cc3b0e393d
Add Let's Encrypt section ( #335 )
...
* Add Let's Encrypt section with a short guide to certificate tool installation, certificate generation and automated renewal.
* Use systemctl instead of service in LE section
This is for consistency reasons.
2017-07-11 00:06:03 +02:00
aa28bbc4b6
remove bit about cronjobs ( #333 )
...
this has been out of date for a few months now
2017-07-05 03:01:30 +02:00
36065d56c0
Add list of Rake tasks ( #331 )
2017-07-04 15:26:54 +02:00
e976e8c0c7
Adds `mastodon:media:remove_silenced` rake task ( #329 )
2017-07-02 20:14:40 +02:00
07dd12e873
New server
2017-07-01 05:43:40 +02:00
bca4ee4f06
Add the first step to clone.
2017-06-29 20:56:50 +09:00
5cba732c10
Added my instance ( #323 )
2017-06-27 11:56:37 +02:00
3d88f71e21
Mention that we can use prebuilt images in docs. ( #313 )
...
* Mention that we can use prebuilt images.
Instead of building our own.
* Mention that we need to comment out `build`.
If we want to use prebuilt.
2017-06-27 11:53:59 +02:00
e191aaa7a3
Remove the cronjobs section from the production guide
2017-06-25 07:52:20 +02:00
39fe30df48
Update Production-guide.md
...
Fixes the problem where the `mastodon` user has /bin/false as a shell and so `sudo -iu` won't do anything
2017-06-20 13:39:20 +02:00
06fc3e68c5
Remove unavailable package from General dependencies for CentOS / RHEL
2017-06-18 13:52:27 +09:00
eb317b35bb
added some missing info to prod. ( #306 )
...
* added some missing info
* changed login and user creation
* corrected user creation and login
hopefully
2017-06-17 15:16:48 +02:00
db5c961282
small doc fix ( #307 )
2017-06-17 14:30:28 +02:00
61d6d17904
Update command to checkout latest release.
...
The git tag command was incorrectly checking out release candidates instead of the latest release. Fixes #309
2017-06-15 17:22:04 +02:00
445dc18cd9
Missing RAILS_ENV=production and bundle exec
...
If you're omitting RAILS_ENV and `bundle exec` you'll have:
~~~
rake aborted!
NameError: uninitialized constant Annotate
[…]
~~~
2017-06-14 17:40:01 +02:00
491e44c346
Create Serving_a_different_domain.md
...
The location directive was missing the "=" operator.
2017-06-11 03:55:38 +02:00
e2fcb2f407
Update resources of oc.todon.fr
2017-06-04 17:24:38 +02:00
58d6dcb46a
Remove the procedure to run `rake secret` outside the container
...
This change will help users avoid unnecessary procedure to
complete `bundle install` outside the container.
The explanation
> To generate the PAPERCLIP_SECRET, SECRET_KEY_BASE, and
> OTP_SECRET, you may use:
>
> ```
> rake secret
> ```
gives users a false impression that secrets have to be filled in
before the image can be built. Here, with introduction of CLD3,
completion of `bundle install` became more involved procedure to
prepare tools and libraries as well as higher version of Ruby.
2017-06-02 21:19:30 -10:00
e8bcf6a035
Explicitly use --provider option for vagrant up
...
When a provider other than virtualbox is registered in Vagrant, `vagrant up` can not start Mastodon.
For example, it corresponds to the environment where Parallels Desktop is installed.
2017-05-31 12:52:03 +09:00
473152c792
Update on apache configuration
...
Added the needed ProxyPass exceptions for 1.4.1
2017-05-29 17:32:17 -04:00
2da7d4fc0a
Needed pkg-config to install cld3.
...
In Debian the package `pkg-config` is required to install the rubygem `cld3`.
2017-05-29 14:36:32 -04:00
cc88ba21df
Merge pull request #272 from tootsuite/fix-custom-scss
...
Update customization guide
2017-05-27 16:55:17 +02:00
d892b9ff8f
Update customization guide
2017-05-27 16:51:28 +02:00
8b5d2ba471
Fix API docs by adding missing attributes and methods, fix example
...
nginx config by removing overly specific configuration options
that confuse more than they help
2017-05-26 17:29:47 +02:00
4b2ae4a9bd
Add snippet in dev guide about manage:translations
2017-05-25 22:54:32 -07:00
d17b64e130
Merge pull request #129 from danhunsaker/feature/nanobox
...
