mirror of
https://akkoma.dev/AkkomaGang/akkoma.git
synced 2024-12-18 23:59:34 +00:00
Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into develop
This commit is contained in:
commit
87ba9d1bab
|
@ -3,7 +3,7 @@ All notable changes to this project will be documented in this file.
|
|||
|
||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||
|
||||
## [unreleased]
|
||||
## [1.0.0] - 2019-06-29
|
||||
### Security
|
||||
- Mastodon API: Fix display names not being sanitized
|
||||
- Rich media: Do not crawl private IP ranges
|
||||
|
@ -68,6 +68,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- MRF: Support for filtering out likely spam messages by rejecting posts from new users that contain links.
|
||||
- Configuration: `ignore_hosts` option
|
||||
- Configuration: `ignore_tld` option
|
||||
- Configuration: default syslog tag "Pleroma" is now lowercased to "pleroma"
|
||||
|
||||
### Changed
|
||||
- **Breaking:** bind to 127.0.0.1 instead of 0.0.0.0 by default
|
||||
|
|
|
@ -15,9 +15,12 @@ For clients it supports both the [GNU Social API with Qvitter extensions](https:
|
|||
If you want to run your own server, feel free to contact us at @lain@pleroma.soykaf.com or in our dev chat at #pleroma on freenode or via matrix at <https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org>.
|
||||
|
||||
## Installation
|
||||
**Note:** The guide below may be outdated and in most cases shouldn't be used. Instead check out our [wiki](https://docs.pleroma.social) for platform-specific installation instructions, most likely [Installing on Linux using OTP releases](https://docs.pleroma.social/otp_en.html) is the guide you need.
|
||||
|
||||
### OS/Distro packages
|
||||
Currently Pleroma is not packaged by any OS/Distros, but feel free to reach out to us at [#pleroma-dev on freenode](https://webchat.freenode.net/?channels=%23pleroma-dev) or via matrix at <https://matrix.heldscal.la/#/room/#freenode_#pleroma-dev:matrix.org> for assistance. If you want to change default options in your Pleroma package, please **discuss it with us first**.
|
||||
|
||||
### Docker
|
||||
|
||||
While we don’t provide docker files, other people have written very good ones. Take a look at <https://github.com/angristan/docker-pleroma> or <https://github.com/sn0w/pleroma-docker>.
|
||||
|
||||
### Dependencies
|
||||
|
|
|
@ -169,7 +169,7 @@ config :logger, :console,
|
|||
|
||||
config :logger, :ex_syslogger,
|
||||
level: :debug,
|
||||
ident: "Pleroma",
|
||||
ident: "pleroma",
|
||||
format: "$metadata[$level] $message",
|
||||
metadata: [:request_id]
|
||||
|
||||
|
|
|
@ -579,7 +579,7 @@ Note: Available `:permission_group` is currently moderator and admin. 404 is ret
|
|||
## `/api/pleroma/admin/config`
|
||||
### Update config settings
|
||||
Module name can be passed as string, which starts with `Pleroma`, e.g. `"Pleroma.Upload"`.
|
||||
Atom or boolean value can be passed with `:` in the beginning, e.g. `":true"`, `":upload"`.
|
||||
Atom or boolean value can be passed with `:` in the beginning, e.g. `":true"`, `":upload"`. For keys it is not needed.
|
||||
Integer with `i:`, e.g. `"i:150"`.
|
||||
Tuple with more than 2 values with `{"tuple": ["first_val", Pleroma.Module, []]}`.
|
||||
`{"tuple": ["some_string", "Pleroma.Some.Module", []]}` will be converted to `{"some_string", Pleroma.Some.Module, []}`.
|
||||
|
|
151
docs/installation/migrating_from_source_otp_en.md
Normal file
151
docs/installation/migrating_from_source_otp_en.md
Normal file
|
@ -0,0 +1,151 @@
|
|||
# Switching a from-source install to OTP releases
|
||||
## What are OTP releases?
|
||||
OTP releases are as close as you can get to binary releases with Erlang/Elixir. The release is self-contained, and provides everything needed to boot it, it is easily administered via the provided shell script to open up a remote console, start/stop/restart the release, start in the background, send remote commands, and more.
