commit: b723ee73fc7d74fd5908eb09a8f6b98e73597c2b
parent: c35bda05511dd9a1397113852ae93b5ed7942635
Author: Valentin Ouvrard <valentin210594@gmail.com>
Date: Wed, 12 Apr 2017 01:04:56 +1100
Add (commented) volume in docker-compose && Mitigating the HTTPoxy Vulnerability (#1253)
* enable commented volume in docker-compose.yml
* Disable unworking Nginx root directory && Mitigating the HTTPoxy Vulnerability
* add my instance to the list
* enable GZIP on nginx.conf
* readd root /home/mastodon/live/public;
Diffstat:
3 files changed, 24 insertions(+), 3 deletions(-)
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,11 +1,20 @@
version: '2'
services:
+
db:
restart: always
image: postgres:alpine
+### Uncomment to enable DB persistance
+# volumes:
+# - ./postgres:/var/lib/postgresql/data
+
redis:
restart: always
image: redis:alpine
+### Uncomment to enable REDIS persistance
+# volumes:
+# - ./redis:/data
+
web:
restart: always
build: .
@@ -19,6 +28,7 @@ services:
volumes:
- ./public/assets:/mastodon/public/assets
- ./public/system:/mastodon/public/system
+
streaming:
restart: always
build: .
@@ -29,6 +39,7 @@ services:
depends_on:
- db
- redis
+
sidekiq:
restart: always
build: .
diff --git a/docs/Running-Mastodon/Production-guide.md b/docs/Running-Mastodon/Production-guide.md
@@ -34,10 +34,19 @@ server {
keepalive_timeout 70;
sendfile on;
client_max_body_size 0;
- gzip off;
root /home/mastodon/live/public;
+ gzip on;
+ gzip_disable "msie6";
+ gzip_vary on;
+ gzip_proxied any;
+ gzip_comp_level 6;
+ gzip_buffers 16 8k;
+ gzip_http_version 1.1;
+ gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / {
@@ -49,7 +58,7 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
-
+ proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://localhost:3000;
@@ -67,6 +76,7 @@ server {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
+ proxy_set_header Proxy "";
proxy_pass http://localhost:4000;
proxy_buffering off;
diff --git a/docs/Using-Mastodon/List-of-Mastodon-instances.md b/docs/Using-Mastodon/List-of-Mastodon-instances.md
@@ -76,7 +76,7 @@ There is also a list at [instances.mastodon.xyz](https://instances.mastodon.xyz)
| [mastodon.fun](https://mastodon.fun/)|Mastodon for everyone ! |Yes|Yes|
| [oulipo.social](https://oulipo.social/)|An Oulipo Mastodon in which that fifth symbol in Latin script is taboo|Yes|No|
| [indigo.zone](https://indigo.zone)|Open Registrations, General Purpose|Yes|No|
+| [mastodon.cloud](https://mastodon.cloud)|An open Mastodon instance with people from all around the world|Yes|Yes|
| [mst3k.interlinked.me](https://mst3k.interlinked.me)|Open registrations, general purpose|Yes|Yes|
-
We are no longer maintaining this list as instances are popping up too quickly for using GitHub to be a tenable system for tracking them. Please standby while we work on another solution
