Commit Graph

482 Commits

Author SHA1 Message Date
Noëlle Anthony befab7b7c3 Include explicit production environment (#172)
These tasks sometimes fail under non-Docker installations when the administrator tries to run them without explicitly requesting the production environment.
2017-05-01 16:32:47 +02:00
Gonzalo Alcalde dd196ab2ee Adding twidere to the apps (#177) 2017-05-01 16:32:06 +02:00
Eugen Rochko 1d2b6479fa Patrons list as processed on April 1st 2017 2017-04-30 20:58:02 +02:00
Bjarni Rúnar Einarsson 72ed10378f Avoid hard-coding ciphers into configuration (#171)
* Avoid hard-coding ciphers into configuration

This change allows OpenSSL to choose the most appropriate available cipher(s) from the HIGH cipher suite. This is sufficient to get an A on the SSLLabs.com tests suite. If MEDIUM is allowed as well, the grade drops to a B which is still more than adequate for most deployments.

This type of configuration would prevent problems such as the current inability of Tusky on Android 7 devices to connect to some Mastodon instances.

The main benefit though, is this delegates the decisions about which ciphers are "good" and which ciphers are "bad" to the experts; the distribution security teams and the OpenSSL developers. If a weakness is found in a particular cipher it will get moved from HIGH to one of the lower classes (or removed entirely) and this will get deployed just like any other security update. Similarly, if new stronger ciphers are standardized (such as Curve 25519) - these will immediately become available without needing to change the configuration.

Hope this helps!

Note: I have not been able to test this change with Mastodon myself. I am using these settings in production elsewhere though, and they work quite well. Alternately, if people don't want to trust the OpenSSL definitions, please consider taking a look at https://wiki.mozilla.org/Security/Server_Side_TLS and implementing the recommendations from there.

* Also avoid SHA1

As requested during review. :)

* Fix a typo in the ssl_ciphers line

I wrote !SHA1, should have written just !SHA. Very sorry about the noise.
2017-04-27 22:25:39 +02:00
Nolan Lawson 79f58d8b13 Fix typo in BgBouncer-guide.md (#168) 2017-04-27 22:24:59 +02:00
YOU 2ba068a7db Added iOS App for pawoo (#169) 2017-04-27 22:23:38 +02:00
wxcafé 938575a679 Revert "Avoid hard-coding ciphers into configuration (#122)" (#170)
This reverts commit fc79d23ad0.
2017-04-27 22:15:37 +02:00
Bjarni Rúnar Einarsson fc79d23ad0 Avoid hard-coding ciphers into configuration (#122)
* Avoid hard-coding ciphers into configuration

This change allows OpenSSL to choose the most appropriate available cipher(s) from the HIGH cipher suite. This is sufficient to get an A on the SSLLabs.com tests suite. If MEDIUM is allowed as well, the grade drops to a B which is still more than adequate for most deployments.

This type of configuration would prevent problems such as the current inability of Tusky on Android 7 devices to connect to some Mastodon instances.

The main benefit though, is this delegates the decisions about which ciphers are "good" and which ciphers are "bad" to the experts; the distribution security teams and the OpenSSL developers. If a weakness is found in a particular cipher it will get moved from HIGH to one of the lower classes (or removed entirely) and this will get deployed just like any other security update. Similarly, if new stronger ciphers are standardized (such as Curve 25519) - these will immediately become available without needing to change the configuration.

Hope this helps!

Note: I have not been able to test this change with Mastodon myself. I am using these settings in production elsewhere though, and they work quite well. Alternately, if people don't want to trust the OpenSSL definitions, please consider taking a look at https://wiki.mozilla.org/Security/Server_Side_TLS and implementing the recommendations from there.

* Also avoid SHA1

As requested during review. :)
2017-04-27 22:13:27 +02:00
Nolan Lawson 0282f3d7e4 Update Tuning.md to mention `STREAMING_CLUSTER_NUM` (#151)
* Update Tuning.md to mention `STREAMING_CLUSTER_NUM`

This is a new option as documented here: bb04a9be52/.env.production.sample (L90-L92)

* note number of cores - 1
2017-04-27 20:02:47 +02:00
Eugen Rochko 930175e7e9 Merge pull request #167 from nolanlawson/pgbouncer-guide
Add PgBouncer guide
2017-04-27 16:59:51 +02:00
Nolan Lawson 5f371e9264 Fix typo 2017-04-27 07:37:52 -07:00
Nolan Lawson dcc2945e59 Add a bit more about logging 2017-04-27 07:37:02 -07:00
Nolan Lawson cd3d3f9fa0 Add PgBouncer guide 2017-04-27 07:29:44 -07:00
Mingye Wang acb91537d8 Translating: add devise email templates, fix #123 (#159) 2017-04-27 12:32:59 +02:00
Mingye Wang 3ae4b71cd9 Translating: add devise/doorkeeper i18n sources (#126)
* Translating: add devise/doorkeeper i18n sources

The two links mentioned here are mostly official places for parking these libraries' translations. Pointing translators there should save them some time.

