From 330786ea2782b3ecf0c6442c077b4b5b02a9fd86 Mon Sep 17 00:00:00 2001 From: Luna Date: Fri, 18 Nov 2022 13:15:04 -0300 Subject: [PATCH] federate two pleroma instances instead --- Dockerfile.pleroma | 6 ++++ docker-compose.yaml | 77 ++++++++++++++++++++++++++++++++--------- files/nginx.conf | 84 ++++++++++++++++++++++++++++++--------------- files/pleroma.exs | 4 ++- mastodon_setup.sh | 2 ++ pleroma_setup.sh | 5 +++ 6 files changed, 133 insertions(+), 45 deletions(-) diff --git a/Dockerfile.pleroma b/Dockerfile.pleroma index 779e0b0..ca4cdc0 100644 --- a/Dockerfile.pleroma +++ b/Dockerfile.pleroma @@ -26,6 +26,12 @@ WORKDIR /pleroma RUN git clone -b develop https://git.pleroma.social/pleroma/pleroma.git /pleroma \ && git checkout ${PLEROMA_VER} +USER root +COPY ./minica.pem /usr/local/share/ca-certificates/minica.crt +RUN update-ca-certificates + +USER pleroma + RUN echo "import Mix.Config" > config/prod.secret.exs \ && mix local.hex --force \ && mix local.rebar --force \ diff --git a/docker-compose.yaml b/docker-compose.yaml index 790f461..349e9ef 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -17,10 +17,6 @@ services: pleroma_web: image: pleroma_selfbuilt - networks: - default: - aliases: - - pleroma.pubtester.local healthcheck: test: [ @@ -54,6 +50,52 @@ services: depends_on: - pleroma_db + pleroma2_db: + image: postgres:15 + healthcheck: + test: ['CMD', 'pg_isready', '-U', 'postgres'] + volumes: + - ./data/pleroma2/postgres14:/var/lib/postgresql/data + environment: + - 'POSTGRES_HOST_AUTH_METHOD=trust' + - 'POSTGRES_USER=pleroma' + - 'POSTGRES_PASSWORD=very_secure_pleroma_password' + - 'POSTGRES_DB=pleroma' + pleroma2_web: + image: pleroma_selfbuilt + healthcheck: + test: + [ + "CMD-SHELL", + "wget -q --spider --proxy=off localhost:4000 || exit 1", + ] + restart: always + ports: + - '127.0.0.1:20710:4000' + build: + context: . + # Feel free to remove or override this section + # See 'Build-time variables' in README.md + args: + - "UID=1000" + - "GID=1000" + - "PLEROMA_VER=v2.4.2" + volumes: + - ./data/pleroma2/uploads:/var/lib/pleroma/uploads + - ./data/pleroma2/static:/var/lib/pleroma/static + - ./files/pleroma.exs:/etc/pleroma/config.exs:ro + environment: + DOMAIN: pleroma2.pubtester.local + INSTANCE_NAME: Pleroma/pubtester2 + ADMIN_EMAIL: admin@example.com + NOTIFY_EMAIL: notify@example.com + DB_HOST: pleroma2_db + DB_USER: pleroma + DB_PASS: very_secure_pleroma_password + DB_NAME: pleroma + depends_on: + - pleroma2_db + # mastodon config mastodon_db: image: postgres:15 @@ -75,15 +117,10 @@ services: volumes: - ./data/mastodon/redis:/data mastodon_web: - image: tootsuite/mastodon:v4.0.2 + image: mastodon_selfbuilt restart: always env_file: .env.mastodon - command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" - networks: - default: - aliases: - - mastodon.pubtester.local - + command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000 -b 0.0.0.0" healthcheck: # prettier-ignore test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1'] @@ -95,7 +132,7 @@ services: volumes: - ./data/mastodon/public/system:/mastodon/public/system mastodon_streaming: - image: tootsuite/mastodon:v4.0.2 + image: mastodon_selfbuilt restart: always env_file: .env.mastodon command: node ./streaming @@ -108,7 +145,7 @@ services: - mastodon_db - mastodon_redis mastodon_sidekiq: - image: tootsuite/mastodon + image: mastodon_selfbuilt restart: always env_file: .env.mastodon command: bundle exec sidekiq @@ -123,11 +160,19 @@ services: # nginx reverse proxy configured for all instances nginx: image: nginx:1.23.1-alpine + networks: + default: + aliases: + - pleroma.pubtester.local + - pleroma2.pubtester.local volumes: - ./files/nginx.conf:/etc/nginx/nginx.conf:ro + - ./pubtester.local/cert.pem:/etc/nginx/cert.pem:ro + - ./pubtester.local/key.pem:/etc/nginx/key.pem:ro ports: - - '127.0.0.1:20000:80' + - '127.0.0.1:20000:443' depends_on: - - mastodon_web - - mastodon_streaming + #- mastodon_web + #- mastodon_streaming - pleroma_web + - pleroma2_web diff --git a/files/nginx.conf b/files/nginx.conf index 2b2d4d4..e935995 100644 --- a/files/nginx.conf +++ b/files/nginx.conf @@ -30,43 +30,46 @@ http { #gzip on; - server { - listen 80; - listen [::]:80; - root /mnt/none; - index