Merge branch 'main' into typo-fix

2024-01-10 17:19:56 +00:00 · 2024-01-10 17:19:56 +00:00 · 9bcee21f8f
parent 5e840828e8 38c4b995a0
commit 9bcee21f8f
22 changed files with 252 additions and 81 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -3,7 +3,7 @@ name: Deploy on Github Pages
 on:
  push:
    branches:
-      - master
+      - main

  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -1,13 +0,0 @@
-image: monachus/hugo:latest
-
-variables:
-  GIT_SUBMODULE_STRATEGY: recursive
-
-pages:
-  script:
-    - hugo
-  artifacts:
-    paths:
-      - public
-  only:
-    - master
--- a/assets/style.scss
+++ b/assets/style.scss
@ -195,9 +195,51 @@ body {
 }

 .sidebar {
-  @media screen and (max-width: $mobile-width) {
-    margin-bottom: 60px;
-  }
+    @media screen and (max-width: $mobile-width) {
+        margin-bottom: 60px;
+
+        // css menu toggle for mobile.
+        // when the checkbox is checked, the menu shows,
+        // othewise it's hidden.
+        // it's important for it all to be scoped inside this media query,
+        // that way on larger screens the menu will always show even if the checkbox is unchecked.
+        input[type="checkbox"] {
+            display: none;
+        }
+        label {
+            font-size: 1.2rem;
+            display: flex;
+            justify-content: flex-end;
+            margin-bottom: 2rem;
+        }
+        label i {
+            margin-right: .25rem;
+        }
+        input[type="checkbox"]:not(:checked) + label > .menu-open {
+            display: none;
+        }
+
+        input[type="checkbox"]:checked + label > .menu-close {
+            display: none;
+        }
+
+        & > ul {
+            display: none;
+        }
+
+        #mobile-nav-toggle:checked ~ ul {
+            display: block;
+        }
+    }
+
+    // on viewport sizes larger than mobile, always hide the mobile nav toggle.
+    @media screen and (min-width: $mobile-width) {
+        .mobile-nav-toggle,
+        .mobile-nav-toggle + label {
+            display: none;
+        }
+    }
+

  .brand {
    display: flex;
--- a/config.toml
+++ b/config.toml
@ -1,4 +1,5 @@
 baseURL = "https://docs.joinmastodon.org/"
+languageCode = "en-us"
 defaultContentLanguage = "en"
 title = "Mastodon documentation"
 pygmentsCodeFences = true
@ -190,7 +191,6 @@ disablePathToLower = true
  [languages.en]
    contentDir = "content/en"
    languageName = "English"
-    languageCode = "en-US"
    weight = -99

  [languages.pl]
@ -201,7 +201,6 @@ disablePathToLower = true
  [languages.zh-cn]
    contentDir = "content/zh-cn"
    languageName = "简体中文"
-    languageCode = "zh-CN"
    weight = 1

  [languages.ja]
--- a/content/en/admin/config.md
+++ b/content/en/admin/config.md
@ -327,6 +327,38 @@ If provided, takes precedence over `DB_HOST`, `DB_USER`, `DB_NAME`, `DB_PASS` an

 Example value: `postgresql://user:password@localhost:5432`

+### PostgreSQL (read-only replica) {#postgresql-replica}
+
+{{< hint style="info" >}}
+If you want to use a read-only database replica, you can have more details [on this page](../scaling/#read-replicas)
+{{</ hint >}}
+
+#### `REPLICA_DB_HOST`
+
+No default.
+
+#### `REPLICA_DB_PORT`
+
+No default.
+
+#### `REPLICA_DB_NAME`
+
+No default.
+
+#### `REPLICA_DB_USER`
+
+No default.
+
+#### `REPLICA_DB_PASS`
+
+No default.
+
+#### `REPLICA_DATABASE_URL`
+
+If provided, takes precedence over `REPLICA_DB_HOST`, `REPLICA_DB_PORT`, `REPLICA_DB_NAME`, `REPLICA_DB_USER` and `REPLICA_DB_PASS`
+
+No default.
+
 ### Redis {#redis}

