u0026#39; =\u0026gt; \u0026#39;mail\u0026#39;, ], ], ], Step 3: Connecting to LDAP [link] Configure your LDAP server settings.\nAdd the following lines to your .env file and edit to your needs.\nLDAP_LOGGING=true LDAP_CONNECTION=default LDAP_CONNECTIONS=default LDAP_DEFAULT_HOSTS=10.0.0.1 LDAP_DEFAULT_USERNAME=\u0026#34;cn=admin,dc=local,dc=com\u0026#34; LDAP_DEFAULT_PASSWORD=secret LDAP_DEFAULT_PORT=389 LDAP_DEFAULT_BASE_DN=\u0026#34;dc=local,dc=com\u0026#34; LDAP_DEFAULT_TIMEOUT=5 LDAP_DEFAULT_SSL=false LDAP_DEFAULT_TLS=false Step 4: Finishing Up! [link] You\u0026rsquo;re almost ready! The last thing you need to do is flush the configuration cache by running\nphp artisan config:cache You are now ready to login via LDAP!\nTo test your connection you can run\nphp artisan ldap:test ","href":"https://docs.pixelfed.org/running-pixelfed/optional-features/ldap-authentication/","title":"LDAP Authentication"},{"content":" Horizon is not working [link] This means that your permissions are wrong somewhere. Make sure that you have run php artisan horizon as a user that has access to both your repo and to Redis.\nHorizon seems to be working, but it\u0026rsquo;s still showing as inactive. [link] Run either php artisan package:discover or composer install, then run php artisan horizon:install then php artisan route:cache. Restart your systemd service or restart Horizon. It should now show as active.\nApps using OAuth login show \u0026ldquo;Something went wrong\u0026rdquo; page [link] First, check that OAUTH_ENABLE=1 is set in .env. If the problem persists, try php artisan passport:install to regenerate the storage/oauth-private.key file.\n419 Session Expired error [link] Make sure you have SESSION_DOMAIN, APP_URL and APP_DOMAIN set in your .env.\n","href":"https://docs.pixelfed.org/running-pixelfed/troubleshooting/","title":"Troubleshooting"},{"content":" WIP\nThis document is not yet finished.\nPixelfed largely follows the ActivityPub server-to-server specification but it makes uses of some non-standard extensions, some of which are required for interacting with Pixelfed at all.\n[[toc]]\nCaveats [link] TLS \u0026amp; URL Validation [link] In Pixelfed, all activity object uris MUST begin with https://\nsharedInbox [link] In Pixelfed, users have an inbox and a communal sharedInbox. Other implementations MAY consolidate activity delivery to the sharedInbox rather than each individual user inbox.\nInstance Actor [link] An instance-wide actor is used in Pixelfed to sign GET requests to remote instances. The actor type is Application to differentiate from the Person type typically used by regular accounts.\n{ \u0026#34;@context\u0026#34;: \u0026#34;https://www.w3.org/ns/activitystreams\u0026#34;, \u0026#34;id\u0026#34;: \u0026#34;https://example.org/i/actor\u0026#34;, \u0026#34;type\u0026#34;: \u0026#34;Application\u0026#34;, \u0026#34;inbox\u0026#34;: \u0026#34;https://example.org/i/actor/inbox\u0026#34;, \u0026#34;outbox\u0026#34;: \u0026#34;https://example.org/i/actor/outbox\u0026#34;, \u0026#34;preferredUsername\u0026#34;: \u0026#34;example.org\u0026#34;, \u0026#34;publicKey\u0026#34;: { \u0026#34;id\u0026#34;: \u0026#34;https://example.org/i/actor#main-key\u0026#34;, \u0026#34;owner\u0026#34;: \u0026#34;https://example.org/i/actor\u0026#34;, \u0026#34;publicKeyPem\u0026#34;: \u0026#34;-----BEGIN PUBLIC KEY-----...\u0026#34; }, \u0026#34;manuallyApprovesFollowers\u0026#34;: true, \u0026#34;url\u0026#34;: \u0026#34;https://example.org/site/kb/instance-actor\u0026#34; } Extensions [link] Webfinger [link] In Pixelfed, users are identified by a username and domain pair (e.g., dansup@example.org). This is used both for discovery and for unambiguously mentioning users across the fediverse. Furthermore, this is part of Pixelfed\u0026rsquo;s database design from its very beginnings.\nAs a result, Pixelfed requires that each ActivityPub actor uniquely maps back to an acct: URI that can be resolved via WebFinger.\nMore information and examples are available at: https://docs.joinmastodon.org/spec/webfinger/\nHTTP Signatures [link] In order to authenticate activities, Pixelfed relies on HTTP Signatures, signing every POST and GET request to other ActivityPub implementations on behalf of the user authoring an activity (for POST requests) or an actor representing the Pixelfed server itself (for most GET requests).\nPixelfed requires all POST requests to be signed, and MAY require GET requests to be signed, depending on the configuration of the Pixelfed server.\nMore information on HTTP Signatures, as well as examples, can be found here: https://docs.joinmastodon.org/spec/security/#http\nHashtags [link] Hashtags are represented by the type Hashtag and contain a href and name attribute like the example below.\n{ \u0026#34;type\u0026#34;: \u0026#34;Hashtag\u0026#34;, \u0026#34;href\u0026#34;: \u0026#34;https://pixelfed.social/discover/tags/mazda\u0026#34;, \u0026#34;name\u0026#34;: \u0026#34;#mazda\u0026#34; } Groups [link] Posts [link] Posts are represented by the Note type. For more details see the note section.\nProfiles [link] Stories [link] Activity Types [link] All Activity Types inherit the properties of the base Activity type. Some specific Activity Types are subtypes or specializations of more generalized Activity Types.\nAdd [link] Announce [link] Accept [link] Delete [link] Create [link] Indicates that the actor has created the object. Supported object sub-types are Note and Question.\n{ \u0026#34;@context\u0026#34;: \u0026#34;https://www.w3.org/ns/activitystreams\u0026#34;, \u0026#34;id\u0026#34;: \u0026#34;https://example.org/p/dansup/2/activity\u0026#34;, \u0026#34;type\u0026#34;: \u0026#34;Create\u0026#34;, \u0026#34;actor\u0026#34;: \u0026#34;https://example.org/users/dansup\u0026#34;, \u0026#34;object\u0026#34;: { \u0026#34;id\u0026#34;: \u0026#34;https://example.org/p/dansup/2\u0026#34;, \u0026#34;type\u0026#34;: \u0026#34;Note\u0026#34;, \u0026#34;content\u0026#34;: \u0026#34;This was my first IG post too...\u0026#34;, ... } } Follow [link] Like [link] Reject [link] Undo [link] Question [link] Story:Reaction [link] Story:Reply [link] Update [link] View [link] Actor Types [link] Person [link] Object and Link Types [link] Document [link] Image [link] Images are used to represent Status media\n{ \u0026#34;type\u0026#34;: \u0026#34;Image\u0026#34;, \u0026#34;mediaType\u0026#34;: \u0026#34;image/jpeg\u0026#34;, \u0026#34;url\u0026#34;: \u0026#34;https://example.org/s/...8o12Ji1A2x.jpeg\u0026#34;, \u0026#34;name\u0026#34;: null } Note [link] Notes are converted to Status models internally\n{ \u0026#34;@context\u0026#34;: [ \u0026#34;https://www.w3.org/ns/activitystreams\u0026#34;, \u0026#34;https://w3id.org/security/v1\u0026#34;, { \u0026#34;sc\u0026#34;: \u0026#34;http://schema.org#\u0026#34;, \u0026#34;Hashtag\u0026#34;: \u0026#34;as:Hashtag\u0026#34;, \u0026#34;sensitive\u0026#34;: \u0026#34;as:sensitive\u0026#34;, \u0026#34;commentsEnabled\u0026#34;: \u0026#34;sc:Boolean\u0026#34;, \u0026#34;capabilities\u0026#34;: { \u0026#34;announce\u0026#34;: { \u0026#34;@type\u0026#34;: \u0026#34;@id\u0026#34; }, \u0026#34;like\u0026#34;: { \u0026#34;@type\u0026#34;: \u0026#34;@id\u0026#34; }, \u0026#34;reply\u0026#34;: { \u0026#34;@type\u0026#34;: \u0026#34;@id\u0026#34; } }, \u0026#34;toot\u0026#34;: \u0026#34;http://joinmastodon.org/ns#\u0026#34;, \u0026#34;Emoji\u0026#34;: \u0026#34;toot:Emoji\u0026#34; } ], \u0026#34;id\u0026#34;: \u0026#34;https://example.org/p/dansup/2\u0026#34;, \u0026#34;type\u0026#34;: \u0026#34;Note\u0026#34;, \u0026#34;summary\u0026#34;: null, \u0026#34;content\u0026#34;: \u0026#34;This was my first IG post too...