Commit Graph

214 Commits

Author SHA1 Message Date
Myles Braithwaite 9f752db5e0 Added note about adding backports on Debian. (#249)
Added a note about having to add Debian Backports repository to properly install `ffmpeg`.
2017-05-15 16:24:12 -07:00
Ira Abramov acf56f2266 Webpacker addition after v1.3.3 requires a documentation as well. 2017-05-13 18:48:49 +03:00
Ira 3f4db4fe31 Packages that were needed in my dev env
Packages that were needed in my dev env
2017-05-13 18:11:55 +03:00
Luc Didry 70bddee7d3 Add munin plugins repositories 2017-05-11 11:23:32 +02:00
Valentin Lorentz 2c51aa53f8 Add missing queue to the sidekiq command 2017-05-10 19:21:51 +02:00
jeroenpraat 1c5e3bce14 explaining DB_POOL better 2017-05-10 16:29:26 +02:00
Akihiko Odaki 00f401ba6f Update "Customizing your instance" according to a change in Mastodon (#234)
This change reflects commit af6a84da147f4230807b37c64bc09760e6ab5055 in
mastodon repository.
2017-05-10 15:47:03 +02:00
Akihiko Odaki 124598b206 Add dependencies for CLD3 (#235)
This reflects commit d5cabfe5c65ac29d2f9c151b46c01a9fd885a9e0 in mastodon
repository.
2017-05-10 15:46:17 +02:00
Isao Sugimoto e97ec8f8ff more better instructions of debian jessie-backports (#232)
* more better instructions of debian jessie-backports

* minor fix
2017-05-09 09:10:10 -07:00
Ash Furrow 3ad0c4ab19 Updates for Docker documentation. See discussion in #136. (#214) 2017-05-09 10:12:02 +02:00
Darius Kazemi 03ee8bedfa Add a Debian 8 installation note (#223)
* Add a Debian 8 installation note

According to the conversation in f0a863feec, Debian 8 installs
an older version of nginx by default. This adds a note telling people
how to install a newer one.

* updating wording
2017-05-09 08:10:16 +02:00
Darius Kazemi 2be17b694c Merge pull request #193 from alifianmahardhika/patch-1
Update Vagrant-guide.md
2017-05-08 11:33:09 -07:00
Darius Kazemi 5b91212370 Merge pull request #204 from nolanlawson/fwenzel-patch-1
Add default CSP (take 2)
2017-05-08 11:16:49 -07:00
Nolan Lawson 8a57435b88 remove referrer-policy: strict-origin-when-cross-origin 2017-05-07 19:42:46 -07:00
Nolan Lawson 444beff404 remove unsafe-inline from script-src 2017-05-07 19:34:52 -07:00
Jarek Lipski 443ee05b75 Remove duplicate line in Administration guide 2017-05-07 22:41:19 +02:00
Darius Kazemi 234175e30a Merge pull request #210 from tootsuite/Gargron-patch-1
Fix Node.js installation recommendation, also use 6.x
2017-05-07 10:15:22 -07:00
Eugen Rochko 50edeb67e2 Merge pull request #196 from kagucho/master
Use "sudo -u" instead of "sudo su"
2017-05-07 14:45:59 +02:00
Eugen Rochko 1f202dedc1 Merge pull request #203 from wolfyshy/master
Update Apache configuration a bit
2017-05-07 00:51:34 +02:00
Eugen Rochko a8da345a79 Merge pull request #209 from suoko/patch-1
Updated Administration-guide.md
2017-05-07 00:45:13 +02:00
Eugen Rochko 530ce36181 Merge pull request #212 from suoko/patch-2
Update Administration-guide.md
2017-05-07 00:43:43 +02:00
Eugen Rochko 07309d26dd Merge pull request #202 from takayamaki/fix_pgbouncer_guide
fix section "Configuring userlist.txt" of PgBouncer-guide.md
2017-05-07 00:42:03 +02:00
takayamaki 0b79565316 fix section "Configuring userlist.txt" of PgBouncer-guide.md
fix order of username and password when generating hash with md5sum
https://pgbouncer.github.io/config.html#authentication-file-format
2017-05-07 05:09:42 +09:00
suoko fd3927b956 Update Administration-guide.md
Update for those using docker
2017-05-06 13:53:15 +02:00
William Pitcock 04efe7f909 scalingo guide: major improvements
- better limitation docs
- add instructions for adding custom domains
- add upgrading instructions
2017-05-05 22:35:05 -05:00
Eugen Rochko 5d9994a4c2 Fix Node.js installation recommendation, also use 6.x 2017-05-06 04:38:01 +02:00
suoko 7f5258ce84 Updated Administration-guide.md
This way you can assign admininistration priviledges to users on some configurations
2017-05-05 21:05:34 +02:00
Eugen Rochko d75b3d41c6 Merge pull request #207 from d6rkaiz/patch-3
Instructions for installing on CentOS
2017-05-05 02:01:05 +02:00
Isao Sugimoto a3097c94e5 Instructions for installing on CentOS
related: #13
2017-05-05 04:33:04 +09:00
ABCanG efefa29739 update how to launch application with vagrant 2017-05-04 16:45:37 +09:00
Nolan Lawson 5bd6d4de27 update image-src/media-src to be more lax 2017-05-03 22:39:33 -07:00
Wolfyshy LeLoupe 38ddc33afc Update Apache configuration a bit
This is the configuration we use on https://generous.horse and it includes the Cache-Control and Referrer-Policy headers.
2017-05-03 19:28:56 -05:00
ThibG 01c5d5a29c Add note on PuSH issue with Mastodon v1.3.2 2017-05-03 09:32:18 +02:00
Akihiko Odaki cab815878c Use "sudo -u" instead of "sudo su"
"sudo su" limits the capability of sudo to log the operations. -u option is
more straightforward and has better logging.
2017-05-03 11:02:55 +09:00
Alifian Mahardhika e564f507a3 Update Vagrant-guide.md 2017-05-02 13:04:35 +09:00
jeroenpraat 448906e217 Prerequisites and cronjobs (#183)
* Prerequisites and cronjobs