 {{< hint style="info" >}}
@ -467,9 +499,9 @@ E-mail configuration is based on the *action_mailer* component of the *Ruby on R
 * `SMTP_SERVER`: Specify the server to use. For example `sub.domain.tld`.
 * `SMTP_PORT`: By default, the value is `25` (the usual port for SMTP). If StartTLS is detected, it may be switched to port 587.
 * `SMTP_DOMAIN`: Only required if a HELO domain is needed. Will be set to the `SMTP_SERVER` domain by default.
-* `SMTP_FROM_ADDRESS`: Specify a sender address. 
+* `SMTP_FROM_ADDRESS`: Specify a sender address.
 * `SMTP_DELIVERY_METHOD`: By default, the value is `smtp` (can also be `sendmail`).
-  
+
 ### Authentication for the SMTP server {#smtpauthentication}

 * `SMTP_LOGIN`: Login for the SMTP user.
@ -480,12 +512,12 @@ E-mail configuration is based on the *action_mailer* component of the *Ruby on R
 By default, a StartTLS connection will be attempted to the specified SMTP server.

 * `SMTP_ENABLE_STARTTLS_AUTO`: Default `true`.
-* `SMTP_CA_FILE`: A value may be specified, but on many Linux distros (e.g. Debian-based) this will be `/etc/ssl/certs/ca-certificates.crt`. 
-* `SMTP_OPENSSL_VERIFY_MODE`: `none` or `peer`. When using TLS, it may be useful to accept connections with a self-signed certificate. 
+* `SMTP_CA_FILE`: A value may be specified, but on many Linux distros (e.g. Debian-based) this will be `/etc/ssl/certs/ca-certificates.crt`.
+* `SMTP_OPENSSL_VERIFY_MODE`: `none` or `peer`. When using TLS, it may be useful to accept connections with a self-signed certificate.
 * `SMTP_TLS`: `true` or `false` (default `false`)
 * `SMTP_SSL`: `true` or `false` (default `false`)

-Note that `TLSv1.3` and `TLSv1.2` are the only SSL/TLS protocols currently considered to be secure. 
+Note that `TLSv1.3` and `TLSv1.2` are the only SSL/TLS protocols currently considered to be secure.

 ## File storage {#files}

@ -552,6 +584,10 @@ You must serve the files with CORS headers, otherwise some functions of Mastodon

 #### `S3_FORCE_SINGLE_REQUEST`

+#### `S3_PERMISSION`
+
+Defines the S3 object ACL when uploading new files. Default is `public-read`. Use caution when using [S3 Block Public Access](https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-control-block-public-access.html) and turning on the `BlockPublicAcls` option, as uploading objects with ACL `public-read` will fail (403). In that case, set `S3_PERMISSION` to `private`.
+
 #### `S3_BATCH_DELETE_LIMIT`

 The official [Amazon S3 API](https://docs.aws.amazon.com/AmazonS3/latest/API/API_DeleteObjects.html) can handle deleting 1,000 objects in one batch job, but some providers may have issues handling this many in one request, or offer lower limits. Defaults to `1000`.
@ -584,6 +620,34 @@ During batch delete operations, S3 providers may perodically fail or timeout whi

 #### `SWIFT_CACHE_TTL`

+### HTTP Cache Buster
+
+If configured, the Cache Buster feature will send a request to invalidate the cache for media files when they are deleted or made unavailable from your origin. This allows you to ensure that your caching layer / CDN is purged from any content that is removed from Mastodon.
+
+{{< hint style="info" >}}
+The way to achieve this is very dependent of your proxy/CDN provider and will require configuration. If you are using nginx for HTTP caching, you will want to look at the `proxy_cache_purge` configuration directive.
+{{</ hint >}}
+
+#### `CACHE_BUSTER_ENABLED`
+
+If set to `true`, then Mastodon will send a cache-busting request to the media URL when deleting the file so the file can be purged from the cache.
+
+Defaults to `false`
+
+#### `CACHE_BUSTER_HTTP_METHOD`
+
+Defaults to `GET`
+
+#### `CACHE_BUSTER_SECRET_HEADER`
+
+Name of the header containing the secret defined in `CACHE_BUSTER_SECRET`.
+
+Defaults to an empty value, meaning no header will be added
+
+#### `CACHE_BUSTER_SECRET`
+
+Value of the `CACHE_BUSTER_SECRET_HEADER` header configured above.
+
 ## External authentication {#external-authentication}