\u0026#34;, \u0026#34;inReplyTo\u0026#34;: null, \u0026#34;published\u0026#34;: \u0026#34;2018-06-01T05:16:51+00:00\u0026#34;, \u0026#34;url\u0026#34;: \u0026#34;https://example.org/p/dansup/2\u0026#34;, \u0026#34;attributedTo\u0026#34;: \u0026#34;https://example.org/users/dansup\u0026#34;, \u0026#34;to\u0026#34;: [ \u0026#34;https://www.w3.org/ns/activitystreams#Public\u0026#34; ], \u0026#34;cc\u0026#34;: [ \u0026#34;https://example.org/users/dansup/followers\u0026#34; ], \u0026#34;sensitive\u0026#34;: false, \u0026#34;attachment\u0026#34;: [ { \u0026#34;type\u0026#34;: \u0026#34;Image\u0026#34;, \u0026#34;mediaType\u0026#34;: \u0026#34;image/jpeg\u0026#34;, \u0026#34;url\u0026#34;: \u0026#34;https://example.org/s/...Ji1A2x.jpeg\u0026#34;, \u0026#34;name\u0026#34;: null } ], \u0026#34;tag\u0026#34;: [ { \u0026#34;type\u0026#34;: \u0026#34;Hashtag\u0026#34;, \u0026#34;href\u0026#34;: \u0026#34;https://example.org/discover/tags/mazda\u0026#34;, \u0026#34;name\u0026#34;: \u0026#34;#mazda\u0026#34; }, { \u0026#34;type\u0026#34;: \u0026#34;Hashtag\u0026#34;, \u0026#34;href\u0026#34;: \u0026#34;https://example.org/discover/tags/zoomzoom\u0026#34;, \u0026#34;name\u0026#34;: \u0026#34;#zoomzoom\u0026#34; } ], \u0026#34;commentsEnabled\u0026#34;: false, \u0026#34;capabilities\u0026#34;: { \u0026#34;announce\u0026#34;: \u0026#34;https://www.w3.org/ns/activitystreams#Public\u0026#34;, \u0026#34;like\u0026#34;: \u0026#34;https://www.w3.org/ns/activitystreams#Public\u0026#34;, \u0026#34;reply\u0026#34;: null }, \u0026#34;location\u0026#34;: null } Video [link] Mention [link] Troubleshooting [link] Cloudflare [link] Instances behind cloudflare may experience federation issues depending on the configuration. Check to ensure the /f/sharedInbox\n","href":"https://docs.pixelfed.org/technical-documentation/activitypub/","title":"ActivityPub"},{"content":"Our v1 API is based on the mastodon v1 API. You can reference the Mastodon documentation, we listed the differences below.\nAuthorization [link] We use OAuth for api authentication, you can create an OAuth app or Personal Access Token in the Account Settings on Pixelfed.\nTo create a personal access client :\nAdd OAUTH_ENABLED=true to .env\nphp artisan passport:keys php artisan config:cache php artisan route:cache php artisan passport:client --personal You can then create a new token on this page /settings/applications\nDifferences with Mastodon API [link] Some endpoints return empty arrays as they are not applicable to Pixelfed Link Header Pagination is not supported Custom limits for captions and albums, they are listed on the /api/v1/instance endpoint OAuth Tokens will expire after 15 days, and must be refreshed after that Statuses do not honor the (optional) idempotency-key Libraries [link] PHP [link] dansup/pixelfed-php ","href":"https://docs.pixelfed.org/technical-documentation/api/","title":"API"},{"content":"All commands are prefixed with php artisan\nBase commands [link] clear-compiled [link] Remove the compiled class file\ndb [link] Start a new database CLI session\ndown [link] Put the application into maintenance / demo mode\nenv [link] Display the current framework environment\nhelp [link] Displays help for a command\nhorizon [link] Start a master supervisor in the foreground\ninstall [link] CLI Installer\nlist [link] Lists commands\nmigrate [link] Run the database migrations\noptimize [link] Cache the framework bootstrap files\nserve [link] Serve the application on the PHP development server\ntest [link] Run the application tests\ntinker [link] Interact with your application\nui [link] Swap the front-end scaffolding for the application\nup [link] Bring the application out of maintenance mode\nupdate [link] Run pixelfed schema updates between versions.\nauth [link] auth:clear-resets [link] Flush expired password reset tokens\nbackup [link] backup:clean [link] Remove all backups older than specified number of days in config.\nbackup:list [link] Display a list of all backups.\nbackup:monitor [link] Monitor the health of all backups.\nbackup:run [link] Run the backup.\ncache [link] cache:clear [link] Flush the application cache\ncache:forget [link] Remove an item from the cache\ncache:table [link] Create a migration for the cache database table\nconfig [link] config:cache [link] Create a cache file for faster configuration loading\nconfig:clear [link] Remove the configuration cache file\ndb [link] db:seed [link] Seed the database with records\ndb:wipe [link] Drop all tables, views, and types\nemail [link] email:bancheck [link] Checks user emails for banned domains\nevent [link] event:cache [link] Discover and cache the application\u0026rsquo;s events and listeners\nevent:clear [link] Clear all cached events and listeners\nevent:generate [link] Generate the missing events and listeners based on registration\nevent:list [link] List the application\u0026rsquo;s events and listeners\nfix [link] fix:avatars [link] Replace old svg identicon avatars with default png avatar\nfix:hashtags [link] Fix Hashtags\nfix:likes [link] Fix Like counts\nfix:profile:duplicates [link] Fix duplicate profiles\nfix:statuscount [link] fix profile status count\nfix:usernames [link] Fix invalid usernames\ngc [link] gc:failedjobs [link] Delete failed jobs over 1 month old\ngc:passwordreset [link] Delete password reset tokens over 24 hours old\nhorizon [link] horizon:clear [link] Delete all of the jobs from the specified queue\nhorizon:continue [link] Instruct the master supervisor to continue processing jobs\nhorizon:continue-supervisor [link] Instruct the supervisor to continue processing jobs\nhorizon:forget [link] Delete a failed queue job\nhorizon:install [link] Install all of the Horizon resources\nhorizon:list [link] List all of the deployed machines\nhorizon:pause [link] Pause the master supervisor\nhorizon:pause-supervisor [link] Pause a supervisor\nhorizon:publish [link] Publish all of the Horizon resources\nhorizon:purge [link] Terminate any rogue Horizon processes\nhorizon:snapshot [link] Store a snapshot of the queue metrics\nhorizon:status [link] Get the current status of Horizon\nhorizon:supervisors [link] List all of the supervisors\nhorizon:terminate [link] Terminate the master supervisor so it can be restarted\nimport [link] import:cities [link] Import Cities to database\ninstance [link] instance:actor [link] Generate instance actor\nkey [link] key:generate [link] Set the application key\nmake [link] Shortcuts to create new Laravel framework files. Useful for dev.\nmake:cast [link] Create a new custom Eloquent cast class\nmake:channel [link] Create a new channel class\nmake:command [link] Create a new Artisan command\nmake:component [link] Create a new view component class\nmake:controller [link] Create a new controller class\nmake:event [link] Create a new event class\nmake:exception [link] Create a new custom exception class\nmake:factory [link] Create a new model factory\nmake:job [link] Create a new job class\nmake:listener [link] Create a new event listener class\nmake:mail [link] Create a new email class\nmake:middleware [link] Create a new middleware class\nmake:migration [link] Create a new migration file\nmake:model [link] Create a new Eloquent model class\nmake:notification [link] Create a new notification class\nmake:observer [link] Create a new observer class\nmake:policy [link] Create a new policy class\nmake:provider [link] Create a new service provider class\nmake:request [link] Create a new form request class\nmake:resource [link] Create a new resource\nmake:rule [link] Create a new validation rule\nmake:seeder [link] Create a new seeder class\nmake:test [link] Create a new test class\nmedia [link] media:fix [link] Fix media on v0.10.8+\nmedia:gc [link] Delete media uploads not attached to any active statuses\nmedia:optimize [link] Find and optimize media that has not yet been optimized.