* We probably we don't even support Windows and Mac
2017-05-01 16:59:28 +02:00
Nolan Lawson 718daad4a8 Add photos and avatars to static/immutable cache (#184) 2017-05-01 16:57:16 +02:00
ThibG 9430d2e2d9 Document how to use WEB_DOMAIN along with common pitfalls (#149)
* Create Serving_a_different_domain.md

Add extensive documentation for WEB_DOMAIN, as the feature is ill-documented and may be confusing.

* Fix Serving_a_different_domain.md

* Webfinger discovery workaround has made its way to v1.3.0
2017-05-01 16:45:18 +02:00
Nolan Lawson f0a863feec Recommend HTTP/2 in the nginx config (#178) 2017-05-01 16:35:16 +02:00
Noëlle Anthony befab7b7c3 Include explicit production environment (#172)
These tasks sometimes fail under non-Docker installations when the administrator tries to run them without explicitly requesting the production environment.
2017-05-01 16:32:47 +02:00
Bjarni Rúnar Einarsson 72ed10378f Avoid hard-coding ciphers into configuration (#171)
* Avoid hard-coding ciphers into configuration

This change allows OpenSSL to choose the most appropriate available cipher(s) from the HIGH cipher suite. This is sufficient to get an A on the SSLLabs.com tests suite. If MEDIUM is allowed as well, the grade drops to a B which is still more than adequate for most deployments.

This type of configuration would prevent problems such as the current inability of Tusky on Android 7 devices to connect to some Mastodon instances.

The main benefit though, is this delegates the decisions about which ciphers are "good" and which ciphers are "bad" to the experts; the distribution security teams and the OpenSSL developers. If a weakness is found in a particular cipher it will get moved from HIGH to one of the lower classes (or removed entirely) and this will get deployed just like any other security update. Similarly, if new stronger ciphers are standardized (such as Curve 25519) - these will immediately become available without needing to change the configuration.

Hope this helps!

Note: I have not been able to test this change with Mastodon myself. I am using these settings in production elsewhere though, and they work quite well. Alternately, if people don't want to trust the OpenSSL definitions, please consider taking a look at https://wiki.mozilla.org/Security/Server_Side_TLS and implementing the recommendations from there.

* Also avoid SHA1

As requested during review. :)

* Fix a typo in the ssl_ciphers line

I wrote !SHA1, should have written just !SHA. Very sorry about the noise.
2017-04-27 22:25:39 +02:00
Nolan Lawson 79f58d8b13 Fix typo in BgBouncer-guide.md (#168) 2017-04-27 22:24:59 +02:00
wxcafé 938575a679 Revert "Avoid hard-coding ciphers into configuration (#122)" (#170)
This reverts commit fc79d23ad0.
2017-04-27 22:15:37 +02:00
Bjarni Rúnar Einarsson fc79d23ad0 Avoid hard-coding ciphers into configuration (#122)
* Avoid hard-coding ciphers into configuration

This change allows OpenSSL to choose the most appropriate available cipher(s) from the HIGH cipher suite. This is sufficient to get an A on the SSLLabs.com tests suite. If MEDIUM is allowed as well, the grade drops to a B which is still more than adequate for most deployments.

This type of configuration would prevent problems such as the current inability of Tusky on Android 7 devices to connect to some Mastodon instances.

