* Update to libraries page following full review
Signed-off-by: Andy Piper <andypiper@users.noreply.github.com>
* Two additional libraries from issues
Signed-off-by: Andy Piper <andypiper@users.noreply.github.com>
---------
Signed-off-by: Andy Piper <andypiper@users.noreply.github.com>
* clarify effects of suspending users and server
There's a lot of confusion about how suspending affects existing follow relationships and some moderators assume the follow relationships will be restored when a remote account (or entire server) is un-suspended within the 30-day time window
* Correction of docs about server suspension
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
---------
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
The v2 endpoint incorrectly said it returned a v1 instance (though it linked to the correct entity) and the v1 endpoint incorrectly linked to the v2 entity (the text correctly said v1)
The current rbenv is 3.0.6 - I received an error when following these steps which said the expected version is 3.0.6. After updating to 3.0.6, the installation was successful.
* Convert left over Markdown figures to Hugo
Also add captions for the respective figures: profile.jpg, bell.jpg, and lists.jpg
* Convert another left over Markdown figure to Hugo
Also add a caption for the figure: bot-flag.jpg
This documentation has I believe one very confusing point: It uses two times `YOUR_S3_HOSTNAME` in the nginx configuration example, however the second time it looks like you actually have to use `YOUR_BUCKET_NAME.YOUR_S3_HOSTNAME`.
## Explanation
Mastodon is using path-style requests to S3 which looks like this:
https://s3.region-code.amazonaws.com/bucket-name/key-name
Once you enable the new virtual host nginx file using the current indications, the path-style request which goes to amazon looks like this:
https://s3.region-code.amazonaws.com/key-name
In other words, the bucket name is not being sent S3 and the images break.
This is because the current instructions make it seem like the header Host name is not including the bucket
`proxy_set_header Host YOUR_S3_HOSTNAME;`
With the current path-style request integration, one must use the bucket name in the Host header for this to work, hence the proposed change to
`proxy_set_header Host YOUR_BUCKET_NAME.YOUR_S3_HOSTNAME;`
* Improve documentation for TRUSTED_PROXY_IP
The documentation previously only indicated that `localhost` was trusted, but it appears that all private networks are trusted by default. I believe this because:
- I'm running my web and streaming processes within Docker containers and running Nginx on the Docker host. I believe they communicate over a 172.16.0.0/12 network that Docker creates. I tried looking at logs a bit and it _seems_ like things are working correctly. But if anyone has suggestions on how to verify that my Mastodon processes are recording the correct client IP, please let me know! We could include that advice in this documentation.
- I looked at the source code a bit and it appears that both the streaming and web processes use localhost and the private network ranges. But this is really my first time looking at the Mastodon code and I don't even know Ruby, so please double check me!
- I believe the streaming processes uses Express JS. I believe it sets the trusted proxy IP [here](d11d15748c/streaming/index.js (L150)). Express documents the `loopback` and `uniquelocal` values [here](https://expressjs.com/en/guide/behind-proxies.html).
- I'm less certain about web. It looks like the env var is parsed [here](d11d15748c/config/environments/production.rb (L44-L45)). It looks like `trusted_proxies` will be unset if the env var is unset. And maybe that results in [this check](https://github.com/mastodon/mastodon/blob/main/config/initializers/trusted_proxies.rb) getting bypassed? But it looks like Action Dispatch does it's own check [here](https://api.rubyonrails.org/classes/ActionDispatch/RemoteIp.html)?
* Try to improve the phrasing
Specifically I tried to make it less likely that people would do the wrong thing if they're using Cloudflare or a similar proxy service. It does seem pretty wordy now. I'm open to suggestions.
Claire