\nmigrate [link] migrate:fresh [link] Drop all tables and re-run all migrations\nmigrate:install [link] Create the migration repository\nmigrate:refresh [link] Reset and re-run all migrations\nmigrate:reset [link] ollback all database migrations\nmigrate:rollback [link] Rollback the last database migration\nmigrate:status [link] Show the status of each migration\nnotifications [link] notifications:table [link] Create a migration for the notifications table\noptimize [link] optimize:clear [link] Remove the cached bootstrap files\npackage [link] package:discover [link] Rebuild the cached package manifest\npassport [link] passport:client [link] Create a client for issuing access tokens\npassport:hash [link] Hash all of the existing secrets in the clients table\npassport:install [link] Run the commands necessary to prepare Passport for use\npassport:keys [link] Create the encryption keys for API authentication\npassport:purge [link] Purge revoked and / or expired tokens and authentication codes\nqueue [link] Commands related to the queue worker.\nqueue:batches-table [link] Create a migration for the batches database table\nqueue:clear [link] Delete all of the jobs from the specified queue\nqueue:failed [link] List all of the failed queue jobs\nqueue:failed-table [link] Create a migration for the failed queue jobs database table\nqueue:flush [link] Flush all of the failed queue jobs\nqueue:forget [link] Delete a failed queue job\nqueue:listen [link] Listen to a given queue\nqueue:prune-batches [link] Prune stale entries from the batches database\nqueue:restart [link] Restart queue worker daemons after their current job\nqueue:retry [link] Retry a failed queue job\nqueue:retry-batch [link] Retry the failed jobs for a batch\nqueue:table [link] Create a migration for the queue jobs database table\nqueue:work [link] Start processing jobs on the queue as a daemon\nregenerate [link] regenerate:thumbnails [link] Regenerate thumbnails\nroute [link] route:cache [link] Create a route cache file for faster route registration\nroute:clear [link] Remove the route cache file\nroute:list [link] List all registered routes\nschedule [link] schedule:list [link] List the scheduled commands\nschedule:run [link] Run the scheduled commands\nschedule:test [link] Run a scheduled command\nschedule:work [link] Start the schedule worker\nschema [link] schema:dump [link] Dump the given database schema\nseed [link] seed:follows [link] Seed follows for testing\nsession [link] session:table [link] Create a migration for the session database table\nstatus [link] status:dedup [link] Removes duplicate statuses from before unique uri migration\nstorage [link] storage:link [link] Create the symbolic links configured for the application\nstory [link] story:gc [link] Clear expired Stories\nstub [link] stub:publish [link] Publish all stubs that are available for customization\nui [link] ui:auth [link] Scaffold basic login and registration views and routes\nui:controllers [link] Scaffold the authentication controllers\nuser [link] user:admin [link] Make a user an admin, or remove admin privileges.\nuser:create [link] Create a new user\nuser:delete [link] Delete account\nuser:show [link] Show user info\nuser:suspend [link] Suspend a local user.\nuser:table [link] Display latest users\nuser:unsuspend [link] Unsuspend a local user.\nvendor [link] vendor:publish [link] Publish any publishable assets from vendor packages\nvideo [link] video:thumbnail [link] Generate missing video thumbnails\nview [link] view:cache [link] Compile all of the application\u0026rsquo;s Blade templates\nview:clear [link] Clear all compiled view files\n","href":"https://docs.pixelfed.org/technical-documentation/artisan/","title":"CLI"},{"content":"All configuration files are located in the config/ folder of your Pixelfed installation. These are the environment variables you can set in your .env file; note that some variables are currently unused and do nothing.\nSummary of important variables\nFor a user-facing guide to which environment variables you might want to set, check out the installation guide instead.\nAPP [link] APP_NAME [link] This value is the name of your application. This value is used when the framework needs to place the application\u0026rsquo;s name in a notification or any other location as required by the application or its packages. Defaults to \u0026quot;Pixelfed\u0026quot;.\nAPP_ENV [link] This value determines the \u0026ldquo;environment\u0026rdquo; your application is currently running in. This may determine how you prefer to configure various services your application utilizes. Set this in your \u0026ldquo;.env\u0026rdquo; file. Defaults to \u0026quot;production\u0026quot;.\nAPP_DEBUG [link] When your application is in debug mode, detailed error messages with stack traces will be shown on every error that occurs within your application. If disabled, a simple generic error page is shown. Defaults to false.\nAPP_URL [link] This URL is used by the console to properly generate URLs when using the Artisan command line tool. You should set this to the root of your application so that it is used when running Artisan tasks. Defaults to \u0026quot;https://localhost\u0026quot;.\nAPP_TIMEZONE [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;UTC\u0026quot;. Do not edit your timezone or things will break!\nAPP_LOCALE [link] The application locale determines the default locale that will be used by the translation service provider. You are free to set this value to any of the locales which will be supported by the application. Defaults to \u0026quot;en\u0026quot;.\nAPP_FALLBACK_LOCALE [link] The fallback locale determines the locale to use when the current one is not available. You may change the value to correspond to any of the language folders that are provided through your application. Defaults to \u0026quot;en\u0026quot;.\nAPP_KEY [link] (Not listed on Admin \u0026gt; Diagnostics.) A random 32-character string to be used as an encryption key. No default value; use php artisan key:generate to generate. This key is used by the Illuminate encrypter service and should be set to a random, 32 character string, otherwise these encrypted strings will not be safe. Please do this before deploying an application!\nBACKUP [link] (Not listed on Admin \u0026gt; Diagnostics.)\nBACKUP_ARCHIVE_PASSWORD [link] (Not listed on Admin \u0026gt; Diagnostics.) The password to be used for archive encryption. Set to null to disable encryption.\nBACKUP_EMAIL_ADDRESS [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;\u0026quot;.\nBROADCASTING [link] BROADCAST_DRIVER [link] This option controls the default broadcaster that will be used by the framework when an event needs to be broadcast. Possible values:\n\u0026quot;pusher\u0026quot; \u0026quot;redis\u0026quot; \u0026quot;log\u0026quot; \u0026quot;null\u0026quot; (default) PUSHER [link] PUSHER_APP_KEY [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPUSHER_APP_SECRET [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPUSHER_APP_ID [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPUSHER_APP_CLUSTER [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPUSHER_APP_ENCRYPTED [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to false.\nPUSHER_HOST [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to APP_DOMAIN.\nPUSHER_PORT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 443.\nPUSHER_SCHEME [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;https\u0026quot;.\nCACHE [link] CACHE_DRIVER [link] This option controls the default cache connection that gets used while using this caching library. This connection is used when another is not explicitly specified when executing a given caching function. Possible values:\n\u0026quot;apc\u0026quot; \u0026quot;array\u0026quot; \u0026quot;database\u0026quot; \u0026quot;file\u0026quot; (default) \u0026quot;memcached\u0026quot; \u0026quot;redis\u0026quot; CACHE_PREFIX [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to ${APP_NAME}_cache, or laravel_cache if no APP_NAME is set.\nMEMCACHED [link] (Not listed on Admin \u0026gt; Diagnostics.)\nMEMCACHED_PERSISTENT_ID [link] (Not listed on Admin \u0026gt; Diagnostics.)