diff --git a/Dockerfile.pleroma b/Dockerfile.pleroma index ca4cdc0..779e0b0 100644 --- a/Dockerfile.pleroma +++ b/Dockerfile.pleroma @@ -26,12 +26,6 @@ WORKDIR /pleroma RUN git clone -b develop https://git.pleroma.social/pleroma/pleroma.git /pleroma \ && git checkout ${PLEROMA_VER} -USER root -COPY ./minica.pem /usr/local/share/ca-certificates/minica.crt -RUN update-ca-certificates - -USER pleroma - RUN echo "import Mix.Config" > config/prod.secret.exs \ && mix local.hex --force \ && mix local.rebar --force \ diff --git a/docker-compose.yaml b/docker-compose.yaml index 349e9ef..f256422 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -3,6 +3,8 @@ services: pleroma_db: image: postgres:15 + networks: + - pleroma_internal_network healthcheck: test: ['CMD', 'pg_isready', '-U', 'postgres'] volumes: @@ -17,6 +19,9 @@ services: pleroma_web: image: pleroma_selfbuilt + networks: + - pleroma_internal_network + - pleroma_external_network healthcheck: test: [ @@ -50,56 +55,12 @@ services: depends_on: - pleroma_db - pleroma2_db: - image: postgres:15 - healthcheck: - test: ['CMD', 'pg_isready', '-U', 'postgres'] - volumes: - - ./data/pleroma2/postgres14:/var/lib/postgresql/data - environment: - - 'POSTGRES_HOST_AUTH_METHOD=trust' - - 'POSTGRES_USER=pleroma' - - 'POSTGRES_PASSWORD=very_secure_pleroma_password' - - 'POSTGRES_DB=pleroma' - pleroma2_web: - image: pleroma_selfbuilt - healthcheck: - test: - [ - "CMD-SHELL", - "wget -q --spider --proxy=off localhost:4000 || exit 1", - ] - restart: always - ports: - - '127.0.0.1:20710:4000' - build: - context: . - # Feel free to remove or override this section - # See 'Build-time variables' in README.md - args: - - "UID=1000" - - "GID=1000" - - "PLEROMA_VER=v2.4.2" - volumes: - - ./data/pleroma2/uploads:/var/lib/pleroma/uploads - - ./data/pleroma2/static:/var/lib/pleroma/static - - ./files/pleroma.exs:/etc/pleroma/config.exs:ro - environment: - DOMAIN: pleroma2.pubtester.local - INSTANCE_NAME: Pleroma/pubtester2 - ADMIN_EMAIL: admin@example.com - NOTIFY_EMAIL: notify@example.com - DB_HOST: pleroma2_db - DB_USER: pleroma - DB_PASS: very_secure_pleroma_password - DB_NAME: pleroma - depends_on: - - pleroma2_db - # mastodon config mastodon_db: image: postgres:15 shm_size: 256mb + networks: + - internal_network healthcheck: test: ['CMD', 'pg_isready', '-U', 'postgres'] volumes: @@ -112,15 +73,20 @@ services: mastodon_redis: restart: always image: redis:7-alpine + networks: + - internal_network healthcheck: test: ['CMD', 'redis-cli', 'ping'] volumes: - ./data/mastodon/redis:/data mastodon_web: - image: mastodon_selfbuilt + image: tootsuite/mastodon:v4.0.2 restart: always env_file: .env.mastodon - command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000 -b 0.0.0.0" + command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" + networks: + - external_network + - internal_network healthcheck: # prettier-ignore test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1'] @@ -132,10 +98,13 @@ services: volumes: - ./data/mastodon/public/system:/mastodon/public/system mastodon_streaming: - image: mastodon_selfbuilt + image: tootsuite/mastodon:v4.0.2 restart: always env_file: .env.mastodon command: node ./streaming + networks: + - external_network + - internal_network healthcheck: # prettier-ignore test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1'] @@ -145,13 +114,16 @@ services: - mastodon_db - mastodon_redis mastodon_sidekiq: - image: mastodon_selfbuilt + image: tootsuite/mastodon restart: always env_file: .env.mastodon command: bundle exec sidekiq depends_on: - mastodon_db - mastodon_redis + networks: + - external_network + - internal_network volumes: - ./data/mastodon/public/system:/mastodon/public/system healthcheck: @@ -161,18 +133,23 @@ services: nginx: image: nginx:1.23.1-alpine networks: - default: - aliases: - - pleroma.pubtester.local - - pleroma2.pubtester.local + - external_network + - internal_network + - pleroma_external_network + - pleroma_internal_network volumes: - ./files/nginx.conf:/etc/nginx/nginx.conf:ro - - ./pubtester.local/cert.pem:/etc/nginx/cert.pem:ro - - ./pubtester.local/key.pem:/etc/nginx/key.pem:ro ports: - - '127.0.0.1:20000:443' + - '127.0.0.1:20000:80' depends_on: - #- mastodon_web - #- mastodon_streaming + - mastodon_web + - mastodon_streaming - pleroma_web - - pleroma2_web + +networks: + external_network: + internal_network: + internal: true + pleroma_external_network: + pleroma_internal_network: + internal: true diff --git a/files/nginx.conf b/files/nginx.conf index e935995..2b2d4d4 100644 --- a/files/nginx.conf +++ b/files/nginx.conf @@ -30,46 +30,43 @@ http { #gzip on; - #server { - # listen 80; - # listen [::]:80; - # root /mnt/none; - # index index.html index.htm; + server { + listen 80; + listen [::]:80; + root /mnt/none; + index index.html index.htm; - # server_name mastodon.pubtester.local; + server_name mastodon.pubtester.local; - # absolute_redirect off; - # server_name_in_redirect off; + absolute_redirect off; + server_name_in_redirect off; - # error_page 404 /404.html; - # error_page 410 /410.html; + error_page 404 /404.html; + error_page 410 /410.html; - # location / { - # proxy_set_header Host $http_host; - # proxy_set_header X-Forwarded-Proto https; + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto https; - # proxy_pass http://mastodon_web:3000; - # } + proxy_pass http://mastodon_web:3000; + } - # location ^~ /api/v1/streaming { - # proxy_set_header