|
||||
### Can I still run the develop branch if I decide to use them?
|
||||
Yes, we produce builds for every commit in `develop`. However `develop` is considered unstable, please don't use it in production because of faster access to new features, unless you need them as an app developer.
|
||||
## Why would one want to switch?
|
||||
Benefits of OTP releases over from-source installs include:
|
||||
* **Less space used.** OTP releases come without source code, build tools, have docs and debug symbols stripped from the compiled bytecode and do not cointain tests, docs, revision history.
|
||||
* **Minimal system dependencies.** Excluding the database and reverse proxy, only `curl`, `unzip` and `ncurses` are needed to download and run the release. Because Erlang runtime and Elixir are shipped with Pleroma, one can use the latest BEAM optimizations and Pleroma features, without having to worry about outdated system repos or a missing `erlang-*` package.
|
||||
* **Potentially less bugs and better performance.** This extends on the previous point, because we have control over exactly what gets shipped, we can tweak the VM arguments and forget about weird bugs due to Erlang/Elixir version mismatches.
|
||||
* **Faster and less bug-prone mix tasks.** On a from-source install one has to wait untill a new Pleroma node is started for each mix task and they execute outside of the instance context (for example if a user was deleted via a mix task, the instance will have no knowledge of that and continue to display status count and follows before the cache expires). Mix tasks in OTP releases are executed by calling into a running instance via RPC, which solves both of these problems.
|
||||
|
||||
### Sounds great, how do I switch?
|
||||
Currently we support Linux machines with GNU (e.g. Debian, Ubuntu) or musl (e.g. Alpine) libc and `x86_64`, `aarch64` or `armv7l` CPUs. If you are unsure, check the [Detecting flavour](otp_en.html#detecting-flavour) section in OTP install guide. If your platform is supported, proceed with the guide, if not check the [My platform is not supported](#my-platform-is-not-supported) section.
|
||||
### I don't think it is worth the effort, can I stay on a from-source install?
|
||||
Yes, currently there are no plans to deprecate them.
|
||||
|
||||
### My platform is not supported
|
||||
If you think your platform is a popular choice for running Pleroma instances, or has the potential to become one, you can [file an issue on our Gitlab](https://git.pleroma.social/pleroma/pleroma/issues/new). If not, guides on how to build and update releases by yourself will be available soon.
|
||||
## Pre-requisites
|
||||
You will be running commands as root. If you aren't root already, please elevate your priviledges by executing `sudo su`/`su`.
|
||||
|
||||
The system needs to have `curl` and `unzip` installed for downloading and unpacking release builds.
|
||||
|
||||
Debian/Ubuntu:
|
||||
```sh
|
||||
apt install curl unzip
|
||||
```
|
||||
Alpine:
|
||||
```
|
||||
apk add curl unzip
|
||||
|
||||
```
|
||||
## Moving content out of the application directory
|
||||
When using OTP releases the application directory changes with every version so it would be a bother to keep content there (and also dangerous unless `--no-rm` option is used when updating). Fortunately almost all paths in Pleroma are configurable, so it is possible to move them out of there.
|
||||
|
||||
Pleroma should be stopped before proceeding.