 ### OmniAuth
@ -789,12 +853,6 @@ This variable only has any effect when running `rake db:migrate` and it is extre

 #### `LIBRE_TRANSLATE_API_KEY`

-#### `CACHE_BUSTER_ENABLED`
-
-#### `CACHE_BUSTER_SECRET_HEADER`
-
-#### `CACHE_BUSTER_SECRET`
-
 #### `GITHUB_REPOSITORY`

 Defaults to `mastodon/mastodon`
@ -805,6 +863,12 @@ Defaults to `https://github.com/$GITHUB_REPOSITORY`

 #### `FFMPEG_BINARY`

+#### `HCAPTCHA_SITE_KEY`
+
+Set this to your hCaptcha site key to enable captchas on the account confirmation page using hCaptcha.
+
+Defaults to empty value (not enabled)
+
 #### `LOCAL_HTTPS`

 #### `PATH`
@ -842,4 +906,3 @@ Defaults to `512`.
 #### `GITHUB_API_TOKEN`

 Used in a rake task for generating AUTHORS.md from GitHub commit history.
-
--- a/content/en/admin/install.md
+++ b/content/en/admin/install.md
@ -26,7 +26,8 @@ apt install -y curl wget gnupg apt-transport-https lsb-release ca-certificates
 #### Node.js {#node-js}

 ```bash
-curl -sL https://deb.nodesource.com/setup_16.x | bash -
+curl -fsSL https://deb.nodesource.com/gpgkey/nodesource-repo.gpg.key | gpg --dearmor -o /etc/apt/keyrings/nodesource.gpg
+echo "deb [signed-by=/etc/apt/keyrings/nodesource.gpg] https://deb.nodesource.com/node_20.x nodistro main" | tee /etc/apt/sources.list.d/nodesource.list
 ```

 #### PostgreSQL {#postgresql}
@ -45,7 +46,7 @@ apt install -y \
  g++ libprotobuf-dev protobuf-compiler pkg-config nodejs gcc autoconf \
  bison build-essential libssl-dev libyaml-dev libreadline6-dev \
  zlib1g-dev libncurses5-dev libffi-dev libgdbm-dev \
-  nginx redis-server redis-tools postgresql postgresql-contrib \
+  nginx nodejs redis-server redis-tools postgresql postgresql-contrib \
  certbot python3-certbot-nginx libidn11-dev libicu-dev libjemalloc-dev
 ```

@ -197,9 +198,20 @@ Copy the configuration template for nginx from the Mastodon directory:
 ```bash
 cp /home/mastodon/live/dist/nginx.conf /etc/nginx/sites-available/mastodon
 ln -s /etc/nginx/sites-available/mastodon /etc/nginx/sites-enabled/mastodon
+rm /etc/nginx/sites-enabled/default
 ```

-Then edit `/etc/nginx/sites-available/mastodon` to replace `example.com` with your own domain name, and make any other adjustments you might need.
+Then edit `/etc/nginx/sites-available/mastodon` to 
+
+1. Replace `example.com` with your own domain name
+2. Uncomment the `ssl_certificate` and `ssl_certificate_key` lines and replace the two lines with (ignore this step if you are bringing your own certificate)
+
+```
+ssl_certificate     /etc/ssl/certs/ssl-cert-snakeoil.pem;
+ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+```
+
+3. Make any other adjustments you might need.

 Un-comment the lines starting with `ssl_certificate` and `ssl_certificate_key`, updating the path with the correct domain name.

--- a/content/en/admin/migrating.md
+++ b/content/en/admin/migrating.md
@ -39,7 +39,7 @@ At a high level, you’ll need to copy over the following:

 Less crucially, you’ll probably also want to copy the following for convenience:

-* The nginx config (under `/etc/nginx/sites-available/default`)
+* The nginx config (under `/etc/nginx/sites-available/mastodon`)
 * The systemd config files (`/etc/systemd/system/mastodon-*.service`), which may contain your server tweaks and customizations
 * The PgBouncer configuration under `/etc/pgbouncer` (if you’re using it)

--- a/content/en/admin/optional/object-storage-proxy.md
+++ b/content/en/admin/optional/object-storage-proxy.md
@ -19,6 +19,9 @@ server {
  server_name files.example.com;
  root /var/www/html;

+  ssl_certificate     /etc/ssl/certs/ssl-cert-snakeoil.pem;
+  ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+
  keepalive_timeout 30;

  location = / {
--- a/content/en/admin/optional/tor.md
+++ b/content/en/admin/optional/tor.md
@ -41,19 +41,19 @@ HiddenServiceVersion 3
 HiddenServicePort 80 127.0.0.1:80
 ```

