• pixelfed
  • is under heavy development, so it’s imho still beta
  • this howto is unfinished, because pixelfed setup is too complicated and (sorry) author dansup ignored UNIX KISS principles so the project seems to be a wee bit messy
    • maybe this fork works better https://github.com/pixelfed-glitch/pixelfed.git
    • https://pixelfed-glitch.github.io/docs/running-pixelfed/docker/installation.html
  • [+] open source (PHP + Laravel)  AGPL licenced (hopefully FOREVER)
    
    •  a bix of a confusing mix Shell 1.2% Blade 13.5%  PHP 52.8%  Vue 32.1%
  • [+] decentralized (?)
  • [+] great name
  • [+] nice logo
  • [+] nice website (all the marketing checks out)
  • [?] kickstarter already collected 80T from 30T goal (#wtf)
  • [?] there is an android app but untested the quality
  • [-] setup of a pixelfed server is WAY to complicated
  • [-] nginx + php setup is also WAY to complicated
    • [-] it is “recommended” to setup pixelfed as ready2go docker container, while this sounds “great” it has distinctive disadvantages:
      • [-] 1. despite beeing mostly PHP pixelfed can (unlike wordpress for example) not be setup and run anymore on hosted webspaces 🙁 but only on vms (vps) not only increasing costs but also complexity
      • [-] 2. requires a reverse-http(s)-proxy further increasing complexity maintenance overhead and attack surface please read UNIX KISS
  • [-] mysql setup just has become MORE complicated “hurray” X-D
    • mysql_secure_installation; # was removed “smart” move, now more manual steps are required “hurray”
  • questions go to: https://github.com/pixelfed/pixelfed/discussions
  • maybe this helps https://www.youtube.com/watch?v=K-Zmgt6KtzI
  • first setup Debian 13 (YES it HAS to be 13 because Laravel complains wants to have AT LEAST php 8.3 and Debian 13 comes with php 8.4) as virtual machine (so the user can snapshot after every bit of success)
  • all valus in red needs to be double checked or modified

hostnamectl; # tested on 
  Virtualization: kvm
Operating System: Debian (13) GNU/Linux trixie/sid         
          Kernel: Linux 6.12.11-amd64
    Architecture: x86-64

# setup ssh
# on the vm
su - root
apt install ssh

# via client: upload ssh public key to server
ssh-copy-id user@192.168.122.52

# login
ssh -v user@192.168.122.52

su - root

# make life easier with ll shortcut
echo 'alias ll="ls -lah --color"' >> /etc/bash.bashrc

apt -y install git sudo vim
# WARNING! THIS MIGHT BE A SECURITY RISK
# BUT IT GREATLY SPEEDS UP THE SETUP PROCESS X-D
# as user avoids entering root pwd 1000x times
# MAKE SURE TO DELETE THIS LINE AGAIN AFTER SETUP IS DONE
echo "user ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers

# make sure hostname is correct like domainname.com
vim /etc/hostname

reboot
apt -y install nginx; # install nginx webserver
usermod -s /bin/bash www-data; # allow default nginx user www-data to login (for testing)
apt -y install mariadb-server; # install mysql database

rm -rf /var/www/html/*; # clean the web root
# the new webroot will be /var/www/html/public?

# modify nginx config /etc/nginx/sites-available/default 
# do this only if ipv6 is disabled or not available:
sed -i 's/listen \[::\]:80 default_server;/# listen [::\]:80 default_server;/g' /etc/nginx/sites-available/default; # if ipv6 is disabled, it needs to be disabled in nginx config as well or it wont start

# make nginx recognize index.php
sed -i 's/index index\.html index\.htm index\.nginx-debian\.html;/index index\.html index\.htm index\.nginx-debian\.html index.php;/g' /etc/nginx/sites-available/default; # make php work

apt search php|grep cgi; # check what is the latest php fastcgi
apt -y install php-fpm php-mysql

vim /etc/nginx/sites-available/default; # config nginx

server {
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

        listen 80 default_server;
#       listen [::]:80 default_server;

        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;

        root /var/www/html/public;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm;
        # index index.html index.htm index.nginx-debian.html index.php;

        server_name _;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }

        # pass PHP scripts to FastCGI server
        # ChatGPT recommendation, because nginx config (seriously) is a confusing mess
        location ~ \.php$ {
           include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/var/run/php/php8.4-fpm.sock; # the version needs to match installed php version
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;
        }
        # location ~ \.php$ {
        #       include snippets/fastcgi-php.conf;
        #
        #       # With php-fpm (or other unix sockets):
        #       # fastcgi_pass unix:/run/php/php8.2-fpm.sock;
        #       # With php-cgi (or other tcp sockets):
        #       fastcgi_pass 127.0.0.1:9000;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        location ~ /\.ht {
                deny all;
        }
}