* fixup rephrase (squash this)
2017-04-27 11:51:53 +02:00
zorun 371864c39e Development: Fix bundle install instructions and expand on running rails (#133) 2017-04-27 11:15:53 +02:00
happycoloredbanana 00103cbf95 Mark all APIs that do not require authentication (#142) 2017-04-27 11:15:33 +02:00
Michael Deeb 115f73f005 Added quick documentation on forking/pulling/pushing/submiting a PR (#163) 2017-04-27 11:04:33 +02:00
mattn ebe8688720 add Mstdn CLI (#166) 2017-04-27 10:58:23 +02:00
wxcafé 64a1c834b2 Docker-guide consistency 2017-04-27 10:56:41 +02:00
Eugen Rochko ff345e578a Merge pull request #164 from ashfurrow/patch-4
Adds note about running off master.
2017-04-26 15:16:49 +02:00
Eugen Rochko fb85d00923 Merge pull request #161 from consomme/consomme-patch-1
Add Pawoo Android app to Apps.md
2017-04-26 15:16:33 +02:00
Ash Furrow f63a83bc7b Adds note about running off master. 2017-04-26 10:52:13 +02:00
consomme a0574410a8 Add Pawoo Android app to Apps.md 2017-04-26 15:30:11 +09:00
Eugen Rochko fc9f124290 Merge pull request #152 from upsided/master
FAQ: The Embiggening (with Dariusk's comments integrated)
2017-04-26 00:22:53 +02:00
upsided 2cde2b5739 FAQ: Gargron's fixes
Changed privacy table, “can I import my followers” question (it’s
“people I follow”), and removed the “still see posts from blocked
people” question, because it’s been fixed.
2017-04-25 13:43:05 -05:00
Eugen Rochko d2325ce119 Merge pull request #155 from decors/master
Add a Crystal library
2017-04-25 17:00:29 +02:00
Eugen Rochko 8048ec966e Merge branch 'master' into master 2017-04-25 17:00:23 +02:00
Eugen Rochko d9e67db907 Merge pull request #144 from yamachu/master
Add library C#
2017-04-25 16:14:42 +02:00
Eugen Rochko da3063fbbc Merge pull request #154 from expenses/patch-2
Gender-neutral pronoun for admins in FAQ
2017-04-25 16:13:30 +02:00
Decors 734885cb57 Add a Crystal library 2017-04-25 22:57:06 +09:00
Yusuke Yamada 4c66280f11 Merge branch 'master' into master 2017-04-25 15:15:02 +09:00
Ashley 41ecf7d4e0 Gender-neutral pronoun for admins 2017-04-25 16:46:37 +12:00
upsided 95ac2690c5 FAQ: clarity editing through dariusk's comments
Small edits incorporating comments from
[dariusk](https://github.com/dariusk)
2017-04-24 19:41:21 -05:00
Eugen fe8b87e978 Merge pull request #147 from syucream/hslib
Add a Haskell lib
2017-04-24 17:43:10 +02:00
Ryo Okubo 078d90f5ad Add a Haskell lib 2017-04-24 23:14:25 +09:00
Eugen c5b3c37fe2 Merge pull request #146 from 178inaba/yarn
Add yarn install option
2017-04-24 15:37:02 +02:00
178inaba fbb0f346c3 Add yarn install option 2017-04-24 22:21:23 +09:00
Eugen a5ad705879 Merge pull request #145 from blind-coder/master
Update Apps.md
2017-04-24 15:06:01 +02:00
Benjamin Schieder 2014a0a7de Update Apps.md
add RSSTootalizer, a service to toot RSS feeds
2017-04-24 10:30:23 +02:00
Eugen 04c49f4b50 Merge pull request #141 from cquest/patch-1
munin graph for your mastodon instance
2017-04-24 03:00:08 +02:00
Yusuke Yamada ddabbcc914 Add library C#
I made library
2017-04-24 09:24:34 +09:00
upsided d28ee6c902 FAQ: added QnA from @raccoon, contacts, & little editing
Integrated questions from @raccoon (https://mastodon.social/@Raccoon).
Made a cursory editing lookover. Added some incomplete credits/contacts
at the bottom.
2017-04-23 17:55:25 -05:00
upsided 68432b1e42 FAQ: more images, minor editing 2017-04-23 15:29:41 -05:00
upsided 00e37dddb1 FAQ: fix goofball hanging quote in HTML parts 2017-04-23 14:13:31 -05:00
upsided 4a1067c993 GitHub compatible HTML (hopefully) 2017-04-23 14:03:55 -05:00
upsided 403583cc86 add FAQ screenshots to repo, consistently sized
Add FAQ screenshots to screenshots/ directory. Also, consistently size
each screenshot to 200px height in FAQ.md if still readable. Small text
changes.
2017-04-23 12:45:08 -05:00
Christian Quest 8fca29162d munin graph for your mastodon instance 2017-04-23 18:51:37 +02:00
Eugen 491e46a11a Merge pull request #132 from agates/patch-1
Update List-of-Mastodon-instances.md
2017-04-23 06:00:32 +02:00
Eugen 645fd80eff Merge pull request #134 from zorun/letsencrypt
Production guide: add support for let's encrypt in the nginx config
2017-04-23 06:00:14 +02:00