Izalia Mae
6c0b66c321
Merge branch 'main' of https://git.barkshark.xyz/mirror/mastodon
2023-09-19 14:32:31 -04:00
gunchleoc
cb9f96036c
Add suggestion for secure cyphers to nginx.conf ( #26349 )
2023-08-31 12:17:10 +02:00
Eashwar Ranganathan
11f5a8e54b
Make mastodon-streaming systemd unit templated ( #24751 )
...
Co-authored-by: Emelia Smith <ThisIsMissEm@users.noreply.github.com>
2023-08-07 15:41:34 +02:00
Izalia Mae
5508db58ea
Merge branch 'main' of https://git.barkshark.xyz/mirror/mastodon
2023-07-06 14:02:20 -04:00
Claire
fed9cbfd2b
Add hardened headers to user-uploaded files ( #25756 )
2023-07-06 14:31:37 +02:00
Emelia Smith
301e03eb8c
Remove clustering from streaming API ( #24655 )
2023-04-26 11:37:51 +02:00
Eugen Rochko
9bda933740
Change media upload limits and remove client-side resizing ( #23726 )
2023-03-25 10:00:03 +01:00
Izalia Mae
c4abdd7700
Merge branch 'main' of https://git.barkshark.xyz/mirror/mastodon
2022-11-17 06:50:58 -05:00
keiya
53817294fc
Fix nginx location matching ( #20198 )
2022-11-09 04:12:57 +01:00
Rob Petti
8c81db5a41
allow /api/v1/streaming to be used as per documentation ( #19896 )
2022-11-07 03:16:44 +01:00
Yurii Izorkin
a449ee8654
nginx: optimize locations ( #19438 )
...
* nginx: optimize locations
* nginx: don't use regex in locations
* nginx: optimize Cache-Control headaers
* nginx: use 404 error_page for missing static files
* nginx: sort locations
* nginx: add missing HSTS header
2022-10-29 15:06:23 +02:00
Shlee
c7bab3318e
Remove duplicate HSTS headers from nginx.conf ( #19018 )
...
* Update nginx.conf
* Update nginx.conf
* Update nginx.conf
2022-10-27 16:58:49 +02:00
Izalia Mae
6089b25c4e
Merge branch 'main' of https://git.barkshark.xyz/mirror/mastodon
2022-05-02 23:24:10 -04:00
LinAGKar
48caeb9d65
Also compress SVG and ICO images in nginx ( #17651 )
2022-02-26 17:27:11 +01:00
Izalia Mae
f48b81a8a0
merge upstream
2022-02-03 06:15:32 -05:00
Lerk
56c55ab9f6
Add ReadWritePaths directive to service files ( #17178 )
...
* Update mastodon-web.service
* Update mastodon-streaming.service
* Update mastodon-sidekiq.service
2021-12-22 04:34:12 +01:00
Yurii Izorkin
a9ff5c8309
templates/systemd/mastodon: update sandbox mode ( #16235 )
...
* templates/systemd/mastodon: add new sandboxing options
* templates/systemd/mastodon: add '@privileged' and remove duplicates SystemCallFilters
* templates/systemd/mastodon: add '@ipc' SystemCallFilter
* templates/systemd/mastodon: add '@memlock' SystemCallFilter
* templates/systemd/mastodon: allow '@resources' filter to mastodon-web service
2021-10-25 16:31:20 +02:00
Izalia Mae
9b8337b52e
Merge branch 'main' of https://git.barkshark.xyz/mirror/mastodon
2021-08-21 11:03:02 -04:00
Peter Dave Hello
a2afcac7d9
Make sure nginx always send HSTS header ( #16633 )
...
By default, it'll only send those headers when the response code is one of the following:
- 200, 201, 204, 206, 301, 302, 303, 304, 307 & 308
As all the traffics should be https, the http protocol only exists to do 301 redirect,
and always send the HSTS header is almost one of the best practices, we should set
nginx to do so.
Reference:
- https://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header
- https://ssl-config.mozilla.org/
2021-08-20 10:54:11 +01:00
Peter Dave Hello
e03dc3956f
Disable nginx ssl_session_tickets for better security ( #16632 )
...
