Add Support for Nanobox (#1709)
* Nanobox Support
- Added support for running Mastodon using Nanobox, both for local development, and for deployment to production
- Dev mode tested and is working properly
- Deployment is undergoing test as of this writing. If it works, this line will be amended to state success; if not, one or more subsequent commits will provide fixes.
* [nanobox] Resolve Deploy Issues
Everything seems to work except routing to the streaming API. Will investigate with the Nanobox staff and make fix commits if needed.
Changes made:
- Also need `NODE_ENV` in production
- Node runs on `:4000`
- Use `envsubst` to commit `.env.production` values, since `dotEnv` packages don't always support referencing other variables
- Can't precompile assets after `transform` hook, but do this locally so it only has to be done once.
- Rails won't create `production.log` on its own, so we do this ourselves.
- Some `start` commands run from `/data/` for some reason, so use absolute paths in command arguments
* [nanobox] Update Ruby version
* [nanobox] Fix db.rake Ruby code style issues
* [nanobox] Minor Fixes
Some minor adjustments to improve functionality:
- Fixed routing to `web.stream` instances
- Adjust `.env.nanobox` to properly generate a default `SMTP_FROM_ADDRESS` via `envsubst`
- Update Nginx configs to properly support the needed HTTP version and headers for proper functionality (the streaming API doesn't work without some of these settings in place)
* [nanobox] Move usage info to docs repo
* [nanobox] Updates for 1.2.x
- Need to leave out `pkg-config` since Nanobox deploys without Ruby's headers - create a gem group to exclude the gem during Nanobox installs, but allow it to remain part of the default set otherwise
- Update cron jobs to cover new/updated Rake tasks
- Update `.env.nanobox` to include latest defaults and additions
* [nanobox] Fix for nokogumbo, added in 1.3.x
Apparently, nokogumbo (pulled in by sanitize, added with `OEmbed Support for PreviewCard` (#2337) - 88725d6
) tries to install before nokogiri, despite needing nokogiri available to build properly. Instruct it to use the same settings as nokogiri does when building nokogiri directly, instead of via bundler.
* [nanobox] Set NODE_ENV during asset compile
The switch to WebPack will rely on the local value of the NODE_ENV evar, so set it to production during asset compilation.
* [nanobox] Rebase on master; update Nginx configs
- `pkg-config` Gem no longer causes issues in Nanobox, so revert the Gemfile change which allowed excluding it
- Update Nginx configuration files with latest recommendations from production documentation
- Rebase on master to Get This Merged™
Everything should be golden!
pull/3263/head
parent
152b4d54e8
commit
256e3adc1d
|
@ -0,0 +1,109 @@
|
|||
# Service dependencies
|
||||
# You may set REDIS_URL instead for more advanced options
|
||||
REDIS_HOST=$DATA_REDIS_HOST
|
||||
REDIS_PORT=6379
|
||||
# REDIS_DB=0
|
||||
|
||||
# You may set DATABASE_URL instead for more advanced options
|
||||
DB_HOST=$DATA_DB_HOST
|
||||
DB_USER=$DATA_DB_USER
|
||||
DB_NAME=gonano
|
||||
DB_PASS=$DATA_DB_PASS
|
||||
DB_PORT=5432
|
||||
|
||||
# Federation
|
||||
# Note: Changing LOCAL_DOMAIN or LOCAL_HTTPS at a later time will cause unwanted side effects.
|
||||
# LOCAL_DOMAIN should *NOT* contain the protocol part of the domain e.g https://example.com.
|
||||
LOCAL_DOMAIN=${APP_NAME}.nanoapp.io
|
||||
LOCAL_HTTPS=false
|
||||
|
||||
# Use this only if you need to run mastodon on a different domain than the one used for federation.
|
||||
# You can read more about this option on https://github.com/tootsuite/documentation/blob/master/Running-Mastodon/Serving_a_different_domain.md