-Restart tor.
+Restart Tor.

 ```bash
 sudo service tor restart
 ```

-Your tor hostname can now be found at `/var/lib/tor/onion_service/hostname`.
+You can now find your Tor hostname in `/var/lib/tor/hidden_service/hostname`.

 ## Move your Mastodon configuration {#nginx}

-We will need to tell Nginx about your Mastodon configuration twice. To keep things [DRY](https://en.wikipedia.org/wiki/Don%27t_repeat_yourself) we need to move the Mastodon configuration into its own file that can be referenced.
+We will need to tell Nginx about your Mastodon configuration twice. To keep things ["DRY"](https://en.wikipedia.org/wiki/Don%27t_repeat_yourself) we need to move the Mastodon configuration into its own file that can we can refer to later.

-Create a new file at `/etc/nginx/snippets/mastodon.conf`. Put all of your Mastodon configuration parameters in this file with the exception of the `listen`, `server_name`, `include` and all of the SSL options. Your new file may look something like this.
+Create a new file at `/etc/nginx/snippets/mastodon.conf`. Copy every Mastodon configuration parameter, apart from the `listen`, `server_name`, `include` directives, as well as all of the SSL options. Your new file should look somewhat like this:

 ```nginx
 add_header Referrer-Policy "same-origin";
@ -72,14 +72,14 @@ access_log /var/log/nginx/mastodon_access.log;
 error_log /var/log/nginx/mastodon_error.log warn;
 ```

-In place of your old Mastodon configuration add an include directive to this new configuration file.
+In the new configuration file, add an include directive in the place of where your Mastodon configurations were.

-Your Nginx configuration file will be left looking something like this.
+Your Nginx configuration file should now look a bit like this:

 ```nginx
 server {
  listen 80;
-  server_name mastodon.myhosting.com;
+  server_name mastodon.example.com;
  return 301 https://$server_name$request_uri;
 }

@ -91,19 +91,21 @@ map $http_upgrade $connection_upgrade {
 server {
  listen 443 ssl http2;
  list [::]:443 ssl http2;
-  server_name mastodon.myhosting.com;
+  server_name mastodon.example.com;
  include /etc/nginx/snippets/mastodon.conf;

-  ssl_certificate /etc/letsencrypt/live/mastodon.myhosting.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/mastodon.myhosting.com/privkey.pem;
+  ssl_certificate /etc/letsencrypt/live/mastodon.example.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/mastodon.example.com/privkey.pem;
 }
 ```

 ## Serve Tor over http {#http}

-While it may be tempting to serve your Tor version of Mastodon over https it is not a good idea for most people. See [this](https://blog.torproject.org/facebook-hidden-services-and-https-certs) blog post from the Tor Project about why https certificates do not add value. Since you cannot get an SSL cert for an onion domain, you will also be plagued with certificate errors when trying to use your Mastodon instance. A Tor developer has more recently spelled out the reasons why serving a Tor service over https is not beneficial for most use cases [here](https://matt.traudt.xyz/posts/2017-12-02-dont-https-your-onions/).
+This section assumes that you want to expose your instance on both Tor and the public Internet *simultaneously*.

