From 3e4b01b47d4b84b8970048a5a80babdcc681d5c0 Mon Sep 17 00:00:00 2001 From: Daniel Hunsaker Date: Wed, 15 Nov 2017 08:26:53 -0700 Subject: [PATCH] [Nanobox] Apply Release Notes Changes (#5670) Apparently I missed some things in earlier commits/releases that needed to be applied to the Nanobox setup. All minor things, nothing that breaks anything, but still best to get them in place. - Move cron jobs to their own component, so the Sidekiq component can be scaled up to multiple instances without causing issues with running the same cron job multiple times at once. - Update cron jobs to the latest requirements, removing extraneous ones - Add new variables to `.env.nanobox` - Update Nginx to use correct cache header directives --- .env.nanobox | 30 ++++++++++++- boxfile.yml | 92 +++++++++++++++++++++++++++----------- nanobox/nginx-web.conf.erb | 7 ++- 3 files changed, 100 insertions(+), 29 deletions(-) diff --git a/.env.nanobox b/.env.nanobox index 7920c47b95d..48204a6bf43 100644 --- a/.env.nanobox +++ b/.env.nanobox @@ -35,6 +35,17 @@ PAPERCLIP_SECRET=$PAPERCLIP_SECRET SECRET_KEY_BASE=$SECRET_KEY_BASE OTP_SECRET=$OTP_SECRET +# VAPID keys (used for push notifications) +# You can generate the keys using the following command (first is the private key, second is the public one) +# You should only generate this once per instance. If you later decide to change it, all push subscription will +# be invalidated, requiring the users to access the website again to resubscribe. +# +# Generate with `rake mastodon:webpush:generate_vapid_key` task (`nanobox run bundle exec rake mastodon:webpush:generate_vapid_key`) +# +# For more information visit https://rossta.net/blog/using-the-web-push-api-with-vapid.html +VAPID_PRIVATE_KEY=$VAPID_PRIVATE_KEY +VAPID_PUBLIC_KEY=$VAPID_PUBLIC_KEY + # Registrations # Single user mode will disable registrations and redirect frontpage to the first profile # SINGLE_USER_MODE=true @@ -62,7 +73,7 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io #SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt #SMTP_OPENSSL_VERIFY_MODE=peer #SMTP_ENABLE_STARTTLS_AUTO=true - +#SMTP_TLS=true # Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files. # PAPERCLIP_ROOT_PATH=/var/lib/mastodon/public-system @@ -91,6 +102,23 @@ SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io # S3_ENDPOINT= # S3_SIGNATURE_VERSION= +# Swift (optional) +# SWIFT_ENABLED=true +# SWIFT_USERNAME= +# For Keystone V3, the value for SWIFT_TENANT should be the project name +# SWIFT_TENANT= +# SWIFT_PASSWORD= +# Keystone V2 and V3 URLs are supported. Use a V3 URL if possible to avoid +# issues with token rate-limiting during high load. +# SWIFT_AUTH_URL= +# SWIFT_CONTAINER= +# SWIFT_OBJECT_URL= +# SWIFT_REGION= +# Defaults to 'default' +# SWIFT_DOMAIN_NAME= +# Defaults to 60 seconds. Set to 0 to disable +# SWIFT_CACHE_TTL= + # Optional alias for S3 if you want to use Cloudfront or Cloudflare in front # S3_CLOUDFRONT_HOST= diff --git a/boxfile.yml b/boxfile.yml index 59a66d87bca..6b904e07d6b 100644 --- a/boxfile.yml +++ b/boxfile.yml @@ -42,6 +42,7 @@ run.config: fs_watch: true + deploy.config: extra_steps: - NODE_ENV=production bundle exec rake assets:precompile @@ -60,6 +61,7 @@ deploy.config: web.web: - bundle exec rake db:migrate:setup + web.web: start: nginx: nginx -c /app/nanobox/nginx-web.conf @@ -78,6 +80,7 @@ web.web: data.storage: - public/system + web.stream: start: nginx: nginx -c /app/nanobox/nginx-stream.conf @@ -91,8 +94,13 @@ web.stream: writable_dirs: - tmp + worker.sidekiq: - start: bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push -L /app/log/sidekiq.log + start: + default: bundle exec sidekiq -c 5 -q default -L /app/log/sidekiq.log + mailers: bundle exec sidekiq -c 5 -q mailers -L /app/log/sidekiq.log + pull: bundle exec sidekiq -c 5 -q pull -L /app/log/sidekiq.log + push: bundle exec sidekiq -c 5 -q push -L /app/log/sidekiq.log writable_dirs: - tmp @@ -105,50 +113,78 @@ worker.sidekiq: data.storage: - public/system + +worker.cron_only: + start: sleep 365d + + writable_dirs: + - tmp + + log_watch: + rake: 'log/production.log' + + network_dirs: + data.storage: + - public/system + cron: - - id: generate_static_gifs - schedule: '*/15 * * * *' - command: 'bundle exec rake mastodon:maintenance:add_static_avatars' - - - id: update_counter_caches - schedule: '50 * * * *' - command: 'bundle