diff --git a/production/bind9/bind/command.sh b/production/bind9/bind/command.sh index 5db564a..b05cf86 100755 --- a/production/bind9/bind/command.sh +++ b/production/bind9/bind/command.sh @@ -44,7 +44,12 @@ $DOMAIN. IN TXT \"google-site-verification=OGwhD4vhFpXHvQsbJinxA _dmarc IN TXT \"v=DMARC1;p=reject;rua=mailto:postmaster@$DOMAIN;pct=100;ruf=mailto:postmaster@$DOMAIN;sp=reject;aspf=s;adkim=s;ri=86400;fo=0;rf=afrf\" _dnsaddr IN TXT \"dnsaddr=/ip4/82.223.3.135/tcp/4001/p2p/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\" _dnsaddr IN TXT \"dnsaddr=/ip6/2001:ba0:1800:80e0::1/tcp/4001/p2p/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\" -_dnslink IN TXT \"dnslink=/ipns/QmcLwDnTPuSuaBL6QyfPGWyrAjHZYonahiKPeYSAjcU25V\" +$DOMAIN. IN TXT \"dnslink=/ipns/hatthieves.es\" +_dnslink IN TXT \"dnslink=/ipns/k2k4r8olq17uslpwyedjx5o0g5azfq8inmw0fp1jh0xqm9zrcho3p5zk\" +_acme-challenge IN TXT \"56ICipwdln5gLbl_s82sUQl_8NjxHJLkMrJmAeOVX9c\" +_acme-challenge IN TXT \"paSCs9dPonZOzoQETYyMDfc8cyATdeD4FZZXdXSRc6U\" +_xmpp-client._tcp IN SRV 100 1 5222 xmpp.$DOMAIN. +_xmpp-server._tcp IN SRV 100 1 5269 xmpp.$DOMAIN. $DKIM \$INCLUDE K$DOMAIN.+008+10060.key diff --git a/production/elk/docker-compose.yml b/production/elk/docker-compose.yml index ccf41cc..15e702e 100644 --- a/production/elk/docker-compose.yml +++ b/production/elk/docker-compose.yml @@ -2,7 +2,7 @@ version: '2' services: elasticsearch: - image: docker.elastic.co/elasticsearch/elasticsearch:7.8.0 + image: docker.elastic.co/elasticsearch/elasticsearch:7.8.1 hostname: elasticsearch container_name: elasticsearch restart: always @@ -31,7 +31,7 @@ services: ipv4_address: 172.1.0.101 kibana: - image: docker.elastic.co/kibana/kibana:7.8.0 + image: docker.elastic.co/kibana/kibana:7.8.1 hostname: kibana container_name: kibana restart: always @@ -45,7 +45,7 @@ services: ipv4_address: 172.1.0.102 logstash: - image: docker.elastic.co/logstash/logstash:7.8.0 + image: docker.elastic.co/logstash/logstash:7.8.1 hostname: logstash container_name: logstash restart: always @@ -64,7 +64,7 @@ services: ipv4_address: 172.1.0.103 # filebeat: -# image: docker.elastic.co/beats/filebeat:7.8.0 +# image: docker.elastic.co/beats/filebeat:7.8.1 # hostname: filebeat # container_name: filebeat # restart: always diff --git a/production/etherpad/etherpad/Dockerfile b/production/etherpad/etherpad/Dockerfile index 26191d0..466ff0f 100644 --- a/production/etherpad/etherpad/Dockerfile +++ b/production/etherpad/etherpad/Dockerfile @@ -1,4 +1,4 @@ -FROM node:10-slim +FROM node:12-slim RUN npm i -g npm RUN apt update && apt -y install git sudo && apt clean RUN git clone --depth 1 --branch master https://github.com/ether/etherpad-lite /etherpad diff --git a/production/haraka-wildduck/docker-compose.yml b/production/haraka-wildduck/docker-compose.yml index 330623d..2a678b4 100644 --- a/production/haraka-wildduck/docker-compose.yml +++ b/production/haraka-wildduck/docker-compose.yml @@ -47,7 +47,7 @@ services: ipv4_address: 172.200.0.102 mongo: - image: mongo + image: mongo:4.2 hostname: mongo container_name: mongo restart: always diff --git a/production/haraka-wildduck/haraka/config/aliases b/production/haraka-wildduck/haraka/config/aliases index 0d8b3d0..ef073d8 100755 --- a/production/haraka-wildduck/haraka/config/aliases +++ b/production/haraka-wildduck/haraka/config/aliases @@ -11,7 +11,22 @@ "root@hatthieves.es": { "action": "alias", "to": ["webmaster@hatthieves.es"] }, - "@social.hatthieves.es": { + "@hatthieves.com": { + "action": "alias", "to": ["webmaster@hatthieves.es"] + }, + "@hatthieves.co": { + "action": "alias", "to": ["webmaster@hatthieves.es"] + }, + "@*.hatthieves.com": { + "action": "alias", "to": ["webmaster@hatthieves.es"] + }, + "@*.hatthieves.co": { + "action": "alias", "to": ["webmaster@hatthieves.es"] + }, + "@*.hatthieves.es": { + "action": "alias", "to": ["webmaster@hatthieves.es"] + }, + "hola@hatthieves.es": { "action": "alias", "to": ["webmaster@hatthieves.es"] } } diff --git a/production/haraka-wildduck/haraka/config/rcpt_to.in_host_list b/production/haraka-wildduck/haraka/config/rcpt_to.in_host_list index b9978e2..89bc1a1 100644 --- a/production/haraka-wildduck/haraka/config/rcpt_to.in_host_list +++ b/production/haraka-wildduck/haraka/config/rcpt_to.in_host_list @@ -1,2 +1,3 @@ ;[main] -host_list=hatthieves.es +host_list=hatthieves.es,hatthieves.com,hatthieves.co +host_list_regex=*.hatthieves.es,*.hatthieves.com,*.hatthieves.co diff --git a/production/haraka-wildduck/webmail/config/default.toml b/production/haraka-wildduck/webmail/config/default.toml index e0807af..6a31026 100644 --- a/production/haraka-wildduck/webmail/config/default.toml +++ b/production/haraka-wildduck/webmail/config/default.toml @@ -14,7 +14,7 @@ title="Wild Duck Mail - HatThieves.es" allowJoin=false enableSpecial=true # if true the allow creating addresses with special usernames # allowed domains for new addresses - domains=["hatthieves.es"] + domains=["hatthieves.es","hatthieves.com","hatthieves.co"] generalNotification="" [api] diff --git a/production/haraka-wildduck/wildduck/Dockerfile b/production/haraka-wildduck/wildduck/Dockerfile index e5ae284..80977f8 100644 --- a/production/haraka-wildduck/wildduck/Dockerfile +++ b/production/haraka-wildduck/wildduck/Dockerfile @@ -21,4 +21,4 @@ RUN npm i --production RUN npm i -S zonemta-wildduck zonemta-limiter WORKDIR /haraka RUN npm i -RUN npm i -S haraka-plugin-wildduck haraka-plugin-rspamd haraka-plugin-limit haraka-plugin-karma haraka-plugin-redis haraka-plugin-mongodb +RUN npm i -S haraka-plugin-wildduck@v1.28.1 haraka-plugin-rspamd haraka-plugin-limit haraka-plugin-karma haraka-plugin-redis haraka-plugin-mongodb diff --git a/production/ipfs/data/config b/production/ipfs/data/config index aa4b6df..6f7fe3e 100644 --- a/production/ipfs/data/config +++ b/production/ipfs/data/config @@ -106,7 +106,7 @@ ] }, "NoDNSLink": false, - "NoFetch": false, + "NoFetch": true, "PathPrefixes": [], "PublicGateways": { "ipfs.hatthieves.es": { diff --git a/production/ipfs/docker-compose.yml b/production/ipfs/docker-compose.yml index a27afcf..b239fc5 100644 --- a/production/ipfs/docker-compose.yml +++ b/production/ipfs/docker-compose.yml @@ -2,8 +2,8 @@ version: '2' services: ipfs: - image: ipfs/go-ipfs -# build: ./ipfs +# image: ipfs/go-ipfs + build: ./go-ipfs hostname: ipfs container_name: ipfs restart: always @@ -11,7 +11,7 @@ services: - /bin/sh - /entrypoint.sh volumes: - - ./data:/data/ipfs + - ./data-ipfs:/data/ipfs # - ./temp:/temp # - /opt/docker/production/nms/media:/media:ro - /opt/docker/production/nginx/nginx/hls:/hls:ro @@ -19,6 +19,7 @@ services: # - /opt/docker/production/nms/media/live/streaming:/streaming:ro - ./entrypoint.sh:/entrypoint.sh:ro # - ./ipfs/ipfs:/home/node/.ipfs +# - /opt/docker/production/webdav/webdav/public/ale/Elektor:/Elektor:ro expose: - 5001 - 8080 diff --git