|
||||
|
||||
### Moving uploads/custom public files directory
|
||||
```sh
|
||||
# Create uploads directory and set proper permissions (skip if using a remote uploader)
|
||||
# Note: It does not have to be `/var/lib/pleroma/uploads`, you can configure it to be something else later
|
||||
mkdir -p /var/lib/pleroma/uploads
|
||||
chown -R pleroma /var/lib/pleroma
|
||||
|
||||
# Create custom public files directory
|
||||
# Note: It does not have to be `/var/lib/pleroma/static`, you can configure it to be something else later
|
||||
mkdir -p /var/lib/pleroma/static
|
||||
chown -R pleroma /var/lib/pleroma
|
||||
|
||||
# If you use the local uploader with default settings your uploads should be located in `~pleroma/uploads`
|
||||
mv ~pleroma/uploads /var/lib/pleroma/uploads
|
||||
|
||||
# If you have created the custom public files directory with default settings it should be located in `~pleroma/instance/static`
|
||||
mv ~pleroma/instance/static /var/lib/pleroma/static
|
||||
```
|
||||
|
||||
### Moving emoji
|
||||
Assuming you have all emojis in subdirectories of `priv/static/emoji` moving them can be done with
|
||||
```sh
|
||||
mkdir /var/lib/pleroma/static/emoji
|
||||
ls -d ~pleroma/priv/static/emoji/*/ | xargs -i sh -c 'mv "{}" "/var/lib/pleroma/static/emoji/$(basename {})"'
|
||||
```
|
||||
|
||||
But, if for some reason you have custom emojis in the root directory you should copy the whole directory instead.
|
||||
```sh
|
||||
mv ~pleroma/priv/static/emoji /var/lib/pleroma/static/emoji
|
||||
```
|
||||
and then copy custom emojis to `/var/lib/pleroma/static/emoji/custom`.
|
||||
|
||||
This is needed because storing custom emojis in the root directory is deprecated, but if you just move them to `/var/lib/pleroma/static/emoji/custom` it will break emoji urls on old posts.
|
||||
|
||||
Note that globs have been replaced with `pack_extensions`, so if your emojis are not in png/gif you should [modify the default value](config.html#emoji).
|
||||
|
||||
### Moving the config
|
||||
```sh
|
||||
# Create the config directory
|
||||
# The default path for Pleroma config is /etc/pleroma/config.exs
|
||||
# but it can be set via PLEROMA_CONFIG_PATH environment variable
|
||||
mkdir -p /etc/pleroma
|
||||
|
||||
# Move the config file
|
||||
mv ~pleroma/config/prod.secret.exs /etc/pleroma/config.exs
|
||||
|
||||
# Change `use Mix.Config` at the top to `import Config`
|
||||
$EDITOR /etc/pleroma/config.exs
|
||||
```
|
||||
## Installing the release
|
||||
Before proceeding, get the flavour from [Detecting flavour](otp_en.html#detecting-flavour) section in OTP installation guide.
|
||||
```sh
|
||||
# Delete all files in pleroma user's directory
|
||||
rm -r ~pleroma/*
|
||||
|
||||
# Set the flavour environment variable to the string you got in Detecting flavour section.
|
||||
# For example if the flavour is `arm64-musl` the command will be
|
||||
export FLAVOUR="arm64-musl"
|
||||
|
||||
# Clone the release build into a temporary directory and unpack it
|
||||
# Replace `master` with `develop` if you want to run the develop branch
|
||||
su pleroma -s $SHELL -lc "
|
||||
curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/master/download?job=$FLAVOUR' -o /tmp/pleroma.zip
|
||||
unzip /tmp/pleroma.zip -d /tmp/
|
||||
"
|
||||
|
||||
# Move the release to the home directory and delete temporary files
|
||||
su pleroma -s $SHELL -lc "
|
||||
mv /tmp/release/* ~pleroma/
|
||||
rmdir /tmp/release
|
||||
rm /tmp/pleroma.zip
|
||||
"
|
||||
|
||||
# Start the instance to verify that everything is working as expected
|
||||
su pleroma -s $SHELL -lc "./bin/pleroma daemon"
|
||||
|
||||
# Wait for about 20 seconds and query the instance endpoint, if it shows your uri, name and email correctly, you are configured correctly
|
||||
sleep 20 && curl http://localhost:4000/api/v1/instance
|
||||
|
||||
# Stop the instance
|
||||
su pleroma -s $SHELL -lc "./bin/pleroma stop"
|
||||
```
|
||||
|
||||
## Setting up a system service
|
||||
OTP releases have different service files than from-source installs so they need to be copied over again.
