fix
This commit is contained in:
parent
d71b25c27a
commit
641633d2be
23
Dockerfile
Executable file
23
Dockerfile
Executable file
@ -0,0 +1,23 @@
|
||||
FROM ubuntu:latest
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
RUN apt update;apt install -y git build-essential postgresql postgresql-contrib cmake libmagic-dev imagemagick ffmpeg libimage-exiftool-perl nginx certbot unzip libssl-dev automake autoconf libncurses5-dev curl sudo xsltproc libxml2-utils wx-common elixir erlang-dev erlang-nox
|
||||
RUN useradd -r -s /bin/false -m -d /var/lib/pleroma -U pleroma;mkdir /opt/pleroma;chown -R pleroma:pleroma /opt/pleroma;chown -R pleroma:pleroma /var/lib/pleroma
|
||||
RUN su pleroma -s /bin/bash -lc 'git clone -b soapbox-v1.1.1 https://gitlab.com/soapbox-pub/soapbox-be /opt/pleroma'
|
||||
|
||||
WORKDIR /var/lib/pleroma
|
||||
RUN su pleroma -s /bin/bash -lc 'git clone https://github.com/asdf-vm/asdf.git /var/lib/pleroma/.asdf'
|
||||
RUN su pleroma -s /bin/bash -lc 'echo ". /var/lib/pleroma/.asdf/asdf.sh" >> /var/lib/pleroma/.bashrc;echo ". /var/lib/pleroma/.asdf/completions/asdf.bash" >> /var/lib/pleroma/.bashrc'
|
||||
RUN su pleroma -s /bin/bash -lc 'PATH=$PATH:/var/lib/pleroma/.asdf/bin;asdf plugin-add erlang;asdf plugin-add elixir'
|
||||
RUN chown -R pleroma:pleroma /opt/pleroma;chown -R pleroma:pleroma /var/lib/pleroma
|
||||
RUN su pleroma -s /bin/bash -lc 'PATH=$PATH:/var/lib/pleroma/.asdf/bin;asdf install erlang 24.0;cat /var/lib/pleroma/.asdf/plugins/erlang/kerl-home/builds/asdf_24.0/otp_build_24.0.log'
|
||||
|
||||
WORKDIR /opt/pleroma
|
||||
RUN su pleroma -s /bin/bash -lc 'mix local.hex --force;mix local.rebar --force;mix deps.get'
|
||||
RUN su pleroma -s /bin/bash -lc 'MIX_ENV=prod mix compile'
|
||||
COPY setup.sh /opt/
|
||||
COPY start.sh /opt/
|
||||
COPY crontab /opt/
|
||||
COPY backup.sh /opt/
|
||||
ADD default.conf /etc/nginx/conf.d/
|
||||
CMD bash /opt/start.sh
|
||||
|
3
backup.sh
Executable file
3
backup.sh
Executable file
@ -0,0 +1,3 @@
|
||||
#!/bin/bash
|
||||
su postgres -s /bin/bash -lc "/usr/lib/postgresql/14/bin/pg_dumpall -d pleroma --format=custom > /saves/pleroma-`date +%Y-%m-%d-%H-%M`.pgdump"