Document Nanobox Usage
2017-05-23 16:57:23 +02:00
6b29d736ec
s/assets/packs/
...
`assets` are now at `packs`. Unfortunately this change will permanently cache `stats.json` and `report.html`, but these aren't super critical since they're just for debugging. I confirmed that `manifest.json` is not affected and no other non-fingerprinted assets are affected.
2017-05-22 20:07:40 -07:00
887837ab87
Update Development-guide.md
...
Since the document specifies the `--pure-lockfile` flag, it seems inaccurate to say, "Similarly, installing JavaScript dependencies doesn't require any flags."
I've changed the text accordingly. I hope it's appropriate!
2017-05-21 22:57:17 -07:00
770c90da74
Merge pull request #239 from jeroenpraat/patch-2
...
explaining DB_POOL better
2017-05-22 04:23:21 +02:00
b71e181661
Merge pull request #244 from seefood/patch-1
...
dependencies and webpacker
2017-05-22 04:21:43 +02:00
f4e6c29a53
Update Development-guide.md
2017-05-22 04:21:32 +02:00
9a89190202
Update Development-guide.md
2017-05-22 04:20:26 +02:00
c29f6f2ee6
Update Development-guide.md
2017-05-22 04:19:33 +02:00
d0b9bb8801
Update Development-guide.md
...
Add protobuf to brew install line - needed by cld3
2017-05-17 00:08:04 -04:00
afaa3feda1
Merge pull request #251 from aral/mac-development-environment-instructions
...
Mac development environment instructions
2017-05-16 16:56:15 +02:00
ab538eeb51
Fix typo on Mac developer guide
2017-05-16 16:45:40 +02:00
0f26e2962a
Cosmetic: removed trailing line in code on Mac dev guide
2017-05-16 16:31:44 +02:00
9de932c427
Change order of prerequisites in Mac development guide
...
Xcode commandline tools need to be installed before ffmpeg is
as they’re used to compile it.
2017-05-16 16:20:03 +02:00
34071d26d0
Improve running instructions in Mac development guide ( #250 )
2017-05-16 16:09:37 +02:00
c84f141e22
Add Mac development environment setup instructions. Closes #250
2017-05-16 16:04:50 +02:00
9f752db5e0
Added note about adding backports on Debian. ( #249 )
...
Added a note about having to add Debian Backports repository to properly install `ffmpeg`.
2017-05-15 16:24:12 -07:00
acf56f2266
Webpacker addition after v1.3.3 requires a documentation as well.
2017-05-13 18:48:49 +03:00
3f4db4fe31
Packages that were needed in my dev env
...
Packages that were needed in my dev env
2017-05-13 18:11:55 +03:00
70bddee7d3
Add munin plugins repositories
2017-05-11 11:23:32 +02:00
2c51aa53f8
Add missing queue to the sidekiq command
2017-05-10 19:21:51 +02:00
1c5e3bce14
explaining DB_POOL better
2017-05-10 16:29:26 +02:00
00f401ba6f
Update "Customizing your instance" according to a change in Mastodon ( #234 )
...
This change reflects commit af6a84da147f4230807b37c64bc09760e6ab5055 in
mastodon repository.
2017-05-10 15:47:03 +02:00
124598b206
Add dependencies for CLD3 ( #235 )
...
This reflects commit d5cabfe5c65ac29d2f9c151b46c01a9fd885a9e0 in mastodon
repository.
2017-05-10 15:46:17 +02:00
e97ec8f8ff
more better instructions of debian jessie-backports ( #232 )
...
* more better instructions of debian jessie-backports
* minor fix
2017-05-09 09:10:10 -07:00
3ad0c4ab19
Updates for Docker documentation. See discussion in #136 . ( #214 )
2017-05-09 10:12:02 +02:00
03ee8bedfa
Add a Debian 8 installation note ( #223 )
...
* Add a Debian 8 installation note
According to the conversation in f0a863feec
2017-05-09 08:10:16 +02:00
2be17b694c
Merge pull request #193 from alifianmahardhika/patch-1
...
