about summary refs log tree commit diff
path: root/in-a-box
diff options
context:
space:
mode:
Diffstat (limited to 'in-a-box')
-rw-r--r--in-a-box/.docker/mastodon/.env.production1
-rw-r--r--in-a-box/.docker/nginx/cert.pem0
-rw-r--r--in-a-box/.docker/nginx/fullchain.pem0
-rw-r--r--in-a-box/.docker/nginx/nginx.conf7
-rw-r--r--in-a-box/.docker/nginx/privkey.pem0
-rw-r--r--in-a-box/.docker/nginx/production.conf133
-rw-r--r--in-a-box/README.md21
-rw-r--r--in-a-box/docker-compose.yml134
-rwxr-xr-xin-a-box/mastodon.sh108
9 files changed, 0 insertions, 404 deletions
diff --git a/in-a-box/.docker/mastodon/.env.production b/in-a-box/.docker/mastodon/.env.production
deleted file mode 100644
index eae37f3..0000000
--- a/in-a-box/.docker/mastodon/.env.production
+++ /dev/null
@@ -1 +0,0 @@
-# Run setup-mastodon.sh
diff --git a/in-a-box/.docker/nginx/cert.pem b/in-a-box/.docker/nginx/cert.pem
deleted file mode 100644
index e69de29..0000000
--- a/in-a-box/.docker/nginx/cert.pem
+++ /dev/null
diff --git a/in-a-box/.docker/nginx/fullchain.pem b/in-a-box/.docker/nginx/fullchain.pem
deleted file mode 100644
index e69de29..0000000
--- a/in-a-box/.docker/nginx/fullchain.pem
+++ /dev/null
diff --git a/in-a-box/.docker/nginx/nginx.conf b/in-a-box/.docker/nginx/nginx.conf
deleted file mode 100644
index 3acaf5b..0000000
--- a/in-a-box/.docker/nginx/nginx.conf
+++ /dev/null
@@ -1,7 +0,0 @@
-server {
-  listen 80;
-  listen [::]:80;
-
-  server_name $NGINX_HOST;
-  root /var/www/html;
-}
diff --git a/in-a-box/.docker/nginx/privkey.pem b/in-a-box/.docker/nginx/privkey.pem
deleted file mode 100644
index e69de29..0000000
--- a/in-a-box/.docker/nginx/privkey.pem
+++ /dev/null
diff --git a/in-a-box/.docker/nginx/production.conf b/in-a-box/.docker/nginx/production.conf
deleted file mode 100644
index 02bbad5..0000000
--- a/in-a-box/.docker/nginx/production.conf
+++ /dev/null
@@ -1,133 +0,0 @@
-map $http_upgrade $connection_upgrade {
-  default upgrade;
-  ''      close;
-}
-
-server {
-  listen 80;
-  listen [::]:80;
-
-  server_name $NGINX_HOST;
-  root /var/www/html;
-
-  location /.well-known/acme-challenge/ {
-      allow all;
-  }
-
-  location / {
-      return 301 https://$host$request_uri;
-  }
-}
-
-server {
-  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
-
-  server_name $NGINX_HOST;
-  server_tokens off;
-
-  ssl_protocols TLSv1.2;
-  ssl_ciphers ECDHE+CHACHA20:AES256+EECDH:AES256+EDH:!aNULL;
-  ssl_ecdh_curve secp384r1;
-  ssl_prefer_server_ciphers on;
-  ssl_session_cache shared:TLS:2m;
-  ssl_session_timeout 10m;
-  ssl_session_tickets off;
-  ssl_stapling on;
-  ssl_stapling_verify on;
-
-  keepalive_timeout 70;
-  sendfile on;
-  client_max_body_size 0;
-
-  add_header X-Frame-Options DENY;
-  add_header X-Content-Type-Options nosniff;
-  add_header X-XSS-Protection "1; mode=block";
-  add_header Referrer-Policy "same-origin";
-  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
-
-  ssl_certificate /etc/ssl/fullchain.pem;
-  ssl_certificate_key /etc/ssl/privkey.pem;
-  ssl_trusted_certificate /etc/ssl/cert.pem;
-
-  resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] valid=300s;
-  resolver_timeout 5s;
-
