From b723ee73fc7d74fd5908eb09a8f6b98e73597c2b Mon Sep 17 00:00:00 2001 From: Valentin Ouvrard Date: Wed, 12 Apr 2017 01:04:56 +1100 Subject: [PATCH] Add (commented) volume in docker-compose && Mitigating the HTTPoxy Vulnerability (#1253) * enable commented volume in docker-compose.yml * Disable unworking Nginx root directory && Mitigating the HTTPoxy Vulnerability * add my instance to the list * enable GZIP on nginx.conf * readd root /home/mastodon/live/public; --- docker-compose.yml | 11 +++++++++++ docs/Running-Mastodon/Production-guide.md | 14 ++++++++++++-- docs/Using-Mastodon/List-of-Mastodon-instances.md | 2 +- 3 files changed, 24 insertions(+), 3 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index d6ba66dde..910bf8cfe 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,11 +1,20 @@ version: '2' services: + db: restart: always image: postgres:alpine +### Uncomment to enable DB persistance +# volumes: +# - ./postgres:/var/lib/postgresql/data + redis: restart: always image: redis:alpine +### Uncomment to enable REDIS persistance +# volumes: +# - ./redis:/data + web: restart: always build: . @@ -19,6 +28,7 @@ services: volumes: - ./public/assets:/mastodon/public/assets - ./public/system:/mastodon/public/system + streaming: restart: always build: . @@ -29,6 +39,7 @@ services: depends_on: - db - redis + sidekiq: restart: always build: . diff --git a/docs/Running-Mastodon/Production-guide.md b/docs/Running-Mastodon/Production-guide.md index ec67a452c..49f3e59b2 100644 --- a/docs/Running-Mastodon/Production-guide.md +++ b/docs/Running-Mastodon/Production-guide.md @@ -34,10 +34,19 @@ server { keepalive_timeout 70; sendfile on; client_max_body_size 0; - gzip off; root /home/mastodon/live/public; + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; location / { @@ -49,7 +58,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; - + proxy_set_header Proxy ""; proxy_pass_header Server; proxy_pass http://localhost:3000; @@ -67,6 +76,7 @@ server { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; + proxy_set_header Proxy ""; proxy_pass http://localhost:4000; proxy_buffering off; diff --git a/docs/Using-Mastodon/List-of-Mastodon-instances.md b/docs/Using-Mastodon/List-of-Mastodon-instances.md index db35edb1a..49b2c2012 100644 --- a/docs/Using-Mastodon/List-of-Mastodon-instances.md +++ b/docs/Using-Mastodon/List-of-Mastodon-instances.md @@ -76,7 +76,7 @@ There is also a list at [instances.mastodon.xyz](https://instances.mastodon.xyz) | [mastodon.fun](https://mastodon.fun/)|Mastodon for everyone ! |Yes|Yes| | [oulipo.social](https://oulipo.social/)|An Oulipo Mastodon in which that fifth symbol in Latin script is taboo|Yes|No| | [indigo.zone](https://indigo.zone)|Open Registrations, General Purpose|Yes|No| +| [mastodon.cloud](https://mastodon.cloud)|An open Mastodon instance with people from all around the world|Yes|Yes| | [mst3k.interlinked.me](https://mst3k.interlinked.me)|Open registrations, general purpose|Yes|Yes| - We are no longer maintaining this list as instances are popping up too quickly for using GitHub to be a tenable system for tracking them. Please standby while we work on another solution