exec rake mastodon:maintenance:update_counter_caches' - - # runs feeds:clear, media:clear, users:clear, and push:refresh - - id: do_daily_tasks - schedule: '00 00 * * *' - command: 'bundle exec rake mastodon:daily' - - - id: clear_silenced_media - schedule: '10 00 * * *' - command: 'bundle exec rake mastodon:media:remove_silenced' - - - id: clear_remote_media - schedule: '20 00 * * *' - command: 'bundle exec rake mastodon:media:remove_remote' - - - id: clear_unfollowed_subs - schedule: '30 00 * * *' - command: 'bundle exec rake mastodon:push:clear' - + # 20:00 (8 pm), server time: send out the daily digest emails to everyone + # who opted to receive one - id: send_digest_emails schedule: '00 20 * * *' command: 'bundle exec rake mastodon:emails:digest' + # 00:10 (ten past midnight), server time: remove local copies of remote + # users' media once they are older than a certain age (use NUM_DAYS evar to + # change this from the default of 7 days) + - id: clear_remote_media + schedule: '10 00 * * *' + command: 'bundle exec rake mastodon:media:remove_remote' + + # 00:20 (twenty past midnight), server time: remove subscriptions to remote + # users that nobody follows locally (anymore) + - id: clear_unfollowed_subs + schedule: '20 00 * * *' + command: 'bundle exec rake mastodon:push:clear' + + # 00:30 (half past midnight), server time: update local copies of remote + # users' avatars to match whatever they currently have set on their profile + - id: update_remote_avatars + schedule: '30 00 * * *' + command: 'bundle exec rake mastodon:media:redownload_avatars' + + ############################################################################ + # This task is one you might want to enable, or might not. It keeps disk + # usage low, but makes "shadow bans" (scenarios where the user is silenced, + # but not intended to be made aware that the silencing has occurred) much + # more difficult to put in place, as users would then notice their media is + # vanishing on a regular basis. Enable it if you aren't worried about users + # knowing they've been silenced (on the instance level), and want to save + # disk space. Leave it disabled otherwise. + ############################################################################ + # # 00:00 (midnight), server time: remove media posted by silenced users + # - id: clear_silenced_media + # schedule: '00 00 * * *' + # command: 'bundle exec rake mastodon:media:remove_silenced' + + ############################################################################ # The following two tasks can be uncommented to automatically open and close # registrations on a schedule. The format of 'schedule' is a standard cron # time expression: minute hour day month day-of-week; search for "cron # time expressions" for more info on how to set these up. The examples here # open registration only from 8 am to 4 pm, server time. - # + ############################################################################ + # # 08:00 (8 am), server time: open registrations so new users can join # - id: open_registrations # schedule: '00 08 * * *' # command: 'bundle exec rake mastodon:settings:open_registrations' # + # # 16:00 (4 pm), server time: close registrations so new users *can't* join # - id: close_registrations # schedule: '00 16 * * *' # command: 'bundle exec rake mastodon:settings:close_registrations' + data.db: image: nanobox/postgresql:9.5 @@ -170,6 +206,7 @@ data.db: curl -k -H "X-AUTH-TOKEN: ${WAREHOUSE_DATA_HOARDER_TOKEN}" https://${WAREHOUSE_DATA_HOARDER_HOST}:7410/blobs/${file} -X DELETE done + data.redis: image: nanobox/redis:3.0 @@ -189,6 +226,7 @@ data.redis: curl -k -H "X-AUTH-TOKEN: ${WAREHOUSE_DATA_HOARDER_TOKEN}" https://${WAREHOUSE_DATA_HOARDER_HOST}:7410/blobs/${file} -X DELETE done + data.storage: image: nanobox/unfs:0.9 diff --git a/nanobox/nginx-web.conf.erb b/nanobox/nginx-web.conf.erb index 24cd17cffda..a839f3036b8 100644 --- a/nanobox/nginx-web.conf.erb +++ b/nanobox/nginx-web.conf.erb @@ -42,7 +42,12 @@ http { try_files $uri @rails; } - location ~ ^/(assets|system/media_attachments/files|system/accounts/avatars) { + location /sw.js { + add_header Cache-Control "public, max-age=0"; + try_files $uri @rails; + } + + location ~ ^/(emoji|packs|system/media_attachments/files|system/accounts/avatars) { add_header Cache-Control "public, max-age=31536000, immutable"; try_files $uri @rails; }