-The solution is to serve your Mastodon instance over http, but only for Tor. This can be added by prepending an additional configuration to your Nginx configuration.
+While it may be tempting to serve your Tor version of Mastodon over HTTPS, it isn't always ideal. They are mostly useful for large companies that can produce their own certificates with their own company information. There is no Certificate Authority (CA) that provides them [for free](https://community.torproject.org/onion-services/advanced/https/), and there is also [a blog post from the Tor Project](https://blog.torproject.org/facebook-hidden-services-and-https-certs) explains why HTTPS certificates are not really beneficial for security. On the other hand, however, Mastodon uses a lot of redirects to the HTTPS version of your site, where the presence of a validated certificate may make it easier for your users to use your instance on Tor without having to manually remove the `https://` prefix in URLs.
+
+In this section, we will go over how to serve your Mastodon instance over HTTP, but for Tor **only**. This can be added by prepending an additional configuration to your existing Nginx configuration.

 ```nginx
 server {
@ -114,7 +116,7 @@ server {

 server {
  listen 80;
-  server_name mastodon.myhosting.com;
+  server_name mastodon.example.com;
  return 301 https://$server_name$request_uri;
 }

@ -126,15 +128,15 @@ map $http_upgrade $connection_upgrade {
 server {
  listen 443 ssl http2;
  list [::]:443 ssl http2;
-  server_name mastodon.myhosting.com;
+  server_name mastodon.example.com;
  include /etc/nginx/snippets/mastodon.conf;

-  ssl_certificate /etc/letsencrypt/live/mastodon.myhosting.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/mastodon.myhosting.com/privkey.pem;
+  ssl_certificate /etc/letsencrypt/live/mastodon.example.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/mastodon.example.com/privkey.pem;
 }
 ```

-Replace the long hash provided here with your Tor domain located in the file at `/var/lib/tor/onion_service/hostname`.
+Replace the long hash provided here with your Tor domain located in the file at `/var/lib/tor/hidden_service/hostname`.

 Note that the onion hostname has been prefixed with “mastodon.”. Your Tor address acts as a wildcard domain. All subdomains will be routed through, and you can configure Nginx to respond to any subdomain you wish. If you do not wish to host any other services on your tor address you can omit the subdomain, or choose a different subdomain.

@ -148,7 +150,7 @@ service nginx restart

 ## Gotchas {#gotchas}

-There are a few things you will need to be aware of. Certain redirects will push your users to https. They will have to manually replace the URL with http to continue.
-
-Various resources, such as images, will still be offered through your regular non-Tor domain. How much of a problem this is will depend greatly on your user’s level of caution.
+There are a few things you will need to be aware of.