|
||||
|
@ -1,67 +0,0 @@
|
||||
# Pleroma instance configuration
|
||||
|
||||
# NOTE: This file should not be committed to a repo or otherwise made public
|
||||
# without removing sensitive information.
|
||||
|
||||
import Config
|
||||
|
||||
config :pleroma, Pleroma.Web.Endpoint,
|
||||
url: [host: "replaceME", scheme: "https", port: 443],
|
||||
http: [ip: {0, 0, 0, 0}, port: 4000],
|
||||
secret_key_base: "0jKveRU44GNncPeKLgcdGVm+7rJb2hNxCpCWd2g0A8Lw2cVJmDCypNqa3ljMZcwJ",
|
||||
signing_salt: "C+0dBzoS"
|
||||
|
||||
config :pleroma, :instance,
|
||||
name: "admin",
|
||||
email: "admin@localhost",
|
||||
notify_email: "admin@localhost",
|
||||
limit: 5000,
|
||||
registrations_open: true
|
||||
|
||||
config :pleroma, :media_proxy,
|
||||
enabled: false,
|
||||
redirect_on_failure: true
|
||||
#base_url: "https://cache.pleroma.social"
|
||||
|
||||
config :pleroma, :dangerzone, override_repo_pool_size: true
|
||||
config :pleroma, Pleroma.Repo,
|
||||
adapter: Ecto.Adapters.Postgres,
|
||||
username: "root",
|
||||
password: "sql",
|
||||
database: "pleroma",
|
||||
hostname: "postgresql",
|
||||
pool_size: 20,
|
||||
queue_target: 4000,
|
||||
queue_interval: 8000,
|
||||
timeout: 120_000,
|
||||
prepare: :named,
|
||||
parameters: [
|
||||
plan_cache_mode: "force_custom_plan"
|
||||
]
|
||||
|
||||
# Configure web push notifications
|
||||
config :web_push_encryption, :vapid_details,
|
||||
subject: "mailto:admin@admin@localhost",
|
||||
public_key: "BFXyq2frSPpiMgueoxcmvoMzp6Bm-vXI-dasDM4fAA-zjP7JgILG06LKpQuU4eLdbjGnYsmurUeubD8l7b103zg",
|
||||
private_key: "Ths8KtdsPNEXl2EazZj7MQRY3xxIb0FOCjEvai4eI8Y"
|
||||
|
||||
config :pleroma, :database, rum_enabled: false
|
||||
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
|
||||
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
|
||||
|
||||
# Enable Strict-Transport-Security once SSL is working:
|
||||
# config :pleroma, :http_security,
|
||||
# sts: true
|
||||
|
||||
# Configure S3 support if desired.
|
||||
# The public S3 endpoint is different depending on region and provider,
|
||||
# consult your S3 provider's documentation for details on what to use.
|
||||
#
|
||||
# config :pleroma, Pleroma.Uploaders.S3,
|
||||
# bucket: "some-bucket",
|
||||
# public_endpoint: "https://s3.amazonaws.com"
|
||||
#
|
||||
#
|
||||
config :joken, default_signer: "6EasmUX4lCJSlAnGScL0rXBhIeoaWjarH7TGhdbe9VLXO/MnSkMY2LaZixW7kgaT"
|
||||
|
||||
config :pleroma, configurable_from_database: true
|
7
crontab
Executable file
7
crontab
Executable file
@ -0,0 +1,7 @@
|
||||
#00 04 * * * cd /opt/pleroma;MIX_ENV=prod mix pleroma.database prune_objects
|
||||
#30 04 * * * cd /opt/pleroma;MIX_ENV=prod mix pleroma.database ensure_expiration
|
||||
#00 05 * * * su pleroma -s $SHELL -lc "/opt/pleroma/bin/pleroma restart"
|
||||
00 01 * * * bash /backup.sh
|
||||
#00 04 * * 7 cd /opt/pleroma;MIX_ENV=prod mix pleroma.database vacuum full
|
||||
|
||||
|
94
default.conf
Executable file
94
default.conf
Executable file
@ -0,0 +1,94 @@
|
||||
# default nginx site config for Pleroma
|
||||
#
|
||||
# Simple installation instructions:
|
||||
# 1. Install your TLS certificate, possibly using Let's Encrypt.
|
||||
# 2. Replace 'example.tld' with your instance's domain wherever it appears.
|
||||
# 3. Copy this file to /etc/nginx/sites-available/ and then add a symlink to it
|
||||
# in /etc/nginx/sites-enabled/ and run 'nginx -s reload' or restart nginx.
|
||||
|
||||
proxy_cache_path /tmp/pleroma-media-cache levels=1:2 keys_zone=pleroma_media_cache:10m max_size=10g
|
||||
inactive=720m use_temp_path=off;
|
||||
|
||||
server {
|
||||
server_name replaceME;
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
# Uncomment this if you need to use the 'webroot' method with certbot. Make sure
|
||||
# that the directory exists and that it is accessible by the webserver. If you followed
|
||||
# the guide, you already ran 'mkdir -p /var/lib/letsencrypt' to create the folder.
|
||||
# You may need to load this file with the ssl server block commented out, run certbot
|
||||
# to get the certificate, and then uncomment it.
|
||||
#
|
||||
# location ~ /\.well-known/acme-challenge {
|
||||
# root /var/lib/letsencrypt/;
|
||||
# }
|
||||
location / {
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
# Enable SSL session caching for improved performance
|
||||
#ssl_session_cache shared:ssl_session_cache:10m;
|
||||
|
||||
server {
|
||||
server_name replaceME;
|
||||
|
||||
#listen 443 ssl http2;
|
||||
listen 0.0.0.0:443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_session_timeout 1d;
|
||||
ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
|
||||
ssl_session_tickets off;
|
||||
|
||||
ssl_certificate /etc/ssl/certs/nginx-selfsigned.crt;
|
||||
ssl_certificate_key /etc/ssl/certs/nginx-selfsigned.key;
|
||||
|
||||
ssl_protocols TLSv1.2 TLSv1.3;
|
||||
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
|
||||
ssl_prefer_server_ciphers off;
