Browse Source

Resync Nanobox files with the 2.9.0 release (#11083)

Dan Hunsaker 1 month ago
parent
commit
54192a9b6f
4 changed files with 49 additions and 84 deletions
  1. 2
    72
      boxfile.yml
  2. 17
    3
      nanobox/nginx-local.conf
  3. 13
    4
      nanobox/nginx-stream.conf.erb
  4. 17
    5
      nanobox/nginx-web.conf.erb

+ 2
- 72
boxfile.yml View File

@@ -64,8 +64,9 @@ deploy.config:
64 64
       - |-
65 65
           if [[ "${ES_ENABLED}" != "false" ]]
66 66
           then
67
-            bundle exec rake chewy:deploy
67
+            bin/tootctl search deploy
68 68
           fi
69
+      - bin/tootctl cache clear
69 70
 
70 71
 
71 72
 web.web:
@@ -120,77 +121,6 @@ worker.sidekiq:
120 121
       - public/system
121 122
 
122 123
 
123
-worker.cron_only:
124
-  start: sleep 365d
125
-
126
-  writable_dirs:
127
-    - tmp
128
-
129
-  log_watch:
130
-    rake: 'log/production.log'
131
-
132
-  network_dirs:
133
-    data.storage:
134
-      - public/system
135
-
136
-  cron:
137
-    # 20:00 (8 pm), server time: send out the daily digest emails to everyone
138
-    # who opted to receive one
139
-    - id: send_digest_emails
140
-      schedule: '00 20 * * *'
141
-      command: 'bundle exec rake mastodon:emails:digest'
142
-
143
-    # 00:10 (ten past midnight), server time: remove local copies of remote
144
-    # users' media once they are older than a certain age (use NUM_DAYS evar to
145
-    # change this from the default of 7 days)
146
-    - id: clear_remote_media
147
-      schedule: '10 00 * * *'
148
-      command: 'bundle exec rake mastodon:media:remove_remote'
149
-
150
-    # 00:20 (twenty past midnight), server time: remove subscriptions to remote
151
-    # users that nobody follows locally (anymore)
152
-    - id: clear_unfollowed_subs
153
-      schedule: '20 00 * * *'
154
-      command: 'bundle exec rake mastodon:push:clear'
155
-
156
-    # 00:30 (half past midnight), server time: update local copies of remote
157
-    # users' avatars to match whatever they currently have set on their profile
158
-    - id: update_remote_avatars
159
-      schedule: '30 00 * * *'
160
-      command: 'bundle exec rake mastodon:media:redownload_avatars'
161
-
162
-    ############################################################################
163
-    # This task is one you might want to enable, or might not. It keeps disk
164
-    # usage low, but makes "shadow bans" (scenarios where the user is silenced,
165
-    # but not intended to be made aware that the silencing has occurred) much
166
-    # more difficult to put in place, as users would then notice their media is
167
-    # vanishing on a regular basis. Enable it if you aren't worried about users
168
-    # knowing they've been silenced (on the instance level), and want to save
169
-    # disk space. Leave it disabled otherwise.
170
-    ############################################################################
171
-    # # 00:00 (midnight), server time: remove media posted by silenced users
172
-    # - id: clear_silenced_media
173
-    #   schedule: '00 00 * * *'
174
-    #   command: 'bundle exec rake mastodon:media:remove_silenced'
175
-
176
-    ############################################################################
177
-    # The following two tasks can be uncommented to automatically open and close
178
-    # registrations on a schedule. The format of 'schedule' is a standard cron
179
-    # time expression: minute hour day month day-of-week; search for "cron
180
-    # time expressions" for more info on how to set these up. The examples here
181
-    # open registration only from 8 am to 4 pm, server time.
182
-    ############################################################################
183
-    # # 08:00 (8 am), server time: open registrations so new users can join
184
-    # - id: open_registrations
185
-    #   schedule: '00 08 * * *'
186
-    #   command: 'bundle exec rake mastodon:settings:open_registrations'
187
-    #
188
-    # # 16:00 (4 pm), server time: close registrations so new users *can't* join
189
-    # - id: close_registrations
190
-    #   schedule: '00 16 * * *'
191
-    #   command: 'bundle exec rake mastodon:settings:close_registrations'
192
-
193
-
194 124
 data.db:
195 125
   image: nanobox/postgresql:9.6
196 126
 

+ 17
- 3
nanobox/nginx-local.conf View File

@@ -10,10 +10,13 @@ http {
10 10
     sendfile on;
11 11
 
12 12
     gzip on;
13
-    gzip_http_version 1.0;
13
+    gzip_disable "MSIE [1-6]\.";
14
+    gzip_vary on;
14 15
     gzip_proxied any;
16
+    gzip_comp_level 6;
17
+    gzip_buffers 16 8k;
15 18
     gzip_min_length 500;
16
-    gzip_disable "MSIE [1-6]\.";
19
+    gzip_http_version 1.1;
17 20
     gzip_types text/plain text/xml text/javascript text/css text/comma-separated-values application/xml+rss application/xml application/x-javascript application/json application/javascript application/atom+xml;
18 21
 
19 22
     # Proxy upstream to the puma process
@@ -36,9 +39,12 @@ http {
36 39
         # Listen on port 8080
37 40
         listen 8080;
38 41
 
42
+        keepalive_timeout    70;
43
+        client_max_body_size 80M;
44
+
39 45
         root /app/public;
40 46
 
41
-        client_max_body_size 80M;
47
+        add_header Strict-Transport-Security "max-age=31536000";
42 48
 