+- As mentioned earlier, certain URLs in the Mastodon frontend will force your users to a HTTPS URL. They will have to manually replace the URL with HTTP to continue.
+- Various resources, such as images, will **still** be offered through your regular clearnet domain. This could possibly be a problem, depending on how cautious your users want, try or need to be.
--- a/content/en/admin/prerequisites.md
+++ b/content/en/admin/prerequisites.md
@ -42,11 +42,7 @@ sendername = Fail2Ban
 [sshd]
 enabled = true
 port = 22
-
-[sshd-ddos]
-enabled = true
-filter = sshd
-port = 22
+mode = aggressive
 ```

 Finally, restart fail2ban:
--- a/content/en/admin/scaling.md
+++ b/content/en/admin/scaling.md
@ -387,7 +387,29 @@ systemctl restart redis-sidekiq.service

 ## Read-replicas {#read-replicas}

-To reduce the load on your PostgreSQL server, you may wish to set up hot streaming replication (read replica). [See this guide for an example](https://cloud.google.com/community/tutorials/setting-up-postgres-hot-standby). You can make use of the replica in Mastodon in these ways:
+To reduce the load on your PostgreSQL server, you may wish to set up hot streaming replication (read replica). [See this guide for an example](https://cloud.google.com/community/tutorials/setting-up-postgres-hot-standby).
+
+### Mastodon >= 4.2
+
+Mastodon has built-in replica support starting with version 4.2. You can use the same configuration for every service (Sidekiq included), and some queries will be directed to your read-only replica, when possible, using Rails's built-in replica support. If your replica is lagging behind for more than a few seconds, then the app will stop sending it queries until it catches up.
+
+To configure it, use the following environment variables:
+
+```
+REPLICA_DB_HOST
+REPLICA_DB_PORT
+REPLICA_DB_NAME
+REPLICA_DB_USER
+REPLICA_DB_PASS
+```
+
+Alternatively, you can also use `REPLICA_DATABASE_URL` if you want to configure them all using the same variable.
+
+Once done, this is all good and you should start seeing requests against your replica server!
+
+### Mastodon <= 4.1
+
+For Mastodon versions before 4.2, you can make use of the replica in Mastodon in these ways:

 - The streaming API server does not issue writes at all, so you can connect it straight to the replica (it is not querying the database very often anyway, so the impact of this is small).
 - Use the Makara driver in the web and Sidekiq processes, so that writes go to the master database, while reads go to the replica. Let’s talk about that.
@ -419,3 +441,20 @@ Make sure that the URLs point to the correct locations for your PostgreSQL serve
 {{< hint style="warning" >}}
 Make sure the sidekiq processes run with the stock `config/database.yml` to avoid failing jobs and data loss!
 {{< /hint >}}
+
+## Using a web load balancer
+
+Cloud providers like DigitalOcean, AWS, Hetzner, etc., offer virtual load balancing solutions that distribute network traffic across multiple servers, but provide a single public IP address.
+
+Scaling your deployment to provision multiple web/Puma servers behind one of these virtual load balancers can help provide more consistent performance by reducing the risk that a single server may become overwhelmed by user traffic, and decrease downtime when performing maintenance or upgrades. You should consult your provider documentation on how to setup and configure a load balancer, but consider that you need to configure your load balancer to monitor the health of the backend web/Puma nodes, otherwise you may send traffic to a service that is not responsive.
+
+The following endpoints are available to monitor for this purpose:
+
+- **Web/Puma:** `/health`
+- **Streaming API:** `/api/v1/streaming/health`
+
+These endpoints should both return an HTTP status code of 200, and the text `OK` as a result.
+
+{{< hint style="info" >}}
+You can also use these endpoints for health checks with a third-party monitoring/alerting utility.
+{{< /hint >}}
--- a/content/en/entities/Instance.md
+++ b/content/en/entities/Instance.md
@ -293,7 +293,7 @@ aliases: [
 **Version history:**\
 4.0.0 - added

-### `configuration[vapid][public_key]` (#vapid_public_key)
+### `configuration[vapid][public_key]` {#vapid_public_key}
 **Description:** The instances VAPID public key, used for push notifications, the same as [WebPushSubscription#server_key]({{< relref "entities/WebPushSubscription#server_key" >}}).\
 **Type:** String\
 **Version history:**\
@ -499,4 +499,4 @@ aliases: [

 {{< page-relref ref="methods/instance#v2" caption="GET /api/v2/instance" >}}

-{{< caption-link url="https://github.com/mastodon/mastodon/blob/main/app/serializers/rest/instance_serializer.rb" caption="app/serializers/rest/instance_serializer.rb" >}}
+{{< caption-link url="https://github.com/mastodon/mastodon/blob/main/app/serializers/rest/instance_serializer.rb" caption="app/serializers/rest/instance_serializer.rb" >}}
--- a/content/en/entities/Relationship.md
+++ b/content/en/entities/Relationship.md
@ -26,6 +26,7 @@ aliases: [
  "muting": false,
  "muting_notifications": false,
  "requested": false,
+  "requested_by": false,
  "domain_blocking": false,
  "endorsed": false,
  "note": ""
@ -111,6 +112,13 @@ aliases: [
 **Version history:**\
 0.9.9 - added

+### `requested_by` {#requested_by}
+
+**Description:** Has this user requested to follow you?\
+**Type:** Boolean\
+**Version history:**\
+4.1.0 - added
+
 ### `domain_blocking` {#domain_blocking}

 **Description:** Are you blocking this user's domain?\
--- a/content/en/methods/accounts.md
+++ b/content/en/methods/accounts.md
@ -858,7 +858,7 @@ Accounts which follow the given account, if network is not hidden by the account
 ##### Headers

 Authorization
-: {{<required>}} Provide this header with `Bearer <user token>` to gain authorized access to this API method.
+: Provide this header with `Bearer <user token>` to gain authorized access to this API method.

 ##### Query parameters

@ -964,7 +964,7 @@ Accounts which the given account is following, if network is not hidden by the a
 ##### Headers

 Authorization
-: {{<required>}} Provide this header with `Bearer <user token>` to gain authorized access to this API method.
+: Provide this header with `Bearer <user token>` to gain authorized access to this API method.

 ##### Query parameters

--- a/content/zh-cn/admin/install.md
+++ b/content/zh-cn/admin/install.md
@ -179,7 +179,17 @@ cp /home/mastodon/live/dist/nginx.conf /etc/nginx/sites-available/mastodon
 ln -s /etc/nginx/sites-available/mastodon /etc/nginx/sites-enabled/mastodon
 ```