-  root /var/www/html;
-
-  add_header Access-Control-Allow-Origin "https://$host";
-  add_header X-Cache-Status $upstream_cache_status;
-
-  location / {
-    try_files $uri @proxy;
-  }
-
-  location /sw.js {
-    add_header Cache-Control "public, max-age=0";
-    try_files $uri @proxy;
-  }
-
-  location ~ ^/(emoji|packs|sounds|system/media_attachments/files) {
-    add_header Cache-Control "public, max-age=31536000, immutable";
-
-    gzip on;
-    gzip_disable "msie6";
-    gzip_vary on;
-    gzip_proxied any;
-    gzip_comp_level 6;
-    gzip_buffers 16 8k;
-    gzip_http_version 1.1;
-    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
-
-    try_files $uri @proxy;
-  }
-
-  location @proxy {
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto https;
-    proxy_set_header Proxy "";
-    proxy_pass_header Server;
-
-    proxy_pass http://web:3000;
-    proxy_buffering on;
-    proxy_redirect off;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection $connection_upgrade;
-
-    proxy_cache CACHE;
-    proxy_cache_valid 200 7d;
-    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-    proxy_cache_lock on;
-    proxy_cache_revalidate on;
-
-    tcp_nodelay on;
-  }
-
-  location /api/v1/streaming {
-    proxy_set_header Host $host;
-    proxy_set_header X-Real-IP $remote_addr;
-    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-    proxy_set_header X-Forwarded-Proto https;
-    proxy_set_header Proxy "";
-
-    proxy_pass http://streaming:4000;
-    proxy_buffering off;
-    proxy_redirect off;
-    proxy_http_version 1.1;
-    proxy_set_header Upgrade $http_upgrade;
-    proxy_set_header Connection $connection_upgrade;
-
-    tcp_nodelay on;
-  }
-
-  error_page 403 /assets/403.html;
-  error_page 404 /assets/404.html;
-  error_page 410 /assets/410.html;
-  error_page 422 /assets/422.html;
-  error_page 500 501 502 503 504 /assets/500.html;
-}
-
-proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=2g use_temp_path=off;
diff --git a/in-a-box/README.md b/in-a-box/README.md
deleted file mode 100644
index a7f45b0..0000000
--- a/in-a-box/README.md
+++ /dev/null
@@ -1,21 +0,0 @@
-# Mastodon Secure-ish Setup in a Box
-
-Step 1: Git clone this repository.
-
-Step 2: Replace `example.com` in `docker-compose.yml` with your server name.
-
-Step 3: Run `./mastodon.sh setup` and afterwards, move `public/system/.env.production` to the `.docker/mastodon/` folder.
-
-Step 4: Run `./mastodon.sh acme` to set up Let's Encrypt. Make sure that port 80 is allowed by the firewall.
-
-Step 5: Run `docker-compose up -d` to start all services. Verify with `docker-compose ps` that they're up, and if there's errors, `docker-compose logs -f`.
-
-Step 6: Register on the instance.
-
-Step 7: Run `./mastodon.sh make_admin USERNAME=yourusername` (replace "yourusername" with your username).
-
-Step 8: Set a cron job to run `./mastodon.sh cron` daily via inserting `@daily /path/to/mastodon.sh cron` into `crontab -e`.
-
-Step 9: Optionally, set a daily cron to run `./mastodon.sh backup daily` and an hourly cron for `./mastodon.sh backup hourly`.
-
-Step 10: Enjoy! Don't forget to set up your OS's firewall.
