about summary refs log tree commit diff
path: root/deploy
diff options
context:
space:
mode:
authorreverite <samantha@chalker.io>2018-04-03 13:25:58 -0700
committerreverite <samantha@chalker.io>2018-04-03 13:25:58 -0700
commit96841ad190ebbe86e80aae6ecf11fc3766841818 (patch)
treed7cee6d2e7081c794a9209b99acd49a778efa314 /deploy
parent7718fb922543162e3bdafebf503a08e84faeb173 (diff)
reshuffle 2018-04-03
Diffstat (limited to 'deploy')
-rw-r--r--deploy/conf/nginx.conf (renamed from deploy/.docker/nginx/nginx.conf)51
-rw-r--r--deploy/docker-compose.yml109
-rwxr-xr-xdeploy/setup-mastodon.sh12
3 files changed, 57 insertions, 115 deletions
diff --git a/deploy/.docker/nginx/nginx.conf b/deploy/conf/nginx.conf
index 9326f6d..ec7f51e 100644
--- a/deploy/.docker/nginx/nginx.conf
+++ b/deploy/conf/nginx.conf
@@ -3,8 +3,8 @@ map $http_upgrade $connection_upgrade {
   ''      close;
 }
 
-upstream netdatacontainer {
-  server netdata:19999;
+upstream netdata {
+  server 127.0.0.1:19999;
   keepalive 64;
 }
 
@@ -13,7 +13,7 @@ server {
   listen [::]:80;
 
   server_name plural.cafe;
-  root /var/www/html;
+  root /home/mastodon/public;
 
   location /.well-known/acme-challenge/ {
       allow all;
@@ -41,9 +41,6 @@ server {
   ssl_stapling on;
   ssl_stapling_verify on;
 
-  resolver 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844] valid=300s;
-  resolver_timeout 5s;
-
   ssl_dhparam /etc/ssl/dhparam.pem;
 
   keepalive_timeout 70;
@@ -56,9 +53,12 @@ server {
   add_header Referrer-Policy "same-origin";
   add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 
-  ssl_certificate /etc/ssl/fullchain.pem;
-  ssl_certificate_key /etc/ssl/privkey.pem;
-  ssl_trusted_certificate /etc/ssl/cert.pem;
+  ssl_certificate /home/mastodon/.acme.sh/certs/fullchain.pem;
+  ssl_certificate_key /home/mastodon/.acme.sh/certs/privkey.pem;
+  ssl_trusted_certificate /home/mastodon/.acme.sh/certs/cert.pem;
+
+  resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s;
+  resolver_timeout 5s;
 
   return 301 "https://plural.cafe/@${subdomain}";
 }
@@ -80,9 +80,6 @@ server {
   ssl_stapling on;
   ssl_stapling_verify on;
 
-  resolver 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844] valid=300s;
-  resolver_timeout 5s;
-
   ssl_dhparam /etc/ssl/dhparam.pem;
 
   keepalive_timeout 70;
@@ -95,11 +92,14 @@ server {
   add_header Referrer-Policy "same-origin";
   add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
 
-  ssl_certificate /etc/ssl/fullchain.pem;
-  ssl_certificate_key /etc/ssl/privkey.pem;
-  ssl_trusted_certificate /etc/ssl/cert.pem;
+  ssl_certificate /home/mastodon/.acme.sh/certs/fullchain.pem;
+  ssl_certificate_key /home/mastodon/.acme.sh/certs/privkey.pem;
+  ssl_trusted_certificate /home/mastodon/.acme.sh/certs/cert.pem;
+
+  resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s;
+  resolver_timeout 5s;
 
-  root /var/www/html;
+  root /home/mastodon/public;
 
   #add_header Content-Security-Policy "Content-Security-Policy: frame-ancestors 'none'; object-src 'none'; script-src 'self'; base-uri 'none';";
   add_header Access-Control-Allow-Origin "https://$host";
@@ -109,15 +109,20 @@ server {
     try_files $uri @proxy;
   }
 
+  location /_matrix {
+    proxy_pass http://127.0.0.1:8008;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_pass_request_headers on;
+  }
+
   location /sw.js {
     add_header Cache-Control "public, max-age=0";
     try_files $uri @proxy;
   }
 