|
||||
# DO *NOT* USE THIS UNLESS YOU KNOW *EXACTLY* WHAT YOU ARE DOING.
|
||||
# WEB_DOMAIN=mastodon.example.com
|
||||
|
||||
# Use this if you want to have several aliases handler@example1.com
|
||||
# handler@example2.com etc. for the same user. LOCAL_DOMAIN should not
|
||||
# be added. Comma separated values
|
||||
# ALTERNATE_DOMAINS=example1.com,example2.com
|
||||
|
||||
# Application secrets
|
||||
# Generate each with the `rake secret` task (`nanobox run bundle exec rake secret`)
|
||||
PAPERCLIP_SECRET=$PAPERCLIP_SECRET
|
||||
SECRET_KEY_BASE=$SECRET_KEY_BASE
|
||||
OTP_SECRET=$OTP_SECRET
|
||||
|
||||
# Registrations
|
||||
# Single user mode will disable registrations and redirect frontpage to the first profile
|
||||
# SINGLE_USER_MODE=true
|
||||
# Prevent registrations with following e-mail domains
|
||||
# EMAIL_DOMAIN_BLACKLIST=example1.com|example2.de|etc
|
||||
# Only allow registrations with the following e-mail domains
|
||||
# EMAIL_DOMAIN_WHITELIST=example1.com|example2.de|etc
|
||||
|
||||
# Optionally change default language
|
||||
# DEFAULT_LOCALE=de
|
||||
|
||||
# E-mail configuration
|
||||
# Note: Mailgun and SparkPost (https://sparkpo.st/smtp) each have good free tiers
|
||||
# If you want to use an SMTP server without authentication (e.g local Postfix relay)
|
||||
# then set SMTP_AUTH_METHOD and SMTP_OPENSSL_VERIFY_MODE to 'none' and
|
||||
# *comment* SMTP_LOGIN and SMTP_PASSWORD (leaving them blank is not enough).
|
||||
SMTP_SERVER=$SMTP_SERVER
|
||||
SMTP_PORT=587
|
||||
SMTP_LOGIN=$SMTP_LOGIN
|
||||
SMTP_PASSWORD=$SMTP_PASSWORD
|
||||
SMTP_FROM_ADDRESS=notifications@${APP_NAME}.nanoapp.io
|
||||
#SMTP_DOMAIN= # defaults to LOCAL_DOMAIN
|
||||
#SMTP_DELIVERY_METHOD=smtp # delivery method can also be sendmail
|
||||
#SMTP_AUTH_METHOD=plain
|
||||
#SMTP_CA_FILE=/etc/ssl/certs/ca-certificates.crt
|
||||
#SMTP_OPENSSL_VERIFY_MODE=peer
|
||||
#SMTP_ENABLE_STARTTLS_AUTO=true
|
||||
|
||||
|
||||
# Optional user upload path and URL (images, avatars). Default is :rails_root/public/system. If you set this variable, you are responsible for making your HTTP server (eg. nginx) serve these files.