a/production/mumble/docker-compose.yml b/production/mumble/docker-compose.yml index e819d49..1cfaacc 100644 --- a/production/mumble/docker-compose.yml +++ b/production/mumble/docker-compose.yml @@ -7,11 +7,12 @@ services: hostname: mumble container_name: mumble restart: always -# entrypoint: -# - murmurd -# - -fg + entrypoint: + - murmurd + - -fg volumes: - - ./data/mumble-server.ini:/etc/murmur/murmur.ini:ro +# - ./data/mumble-server.ini:/etc/murmur/murmur.ini:ro + - ./data/mumble-server.ini:/home/murmur/.murmurd/murmur.ini:ro # - ./data/mumble-server.ini:/etc/mumble-server.ini:ro - /opt/docker/secure/privkey.pem:/etc/mumble-ssl/privkey.pem:ro - /opt/docker/secure/fullchain.pem:/etc/mumble-ssl/fullchain.pem:ro diff --git a/production/nextcloud/docker-compose.yml b/production/nextcloud/docker-compose.yml index eeff784..9fdc572 100644 --- a/production/nextcloud/docker-compose.yml +++ b/production/nextcloud/docker-compose.yml @@ -27,7 +27,7 @@ services: ipv4_address: 172.119.0.101 mariadb-nextcloud: - image: mariadb + image: mariadb:10.5 command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW restart: always container_name: mariadb-nextcloud @@ -49,4 +49,3 @@ networks: ipam: config: - subnet: 172.119.0.0/24 - diff --git a/production/nginx/docker-compose.yml b/production/nginx/docker-compose.yml index 92868c5..7d5a34a 100644 --- a/production/nginx/docker-compose.yml +++ b/production/nginx/docker-compose.yml @@ -81,6 +81,8 @@ services: doom: wtorrent: g-plv: + hatboy: + covid19map: networks: mynet: @@ -238,3 +240,11 @@ networks: g-plv: external: name: gplv_mynet + + hatboy: + external: + name: hatboy_mynet + + covid19map: + external: + name: covid19map_mynet diff --git a/production/nginx/nginx/conf.d/error.conf b/production/nginx/nginx/conf.d/error.conf index d62ccc2..da8babc 100644 --- a/production/nginx/nginx/conf.d/error.conf +++ b/production/nginx/nginx/conf.d/error.conf @@ -1,7 +1,6 @@ - error_page 404 /404.html; - error_page 500 /50x.html; - error_page 502 /50x.html; - error_page 503 /50x.html; - error_page 504 /50x.html; +error_page 404 /404.html; +error_page 500 /50x.html; +error_page 502 /50x.html; +error_page 503 /50x.html; +error_page 504 /50x.html; # error_page 404 500 502 503 504 =301 https://www.hatthieves.es; - diff --git a/production/nginx/nginx/conf.d/hatthieves.conf b/production/nginx/nginx/conf.d/hatthieves.conf index e4d3226..6ae3e16 100644 --- a/production/nginx/nginx/conf.d/hatthieves.conf +++ b/production/nginx/nginx/conf.d/hatthieves.conf @@ -21,7 +21,7 @@ server { ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; # add_header Alt-Svc 'h3-25=":443"; ma=86400'; - add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } server { @@ -40,7 +40,7 @@ server { ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; # add_header Alt-Svc 'h3-25=":443"; ma=86400'; - add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; location / { return 301 https://www.hatthieves.es; # rewrite ^/(.*)$ https://www.hatthieves.es/$1 permanent; @@ -61,7 +61,7 @@ server { ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; # add_header Alt-Svc 'h3-25=":443"; ma=86400'; - add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header alt-svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; location / { return 301 https://www.hatthieves.es; # rewrite ^/(.*)$ https://www.hatthieves.es/$1 permanent; diff --git a/production/nginx/nginx/emitir.sh b/production/nginx/nginx/emitir.sh index 8ca7da0..0052c67 100644 --- a/production/nginx/nginx/emitir.sh +++ b/production/nginx/nginx/emitir.sh @@ -2,8 +2,8 @@ while [ True ]; do for i in $(cat "$1"); do ffmpeg -loglevel quiet -re -i async:cache:"$i" \ - -threads 1 -async 1 -c:v libx264 -preset superfast -tune zerolatency -c:a aac -ar 44100 -f flv "$2" \ - -threads 1 -async 1 -c:v libx264 -preset superfast -tune zerolatency -c:a aac -ar 44100 -f flv "$3" + -threads 1 -async 1 -c:v libx264 -preset superfast -tune zerolatency -c:a aac -ar 44100 -f flv "$2" +# -threads 1 -async 1 -c:v libx264 -preset superfast -tune zerolatency -c:a aac -ar 44100 -f flv "$3" done done diff --git a/production/nginx/nginx/sites-available/bbb b/production/nginx/nginx/sites-available/bbb index 4a30c39..7bbd7bb 100644 --- a/production/nginx/nginx/sites-available/bbb +++ b/production/nginx/nginx/sites-available/bbb @@ -13,7 +13,7 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/chat b/production/nginx/nginx/sites-available/chat index 0bd9420..ecabd93 100644 --- a/production/nginx/nginx/sites-available/chat +++ b/production/nginx/nginx/sites-available/chat @@ -13,7 +13,7 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/codimd b/production/nginx/nginx/sites-available/codimd index ba15154..7bc29e9 100644 --- a/production/nginx/nginx/sites-available/codimd +++ b/production/nginx/nginx/sites-available/codimd @@ -12,6 +12,6 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/crossposter b/production/nginx/nginx/sites-available/crossposter index f4e0c7d..2c766fe 100644 --- a/production/nginx/nginx/sites-available/crossposter +++ b/production/nginx/nginx/sites-available/crossposter @@ -15,7 +15,7 @@ server { proxy_set_header Connection "Upgrade"; # proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/defaultdrop b/production/nginx/nginx/sites-available/defaultdrop index 1fe2f2b..ec2f7be 100644 --- a/production/nginx/nginx/sites-available/defaultdrop +++ b/production/nginx/nginx/sites-available/defaultdrop @@ -30,7 +30,7 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/dvwa b/production/nginx/nginx/sites-available/dvwa index 71c86d2..4c7aa4c 100644 --- a/production/nginx/nginx/sites-available/dvwa +++ b/production/nginx/nginx/sites-available/dvwa @@ -15,6 +15,6 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/elastic b/production/nginx/nginx/sites-available/elastic index f327708..d19c2c0 100644 --- a/production/nginx/nginx/sites-available/elastic +++ b/production/nginx/nginx/sites-available/elastic @@ -15,7 +15,7 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/etherpad b/production/nginx/nginx/sites-available/etherpad index 14c9f13..0d04930 100644 --- a/production/nginx/nginx/sites-available/etherpad +++ b/production/nginx/nginx/sites-available/etherpad @@ -11,7 +11,7 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_buffering off; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/familyark b/production/nginx/nginx/sites-available/familyark index d927333..be7fbea 100644 --- a/production/nginx/nginx/sites-available/familyark +++ b/production/nginx/nginx/sites-available/familyark @@ -13,6 +13,6 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/g-plv b/production/nginx/nginx/sites-available/g-plv index 179e746..86b2bff 100644 --- a/production/nginx/nginx/sites-available/g-plv +++ b/production/nginx/nginx/sites-available/g-plv @@ -15,6 +15,6 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/gitea b/production/nginx/nginx/sites-available/gitea