\nMEMCACHED_USERNAME [link] (Not listed on Admin \u0026gt; Diagnostics.)\nMEMCACHED_PASSWORD [link] (Not listed on Admin \u0026gt; Diagnostics.)\nMEMCACHED_HOST [link] Defaults to \u0026quot;127.0.0.1\u0026quot;.\nMEMCACHED_PORT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 11211.\nREDIS [link] REDIS_CLIENT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;phpredis\u0026quot;.\nREDIS_SCHEME [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;tcp\u0026quot;.\nREDIS_PATH [link] (Not listed on Admin \u0026gt; Diagnostics.) No default value.\nREDIS_HOST [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;localhost\u0026quot;.\nREDIS_PASSWORD [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to null.\nREDIS_PORT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 6379.\nREDIS_DATABASE [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 0.\nCAPTCHA [link] (Not listed on Admin \u0026gt; Diagnostics.) Use hCaptcha to protect your login from bots.\nCAPTCHA_ENABLED [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to false.\nCAPTCHA_SECRET [link] (Not listed on Admin \u0026gt; Diagnostics.)\nCAPTCHA_SITEKEY [link] (Not listed on Admin \u0026gt; Diagnostics.)\nCOSTAR [link] (Not listed on Admin \u0026gt; Diagnostics.) COSTAR - Confirm Object Sentiment Transform and Reduce\nCS_BLOCKED_DOMAINS [link] (Not listed on Admin \u0026gt; Diagnostics.) Comma-separated list of domains to block. Defaults to null.\nCS_CW_DOMAINS [link] (Not listed on Admin \u0026gt; Diagnostics.) Comma-separated list of domains to add warnings. Defaults to null.\nCS_UNLISTED_DOMAINS [link] (Not listed on Admin \u0026gt; Diagnostics.) Comma-separated list of domains to remove from public timelines. Defaults to null.\nCS_BLOCKED_KEYWORDS [link] (Not listed on Admin \u0026gt; Diagnostics.) Comma-separated list of keywords to block. Defaults to null.\nCS_CW_KEYWORDS [link] (Not listed on Admin \u0026gt; Diagnostics.) Comma-separated list of keywords to add warnings. Defaults to null.\nCS_UNLISTED_KEYWORDS [link] (Not listed on Admin \u0026gt; Diagnostics.) Comma-separated list of keywords to remove from public timelines. Defaults to null.\nCS_BLOCKED_ACTOR [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to null.\nCS_CW_ACTOR [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to null.\nCS_UNLISTED_ACTOR [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to null.\nDATABASE [link] DB_CONNECTION [link] Here you may specify which of the database connections below you wish to use as your default connection for all database work. Of course you may use many connections at once using the Database library. Possible values:\n\u0026quot;sqlite\u0026quot; \u0026quot;mysql\u0026quot; (default) \u0026quot;pgsql\u0026quot; \u0026quot;sqlsrv\u0026quot; SQLITE [link] (Not listed on Admin \u0026gt; Diagnostics.) When using sqlite for DB_CONNECTION.\nDB_DATABASE [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;database.sqlite\u0026quot;.\nMYSQL [link] (Not listed on Admin \u0026gt; Diagnostics.) When using \u0026quot;mysql\u0026quot; for DB_CONNECTION.\nDB_HOST [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;127.0.0.1\u0026quot;.\nDB_PORT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;3306\u0026quot;.\nDB_DATABASE [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;forge\u0026quot;\nDB_USERNAME [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;forge\u0026quot;\nDB_PASSWORD [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;\u0026quot;.\nDB_SOCKET [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;\u0026quot;.\nPGSQL [link] (Not listed on Admin \u0026gt; Diagnostics.) When using \u0026quot;pgsql\u0026quot; for DB_CONNECTION.\nDB_HOST [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;127.0.0.1\u0026quot;.\nDB_PORT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;5432\u0026quot;.\nDB_DATABASE [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to forge.\nDB_USERNAME [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to forge.\nDB_PASSWORD [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;\u0026quot;.\nSQLSRV [link] When using \u0026quot;sqlsrv\u0026quot; for DB_CONNECTION.\nDB_HOST [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;localhost\u0026quot;.\nDB_PORT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;1433\u0026quot;.\nDB_DATABASE [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to forge.\nDB_USERNAME [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to forge.\nDB_PASSWORD [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;\u0026quot;.\nREDIS_CLIENT [link] \u0026quot;predis\u0026quot; (default) \u0026quot;phpredis\u0026quot; REDIS_SCHEME [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;tcp\u0026quot;.\nREDIS_PATH [link] (Not listed on Admin \u0026gt; Diagnostics.) No default value.\nREDIS_HOST [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;127.0.0.1\u0026quot;.\nREDIS_PASSWORD [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to null.\nREDIS_PORT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 6379.\nREDIS_DATABASE [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 0.\nEXP [link] Experimental configuration options. (Use at your own risk.)\nEXP_LC [link] Hidden like counts (deprecated). Defaults to false.\nEXP_REC [link] (Variable is ignored.) Recommendations (deprecated). Defaults to false.\nEXP_LOOPS [link] (Variable is ignored.) Loops feature (deprecated). Defaults to false.\nEXP_TOP [link] Text only posts (alpha). Defaults to false.\nEXP_POLLS [link] Poll statuses (alpha). Defaults to false.\nEXP_CPT [link] Cached public timeline for larger instances (beta). Defaults to false.\nEXP_GPS [link] Groups (unreleased). Defaults to false.\nspa [link] (Variable is ignored.) Single page application (beta). Defaults to true.\nEXP_EMC [link] Enforce Mastoapi Compatibility (alpha). Defaults to true.\nFEDERATION [link] ACTIVITYPUB [link] ActivityPub configuration.\nACTIVITY_PUB [link] Defaults to false.\nAP_OUTBOX [link] Defaults to true.\nAP_INBOX [link] Defaults to true.\nAP_SHAREDINBOX [link] Defaults to true.\nAP_REMOTE_FOLLOW [link] Defaults to true.\nACTIVITYPUB_DELIVERY_TIMEOUT [link] Defaults to 30.0.\nACTIVITYPUB_DELIVERY_CONCURRENCY [link] Defaults to 10.\nAP_LOGGER_ENABLED [link] Defaults to false.\nATOM_FEEDS [link] Defaults to true.\nREMOTE_AVATARS [link] Defaults to true.\nNODEINFO [link] Defaults to true.\nWEBFINGER [link] Defaults to true.\nPF_NETWORK_TIMELINE [link] Defaults to true.\nPF_NETWORK_TIMELINE_DAYS_FALLOFF [link] Defaults to 2.\nCUSTOM_EMOJI [link] Defaults to false.\nCUSTOM_EMOJI_MAX_SIZE [link] Defaults to 2000000 (2MB).\nFILESYSTEMS [link] FILESYSTEM_DRIVER [link] Here you may specify the default filesystem disk that should be used by the framework. The \u0026ldquo;local\u0026rdquo; disk, as well as a variety of cloud based disks are available to your application. Just store away! Possible options:\n\u0026quot;local\u0026quot; (default) \u0026quot;public\u0026quot; \u0026quot;s3\u0026quot; \u0026quot;spaces\u0026quot; \u0026quot;backup\u0026quot; FILESYSTEM_CLOUD [link] Many applications store files both locally and in the cloud. For this reason, you may specify a default \u0026ldquo;cloud\u0026rdquo; driver here. This driver will be bound as the Cloud disk implementation in the container. Defaults to \u0026quot;s3\u0026quot;.\nS3 [link] (Not listed on Admin \u0026gt; Diagnostics.)\nAWS_ACCESS_KEY_ID [link] (Not listed on Admin \u0026gt; Diagnostics.)\nAWS_SECRET_ACCESS_KEY [link] (Not listed on Admin \u0026gt; Diagnostics.)\nAWS_DEFAULT_REGION [link] (Not listed on Admin \u0026gt; Diagnostics.)\nAWS_BUCKET [link] (Not listed on Admin \u0026gt; Diagnostics.)\nAWS_URL [link] (Not listed on Admin \u0026gt; Diagnostics.)\nAWS_ENDPOINT [link] (Not listed on Admin \u0026gt; Diagnostics.)\nAWS_USE_PATH_STYLE_ENDPOINT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to false.