MisskeyのMediaProxyを建てる

Posted on Wed 29 November 2023 in 雑書き

メモ書き程度に

環境: debian 12

sudo apt install libjemalloc2 -y
sudo adduser --disabled-password --gecos "" misskey
sudo -iu misskey
git clone https://github.com/nodenv/nodenv.git /home/misskey/.nodenv
echo 'export PATH="$HOME/.nodenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(nodenv init -)"' >> ~/.bashrc
source ~/.bashrc
git clone https://github.com/nodenv/node-build.git $(nodenv root)/plugins/node-build
git clone https://github.com/nodenv/nodenv-update.git /home/misskey/.nodenv/plugins/nodenv-update
git clone https://github.com/MisskeyIO/media-proxy.git
cd media-proxy
nodenv install 20.10.0
nodenv global 20.10.0
source ~/.bashrc
npm install -g pnpm
source ~/.bashrc
cd media-proxy
pnpm install
pnpm build
cat <<'EOF' > ./config.js
import { readFileSync } from 'node:fs';
const repo = JSON.parse(readFileSync('./package.json', 'utf8'));
export default {
    // UA
    userAgent: `MisskeyMediaProxy/${repo.version}`,
    // プライベートネットワークでも許可するIP CIDRdefault.ymlと同じ
    allowedPrivateNetworks: [],
    // ダウンロードするファイルの最大サイズ (bytes)
    maxSize: 262144000,
    // CORS
    'Access-Control-Allow-Origin': '*',
    'Access-Control-Allow-Headers': '*',
    // CSP
    'Content-Security-Policy': `default-src 'none'; img-src 'self'; media-src 'self'; style-src 'unsafe-inline'`,
    // フォワードプロキシ
    // proxy: 'http://127.0.0.1:3128'
}
EOF
exit
cat <<'EOF' > /etc/systemd/system/misskey-proxy.service
[Unit]
Description=Misskey Media Proxy

[Service]
Type=simple
User=misskey
ExecStart=/usr/bin/npm start
WorkingDirectory=/home/misskey/media-proxy
Environment="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2"
Environment="NODE_ENV=production"
Environment="PORT=3000"
TimeoutSec=60
StandardOutput=journal
StandardError=journal
SyslogIdentifier=media-proxy
Restart=always

[Install]
WantedBy=multi-user.target
EOF
sudo systemctl daemon-reload
sudo systemctl enable --now misskey-proxy