Host $http_host; - # proxy_set_header X-Forwarded-Proto https; + location ^~ /api/v1/streaming { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto https; - # proxy_pass http://mastodon_streaming:4000; - - # proxy_buffering off; - # proxy_redirect off; - # proxy_http_version 1.1; - # tcp_nodelay on; - # } - #} + proxy_pass http://mastodon_streaming:4000; + proxy_buffering off; + proxy_redirect off; + proxy_http_version 1.1; + tcp_nodelay on; + } + } server { listen 80; listen [::]:80; - listen 443 ssl; - listen [::]:443 ssl; root /mnt/none; index index.html index.htm; @@ -77,8 +74,9 @@ http { absolute_redirect off; server_name_in_redirect off; - ssl_certificate /etc/nginx/cert.pem; - ssl_certificate_key /etc/nginx/key.pem; + + error_page 404 /404.html; + error_page 410 /410.html; location / { proxy_set_header Host $http_host; @@ -88,30 +86,4 @@ http { proxy_pass http://pleroma_web:4000; } } - - - server { - listen 80; - listen [::]:80; - listen 443 ssl; - listen [::]:443 ssl; - root /mnt/none; - index index.html index.htm; - - server_name pleroma2.pubtester.local; - - absolute_redirect off; - server_name_in_redirect off; - ssl_certificate /etc/nginx/cert.pem; - ssl_certificate_key /etc/nginx/key.pem; - - location / { - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - proxy_pass http://pleroma2_web:4000; - } - } - } diff --git a/files/pleroma.exs b/files/pleroma.exs index 943c557..487ef6b 100644 --- a/files/pleroma.exs +++ b/files/pleroma.exs @@ -1,7 +1,7 @@ import Config config :pleroma, Pleroma.Web.Endpoint, - url: [host: System.get_env("DOMAIN", "localhost"), scheme: "https", port: 443], + url: [host: System.get_env("DOMAIN", "localhost"), scheme: "http", port: 80], http: [ip: {0, 0, 0, 0}, port: 4000] config :pleroma, :instance, @@ -33,8 +33,6 @@ config :pleroma, :database, rum_enabled: false config :pleroma, :instance, static_dir: "/var/lib/pleroma/static" config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads" -config :tesla, adapter: {Tesla.Adapter.Hackney, [ssl_options: [cacertfile: "/etc/ssl/cert.pem"]]} - # We can't store the secrets in this file, since this is baked into the docker image if not File.exists?("/var/lib/pleroma/secret.exs") do secret = :crypto.strong_rand_bytes(64) |> Base.encode64() |> binary_part(0, 64) diff --git a/mastodon_setup.sh b/mastodon_setup.sh index 3b613eb..f30d6e6 100755 --- a/mastodon_setup.sh +++ b/mastodon_setup.sh @@ -4,6 +4,4 @@ set -eux -docker buildx build -t mastodon_selfbuilt -f ./Dockerfile.mastodon . docker-compose run --rm mastodon_web rails db:migrate - diff --git a/minica.pem b/minica.pem deleted file mode 100644 index fac3285..0000000 --- a/minica.