\nSPACES [link] (Not listed on Admin \u0026gt; Diagnostics.)\nDO_SPACES_KEY [link] (Not listed on Admin \u0026gt; Diagnostics.)\nDO_SPACES_SECRET [link] (Not listed on Admin \u0026gt; Diagnostics.)\nDO_SPACES_ENDPOINT [link] (Not listed on Admin \u0026gt; Diagnostics.)\nDO_SPACES_REGION [link] (Not listed on Admin \u0026gt; Diagnostics.)\nDO_SPACES_BUCKET [link] (Not listed on Admin \u0026gt; Diagnostics.)\nDO_SPACES_ROOT [link] (Not listed on Admin \u0026gt; Diagnostics.)\nBACKUP [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPF_BACKUP_DRIVER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;s3\u0026quot;.\nPF_BACKUP_ROOT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;/\u0026quot;.\nPF_BACKUP_KEY [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPF_BACKUP_SECRET [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPF_BACKUP_ENDPOINT [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPF_BACKUP_REGION [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPF_BACKUP_BUCKET [link] (Not listed on Admin \u0026gt; Diagnostics.)\nHASHIDS [link] (Not listed on Admin \u0026gt; Diagnostics.)\nAPP_HASHID_SALT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;v3MsJ1Hgnlma8YPrD3f4sW6vAn6zLnkuh6vOpKnR5IKkLqDGIk7TCADS2igpEN4ADrtXkkzV2E8HBfzpz7BreDzQqVOYDMeb4cJ1xhDhDwDeicZVUPyrxihHDaMWpTsP\u0026quot;.\nHASHING [link] This option controls the default hash driver that will be used to hash passwords for your application. By default, the bcrypt algorithm is used; however, you remain free to modify this option if you wish. Possible drivers are bcrypt and argon, but this requires manual editing of driver (which is hardcoded as bcrypt).\nBCRYPT [link] BCRYPT_COST [link] How many rounds of hashing to use. Defaults to 10.\nARGON [link] (Not listed on Admin \u0026gt; Diagnostics.)\nARGON_MEM [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 1024.\nARGON_THREADS [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 2.\nARGON_TIME [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 2.\nHORIZON [link] HORIZON_PREFIX [link] This prefix will be used when storing all Horizon data in Redis. You may modify the prefix when you are running multiple installations of Horizon on the same server so that they don\u0026rsquo;t have problems. Defaults to \u0026quot;horizon-\u0026quot;.\nHORIZON_MEMORY_LIMIT (MB) [link] This value describes the maximum amount of memory (in MB) the Horizon worker may consume before it is terminated and restarted. You should set this value according to the resources available to your server. Defaults to 64.\nHORIZON_BALANCE_STRATEGY [link] Defaults to \u0026quot;auto\u0026quot;.\nHORIZON_MIN_PROCESSES [link] Defaults to 1.\nHORIZON_MAX_PROCESSES [link] Defaults to 20.\nHORIZON_SUPERVISOR_MEMORY [link] Defaults to 64.\nHORIZON_SUPERVISOR_TRIES [link] Defaults to 3.\nHORIZON_SUPERVISOR_NICE [link] Defaults to 0.\nHORIZON_SUPERVISOR_TIMEOUT [link] Defaults to 300.\nHORIZON_DARKMODE [link] Defaults to false.\nIMAGE [link] IMAGE_DRIVER [link] Pixelfed supports GD or ImageMagick to process images. Defaults to gd. Set IMAGE_DRIVER=imagick to use ImageMagick instead.\nINSTANCE [link] FORCE_HTTPS_URLS [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nINSTANCE_DESCRIPTION [link] Defaults to \u0026quot;Pixelfed - Photo sharing for everyone\u0026quot;.\nINSTANCE_CONTACT_FORM [link] Defaults to false.\nINSTANCE_CONTACT_MAX_PER_DAY [link] Defaults to 1.\nINSTANCE_DISCOVER_PUBLIC [link] Defaults to false.\nEXP_LOOPS [link] See EXP, although here it actually is used. Defaults to false.\nINSTANCE_PUBLIC_HASHTAGS [link] Defaults to false.\nINSTANCE_CONTACT_EMAIL [link] Defaults to \u0026quot;\u0026quot;.\nPF_HOME_TIMELINE_CACHE [link] Defaults to false.\nPF_HOME_TIMELINE_CACHE_TTL [link] Defaults to 900.\nINSTANCE_PUBLIC_LOCAL_TIMELINE [link] Defaults to false.\nINSTANCE_NETWORK_TIMELINE_CACHED [link] Defaults to true. Only used when PF_NETWORK_TIMELINE is true.\nINSTANCE_NETWORK_TIMELINE_CACHE_DROPOFF [link] Defaults to 100.\nINSTANCE_NETWORK_TIMELINE_CACHE_MAX_HOUR_INGEST [link] Defaults to 6.\nPAGE_404_HEADER [link] Defaults to \u0026quot;Sorry, this page isn't available.\u0026quot;.\nPAGE_404_BODY [link] Defaults to \u0026quot;\u0026quot;The link you followed may be broken, or the page may have been removed. \u0026lt;a href=\u0026quot;/\u0026quot;\u0026gt;Go back to Pixelfed.\u0026lt;/a\u0026gt;\u0026quot;\u0026quot;.\nPAGE_503_HEADER [link] Defaults to \u0026quot;Service Unavailable\u0026quot;.\nPAGE_503_BODY [link] Defaults to \u0026quot;Our service is in maintenance mode, please try again later.\u0026quot;.\nBANNED_USERNAMES [link] Defaults to \u0026quot;\u0026quot;.\nUSERNAME_REMOTE_FORMAT [link] Possible values:\n\u0026quot;@\u0026quot; (default) \u0026quot;from\u0026quot; \u0026quot;custom\u0026quot; USERNAME_REMOTE_CUSTOM_TEXT [link] Used when USERNAME_REMOTE_FORMAT=\u0026quot;custom\u0026quot;. Defaults to null.\nSTORIES_ENABLED [link] Defaults to false.\nRESTRICTED_INSTANCE [link] Defaults to false. Level is hardcoded to 1.\nOAUTH_TOKEN_DAYS [link] Defaults to 365.\nOAUTH_REFRESH_DAYS [link] Defaults to 400.\nOAUTH_PAT_ENABLED [link] Defaults to false.\nOAUTH_PAT_ID [link] Defaults to \u0026quot;\u0026quot;.\nENABLE_COVID_LABEL [link] Defaults to true.\nCOVID_LABEL_URL [link] Defaults to \u0026quot;https://www.who.int/emergencies/diseases/novel-coronavirus-2019/advice-for-public\u0026quot;.\nCOVID_LABEL_ORG [link] Defaults to \u0026quot;visit the WHO website\u0026quot;.\nENABLE_CONFIG_CACHE [link] Whether Admin \u0026gt; Settings can be used to override your .env. Defaults to false.\nINSTANCE_LEGAL_NOTICE [link] Defaults to false.\nINSTANCE_PROFILE_EMBEDS [link] Defaults to true.\nINSTANCE_POST_EMBEDS [link] Defaults to true.\nPF_HIDE_NSFW_ON_PUBLIC_FEEDS [link] Defaults to false.\nPF_LOCAL_AVATAR_TO_CLOUD [link] Defaults to false.\nPF_ADMIN_INVITES_ENABLED [link] Defaults to true.\nLDAP [link] Here you may specify which of the LDAP connections below you wish to use as your default connection for all LDAP operations. Of course you may add as many connections you\u0026rsquo;d like below.\nLDAP_CONNECTION [link] Defaults to \u0026quot;default\u0026quot;.\nDEFAULT [link] (Not listed on Admin \u0026gt; Diagnostics.)\nLDAP_HOST [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;127.0.0.1\u0026quot;.\nLDAP_USERNAME [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults \u0026quot;cn=user,dc=local,dc=com\u0026quot;.\nLDAP_PASSWORD [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;secret\u0026quot;.\nLDAP_PORT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 389.\nLDAP_BASE_DN [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;dc=local,dc=com\u0026quot;.\nLDAP_TIMEOUT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 5.\nLDAP_SSL [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to false.\nLDAP_TLS [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to false.\nLDAP_LOGGING [link] When LDAP logging is enabled, all LDAP search and authentication operations are logged using the default application logging driver. This can assist in debugging issues and more. Defaults to true.\nCACHE [link] LDAP caching enables the ability of caching search results using the query builder. This is great for running expensive operations that may take many seconds to complete, such as a pagination request.\nLDAP_CACHE [link] Defaults to false.\nCACHE_DRIVER [link] See CACHE. Defaults to \u0026quot;file\u0026quot;.\nLIVESTREAMING [link] (Not listed on Admin \u0026gt; Diagnostics.)\nHLS_LIVE [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to false.\nHLS_LIVE_HOST [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to APP_DOMAIN or \u0026quot;localhost\u0026quot;.\nHLS_LIVE_PORT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 1935.\nHLS_LIVE_PATH [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;live\u0026quot;.