|
||||
# In case of an old server with an OpenSSL version of 1.0.2 or below,
|
||||
# leave only prime256v1 or comment out the following line.
|
||||
ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
|
||||
ssl_stapling on;
|
||||
ssl_stapling_verify on;
|
||||
|
||||
gzip_vary on;
|
||||
gzip_proxied any;
|
||||
gzip_comp_level 6;
|
||||
gzip_buffers 16 8k;
|
||||
gzip_http_version 1.1;
|
||||
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript application/activity+json application/atom+xml;
|
||||
|
||||
# the nginx default is 1m, not enough for large media uploads
|
||||
client_max_body_size 16m;
|
||||
|
||||
location / {
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
||||
# this is explicitly IPv4 since Pleroma.Web.Endpoint binds on IPv4 only
|
||||
# and `localhost.` resolves to [::0] on some systems: see issue #930
|
||||
proxy_pass http://127.0.0.1:4000;
|
||||
|
||||
client_max_body_size 16m;
|
||||
}
|
||||
|
||||
location ~ ^/(media|proxy) {
|
||||
proxy_cache pleroma_media_cache;
|
||||
slice 1m;
|
||||
proxy_cache_key $host$uri$is_args$args$slice_range;
|
||||
proxy_set_header Range $slice_range;
|
||||
proxy_http_version 1.1;
|
||||
proxy_cache_valid 200 206 301 304 1h;
|
||||
proxy_cache_lock on;
|
||||
proxy_ignore_client_abort on;
|
||||
proxy_buffering on;
|
||||
chunked_transfer_encoding on;
|
||||
proxy_pass http://127.0.0.1:4000;
|
||||
}
|
||||
}
|
@ -1,23 +1,16 @@
|
||||
version: '3'
|
||||
services:
|
||||
postgresql:
|
||||
build: ./postgresql
|
||||
pleroma:
|
||||
build: .
|
||||
restart: "always"
|
||||
volumes:
|
||||
- postgresql:/var/lib/postgresql/data
|
||||
networks:
|
||||
- pleroma
|
||||
privileged: true
|
||||
|
||||
pleroma:
|
||||
build: ./pleroma
|
||||
restart: "always"
|
||||
volumes:
|
||||
- ./config:/etc/pleroma
|
||||
- ./config:/config
|
||||
- ./var:/var/lib/pleroma
|
||||
- ./saves:/saves
|
||||
ports:
|
||||
- "443:443"
|
||||
- "4000:4000"
|
||||
networks:
|
||||
- pleroma
|
||||
environment:
|
||||
|
55
setup.sh
Executable file
55
setup.sh
Executable file
@ -0,0 +1,55 @@
|
||||
#!/bin/bash
|
||||
export SHELL="/bin/bash"
|
||||
FILE='/tmp/config/prod.secret.exs'
|
||||
BACKUP_CONFIG='/config/prod.secret.exs'
|
||||
PG_CHECK='/var/lib/postgresql/data/pg_hba.conf'
|
||||
|
||||
crontab /opt/crontab
|
||||
|
||||
#Postgres Setup
|
||||
chown -R postgres:postgres /run/postgresql/
|
||||
chown -R postgres:postgres /var/lib/postgresql
|
||||
chown -R postgres:postgres /var/log/postgresql
|
||||
|
||||
if [ -f "$BACKUP_CONFIG" ]
|
||||
then
|
||||
echo;echo "Copying old config....";echo
|
||||
cp -f /config/* /opt/pleroma/config/
|
||||
fi
|
||||
|
||||
if [ ! -f "$PG_CHECK" ]
|
||||
then
|
||||
su postgres -s $SHELL -lc "/usr/lib/postgresql/14/bin/initdb --auth-host=trust -D /var/lib/postgresql/data"
|
||||
echo "host all all 0.0.0.0/0 md5" >> /var/lib/postgresql/data/pg_hba.conf
|
||||
fi
|
||||
|
||||
su postgres -s $SHELL -lc "/usr/lib/postgresql/14/bin/pg_ctl start -D /var/lib/postgresql/data"
|
||||
|
||||
cd /opt/pleroma
|
||||
|
||||
#Pleroma Configuration
|
||||
if [ ! -f "$FILE" ]
|
||||
then
|
||||
MIX_ENV=prod mix pleroma.instance gen
|
||||
mv config/generated_config.exs config/prod.secret.exs
|
||||
cp -f config/* /config/
|
||||
sudo -Hu postgres psql -f config/setup_db.psql
|
||||
fi
|
||||
|
||||
mkdir -p /var/lib/pleroma/uploads
|
||||
mkdir -p /var/lib/pleroma/static