Update Vagrant-guide.md
2017-05-08 11:33:09 -07:00
5b91212370
Merge pull request #204 from nolanlawson/fwenzel-patch-1
...
Add default CSP (take 2)
2017-05-08 11:16:49 -07:00
8a57435b88
remove referrer-policy: strict-origin-when-cross-origin
2017-05-07 19:42:46 -07:00
444beff404
remove unsafe-inline from script-src
2017-05-07 19:34:52 -07:00
443ee05b75
Remove duplicate line in Administration guide
2017-05-07 22:41:19 +02:00
234175e30a
Merge pull request #210 from tootsuite/Gargron-patch-1
...
Fix Node.js installation recommendation, also use 6.x
2017-05-07 10:15:22 -07:00
50edeb67e2
Merge pull request #196 from kagucho/master
...
Use "sudo -u" instead of "sudo su"
2017-05-07 14:45:59 +02:00
1f202dedc1
Merge pull request #203 from wolfyshy/master
...
Update Apache configuration a bit
2017-05-07 00:51:34 +02:00
a8da345a79
Merge pull request #209 from suoko/patch-1
...
Updated Administration-guide.md
2017-05-07 00:45:13 +02:00
530ce36181
Merge pull request #212 from suoko/patch-2
...
Update Administration-guide.md
2017-05-07 00:43:43 +02:00
07309d26dd
Merge pull request #202 from takayamaki/fix_pgbouncer_guide
...
fix section "Configuring userlist.txt" of PgBouncer-guide.md
2017-05-07 00:42:03 +02:00
0b79565316
fix section "Configuring userlist.txt" of PgBouncer-guide.md
...
fix order of username and password when generating hash with md5sum
https://pgbouncer.github.io/config.html#authentication-file-format
2017-05-07 05:09:42 +09:00
fd3927b956
Update Administration-guide.md
...
Update for those using docker
2017-05-06 13:53:15 +02:00
04efe7f909
scalingo guide: major improvements
...
- better limitation docs
- add instructions for adding custom domains
- add upgrading instructions
2017-05-05 22:35:05 -05:00
5d9994a4c2
Fix Node.js installation recommendation, also use 6.x
2017-05-06 04:38:01 +02:00
7f5258ce84
Updated Administration-guide.md
...
This way you can assign admininistration priviledges to users on some configurations
2017-05-05 21:05:34 +02:00
d75b3d41c6
Merge pull request #207 from d6rkaiz/patch-3
...
Instructions for installing on CentOS
2017-05-05 02:01:05 +02:00
a3097c94e5
Instructions for installing on CentOS
...
related: #13
2017-05-05 04:33:04 +09:00
efefa29739
update how to launch application with vagrant
2017-05-04 16:45:37 +09:00
5bd6d4de27
update image-src/media-src to be more lax
2017-05-03 22:39:33 -07:00
38ddc33afc
Update Apache configuration a bit
...
This is the configuration we use on https://generous.horse and it includes the Cache-Control and Referrer-Policy headers.
2017-05-03 19:28:56 -05:00
01c5d5a29c
Add note on PuSH issue with Mastodon v1.3.2
2017-05-03 09:32:18 +02:00
cab815878c
Use "sudo -u" instead of "sudo su"
...
"sudo su" limits the capability of sudo to log the operations. -u option is
more straightforward and has better logging.
2017-05-03 11:02:55 +09:00
e564f507a3
Update Vagrant-guide.md
2017-05-02 13:04:35 +09:00
448906e217
Prerequisites and cronjobs ( #183 )
...
* Prerequisites and cronjobs
* We probably we don't even support Windows and Mac
2017-05-01 16:59:28 +02:00
718daad4a8
Add photos and avatars to static/immutable cache ( #184 )
2017-05-01 16:57:16 +02:00
9430d2e2d9
Document how to use WEB_DOMAIN along with common pitfalls ( #149 )
...
* Create Serving_a_different_domain.md
Add extensive documentation for WEB_DOMAIN, as the feature is ill-documented and may be confusing.
* Fix Serving_a_different_domain.md
* Webfinger discovery workaround has made its way to v1.3.0
2017-05-01 16:45:18 +02:00
f0a863feec
Recommend HTTP/2 in the nginx config ( #178 )
2017-05-01 16:35:16 +02:00
befab7b7c3
Include explicit production environment ( #172 )
...