index 7e35354..0f12994 100644 --- a/production/nginx/nginx/sites-available/gitea +++ b/production/nginx/nginx/sites-available/gitea @@ -10,7 +10,7 @@ server { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/glances b/production/nginx/nginx/sites-available/glances index 5ff8eda..f3e60cb 100644 --- a/production/nginx/nginx/sites-available/glances +++ b/production/nginx/nginx/sites-available/glances @@ -15,6 +15,6 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/hls b/production/nginx/nginx/sites-available/hls index f8c9606..f4597de 100644 --- a/production/nginx/nginx/sites-available/hls +++ b/production/nginx/nginx/sites-available/hls @@ -31,7 +31,7 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } location /live { alias /etc/nginx/live; @@ -50,6 +50,6 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/icecast2 b/production/nginx/nginx/sites-available/icecast2 index 55453a2..8f4c427 100644 --- a/production/nginx/nginx/sites-available/icecast2 +++ b/production/nginx/nginx/sites-available/icecast2 @@ -3,7 +3,23 @@ server { listen [::]:443 ssl http2; server_name icecast.hatthieves.es music.hatthieves.es radio.hatthieves.es; client_max_body_size 2G; - location / { + location /style.css { + proxy_pass http://172.129.0.101:8000/style.css; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } + location /admin { + proxy_pass http://172.129.0.101:8000/admin; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } + location ~* \.(?:mp3|ogg|m3u|m3u8|xspf)$ { proxy_pass http://172.129.0.101:8000; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; @@ -11,5 +27,12 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_buffering off; } + location / { + proxy_pass http://172.129.0.102:3000; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_buffering off; + } } - diff --git a/production/nginx/nginx/sites-available/igunublue b/production/nginx/nginx/sites-available/igunublue index c088ce0..96c5b0f 100644 --- a/production/nginx/nginx/sites-available/igunublue +++ b/production/nginx/nginx/sites-available/igunublue @@ -13,6 +13,6 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/ipfs b/production/nginx/nginx/sites-available/ipfs index 9bfcdd7..5bf6bbb 100644 --- a/production/nginx/nginx/sites-available/ipfs +++ b/production/nginx/nginx/sites-available/ipfs @@ -14,7 +14,7 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; # add_header 'Access-Control-Allow-Origin' $http_origin; # add_header 'Access-Control-Allow-Methods' '*'; # add_header 'Access-Control-Allow-Credentials' 'true'; @@ -32,7 +32,7 @@ server { # proxy_set_header Connection "Upgrade"; # proxy_buffering off; # proxy_http_version 1.1; -# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +## add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; # } location /ipfs { proxy_pass http://172.105.0.101:8080/ipfs; @@ -48,7 +48,7 @@ server { # add_header 'Access-Control-Allow-Methods' '*'; # add_header 'Access-Control-Allow-Credentials' 'true'; # add_header 'Vary' 'Origin'; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } location /ipns { proxy_pass http://172.105.0.101:8080/ipns; @@ -64,7 +64,7 @@ server { # add_header 'Access-Control-Allow-Methods' '*'; # add_header 'Access-Control-Allow-Credentials' 'true'; # add_header 'Vary' 'Origin'; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } # location /p2p { # proxy_pass http://172.105.0.101:4002; @@ -76,7 +76,7 @@ server { # proxy_set_header Connection "Upgrade"; # proxy_buffering off; # proxy_http_version 1.1; -# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +## add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; # } # location /ws { # proxy_pass http://172.105.0.101:8081; @@ -88,7 +88,7 @@ server { # proxy_set_header Connection "Upgrade"; # proxy_buffering off; # proxy_http_version 1.1; -# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +## add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; # } # location /api { # proxy_pass http://172.105.0.101:5001/ipfs/api/v0; @@ -100,7 +100,7 @@ server { # proxy_set_header Connection "Upgrade"; # proxy_buffering off; # proxy_http_version 1.1; -# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +## add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; # add_header Access-Control-Allow-Origin '*'; # add_header Access-Control-Allow-Methods '*'; # } diff --git a/production/nginx/nginx/sites-available/jitsi b/production/nginx/nginx/sites-available/jitsi index 50d1f94..c5d0860 100644 --- a/production/nginx/nginx/sites-available/jitsi +++ b/production/nginx/nginx/sites-available/jitsi @@ -11,7 +11,7 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_buffering off; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/kanban b/production/nginx/nginx/sites-available/kanban index de3153f..62254f0 100644 --- a/production/nginx/nginx/sites-available/kanban +++ b/production/nginx/nginx/sites-available/kanban @@ -15,6 +15,6 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/kibana b/production/nginx/nginx/sites-available/kibana index f370e15..142b134 100644 --- a/production/nginx/nginx/sites-available/kibana +++ b/production/nginx/nginx/sites-available/kibana @@ -15,7 +15,7 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/mastodon b/production/nginx/nginx/sites-available/mastodon index 0bf5e97..0f54970 100644 --- a/production/nginx/nginx/sites-available/mastodon +++ b/production/nginx/nginx/sites-available/mastodon @@ -15,7 +15,7 @@ server { # proxy_set_header Connection "Upgrade"; # proxy_buffering off; # proxy_http_version 1.1; -# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +## add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; # } # location /api/v1/streaming { # proxy_set_header Host $host; @@ -29,7 +29,7 @@ server { # proxy_http_version 1.1; # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "Upgrade"; -# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +## add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; # tcp_nodelay on; # } } diff --git a/production/nginx/nginx/sites-available/meta b/production/nginx/nginx/sites-available/meta index deb1dbb..4c7498c 100644 --- a/production/nginx/nginx/sites-available/meta +++ b/production/nginx/nginx/sites-available/meta @@ -15,6 +15,6 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/mumble b/production/nginx/nginx/sites-available/mumble index 7451727..64c6e9b 100644 --- a/production/nginx/nginx/sites-available/mumble +++ b/production/nginx/nginx/sites-available/mumble @@ -12,7 +12,7 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/netdata b/production/nginx/nginx/sites-available/netdata index 32c8623..3e3d26f 100644 --- a/production/nginx/nginx/sites-available/netdata +++ b/production/nginx/nginx/sites-available/netdata @@ -14,6 +14,6 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/nextcloud b/production/nginx/nginx/sites-available/nextcloud index 94fee06..3c0d9a8 100644 --- a/production/nginx/nginx/sites-available/nextcloud +++ b/production/nginx/nginx/sites-available/nextcloud @@ -14,8 +14,12 @@ server { proxy_http_version 1.1; rewrite ^/\.well-known/carddav(.