-编辑 `/etc/nginx/sites-available/mastodon`，替换 `example.com` 为你自己的域名，你可以根据自己的需求做出其它的一些调整。
+编辑 `/etc/nginx/sites-available/mastodon`
+
+1. 替换 `example.com` 为你自己的域名
+2. 启用 `ssl_certificate` 和 `ssl_certificate_key` 这两行，并把它们替换成如下两行（如果你使用自己的证书的话则可以忽略这一步）
+
+```
+ssl_certificate     /etc/ssl/certs/ssl-cert-snakeoil.pem;
+ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
+```
+
+3. 你还可以根据自己的需求做出其它的一些调整。

 重载 nginx 以使变更生效：

--- a/content/zh-cn/admin/optional/tor.md
+++ b/content/zh-cn/admin/optional/tor.md
@ -1,13 +1,13 @@
 ---
 title: 匿名服务
-description: 通过TOR的匿名服务来访问Mastodon。
+description: 通过Tor的匿名服务来访问Mastodon。
 menu:
  docs:
    weight: 20
    parent: admin-optional
 ---

-可以通过TOR的匿名服务来访问Mastodon。这将给你一个只能通过 TOR 网络连接的 *.onion 地址。
+可以通过Tor的匿名服务来访问Mastodon。这将给你一个只能通过 Tor 网络连接的 \*.onion 地址。

 ## 安装 Tor {#install}

@ -41,13 +41,13 @@ HiddenServiceVersion 3
 HiddenServicePort 80 127.0.0.1:80
 ```

-重启 tor。
+重启 Tor。

 ```bash
 sudo service tor restart
 ```

-现在，你的tor域名可以在 `/var/lib/tor/hidden_service/hostname` 找到。
+现在，你的Tor域名可以在 `/var/lib/tor/hidden_service/hostname` 找到。

 ## 移动你的Mastodon配置 {#nginx}

@ -77,7 +77,7 @@ error_log /var/log/nginx/mastodon_error.log warn;
 ```text
 server {
  listen 80;
-  server_name mastodon.myhosting.com;
+  server_name mastodon.example.com;
  return 301 https://$server_name$request_uri;
 }

@ -89,11 +89,11 @@ map $http_upgrade $connection_upgrade {
 server {
  listen 443 ssl http2;
  list [::]:443 ssl http2;
-  server_name mastodon.myhosting.com;
+  server_name mastodon.example.com;
  include /etc/nginx/snippets/mastodon.conf;

-  ssl_certificate /etc/letsencrypt/live/mastodon.myhosting.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/mastodon.myhosting.com/privkey.pem;
+  ssl_certificate /etc/letsencrypt/live/mastodon.example.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/mastodon.example.com/privkey.pem;
 }
 ```

@ -112,7 +112,7 @@ server {

 server {
  listen 80;
-  server_name mastodon.myhosting.com;
+  server_name mastodon.example.com;
  return 301 https://$server_name$request_uri;
 }

@ -124,11 +124,11 @@ map $http_upgrade $connection_upgrade {
 server {
  listen 443 ssl http2;
  list [::]:443 ssl http2;
-  server_name mastodon.myhosting.com;
+  server_name mastodon.example.com;
  include /etc/nginx/snippets/mastodon.conf;

-  ssl_certificate /etc/letsencrypt/live/mastodon.myhosting.com/fullchain.pem;
-  ssl_certificate_key /etc/letsencrypt/live/mastodon.myhosting.com/privkey.pem;
+  ssl_certificate /etc/letsencrypt/live/mastodon.example.com/fullchain.pem;
+  ssl_certificate_key /etc/letsencrypt/live/mastodon.example.com/privkey.pem;
 }
 ```