|
||||
|
||||
Debian/Ubuntu:
|
||||
```sh
|
||||
# Copy the service into a proper directory
|
||||
cp ~pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
|
||||
|
||||
# Reload service files
|
||||
systemctl reload-daemon
|
||||
|
||||
# Reenable pleroma to start on boot
|
||||
systemctl reenable pleroma
|
||||
|
||||
# Start pleroma
|
||||
systemctl start pleroma
|
||||
```
|
||||
|
||||
Alpine:
|
||||
```sh
|
||||
# Copy the service into a proper directory
|
||||
cp -f ~pleroma/installation/init.d/pleroma /etc/init.d/pleroma
|
||||
|
||||
# Start pleroma
|
||||
rc-service pleroma start
|
||||
```
|
||||
## Running mix tasks
|
||||
Refer to [Running mix tasks](otp_en.html#running-mix-tasks) section from OTP release installation guide.
|
||||
## Updating
|
||||
Refer to [Updating](otp_en.html#updating) section from OTP release installation guide.
|
261
docs/installation/otp_en.md
Normal file
261
docs/installation/otp_en.md
Normal file
|
@ -0,0 +1,261 @@
|
|||
# Installing on Linux using OTP releases
|
||||
|
||||
## Pre-requisites
|
||||
* A machine running Linux with GNU (e.g. Debian, Ubuntu) or musl (e.g. Alpine) libc and `x86_64`, `aarch64` or `armv7l` CPU, you have root access to. If you are not sure if it's compatible see [Detecting flavour section](#detecting-flavour) below
|
||||
* A (sub)domain pointed to the machine
|
||||
|
||||
You will be running commands as root. If you aren't root already, please elevate your priviledges by executing `sudo su`/`su`.
|
||||
|
||||
While in theory OTP releases are possbile to install on any compatible machine, for the sake of simplicity this guide focuses only on Debian/Ubuntu/Alpine.
|
||||
|
||||
### Detecting flavour
|
||||
|
||||
Paste the following into the shell:
|
||||
```sh
|
||||
arch="$(uname -m)";if [ "$arch" = "x86_64" ];then arch="amd64";elif [ "$arch" = "armv7l" ];then arch="arm";elif [ "$arch" = "aarch64" ];then arch="arm64";else echo "Unsupported arch: $arch">&2;fi;if getconf GNU_LIBC_VERSION>/dev/null;then libc_postfix="";elif [ "$(ldd 2>&1|head -c 9)" = "musl libc" ];then libc_postfix="-musl";elif [ "$(find /lib/libc.musl*|wc -l)" ];then libc_postfix="-musl";else echo "Unsupported libc">&2;fi;echo "$arch$libc_postfix"
|
||||
```
|
||||
|
||||
If your platform is supported the output will contain the flavour string, you will need it later. If not, this just means that we don't build releases for your platform, you can still try installing from source.
|
||||
|
||||
### Installing the required packages
|
||||
|
||||
Other than things bundled in the OTP release Pleroma depends on:
|
||||
* curl (to download the release build)
|
||||
* unzip (needed to unpack release builds)
|
||||
* ncurses (ERTS won't run without it)
|
||||
* PostgreSQL (also utilizes extensions in postgresql-contrib)
|
||||
* nginx (could be swapped with another reverse proxy but this guide covers only it)
|
||||
* certbot (for Let's Encrypt certificates, could be swapped with another ACME client, but this guide covers only it)
|
||||
|
||||
Debian/Ubuntu:
|
||||
```sh
|
||||
apt install curl unzip libncurses5 postgresql postgresql-contrib nginx certbot
|
||||
```
|
||||
Alpine:
|
||||
|
||||
```sh
|
||||
echo "http://nl.alpinelinux.org/alpine/latest-stable/community" >> /etc/apk/repositories
|
||||
apk update
|
||||
apk add curl unzip ncurses postgresql postgresql-contrib nginx certbot
|
||||
```
|
||||
|
||||
## Setup
|
||||
### Configuring PostgreSQL
|
||||
#### (Optional) Installing RUM indexes
|
||||
RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. You can read more about them on the [Configuration page](config.html#rum-indexing-for-full-text-search). They are completely optional and most of the time are not worth it, especially if you are running a single user instance (unless you absolutely need ordered search results).