index.html index.htm; + #server { + # listen 80; + # listen [::]:80; + # root /mnt/none; + # index index.html index.htm; - server_name mastodon.pubtester.local; + # server_name mastodon.pubtester.local; - absolute_redirect off; - server_name_in_redirect off; + # absolute_redirect off; + # server_name_in_redirect off; - error_page 404 /404.html; - error_page 410 /410.html; + # error_page 404 /404.html; + # error_page 410 /410.html; - location / { - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Proto https; + # location / { + # proxy_set_header Host $http_host; + # proxy_set_header X-Forwarded-Proto https; - proxy_pass http://mastodon_web:3000; - } + # proxy_pass http://mastodon_web:3000; + # } - location ^~ /api/v1/streaming { - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Proto https; + # location ^~ /api/v1/streaming { + # proxy_set_header Host $http_host; + # proxy_set_header X-Forwarded-Proto https; - proxy_pass http://mastodon_streaming:4000; + # proxy_pass http://mastodon_streaming:4000; + + # proxy_buffering off; + # proxy_redirect off; + # proxy_http_version 1.1; + # tcp_nodelay on; + # } + #} - proxy_buffering off; - proxy_redirect off; - proxy_http_version 1.1; - tcp_nodelay on; - } - } server { listen 80; listen [::]:80; + listen 443 ssl; + listen [::]:443 ssl; root /mnt/none; index index.html index.htm; @@ -74,9 +77,8 @@ http { absolute_redirect off; server_name_in_redirect off; - - error_page 404 /404.html; - error_page 410 /410.html; + ssl_certificate /etc/nginx/cert.pem; + ssl_certificate_key /etc/nginx/key.pem; location / { proxy_set_header Host $http_host; @@ -86,4 +88,30 @@ http { proxy_pass http://pleroma_web:4000; } } + + + server { + listen 80; + listen [::]:80; + listen 443 ssl; + listen [::]:443 ssl; + root /mnt/none; + index index.html index.htm; + + server_name pleroma2.pubtester.local; + + absolute_redirect off; + server_name_in_redirect off; + ssl_certificate /etc/nginx/cert.pem; + ssl_certificate_key /etc/nginx/key.pem; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_pass http://pleroma2_web:4000; + } + } + } diff --git a/files/pleroma.exs b/files/pleroma.exs index 487ef6b..943c557 100644 --- a/files/pleroma.exs +++ b/files/pleroma.exs @@ -1,7 +1,7 @@ import Config config :pleroma, Pleroma.Web.Endpoint, - url: [host: System.get_env("DOMAIN", "localhost"), scheme: "http", port: 80], + url: [host: System.get_env("DOMAIN", "localhost"), scheme: "https", port: 443], http: [ip: {0, 0, 0, 0}, port: 4000] config :pleroma, :instance, @@ -33,6 +33,8 @@ config :pleroma, :database, rum_enabled: false config :pleroma, :instance, static_dir: "/var/lib/pleroma/static" config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads" +config :tesla, adapter: {Tesla.Adapter.Hackney, [ssl_options: [cacertfile: "/etc/ssl/cert.pem"]]} + # We can't store the secrets in this file, since this is baked into the docker image if not File.exists?("/var/lib/pleroma/secret.exs") do secret = :crypto.strong_rand_bytes(64) |> Base.encode64() |> binary_part(0, 64) diff --git a/mastodon_setup.sh b/mastodon_setup.sh index f30d6e6..3b613eb 100755 --- a/mastodon_setup.sh +++ b/mastodon_setup.sh @@ -4,4 +4,6 @@ set -eux +docker buildx build -t mastodon_selfbuilt -f ./Dockerfile.mastodon . docker-compose run --rm mastodon_web rails db:migrate + diff --git a/pleroma_setup.sh b/pleroma_setup.sh index 6cf503d..870a43b 100755 --- a/pleroma_setup.sh +++ b/pleroma_setup.sh @@ -3,9 +3,14 @@ # setup pleroma db docker-compose up -d pleroma_db +docker-compose up -d pleroma2_db +sleep 10 docker-compose exec -i pleroma_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS citext;" docker-compose exec -i pleroma_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;" docker-compose exec -i pleroma_db psql -U pleroma -c 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp";' +docker-compose exec -i pleroma2_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS citext;" +docker-compose exec -i pleroma2_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;" +docker-compose exec -i pleroma2_db psql -U pleroma -c 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp";' docker-compose down docker buildx build -t pleroma_selfbuilt -f ./Dockerfile.pleroma .