*)$ /remote.php/dav$1 redirect; rewrite ^/\.well-known/caldav(.*)$ /remote.php/dav$1 redirect; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +## add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + add_header X-Frame-Options ""; + add_header X-Download-Options ""; + add_header X-Content-Type-Options ""; + add_header X-Permitted-Cross-Domain-Policies ""; } } diff --git a/production/nginx/nginx/sites-available/p2p b/production/nginx/nginx/sites-available/p2p index 9ae65b2..c710818 100644 --- a/production/nginx/nginx/sites-available/p2p +++ b/production/nginx/nginx/sites-available/p2p @@ -11,7 +11,7 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_buffering off; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; add_header 'Access-Control-Allow-Origin' $http_origin; add_header 'Access-Control-Allow-Methods' '*'; add_header 'Access-Control-Allow-Credentials' 'true'; @@ -26,7 +26,7 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_buffering off; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/peertube b/production/nginx/nginx/sites-available/peertube index 447450f..ac61a4d 100644 --- a/production/nginx/nginx/sites-available/peertube +++ b/production/nginx/nginx/sites-available/peertube @@ -13,7 +13,7 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/pleroma b/production/nginx/nginx/sites-available/pleroma index 8a29f5a..b7afcf4 100644 --- a/production/nginx/nginx/sites-available/pleroma +++ b/production/nginx/nginx/sites-available/pleroma @@ -13,7 +13,7 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/pleroma-old b/production/nginx/nginx/sites-available/pleroma-old index 3ba8e5a..ec13cc4 100644 --- a/production/nginx/nginx/sites-available/pleroma-old +++ b/production/nginx/nginx/sites-available/pleroma-old @@ -14,7 +14,7 @@ server { # proxy_set_header Connection "Upgrade"; # proxy_buffering off; # proxy_http_version 1.1; -# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +## add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; # } } diff --git a/production/nginx/nginx/sites-available/privatebin b/production/nginx/nginx/sites-available/privatebin index 236a85f..e6410d3 100644 --- a/production/nginx/nginx/sites-available/privatebin +++ b/production/nginx/nginx/sites-available/privatebin @@ -13,7 +13,7 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/rocketchat b/production/nginx/nginx/sites-available/rocketchat index 041c31d..5634d95 100644 --- a/production/nginx/nginx/sites-available/rocketchat +++ b/production/nginx/nginx/sites-available/rocketchat @@ -12,7 +12,7 @@ server { proxy_set_header Connection "Upgrade"; proxy_http_version 1.1; proxy_buffering off; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/salva b/production/nginx/nginx/sites-available/salva index 0d44abc..7f458a2 100644 --- a/production/nginx/nginx/sites-available/salva +++ b/production/nginx/nginx/sites-available/salva @@ -13,6 +13,6 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/tail b/production/nginx/nginx/sites-available/tail index 647fd01..18f75ab 100644 --- a/production/nginx/nginx/sites-available/tail +++ b/production/nginx/nginx/sites-available/tail @@ -15,7 +15,7 @@ server { # proxy_set_header Upgrade $http_upgrade; # proxy_set_header Connection "Upgrade"; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; http2_push_preload on; proxy_socket_keepalive on; proxy_connect_timeout 5m; diff --git a/production/nginx/nginx/sites-available/theia b/production/nginx/nginx/sites-available/theia index 5d7a3c4..45ab147 100644 --- a/production/nginx/nginx/sites-available/theia +++ b/production/nginx/nginx/sites-available/theia @@ -13,7 +13,7 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_buffering off; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/traefik b/production/nginx/nginx/sites-available/traefik index 238b9d2..34071c3 100644 --- a/production/nginx/nginx/sites-available/traefik +++ b/production/nginx/nginx/sites-available/traefik @@ -15,6 +15,6 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/video b/production/nginx/nginx/sites-available/video index 2921de2..401c5d1 100644 --- a/production/nginx/nginx/sites-available/video +++ b/production/nginx/nginx/sites-available/video @@ -11,7 +11,7 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_buffering off; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/voip b/production/nginx/nginx/sites-available/voip index 1f3ba70..8181702 100644 --- a/production/nginx/nginx/sites-available/voip +++ b/production/nginx/nginx/sites-available/voip @@ -12,7 +12,7 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/webdav b/production/nginx/nginx/sites-available/webdav index 8da6ac3..bb1a0a5 100644 --- a/production/nginx/nginx/sites-available/webdav +++ b/production/nginx/nginx/sites-available/webdav @@ -12,7 +12,7 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_buffering off; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; add_header 'Access-Control-Allow-Origin' $http_origin; add_header 'Access-Control-Allow-Methods' 'PUT, POST, GET, OPTIONS'; add_header 'Access-Control-Allow-Credentials' 'true'; diff --git a/production/nginx/nginx/sites-available/webmail b/production/nginx/nginx/sites-available/webmail index 94ae411..6099ea0 100644 --- a/production/nginx/nginx/sites-available/webmail +++ b/production/nginx/nginx/sites-available/webmail @@ -12,7 +12,7 @@ server { proxy_set_header Connection "Upgrade"; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/nginx/nginx/sites-available/wordpress b/production/nginx/nginx/sites-available/wordpress index 2654961..798c76e 100644 --- a/production/nginx/nginx/sites-available/wordpress +++ b/production/nginx/nginx/sites-available/wordpress @@ -14,6 +14,7 @@ server { proxy_set_header Connection 'Upgrade'; proxy_buffering off; proxy_http_version 1.1; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; + add_header X-Frame-Options ""; } } diff --git a/production/nginx/nginx/sites-available/wtorrent b/production/nginx/nginx/sites-available/wtorrent index 7488683..a3aa06c 100644 --- a/production/nginx/nginx/sites-available/wtorrent +++ b/production/nginx/nginx/sites-available/wtorrent @@ -11,7 +11,7 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_buffering off; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } location /ws { proxy_pass http://172.24.0.101:8888; @@ -22,7 +22,7 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_buffering off; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } location /tracker { proxy_pass http://172.24.0.101:8888; @@ -33,7 +33,7 @@ server { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_buffering off; - add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; +# add_header Alt-Svc 