From 3f8d68bdf3224cd6023b3d7f8e64221222872820 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Sat, 16 May 2020 15:16:33 +0300 Subject: added example cache purge script --- installation/nginx-cache-purge.example | 39 ++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100755 installation/nginx-cache-purge.example (limited to 'installation') diff --git a/installation/nginx-cache-purge.example b/installation/nginx-cache-purge.example new file mode 100755 index 000000000..12dfa733c --- /dev/null +++ b/installation/nginx-cache-purge.example @@ -0,0 +1,39 @@ +#!/bin/bash + +# A simple Bash script to delete an media from the Nginx cache. + +SCRIPTNAME=${0##*/} + +# NGINX cache directory +CACHE_DIRECTORY="/tmp/pleroma-media-cache" + +function get_cache_files() { + local max_parallel=${3-16} + find $2 -maxdepth 1 -type d | xargs -P $max_parallel -n 1 grep -ERl "^KEY:.*$1" | sort -u +} + +function purge_item() { + local cache_files + cache_files=$(get_cache_files "$1" "$2") + + if [ -n "$cache_files" ]; then + for i in $cache_files; do + [ -f $i ] || continue + echo "Deleting $i from $2." + rm $i + done + else + echo "$1 is not cached." + fi +} + +function purge() { + for url in "$@" + do + echo "$SCRIPTNAME delete $url from cache ($CACHE_DIRECTORY)" + purge_item $url $CACHE_DIRECTORY + done + +} + +purge $1 -- cgit v1.2.3 From b5b9d161cddd1b6650cde00cf0f3cbf56ab7a4a3 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Wed, 20 May 2020 06:56:04 +0300 Subject: update purge script --- installation/nginx-cache-purge.example | 39 ------------------------------ installation/nginx-cache-purge.sh.example | 40 +++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 39 deletions(-) delete mode 100755 installation/nginx-cache-purge.example create mode 100755 installation/nginx-cache-purge.sh.example (limited to 'installation') diff --git a/installation/nginx-cache-purge.example b/installation/nginx-cache-purge.example deleted file mode 100755 index 12dfa733c..000000000 --- a/installation/nginx-cache-purge.example +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash - -# A simple Bash script to delete an media from the Nginx cache. - -SCRIPTNAME=${0##*/} - -# NGINX cache directory -CACHE_DIRECTORY="/tmp/pleroma-media-cache" - -function get_cache_files() { - local max_parallel=${3-16} - find $2 -maxdepth 1 -type d | xargs -P $max_parallel -n 1 grep -ERl "^KEY:.*$1" | sort -u -} - -function purge_item() { - local cache_files - cache_files=$(get_cache_files "$1" "$2") - - if [ -n "$cache_files" ]; then - for i in $cache_files; do - [ -f $i ] || continue - echo "Deleting $i from $2." - rm $i - done - else - echo "$1 is not cached." - fi -} - -function purge() { - for url in "$@" - do - echo "$SCRIPTNAME delete $url from cache ($CACHE_DIRECTORY)" - purge_item $url $CACHE_DIRECTORY - done - -} - -purge $1 diff --git a/installation/nginx-cache-purge.sh.example b/installation/nginx-cache-purge.sh.example new file mode 100755 index 000000000..aaa195324 --- /dev/null +++ b/installation/nginx-cache-purge.sh.example @@ -0,0 +1,40 @@ +#!/bin/sh + +# A simple shell script to delete a media from the Nginx cache. + +SCRIPTNAME=${0##*/} + +# NGINX cache directory +CACHE_DIRECTORY="/tmp/pleroma-media-cache" + +## Return the files where the items are cached. +## $1 - the filename, can be a pattern . +## $2 - the cache directory. +## $3 - (optional) the number of parallel processes to run for grep. +get_cache_files() { + local max_parallel=${3-16} + find $2 -maxdepth 2 -type d | xargs -P $max_parallel -n 1 grep -ERl "^KEY:.