-
-   location = /sysinfo {
-     return 301 /sysinfo/;
-   }
+  location = /sysinfo {
+    return 301 /sysinfo/;
+  }
 
   location ~ /sysinfo/(?<ndpath>.*) {
     proxy_redirect off;
@@ -130,7 +135,7 @@ server {
     proxy_pass_request_headers on;
     proxy_set_header Connection "keep-alive";
     proxy_store off;
-    proxy_pass http://netdatacontainer/$ndpath$is_args$args;
+    proxy_pass http://netdata/$ndpath$is_args$args;
 
     gzip on;
     gzip_proxied any;
@@ -164,7 +169,7 @@ server {
     proxy_set_header Proxy "";
     proxy_pass_header Server;
 
-    proxy_pass http://mstweb:3000;
+    proxy_pass http://127.0.0.1:3000;
     proxy_buffering on;
     proxy_redirect off;
     proxy_http_version 1.1;
@@ -187,7 +192,7 @@ server {
     proxy_set_header X-Forwarded-Proto https;
     proxy_set_header Proxy "";
 
-    proxy_pass http://mststreaming:4000;
+    proxy_pass http://127.0.0.1:4000;
     proxy_buffering off;
     proxy_redirect off;
     proxy_http_version 1.1;
diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml
index b6de5fd..f412c55 100644
--- a/deploy/docker-compose.yml
+++ b/deploy/docker-compose.yml
@@ -1,34 +1,14 @@
-version: '3'
+version: '2.3'
 services:
 
-  nginx:
-    restart: always
-    image: nginx:mainline
-    command: nginx -g 'daemon off;'
-    networks:
-      - external_network
-      - mstweb_network
-      - mststreaming_network
-      - netdata_network
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - /etc/timezone:/etc/timezone:ro
-      - ./.docker/nginx/nginx.conf:/etc/nginx/conf.d/default.conf:ro
-      - ./.docker/nginx/dhparam.pem:/etc/ssl/dhparam.pem:ro
-      - ./.docker/nginx/certs/fullchain.pem:/etc/ssl/fullchain.pem:ro
-      - ./.docker/nginx/certs/privkey.pem:/etc/ssl/privkey.pem:ro
-      - ./.docker/nginx/certs/cert.pem:/etc/ssl/cert.pem:ro
-      - ./public:/var/www/html:ro
-    ports:
-      - "80:80"
-      - "443:443"
-
   netdata:
     restart: always
     image: titpetric/netdata
     restart: unless-stopped
     cap_add:
       - SYS_PTRACE
+    ports:
+      - "127.0.0.1:19999:19999"
     volumes:
       - ./.docker/netdata:/etc/netdata
       - /proc:/host/proc:ro
@@ -37,7 +17,7 @@ services:
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
     networks:
-      - netdata_network
+      - external_network
 
   mstdb:
     restart: always
@@ -63,7 +43,12 @@ services:
 #    restart: always
 #    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.2.3
 #    environment:
+#      - bootstrap.memory_lock=true
 #      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
+#    ulimits:
+#      memlock:
+#        soft: -1
+#        hard: -1
 #    networks:
 #      - mstes_network
 #    volumes:
@@ -75,88 +60,32 @@ services:
     image: pluralcafe/mastodon:stable
     restart: always
     env_file: ./.docker/mastodon/.env.production
-    command: bash -c "rake db:migrate; bundle exec rails s -p 3000 -b '0.0.0.0'"
     networks:
       - external_network
       - mstdb_network
       - mstredis_network
-      - mstweb_network
+    ports:
+      - "127.0.0.1:3000:3000"
+      - "127.0.0.1:4000:4000"
     depends_on:
       - mstdb
       - mstredis
 #      - mstes
     volumes:
       - ./public/system:/mastodon/public/system
-      - ./public/assets:/tmp/assets
-      - ./public/packs:/tmp/packs
       - /etc/localtime:/etc/localtime:ro
       - /etc/timezone:/etc/timezone:ro
 