'h3-25=":443"; ma=3600, h2=":443"; ma=3600'; } } diff --git a/production/pleroma/docker-compose.yml b/production/pleroma/docker-compose.yml index 2d55016..01cbdae 100644 --- a/production/pleroma/docker-compose.yml +++ b/production/pleroma/docker-compose.yml @@ -10,11 +10,12 @@ services: # - /bin/sleep # - infinity volumes: -# - ./pleroma/config:/etc/pleroma - ./pleroma/uploads:/var/lib/pleroma/uploads - - ./pleroma/config.exs:/etc/pleroma/config.exs:ro -# - ./pleroma/vm.args.eex:/pleroma/rel/vm.args.eex + - ./pleroma/config/config.exs:/etc/pleroma/config.exs:ro + - ./pleroma/config/prod.exs:/etc/pleroma/prod.exs:ro - ./pleroma/terms-of-service.html:/var/lib/pleroma/static/static/terms-of-service.html:ro +# - ./pleroma/config:/etc/pleroma +# - ./pleroma/vm.args.eex:/pleroma/rel/vm.args.eex # - ./pleroma/emojis:/pleroma/priv/static/emoji/custom/images:ro # - ./pleroma/images:/pleroma/priv/static/static/images:ro # - ./pleroma/custom_emoji.txt:/pleroma/config/custom_emoji.txt:ro @@ -33,7 +34,7 @@ services: ipv4_address: 172.2.0.101 postgres: - image: postgres + image: postgres:12 hostname: postgres-pleroma container_name: postgres-pleroma restart: always diff --git a/production/pleroma/pleroma/config/config.exs b/production/pleroma/pleroma/config/config.exs index f97f18e..193ba85 100644 --- a/production/pleroma/pleroma/config/config.exs +++ b/production/pleroma/pleroma/config/config.exs @@ -41,7 +41,7 @@ # # This configuration file is loaded before any dependency and # is restricted to this project. -use Mix.Config +import Config # General application configuration config :pleroma, ecto_repos: [Pleroma.Repo] @@ -97,6 +97,7 @@ config :pleroma, :uri_schemes, "dat", "dweb", "gopher", + "hyper", "ipfs", "ipns", "irc", @@ -186,7 +187,9 @@ config :pleroma, :instance, notify_email: "noreply@example.com", description: "Pleroma: An efficient and flexible fediverse server", background_image: "/images/city.jpg", + instance_thumbnail: "/instance/thumbnail.jpeg", limit: 5_000, + description_limit: 5_000, chat_limit: 5_000, remote_limit: 100_000, upload_limit: 16_000_000, @@ -202,6 +205,7 @@ config :pleroma, :instance, registrations_open: true, invites_enabled: false, account_activation_required: false, + account_approval_required: false, federating: true, federation_incoming_replies_max_depth: 100, federation_reachability_timeout_days: 7, @@ -209,7 +213,6 @@ config :pleroma, :instance, Pleroma.Web.ActivityPub.Publisher ], allow_relay: true, - rewrite_policy: Pleroma.Web.ActivityPub.MRF.NoOpPolicy, public: true, quarantined_instances: [], managed_config: true, @@ -220,13 +223,9 @@ config :pleroma, :instance, "text/markdown", "text/bbcode" ], - mrf_transparency: true, - mrf_transparency_exclusions: [], autofollowed_nicknames: [], max_pinned_statuses: 1, attachment_links: false, - welcome_user_nickname: nil, - welcome_message: nil, max_report_comment_size: 1000, safe_dm_mentions: false, healthcheck: false, @@ -239,6 +238,7 @@ config :pleroma, :instance, max_remote_account_fields: 20, account_field_name_length: 512, account_field_value_length: 2048, + registration_reason_length: 500, external_user_synchronization: true, extended_nickname_format: true, cleanup_attachments: false, @@ -252,6 +252,26 @@ config :pleroma, :instance, number: 5, length: 16 ] + ], + show_reactions: true + +config :pleroma, :welcome, + direct_message: [ + enabled: false, + sender_nickname: nil, + message: nil + ], + chat_message: [ + enabled: false, + sender_nickname: nil, + message: nil + ], + email: [ + enabled: false, + sender: nil, + subject: "Welcome to <%= instance_name %>", + html: "Welcome to <%= instance_name %>", + text: "Welcome to <%= instance_name %>" ] config :pleroma, :feed, @@ -359,6 +379,7 @@ config :pleroma, :mrf_simple, federated_timeline_removal: [], report_removal: [], reject: [], + followers_only: [], accept: [], avatar_removal: [], banner_removal: [], @@ -371,12 +392,16 @@ config :pleroma, :mrf_keyword, config :pleroma, :mrf_subchain, match_actor: %{} +config :pleroma, :mrf_activity_expiration, days: 365 + config :pleroma, :mrf_vocabulary, accept: [], reject: [] +# threshold of 7 days config :pleroma, :mrf_object_age, threshold: 172_800, + threshold: 604_800, actions: [:delist, :strip_followers] config :pleroma, :rich_media, @@ -406,6 +431,13 @@ config :pleroma, :media_proxy, ], whitelist: [] +config :pleroma, Pleroma.Web.MediaProxy.Invalidation.Http, + method: :purge, + headers: [], + options: [] + +config :pleroma, Pleroma.Web.MediaProxy.Invalidation.Script, script_path: nil + config :pleroma, :chat, enabled: true config :phoenix, :format_encoders, json: Jason @@ -428,6 +460,11 @@ config :pleroma, Pleroma.Web.Metadata, ], unfurl_nsfw: false +config :pleroma, Pleroma.Web.Preload, + providers: [ + Pleroma.Web.Preload.Providers.Instance + ] + config :pleroma, :http_security, enabled: true, sts: false, @@ -480,13 +517,13 @@ config :pleroma, Pleroma.User, "user-search", "user_exists", "users", - "web" + "web", + "hatthieves" ] config :pleroma, Oban, repo: Pleroma.Repo, - verbose: false, - prune: {:maxlen, 1500}, + log: false, queues: [ activity_expiration: 10, federator_incoming: 50, @@ -500,6 +537,7 @@ config :pleroma, Oban, attachments_cleanup: 5, new_users_digest: 1 ], + plugins: [Oban.Plugins.Pruner], crontab: [ {"0 0 * * *", Pleroma.Workers.Cron.ClearOauthTokenWorker}, {"0 * * * *", Pleroma.Workers.Cron.StatsWorker}, @@ -525,6 +563,15 @@ config :auto_linker, rel: "ugc" ] +config :pleroma, Pleroma.Formatter, + class: false, + rel: "ugc", + new_window: false, + truncate: false, + strip_prefix: false, + extra: true, + validate_tld: :no_scheme + config :pleroma, :ldap, enabled: System.get_env("LDAP_ENABLED") == "true", host: System.get_env("LDAP_HOST") || "localhost", @@ -598,7 +645,7 @@ config :pleroma, :oauth2, config :pleroma, :database, rum_enabled: false -config :pleroma, :env, Mix.env() +#config :pleroma, :env, Mix.env() config :http_signatures, adapter: Pleroma.Signature @@ -622,6 +669,16 @@ config :pleroma, Pleroma.Plugs.RemoteIp, enabled: true config :pleroma, :static_fe, enabled: false +# Example of frontend configuration +# This example will make us serve the primary frontend from the +# frontends directory within your `:pleroma, :instance, static_dir`. +# e.g., instance/static/frontends/pleroma/develop/ +# +# With no frontend configuration, the bundled files from the `static` directory will +# be used. +# +# config :pleroma, :frontends, primary: %{"name" => "pleroma", "ref" => "develop"} + config :pleroma, :web_cache_ttl, activity_pub: nil, activity_pub_question: 30_000 @@ -636,31 +693,40 @@ config :pleroma, Pleroma.Repo, config :pleroma, :connections_pool, checkin_timeout: 250, + reclaim_multiplier: 0.1, + connection_acquisition_wait: 250, + connection_acquisition_retries: 5, max_connections: 250, retry: 1, retry_timeout: 1000, + max_idle_time: 30_000, + retry: 0, await_up_timeout: 