\nHLS_LIVE_BROADCAST_DELETE_TOKEN_AFTER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nHLS_LIVE_BROADCAST_MAX_DURATION [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 60.\nHLS_LIVE_BROADCAST_MAX_ACTIVE [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 10.\nHLS_LIVE_BROADCAST_LIMITS [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nHLS_LIVE_BROADCAST_LIMITS_MIN_FOLLOWERS [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 100.\nHLS_LIVE_BROADCAST_LIMITS_MIN_ACCOUNT_AGE [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 14.\nHLS_LIVE_BROADCAST_LIMITS_ADMINS_ONLY [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nHLS_LIVE_BROADCAST_SOURCE_APP [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to false.\nHLS_LIVE_BROADCAST_SOURCE_WEB [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to false.\nHLS_LIVE_COMMENTS_MAX_FALLOFF [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 50.\nLOGGING [link] LOG_CHANNEL [link] Possible values:\n\u0026quot;stack\u0026quot; (default) \u0026quot;single\u0026quot; \u0026quot;daily\u0026quot; \u0026quot;slack\u0026quot; \u0026quot;stderr\u0026quot; \u0026quot;syslog\u0026quot; \u0026quot;errorlog\u0026quot; \u0026quot;null\u0026quot; \u0026quot;emergency\u0026quot; \u0026quot;media\u0026quot; LOG_LEVEL [link] Used by single, stderr and syslog. Defaults to \u0026quot;debug\u0026quot; for all of those.\nLOG_SLACK_WEBHOOK_URL [link] (Not listed on Admin \u0026gt; Diagnostics.) Used by slack. Defaults to \u0026quot;\u0026quot;.\nLOG_STDERR_FORMATTER [link] (Not listed on Admin \u0026gt; Diagnostics.) Used by stderr. Defaults to \u0026quot;\u0026quot;.\nMAIL [link] MAIL_DRIVER [link] Laravel supports both SMTP and PHP\u0026rsquo;s \u0026ldquo;mail\u0026rdquo; function as drivers for the sending of e-mail. You may specify which one you\u0026rsquo;re using throughout your application here. Possible values:\n\u0026quot;smtp\u0026quot; (default) \u0026quot;sendmail\u0026quot; \u0026quot;mailgun\u0026quot; \u0026quot;mandrill\u0026quot; \u0026quot;ses\u0026quot; \u0026quot;sparkpost\u0026quot; \u0026quot;log\u0026quot; \u0026quot;array\u0026quot; MAIL_HOST [link] Here you may provide the host address of the SMTP server used by your applications. A default option is provided that is compatible with the Mailgun mail service which will provide reliable deliveries. Defaults to \u0026quot;smtp.mailgun.org\u0026quot;.\nMAIL_PORT [link] This is the SMTP port used by your application to deliver e-mails to users of the application. Like the host we have set this value to stay compatible with the Mailgun e-mail application by default. Defaults to 587.\nMAIL_FROM_ADDRESS [link] You may wish for all e-mails sent by your application to be sent from the same address. Here, you may specify a name and address that is used globally for all e-mails that are sent by your application. Defaults to \u0026quot;hello@example.com\u0026quot;.\nMAIL_FROM_NAME [link] Defaults to \u0026quot;Example\u0026quot;.\nMAIL_ENCRYPTION [link] Here you may specify the encryption protocol that should be used when the application send e-mail messages. A sensible default using the transport layer security protocol should provide great security. Defaults to \u0026quot;tls\u0026quot;.\nMAIL_USERNAME [link] (Not listed on Admin \u0026gt; Diagnostics.) If your SMTP server requires a username for authentication, you should set it here. This will get used to authenticate with your server on connection. You may also set the \u0026ldquo;password\u0026rdquo; value below this one. Defaults to \u0026quot;\u0026quot;.\nMAIL_PASSWORD [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;\u0026quot;.\nMEDIA [link] MEDIA_DELETE_LOCAL_AFTER_CLOUD [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nMEDIA_EXIF_DATABASE [link] Defaults to false.\nPASSPORT [link] (Not listed on Admin \u0026gt; Diagnostics.) Passport uses encryption keys while generating secure access tokens for your application. By default, the keys are stored as local files but can be set via environment variables when that is more convenient.\nPASSPORT_PRIVATE_KEY [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPASSPORT_PUBLIC_KEY [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPIXELFED [link] ADMIN_DOMAIN [link] Application domains used for routing.\nAPP_DOMAIN [link] Application domains used for routing.\nMEMORY_LIMIT [link] This memory_limit value is only used for image processing. The default memory_limit in php.ini is used for the rest of the app. Defaults to \u0026quot;1024M\u0026quot;.\nOPEN_REGISTRATION [link] Enable/disable new local account registrations. Defaults to true.\nMAX_ACCOUNT_SIZE (kB) [link] Update the max account size, the per user limit of files in kB. Defaults to 1000000 (1GB).\nMAX_PHOTO_SIZE (kB) [link] Update the max photo size, in kB. Defaults to 15000 (15MB).\nMAX_AVATAR_SIZE (kB) [link] Update the max avatar size, in kB. Defaults to 2000 (2MB).\nMAX_CAPTION_LENGTH [link] Change the caption length limit for new local posts. Defaults to 500.\nMAX_BIO_LENGTH [link] Change the bio length limit for user profiles. Defaults to 125.\nMAX_NAME_LENGTH [link] Change the length limit for user names. Defaults to 30.\nMIN_PASSWORD_LENGTH [link] Change the minimum length limit for user passwords. Defaults to 8.\nMAX_ALBUM_LENGTH [link] The max number of photos allowed per post. Defaults to 4.\nENFORCE_EMAIL_VERIFICATION [link] Require email verification before a new user can do anything. Defaults to true.\nIMAGE_QUALITY [link] Set the image optimization quality, must be a value between 1-100. Defaults to 80.\nACCOUNT_DELETION [link] Enable account deletion. Defaults to true.\nACCOUNT_DELETE_AFTER [link] Set account deletion queue after X days, set to false to delete accounts immediately. Defaults to false.\nPF_ENABLE_CLOUD [link] Store media on object storage like S3, Digital Ocean Spaces, Rackspace Defaults to false.\nPF_MAX_USERS [link] Allow a maximum number of user accounts. Defaults to false.\nPF_OPTIMIZE_IMAGES [link] Resize and optimize image uploads. Defaults to true.\nPF_OPTIMIZE_VIDEOS [link] Resize and optimize video uploads. Defaults to true.\nPF_USER_INVITES [link] Allow users to invite others via email. Will respect max user limit and prevent invites after the limit is reached. Defaults to false.\nPF_USER_INVITES_TOTAL_LIMIT [link] Defaults to 0.\nPF_USER_INVITES_DAILY_LIMIT [link] Defaults to 0.\nPF_USER_INVITES_MONTHLY_LIMIT [link] Defaults to 0.\nPF_MAX_COLLECTION_LENGTH [link] Defaults to 100.\nMEDIA_TYPES [link] Defaults to \u0026quot;image/jpeg,image/png,image/gif\u0026quot;.\nLIMIT_ACCOUNT_SIZE [link] Defaults to true.\nIMPORT_INSTAGRAM [link] Defaults to false.\nIMPORT_INSTAGRAM_POST_LIMIT [link] Defaults to 100.\nIMPORT_INSTAGRAM_SIZE_LIMIT [link] Defaults to 5000.\nOAUTH_ENABLED [link] Defaults to false.\nPF_BOUNCER_ENABLED [link] Defaults to false.\nPF_MEDIA_FAST_PROCESS [link] Don\u0026rsquo;t require photos \u0026amp; video to finish optimization \u0026amp; upload to S3 if enabled before posting. If disabled users will have to wait until processed before posting, sacrificing the user experience to ensure media is federated using S3 urls (if enabled). Defaults to true.\nPF_MEDIA_MAX_ALTTEXT_LENGTH [link] Defaults to 1000.\nPF_ALLOW_APP_REGISTRATION [link] Defaults to true.\nPORTFOLIO [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPORTFOLIO_DOMAIN [link] (Not listed on Admin \u0026gt; Diagnostics.) This value is the domain used for the portfolio feature. Only change the default value if you have a subdomain configured. You must use a subdomain on the same app domain. Defaults to APP_DOMAIN.\nPORTFOLIO_PATH [link] (Not listed on Admin \u0026gt; Diagnostics.) This value is the path used for the portfolio feature. Only change the default value if you have a subdomain configured. If you want to use the root path of the subdomain, leave this value empty.