-  mststreaming:
-    image: pluralcafe/mastodon:stable
-    restart: always
-    env_file: ./.docker/mastodon/.env.production
-    command: yarn start
-    networks:
-      - mstdb_network
-      - mstredis_network
-      - mststreaming_network
-    depends_on:
-      - mstdb
-      - mstredis
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - /etc/timezone:/etc/timezone:ro
-
-  mstsidekiq:
-    image: pluralcafe/mastodon:stable
-    restart: always
-    env_file: ./.docker/mastodon/.env.production
-    command: bundle exec sidekiq -q default -q mailers -q pull -q push
-    depends_on:
-      - mstdb
-      - mstredis
-    networks:
-      - external_network
-      - mstdb_network
-      - mstredis_network
-      - mstweb_network
-      - mststreaming_network
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - /etc/timezone:/etc/timezone:ro
-      - ./public/system:/mastodon/public/system
-
-#  mrxsynapse:
-#    image: avhost/docker-matrix:latest
-#    restart: always
-#    command: start
-#    environment:
-#      - SERVER_NAME=plural.cafe
-#      - REPORT_STATS=yes
-#      - MATRIX_UID=981
-#      - MATRIX_GID=981
-#    networks:
-#      - mrxsynapse_network
-#      - mrxdb_network
-#      - external_network
-#    ports:
-#      - "8448:8448"
-#      - "3478:3478"
-#    volumes:
-#      - /etc/localtime:/etc/localtime:ro
-#      - /etc/timezone:/etc/timezone:ro
-#      - ./.docker/matrix:/data
-
 networks:
   external_network:
+    driver: bridge
+    enable_ipv6: true
+    ipam:
+      driver: default
+      config:
+        - subnet: 172.18.0.0/16
+        - subnet: 2001:19f0:5:46d5::/64
   mstdb_network:
     internal: true
   mstredis_network:
     internal: true
-  mststreaming_network:
-    internal: true
-  mstweb_network:
-    internal: true
-  netdata_network:
-    internal: true
diff --git a/deploy/setup-mastodon.sh b/deploy/setup-mastodon.sh
index 239be66..ff06c05 100755
--- a/deploy/setup-mastodon.sh
+++ b/deploy/setup-mastodon.sh
@@ -1,14 +1,16 @@
 #!/bin/bash
 
-[ -z "$YML_LOC" ] && YML_LOC="$HOME"
+[ -z "$YML_LOC" ] && YML_LOC="$(pwd)"
 cd $YML_LOC
 
 echo "Setting up the instance..."
 echo
+mkdir -p "$YML_LOC/.docker/mastodon"
 
 curl -fsSL https://raw.githubusercontent.com/tootsuite/mastodon/master/.env.production.sample -o "$YML_LOC/.docker/mastodon/.env.production"
 
 MUID="$(docker-compose run --rm mstweb id -u 2>/dev/null)"
+MGID="$(docker-compose run --rm mstweb id -g 2>/dev/null)"
 SECRET_KEY_BASE=$(hexdump -vn 64 -e ' /1 "%02x"' /dev/urandom)
 OTP_SECRET=$(hexdump -vn 64 -e ' /1 "%02x"' /dev/urandom)
 
@@ -18,7 +20,7 @@ sed -i 's|ES_HOST=es|ES_HOST=mstes|' $YML_LOC/.docker/mastodon/.env.production
 sed -i "s|SECRET_KEY_BASE=|SECRET_KEY_BASE=$SECRET_KEY_BASE|" $YML_LOC/.docker/mastodon/.env.production
 sed -i "s|OTP_SECRET=|OTP_SECRET=$OTP_SECRET|" $YML_LOC/.docker/mastodon/.env.production
 sed -i "s|# UID=1000|UID=$MUID|" $YML_LOC/.docker/mastodon/.env.production
-sed -i "s|# GID=1000|GID=$MUID|" $YML_LOC/.docker/mastodon/.env.production
+sed -i "s|# GID=1000|GID=$MGID|" $YML_LOC/.docker/mastodon/.env.production
 
 docker-compose run --rm mstweb rake db:migrate
 (openssl dhparam -rand /dev/urandom -out $YML_LOC/.docker/nginx/dhparam.pem 4096 2>&1 >/dev/null) & pid=$!
@@ -27,3 +29,9 @@ echo
 echo "Mostly set up. Modify .docker/mastodon/.env.production settings and then"
 echo "you can do a 'docker-compose up -d' on this instance. OpenSSL is still"
 echo "running, so wait a bit for it to finish too."
+echo
+echo "There is an Nginx configuration file in conf/nginx.conf you can use."
+echo
+echo "Also, when you're going to the instance, register and then run this command:"
+echo "docker-compose run --rm mstweb rake mastodon:make_admin USERNAME=yourusername"
+echo