about summary refs log tree commit diff
path: root/dist
AgeCommit message (Collapse)Author
2021-12-22Add ReadWritePaths directive to service files (#17178)Lerk
* Update mastodon-web.service * Update mastodon-streaming.service * Update mastodon-sidekiq.service
2021-10-25templates/systemd/mastodon: update sandbox mode (#16235)Yurii Izorkin
* templates/systemd/mastodon: add new sandboxing options * templates/systemd/mastodon: add '@privileged' and remove duplicates SystemCallFilters * templates/systemd/mastodon: add '@ipc' SystemCallFilter * templates/systemd/mastodon: add '@memlock' SystemCallFilter * templates/systemd/mastodon: allow '@resources' filter to mastodon-web service
2021-08-20Make sure nginx always send HSTS header (#16633)Peter Dave Hello
By default, it'll only send those headers when the response code is one of the following: - 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308 As all the traffics should be https, the http protocol only exists to do 301 redirect, and always send the HSTS header is almost one of the best practices, we should set nginx to do so. Reference: - https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header - https://ssl-config.mozilla.org/
2021-08-20Disable nginx ssl_session_tickets for better security (#16632)Peter Dave Hello
It's default turned on, but it's better to turn it off for security reason. Reference: - https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets - https://github.com/mozilla/server-side-tls/issues/135
2021-07-05Preload libjemalloc.so for long-running Ruby (#16462)Akihiko Odaki
Always mark jemalloc needed if jemalloc is enabled by akihikodaki · Pull Request #4627 · ruby/ruby https://github.com/ruby/ruby/pull/4627 > Symbols exported by jemalloc is referred by the shared library but not > by the executables when building Ruby as a shared library with > jemalloc. It causes shared libraries such as the GNU C++ library > occasionally rely on the memory allocator provided by the standard C > library. Worse, the resolved symbols can later be replaced with > jemalloc, and jemalloc may see pointers from the standard C library, > which results in various failures. > e.g. https://github.com/tootsuite/mastodon/issues/15751 As a workaround, do not rely on jemalloc enablement of Ruby, and preload libjemalloc.so instead.
2021-04-27templates/systemd/mastodon: optimize SystemCallFilters (#16127)Yurii Izorkin
2021-04-24templates/systemd/mastodon: update sandbox mode (#16103)Yurii Izorkin
2021-03-24templates/systemd/mastodon: enable sandbox mode (#15937)Yurii Izorkin
2021-01-05Set X-Forwarded-Proto to request scheme (#15310) (#15498)Cecylia Bocovich
This fixes a bug that prevents logins to mastodon onion services. The nginx directive assumed all requests were made over https, causing a domain mismatch for onion services that have https redirects disabled. The fix more correctly sets X-Forwarded-Proto to the actual scheme used in the request.
2020-03-08Update nginx.conf (#13066)Shlee
2019-08-30Add TLS v1.3 support (#11603)ichi_i
Maintain TLS v1.2 compatibility (might want to drop this later) and add support for TLS v1.3
2019-03-30Cache error 410 responses in recommended nginx configuration (#10425)Eugen Rochko
2019-02-13perf: run node directly when streaming (#10032)Nolan Lawson
2018-09-24Add nginx and systemd templates (#8770)Eugen Rochko
So they can be copied during installation instead of looking them up in the documentation Make default sidekiq configuration use weighted queues Remove deprecated docs directory
generated by cgit-pink (git 2.37.1) at 2024-11-01 17:39:19 +0000