The main benefit though, is this delegates the decisions about which ciphers are "good" and which ciphers are "bad" to the experts; the distribution security teams and the OpenSSL developers. If a weakness is found in a particular cipher it will get moved from HIGH to one of the lower classes (or removed entirely) and this will get deployed just like any other security update. Similarly, if new stronger ciphers are standardized (such as Curve 25519) - these will immediately become available without needing to change the configuration.

Hope this helps!

Note: I have not been able to test this change with Mastodon myself. I am using these settings in production elsewhere though, and they work quite well. Alternately, if people don't want to trust the OpenSSL definitions, please consider taking a look at https://wiki.mozilla.org/Security/Server_Side_TLS and implementing the recommendations from there.

* Also avoid SHA1

As requested during review. :)
2017-04-27 22:13:27 +02:00
Nolan Lawson 0282f3d7e4 Update Tuning.md to mention `STREAMING_CLUSTER_NUM` (#151)
* Update Tuning.md to mention `STREAMING_CLUSTER_NUM`

This is a new option as documented here: bb04a9be52/.env.production.sample (L90-L92)

* note number of cores - 1
2017-04-27 20:02:47 +02:00
Nolan Lawson 5f371e9264 Fix typo 2017-04-27 07:37:52 -07:00
Nolan Lawson dcc2945e59 Add a bit more about logging 2017-04-27 07:37:02 -07:00
Nolan Lawson cd3d3f9fa0 Add PgBouncer guide 2017-04-27 07:29:44 -07:00
zorun 371864c39e Development: Fix bundle install instructions and expand on running rails (#133) 2017-04-27 11:15:53 +02:00
wxcafé 64a1c834b2 Docker-guide consistency 2017-04-27 10:56:41 +02:00
178inaba fbb0f346c3 Add yarn install option 2017-04-24 22:21:23 +09:00
Christian Quest 8fca29162d munin graph for your mastodon instance 2017-04-23 18:51:37 +02:00
Eugen 645fd80eff Merge pull request #134 from zorun/letsencrypt
Production guide: add support for let's encrypt in the nginx config
2017-04-23 06:00:14 +02:00
Nolan Lawson 8bc1fd2194 only add cache-control, remove comment 2017-04-22 17:09:39 -07:00
Nolan Lawson 32f4c5319f add nginx config for static assets 2017-04-22 16:19:53 -07:00
Baptiste Jonglez a8d244ad42 Production guide: add support for let's encrypt in the nginx config
This notably fixes potential issues like this one https://github.com/tootsuite/mastodon/issues/1665
2017-04-22 18:44:22 +02:00
Alan deLevie 4fc9c889ef Fixing typos in Docker-Guide.md (rails -> rake) (#112) 2017-04-22 10:38:15 +02:00
Dan Hunsaker d693b104f9 Document Nanobox Usage
To be merged after Nanobox Support is merged in the main repo: https://github.com/tootsuite/mastodon/pull/1709
2017-04-22 01:21:37 -06:00
Fred Wenzel b98af5e96d Add default CSP
Add a default CSP that allows anything from the local domain, plus inline styles, data: URIs, and no framing.
2017-04-21 21:57:48 -07:00
Ash Furrow 22c52995ad Adds note about persisting volumes. (#113) 2017-04-22 00:34:36 +02:00
Gervais Gwenaël 9efa9b69d8 Small URL error in Resources-needed.md (#116)
Corrected "https://mastodon.technllogy" to "https://mastodon.technology"
2017-04-22 00:29:06 +02:00
cubefoo 553d04cf43 update nginx ssl config (#120)
To further increase security add a strong Diffie-Hellman group, which is standard practice when setting up ssl certs. Anyone who can setup letsencrypt can also setup a DH group.
2017-04-22 00:28:43 +02:00
Nate Berkopec 7bde3a602a Make tuning.md a little more accurate 2017-04-21 12:16:27 -06:00
James fa8d76c406 Add administration section on how to create users while registration is closed (#107) 2017-04-20 20:08:05 +02:00
Chris Castle 85ff981217 Fix bad quote char in IAM policy (#108) 2017-04-20 20:07:32 +02:00
Tachibana waita 509793419d add git fetch line to upgrade section (#110) 2017-04-20 20:06:21 +02:00
Eugen 38fcd2a5c9 Merge pull request #98 from ashfurrow/docker-update
Updates Docker Update Instructions for git
2017-04-20 14:46:56 +02:00
wxcafé 3c211890df Fixes update section 2017-04-20 02:17:52 +02:00
Simon ffe2935f5c Add cost estimate column (#91)
* Add cost estimate column

To give interested admin an idea of what expected costs might be.