These tasks sometimes fail under non-Docker installations when the administrator tries to run them without explicitly requesting the production environment.
2017-05-01 16:32:47 +02:00
72ed10378f
Avoid hard-coding ciphers into configuration ( #171 )
...
* Avoid hard-coding ciphers into configuration
This change allows OpenSSL to choose the most appropriate available cipher(s) from the HIGH cipher suite. This is sufficient to get an A on the SSLLabs.com tests suite. If MEDIUM is allowed as well, the grade drops to a B which is still more than adequate for most deployments.
This type of configuration would prevent problems such as the current inability of Tusky on Android 7 devices to connect to some Mastodon instances.
The main benefit though, is this delegates the decisions about which ciphers are "good" and which ciphers are "bad" to the experts; the distribution security teams and the OpenSSL developers. If a weakness is found in a particular cipher it will get moved from HIGH to one of the lower classes (or removed entirely) and this will get deployed just like any other security update. Similarly, if new stronger ciphers are standardized (such as Curve 25519) - these will immediately become available without needing to change the configuration.
Hope this helps!
Note: I have not been able to test this change with Mastodon myself. I am using these settings in production elsewhere though, and they work quite well. Alternately, if people don't want to trust the OpenSSL definitions, please consider taking a look at https://wiki.mozilla.org/Security/Server_Side_TLS and implementing the recommendations from there.
* Also avoid SHA1
As requested during review. :)
* Fix a typo in the ssl_ciphers line
I wrote !SHA1, should have written just !SHA. Very sorry about the noise.
2017-04-27 22:25:39 +02:00
79f58d8b13
Fix typo in BgBouncer-guide.md ( #168 )
2017-04-27 22:24:59 +02:00
938575a679
Revert "Avoid hard-coding ciphers into configuration ( #122 )" ( #170 )
...
This reverts commit fc79d23ad0
2017-04-27 22:15:37 +02:00
fc79d23ad0
Avoid hard-coding ciphers into configuration ( #122 )
...
* Avoid hard-coding ciphers into configuration
This change allows OpenSSL to choose the most appropriate available cipher(s) from the HIGH cipher suite. This is sufficient to get an A on the SSLLabs.com tests suite. If MEDIUM is allowed as well, the grade drops to a B which is still more than adequate for most deployments.
This type of configuration would prevent problems such as the current inability of Tusky on Android 7 devices to connect to some Mastodon instances.
The main benefit though, is this delegates the decisions about which ciphers are "good" and which ciphers are "bad" to the experts; the distribution security teams and the OpenSSL developers. If a weakness is found in a particular cipher it will get moved from HIGH to one of the lower classes (or removed entirely) and this will get deployed just like any other security update. Similarly, if new stronger ciphers are standardized (such as Curve 25519) - these will immediately become available without needing to change the configuration.
Hope this helps!
Note: I have not been able to test this change with Mastodon myself. I am using these settings in production elsewhere though, and they work quite well. Alternately, if people don't want to trust the OpenSSL definitions, please consider taking a look at https://wiki.mozilla.org/Security/Server_Side_TLS and implementing the recommendations from there.
* Also avoid SHA1
As requested during review. :)
2017-04-27 22:13:27 +02:00
0282f3d7e4
Update Tuning.md to mention `STREAMING_CLUSTER_NUM` ( #151 )
...
* Update Tuning.md to mention `STREAMING_CLUSTER_NUM`
This is a new option as documented here: bb04a9be52/.env.production.sample (L90-L92)
2017-04-27 20:02:47 +02:00
5f371e9264
Fix typo
2017-04-27 07:37:52 -07:00
dcc2945e59
Add a bit more about logging
2017-04-27 07:37:02 -07:00
cd3d3f9fa0
Add PgBouncer guide
2017-04-27 07:29:44 -07:00
371864c39e
Development: Fix bundle install instructions and expand on running rails ( #133 )
2017-04-27 11:15:53 +02:00
64a1c834b2
Docker-guide consistency
2017-04-27 10:56:41 +02:00
fbb0f346c3
Add yarn install option
2017-04-24 22:21:23 +09:00
8fca29162d
munin graph for your mastodon instance
2017-04-23 18:51:37 +02:00
645fd80eff
Merge pull request #134 from zorun/letsencrypt
...