diff --git a/in-a-box/docker-compose.yml b/in-a-box/docker-compose.yml
deleted file mode 100644
index b97b553..0000000
--- a/in-a-box/docker-compose.yml
+++ /dev/null
@@ -1,134 +0,0 @@
-version: '2.1'
-services:
-
-  nginx:
-    restart: always
-    image: nginx:mainline
-    volumes:
-      - ./.docker/nginx/nginx.conf:/tmp/template.conf:ro
-      - ./.docker/nginx/fullchain.pem:/etc/ssl/fullchain.pem:ro
-      - ./.docker/nginx/privkey.pem:/etc/ssl/privkey.pem:ro
-      - ./.docker/nginx/cert.pem:/etc/ssl/cert.pem:ro
-      - ./public:/var/www/html:ro
-      - /etc/localtime:/etc/localtime:ro
-    ports:
-      - "80:80"
-      - "443:443"
-    environment:
-      - NGINX_HOST=example.com
-    networks:
-      - external_network
-      - mstweb_network
-      - mststreaming_network
-    command: sh -c "envsubst \"`env | awk -F = '{printf \" $$%s, $$1}'`\" < /tmp/template.conf > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
-
-  db:
-    restart: always
-    image: postgres:10.3-alpine
-    networks:
-      - mstdb_network
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - ./.docker/mastodon/db:/var/lib/postgresql/data
-
-  redis:
-    restart: always
-    image: redis:alpine
-    networks:
-      - mstredis_network
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-      - ./.docker/mastodon/redis:/data
-
-#  es:
-#    restart: always
-#    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.2.3
-#    environment:
-#      - bootstrap.memory_lock=true
-#      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
-#    ulimits:
-#      memlock:
-#        soft: -1
-#        hard: -1
-#    networks:
-#      - mstes_network
-#    volumes:
-#      - /etc/localtime:/etc/localtime:ro
-#      - /etc/timezone:/etc/timezone:ro
-#      - ./.docker/mastodon/es:/usr/share/elasticsearch/data
-
-  web:
-    image: tootsuite/mastodon:latest
-    restart: always
-    env_file: ./.docker/mastodon/.env.production
-    command: bundle exec rails s -p 3000 -b '0.0.0.0'
-    networks:
-      - mstdb_network
-      - mstredis_network
-#      - mstes_network
-      - mstweb_network
-    depends_on:
-      - mstdb
-      - mstredis
-#      - mstes
-    volumes:
-      - ./public/assets:/mastodon/public/assets
-      - ./public/packs:/mastodon/public/packs
-      - ./public/system:/mastodon/public/system
-      - /etc/localtime:/etc/localtime:ro
-    tmpfs:
-      - /mastodon/tmp/pids:rw,noexec,uid=991,gid=991,mode=0666
-
-  streaming:
-    image: tootsuite/mastodon:latest
-    restart: always
-    env_file: ./.docker/mastodon/.env.production
-    command: yarn start
-    networks:
-      - mstdb_network
-      - mstredis_network
-      - mststreaming_network
-    volumes:
-      - /etc/localtime:/etc/localtime:ro
-    depends_on:
-      - db
-      - redis
-
-  sidekiq:
-    image: tootsuite/mastodon:latest
-    restart: always
-    env_file: ./.docker/mastodon/.env.production
-    command: bundle exec sidekiq -q default -q mailers -q pull -q push
-    depends_on:
-      - db
-      - redis
-    networks:
-      - external_network
-      - mstdb_network
-#      - mstes_network
-      - mstredis_network
-    volumes:
-      - ./public/assets:/mastodon/public/assets
-      - ./public/packs:/mastodon/public/packs
-      - ./public/system:/mastodon/public/system
-      - /etc/localtime:/etc/localtime:ro
-
-networks:
-  external_network:
-#    driver: bridge
-#    enable_ipv6: true
-#    ipam:
-#      driver: default
-#      config:
-#        - subnet: 172.18.0.0/16
-#        - subnet: 2600:1111:2222:3333::/64
-  mstdb_network:
-    internal: true
-  mstredis_network:
-    internal: true
-  mststreaming_network:
-    internal: true
-  mstweb_network:
-    internal: true
-#  mstes_network:
-#    internal: true
diff --git a/in-a-box/mastodon.sh b/in-a-box/mastodon.sh
deleted file mode 100755
index 3975646..0000000
--- a/in-a-box/mastodon.sh
+++ /dev/null
@@ -1,108 +0,0 @@
-#!/bin/bash
-
-do_help() {
-  local myself
-  myself="$(basename $0)"
-  echo "Usage: $myself [command] [arguments]"
-  echo
-  echo "Possible commands:"
-  echo
-  echo " - $myself setup: Setup this instance. Generates .env.production in public/system."
-  echo " - $myself update: Download and apply updates if there are newer available."