|
||||
|
||||
Debian/Ubuntu (available only on Buster/19.04):
|
||||
```sh
|
||||
apt install postgresql-11-rum
|
||||
```
|
||||
Alpine:
|
||||
```sh
|
||||
apk add git build-base postgresql-dev
|
||||
git clone https://github.com/postgrespro/rum /tmp/rum
|
||||
cd /tmp/rum
|
||||
make USE_PGXS=1
|
||||
make USE_PGXS=1 install
|
||||
cd
|
||||
rm -r /tmp/rum
|
||||
```
|
||||
#### (Optional) Performance configuration
|
||||
For optimal performance, you may use [PGTune](https://pgtune.leopard.in.ua), don't forget to restart postgresql after editing the configuration
|
||||
|
||||
Debian/Ubuntu:
|
||||
```sh
|
||||
systemctl restart postgresql
|
||||
```
|
||||
Alpine:
|
||||
```sh
|
||||
rc-service postgresql restart
|
||||
```
|
||||
### Installing Pleroma
|
||||
```sh
|
||||
# Create the Pleroma user
|
||||
adduser --system --shell /bin/false --home /opt/pleroma pleroma
|
||||
|
||||
# Set the flavour environment variable to the string you got in Detecting flavour section.
|
||||
# For example if the flavour is `arm64-musl` the command will be
|
||||
export FLAVOUR="arm64-musl"
|
||||
|
||||
# Clone the release build into a temporary directory and unpack it
|
||||
su pleroma -s $SHELL -lc "
|
||||
curl 'https://git.pleroma.social/api/v4/projects/2/jobs/artifacts/master/download?job=$FLAVOUR' -o /tmp/pleroma.zip
|
||||
unzip /tmp/pleroma.zip -d /tmp/
|
||||
"
|
||||
|
||||
# Move the release to the home directory and delete temporary files
|
||||
su pleroma -s $SHELL -lc "
|
||||
mv /tmp/release/* /opt/pleroma
|
||||
rmdir /tmp/release
|
||||
rm /tmp/pleroma.zip
|
||||
"
|
||||
# Create uploads directory and set proper permissions (skip if planning to use a remote uploader)
|
||||
# Note: It does not have to be `/var/lib/pleroma/uploads`, the config generator will ask about the upload directory later