Production guide: add support for let's encrypt in the nginx config
2017-04-23 06:00:14 +02:00
8bc1fd2194
only add cache-control, remove comment
2017-04-22 17:09:39 -07:00
32f4c5319f
add nginx config for static assets
2017-04-22 16:19:53 -07:00
a8d244ad42
Production guide: add support for let's encrypt in the nginx config
...
This notably fixes potential issues like this one https://github.com/tootsuite/mastodon/issues/1665
2017-04-22 18:44:22 +02:00
4fc9c889ef
Fixing typos in Docker-Guide.md (rails -> rake) ( #112 )
2017-04-22 10:38:15 +02:00
d693b104f9
Document Nanobox Usage
...
To be merged after Nanobox Support is merged in the main repo: https://github.com/tootsuite/mastodon/pull/1709
2017-04-22 01:21:37 -06:00
b98af5e96d
Add default CSP
...
Add a default CSP that allows anything from the local domain, plus inline styles, data: URIs, and no framing.
2017-04-21 21:57:48 -07:00
22c52995ad
Adds note about persisting volumes. ( #113 )
2017-04-22 00:34:36 +02:00
9efa9b69d8
Small URL error in Resources-needed.md ( #116 )
...
Corrected "https://mastodon.technllogy " to "https://mastodon.technology "
2017-04-22 00:29:06 +02:00
553d04cf43
update nginx ssl config ( #120 )
...
To further increase security add a strong Diffie-Hellman group, which is standard practice when setting up ssl certs. Anyone who can setup letsencrypt can also setup a DH group.
2017-04-22 00:28:43 +02:00
7bde3a602a
Make tuning.md a little more accurate
2017-04-21 12:16:27 -06:00
fa8d76c406
Add administration section on how to create users while registration is closed ( #107 )
2017-04-20 20:08:05 +02:00
85ff981217
Fix bad quote char in IAM policy ( #108 )
2017-04-20 20:07:32 +02:00
509793419d
add git fetch line to upgrade section ( #110 )
2017-04-20 20:06:21 +02:00
38fcd2a5c9
Merge pull request #98 from ashfurrow/docker-update
...
Updates Docker Update Instructions for git
2017-04-20 14:46:56 +02:00
3c211890df
Fixes update section
2017-04-20 02:17:52 +02:00
ffe2935f5c
Add cost estimate column ( #91 )
...
* Add cost estimate column
To give interested admin an idea of what expected costs might be.
* Add estimate for mastodon.technology
based on blog post
* Fix missing header dashes
2017-04-20 01:09:09 +02:00
95a6040458
Mention `yarn install` in production upgrade guide ( #62 )
2017-04-19 18:44:07 +02:00
18e4c617a2
Update link ( #93 )
...
Fix typo
2017-04-19 18:36:28 +02:00
43692e45b0
Mention Yarn in Dev Docs ( #100 )
...
Adds a mention of `yarn install` in the development guide so people know
to, well, run it.
2017-04-19 18:28:13 +02:00
a6f0fbc043
Might have not been a good idea
2017-04-19 18:21:28 +02:00
507de093a6
Adds disk usage and fixes info for my instance
2017-04-19 17:03:35 +02:00
24e97522a6
Updates update instructions.
2017-04-18 20:58:59 -04:00
4b67a3574b
Import from main repo README ( #82 )
...
* Add docker guide from main repo readme
* Add maintenance tasks doc to running section
* Clean up markdown in prod guide
* Move guidance to use tagged releases to docs
* Move local domain and host config to docs repo
* Title of page
* Update Production-guide.md
2017-04-18 16:32:47 +02:00
d0f619f23a
Added documentation. ( #85 )
2017-04-18 16:14:57 +02:00
1a82d42d76
fix typo ( #86 )
2017-04-18 16:14:20 +02:00
1dee21633b
Adds the mastodon-admin Mailing list
2017-04-17 17:49:49 +02:00
1388d60f42
Updated Mailgun instructions ( #76 )
...
This is not quite step-by-step yet, but at least indicates that you need to do more than just adding the Mailgun add on.