|
||||
|
||||
#Nginx and SSL
|
||||
sed -i "s/replaceME/${ENDPOINT}/g" /etc/nginx/conf.d/default.conf
|
||||
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 -subj "/C=US/ST=CO/L=Denver/O=$ENDPOINT/CN=$ENDPOINT" -keyout /etc/ssl/certs/nginx-selfsigned.key -out /etc/ssl/certs/nginx-selfsigned.crt
|
||||
mkdir /var/run/nginx
|
||||
|
||||
#Database Migrations
|
||||
MIX_ENV=prod mix ecto.migrate
|
||||
|
||||
touch /configured.txt
|
||||
|
||||
#Start Pleroma
|
||||
MIX_ENV=prod mix phx.server
|
||||
|
||||
|
29
start.sh
Executable file
29
start.sh
Executable file
@ -0,0 +1,29 @@
|
||||
#!/bin/bash
|
||||
export SHELL="/bin/bash"
|
||||
FILE='/configured.txt'
|
||||
|
||||
# Start the instance to verify that everything is working as expected
|
||||
|
||||
#Set Permissions
|
||||
chown -R pleroma /var/lib/pleroma
|
||||
chmod -R 777 /saves
|
||||
|
||||
#Configure Local Time
|
||||
cp -f /usr/share/zoneinfo/US/Mountain /etc/localtime
|
||||
|
||||
#Start Cron and Postgresql
|
||||
crond
|
||||
|
||||
#Configure and start Nginx
|
||||
mkdir -p /run/nginx
|
||||
nginx
|
||||
|
||||
#Start Pleroma
|
||||
if [ ! -f "$FILE" ]
|
||||
then
|
||||
su postgres -s $SHELL -lc "/usr/lib/postgresql/14/bin/pg_ctl start -D /var/lib/postgresql/data"
|
||||
MIX_ENV=prod mix phx.server
|
||||
fi
|
||||
|
||||
tail -f /dev/null
|
||||
|
16
terms-of-service.html
Executable file
16
terms-of-service.html
Executable file
@ -0,0 +1,16 @@
|
||||
This is MOSTLY a free speech instance. There are are rules and standards of conduct here.
|
||||
|
||||
<br><br>1. Pornography is discouraged. Mark as NSFW. No LOLI or Child pornography.
|
||||
<br><br>2. Going out of your way to cause trouble with other friendly instances will not be tolerated.
|
||||
<br><br>3. Do not post anything that violates the law of the United States.
|
||||
<br><br>4. Free speech, here as anywhere else, means you can express any opinion you like. Directives and spam are not opinions.
|
||||
<br><br>5. Accounts with no public posts may be purged after two weeks
|
||||
<br><br>6. We will take down anything that gets us into legal trouble.
|
||||
<hr> Services Offered
|
||||
<br><br><a href="https://git.rage.lol">1. Git Repository</a>
|
||||
<br><br><a href="https://search.rage.lol/">2. Private Search Engine - Searx</a>
|
||||
<br><br><a href="https://git.rage.lol/verita84/succulent">3. Personal Website/Blog based on Succulent</a>
|
||||
<br><br>4. Pleroma Access (This Server)
|
||||
<br><br><a href="https://matrix.to/#/#rage.lol:rage.lol">5. Matrix Chat Server (Like Discord).</a>
|
||||
<br><br>6. <a href="https://bloat.rage.lol">BloatFE </a><a href="https://soapbox.rage.lol">Soapbox</a>
|
||||
</hr>
|
16
test.sh
16
test.sh
@ -1,8 +1,12 @@
|
||||
#!/bin/bash
|
||||
docker-compose kill
|
||||
docker-compose rm -f
|
||||
docker volume rm pleroma_postgresql
|
||||
docker-compose build
|
||||
podman-compose down
|
||||
podman-compose rm -f pleroma_postgresql pleroma_pleroma_1
|
||||
podman volume rm pleroma_postgresql
|
||||
podman-compose build
|
||||
rm -rf var/uploads
|
||||
docker-compose up -d
|
||||
docker-compose logs -f
|
||||
rm -f config/*.exs
|
||||
rm -f config/*.sql
|
||||
rm -f config/emoji.txt
|
||||
podman-compose up -d
|
||||
podman exec -it pleroma_pleroma_1 bash /opt/setup.sh
|
||||
#podman-compose logs -f
|
||||
|
Loading…
Reference in New Issue
Block a user