diff --git a/.env.nanobox b/.env.nanobox index 7920c47b9..48204a6bf 100644 --- a/.env.nanobox +++ b/.env.nanobox @@ -35,6 +35,17 @@ PAPERCLIP_SECRET=$PAPERCLIP_SECRET SECRET_KEY_BASE=$SECRET_KEY_BASE OTP_SECRET=$OTP_SECRET +# VAPID keys (used for push notifications) +# You can generate the keys using the following command (first is the private key, second is the public one) +# You should only generate this once per instance. If you later decide to change it, all push subscription will +# be invalidated, requiring the users to access the website again to resubscribe. +# +# Generate with `rake mastodon:webpush:generate_vapid_key` task (`nanobox run bundle exec rake mastodon:webpush:generate_vapid_key`) +# +# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html +VAPID_PRIVATE_KEY=$VAPID_PRIVATE_KEY +VAPID_PUBLIC_KEY=$VAPID_PUBLIC_KEY + # Registrations # Single user mode will disable registrations and redirect frontpage to the first profile # SINGLE_USER_MODE=true @@ -62,7 +73,7 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io #SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt #SMTP_OPENSSL_VERIFY_MODE=peer #SMTP_ENABLE_STARTTLS_AUTO=true - +#SMTP_TLS=true # Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files. # PAPERCLIP_ROOT_PATH=/var/lib/mastodon/public-system @@ -91,6 +102,23 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io # S3_ENDPOINT= # S3_SIGNATURE_VERSION= +# Swift (optional) +# SWIFT_ENABLED=true +# SWIFT_USERNAME= +# For Keystone V3, the value for SWIFT_TENANT should be the project name +# SWIFT_TENANT= +# SWIFT_PASSWORD= +# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid +# issues with token rate-limiting during high load. +# SWIFT_AUTH_URL= +# SWIFT_CONTAINER= +# SWIFT_OBJECT_URL= +# SWIFT_REGION= +# Defaults to 'default' +# SWIFT_DOMAIN_NAME= +# Defaults to 60 seconds. Set to 0 to disable +# SWIFT_CACHE_TTL= + # Optional alias for S3 if you want to use Cloudfront or Cloudflare in front # S3_CLOUDFRONT_HOST= diff --git a/boxfile.yml b/boxfile.yml index 59a66d87b..6b904e07d 100644 --- a/boxfile.yml +++ b/boxfile.yml @@ -42,6 +42,7 @@ run.config: fs_watch: true + deploy.config: extra_steps: - NODE_ENV=production bundle exec rake assets:precompile @@ -60,6 +61,7 @@ deploy.config: web.web: - bundle exec rake db:migrate:setup + web.web: start: nginx: nginx -c /app/nanobox/nginx-web.conf @@ -78,6 +80,7 @@ web.web: data.storage: - public/system + web.stream: start: nginx: nginx -c /app/nanobox/nginx-stream.conf @@ -91,8 +94,13 @@ web.stream: writable_dirs: - tmp + worker.sidekiq: - start: bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push -L /app/log/sidekiq.log + start: + default: bundle exec sidekiq -c 5 -q default -L /app/log/sidekiq.log + mailers: bundle exec sidekiq -c 5 -q mailers -L /app/log/sidekiq.log + pull: bundle exec sidekiq -c 5 -q pull -L /app/log/sidekiq.log + push: bundle exec sidekiq -c 5 -q push -L /app/log/sidekiq.log writable_dirs: - tmp @@ -105,50 +113,78 @@ worker.sidekiq: data.storage: - public/system + +worker.cron_only: + start: sleep 365d + + writable_dirs: + - tmp + + log_watch: + rake: 'log/production.log' + + network_dirs: + data.storage: + - public/system + cron: - - id: generate_static_gifs - schedule: '*/15 * * * *' - command: 'bundle exec rake mastodon:maintenance:add_static_avatars' - - - id: update_counter_caches - schedule: '50 * * * *' - command: 'bundle exec rake mastodon:maintenance:update_counter_caches' - - # runs feeds:clear, media:clear, users:clear, and push:refresh - - id: do_daily_tasks - schedule: '00 00 * * *' - command: 'bundle exec rake mastodon:daily' - - - id: clear_silenced_media - schedule: '10 00 * * *' - command: 'bundle exec rake mastodon:media:remove_silenced' - - - id: clear_remote_media - schedule: '20 00 * * *' - command: 'bundle exec rake mastodon:media:remove_remote' - - - id: clear_unfollowed_subs - schedule: '30 00 * * *' - command: 'bundle exec rake mastodon:push:clear' - + # 20:00 (8 pm), server time: send out the daily digest emails to everyone + # who opted to receive one - id: send_digest_emails schedule: '00 20 * * *' command: 'bundle exec rake mastodon:emails:digest' + # 00:10 (ten past midnight), server time: remove local copies of remote + # users' media once they are older than a certain age (use NUM_DAYS evar to + # change this from the default of 7 days) + - id: clear_remote_media + schedule: '10 00 * * *' + command: 'bundle exec rake mastodon:media:remove_remote' + + # 00:20 (twenty past midnight), server time: remove subscriptions to remote + # users that nobody follows locally (anymore) + - id: clear_unfollowed_subs + schedule: '20 00 * * *' + command: 'bundle exec rake mastodon:push:clear' + + # 00:30 (half past midnight), server time: update local copies of remote + # users' avatars to match whatever they currently have set on their profile + - id: update_remote_avatars + schedule: '30 00 * * *' + command: 'bundle exec rake mastodon:media:redownload_avatars' + + ############################################################################ + # This task is one you might want to enable, or might not. It keeps disk + # usage low, but makes "shadow bans" (scenarios where the user is silenced, + # but not intended to be made aware that the silencing has occurred) much + # more difficult to put in place, as users would then notice their media is + # vanishing on a regular basis. Enable it if you aren't worried about users + # knowing they've been silenced (on the instance level), and want to save + # disk space. Leave it disabled otherwise. + ############################################################################ + # # 00:00 (midnight), server time: remove media posted by silenced users + # - id: clear_silenced_media + # schedule: '00 00 * * *' + # command: 'bundle exec rake mastodon:media:remove_silenced' + + ############################################################################ # The following two tasks can be uncommented to automatically open and close # registrations on a schedule. The format of 'schedule' is a standard cron # time expression: minute hour day month day-of-week; search for "cron # time expressions" for more info on how to set these up. The examples here # open registration only from 8 am to 4 pm, server time. - # + ############################################################################ + # # 08:00 (8 am), server time: open registrations so new users can join # - id: open_registrations # schedule: '00 08 * * *' # command: 'bundle exec rake mastodon:settings:open_registrations' # + # # 16:00 (4 pm), server time: close registrations so new users *can't* join # - id: close_registrations # schedule: '00 16 * * *' # command: 'bundle exec rake mastodon:settings:close_registrations' + data.db: image: nanobox/postgresql:9.5 @@ -170,6 +206,7 @@ data.db: curl -k -H "X-AUTH-TOKEN: ${WAREHOUSE_DATA_HOARDER_TOKEN}" https://${WAREHOUSE_DATA_HOARDER_HOST}:7410/blobs/${file} -X DELETE done + data.redis: image: nanobox/redis:3.0 @@ -189,6 +226,7 @@ data.redis: curl -k -H "X-AUTH-TOKEN: ${WAREHOUSE_DATA_HOARDER_TOKEN}" https://${WAREHOUSE_DATA_HOARDER_HOST}:7410/blobs/${file} -X DELETE done + data.storage: image: nanobox/unfs:0.9 diff --git a/nanobox/nginx-web.conf.erb b/nanobox/nginx-web.conf.erb index 24cd17cff..a839f3036 100644 --- a/nanobox/nginx-web.conf.erb +++ b/nanobox/nginx-web.conf.erb @@ -42,7 +42,12 @@ http { try_files $uri @rails; } - location ~ ^/(assets|system/media_attachments/files|system/accounts/avatars) { + location /sw.js { + add_header Cache-Control "public, max-age=0"; + try_files $uri @rails; + } + + location ~ ^/(emoji|packs|system/media_attachments/files|system/accounts/avatars) { add_header Cache-Control "public, max-age=31536000, immutable"; try_files $uri @rails; }