|
||||
# PAPERCLIP_ROOT_PATH=/var/lib/mastodon/public-system
|
||||
# PAPERCLIP_ROOT_URL=/system
|
||||
|
||||
# Optional asset host for multi-server setups
|
||||
# CDN_HOST=assets.example.com
|
||||
|
||||
# S3 (optional)
|
||||
# S3_ENABLED=true
|
||||
# S3_BUCKET=
|
||||
# AWS_ACCESS_KEY_ID=
|
||||
# AWS_SECRET_ACCESS_KEY=
|
||||
# S3_REGION=
|
||||
# S3_PROTOCOL=http
|
||||
# S3_HOSTNAME=192.168.1.123:9000
|
||||
|
||||
# S3 (Minio Config (optional) Please check Minio instance for details)
|
||||
# S3_ENABLED=true
|
||||
# S3_BUCKET=
|
||||
# AWS_ACCESS_KEY_ID=
|
||||
# AWS_SECRET_ACCESS_KEY=
|
||||
# S3_REGION=
|
||||
# S3_PROTOCOL=https
|
||||
# S3_HOSTNAME=
|
||||
# S3_ENDPOINT=
|
||||
# S3_SIGNATURE_VERSION=
|
||||
|
||||
# Optional alias for S3 if you want to use Cloudfront or Cloudflare in front
|
||||
# S3_CLOUDFRONT_HOST=
|
||||
|
||||
# Streaming API integration
|
||||
# STREAMING_API_BASE_URL=
|
||||
|
||||
# Advanced settings
|
||||
# If you need to use pgBouncer, you need to disable prepared statements:
|
||||
# PREPARED_STATEMENTS=false
|
||||
|
||||
# Cluster number setting for streaming API server.
|
||||
# If you comment out following line, cluster number will be `numOfCpuCores - 1`.
|
||||
STREAMING_CLUSTER_NUM=1
|
||||
|
||||
# Docker mastodon user
|
||||
# If you use Docker, you may want to assign UID/GID manually.
|
||||
# UID=1000
|
||||
# GID=1000
|
|
@ -0,0 +1,20 @@
|
|||
.DS_Store
|
||||
.git/
|
||||
.gitignore
|
||||
|
||||
.bundle/
|
||||
.cache/
|
||||
config/deploy/*
|
||||
coverage
|
||||
docs/
|
||||
.env
|
||||
log/*.log
|
||||
neo4j/
|
||||
node_modules/
|
||||
public/assets/
|
||||
public/system/
|
||||
spec/
|
||||
storybook/
|
||||
tmp/
|
||||
.vagrant/
|
||||
vendor/bundle/
|
|
@ -0,0 +1,158 @@
|
|||
run.config:
|
||||
engine: ruby
|
||||
engine.config:
|
||||
runtime: ruby-2.4.1
|
||||
|
||||
extra_packages:
|
||||
# basic servers:
|
||||
- nginx
|
||||
- nodejs
|
||||
|
||||
# for images:
|
||||
- ImageMagick
|
||||
|
||||
# for videos:
|
||||
- ffmpeg3
|
||||
|
||||
# to prep the .env file
|
||||
- gettext-tools
|
||||
|
||||
cache_dirs:
|
||||
- node_modules
|
||||
|
||||
extra_path_dirs:
|
||||
- node_modules/.bin
|
||||
|
||||
build_triggers:
|
||||
- .ruby-version
|
||||
- Gemfile
|
||||
- Gemfile.lock
|
||||
- package.json
|
||||
- yarn.lock
|
||||
|
||||
extra_steps:
|
||||
- cp .env.nanobox .env
|
||||
- gem install bundler
|
||||
- bundle config build.nokogiri --with-iconv-dir=/data/ --with-zlib-dir=/data/
|
||||
- bundle config build.nokogumbo --with-iconv-dir=/data/ --with-zlib-dir=/data/
|
||||
- bundle install --clean
|
||||
- yarn
|
||||
|
||||
fs_watch: true
|
||||
|
||||
deploy.config:
|
||||
extra_steps:
|
||||
- NODE_ENV=production bundle exec rake assets:precompile
|
||||
- "[ -r /app/.env.production ] || sed 's/LOCAL_HTTPS=.*/LOCAL_HTTPS=true/i' /app/.env.nanobox > /app/.env.production"
|
||||
transform:
|
||||
- envsubst < /app/.env.production > /tmp/.env.production && mv /tmp/.env.production /app/.env.production
|
||||
- |-
|
||||
if [ -z "$LOCAL_DOMAIN" ]
|
||||
then
|
||||
. /app/.env.production
|
||||
export LOCAL_DOMAIN
|
||||
fi
|
||||
erb /app/nanobox/nginx-web.conf.erb > /app/nanobox/nginx-web.conf
|
||||
erb /app/nanobox/nginx-stream.conf.erb > /app/nanobox/nginx-stream.conf
|
||||
- touch /app/log/production.log
|
||||
before_live:
|
||||
web.web:
|
||||
- bundle exec rake db:migrate:setup
|
||||
|
||||
web.web:
|
||||
start:
|
||||
nginx: nginx -c /app/nanobox/nginx-web.conf
|
||||
rails: bundle exec puma -C /app/config/puma.rb
|
||||
|
||||
routes:
|
||||
- '/'
|
||||
|
||||
writable_dirs:
|
||||
- tmp
|
||||
|
||||
log_watch:
|
||||
rails: 'log/production.log'
|
||||
|
||||
network_dirs:
|
||||
data.storage:
|
||||
- public/system
|
||||
|
||||
web.stream:
|
||||
start:
|
||||
nginx: nginx -c /app/nanobox/nginx-stream.conf
|
||||
node: yarn run start
|
||||
|
||||
routes:
|
||||
- '/api/v1/streaming*'
|
||||
# Somehow we're getting requests for scheme://domain//api/v1/streaming* - match those, too
|
||||
- '//api/v1/streaming*'
|
||||
|
||||
writable_dirs:
|
||||
- tmp
|
||||
|
||||
worker.sidekiq:
|
||||
start: bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push -L /app/log/sidekiq.log
|
||||
|
||||
writable_dirs:
|
||||
- tmp
|
||||
|
||||
log_watch:
|
||||
rails: 'log/production.log'
|
||||
sidekiq: 'log/sidekiq.log'
|
||||
|
||||
network_dirs:
|
||||
data.storage:
|
||||
- public/system
|
||||
|
||||
cron:
|
||||
- id: generate_static_gifs
|
||||
schedule: '*/15 * * * *'
|
||||
command: 'bundle exec rake mastodon:maintenance:add_static_avatars'
|
||||
|
||||
- id: update_counter_caches
|
||||
schedule: '50 * * * *'
|
||||
command: 'bundle exec rake mastodon:maintenance:update_counter_caches'
|
||||
|
||||
# runs feeds:clear, media:clear, users:clear, and push:refresh
|
||||
- id: do_daily_tasks
|
||||
schedule: '00 00 * * *'
|
||||
command: 'bundle exec rake mastodon:daily'
|
||||
|
||||
- id: clear_silenced_media
|
||||
schedule: '10 00 * * *'
|
||||
command: 'bundle exec rake mastodon:media:remove_silenced'
|
||||
|
||||
- id: clear_remote_media
|
||||
schedule: '20 00 * * *'
|
||||
command: 'bundle exec rake mastodon:media:remove_remote'
|
||||
|
||||
- id: clear_unfollowed_subs
|
||||
schedule: '30 00 * * *'
|
||||
command: 'bundle exec rake mastodon:push:clear'
|
||||
|
||||
- id: send_digest_emails
|
||||
schedule: '00 20 * * *'
|
||||
command: 'bundle exec rake mastodon:emails:digest'
|
||||
|
||||
# The following two tasks can be uncommented to automatically open and close
|
||||
# registrations on a schedule. The format of 'schedule' is a standard cron
|
||||
# time expression: minute hour day month day-of-week; search for "cron
|
||||
# time expressions" for more info on how to set these up. The examples here
|
||||
# open registration only from 8 am to 4 pm, server time.
|
||||
#
|
||||
# - id: open_registrations
|
||||
# schedule: '00 08 * * *'
|
||||
# command: 'bundle exec rake mastodon:settings:open_registrations'
|
||||
#
|
||||
# - id: close_registrations
|
||||
# schedule: '00 16 * * *'
|
||||
# command: 'bundle exec rake mastodon:settings:close_registrations'
|
||||
|
||||
data.db:
|
||||
image: nanobox/postgresql:9.5
|
||||
|
||||
data.redis:
|
||||
image: nanobox/redis:3.0
|
||||
|
||||
data.storage:
|
||||
image: nanobox/unfs:0.9
|
|
@ -0,0 +1,16 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
namespace :db do
|
||||
namespace :migrate do
|
||||
desc 'Setup the db or migrate depending on state of db'
|
||||
task setup: :environment do
|
||||
begin
|
||||
ActiveRecord::Base.connection
|
||||
rescue ActiveRecord::NoDatabaseError
|
||||
Rake::Task['db:setup'].invoke
|
||||
else
|
||||
Rake::Task['db:migrate'].invoke
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
|
@ -0,0 +1,76 @@
|
|||
worker_processes 1;
|
||||
daemon off;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /data/etc/nginx/mime.types;
|
||||
sendfile on;
|
||||
|
||||
gzip on;
|
||||
gzip_http_version 1.0;
|
||||
gzip_proxied any;
|
||||
gzip_min_length 500;
|
||||
gzip_disable "MSIE [1-6]\.";
|
||||
gzip_types text/plain text/xml text/javascript text/css text/comma-separated-values application/xml+rss application/xml application/x-javascript application/json application/javascript application/atom+xml;
|
||||
|
||||
# Proxy upstream to the puma process
|
||||
upstream rails {
|
||||
server 127.0.0.1:3000;
|
||||
}
|
||||
|
||||
# Proxy upstream to the node process
|
||||
upstream node {
|
||||
server 127.0.0.1:4000;
|
||||
}
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