It's default turned on, but it's better to turn it off for security reason.
Reference:
- https://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_tickets
- https://github.com/mozilla/server-side-tls/issues/135
2021-08-20 08:15:07 +01:00
Akihiko Odaki
8af7f3b063
Preload libjemalloc.so for long-running Ruby ( #16462 )
...
Always mark jemalloc needed if jemalloc is enabled by akihikodaki · Pull Request #4627 · ruby/ruby
https://github.com/ruby/ruby/pull/4627
> Symbols exported by jemalloc is referred by the shared library but not
> by the executables when building Ruby as a shared library with
> jemalloc. It causes shared libraries such as the GNU C++ library
> occasionally rely on the memory allocator provided by the standard C
> library. Worse, the resolved symbols can later be replaced with
> jemalloc, and jemalloc may see pointers from the standard C library,
> which results in various failures.
> e.g. https://github.com/tootsuite/mastodon/issues/15751
As a workaround, do not rely on jemalloc enablement of Ruby, and
preload libjemalloc.so instead.
2021-07-05 19:16:35 +02:00
Izalia Mae
0eeb0cc105
Merge branch 'main' of https://git.barkshark.xyz/mirror/mastodon
2021-06-08 13:45:34 -04:00
Yurii Izorkin
7da104eb11
templates/systemd/mastodon: optimize SystemCallFilters ( #16127 )
2021-04-27 20:34:53 +02:00
Yurii Izorkin
863ae47b51
templates/systemd/mastodon: update sandbox mode ( #16103 )
2021-04-24 13:41:03 +02:00
Izalia Mae
a22789ee00
Merge branch 'main' of https://git.barkshark.xyz/mirror/mastodon
2021-04-21 11:23:26 -04:00
Yurii Izorkin
297a3cf904
templates/systemd/mastodon: enable sandbox mode ( #15937 )
2021-03-24 10:46:13 +01:00
Cecylia Bocovich
38bc4b9562
Set X-Forwarded-Proto to request scheme ( #15310 ) ( #15498 )
...
This fixes a bug that prevents logins to mastodon onion services. The
nginx directive assumed all requests were made over https, causing a
domain mismatch for onion services that have https redirects disabled.
The fix more correctly sets X-Forwarded-Proto to the actual scheme used
in the request.
2021-01-05 22:25:07 +01:00
Izalia Mae
5c65814e2f
Merge branch 'master' of https://git.barkshark.xyz/mirror/mastodon
2020-03-31 17:42:56 -04:00
Shlee
514cd874a7
Update nginx.conf ( #13066 )
2020-03-08 16:04:25 +01:00
Izalia Mae
cc6f3ab16e
fix dev resetup script
2019-11-25 03:11:26 -05:00
Izalia Mae
0898f13f42
Update 'dist/caddy.conf'
2019-09-20 21:33:36 -04:00
Izalia Mae
d3b1e6358e
Merge remote-tracking branch 'upstream/master'
2019-09-12 15:03:01 -04:00
ichi_i
49f57b5534
Add TLS v1.3 support ( #11603 )
...
Maintain TLS v1.2 compatibility (might want to drop this later) and add support for TLS v1.3
2019-08-30 07:42:50 +02:00
Izalia Mae
51e822f49a
add dev update script
2019-07-26 17:53:22 -04:00
Izalia Mae
f0fea49cdc
a few more things I forgot
2019-07-10 03:44:16 -04:00
Izalia Mae
c80a2e07ea
restart fork
2019-07-10 03:26:51 -04:00
Eugen Rochko
b7379da6cc
Cache error 410 responses in recommended nginx configuration ( #10425 )
2019-03-30 03:14:31 +01:00
Nolan Lawson
658b4621a6
perf: run node directly when streaming ( #10032 )
2019-02-13 18:52:36 +01:00
Eugen Rochko
6465972caf
Add nginx and systemd templates ( #8770 )
...
So they can be copied during installation instead of looking
them up in the documentation
Make default sidekiq configuration use weighted queues
Remove deprecated docs directory
2018-09-24 16:46:05 +02:00