43 49
         location / {
44 50
             try_files $uri @rails;
@@ -47,6 +53,10 @@ http {
47 53
         # Proxy connections to rails
48 54
         location @rails {
49 55
             proxy_set_header Host $host;
56
+            proxy_set_header X-Real-IP $remote_addr;
57
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
58
+            proxy_set_header X-Forwarded-Proto https;
59
+            proxy_set_header Proxy "";
50 60
             proxy_pass_header Server;
51 61
 
52 62
             proxy_pass http://rails;
@@ -62,6 +72,10 @@ http {
62 72
         # Proxy connections to node
63 73
         location /api/v1/streaming {
64 74
             proxy_set_header Host $host;
75
+            proxy_set_header X-Real-IP $remote_addr;
76
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
77
+            proxy_set_header X-Forwarded-Proto https;
78
+            proxy_set_header Proxy "";
65 79
 
66 80
             proxy_pass http://node;
67 81
             proxy_buffering off;

+ 13
- 4
nanobox/nginx-stream.conf.erb View File

@@ -10,10 +10,13 @@ http {
10 10
     sendfile on;
11 11
 
12 12
     gzip on;
13
-    gzip_http_version 1.1;
13
+    gzip_disable "MSIE [1-6]\.";
14
+    gzip_vary on;
14 15
     gzip_proxied any;
16
+    gzip_comp_level 6;
17
+    gzip_buffers 16 8k;
15 18
     gzip_min_length 500;
16
-    gzip_disable "MSIE [1-6]\.";
19
+    gzip_http_version 1.1;
17 20
     gzip_types text/plain text/xml text/javascript text/css text/comma-separated-values application/xml+rss application/xml application/x-javascript application/json application/javascript application/atom+xml;
18 21
 
19 22
     # Proxy upstream to the node process
@@ -31,11 +34,13 @@ http {
31 34
         # Listen on port 8080
32 35
         listen 8080;
33 36
 
34
-        add_header Strict-Transport-Security "max-age=31536000";
35
-        # add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://<%= ENV["LOCAL_DOMAIN"] %>; upgrade-insecure-requests";
37
+        keepalive_timeout    70;
38
+        client_max_body_size 80M;
36 39
 
37 40
         root /app/public;
38 41
 
42
+        add_header Strict-Transport-Security "max-age=31536000";
43
+
39 44
         location / {
40 45
             try_files $uri @node;
41 46
         }
@@ -43,6 +48,10 @@ http {
43 48
         # Proxy connections to node
44 49
         location @node {
45 50
             proxy_set_header Host $host;
51
+            proxy_set_header X-Real-IP $remote_addr;
52
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
53
+            proxy_set_header X-Forwarded-Proto https;
54
+            proxy_set_header Proxy "";
46 55
 
47 56
             proxy_pass http://node;
48 57
             proxy_buffering off;

+ 17
- 5
nanobox/nginx-web.conf.erb View File

@@ -10,10 +10,13 @@ http {
10 10
     sendfile on;
11 11
 
12 12
     gzip on;
13
-    gzip_http_version 1.0;
13
+    gzip_disable "MSIE [1-6]\.";
14
+    gzip_vary on;
14 15
     gzip_proxied any;
16
+    gzip_comp_level 6;
17
+    gzip_buffers 16 8k;
15 18
     gzip_min_length 500;
16
-    gzip_disable "MSIE [1-6]\.";
19
+    gzip_http_version 1.1;
17 20
     gzip_types text/plain text/xml text/javascript text/css text/comma-separated-values application/xml+rss application/xml application/x-javascript application/json application/javascript application/atom+xml;
18 21
 
19 22
     # Proxy upstream to the puma process
@@ -31,12 +34,12 @@ http {
31 34
         # Listen on port 8080
32 35
         listen 8080;
33 36
 
34
-        add_header Strict-Transport-Security "max-age=31536000";
35
-        # add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://<%= ENV["LOCAL_DOMAIN"] %>; upgrade-insecure-requests";
37
+        keepalive_timeout    70;
38
+        client_max_body_size 80M;
36 39
 
37 40
         root /app/public;
38 41
 
39
-        client_max_body_size 80M;
42
+        add_header Strict-Transport-Security "max-age=31536000";
40 43
 
41 44
         location / {
42 45
             try_files $uri @rails;
@@ -44,17 +47,23 @@ http {
44 47
 
45 48
         location /sw.js {
46 49
             add_header Cache-Control "public, max-age=0";
50
+            add_header Strict-Transport-Security "max-age=31536000";
47 51
             try_files $uri @rails;
48 52
         }
49 53
 
50 54
         location ~ ^/(emoji|packs|system/media_attachments/files|system/accounts/avatars) {
51 55
             add_header Cache-Control "public, max-age=31536000, immutable";
56
+            add_header Strict-Transport-Security "max-age=31536000";
52 57
             try_files $uri @rails;
53 58
         }
54 59
 
55 60
         # Proxy connections to rails
56 61
         location @rails {
57 62
             proxy_set_header Host $host;
63
+            proxy_set_header X-Real-IP $remote_addr;
64
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
65
+            proxy_set_header X-Forwarded-Proto https;
66
+            proxy_set_header Proxy "";
58 67
             proxy_pass_header Server;
59 68
 
60 69
             proxy_pass http://rails;
@@ -66,7 +75,10 @@ http {
66 75
 
67 76
             proxy_cache CACHE;
68 77
             proxy_cache_valid 200 7d;
78
+            proxy_cache_valid 410 24h;
69 79
             proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
80
+            add_header Strict-Transport-Security "max-age=31536000";
81
+            add_header X-Cached $upstream_cache_status;
70 82
 
71 83
             tcp_nodelay on;
72 84
         }

Loading…
Cancel
Save