*$1" | sort -u +} + +## Removes an item from the given cache zone. +## $1 - the filename, can be a pattern . +## $2 - the cache directory. +purge_item() { + for f in $(get_cache_files $1 $2); do + echo "found file: $f" + [ -f $f ] || continue + echo "Deleting $f from $2." + rm $f + done +} # purge_item + +purge() { + for url in "$@" + do + echo "$SCRIPTNAME delete \`$url\` from cache ($CACHE_DIRECTORY)" + purge_item $url $CACHE_DIRECTORY + done + +} + +purge $1 -- cgit v1.2.3 From 376147fb828a75b5000262a376cee173bfc98551 Mon Sep 17 00:00:00 2001 From: Maksim Date: Wed, 20 May 2020 04:12:21 +0000 Subject: Apply suggestion to installation/nginx-cache-purge.sh.example --- installation/nginx-cache-purge.sh.example | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'installation') diff --git a/installation/nginx-cache-purge.sh.example b/installation/nginx-cache-purge.sh.example index aaa195324..b2915321c 100755 --- a/installation/nginx-cache-purge.sh.example +++ b/installation/nginx-cache-purge.sh.example @@ -13,7 +13,7 @@ CACHE_DIRECTORY="/tmp/pleroma-media-cache" ## $3 - (optional) the number of parallel processes to run for grep. get_cache_files() { local max_parallel=${3-16} - find $2 -maxdepth 2 -type d | xargs -P $max_parallel -n 1 grep -ERl "^KEY:.*$1" | sort -u + find $2 -maxdepth 2 -type d | xargs -P $max_parallel -n 1 grep -E Rl "^KEY:.*$1" | sort -u } ## Removes an item from the given cache zone. -- cgit v1.2.3 From 122328b93a708e396b5c0cd1930a4b759e7b7db6 Mon Sep 17 00:00:00 2001 From: normandy Date: Fri, 12 Jun 2020 01:41:09 +0000 Subject: Update pleroma.nginx to support TLSv1.3 Based on SSL config from https://ssl-config.mozilla.org/ --- installation/pleroma.nginx | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) (limited to 'installation') diff --git a/installation/pleroma.nginx b/installation/pleroma.nginx index 688be3e71..d301ca615 100644 --- a/installation/pleroma.nginx +++ b/installation/pleroma.nginx @@ -37,18 +37,17 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - ssl_session_timeout 5m; + ssl_session_timeout 1d; + ssl_session_cache shared:MozSSL:10m; # about 40000 sessions + ssl_session_tickets off; ssl_trusted_certificate /etc/letsencrypt/live/example.tld/chain.pem; ssl_certificate /etc/letsencrypt/live/example.tld/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.tld/privkey.pem; - # Add TLSv1.0 to support older devices - ssl_protocols TLSv1.2; - # Uncomment line below if you want to support older devices (Before Android 4.4.2, IE 8, etc.) - # ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES"; + ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; - ssl_prefer_server_ciphers on; + ssl_prefer_server_ciphers off; # In case of an old server with an OpenSSL version of 1.0.2 or below, # leave only prime256v1 or comment out the following line. ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1; -- cgit v1.2.3 From 2e8a236cef28c0b754aecb04a5c60c3b7655c5a6 Mon Sep 17 00:00:00 2001 From: Maksim Pechnikov Date: Sun, 14 Jun 2020 21:02:57 +0300 Subject: fix invalidates media url's --- installation/nginx-cache-purge.sh.example | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'installation') diff --git a/installation/nginx-cache-purge.sh.example b/installation/nginx-cache-purge.sh.example index b2915321c..5f6cbb128 100755 --- a/installation/nginx-cache-purge.sh.example +++ b/installation/nginx-cache-purge.sh.example @@ -13,7 +13,7 @@ CACHE_DIRECTORY="/tmp/pleroma-media-cache" ## $3 - (optional) the number of parallel processes to run for grep. get_cache_files() { local max_parallel=${3-16} - find $2 -maxdepth 2 -type d | xargs -P $max_parallel -n 1 grep -E Rl "^KEY:.*$1" | sort -u + find $2 -maxdepth 2 -type d | xargs -P $max_parallel -n 1 grep -E -Rl "^KEY:.*$1" | sort -u } ## Removes an item from the given cache zone. @@ -37,4 +37,4 @@ purge() { } -purge $1 +purge $@ -- cgit v1.2.3