diff options
| author | Haelwenn (lanodan) Monnier <contact@hacktivis.me> | 2022-12-23 17:05:05 +0100 |
|---|---|---|
| committer | Haelwenn (lanodan) Monnier <contact@hacktivis.me> | 2022-12-23 17:05:05 +0100 |
| commit | 7d68d64d633a8ba43965a6f93d22cb0ae76027e0 (patch) | |
| tree | 6c00d45be1aa1fe63ffff71bc2153cdff34e104f /installation | |
| parent | d8e326467c30b95c5164f6e29512057dce3c2077 (diff) | |
| parent | 6bce88b9e7876d32ea9146a580454053f0ef3790 (diff) | |
| download | pleroma-7d68d64d633a8ba43965a6f93d22cb0ae76027e0.tar.gz pleroma-7d68d64d633a8ba43965a6f93d22cb0ae76027e0.zip | |
Merge back 2.4.5
Diffstat (limited to 'installation')
| -rw-r--r-- | installation/caddyfile-pleroma.example | 31 | ||||
| -rwxr-xr-x | installation/download-mastofe-build.sh | 48 | ||||
| -rwxr-xr-x | installation/pleroma-mongooseim.cfg | 2 | ||||
| -rw-r--r-- | installation/pleroma.nginx | 13 | ||||
| -rw-r--r-- | installation/pleroma.vcl | 41 |
5 files changed, 24 insertions, 111 deletions
diff --git a/installation/caddyfile-pleroma.example b/installation/caddyfile-pleroma.example index 7985d9c67..cc7dda011 100644 --- a/installation/caddyfile-pleroma.example +++ b/installation/caddyfile-pleroma.example @@ -5,34 +5,13 @@ # 2. Copy this section into your Caddyfile and restart Caddy. example.tld { - log /var/log/caddy/pleroma_access.log - errors /var/log/caddy/pleroma_error.log + log { + output file /var/log/caddy/pleroma.log + } - gzip + encode gzip # this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only # and `localhost.` resolves to [::0] on some systems: see issue #930 - proxy / 127.0.0.1:4000 { - websocket - transparent - } - - tls { - # Remove the rest of the lines in here, if you want to support older devices - key_type p256 - ciphers ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 - } - - # If you do not want to use the mediaproxy function, remove these lines. - # To use this directive, you need the http.cache plugin for Caddy. - cache { - match_path /media - default_max_age 720m - } - - cache { - match_path /proxy - default_max_age 720m - } - # Stop removing lines here. + reverse_proxy 127.0.0.1:4000 } diff --git a/installation/download-mastofe-build.sh b/installation/download-mastofe-build.sh deleted file mode 100755 index ee353c48c..000000000 --- a/installation/download-mastofe-build.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/sh -# Pleroma: A lightweight social networking server -# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/> -# SPDX-License-Identifier: AGPL-3.0-only -project_id="74" -project_branch="rebase/glitch-soc" -static_dir="instance/static" -# For bundling: -# project_branch="pleroma" -# static_dir="priv/static" - -if [ ! -d "${static_dir}" ] -then - echo "Error: ${static_dir} directory is missing, are you sure you are running this script at the root of pleroma’s repository?" - exit 1 -fi - -last_modified="$(curl --fail -s -I 'https://git.pleroma.social/api/v4/projects/'${project_id}'/jobs/artifacts/'${project_branch}'/download?job=build' | grep '^Last-Modified:' | cut -d: -f2-)" - -echo "branch:${project_branch}" -echo "Last-Modified:${last_modified}" - -artifact="mastofe.zip" - -if [ "${last_modified}x" = "x" ] -then - echo "ERROR: Couldn't get the modification date of the latest build archive, maybe it expired, exiting..." - exit 1 -fi - -if [ -e mastofe.timestamp ] && [ "$(cat mastofe.timestamp)" = "${last_modified}" ] -then - echo "MastoFE is up-to-date, exiting..." - exit 0 -fi - -curl --fail -c - "https://git.pleroma.social/api/v4/projects/${project_id}/jobs/artifacts/${project_branch}/download?job=build" -o "${artifact}" || exit - -# TODO: Update the emoji as well -rm -fr "${static_dir}/sw.js" "${static_dir}/packs" || exit -unzip -q "${artifact}" || exit - -cp public/assets/sw.js "${static_dir}/sw.js" || exit -cp -r public/packs "${static_dir}/packs" || exit - -echo "${last_modified}" > mastofe.timestamp -rm -fr public -rm -i "${artifact}" diff --git a/installation/pleroma-mongooseim.cfg b/installation/pleroma-mongooseim.cfg index 576f83541..3ecba5641 100755 --- a/installation/pleroma-mongooseim.cfg +++ b/installation/pleroma-mongooseim.cfg @@ -466,7 +466,7 @@ %% == PostgreSQL == %% {rdbms, global, default, [{workers, 10}], -%% [{server, {pgsql, "server", 5432, "database", "username", "password"}}]}, +%% [{server, {pgsql, "server", "port", "database", "username", "password"}}]}, %% == ODBC (MSSQL) == %% {rdbms, global, default, [{workers, 10}], diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index 9890cb2b1..273cfb390 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -81,6 +81,19 @@ server { proxy_pass http://phoenix; } + # Uncomment this if you want notice compatibility routes for frontends like Soapbox. + # location ~ ^/@[^/]+/([^/]+)$ { + # proxy_pass http://phoenix/notice/$1; + # } + # + # location ~ ^/@[^/]+/posts/([^/]+)$ { + # proxy_pass http://phoenix/notice/$1; + # } + # + # location ~ ^/[^/]+/status/([^/]+)$ { + # proxy_pass http://phoenix/notice/$1; + # } + location ~ ^/(media|proxy) { proxy_cache pleroma_media_cache; slice 1m; diff --git a/installation/pleroma.vcl b/installation/pleroma.vcl index 4752510ea..4eb2f3cfa 100644 --- a/installation/pleroma.vcl +++ b/installation/pleroma.vcl @@ -1,4 +1,5 @@ # Recommended varnishncsa logging format: '%h %l %u %t "%m %{X-Forwarded-Proto}i://%{Host}i%U%q %H" %s %b "%{Referer}i" "%{User-agent}i"' +# Please use Varnish 7.0+ for proper Range Requests / Chunked encoding support vcl 4.1; import std; @@ -22,11 +23,6 @@ sub vcl_recv { set req.http.X-Forwarded-Proto = "https"; } - # CHUNKED SUPPORT - if (req.http.Range ~ "bytes=") { - set req.http.x-range = req.http.Range; - } - # Pipe if WebSockets request is coming through if (req.http.upgrade ~ "(?i)websocket") { return (pipe); @@ -35,9 +31,9 @@ sub vcl_recv { # Allow purging of the cache if (req.method == "PURGE") { if (!client.ip ~ purge) { - return(synth(405,"Not allowed.")); + return (synth(405,"Not allowed.")); } - return(purge); + return (purge); } } @@ -53,17 +49,11 @@ sub vcl_backend_response { return (retry); } - # CHUNKED SUPPORT - if (bereq.http.x-range ~ "bytes=" && beresp.status == 206) { - set beresp.ttl = 10m; - set beresp.http.CR = beresp.http.content-range; - } - # Bypass cache for large files # 50000000 ~ 50MB if (std.integer(beresp.http.content-length, 0) > 50000000) { set beresp.uncacheable = true; - return(deliver); + return (deliver); } # Don't cache objects that require authentication @@ -94,7 +84,7 @@ sub vcl_synth { if (resp.status == 750) { set resp.status = 301; set resp.http.Location = req.http.x-redir; - return(deliver); + return (deliver); } } @@ -106,25 +96,12 @@ sub vcl_pipe { } } -sub vcl_hash { - # CHUNKED SUPPORT - if (req.http.x-range ~ "bytes=") { - hash_data(req.http.x-range); - unset req.http.Range; - } -} - sub vcl_backend_fetch { # Be more lenient for slow servers on the fediverse if (bereq.url ~ "^/proxy/") { set bereq.first_byte_timeout = 300s; } - # CHUNKED SUPPORT - if (bereq.http.x-range) { - set bereq.http.Range = bereq.http.x-range; - } - if (bereq.retries == 0) { # Clean up the X-Varnish-Backend-503 flag that is used internally # to mark broken backend responses that should be retried. @@ -143,14 +120,6 @@ sub vcl_backend_fetch { } } -sub vcl_deliver { - # CHUNKED SUPPORT - if (resp.http.CR) { - set resp.http.Content-Range = resp.http.CR; - unset resp.http.CR; - } -} - sub vcl_backend_error { # Retry broken backend responses. set bereq.http.X-Varnish-Backend-503 = "1"; |