Neocities install on groups.friendrewind.com

DNS
Create an A record: groups.friendrewind.com -> your VPS IP
Packages (AlmaLinux 9)
dnf -y install git ruby ruby-devel @development-tools postgresql-server postgresql-devel redis ImageMagick optipng jpegoptim pngquant libwebp-tools
systemctl enable --now redis
postgresql-setup --initdb
systemctl enable --now postgresql
ruby -v && gem install bundler
PostgreSQL user/db
sudo -u postgres psql -c "CREATE USER neocities WITH PASSWORD '1b3aabd015d2dd41';"
sudo -u postgres psql -c "CREATE DATABASE neocities_prod OWNER neocities;"
Clone Neocities
useradd -m -r -s /sbin/nologin neocitiesmkdir -p /srv/neocities && chown -R neocities:neocities /srv/neocitiessudo -u neocities bash -lc 'git clone https://github.com/neocities/neocities.git /srv/neocities && cd /srv/neocities && bundle install'
Neocities config.yml (production)
production:
  database: 'postgres://neocities:1b3aabd015d2dd41@localhost/neocities_prod'
  database_pool: 10
  redis_url: 'redis://127.0.0.1:6379/0'
  session_secret: 'XcZmWrJIlQZ7F1HgnWqh0ESR6VX_P0qEqsm6fKFbrhU'
  hcaptcha_site_key: ''
  hcaptcha_secret_key: ''
  ip_hash_salt: 'changeme'
  email_unsubscribe_token: 'changeme'
Copy SSO helper into Neocities
cp /home/def3ct1/public_html/groups.friendrewind.com//templates/neocities/fr_sso.rb /srv/neocities/fr_sso.rb
# Then edit /srv/neocities/config.ru and add after require './app.rb':
# require './fr_sso'
Systemd units
cp /home/def3ct1/public_html/groups.friendrewind.com//templates/systemd_neocities_puma.service /etc/systemd/system/neocities-puma.service
cp /home/def3ct1/public_html/groups.friendrewind.com//templates/systemd_neocities_sidekiq.service /etc/systemd/system/neocities-sidekiq.service
sed -i 's#WORKDIR#/srv/neocities#g' /etc/systemd/system/neocities-puma.service /etc/systemd/system/neocities-sidekiq.service
sed -i 's#RUNAS#neocities#g' /etc/systemd/system/neocities-puma.service /etc/systemd/system/neocities-sidekiq.service
systemctl daemon-reload
systemctl enable --now neocities-puma neocities-sidekiq
Env vars (shared SSO secret)
cat >/etc/systemd/system/neocities.env <

    
Web server: Nginx or Apache

    
# Nginx
cp /home/def3ct1/public_html/groups.friendrewind.com//templates/nginx_groups_friendrewind.conf /etc/nginx/conf.d/groups.friendrewind.com.conf
sed -i 's#GROUPS_DOMAIN#groups.friendrewind.com#g' /etc/nginx/conf.d/groups.friendrewind.com.conf
nginx -t && systemctl reload nginx

# Apache
cp /home/def3ct1/public_html/groups.friendrewind.com//templates/apache_groups_friendrewind.conf /etc/httpd/conf.d/groups.friendrewind.com.conf
sed -i 's#GROUPS_DOMAIN#groups.friendrewind.com#g' /etc/httpd/conf.d/groups.friendrewind.com.conf
systemctl reload httpd


    
Main site: expose FR_SSO_SECRET to PHP

    
# Option A (recommended): in FriendRewind root .htaccess
SetEnv FR_SSO_SECRET e2a986d4ae27ebc3b77385157243ce79aae94963fd0a7dee
# Option B: set FR_SSO_SECRET in PHP-FPM pool env (cPanel/WHM) and restart PHP-FPM
What this does
- Keep all helper and template files under groups.friendrewind.com (this folder)
- Neocities runs as a separate Ruby app proxied by web server
- FR SSO cookie lets users auto-sign-in on first visit to groups