|
||||
|
||||
mkdir -p /var/lib/pleroma/uploads
|
||||
chown -R pleroma /var/lib/pleroma
|
||||
|
||||
# Create custom public files directory (custom emojis, frontend bundle overrides, robots.txt, etc.)
|
||||
# Note: It does not have to be `/var/lib/pleroma/static`, the config generator will ask about the custom public files directory later
|
||||
mkdir -p /var/lib/pleroma/static
|
||||
chown -R pleroma /var/lib/pleroma
|
||||
|
||||
# Create a config directory
|
||||
mkdir -p /etc/pleroma
|
||||
chown -R pleroma /etc/pleroma
|
||||
|
||||
# Run the config generator
|
||||
su pleroma -s $SHELL -lc "./bin/pleroma_ctl instance gen --output /etc/pleroma/config.exs --output-psql /tmp/setup_db.psql"
|
||||
|
||||
# Create the postgres database
|
||||
su postgres -s $SHELL -lc "psql -f /tmp/setup_db.psql"
|
||||
|
||||
# Create the database schema
|
||||
su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
|
||||
|
||||
# If you have installed RUM indexes uncommend and run
|
||||
# su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate --migrations-path priv/repo/optional_migrations/rum_indexing/"
|
||||
|
||||
# Start the instance to verify that everything is working as expected
|
||||
su pleroma -s $SHELL -lc "./bin/pleroma daemon"
|
||||
|
||||
# Wait for about 20 seconds and query the instance endpoint, if it shows your uri, name and email correctly, you are configured correctly
|
||||
sleep 20 && curl http://localhost:4000/api/v1/instance
|
||||
|
||||
# Stop the instance
|
||||
su pleroma -s $SHELL -lc "./bin/pleroma stop"
|
||||
```
|
||||
|
||||
### Setting up nginx and getting Let's Encrypt SSL certificaties
|
||||
|
||||
```sh
|
||||
# Get a Let's Encrypt certificate
|
||||
certbot certonly --standalone --preferred-challenges http -d yourinstance.tld
|
||||
|
||||
# Copy the Pleroma nginx configuration to the nginx folder
|
||||
# The location of nginx configs is dependent on the distro
|
||||
|
||||
# For Debian/Ubuntu:
|
||||
cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/sites-available/pleroma.nginx
|
||||
ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/pleroma.nginx
|
||||
# For Alpine:
|
||||
cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/conf.d/pleroma.conf
|
||||
# If your distro does not have either of those you can append
|
||||
# `include /etc/nginx/pleroma.conf` to the end of the http section in /etc/nginx/nginx.conf and
|
||||
cp /opt/pleroma/installation/pleroma.nginx /etc/nginx/pleroma.conf
|
||||
|
||||
# Edit the nginx config replacing example.tld with your (sub)domain
|
||||
$EDITOR path-to-nginx-config
|
||||
|
||||
# Verify that the config is valid
|
||||
nginx -t
|
||||
|
||||
# Start nginx
|
||||
# For Debian/Ubuntu:
|
||||
systemctl start nginx
|
||||
# For Alpine:
|
||||
rc-service nginx start
|
||||
```
|
||||
|
||||
At this point if you open your (sub)domain in a browser you should see a 502 error, that's because pleroma is not started yet.
|
||||
|
||||
### Setting up a system service
|
||||
Debian/Ubuntu:
|
||||
```sh
|
||||
# Copy the service into a proper directory
|
||||
cp /opt/pleroma/installation/pleroma.service /etc/systemd/system/pleroma.service
|
||||
|
||||
# Start pleroma and enable it on boot
|
||||
systemctl start pleroma
|
||||
systemctl enable pleroma
|
||||
```
|
||||
Alpine:
|
||||
```sh
|
||||
# Copy the service into a proper directory
|
||||
cp /opt/pleroma/installation/init.d/pleroma /etc/init.d/pleroma
|
||||
|
||||
# Start pleroma and enable it on boot
|
||||
rc-service pleroma start
|
||||
rc-update add pleroma
|
||||
```
|
||||
|
||||
If everything worked, you should see Pleroma-FE when visiting your domain. If that didn't happen, try reviewing the installation steps, starting Pleroma in the foreground and seeing if there are any errrors.
