diff --git a/HowtoMastodon.md b/HowtoMastodon.md index c710a04a..c84d95d2 100644 --- a/HowtoMastodon.md +++ b/HowtoMastodon.md @@ -136,6 +136,7 @@ Compilation des assets : ~~~ $ bundle exec rails assets:precompile +$ chmod -R u=rwX,g=rwX,o=rX /home/mastodon/mastodon/public ~~~ @@ -144,6 +145,7 @@ $ bundle exec rails assets:precompile Unités systemd à mettre dans /etc/systemd/system mastodon-web.service + ~~~ [Unit] Description=mastodon-web @@ -164,6 +166,7 @@ WantedBy=multi-user.target ~~~ mastodon-sidekiq.service + ~~~ [Unit] Description=mastodon-sidekiq @@ -184,6 +187,7 @@ WantedBy=multi-user.target ~~~ mastodon-streaming.service + ~~~ [Unit] Description=mastodon-streaming @@ -220,7 +224,102 @@ RAILS_ENV=production On utilise Nginx : ~~~ -# apt install nginx +# apt install nginx-full +~~~ + +Exemple de vhost : + +~~~ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server { + listen 80; + listen [::]:80; + server_name example.com; + # Useful for Let's Encrypt + location /.well-known/acme-challenge/ { allow all; } + location / { return 301 https://$host$request_uri; } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name example.com; + + ssl_protocols TLSv1.2; + ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA; + ssl_prefer_server_ciphers on; + ssl_session_cache shared:SSL:10m; + + ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; + + keepalive_timeout 70; + sendfile on; + client_max_body_size 0; + + root /home/mastodon/mastodon/public; + + gzip on; + gzip_disable "msie6"; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 6; + gzip_buffers 16 8k; + gzip_http_version 1.1; + gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; + + add_header Strict-Transport-Security "max-age=31536000"; + + location / { + try_files $uri @proxy; + } + + location ~ ^/(packs|system/media_attachments/files|system/accounts/avatars) { + add_header Cache-Control "public, max-age=31536000, immutable"; + try_files $uri @proxy; + } + + location @proxy { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Proxy ""; + proxy_pass_header Server; + + proxy_pass http://127.0.0.1:3000; + proxy_buffering off; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + tcp_nodelay on; + } + + location /api/v1/streaming { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Proxy ""; + + proxy_pass http://127.0.0.1:4000; + proxy_buffering off; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + tcp_nodelay on; + } + + error_page 500 501 502 503 504 /500.html; +} ~~~ > **Note** : La partie SSL/TLS n'est pas évoquée. À vous de faire le nécessaire avec un certificat Let's Encrypt par exemple. N'oubliez donc pas de modifier les directives `ssl_` dans le vhost. @@ -229,4 +328,17 @@ On utilise Nginx : Le principe des mises à jour est basé sur un `git pull` et un `git checkout`. +~~~ +# sudo -iu mastodon +$ cd mastodon +$ git fetch +$ git checkout $(git tag | tail -n 1) +$ bundle exec rails db:migrate +$ yarn install --pure-lockfile +$ bundle exec rails assets:precompile +$ chmod -R u=rwX,g=rwX,o=rX /home/mastodon/mastodon/public +$ exit +# systemctl restart mastodon-*.service +~~~ + # Divers / FAQ \ No newline at end of file