# as root loginto mysql
mysql -u root

ALTER USER 'root'@'localhost' IDENTIFIED BY 'SuperSecretPassword';

-- Remove anonymous users
DELETE FROM mysql.user WHERE User='';

-- Remove the test database
DROP DATABASE IF EXISTS test;
FLUSH PRIVILEGES;
exit;

systemctl restart mysql

mysql -u root -p; # optional: to relogin now the above SuperSecretPassword is required

systemctl enable nginx; # make it autostart
systemctl enable mysql; # make it autostart

nginx -t; # test if config is ok
systemctl restart nginx; # restart to make sure config changes are accepted

echo '<?php phpinfo();' > /var/www/html/info.php; # create testfile, to test if php+nginx work together or not

# make sure user www-data has access to files /var/www/html
chown -R www-data:www-data /var/www/html/;

find /var/www/html/ -type d -exec chmod 755 {} \;
find /var/www/html/ -type f -exec chmod 644 {} \;

ip -c a; # what ip does server have?

# while running this mon all logs script as root

# if php + nginx work together this show the php info page
# that also shows what php.ini config file is the one to use
http://192.168.122.52/info.php



# now DEFINATELY powerdown the vm and snapshot it like "nginx_php_works"

# download "install" pixelfed into /var/www/html, it comes with dir public
git clone -b dev https://github.com/pixelfed/pixelfed.git /var/www/html
# install more packages, required by pixelfed
apt install -y php-gd php-bcmath php-ctype php-curl php-exif php-iconv php-intl php-json  php-imagick php-json php-mbstring php-tokenizer php-xml php-zip php-mysql php-fpm

# install more packages, required by pixelfed
apt install -y php-redis ffmpeg redis git libgl-dev gcc libc6-dev libjpeg-dev  make jpegoptim optipng pngquant graphicsmagick gifsicle composer zip unzip

# create new database user 'pixelfed'
mysql -u root -p
CREATE DATABASE pixelfed;
CREATE USER 'pixelfed'@'localhost' IDENTIFIED BY 'SuperSecretPassword';
GRANT ALL PRIVILEGES ON pixelfed.* TO 'pixelfed'@'localhost';
FLUSH PRIVILEGES;
EXIT

# modify php config file, to allow bigger filesize uploads (64MByte files)
sed -i 's/post_max_size = [0-9]\+M/post_max_size = 65M/' /etc/php/8.4/fpm/php.ini;
sed -i 's/upload_max_filesize = [0-9]\+M/upload_max_filesize = 64M/' /etc/php/8.4/fpm/php.ini;
sed -i 's/max_execution_time = 30/max_execution_time = 300/' /etc/php/8.4/fpm/php.ini;

# install EVEN more packages, required by pixelfed
apt -y install snapd
snap install core

# powerdown the vm snapshot "pre_config_pixelfed_a_lot_of_weird_dependencies_installed"
su - www-data; # become that user
cd /var/www/html

# run some strange php package manager
composer install --no-ansi --no-interaction --optimize-autoloader

cp -v .env.example .env

# make mysql pwd known to pixelfed via this .env config file
sed -i 's/DB_PASSWORD="pixelfed"/DB_PASSWORD="SuperSecretPassword"/' /var/www/html/.env

# for test instance, optional, not optional for real-life-usage aka for production installation also modify those values
vim .env
APP_NAME="Pixelfed Test"
APP_URL=http://192.168.122.52
APP_DOMAIN="192.168.122.52"
ADMIN_DOMAIN="192.168.122.52"
SESSION_DOMAIN="192.168.122.52"
TRUST_PROXIES="*"

php artisan key:generate
# it should show
   INFO  Application key set successfully.  

php artisan storage:link

# migrate the database (sure why not right?)
php artisan migrate --force;

# import the city data set to enable support for location data, guess that's what it takes
php artisan import:cities;

# cache the Pixelfed routes and views to allow for better performance.
php artisan route:cache;
php artisan view:cache;
php artisan config:cache;
php artisan horizon:install;
php artisan horizon:publish;
# too bad, whatever this means
   WARN  Horizon no longer publishes its assets. You may stop calling the `horizon:publish` command.  

