fix
This commit is contained in:
parent
641633d2be
commit
218a4903f7
@ -1,31 +0,0 @@
|
|||||||
FROM alpine
|
|
||||||
RUN apk update;apk add bash exiftool libmagic ncurses-libs musl sudo bash curl nginx unzip postgresql postgresql-contrib certbot busybox imagemagick ffmpeg certbot tzdata openssl ncurses
|
|
||||||
|
|
||||||
WORKDIR /tmp
|
|
||||||
ENV SHELL="/bin/bash"
|
|
||||||
ENV FLAVOUR="amd64-musl"
|
|
||||||
|
|
||||||
RUN adduser --system --shell /bin/false --home /opt/pleroma pleroma
|
|
||||||
|
|
||||||
WORKDIR /tmp
|
|
||||||
#RUN su pleroma -s $SHELL -lc "curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/stable/download?job=$FLAVOUR' -o /tmp/pleroma.zip;unzip /tmp/pleroma.zip -d /tmp/"
|
|
||||||
#RUN su pleroma -s $SHELL -lc "mv /tmp/release/* /opt/pleroma;rmdir /tmp/release;rm /tmp/pleroma.zip"
|
|
||||||
|
|
||||||
WORKDIR /opt
|
|
||||||
COPY pleroma.zip /opt/
|
|
||||||
|
|
||||||
WORKDIR /tmp
|
|
||||||
COPY soapbox-fe.zip /tmp/
|
|
||||||
|
|
||||||
RUN mkdir -p /etc/pleroma;chown -R pleroma /etc/pleroma
|
|
||||||
|
|
||||||
ADD default.conf /etc/nginx/conf.d/
|
|
||||||
ADD start.sh /
|
|
||||||
ADD setup.sh /
|
|
||||||
|
|
||||||
ADD crontab /
|
|
||||||
RUN crontab /crontab
|
|
||||||
|
|
||||||
ADD terms-of-service.html /tmp/
|
|
||||||
|
|
||||||
CMD bash /start.sh
|
|
@ -1,3 +0,0 @@
|
|||||||
00 04 * * * su pleroma -s /bin/bash -lc "/opt/pleroma/bin/pleroma_ctl database prune_objects"
|
|
||||||
30 04 * * * su pleroma -s /bin/bash -lc "/opt/pleroma/bin/pleroma_ctl database ensure_expiration"
|
|
||||||
00 05 * * * su pleroma -s $SHELL -lc "/opt/pleroma/bin/pleroma restart"
|
|
@ -1,94 +0,0 @@
|
|||||||
# default nginx site config for Pleroma
|
|
||||||
#
|
|
||||||
# Simple installation instructions:
|
|
||||||
# 1. Install your TLS certificate, possibly using Let's Encrypt.
|
|
||||||
# 2. Replace 'example.tld' with your instance's domain wherever it appears.
|
|
||||||
# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
|
|
||||||
# in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
|
|
||||||
|
|
||||||
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
|
|
||||||
inactive=720m use_temp_path=off;
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name replaceME;
|
|
||||||
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
|
|
||||||
# Uncomment this if you need to use the 'webroot' method with certbot. Make sure
|
|
||||||
# that the directory exists and that it is accessible by the webserver. If you followed
|
|
||||||
# the guide, you already ran 'mkdir -p /var/lib/letsencrypt' to create the folder.
|
|
||||||
# You may need to load this file with the ssl server block commented out, run certbot
|
|
||||||
# to get the certificate, and then uncomment it.
|
|
||||||
#
|
|
||||||
# location ~ /\.well-known/acme-challenge {
|
|
||||||
# root /var/lib/letsencrypt/;
|
|
||||||
# }
|
|
||||||
location / {
|
|
||||||
return 301 https://$server_name$request_uri;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
# Enable SSL session caching for improved performance
|
|
||||||
#ssl_session_cache shared:ssl_session_cache:10m;
|
|
||||||
|
|
||||||
server {
|
|
||||||
server_name replaceME;
|
|
||||||
|
|
||||||
#listen 443 ssl http2;
|
|
||||||
listen 0.0.0.0:443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_session_timeout 1d;
|
|
||||||
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
|
||||||
ssl_session_tickets off;
|
|
||||||
|
|
||||||
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
|
|
||||||
ssl_certificate_key /etc/ssl/certs/nginx-selfsigned.key;
|
|
||||||
|
|
||||||
ssl_protocols TLSv1.2 TLSv1.3;
|
|
||||||
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
|
||||||
ssl_prefer_server_ciphers off;