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDSzCCAjOgAwIBAgIIL2v+ZtzVhRgwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgMmY2YmZlMCAXDTIyMTExODAxNDcxMFoYDzIxMjIx -MTE4MDE0NzEwWjAgMR4wHAYDVQQDExVtaW5pY2Egcm9vdCBjYSAyZjZiZmUwggEi -MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsOnHPWJUopkZ7s22wtcVH+eoC -XJEckoCCsgThSdcQMOiG4sM/1nEcnTbfh9/cUYG4/035pnrIhp0iw1PrEzny7pLG -qONXMZB0hO44BB3F10OK6si02vId7+wHI5/bLfmyIBtOIXtCRfc3/tWwi4CwkvRA -sAozz/drAClQlUksK9ZHsznZzJskSSG72V5CVNoE8bqS8DvsBglHp62XSBwRPytg -RwggH/hT5sxOQhjDOjEMEuOYqgipLCVJvKmNjiS/t6JM6bxgqfKg2xxWyR/E5CxN -CIw4rp48DxY3YVHwDNvzD25b76uo4shtxCA08C2lSNTxb+dIhYFwNtak+E3fAgMB -AAGjgYYwgYMwDgYDVR0PAQH/BAQDAgKEMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggr -BgEFBQcDAjASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBQ2y5zeB44/l7zu -osGq/xzWcnHuhzAfBgNVHSMEGDAWgBQ2y5zeB44/l7zuosGq/xzWcnHuhzANBgkq -hkiG9w0BAQsFAAOCAQEAN7PZoWJ3gU1r+5R3P03ebGMv5nsBqbeuJnJ7IYutMPOS -wZYWOltKsz2aTgTr7HcNYm+1bS47IBTVEVIbVDHtgOF9oUdskqQ7VFYZP+oes8eC -0IwbcLatl9yvs5qJJR8I7W343JWc5j2iJHjk7tMkwu+7oeAHM/ispIz7HusLA9Va -EtLOZANLTXf5J/ZH7hPWGHqNcONQkBt+H/O+4rLpuVl8XUMfii+Xtg6vG833vxrA -pbBHFDVyIMlTsbdJAn3VpnbdSTjJ29OxnUVimEvpnXTCPekU03VQRLeSxo5ATJk0 -xqxWv0bHQ61CBc8X6qTX9J5USgli2i/juXQz9rlVPA== ------END CERTIFICATE----- diff --git a/pleroma_setup.sh b/pleroma_setup.sh index 870a43b..6cf503d 100755 --- a/pleroma_setup.sh +++ b/pleroma_setup.sh @@ -3,14 +3,9 @@ # setup pleroma db docker-compose up -d pleroma_db -docker-compose up -d pleroma2_db -sleep 10 docker-compose exec -i pleroma_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS citext;" docker-compose exec -i pleroma_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;" docker-compose exec -i pleroma_db psql -U pleroma -c 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp";' -docker-compose exec -i pleroma2_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS citext;" -docker-compose exec -i pleroma2_db psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS pg_trgm;" -docker-compose exec -i pleroma2_db psql -U pleroma -c 'CREATE EXTENSION IF NOT EXISTS "uuid-ossp";' docker-compose down docker buildx build -t pleroma_selfbuilt -f ./Dockerfile.pleroma . diff --git a/pubtester.local/cert.pem b/pubtester.local/cert.pem deleted file mode 100644 index a61f35b..0000000 --- a/pubtester.local/cert.pem +++ /dev/null @@ -1,20 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDTTCCAjWgAwIBAgIIUk6jHQE1FngwDQYJKoZIhvcNAQELBQAwIDEeMBwGA1UE -AxMVbWluaWNhIHJvb3QgY2EgMmY2YmZlMB4XDTIyMTExODAxNDcxMFoXDTI0MTIx -ODAxNDcxMFowGjEYMBYGA1UEAxMPcHVidGVzdGVyLmxvY2FsMIIBIjANBgkqhkiG -9w0BAQEFAAOCAQ8AMIIBCgKCAQEAomuWEMqE1Z7Up2zsLfWPBA1kSJcpMSCFw+PH -v6XBrcs1vpnCaLfruGzjS8eN7wJCGkHKhE6RuZQl29VnNREezMUzwS6EazTG46Av -cJsGi0jjhp7rJfEXzoRdQr7tn9eE2vF4WxboOnzuCSe9j25eMPxJYDYWEs6JhToD -sqMYYfADeUN5be77UGY2JSggv40XeIW+JGVY1sN0Aiy209caN69pekJL7kF4YUvg -yWqOxNeGKIPUIiXRFWdlApVFZlr1b7yMJiWNkkBwlG6Eixr0yuJN8y1SmvUjtIWs -TRWthwYMQ/ixyTtW6t+g0bFWLYyBsO1gNKW1ru9T1+E2JnEWMQIDAQABo4GQMIGN -MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw -DAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBQ2y5zeB44/l7zuosGq/xzWcnHuhzAt -BgNVHREEJjAkgg9wdWJ0ZXN0ZXIubG9jYWyCESoucHVidGVzdGVyLmxvY2FsMA0G -CSqGSIb3DQEBCwUAA4IBAQAE/FFsMgSn79dx6QbT59fmuAZctyVQ5LzIVoRCXmtJ -wcVanjZXJSDRn1R1wIV+hxpD3yCbPQP3zdo9Lhs1HWau9dyFDPXXN6K0I7aDZarY -hcJCiyMq1+VzXj9o7wFOgGareIuvdI5uEFgc/Bts8x04PZQ60/oYUwnmaTpm3S5b -Ri0GwzOiHU/LcwaNBJbKDPIhX0iydBAP5AylN3xsMeyPqmQ2up9qeWQwCoxMABA8 -QFzigsM/mN8MA7cXdsSuojP1NCGkXupEKHEW2ucPBPHm7+LP67OXxhAjART44SYi -9Q2H5w5xat64yAy2TfyI4tPDDDmydGJbPFyRbkx61YfA ------END CERTIFICATE----- diff --git a/pubtester.local/key.pem b/pubtester.local/key.pem deleted file mode 100644 index 1fd4f20..0000000 --- a/pubtester.local/key.pem +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEowIBAAKCAQEAomuWEMqE1Z7Up2zsLfWPBA1kSJcpMSCFw+PHv6XBrcs1vpnC -aLfruGzjS8eN7wJCGkHKhE6RuZQl29VnNREezMUzwS6EazTG46AvcJsGi0jjhp7r -JfEXzoRdQr7tn9eE2vF4WxboOnzuCSe9j25eMPxJYDYWEs6JhToDsqMYYfADeUN5 -be77UGY2JSggv40XeIW+JGVY1sN0Aiy209caN69pekJL7kF4YUvgyWqOxNeGKIPU -IiXRFWdlApVFZlr1b7yMJiWNkkBwlG6Eixr0yuJN8y1SmvUjtIWsTRWthwYMQ/ix -yTtW6t+g0bFWLYyBsO1gNKW1ru9T1+E2JnEWMQIDAQABAoIBAG43pfElDPlNvC8V -ajxR68grMkdUVL6ivENPOkiiOgku4fzCqLuZO5u+QIw3EekEVkktJjmce6U8lGhW -q5/GS2lX1SQd5fw+J01mcWrvuIQiZUwAYcAwmCArkIHvwJ78iIpu3Gar59Fw37NU -xX0kv0Rsn3prmZUPlSDUWpgJt00Vlp4bv5F78ONXaHAzr2Vas75ckE0toUWQYlPe -f1La/oBNEquj0HeWByNvsMbAzljaES+72POkE2EnemYaB+O+Jr4Hl+8mCdpCoV8N -VBEVv8jdgKlVq4lOUyudupU/xMDXOrM+LBQegbQgT290k3McHiIPmEzARp6c9Gkq -ir/9wtUCgYEAwgBRSOYW8hMg+7865U4fAoGDxbd+udCVVnMFQrcnKLs9fMRJUkV1 -3aOOh/I8wZSGGixPAkNBsaEA1xwSVSGjjDQ/fmOst4Hk1mSGDB2Z4t+d2WIqlHEw -/cSvWlc5H1iSqgrdikHL7P7xloBXT8kcyjy7b72TCg9ymxHSVAZmREMCgYEA1lOO -iFd4g42pRh7HMO0Un2XWd1pzyrmQ1LY0tBXnjwLort3lPfSgQV28rZaIRFidk9TZ -rSSE6GN6V14eg6ATENxP1pTLwXXbHLxzLej43vL9nvrVKM9u8M/ypsqIJpZo3SJ5 -GGw+rRmJdQv1meBX4N0a8NlLjsvLv/leva9I7nsCgYA8umK3giceofRKOeNS0nCM -lURNiRInUm7c/+ZeqvycGHi37K3TDiFGPyOn1KFGK5sK6GHXIHyZAQBFVek7MuuC -QPy7MLJpQ0UCA7eeZUm9pihAWyVfEEu4tG/7xKAB+vT2O657z/ro9ilj5kruk9Lq -T7aQ1PQJSyqh9iMz4Ej1BwKBgQDAXpkVKSWjNlhT9rYk5PbYpyhbUlWSBQLI2Y3u -gaaoRx0gL0xeUp4wbXk3eWBvr/YnxSln7dpZV0hs+K58yAW04XnLiRxlVWpInaDn -+S6/tewMcOk4Sw8xmAQczrZrpB8VNKbqU+XhqoUlCIn2BlX6H5rZyL+3uJX1hlcR -/C2C1wKBgHCAyRCL6hY8Sy+M51eiCD7siIY/qb3B/TB6P1kQLKhSFWOnsJeMgPhK -J1bPD+FpnI/xoky/62vAUKHekXhP6XTKSZBWf6bptyJj98bQ6H9VW/Qlx5jCybwX -4gOq8ElvTBSrMjYbfMx+uaGWki2csJ+Pbl7h+AkX0I4IINL6HsVJ ------END RSA PRIVATE KEY-----