# Configuration for Nginx
|
||||
server {
|
||||
# Listen on port 8080
|
||||
listen 8080;
|
||||
|
||||
root /app/public;
|
||||
|
||||
location / {
|
||||
try_files $uri @rails;
|
||||
}
|
||||
|
||||
# Proxy connections to rails
|
||||
location @rails {
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass_header Server;
|
||||
|
||||
proxy_pass http://rails;
|
||||
proxy_buffering off;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
|
||||
# Proxy connections to node
|
||||
location /api/v1/streaming {
|
||||
proxy_set_header Host $host;
|
||||
|
||||
proxy_pass http://node;
|
||||
proxy_buffering off;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
}
|
||||
|
||||
error_page 500 501 502 503 504 /500.html;
|
||||
}
|
|
@ -0,0 +1,57 @@
|
|||
worker_processes 1;
|
||||
daemon off;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /data/etc/nginx/mime.types;
|
||||
sendfile on;
|
||||
|
||||
gzip on;
|
||||
gzip_http_version 1.1;
|
||||
gzip_proxied any;
|
||||
gzip_min_length 500;
|
||||
gzip_disable "MSIE [1-6]\.";
|
||||
gzip_types text/plain text/xml text/javascript text/css text/comma-separated-values application/xml+rss application/xml application/x-javascript application/json application/javascript application/atom+xml;
|
||||
|
||||
# Proxy upstream to the node process
|
||||
upstream node {
|
||||
server 127.0.0.1:4000;
|
||||
}
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
# Configuration for Nginx
|
||||
server {
|
||||
# Listen on port 8080
|
||||
listen 8080;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://<%= ENV["LOCAL_DOMAIN"] %>; upgrade-insecure-requests";
|
||||
|
||||
root /app/public;
|
||||
|
||||
location / {
|
||||
try_files $uri @node;
|
||||
}
|
||||
|
||||
# Proxy connections to node
|
||||
location @node {
|
||||
proxy_set_header Host $host;
|
||||
|
||||
proxy_pass http://node;
|
||||
proxy_buffering off;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,65 @@
|
|||
worker_processes 1;
|
||||
daemon off;
|
||||
|
||||
events {
|
||||
worker_connections 1024;
|
||||
}
|
||||
|
||||
http {
|
||||
include /data/etc/nginx/mime.types;
|
||||
sendfile on;
|
||||
|
||||
gzip on;
|
||||
gzip_http_version 1.0;
|
||||
gzip_proxied any;
|
||||
gzip_min_length 500;
|
||||
gzip_disable "MSIE [1-6]\.";
|
||||
gzip_types text/plain text/xml text/javascript text/css text/comma-separated-values application/xml+rss application/xml application/x-javascript application/json application/javascript application/atom+xml;
|
||||
|
||||
# Proxy upstream to the puma process
|
||||
upstream rails {
|
||||
server 127.0.0.1:3000;
|
||||
}
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
# Configuration for Nginx
|
||||
server {
|
||||
# Listen on port 8080
|
||||
listen 8080;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
add_header Content-Security-Policy "style-src 'self' 'unsafe-inline'; script-src 'self'; object-src 'self'; img-src data: https:; media-src data: https:; connect-src 'self' wss://<%= ENV["LOCAL_DOMAIN"] %>; upgrade-insecure-requests";
|
||||
|
||||
root /app/public;
|
||||
|
||||
location / {
|
||||
try_files $uri @rails;
|
||||
}
|
||||
|
||||
location ~ ^/(assets|system/media_attachments/files|system/accounts/avatars) {
|
||||
add_header Cache-Control "public, max-age=31536000, immutable";
|
||||
try_files $uri @rails;
|
||||
}
|
||||
|
||||
# Proxy connections to rails
|
||||
location @rails {
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass_header Server;
|
||||
|
||||
proxy_pass http://rails;
|
||||
proxy_buffering off;
|
||||
proxy_redirect off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade;
|
||||
|
||||
tcp_nodelay on;
|
||||
}
|
||||
}
|
||||
|
||||
error_page 500 501 502 503 504 /500.html;
|
||||
}
|
Loading…
Reference in New Issue