Add (commented) volume in docker-compose && Mitigating the HTTPoxy Vulnerability (#1253)

* enable commented volume in docker-compose.yml

* Disable unworking Nginx root directory && Mitigating the HTTPoxy Vulnerability

* add my instance to the list

* enable GZIP on nginx.conf

* readd root /home/mastodon/live/public;
This commit is contained in:
Valentin Ouvrard 2017-04-12 01:04:56 +11:00 committed by Eugen
parent c35bda0551
commit b723ee73fc
3 changed files with 24 additions and 3 deletions

View file

@ -1,11 +1,20 @@
version: '2' version: '2'
services: services:
db: db:
restart: always restart: always
image: postgres:alpine image: postgres:alpine
### Uncomment to enable DB persistance
# volumes:
# - ./postgres:/var/lib/postgresql/data
redis: redis:
restart: always restart: always
image: redis:alpine image: redis:alpine
### Uncomment to enable REDIS persistance
# volumes:
# - ./redis:/data
web: web:
restart: always restart: always
build: . build: .
@ -19,6 +28,7 @@ services:
volumes: volumes:
- ./public/assets:/mastodon/public/assets - ./public/assets:/mastodon/public/assets
- ./public/system:/mastodon/public/system - ./public/system:/mastodon/public/system
streaming: streaming:
restart: always restart: always
build: . build: .
@ -29,6 +39,7 @@ services:
depends_on: depends_on:
- db - db
- redis - redis
sidekiq: sidekiq:
restart: always restart: always
build: . build: .

View file

@ -34,10 +34,19 @@ server {
keepalive_timeout 70; keepalive_timeout 70;
sendfile on; sendfile on;
client_max_body_size 0; client_max_body_size 0;
gzip off;
root /home/mastodon/live/public; root /home/mastodon/live/public;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
location / { location / {
@ -49,7 +58,7 @@ server {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server; proxy_pass_header Server;
proxy_pass http://localhost:3000; proxy_pass http://localhost:3000;
@ -67,6 +76,7 @@ server {
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass http://localhost:4000; proxy_pass http://localhost:4000;
proxy_buffering off; proxy_buffering off;

View file

@ -76,7 +76,7 @@ There is also a list at [instances.mastodon.xyz](https://instances.mastodon.xyz)
| [mastodon.fun](https://mastodon.fun/)|Mastodon for everyone ! |Yes|Yes| | [mastodon.fun](https://mastodon.fun/)|Mastodon for everyone ! |Yes|Yes|
| [oulipo.social](https://oulipo.social/)|An Oulipo Mastodon in which that fifth symbol in Latin script is taboo|Yes|No| | [oulipo.social](https://oulipo.social/)|An Oulipo Mastodon in which that fifth symbol in Latin script is taboo|Yes|No|
| [indigo.zone](https://indigo.zone)|Open Registrations, General Purpose|Yes|No| | [indigo.zone](https://indigo.zone)|Open Registrations, General Purpose|Yes|No|
| [mastodon.cloud](https://mastodon.cloud)|An open Mastodon instance with people from all around the world|Yes|Yes|
| [mst3k.interlinked.me](https://mst3k.interlinked.me)|Open registrations, general purpose|Yes|Yes| | [mst3k.interlinked.me](https://mst3k.interlinked.me)|Open registrations, general purpose|Yes|Yes|
We are no longer maintaining this list as instances are popping up too quickly for using GitHub to be a tenable system for tracking them. Please standby while we work on another solution We are no longer maintaining this list as instances are popping up too quickly for using GitHub to be a tenable system for tracking them. Please standby while we work on another solution