5_000 config :pleroma, :pools, federation: [ size: 50, max_overflow: 10, - timeout: 150_000 + timeout: 150_000, + max_waiting: 10 ], media: [ size: 50, max_overflow: 10, - timeout: 150_000 + timeout: 150_000, + max_waiting: 10 ], upload: [ size: 25, max_overflow: 5, - timeout: 300_000 + timeout: 300_000, + max_waiting: 5 ], default: [ size: 10, max_overflow: 2, - timeout: 10_000 + timeout: 10_000, + max_waiting: 2 ] config :pleroma, :hackney_pools, @@ -684,7 +750,17 @@ config :pleroma, :restrict_unauthenticated, config :pleroma, Pleroma.Web.ApiSpec.CastAndValidate, strict: false +config :pleroma, :mrf, + policies: Pleroma.Web.ActivityPub.MRF.ObjectAgePolicy, + transparency: true, + transparency_exclusions: [] + +config :tzdata, :http_client, Pleroma.HTTP.Tzdata + +config :ex_aws, http_client: Pleroma.HTTP.ExAws + +config :pleroma, :instances_favicons, enabled: false + # Import environment specific config. This must remain at the bottom # of this file so it overrides the configuration defined above. -import_config "#{Mix.env()}.exs" - +import_config "prod.exs" diff --git a/production/pleroma/pleroma/config/prod.exs b/production/pleroma/pleroma/config/prod.exs index 2800db4..9fcb2b6 100644 --- a/production/pleroma/pleroma/config/prod.exs +++ b/production/pleroma/pleroma/config/prod.exs @@ -3,43 +3,106 @@ # NOTE: This file should not be committed to a repo or otherwise made public # without removing sensitive information. -use Mix.Config +import Config # Configures the endpoint -websocket_config = [ - path: "/socket", - serializer: [ - {Phoenix.Socket.V1.JSONSerializer, "~> 1.0.0"}, - {Phoenix.Socket.V2.JSONSerializer, "~> 2.0.0"} - ], - timeout: 60_000, - transport_log: false, - compress: false -] - config :pleroma, Pleroma.Web.Endpoint, - url: [host: "social.hatthieves.es", scheme: "https", port: 443], - secret_key_base: "cXHImR89EePUjWdclU3vJUr8ZiGQiKLalhU9AMsEY5YnSG2e6MLzjmVwmxCztqa8", - signing_salt: "g0uP6uv4", - instrumenters: [Pleroma.Web.Endpoint.Instrumenter], - http: [ - dispatch: [ - {:_, - [ - {"/api/v1/streaming", Pleroma.Web.MastodonAPI.WebsocketHandler, []}, - {"/socket", Phoenix.Endpoint.CowboyWebSocket, - {Phoenix.Transports.WebSocket, - {Pleroma.Web.Endpoint, Pleroma.Web.UserSocket, websocket_config}}}, - {:_, Phoenix.Endpoint.Cowboy2Handler, {Pleroma.Web.Endpoint, []}} - ]} - ], - port: 4000, - ip: {0, 0, 0, 0} -# ip: {172, 2, 0, 101} + url: [host: "pleroma.hatthieves.es", scheme: "https", port: 443], + secret_key_base: "cXHImR89EePUjWdclU3vJUr8ZiGQiKLalhU9AMsEY5YnSG2e6MLzjmVwmxCztqa8", + signing_salt: "g0uP6uv4", + http: [ip: {0, 0, 0, 0}, port: 4000] + +config :pleroma, :instance, + name: "HatThieves's Pleroma", + email: "info@hatthieves.es", + notify_email: "info@hatthieves.es", + limit: 8192, + registrations_open: true, + dedupe_media: true, + upload_limit: 25_000_000, + federating: true, + allow_relay: true, + public: true, + quarantined_instances: [], + dynamic_configuration: true + +config :logger, :console, + level: :info, + format: "\n$time $metadata[$level] $message\n", + metadata: [:request_id] + +#config :mime, :types, %{ +# "application/xml" => ["xml"], +# "application/xrd+xml" => ["xrd+xml"], +# "application/activity+json" => ["activity+json"], +# "application/ld+json" => ["activity+json"] +#} + +#config :pleroma, :websub, Pleroma.Web.Websub +#config :pleroma, :ostatus, Pleroma.Web.OStatus +#config :pleroma, :httpoison, Pleroma.HTTP + +#version = +# with {version, 0} <- System.cmd("git", ["rev-parse", "HEAD"]) do +# "Pleroma #{Mix.Project.config()[:version]} #{String.trim(version)}" +# else +# _ -> "Pleroma #{Mix.Project.config()[:version]} dev" +# end + +# Configures http settings, upstream proxy etc. +config :pleroma, :http, proxy_url: nil + +config :pleroma, configurable_from_database: true + +config :pleroma, :activitypub, + accept_blocks: true, + unfollow_blocked: true, + outgoing_blocks: true + +config :pleroma, :hackney_pools, + federation: [ + max_connections: 200, + timeout: 300_000 ], - render_errors: [view: Pleroma.Web.ErrorView, accepts: ~w(json)], - pubsub: [name: Pleroma.PubSub, adapter: Phoenix.PubSub.PG2], - secure_cookie_flag: true + media: [ + max_connections: 100, + timeout: 300_000 + ], + upload: [ + max_connections: 100, + timeout: 500_000 + ] + +config :pleroma, :streamer, + workers: 15, + overflow_workers: 10 + +#config :pleroma, Pleroma.Uploaders.S3, s3_bucket: nil + +#config :pleroma, :emoji, shortcode_globs: ["/emoji/custom/**/*.png"] + +#config :pleroma, :uri_schemes, additionnal_schemes: [] + +#config :pleroma, :user, deny_follow_blocked: true + +config :pleroma, :mrf_rejectnonpublic, + allow_followersonly: false, + allow_direct: false + +config :pleroma, :mrf_simple, + media_removal: ["humblr.social","librem.one","quey.org","social.politicaconciencia.net","switter.at","7td.org","animalliberation.social","anime.website","barrag.net","bikeshed.party","blob.cat","busshi.moe","carnal-gabhub.ptotohype.net","carrot.army","cliterati.club","develop.gab.com","dickkickextremist.xyz","dogeposting.social","ekrem.develop.gab","expired.mentality.rip","fedi.absturztau.be","floppy.tokyo","freespeechextremist.com","freezepeach.xyz","gab.ai","gabble.xyz","gab.com","gabfed.com","gab.io","gab.polaris-1.work","gab.sleeck.eu","gleasonator.com","glindr.org","gnusocial.no","gs.smuglo.li","hagra.net","hitchhicker.social","hitchhiker.social","husk.site","inditoot.com","justicewarrior.social","kiwifarms.cc","ligma.pro","mastodon.starrevolution.org","neenster.org","not-develop.gab.com","npf.mlpol.net","pawoo.net","peertube.uno","pl.skyn3t.in","pl.smuglo.li","prout.social","qoto.org","search.fedi.app","shitposter.club","social.byoblu.com","social.sunshinegardens.org","socnet.supes.com","spinster.xyz","tube.gnous.eu","us.tv","uwu.social","video.nobodyhasthe.biz","witches.live","yggdrasil.social"], + media_nsfw: [], + federated_timeline_removal: ["humblr.social","librem.one","quey.org","social.politicaconciencia.net","switter.at","7td.org","animalliberation.social","anime.website","barrag.net","bikeshed.party","blob.cat","busshi.moe","carnal-gabhub.ptotohype.net","carrot.army","cliterati.club","develop.gab.com","dickkickextremist.xyz","dogeposting.social","ekrem.develop.gab","expired.mentality.rip","fedi.absturztau.be","floppy.tokyo","freespeechextremist.com","freezepeach.xyz","gab.ai","gabble.xyz","gab.com","gabfed.com","gab.io","gab.polaris-1.work","gab.sleeck.eu","gleasonator.com","glindr.org","gnusocial.no","gs.smuglo.li","hagra.net","hitchhicker.social","hitchhiker.social","husk.site","inditoot.com","justicewarrior.social","kiwifarms.cc","ligma.pro","mastodon.starrevolution.org","neenster.org","not-develop.gab.com","npf.mlpol.net","pawoo.net","peertube.uno","pl.skyn3t.in","pl.smuglo.li","prout.social","qoto.org","search.fedi.app","shitposter.club","social.byoblu.com","social.sunshinegardens.org","socnet.supes.com","spinster.xyz","tube.gnous.eu","us.tv","uwu.social","video.nobodyhasthe.biz","witches.live","yggdrasil.social"], + report_removal: ["humblr.social","librem.one","quey.org","social.politicaconciencia.net","switter.at","7td.org","animalliberation.social","anime.website","barrag.net","bikeshed.party","blob.cat","busshi.moe","carnal-gabhub.ptotohype.net","carrot.army","cliterati.club","develop.gab.com","dickkickextremist.xyz","dogeposting.social","ekrem.develop.gab","expired.mentality.rip","fedi.absturztau.be","floppy.tokyo","freespeechextremist.com","freezepeach.xyz","gab.ai","gabble.xyz","gab.com","gabfed.com","gab.io","gab.polaris-1.work","gab.sleeck.eu","gleasonator.com","glindr.org","gnusocial.no","gs.smuglo.li","hagra.net","hitchhicker.social","hitchhiker.social","husk.site","inditoot.com","justicewarrior.social","kiwifarms.cc","ligma.pro","mastodon.starrevolution.org","neenster.org","not-develop.gab.com","npf.mlpol.net","pawoo.net","peertube.uno","pl.skyn3t.in","pl.smuglo.li","prout.social","qoto.org","search.fedi.app","shitposter.club","social.byoblu.com","social.sunshinegardens.org","socnet.supes.com","spinster.xyz","tube.gnous.eu","us.tv","uwu.social","video.nobodyhasthe.biz","witches.live","yggdrasil.social"], + reject: ["humblr.social","librem.one","quey.org","social.politicaconciencia.net","switter.at","7td.org","animalliberation.social","anime.website","barrag.net","bikeshed.party","blob.cat","busshi.moe","carnal-gabhub.ptotohype.net","carrot.army","cliterati.club","develop.gab.com","dickkickextremist.xyz","dogeposting.social","ekrem.develop.gab","expired.mentality.rip","fedi.absturztau.be","floppy.tokyo","freespeechextremist.com","freezepeach.xyz","gab.ai","gabble.xyz","gab.com","gabfed.com","gab.io","gab.polaris-1.work","gab.sleeck.eu","gleasonator.com","glindr.org","gnusocial.no","gs.smuglo.li","hagra.net","hitchhicker.social","hitchhiker.social","husk.site","inditoot.com","justicewarrior.social","kiwifarms.cc","ligma.pro","mastodon.starrevolution.org","neenster.org","not-develop.gab.com","npf.mlpol.net","pawoo.net","peertube.uno","pl.skyn3t.in","pl.smuglo.li","prout.social","qoto.org","search.fedi.app","shitposter.club","social.byoblu.com","social.sunshinegardens.org","socnet.supes.com","spinster.xyz","tube.gnous.eu","us.tv","uwu.social","video.nobodyhasthe.biz","witches.live","yggdrasil.social"], + accept: [], + avatar_removal: ["humblr.social","librem.one","quey.org","social.politicaconciencia.net","switter.at","7td.org","animalliberation.social","anime.website","barrag.net","bikeshed.party","blob.cat","busshi.moe","carnal-gabhub.ptotohype.net","carrot.army","cliterati.club","develop.gab.com","dickkickextremist.xyz","dogeposting.social","ekrem.develop.gab","expired.mentality.rip","fedi.absturztau.be","floppy.tokyo","freespeechextremist.com","freezepeach.xyz","gab.ai","gabble.xyz","gab.com","gabfed.com","gab.io","gab.polaris-1.work","gab.sleeck.eu","gleasonator.com","glindr.org","gnusocial.no","gs.smuglo.li","hagra.net","hitchhicker.social","hitchhiker.social","husk.site","inditoot.com","justicewarrior.social","kiwifarms.cc","ligma.pro","mastodon.starrevolution.org","neenster.org","not-develop.gab.com","npf.mlpol.net","pawoo.net","peertube.uno","pl.skyn3t.in","pl.smuglo.li","prout.social","qoto.org","search.fedi.app","shitposter.club","social.byoblu.com","social.sunshinegardens.org","socnet.supes.com","spinster.xyz","tube.gnous.eu","us.tv","uwu.social","video.nobodyhasthe.biz","witches.live","yggdrasil.social"], + banner_removal: ["humblr.social","librem.one","quey.org","social.politicaconciencia.net","switter.at","7td.org","animalliberation.social","anime.website","barrag.net","bikeshed.party","blob.cat","busshi.moe","carnal-gabhub.ptotohype.net","carrot.army","cliterati.club","develop.gab.com","dickkickextremist.xyz","dogeposting.social","ekrem.develop.gab","expired.mentality.rip","fedi.absturztau.be","floppy.tokyo","freespeechextremist.com","freezepeach.xyz","gab.ai","gabble.xyz","gab.com","gabfed.com","gab.io","gab.polaris-1.work","gab.sleeck.eu","gleasonator.com","glindr.org","gnusocial.no","gs.smuglo.li","hagra.net","hitchhicker.social","hitchhiker.social","husk.site","inditoot.com","justicewarrior.social","kiwifarms.cc","ligma.pro","mastodon.starrevolution.org","neenster.org","not-develop.gab.com","npf.mlpol.net","pawoo.net","peertube.uno","pl.skyn3t.in","pl.smuglo.li","prout.social","qoto.org","search.fedi.app","shitposter.club","social.byoblu.com","social.sunshinegardens.org","socnet.supes.com","spinster.xyz","tube.gnous.eu","us.tv","uwu.social","video.nobodyhasthe.biz","witches.live","yggdrasil.social"] + +config :pleroma, :media_proxy, + enabled: false, + redirect_on_failure: true + #base_url: "https://cache.pleroma.social" config :pleroma, Pleroma.Repo, adapter: Ecto.Adapters.Postgres, @@ -47,81 +110,8 @@ config :pleroma, Pleroma.Repo, password: "pl3r0m4.", database: "pleroma", hostname: "172.2.0.102", - pool_size: 150 - -config :pleroma, :instance, - name: "HatThieves/Pleroma", - email: "info@hatthieves.es", - notify_email: "info@hatthieves.es", - limit: 5000, - registrations_open: true, - dedupe_media: true, - upload_limit: 25_000_000, - federating: true, - allow_relay: true, - rewrite_policy: Pleroma.Web.ActivityPub.MRF.NoOpPolicy, - public: true, - quarantined_instances: [], - dynamic_configuration: true, - managed_config: true - -config :logger, :console, - format: "$time $metadata[$level] $message\n", - metadata: [:request_id] - -config :pleroma, :frontend_configurations, - pleroma_fe: %{ - theme: "monokai", - background: "/static/aurora_borealis.jpg", - logo: "/static/logo.png", - logoMask: true, - logoMargin: ".1em", - redirectRootNoLogin: "/main/all", - redirectRootLogin: "/main/friends", - chatDisabled: false, - showInstanceSpecificPanel: true, - collapseMessageWithSubject: false, - scopeCopy: true, - subjectLineBehavior: "email", - postContentType: "text/plain", - alwaysShowSubjectInput: true, - hidePostStats: false, - hideUserStats: false, - loginMethod: "password", - webPushNotifications: true, - noAttachmentLinks: false, - nsfwCensorImage: "", - showFeaturesPanel: true, - minimalScopesMode: false - }, - masto_fe: %{ - showInstanceSpecificPanel: true - } - -config :pleroma, :hackney_pools, - federation: [ - max_connections: 130, - timeout: 150_000 - ], - media: [ - max_connections: 50, - timeout: 150_000 - ], - upload: [ - max_connections: 50, - timeout: 300_000 - ] - -config :logger, :console, - level: :error, - format: "$metadata[$level] $message", - metadata: [:request_id] - -config :logger, :ex_syslogger, - level: :error, - ident: "pleroma", - format: "$metadata[$level] $message", - metadata: [:request_id] + pool_size: 200 +# timeout: 50000 # Configure web push notifications config :web_push_encryption, :vapid_details, @@ -129,31 +119,66 @@ config :web_push_encryption, :vapid_details, public_key: "BF7FikUMwkHL_bbWDaoJwzRep41IqeBz4JzMEMbHTJYGBAgDx-qRHUh-A1BAxlmCBDNdpexFEfONt8xEzvhEQAw", private_key: "t0FMHZsmzkZ1cXjI86ttRDlm_vzLiWQcMc8fhljqooY" -config :pleroma, Pleroma.Upload, - uploader: Pleroma.Uploaders.Local, - filters: [Pleroma.Upload.Filter.Dedupe], - link_name: true, - proxy_remote: false, - proxy_opts: [ - redirect_on_failure: false, - max_body_length: 25 * 1_048_576, - http: [ - follow_redirect: true, - pool: :upload - ] - ] +# Enable Strict-Transport-Security once SSL is working: +# config :pleroma, :http_security, +# sts: true -config :pleroma, Pleroma.Uploaders.Local, uploads: "uploads" +# Configure S3 support if desired. +# The public S3 endpoint is different depending on region and provider, +# consult your S3 provider's documentation for details on what to use. +# +# config :pleroma, Pleroma.Uploaders.S3, +# bucket: "some-bucket", +# public_endpoint: "https://s3.amazonaws.com" +# +# Configure S3 credentials: +# config :ex_aws, :s3, +# access_key_id: "xxxxxxxxxxxxx", +# secret_access_key: "yyyyyyyyyyyy", +# region: "us-east-1", +# scheme: "https://" +# +# For using third-party S3 clones like wasabi, also do: +# config :ex_aws, :s3, +# host: "s3.wasabisys.com" -config :pleroma, :chat, enabled: false + +# Configure Openstack Swift support if desired. +# +# Many openstack deployments are different, so config is left very open with +# no assumptions made on which provider you're using. This should allow very +# wide support without needing separate handlers for OVH, Rackspace, etc. +# +# config :pleroma, Pleroma.Uploaders.Swift, +# container: "some-container", +# username: "api-username-yyyy", +# password: "api-key-xxxx", +# tenant_id: "", +# auth_url: "https://keystone-endpoint.provider.com", +# storage_url: "https://swift-endpoint.prodider.com/v1/AUTH_/", +# object_url: "https://cdn-endpoint.provider.com/" +# + +#config :pleroma, Pleroma.Upload, +# uploader: Pleroma.Uploaders.Local, +# filters: [Pleroma.Upload.Filter.Dedupe], +# link_name: true, +# proxy_remote: true, +# proxy_opts: [ +# redirect_on_failure: false, +# max_body_length: 25 * 1_048_576, +# http: [ +# follow_redirect: true, +# pool: :upload +# ] +# ] + +#config :pleroma, Pleroma.Uploaders.Local, uploads: "uploads" + +config :pleroma, :chat, enabled: true config :phoenix, :format_encoders, json: Jason -config :pleroma, :gopher, - enabled: true, - ip: {172,2,0,101}, - port: 9999 - config :pleroma, :suggestions, enabled: true, third_party_engine: @@ -161,8 +186,11 @@ config :pleroma, :suggestions, timeout: 300_000, web: "https://vinayaka.distsn.org/?{{host}}+{{user}}" -#config :pleroma_job_queue, :queues, -# federator_incoming: 100, -# federator_outgoing: 100 +config :pleroma, :instance, static_dir: "/var/lib/pleroma/static" +config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads" + +config :pleroma, :mrf, + policies: Pleroma.Web.ActivityPub.MRF.SimplePolicy, + transparency: true, + transparency_exclusions: [] -import_config "#{Mix.env()}.secret.exs" diff --git a/production/pleroma/pleroma/config/prod.secret.exs b/production/pleroma/pleroma/config/prod.secret.exs index 6c8cb71..d763878 100644 --- a/production/pleroma/pleroma/config/prod.secret.exs +++ b/production/pleroma/pleroma/config/prod.secret.exs @@ -179,7 +179,7 @@ config :pleroma, :chat, enabled: true config :phoenix, :format_encoders, json: Jason config :pleroma, :gopher, - enabled: true, + enabled: false, ip: {172, 2, 0, 101}, port: 9999 diff --git a/production/prosody/docker-compose.yml b/production/prosody/docker-compose.yml index e5bdb29..a7f8d4e 100644 --- a/production/prosody/docker-compose.yml +++ b/production/prosody/docker-compose.yml @@ -2,8 +2,8 @@ version: '2' services: prosody: - build: ./prosody -# image: 'prosody/prosody' +# build: ./prosody + image: 'prosody/prosody' hostname: prosody container_name: prosody restart: always diff --git a/production/rocket/docker-compose.yml b/production/rocket/docker-compose.yml index 0608cf9..2c924ed 100644 --- a/production/rocket/docker-compose.yml +++ b/production/rocket/docker-compose.yml @@ -1,7 +1,7 @@ version: '2' services: db-rocketchat1: - image: mongo + image: mongo:4.2 restart: always container_name: db-rocketchat1 hostname: db-rocketchat1 @@ -14,11 +14,14 @@ services: ipv4_address: 172.133.0.99 db-rocketchat2: - image: mongo + image: mongo:4.2 restart: always container_name: db-rocketchat2 hostname: db-rocketchat2 - command: --keyFile /opt/keyfile --replSet "rs0" +# command: --keyFile /opt/keyfile --replSet "rs0" --repair + entrypoint: + - /bin/sleep + - infinity volumes: - ./mongo/data2:/data/db - ./mongo/mongodb-keyfile:/opt/keyfile diff --git a/production/wordpress/docker-compose.yml b/production/wordpress/docker-compose.yml index 76c1f56..c91e151 100644 --- a/production/wordpress/docker-compose.yml +++ b/production/wordpress/docker-compose.yml @@ -19,6 +19,7 @@ services: - ./wordpress/header.php:/usr/src/wordpress/wp-content/themes/twentyseventeen/header.php - ./wordpress/footer.php:/usr/src/wordpress/wp-content/themes/twentyseventeen/footer.php - ./wordpress/google258093a68d45ac64.html:/var/www/html/google258093a68d45ac64.html + - ./wordpress/ads.txt:/var/www/html/ads.txt - ./wordpress/htaccess:/var/www/html/.htaccess - ./wordpress/wp-content:/var/www/html/wp-content - ./wordpress/apache2.conf:/etc/apache2/apache2.conf:ro diff --git a/scripts/docker-clear b/scripts/docker-clear index 34a929f..211c504 100755 --- a/scripts/docker-clear +++ b/scripts/docker-clear @@ -1,3 +1,4 @@ #/bin/bash docker system prune -f -a +docker system prune -f --volumes truncate -s 0 /var/lib/docker/containers/*/*-json.log diff --git a/scripts/update-certs.sh b/scripts/update-certs.sh index 125d8ce..2397818 100755 --- a/scripts/update-certs.sh +++ b/scripts/update-certs.sh @@ -1,12 +1,13 @@ #!/bin/bash +RUTA=/opt/docker/production # dehydrated -c -t dns-01 -o /root/letsencrypt -d "hatthieves.es *.hatthieves.es" -k /etc/dehydrated/manual.rb cat /root/letsencrypt/hatthieves.es/fullchain.pem > /opt/docker/secure/fullchain.pem cat /root/letsencrypt/hatthieves.es/privkey.pem > /opt/docker/secure/privkey.pem -cd /opt/docker/nginx; docker-compose down; docker-compose up -d -cd /opt/docker/haraka-wildduck; docker-compose down; docker-compose up -d -cd /opt/docker/prosody; docker-compose down; docker-compose up -d -cd /opt/docker/coturn; docker-compose down; docker-compose up -d -cd /opt/docker/mumble; docker-compose down; docker-compose up -d -cd /opt/docker/rocket; docker-compose down; docker-compose up -d +cd $RUTA/nginx; docker-compose down; docker-compose up -d +cd $RUTA/haraka-wildduck; docker-compose down; docker-compose up -d +cd $RUTA/prosody; docker-compose down; docker-compose up -d +cd $RUTA/coturn; docker-compose down; docker-compose up -d +cd $RUTA/mumble; docker-compose down; docker-compose up -d +#cd $RUTA/rocket; docker-compose down; docker-compose up -d echo -e "\nCERTS UPDATED!! :-)" exit 0