\nWARNING: SETTING THIS VALUE WITHOUT A SUBDOMAIN COULD BREAK YOUR INSTANCE, SO ONLY CHANGE THIS IF YOU KNOW WHAT YOU\u0026rsquo;RE DOING.\nDefaults to \u0026quot;/i/portfolio\u0026quot;.\nPURIFY [link] RESTRICT_HTML_TYPES [link] Defaults to true.\nRESILIENT_MODE [link] (Not listed on Admin \u0026gt; Diagnostics.) This mode allows you to define up to 2 alternate S3 cloud providers for a total of 3 S3 providers for redundancy.\nTo enable the primary alternate S3 driver, ensure you set the following .env variables:\nALT_PRI_ENABLED=true ALT_PRI_AWS_ACCESS_KEY_ID=KEYID ALT_PRI_AWS_SECRET_ACCESS_KEY=SECRET ALT_PRI_AWS_DEFAULT_REGION=REGION ALT_PRI_AWS_URL=URL ALT_PRI_AWS_ENDPOINT=ENDPOINT To enable the secondary alternate S3 driver, ensure you set the following .env variables:\nALT_SEC_ENABLED=true ALT_SEC_AWS_ACCESS_KEY_ID=KEYID ALT_SEC_AWS_SECRET_ACCESS_KEY=SECRET ALT_SEC_AWS_DEFAULT_REGION=REGION ALT_SEC_AWS_URL=URL ALT_SEC_AWS_ENDPOINT=ENDPOINT QUEUE [link] QUEUE_DRIVER [link] \u0026quot;sync\u0026quot; (default) \u0026quot;database\u0026quot; \u0026quot;beanstalkd\u0026quot; \u0026quot;sqs\u0026quot; \u0026quot;redis\u0026quot; \u0026quot;null\u0026quot; SQS [link] (Not listed on Admin \u0026gt; Diagnostics.)\nSQS_KEY [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;your-public-key\u0026quot;.\nSQS_SECRET [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;your-secret-key\u0026quot;.\nSQS_PREFIX [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;https://sqs.us-east-1.amazonaws.com/your-account-id\u0026quot;.\nSQS_QUEUE [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;your-queue-name\u0026quot;.\nSQS_REGION [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;us-east-1\u0026quot;.\nDB_CONNECTION [link] (Not listed on Admin \u0026gt; Diagnostics.) See DB_CONNECTION. These options configure the behavior of failed queue job logging so you can control which database and table are used to store the jobs that have failed. You may change them to any database / table you wish. Defaults to \u0026quot;mysql\u0026quot;.\nSERVICES [link] (Not listed on Admin \u0026gt; Diagnostics.)\nMAILGUN [link] (Not listed on Admin \u0026gt; Diagnostics.)\nMAILGUN_DOMAIN [link] (Not listed on Admin \u0026gt; Diagnostics.)\nMAILGUN_SECRET [link] (Not listed on Admin \u0026gt; Diagnostics.)\nSES [link] (Not listed on Admin \u0026gt; Diagnostics.)\nSES_KEY [link] (Not listed on Admin \u0026gt; Diagnostics.)\nSES_SECRET [link] (Not listed on Admin \u0026gt; Diagnostics.)\nSES_REGION [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;us-east-1\u0026quot;.\nSPARKPOST [link] (Not listed on Admin \u0026gt; Diagnostics.)\nSPARKPOST_SECRET [link] (Not listed on Admin \u0026gt; Diagnostics.)\nSTRIPE [link] (Not listed on Admin \u0026gt; Diagnostics.)\nSTRIPE_KEY [link] (Not listed on Admin \u0026gt; Diagnostics.)\nSTRIPE_SECRET [link] (Not listed on Admin \u0026gt; Diagnostics.)\nSESSION [link] SESSION_DRIVER [link] This option controls the default session \u0026ldquo;driver\u0026rdquo; that will be used on requests. By default, we will use the lightweight native driver but you may specify any of the other wonderful drivers provided here.\n\u0026quot;file\u0026quot; \u0026quot;cookie\u0026quot; \u0026quot;database\u0026quot; (default) \u0026quot;apc\u0026quot; \u0026quot;memcached\u0026quot; \u0026quot;redis\u0026quot; \u0026quot;array\u0026quot; SESSION_LIFETIME [link] Here you may specify the number of minutes that you wish the session to be allowed to remain idle before it expires. If you want them to immediately expire on the browser closing, set that option. Defaults to 86400.\nSESSION_DOMAIN [link] Here you may change the domain of the cookie used to identify a session in your application. This will determine which domains the cookie is available to in your application. A sensible default has been set. Defaults to the value of APP_DOMAIN, or null.\nVIDEO WEBP2P [link] (Not listed on Admin \u0026gt; Diagnostics.) WebP2P support for local video that uses peer-to-peer technology to reduce load on individual servers when viewing video.\nMEDIA_HLS_ENABLED [link] Set to true to enable HLS generation, required for WebP2P support and alone allows for better viewing experiences. Disabled by default.\nMEDIA_HLS_P2P [link] Set to true to enable WebP2P support. Requires MEDIA_HLS_ENABLED=true. Disabled by default.\nMEDIA_HLS_BITRATE [link] Set the default HLS bitrate. We recommend using the default value of 1000 unless you know what you are doing.\nMEDIA_HLS_P2P_TRACKER [link] Set the WebP2P torrent tracker. The default tracker is wss://tracker.webtorrent.dev\nMEDIA_HLS_P2P_ICE_SERVER [link] Set the WebP2P signaling server. The default server is stun:stun.l.google.com:19302\nMEDIA_HLS_DEBUG [link] Set to true to enable debug mode that logs to browser console log. Disabled by default.\nMEDIA_HLS_P2P_DEBUG [link] Set to true to enable debug mode that logs WebP2P events to browser console log. Disabled by default.\nTELESCOPE [link] (Not listed on Admin \u0026gt; Diagnostics.)\nTELESCOPE_DRIVER [link] (Not listed on Admin \u0026gt; Diagnostics.) This configuration options determines the storage driver that will be used to store Telescope\u0026rsquo;s data. In addition, you may set any custom options as needed by the particular driver you choose. Defaults to \u0026quot;database\u0026quot;.\nTELESCOPE_ENABLED [link] (Not listed on Admin \u0026gt; Diagnostics.) This option may be used to disable all Telescope watchers regardless of their individual configuration, which simply provides a single and convenient way to enable or disable Telescope data storage. Defaults to false.\nTELESCOPE_CACHE_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_COMMAND_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_DUMP_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_EVENT_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_EXCEPTION_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_JOB_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_LOG_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_MAIL_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_MODEL_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_NOTIFICATION_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_QUERY_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_REDIS_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_REQUEST_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_RESPONSE_SIZE_LIMIT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 64.\nTELESCOPE_GATE_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTELESCOPE_SCHEDULE_WATCHER [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to true.\nTRUSTEDPROXY [link] TRUST_PROXIES [link] Set trusted proxy IP addresses.\nBoth IPv4 and IPv6 addresses are supported, along with CIDR notation.\nThe \u0026ldquo;*\u0026rdquo; character is syntactic sugar within TrustedProxy to trust any proxy that connects directly to your server, a requirement when you cannot know the address of your proxy (e.g. if using Rackspace balancers).\nThe \u0026ldquo;**\u0026rdquo; character is syntactic sugar within TrustedProxy to trust not just any proxy that connects directly to your server, but also proxies that connect to those proxies, and all the way back until you reach the original source IP. It will mean that $request-\u0026gt;getClientIp() always gets the originating client IP, no matter how many proxies that client\u0026rsquo;s request has subsequently passed through.\nDefaults to \u0026quot;*\u0026quot;.\nWEBSOCKETS [link] (Not listed on Admin \u0026gt; Diagnostics.)\nDASHBOARD SETTINGS [link] (Not listed on Admin \u0026gt; Diagnostics.) You can configure the dashboard settings from here.\nLARAVEL_WEBSOCKETS_PORT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to 6001.\nLARAVEL_WEBSOCKETS_DOMAIN [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;\u0026quot;.