-  echo " - $myself acme: Install Lets Encrypt certificates."
-  echo " - $myself cron: Run cron job."
-  echo " - $myself backup hourly: Run hourly backup."
-  echo " - $myself backup daily: Run daily backup."
-  echo " - $myself backup restore [file]: Restore .pgsql file from backup."
-  echo
-  echo "Also runs rake commands, e.g.:"
-  echo
-  echo " - $myself make_admin USERNAME=yourname"
-  echo " - $myself revoke_staff USERNAME=yourname"
-  echo " - $myself confirm_email USER_EMAIL=your@email"
-  echo
-  echo "See https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/List-of-Rake-tasks.md"
-  echo "for a full list of Rake tasks."
-}
-
-do_setup() {
-  docker-compose run --rm web bash -c "rake mastodon:setup; mv /mastodon/.env.production /mastodon/system/"
-  echo
-  echo "Please move (not copy!) public/system/.env.production into .docker/mastodon/"
-}
-
-do_update() {
-  (docker-compose pull 2>&1 | grep --silent "Downloaded newer") && {
-    docker-compose up -d
-
-    docker-compose run --rm web rake db:migrate
-    docker-compose run --rm web rake assets:precompile
-
-    docker image prune -f
-  }
-}
-
-do_cron() {
-  docker-compose run -T --rm web rake mastodon:media:remove_remote
-}
-
-do_acme() {
-  local DOMAIN
-  read -s "Domain Name: " DOMAIN
-
-  curl -sS https://raw.githubusercontent.com/Neilpang/acme.sh/master/acme.sh | INSTALLONLINE=1  sh
-
-  docker-compose up -d nginx
-  acme.sh --issue -d $DOMAIN -w $(pwd)/public --keylength ec-384
-  acme.sh --install-cert -d $DOMAIN --cert-file $(pwd)/.docker/nginx/cert.pem --key-file $(pwd)/.docker/nginx/privkey.pem --fullchain-file $(pwd)/.docker/nginx/fullchain.pem --ecc --reloadcmd "$(command -v docker-compose) -f $(pwd)/docker-compose.yml stop nginx; $(command -v docker-compose) -f $(pwd)/docker-compose.yml up -d nginx"
-
-  [ -e "$(pwd)/.docker/nginx/production.conf" ] && \
-    rm "$(pwd)/.docker/nginx/nginx.conf" && \
-    mv "$(pwd)/.docker/nginx/production.conf" "$(pwd)/.docker/nginx/nginx.conf"
-
-  docker-compose stop nginx
-}
-
-do_backup() {
-  if [ "$2" == "daily" ]; then
-    find "$(pwd)/.docker/mastodon/backups" -type f -name postgres-daily.* -mtime +7 -delete
-    docker-compose exec -T -u postgres db sh -c "umask 0377 && /usr/local/bin/pg_dump -Fc -h db -d postgres -U postgres" > "$(pwd)/.docker/mastodon/backups/postgres-daily.$(date -Iseconds).pgsql"
-  fi
-
-  if [ "$2" == "hourly" ]; then
-    find "$(pwd)/.docker/mastodon/backups" -type f -name postgres-hourly.* --min +360 -delete
-    docker-compose exec -T -u postgres db sh -c "umask 0377 && /usr/local/bin/pg_dump -Fc -h db -d postgres -U postgres" > "$(pwd)/.docker/mastodon/backups/postgres-hourly.$(date -Iseconds).pgsql"
-  fi
-
-  if [ "$2" == "restore" ]; then
-    docker-compose run --rm db sh -c "/usr/local/bin/psql --set ON_ERROR_STOP=on -Fc -h db -d postgres -U postgres" < "$3"
-  fi
-}
-
-do_rake() {
-  docker-compose run --rm web rake mastodon:$1 ${@:2}
-}
-
-case "$1" in
-  help|h|--help)
-    do_help
-    ;;
-  setup)
-    do_setup
-    ;;
-  acme)
-    do_acme
-    ;;
-  update)
-    do_update
-    ;;
-  cron)
-    do_cron
-    ;;
-  backup)
-    do_backup "$@"
-    ;;
-  *)
-    do_rake "$@"
-    ;;
-esac