Add (commented) volume in docker-compose && Mitigating the HTTPoxy Vulnerability (#1253)
* enable commented volume in docker-compose.yml * Disable unworking Nginx root directory && Mitigating the HTTPoxy Vulnerability * add my instance to the list * enable GZIP on nginx.conf * readd root /home/mastodon/live/public;
This commit is contained in:
parent
c35bda0551
commit
b723ee73fc
3 changed files with 24 additions and 3 deletions
|
@ -1,11 +1,20 @@
|
||||||
version: '2'
|
version: '2'
|
||||||
services:
|
services:
|
||||||
|
|
||||||
db:
|
db:
|
||||||
restart: always
|
restart: always
|
||||||
image: postgres:alpine
|
image: postgres:alpine
|
||||||
|
### Uncomment to enable DB persistance
|
||||||
|
# volumes:
|
||||||
|
# - ./postgres:/var/lib/postgresql/data
|
||||||
|
|
||||||
redis:
|
redis:
|
||||||
restart: always
|
restart: always
|
||||||
image: redis:alpine
|
image: redis:alpine
|
||||||
|
### Uncomment to enable REDIS persistance
|
||||||
|
# volumes:
|
||||||
|
# - ./redis:/data
|
||||||
|
|
||||||
web:
|
web:
|
||||||
restart: always
|
restart: always
|
||||||
build: .
|
build: .
|
||||||
|
@ -19,6 +28,7 @@ services:
|
||||||
volumes:
|
volumes:
|
||||||
- ./public/assets:/mastodon/public/assets
|
- ./public/assets:/mastodon/public/assets
|
||||||
- ./public/system:/mastodon/public/system
|
- ./public/system:/mastodon/public/system
|
||||||
|
|
||||||
streaming:
|
streaming:
|
||||||
restart: always
|
restart: always
|
||||||
build: .
|
build: .
|
||||||
|
@ -29,6 +39,7 @@ services:
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
- redis
|
- redis
|
||||||
|
|
||||||
sidekiq:
|
sidekiq:
|
||||||
restart: always
|
restart: always
|
||||||
build: .
|
build: .
|
||||||
|
|
|
@ -34,10 +34,19 @@ server {
|
||||||
keepalive_timeout 70;
|
keepalive_timeout 70;
|
||||||
sendfile on;
|
sendfile on;
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
gzip off;
|
|
||||||
|
|
||||||
root /home/mastodon/live/public;
|
root /home/mastodon/live/public;
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_disable "msie6";
|
||||||
|
gzip_vary on;
|
||||||
|
gzip_proxied any;
|
||||||
|
gzip_comp_level 6;
|
||||||
|
gzip_buffers 16 8k;
|
||||||
|
gzip_http_version 1.1;
|
||||||
|
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
|
||||||
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
|
@ -49,7 +58,7 @@ server {
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
proxy_pass_header Server;
|
proxy_pass_header Server;
|
||||||
|
|
||||||
proxy_pass http://localhost:3000;
|
proxy_pass http://localhost:3000;
|
||||||
|
@ -67,6 +76,7 @@ server {
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_set_header Proxy "";
|
||||||
|
|
||||||
proxy_pass http://localhost:4000;
|
proxy_pass http://localhost:4000;
|
||||||
proxy_buffering off;
|
proxy_buffering off;
|
||||||
|
|
|
@ -76,7 +76,7 @@ There is also a list at [instances.mastodon.xyz](https://instances.mastodon.xyz)
|
||||||
| [mastodon.fun](https://mastodon.fun/)|Mastodon for everyone ! |Yes|Yes|
|
| [mastodon.fun](https://mastodon.fun/)|Mastodon for everyone ! |Yes|Yes|
|
||||||
| [oulipo.social](https://oulipo.social/)|An Oulipo Mastodon in which that fifth symbol in Latin script is taboo|Yes|No|
|
| [oulipo.social](https://oulipo.social/)|An Oulipo Mastodon in which that fifth symbol in Latin script is taboo|Yes|No|
|
||||||
| [indigo.zone](https://indigo.zone)|Open Registrations, General Purpose|Yes|No|
|
| [indigo.zone](https://indigo.zone)|Open Registrations, General Purpose|Yes|No|
|
||||||
|
| [mastodon.cloud](https://mastodon.cloud)|An open Mastodon instance with people from all around the world|Yes|Yes|
|
||||||
| [mst3k.interlinked.me](https://mst3k.interlinked.me)|Open registrations, general purpose|Yes|Yes|
|
| [mst3k.interlinked.me](https://mst3k.interlinked.me)|Open registrations, general purpose|Yes|Yes|
|
||||||
|
|
||||||
|
|
||||||
We are no longer maintaining this list as instances are popping up too quickly for using GitHub to be a tenable system for tracking them. Please standby while we work on another solution
|
We are no longer maintaining this list as instances are popping up too quickly for using GitHub to be a tenable system for tracking them. Please standby while we work on another solution
|
||||||
|
|
Loading…
Reference in a new issue