* Add estimate for mastodon.technology 

based on blog post

* Fix missing header dashes
2017-04-20 01:09:09 +02:00
Sergiusz Bazański 95a6040458 Mention `yarn install` in production upgrade guide (#62) 2017-04-19 18:44:07 +02:00
Aaron Coburn 18e4c617a2 Update link (#93)
Fix typo
2017-04-19 18:36:28 +02:00
Ben Hamill 43692e45b0 Mention Yarn in Dev Docs (#100)
Adds a mention of `yarn install` in the development guide so people know
to, well, run it.
2017-04-19 18:28:13 +02:00
wxcafé a6f0fbc043 Might have not been a good idea 2017-04-19 18:21:28 +02:00
wxcafé 507de093a6 Adds disk usage and fixes info for my instance 2017-04-19 17:03:35 +02:00
Ash Furrow 24e97522a6
Updates update instructions. 2017-04-18 20:58:59 -04:00
Matt Jankowski 4b67a3574b Import from main repo README (#82)
* Add docker guide from main repo readme

* Add maintenance tasks doc to running section

* Clean up markdown in prod guide

* Move guidance to use tagged releases to docs

* Move local domain and host config to docs repo

* Title of page

* Update Production-guide.md
2017-04-18 16:32:47 +02:00
Ash Furrow d0f619f23a Added documentation. (#85) 2017-04-18 16:14:57 +02:00
Florent Viel 1a82d42d76 fix typo (#86) 2017-04-18 16:14:20 +02:00
wxcafé 1dee21633b Adds the mastodon-admin Mailing list 2017-04-17 17:49:49 +02:00
Boris Mann 1388d60f42 Updated Mailgun instructions (#76)
This is not quite step-by-step yet, but at least indicates that you need to do more than just adding the Mailgun add on.
2017-04-17 17:14:55 +02:00
Ashley 18b243df0d Make it clearer that installing 'vagrant-hostsupdater' is optional (#78) 2017-04-17 17:14:14 +02:00
Erwan Leboucher 0b5cb11d08 Use the united command for daily task (#81)
commit of mastodon here e17f9d5e1a
2017-04-17 17:13:15 +02:00
Valentin Lorentz 35abda9b20 Fix bandwidth units for oc.todon.fr (#80)
* Fix bandwidth units for oc.todon.fr

(+ round the values a bit)

* Fix units again

* Consistency
2017-04-17 17:12:50 +02:00
Lukas Burk 124a1c1646 Add users:clear rake task to admin guide (#73) 2017-04-17 02:07:34 +02:00
Dolf RATTMANN a893d018ba Prevent people from pulling master in production (#71) 2017-04-17 00:32:34 +02:00
Naouak 9c1972673a Customization with custom.scss documentation (#56)
* Customization with custom.scss documentation

* Update Customizing.md
2017-04-17 00:26:17 +02:00
wxcafé eb32fc9738 Specifies to run the latest tagged release 2017-04-16 16:14:31 +02:00
Wxcafé (Clément Hertling) 602ba587f9 Merge remote-tracking branch 'origin/master' 2017-04-16 12:03:45 +02:00
Valentin Lorentz 52708eb561 Resources needed: Add oc.todon.fr stats and more columns (#57)
* Resources needed: Add oc.todon.fr stats and more columns

* Resources needed: Add details on the server model
2017-04-16 11:57:39 +02:00
nightpool c631975d93 Fix typo
fix two small typos
2017-04-15 20:13:06 -04:00
Ash Furrow 4e1e8bf7aa Added recommendation against running free dynos in production. (#54) 2017-04-15 23:58:33 +02:00
wxcafé 77469f413d Create Ressources-needed.md 2017-04-15 21:30:01 +02:00
Edwin Torres e743a88870 Fixed grammatical error and incorrect icon filename (#45)
* Fixed grammatical error. 'Setup' should be 'set up' in two places

* Fixed incorrect filename for Follow icon
2017-04-15 01:10:09 +02:00
James Moore 3cfacecb6c moved things into alternatives.md 2017-04-14 15:53:38 -07:00
wxcafé 9ffcb6f10d Merge pull request #5 from feragon/openrc
Add init scripts
2017-04-14 10:23:48 +02:00
Florian Roméo 2652c9dd0a Move init scripts to Misc.md 2017-04-14 10:06:01 +02:00
wxcafé bdf7d53c9a Merge pull request #29 from jemus42/patch-1
Add info about already set HTTP headers
2017-04-14 02:07:34 +02:00
wxcafé 6e431d26de Removes duplicate HSTS directive 2017-04-14 02:03:03 +02:00
wxcafé 368d815e4d Removes the includeSubDomains directive from HSTS 2017-04-14 02:00:01 +02:00
wxcafé f2814435d5 Merge branch 'master' into patch-2 2017-04-14 01:56:54 +02:00