From 5ea020513872b057c5c9efd6dea55e492e785632 Mon Sep 17 00:00:00 2001 From: Luna Date: Sun, 22 Jan 2023 18:47:09 -0300 Subject: [PATCH 1/3] add pubtester.example.net certs --- pubtester.example.net/cert.pem | 21 +++++++++++++++++++++ pubtester.example.net/key.pem | 27 +++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) create mode 100644 pubtester.example.net/cert.pem create mode 100644 pubtester.example.net/key.pem diff --git a/pubtester.example.net/cert.pem b/pubtester.example.net/cert.pem new file mode 100644 index 0000000..4b2e99d --- /dev/null +++ b/pubtester.example.net/cert.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDXzCCAkegAwIBAgIIBFIfZ3oH+twwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE +AxMVbWluaWNhIHJvb3QgY2EgMmY2YmZlMB4XDTIzMDEyMjIxMTEwMVoXDTI1MDIy +MTIxMTEwMVowIDEeMBwGA1UEAxMVcHVidGVzdGVyLmV4YW1wbGUubmV0MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwRVaBdqT1/VamwA7pAA37bOG9GAW +zPXtB6WFg7GdGIhzXuq/qdjoO0HLHNoHP3uqRGrJvA0nJdnTs1gaNBUiNP6303LG +OHlIaa5B7tByAW/xtji6DuEhVnibiK3jSP4b6m5A6FDgr8qbjJMzHkrHYa3cN4Im +m7fJmHFyKpa6L2CXp+I+DqJt8FJtKfr1sYXkMr9QJdT6IqJ2ZGpH8GFYMoa2m9yz +uvBb7+LOm4v2CLLxl8ZJpwB7M/n+Ahf53s0gu0jjhkhSLig2EUsl/XFa0yYu7h9z +ZNz4wb/Lrgq5Dcc6JkVMNBR9GBx9VaxITcbNcL9r0vF+s3GkRHDNjddvAwIDAQAB +o4GcMIGZMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB +BQUHAwIwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQ2y5zeB44/l7zuosGq/xzW +cnHuhzA5BgNVHREEMjAwghVwdWJ0ZXN0ZXIuZXhhbXBsZS5uZXSCFyoucHVidGVz +dGVyLmV4YW1wbGUubmV0MA0GCSqGSIb3DQEBCwUAA4IBAQCci4kcoW7o6lQxEGKD +qganrBdTEVjH95x/EOBhRwscXcPrxocTkUgPSrN1vOvZU144UmcDBIPZtsyyOkBt +cy7RQYTYb+/1c2Jn8o6j4Low+B0nnXQE2SUeY61Vw/PmcQ2cM13a7dujBK9XZ2CM +5ARFTgPtva34fJC9SZsBbBmCS39VcExysNxpjet9QWN6A+XK/TcaJAFWEiiVckXA +AbxKVCxY0DQ103BTz75RkyasE9ocY0hwEyHqhPbg1Z/tyquk6Iskk7YAh0Qk5dTl +xUL+o9lOeIUpSraWweyWH8+bjvSiNCYJ5KG3dV9zwEeKmi4sfi9+6EpQ47FoLx9v +tiGQ +-----END CERTIFICATE----- diff --git a/pubtester.example.net/key.pem b/pubtester.example.net/key.pem new file mode 100644 index 0000000..ca39359 --- /dev/null +++ b/pubtester.example.net/key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAwRVaBdqT1/VamwA7pAA37bOG9GAWzPXtB6WFg7GdGIhzXuq/ +qdjoO0HLHNoHP3uqRGrJvA0nJdnTs1gaNBUiNP6303LGOHlIaa5B7tByAW/xtji6 +DuEhVnibiK3jSP4b6m5A6FDgr8qbjJMzHkrHYa3cN4Imm7fJmHFyKpa6L2CXp+I+ +DqJt8FJtKfr1sYXkMr9QJdT6IqJ2ZGpH8GFYMoa2m9yzuvBb7+LOm4v2CLLxl8ZJ +pwB7M/n+Ahf53s0gu0jjhkhSLig2EUsl/XFa0yYu7h9zZNz4wb/Lrgq5Dcc6JkVM +NBR9GBx9VaxITcbNcL9r0vF+s3GkRHDNjddvAwIDAQABAoIBAD4ZdeioEiDFAq0T +eBsZDuPed6slNHAbMG7jJ3vhphr7189RRO+FmbtlP8Q5w1cBmROEHPnkaRDdbB8k +WNkjausMeWcCZQpIx6dlqkL6u5AGxwDKYdzjP2umQq/E7XLOd4AAkdOmH32qdjjS +JwC5IEMkPc2EiJJQm//xjLxx2dPed9gz9DMH7Ym7MW4LGNMYP3lCc6fpFKa/LQme +FX1+FBi07ZhP7yF93/QXK7s6/kxfvgI/VHWfOQQG6cAXr4MnzW/sC+F5PmFX6W19 +cdC2bklKbyYdXoRlTQUeA9dGehxUTFm0EDO+MTs0dNn28Ss1YXiuAJvf6iu8SvVq +11AUbZECgYEA7TlrmZsmHqqj8gaJekXZSWkGxsJJmWC0w5UVbhUAchROKOZ0bu1O +BrfMGy90EfLYjLAnK+Dw4E9kDqwiGit98ZUo5YgVZ5b8tnccVRY6VYO4jm/seyYt +qpz4S7WKzJrlbX66bAGyRHIGZdlHTewDf/CITFjANGLiiN9NDtp6tuUCgYEA0F2P +Pnd3vHBZ+9cK5E4+wUt1Ys+ObohQIIu3e3GrpX7DnUOP93G65cYN6OfSTcH6ClMj +7e8E3F2UI91Ke7WmSJWsnRQrGLYjFaEL6y8QXK/5oiNYcVAOC9MslhV5hLF5afYR +w2omgLoIZB44x4ognpUi0xWfYBVbW/zWcWV3B8cCgYAoAjAohucl8ueVkQ6spY0g ++WqgKPJawNmbxtAHcdlSZCROd5eZgcJQFb2BtD4iLM/i4m6o0tYtLpaUdumFemJS +VTLBi3L4tplGeM45d3c9JusActXyaxz2kmS5+BNBsLoS/nWYc6zKKGT11nBVLwHk +GQATyEAaVbcZGHgZkjVyFQKBgCs9PxyXbiGMrx+z4G7ATgWOwy1eJRCK+RXH6KuV +SylsxOs9ugJ/d2l3UCuk799zAZBi8HHPyBJy2OsYYPyLFZa6eLegF9Fo+p7ibLbB +bYPOgN9EtnXNRxztFbOPgUgoDCoRBl6nCJZuBI/CNcYyw9Ik4LUtJ4Wo6OyN63Jc +u/bBAoGAAZ2KYVM4gXUVibCKAzJ7teq4gEPoVbRHvTw25woyIuJtBjRgqv0rstX0 +pqKsoZcA6nZwLeSnNRpxj2kRt0TAcDIjV45f4iblveRPufuMYYMQveglDVGOf4yh +7W97mLdMvtz3UR1OUlywKOB/1KNU9BrtEkYceC1MYS/9BQVkDyo= +-----END RSA PRIVATE KEY----- From 66f16288fc9dea037bd8493f7bd5cff1cafe0c59 Mon Sep 17 00:00:00 2001 From: Luna Date: Sun, 22 Jan 2023 18:48:42 -0300 Subject: [PATCH 2/3] migrate from pubtester.local to pubtester.example.net close #1 --- README.md | 21 +++++++++++++++++++-- docker-compose.yaml | 26 +++++++++++++------------- files/nginx.conf | 6 +++--- 3 files changed, 35 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index ef200a6..c075d39 100644 --- a/README.md +++ b/README.md @@ -10,8 +10,8 @@ mastodon is TODO. add the following to your `/etc/hosts` ``` -127.0.0.1 pleroma.pubtester.local localhost -127.0.0.1 pleroma2.pubtester.local localhost +127.0.0.1 pleroma.pubtester.example.net localhost +127.0.0.1 pleroma2.pubtester.example.net localhost ``` run @@ -20,3 +20,20 @@ git clone ... && cd pubtester ./pleroma_setup.sh docker-compose up -d pleroma_web pleroma2_web nginx ``` + +then go to `https://pleroma.pubtester.example.net:20000/main/friends` +and also `https://pleroma2.pubtester.example.net:20000/main/friends` + +## emit new minica certs + +this is generally for myself: https://github.com/jsha/minica + +`minica -domains 'pubtester.example.net,*.pubtester.example.net'` + + +## wipe everything + +``` +sudo rm -rfv ./data +./pleroma_setup.sh +``` diff --git a/docker-compose.yaml b/docker-compose.yaml index 349e9ef..a140e26 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -6,14 +6,12 @@ services: healthcheck: test: ['CMD', 'pg_isready', '-U', 'postgres'] volumes: - - ./data/pleroma/postgres14:/var/lib/postgresql/data + - ./data/pleroma/postgres15:/var/lib/postgresql/data environment: - 'POSTGRES_HOST_AUTH_METHOD=trust' - 'POSTGRES_USER=pleroma' - 'POSTGRES_PASSWORD=very_secure_pleroma_password' - 'POSTGRES_DB=pleroma' - #pleroma: - # image: git.pleroma.social:5050/pleroma/pleroma:release-2-4-1 pleroma_web: image: pleroma_selfbuilt @@ -39,7 +37,7 @@ services: - ./data/pleroma/static:/var/lib/pleroma/static - ./files/pleroma.exs:/etc/pleroma/config.exs:ro environment: - DOMAIN: pleroma.pubtester.local + DOMAIN: pleroma.pubtester.example.net INSTANCE_NAME: Pleroma/pubtester