2017-04-17 17:14:55 +02:00
18b243df0d
Make it clearer that installing 'vagrant-hostsupdater' is optional ( #78 )
2017-04-17 17:14:14 +02:00
0b5cb11d08
Use the united command for daily task ( #81 )
...
commit of mastodon here e17f9d5e1a
2017-04-17 17:13:15 +02:00
35abda9b20
Fix bandwidth units for oc.todon.fr ( #80 )
...
* Fix bandwidth units for oc.todon.fr
(+ round the values a bit)
* Fix units again
* Consistency
2017-04-17 17:12:50 +02:00
124a1c1646
Add users:clear rake task to admin guide ( #73 )
2017-04-17 02:07:34 +02:00
a893d018ba
Prevent people from pulling master in production ( #71 )
2017-04-17 00:32:34 +02:00
9c1972673a
Customization with custom.scss documentation ( #56 )
...
* Customization with custom.scss documentation
* Update Customizing.md
2017-04-17 00:26:17 +02:00
eb32fc9738
Specifies to run the latest tagged release
2017-04-16 16:14:31 +02:00
602ba587f9
Merge remote-tracking branch 'origin/master'
2017-04-16 12:03:45 +02:00
52708eb561
Resources needed: Add oc.todon.fr stats and more columns ( #57 )
...
* Resources needed: Add oc.todon.fr stats and more columns
* Resources needed: Add details on the server model
2017-04-16 11:57:39 +02:00
c631975d93
Fix typo
...
fix two small typos
2017-04-15 20:13:06 -04:00
4e1e8bf7aa
Added recommendation against running free dynos in production. ( #54 )
2017-04-15 23:58:33 +02:00
77469f413d
Create Ressources-needed.md
2017-04-15 21:30:01 +02:00
e743a88870
Fixed grammatical error and incorrect icon filename ( #45 )
...
* Fixed grammatical error. 'Setup' should be 'set up' in two places
* Fixed incorrect filename for Follow icon
2017-04-15 01:10:09 +02:00
3cfacecb6c
moved things into alternatives.md
2017-04-14 15:53:38 -07:00
9ffcb6f10d
Merge pull request #5 from feragon/openrc
...
Add init scripts
2017-04-14 10:23:48 +02:00
2652c9dd0a
Move init scripts to Misc.md
2017-04-14 10:06:01 +02:00
bdf7d53c9a
Merge pull request #29 from jemus42/patch-1
...
Add info about already set HTTP headers
2017-04-14 02:07:34 +02:00
6e431d26de
Removes duplicate HSTS directive
2017-04-14 02:03:03 +02:00
368d815e4d
Removes the includeSubDomains directive from HSTS
2017-04-14 02:00:01 +02:00
f2814435d5
Merge branch 'master' into patch-2
2017-04-14 01:56:54 +02:00
5bbee7f69e
Merge pull request #14 from datn/master
...
made pg_hba.conf addition with ident for Ubuntu 16.04
2017-04-14 01:53:07 +02:00
5c7a3ec16c
Merge pull request #12 from staticsafe/master
...
Use 127.0.0.1 instead of localhost in Sidekiq proxy_pass.
2017-04-14 01:50:51 +02:00
dae0d21d57
Add info about already set HTTP headers
...
Intended to avoid setting duplicate HTTP headers which will cause issues with tools like Mozilla Observatory many people use to evaluate an instance's security.
2017-04-13 19:37:33 +02:00
d960311faa
Merge pull request #23 from foozmeat/pr-cron
...
simplified the cronjob section
2017-04-13 19:30:43 +02:00
b8cd7a99d4
removed weird dot characters
2017-04-13 10:28:57 -07:00
0005b49faf
example nginx: remove includeSubDomains from hsts
2017-04-13 10:28:50 +02:00
9c679e3741
simplified the cronjob section
2017-04-12 21:57:04 -07:00
35f696b95e
Merge pull request #16 from expenses/master
...
Added ngrok link
2017-04-12 12:39:39 -04:00
bd5972626a
Merge pull request #6 from Komic/master
...
Adding an Apache configuration example
2017-04-12 12:22:40 -04:00
d92bd4544e
Add IPv6 for port 443
2017-04-12 16:07:26 +02:00
Sadiq Saif