|
|
||||||
# In case of an old server with an OpenSSL version of 1.0.2 or below,
|
|
||||||
# leave only prime256v1 or comment out the following line.
|
|
||||||
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
|
|
||||||
ssl_stapling on;
|
|
||||||
ssl_stapling_verify on;
|
|
||||||
|
|
||||||
gzip_vary on;
|
|
||||||
gzip_proxied any;
|
|
||||||
gzip_comp_level 6;
|
|
||||||
gzip_buffers 16 8k;
|
|
||||||
gzip_http_version 1.1;
|
|
||||||
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
|
|
||||||
|
|
||||||
# the nginx default is 1m, not enough for large media uploads
|
|
||||||
client_max_body_size 16m;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
|
|
||||||
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
|
|
||||||
# and `localhost.` resolves to [::0] on some systems: see issue #930
|
|
||||||
proxy_pass http://127.0.0.1:4000;
|
|
||||||
|
|
||||||
client_max_body_size 16m;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ ^/(media|proxy) {
|
|
||||||
proxy_cache pleroma_media_cache;
|
|
||||||
slice 1m;
|
|
||||||
proxy_cache_key $host$uri$is_args$args$slice_range;
|
|
||||||
proxy_set_header Range $slice_range;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_cache_valid 200 206 301 304 1h;
|
|
||||||
proxy_cache_lock on;
|
|
||||||
proxy_ignore_client_abort on;
|
|
||||||
proxy_buffering on;
|
|
||||||
chunked_transfer_encoding on;
|
|
||||||
proxy_pass http://127.0.0.1:4000;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,49 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
export SHELL="/bin/bash"
|
|
||||||
|
|
||||||
cd /opt
|
|
||||||
ls
|
|
||||||
unzip pleroma.zip
|
|
||||||
mv release/* pleroma/
|
|
||||||
chown -R pleroma /opt/pleroma
|
|
||||||
mkdir -p /var/lib/pleroma/uploads
|
|
||||||
mkdir -p /var/lib/pleroma/static
|
|
||||||
chown -R pleroma /var/lib/pleroma
|
|
||||||
|
|
||||||
sed -i "s/replaceME/${ENDPOINT}/g" /etc/pleroma/config.exs
|
|
||||||
|
|
||||||
#Nginx and SSL
|
|
||||||
sed -i "s/replaceME/${ENDPOINT}/g" /etc/nginx/conf.d/default.conf
|
|
||||||
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=CO/L=Denver/O=$ENDPOINT/CN=$ENDPOINT" -keyout /etc/ssl/certs/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
|
|
||||||
mkdir /var/run/nginx
|
|
||||||
|
|
||||||
#Database Setup
|
|
||||||
sleep 10
|
|
||||||
export PGPASSWORD="sql"
|
|
||||||
echo "CREATE EXTENSION IF NOT EXISTS citext;"| PGPASSWORD=sql psql -h postgresql -U pleroma
|
|
||||||
echo "CREATE EXTENSION IF NOT EXISTS pg_trgm;" | PGPASSWORD=sql psql -h postgresql -U pleroma
|
|
||||||
echo "CREATE EXTENSION IF NOT EXISTS \"uuid-ossp\";" | PGPASSWORD=sql psql -h postgresql -U pleroma
|
|
||||||
su pleroma -s $SHELL -lc "/opt/pleroma/bin/pleroma_ctl migrate"
|
|
||||||
|
|
||||||
#su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql --force"
|
|
||||||
#su postgres -s $SHELL -lc "/usr/lib/postgresql/12/bin/psql -f /tmp/setup_db.psql"
|
|
||||||
|
|
||||||
#Start Pleroma
|
|
||||||
su pleroma -s $SHELL -lc "/opt/pleroma/bin/pleroma daemon"
|
|
||||||
|
|
||||||
#Install Soapbox
|
|
||||||
#curl https://gitlab.com/`curl https://gitlab.com/soapbox-pub/soapbox-fe/-/jobs | grep 'build-production' | cut -d "\"" -f4 | head -1`/artifacts/download -o soapbox-fe.zip
|
|
||||||
#curl -L https://gitlab.com/soapbox-pub/soapbox-fe/-/jobs/1734223607/artifacts/download -o soapbox-fe.zip
|
|
||||||
busybox unzip /tmp/soapbox-fe.zip -o -d /var/lib/pleroma/
|
|
||||||
mv /var/lib/pleroma/static/instance/about.example /var/lib/pleroma/static/instance/about
|
|
||||||
cp -f /tmp//terms-of-service.html /var/lib/pleroma/static/instance/about/tos.html
|
|
||||||
cp -f /tmp/terms-of-service.html /var/lib/pleroma/static/instance/about/index.html
|
|
||||||
|
|
||||||
|
|
||||||
#Create an Admin User
|
|
||||||
echo;echo;echo "Sleeping for 40 seconds so Pleroma starts.........."