# make sure it's there and works
/usr/bin/php --version;
PHP 8.4.3 (cli) (built: Jan 19 2025 13:35:15) (NTS)

# test run
/usr/bin/php /var/www/html/artisan schedule:run;
   INFO  No scheduled commands are ready to run.  

# enable some maintenance routine
crontab -e
# insert, this will run every minute
* * * * * /usr/bin/php /var/www/html/artisan schedule:run >> /dev/null 2>&1

sudo bash; # become root
# create some systemd startup file
echo '[Unit]' > /etc/systemd/system/pixelfed.service;
echo 'Description=Pixelfed task queueing via Laravel Horizon' >> /etc/systemd/system/pixelfed.service;
echo 'After=network.target' >> /etc/systemd/system/pixelfed.service;
echo 'Requires=mariadb' >> /etc/systemd/system/pixelfed.service;
echo 'Requires=php-fpm' >> /etc/systemd/system/pixelfed.service;
echo 'Requires=redis' >> /etc/systemd/system/pixelfed.service;
echo 'Requires=nginx' >> /etc/systemd/system/pixelfed.service;
echo '' >> /etc/systemd/system/pixelfed.service;
echo '[Service]' >> /etc/systemd/system/pixelfed.service;
echo 'Type=simple' >> /etc/systemd/system/pixelfed.service;
echo 'ExecStart=/usr/bin/php /var/www/html/artisan horizon' >> /etc/systemd/system/pixelfed.service;
echo 'Restart=on-failure' >> /etc/systemd/system/pixelfed.service;
echo '' >> /etc/systemd/system/pixelfed.service;
echo '[Install]' >> /etc/systemd/system/pixelfed.service;
echo 'WantedBy=multi-user.target' >> /etc/systemd/system/pixelfed.service;

systemctl enable --now pixelfed; # enable the file
Created symlink '/etc/systemd/system/multi-user.target.wants/pixelfed.service' → '/etc/systemd/system/pixelfed.service'.

# test if it works
systemctl restart pixelfed.service;
systemctl status  pixelfed.service;

# looking good
pixelfed.service - Pixelfed task queueing via Laravel Horizon
     Loaded: loaded (/etc/systemd/system/pixelfed.service; enabled; preset: enabled)
     Active: active (running) since Sat 2025-02-08 19:32:42 EST; 7ms ago

# reating a new pixelfed admin user
su - www-data
cd /var/www/html
php artisan user:create
 Name:
 > admin
 Username:
 > admin
 Email:
 > admin@pixelfed.org
 Password:
 > 
 Confirm Password:
 > 
 Make this user an admin? (yes/no) [no]:
 > yes
 Manually verify email address? (yes/no) [no]:
 > 
 Are you sure you want to create this user? (yes/no) [no]:
 > yes
Created new user!

# what does the highly skilled GNU Linux admin user get for all this mambojambo?



# tidy up and tighten security again!!!
vim /etc/sudoers
# delete this line
echo "user ALL=(ALL) NOPASSWD: ALL"
usermod -s /usr/sbin/nologin www-data; # block default nginx user www-data to ssh login (for testing)
apt remove sudo

fed up with the pixelfed?

scroll down on this article and get a #mastodon account (FEDIVERSE!)

https://joinmastodon.org/servers

links

• search the web for better howtos
• to also completely unfinished not anymore up to date and confusing howtos
• https://www.linode.com/docs/guides/how-to-install-pixelfed/
• https://pixelfed.github.io/docs-next/running-pixelfed/installation.html
• https://mattedwards.org/2022/02/setup-pixelfed-using-docker/
• https://pixelfed-glitch.github.io/docs/running-pixelfed/docker/installation.html
• https://artectrex.eu/pixelfed-docker/
• https://github.com/pixelfedocker/pixelfed-docker/blob/main/docs/01-core-setup.md
• https://jippi.github.io/docker-pixelfed/installation/guide/#check-system-requirements
• https://wiki.calculate-linux.org/pixelfed
• https://pixelfed-glitch.github.io/docs/running-pixelfed/docker/prerequisites.html

pixelfed

says it adhers to: https://respectfulplatforms.org/ (hopefully FOREVER)

Digital Platform Charter of Rights

A declaration of fundamental rights and principles for ethical digital platforms, ensuring privacy, dignity, and fairness in online spaces.

 

 

liked this article?

• only together we can create a truly free world
• plz support dwaves to keep it up & running!
• (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
• really really hate advertisement
• contribute: whenever a solution was found, blog about it for others to find!
• talk about, recommend & link to this blog and articles
• thanks to all who contribute!