\nLARAVEL_WEBSOCKETS_PATH [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;laravel-websockets\u0026quot;.\nAPPLICATIONS REPOSITORY [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPUSHER_APP_ID [link] (Not listed on Admin \u0026gt; Diagnostics.) See PUSHER.\nAPP_NAME [link] (Not listed on Admin \u0026gt; Diagnostics.) See APP.\nPUSHER_APP_HOST [link] (Not listed on Admin \u0026gt; Diagnostics.)\nPUSHER_APP_KEY [link] (Not listed on Admin \u0026gt; Diagnostics.) See PUSHER.\nPUSHER_APP_SECRET [link] (Not listed on Admin \u0026gt; Diagnostics.) See PUSHER.\nPUSHER_APP_PATH [link] (Not listed on Admin \u0026gt; Diagnostics.)\nBROADCASTING REPLICATION PUBSUB [link] (Not listed on Admin \u0026gt; Diagnostics.) You can enable replication to publish and subscribe to messages across the driver.\nBy default, it is set to \u0026quot;local\u0026quot;, but you can configure it to use drivers like Redis to ensure connection between multiple instances of WebSocket servers. Just set the driver to \u0026quot;redis\u0026quot; to enable the PubSub using Redis.\nWEBSOCKETS_REPLICATION_MODE [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to \u0026quot;local\u0026quot;.\nWEBSOCKETS_REDIS_REPLICATION_CONNECTION [link] (Not listed on Admin \u0026gt; Diagnostics.) See REDIS. Defaults to \u0026quot;default\u0026quot;.\nSSL CONFIGURATION [link] (Not listed on Admin \u0026gt; Diagnostics.) By default, the configuration allows only on HTTP. For SSL, you need to set up the the certificate, the key, and optionally, the passphrase for the private key. You will need to restart the server for the settings to take place.\nLARAVEL_WEBSOCKETS_SSL_LOCAL_CERT [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to null.\nLARAVEL_WEBSOCKETS_SSL_CA [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to null.\nLARAVEL_WEBSOCKETS_SSL_LOCAL_PK [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to null.\nLARAVEL_WEBSOCKETS_SSL_PASSPHRASE [link] (Not listed on Admin \u0026gt; Diagnostics.) Defaults to null.\n","href":"https://docs.pixelfed.org/technical-documentation/config/","title":"Configuration"},{"content":" Assumptions [link] These instructions will install Pixelfed with the following:\nNginx (instead of Apache) MariaDB (instead of PostgreSQL) PHP-FPM (latest version) Redis and PHP-FPM running via sockets instead of TCP (same machine) pixelfed user for running Horizon queues, http user for running web processes (Arch default) Repo cloned at /srv/http/pixelfed No other sites/services running on this machine Preparing a machine [link] You will need a machine running Arch Linux with access to the root account.\nLogin as root. Create the pixelfed user and group: useradd -rU -s /bin/bash -d /srv/http/pixelfed pixelfed Install dependencies: pacman -S --needed nginx mariadb redis git php-fpm php-intl php-gd php-imagick php-redis composer jpegoptim optipng pngquant imagemagick ffmpeg unzip certbot certbot-nginx Setup database. During mysql_secure_installation, hit Enter to use the default options. Make sure to set a password for the SQL user root (as by default, there is no password). mysql_install_db --user=mysql --basedir=/usr --datadir=/var/lib/mysql systemctl enable --now mariadb mysql_secure_installation mysql -u root -p create database pixelfed; grant all privileges on pixelfed.* to \u0026#39;pixelfed\u0026#39;@\u0026#39;localhost\u0026#39; identified by \u0026#39;strong_password\u0026#39;; flush privileges; exit Edit /etc/php/php.ini and uncomment the following lines: extension=bcmath extension=exif extension=gd extension=iconv extension=intl extension=mysqli extension=pdo_mysql Edit the following lines to your desired upload limits:\npost_max_size = 8M upload_max_filesize = 2M max_file_uploads = 20 Edit /etc/php/conf.d/imagick.ini and uncomment:\nextension=imagick Edit /etc/php/conf.d/redis.ini and uncomment:\nextension=redis Edit /etc/php/conf.d/igbinary.ini and uncomment:\nextension=igbinary Create a PHP-FPM pool for Pixelfed:\ncd /etc/php/php-fpm.d/ cp www.conf pixelfed.conf $EDITOR pixelfed.conf Make the following changes to the PHP-FPM pool:\n; use the username of the app-user as the pool name, e.g. pixelfed [pixelfed] user = pixelfed group = pixelfed ; to use a tcp socket, e.g. if running php-fpm on a different machine than your app: ; (note that the port 9001 is used, since php-fpm defaults to running on port 9000;) ; (however, the port can be whatever you want) ; listen = 127.0.0.1:9001; ; but it\u0026#39;s better to use a socket if you\u0026#39;re running locally on the same machine: listen = /run/php-fpm/pixelfed.sock listen.owner = http listen.group = http listen.mode = 0660 [...] Edit /etc/redis.conf and edit the following lines: port 6379 # change this to \u0026#34;port 0\u0026#34; to disable network packets unixsocket /run/redis/redis.sock # unixsocketperm 770 # give permission to \u0026#34;redis\u0026#34; user and group Edit /etc/nginx/nginx.conf: worker_processes 1; # change to auto, or 1 x your CPU cores, but 1 is enough events { worker_connections 1024; # 512-1024 is fine for a small site, but you may want to use up to 10k or more, if running in production with many users } http { # [...] client_max_body_size 9m; # add this line to configure client upload file size gzip on; # uncomment this line server { # delete this entire block # [...] } include /srv/http/pixelfed/nginx.conf; # we will make this file later } Generate SSL cert:\nmkdir /etc/nginx/ssl openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/server.key -out /etc/nginx/ssl/server.crt Add users to groups: usermod -aG redis pixelfed # give app user access to redis for queues Enable services: systemctl enable {nginx,redis,php-fpm} systemctl start {redis,php-fpm} # nginx will fail if started now Pixelfed setup [link] Clone the repo: cd /srv/http git clone -b dev https://github.com/pixelfed/pixelfed.git pixelfed Setup environment variables and nginx: cd pixelfed cp contrib/nginx.conf nginx.conf $EDITOR nginx.conf ## in particular, set: ### - the correct domain name ### - client_max_body_size to your desired upload limit ### - fastcgi_pass correct path (e.g. unix:/run/php-fpm/pixelfed.sock;) cp .env.example .env $EDITOR .env ## in particular, set: ### DB_SOCKET = /run/mysqld/mysqld.sock ### ### REDIS_HOST = /run/redis/redis.sock ### REDIS_PORT = null ### ### IMAGE_DRIVER = imagick $EDITOR config/database.php ## change predis to phpredis Create the following file at /etc/systemd/system/pixelfed.service: [Unit] Description=Pixelfed task queueing via Laravel Horizon After=network.target Requires=mariadb Requires=php-fpm Requires=redis Requires=nginx [Service] Type=simple ExecStart=/usr/bin/php /srv/http/pixelfed/artisan horizon User=pixelfed Restart=on-failure [Install] WantedBy=multi-user.target Set permissions: chown -R pixelfed:pixelfed . find . -type d -exec chmod 755 {} \\; find . -type f -exec chmod 644 {} \\; Switch to the pixelfed user: su - pixelfed Deploy: $EDITOR composer.json ## change require php to \u0026gt;= instead of ^ ## remove beyondcode/laravel-self-diagnosis ## change league/iso3166 to \u0026gt;= instead of ^ ## change spatie/laravel-image-optimizer to \u0026gt;= instead of ^ ## change laravel/ui to \u0026gt;= instead of ^ composer update composer install --no-ansi --no-interaction --no-progress --no-scripts --optimize-autoloader php artisan key:generate php artisan storage:link php artisan horizon:install php artisan horizon:publish php artisan migrate --force Optionally, use cache [NOTE: if you run these commands, you will need to run them every time you change .env or update Pixelfed]:\nphp artisan config:cache php artisan route:cache php artisan view:cache Import Places data:\nphp artisan import:cities Start web server and Horizon task queue: exit systemctl enable --now {nginx,pixelfed} ","href":"https://docs.pixelfed.org/install-guides/arch/","title":"Deploying Pixelfed on Arch Linux"}]
|