|
|
||||||
sleep 40
|
|
||||||
echo;echo;echo "Create and Admin User:"
|
|
||||||
su pleroma -s $SHELL -lc "echo y | ./bin/pleroma_ctl user new admin admin@$ENDPOINT --admin"
|
|
||||||
|
|
||||||
touch /configured.txt
|
|
@ -1,32 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
export SHELL="/bin/bash"
|
|
||||||
FILE='/configured.txt'
|
|
||||||
|
|
||||||
# Start the instance to verify that everything is working as expected
|
|
||||||
|
|
||||||
#Set Permissions
|
|
||||||
chown -R pleroma /var/lib/pleroma
|
|
||||||
chmod -R 777 /saves
|
|
||||||
|
|
||||||
#Configure Local Time
|
|
||||||
cp -f /usr/share/zoneinfo/US/Mountain /etc/localtime
|
|
||||||
|
|
||||||
#Start Cron and Postgresql
|
|
||||||
crond
|
|
||||||
|
|
||||||
#Restore latest Database if container is new
|
|
||||||
if [ ! -f "$FILE" ]
|
|
||||||
then
|
|
||||||
#bash /restore.sh
|
|
||||||
bash /setup.sh
|
|
||||||
touch /configured.txt
|
|
||||||
fi
|
|
||||||
|
|
||||||
#Configure and start Nginx
|
|
||||||
mkdir -p /run/nginx
|
|
||||||
nginx
|
|
||||||
|
|
||||||
#Start Pleroma
|
|
||||||
su pleroma -s $SHELL -lc "/opt/pleroma/bin/pleroma daemon"&
|
|
||||||
|
|
||||||
tail -f /dev/null
|
|
@ -1,16 +0,0 @@
|
|||||||
This is MOSTLY a free speech instance. There are are rules and standards of conduct here.
|
|
||||||
|
|
||||||
<br><br>1. Pornography is discouraged. Mark as NSFW. No LOLI or Child pornography.
|
|
||||||
<br><br>2. Going out of your way to cause trouble with other friendly instances will not be tolerated.
|
|
||||||
<br><br>3. Do not post anything that violates the law of the United States.
|
|
||||||
<br><br>4. Free speech, here as anywhere else, means you can express any opinion you like. Directives and spam are not opinions.
|
|
||||||
<br><br>5. Accounts with no public posts may be purged after two weeks
|
|
||||||
<br><br>6. We will take down anything that gets us into legal trouble.
|
|
||||||
<hr> Services Offered
|
|
||||||
<br><br><a href="https://git.rage.lol">1. Git Repository</a>
|
|
||||||
<br><br><a href="https://search.rage.lol/">2. Private Search Engine - Searx</a>
|
|
||||||
<br><br><a href="https://git.rage.lol/verita84/succulent">3. Personal Website/Blog based on Succulent</a>
|
|
||||||
<br><br>4. Pleroma Access (This Server)
|
|
||||||
<br><br><a href="https://matrix.to/#/#rage.lol:rage.lol">5. Matrix Chat Server (Like Discord).</a>
|
|
||||||
<br><br>6. <a href="https://bloat.rage.lol">BloatFE </a><a href="https://soapbox.rage.lol">Soapbox</a>
|
|
||||||
</hr>
|
|
Loading…
Reference in New Issue
Block a user