ADMIN_EMAIL: admin@example.com NOTIFY_EMAIL: notify@example.com @@ -55,13 +53,14 @@ services: healthcheck: test: ['CMD', 'pg_isready', '-U', 'postgres'] volumes: - - ./data/pleroma2/postgres14:/var/lib/postgresql/data + - ./data/pleroma2/postgres15:/var/lib/postgresql/data environment: - 'POSTGRES_HOST_AUTH_METHOD=trust' - 'POSTGRES_USER=pleroma' - 'POSTGRES_PASSWORD=very_secure_pleroma_password' - 'POSTGRES_DB=pleroma' pleroma2_web: + # use pleroma_source_selfbuilt if patching pleroma image: pleroma_selfbuilt healthcheck: test: @@ -74,8 +73,6 @@ services: - '127.0.0.1:20710:4000' build: context: . - # Feel free to remove or override this section - # See 'Build-time variables' in README.md args: - "UID=1000" - "GID=1000" @@ -83,9 +80,12 @@ services: volumes: - ./data/pleroma2/uploads:/var/lib/pleroma/uploads - ./data/pleroma2/static:/var/lib/pleroma/static - - ./files/pleroma.exs:/etc/pleroma/config.exs:ro + - ./files/pleroma.exs:/pleroma/config/prod.secret.exs:ro + # dev patches + #- /home/luna/git/pleroma/lib/pleroma/formatter.ex:/pleroma/lib/pleroma/formatter.ex:ro + #- /home/luna/git/pleroma/deps/linkify/lib/linkify/parser.ex:/pleroma/deps/linkify/lib/linkify/parser.ex:ro environment: - DOMAIN: pleroma2.pubtester.local + DOMAIN: pleroma2.pubtester.example.net INSTANCE_NAME: Pleroma/pubtester2 ADMIN_EMAIL: admin@example.com NOTIFY_EMAIL: notify@example.com @@ -163,12 +163,12 @@ services: networks: default: aliases: - - pleroma.pubtester.local - - pleroma2.pubtester.local + - pleroma.pubtester.example.net + - pleroma2.pubtester.example.net volumes: - ./files/nginx.conf:/etc/nginx/nginx.conf:ro - - ./pubtester.local/cert.pem:/etc/nginx/cert.pem:ro - - ./pubtester.local/key.pem:/etc/nginx/key.pem:ro + - ./pubtester.example.net/cert.pem:/etc/nginx/cert.pem:ro + - ./pubtester.example.net/key.pem:/etc/nginx/key.pem:ro ports: - '127.0.0.1:20000:443' depends_on: diff --git a/files/nginx.conf b/files/nginx.conf index e935995..c5f80e7 100644 --- a/files/nginx.conf +++ b/files/nginx.conf @@ -36,7 +36,7 @@ http { # root /mnt/none; # index index.html index.htm; - # server_name mastodon.pubtester.local; + # server_name mastodon.pubtester.example.net; # absolute_redirect off; # server_name_in_redirect off; @@ -73,7 +73,7 @@ http { root /mnt/none; index index.html index.htm; - server_name pleroma.pubtester.local; + server_name pleroma.pubtester.example.net; absolute_redirect off; server_name_in_redirect off; @@ -98,7 +98,7 @@ http { root /mnt/none; index index.html index.htm; - server_name pleroma2.pubtester.local; + server_name pleroma2.pubtester.example.net; absolute_redirect off; server_name_in_redirect off; From 8c9f4874122db68e64a3791d55b5b208f14ca3ca Mon Sep 17 00:00:00 2001 From: Luna Date: Sun, 22 Jan 2023 18:49:46 -0300 Subject: [PATCH 3/3] add pleroma_source_selfbuilt image for patching pleroma --- Dockerfile.pleroma-source | 46 ++++++++++++++++++++++++++++++ files/pleroma_source_entrypoint.sh | 14 +++++++++ pleroma_setup.sh | 4 ++- 3 files changed, 63 insertions(+), 1 deletion(-) create mode 100644 Dockerfile.pleroma-source create mode 100755 files/pleroma_source_entrypoint.sh diff --git a/Dockerfile.pleroma-source b/Dockerfile.pleroma-source new file mode 100644 index 0000000..0c8ce2c --- /dev/null +++ b/Dockerfile.pleroma-source @@ -0,0 +1,46 @@ +FROM elixir:1.11.4-alpine + +ARG PLEROMA_VER=develop +ARG UID=911 +ARG GID=911 +ENV MIX_ENV=prod + +RUN echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories \ + && apk update \ + && apk add git gcc g++ musl-dev make cmake file-dev \ + exiftool imagemagick libmagic ncurses postgresql-client ffmpeg + +RUN addgroup -g ${GID} pleroma \ + && adduser -h /pleroma -s /bin/false -D -G pleroma -u ${UID} pleroma + +ARG DATA=/var/lib/pleroma +RUN mkdir -p /etc/pleroma \ + && chown -R pleroma /etc/pleroma \ + && mkdir -p ${DATA}/uploads \ + && mkdir -p ${DATA}/static \ + && chown -R pleroma ${DATA} + +USER pleroma +WORKDIR /pleroma + +RUN git clone -b develop https://git.pleroma.social/pleroma/pleroma.git /pleroma \ + && git checkout ${PLEROMA_VER} + +USER root +COPY ./minica.pem /usr/local/share/ca-certificates/minica.crt +RUN update-ca-certificates + +USER pleroma + +RUN mix local.hex --force \ + && mix local.rebar --force \ + && mix deps.get --only prod \ + && mix deps.compile --only prod \ + && mix compile --only prod + +COPY ./files/pleroma.exs config/prod.secret.exs +COPY ./files/pleroma_source_entrypoint.sh docker-entrypoint.sh + +EXPOSE 4000 + +ENTRYPOINT ["/pleroma/docker-entrypoint.sh"] diff --git a/files/pleroma_source_entrypoint.sh b/files/pleroma_source_entrypoint.sh new file mode 100755 index 0000000..87aaeda --- /dev/null +++ b/files/pleroma_source_entrypoint.sh @@ -0,0 +1,14 @@ +#!/bin/ash + +set -eux + +echo "-- Waiting for database..." +while ! pg_isready -U ${DB_USER:-pleroma} -d postgres://${DB_HOST:-db}:${DB_PORT:-5432}/${DB_NAME:-pleroma} -t 1; do + sleep 1s +done + +echo "-- Running migrations..." +mix ecto.migrate + +echo "-- Starting!" +mix phx.server diff --git a/pleroma_setup.sh b/pleroma_setup.sh index 870a43b..0ec5b76 100755 --- a/pleroma_setup.sh +++ b/pleroma_setup.sh @@ -2,9 +2,10 @@ # # setup pleroma db +set -eux docker-compose up -d pleroma_db docker-compose up -d pleroma2_db -sleep 10 +sleep 10 # waiting for databases to warm up docker-compose exec -i pleroma_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS citext;" docker-compose exec -i pleroma_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;" docker-compose exec -i pleroma_db psql -U pleroma -c 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp";' @@ -14,3 +15,4 @@ docker-compose exec -i pleroma2_db psql -U pleroma -c 'CREATE EXTENSION IF NOT E docker-compose down docker buildx build -t pleroma_selfbuilt -f ./Dockerfile.pleroma . +docker buildx build -t pleroma_source_selfbuilt -f ./Dockerfile.pleroma-source .