--- a/i18n/en-US.toml
+++ b/i18n/en-US.toml
--- a/i18n/zh-cn.toml
+++ b/i18n/zh-cn.toml
--- a/layouts/_default/single.html
+++ b/layouts/_default/single.html
@ -11,7 +11,7 @@
    {{ .Content }}

    <p style="color: #687590;">
-      {{ i18n "lastUpdated" }} {{ .Lastmod.Format "January 2, 2006" }}{{ with .File }} · <a href='https://github.com/mastodon/documentation/tree/master/content/{{ .Lang }}/{{ .Path }}' style="color: #687590;">{{ i18n "improvePage" }}{{ end }}</a>
+      {{ i18n "lastUpdated" }} {{ .Lastmod.Format "January 2, 2006" }}{{ with .File }} · <a href='https://github.com/mastodon/documentation/tree/main/content/{{ .Lang }}/{{ .Path }}' style="color: #687590;">{{ i18n "improvePage" }}{{ end }}</a>

      {{ if .IsTranslated }}
        <br />
--- a/layouts/index.html
+++ b/layouts/index.html
@ -11,7 +11,7 @@
    {{ .Content }}

    <p style="color: #687590;">
-      {{ i18n "lastUpdated" }} {{ i18n "lastUpdatedDateFormat"  .Lastmod }}{{ with .File }} · <a href='https://github.com/mastodon/documentation/tree/master/content/{{ .Lang }}/{{ .Path }}' style="color: #687590;">{{ i18n "improvePage" }}{{ end }}</a>
+      {{ i18n "lastUpdated" }} {{ i18n "lastUpdatedDateFormat"  .Lastmod }}{{ with .File }} · <a href='https://github.com/mastodon/documentation/tree/main/content/{{ .Lang }}/{{ .Path }}' style="color: #687590;">{{ i18n "improvePage" }}{{ end }}</a>

      {{ if .IsTranslated }}
        <br />
--- a/layouts/partials/footer.html
+++ b/layouts/partials/footer.html
@ -35,5 +35,5 @@
    <a href='https://joinmastodon.org'>{{ i18n "joinMastodon" }}</a> · <a href='https://blog.joinmastodon.org'>{{ i18n "blog" }}</a> · <a href='https://mastodon.social/@Mastodon' target='_blank'><i class='fab fa-mastodon'></i></a>
  </p>

-  <p class="legal">{{ with .File }}<a href='https://github.com/mastodon/documentation/tree/master/content/{{ .Lang }}/{{ .File.Path }}'>{{ i18n "viewSource" }}</a> · {{ end }}<a href='https://creativecommons.org/licenses/by-sa/4.0/'>CC BY-SA 4.0</a> · <a href='https://joinmastodon.org/imprint'>{{ i18n "imprint" }}</a></p>
+  <p class="legal">{{ with .File }}<a href='https://github.com/mastodon/documentation/tree/main/content/{{ .Lang }}/{{ .File.Path }}'>{{ i18n "viewSource" }}</a> · {{ end }}<a href='https://creativecommons.org/licenses/by-sa/4.0/'>CC BY-SA 4.0</a> · <a href='https://joinmastodon.org/imprint'>{{ i18n "imprint" }}</a></p>
 </footer>
--- a/layouts/partials/sidebar.html
+++ b/layouts/partials/sidebar.html
@ -2,6 +2,16 @@
  <img class="link-logo" src="{{ relURL "brand.svg" }}" alt="Mastodon" />
 </a>

+<input id="mobile-nav-toggle" class="mobile-nav-toggle" type="checkbox">
+<label for="mobile-nav-toggle">
+    <span class="menu-open">
+        <i class="fa fa-times"></i> Close
+    </span>
+    <span class="menu-close">
+        <i class="fa fa-bars"></i> Menu
+    </span>
+</label>
+
 <ul>
  {{ $currentPage := . }}
  {{ range .Site.Menus.docs.ByWeight }}