|
||||
|
||||
Still doesn't work? Feel free to contact us on [#pleroma on freenode](https://webchat.freenode.net/?channels=%23pleroma) or via matrix at <https://matrix.heldscal.la/#/room/#freenode_#pleroma:matrix.org>, you can also [file an issue on our Gitlab](https://git.pleroma.social/pleroma/pleroma/issues/new)
|
||||
|
||||
## Post installation
|
||||
|
||||
### Setting up auto-renew Let's Encrypt certificate
|
||||
```sh
|
||||
# Create the directory for webroot challenges
|
||||
mkdir -p /var/lib/letsencrypt
|
||||
|
||||
# Uncomment the webroot method
|
||||
$EDITOR path-to-nginx-config
|
||||
|
||||
# Verify that the config is valid
|
||||
nginx -t
|
||||
```
|
||||
Debian/Ubuntu:
|
||||
```sh
|
||||
# Restart nginx
|
||||
systemctl restart nginx
|
||||
|
||||
# Ensure the webroot menthod and post hook is working
|
||||
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'systemctl nginx reload'
|
||||
|
||||
# Add it to the daily cron
|
||||
echo '#!/bin/sh
|
||||
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook "systemctl reload nginx"
|
||||
' > /etc/cron.daily/renew-pleroma-cert
|
||||
chmod +x /etc/cron.daily/renew-pleroma-cert
|
||||
|
||||
# If everything worked the output should contain /etc/cron.daily/renew-pleroma-cert
|
||||
run-parts --test /etc/cron.daily
|
||||
```
|
||||
Alpine:
|
||||
```sh
|
||||
# Restart nginx
|
||||
rc-service nginx restart
|
||||
|
||||
# Start the cron daemon and make it start on boot
|
||||
rc-service crond start
|
||||
rc-update add crond
|
||||
|
||||
# Ensure the webroot menthod and post hook is working
|
||||
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook 'rc-service nginx reload'
|
||||
|
||||
# Add it to the daily cron
|
||||
echo '#!/bin/sh
|
||||
certbot renew --cert-name yourinstance.tld --webroot -w /var/lib/letsencrypt/ --dry-run --post-hook "rc-service nginx reload"
|
||||
' > /etc/periodic/daily/renew-pleroma-cert
|
||||
chmod +x /etc/periodic/daily/renew-pleroma-cert
|
||||
|
||||
# If everything worked this should output /etc/periodic/daily/renew-pleroma-cert
|
||||
run-parts --test /etc/periodic/daily
|
||||
```
|
||||
### Running mix tasks
|
||||
Throughout the wiki and guides there is a lot of references to mix tasks. Since `mix` is a build tool, you can't just call `mix pleroma.task`, instead you should call `pleroma_ctl` stripping pleroma/ecto namespace.
|
||||
|
||||
So for example, if the task is `mix pleroma.user set admin --admin`, you should run it like this:
|
||||
```sh
|
||||
su pleroma -s $SHELL -lc "./bin/pleroma_ctl user set admin --admin"
|
||||
```
|
||||
### Updating
|
||||
Generally, doing the following is enough:
|
||||
```sh
|
||||
# Download the new release
|
||||
su pleroma -s $SHELL -lc "./bin/pleroma_ctl update"
|
||||
|
||||
# Migrate the database, you are advised to stop the instance before doing that
|
||||
su pleroma -s $SHELL -lc "./bin/pleroma_ctl migrate"
|
||||
```
|
||||
But you should **always check the release notes/changelog** in case there are config deprecations, special update steps, etc.
|
||||
|
||||
## Further reading
|
||||
* [Configuration](config.html)
|
||||
* [Pleroma's base config.exs](https://git.pleroma.social/pleroma/pleroma/blob/master/config/config.exs)
|
||||
* [Hardening your instance](hardening.html)
|
||||
* [Pleroma Clients](clients.html)
|
||||
* [Emoji pack manager](Mix.Tasks.Pleroma.Emoji.html)
|
|
@ -14,17 +14,19 @@ server {
|
|||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
return 301 https://$server_name$request_uri;
|
||||
|
||||
# Uncomment this if you need to use the 'webroot' method with certbot. Make sure
|
||||
# that the directory exists and that it is accessible by the webserver. If you followed
|
||||
# the guide, you already ran 'sudo mkdir -p /var/lib/letsencrypt' to create the folder.
|
||||
# the guide, you already ran 'mkdir -p /var/lib/letsencrypt' to create the folder.
|
||||
# You may need to load this file with the ssl server block commented out, run certbot
|
||||
# to get the certificate, and then uncomment it.
|
||||
#
|
||||
# location ~ /\.well-known/acme-challenge {
|
||||
# root /var/lib/letsencrypt/.well-known/acme-challenge;
|
||||
# root /var/lib/letsencrypt/;
|
||||
# }
|
||||
location / {
|
||||
return 301 https://$server_name$request_uri;
|
||||
}
|
||||
}
|
||||
|
||||
# Enable SSL session caching for improved performance
|
||||
|
|
|
@ -36,9 +36,11 @@ defmodule Mix.Tasks.Pleroma.Config do
|
|||
end
|
||||
end
|
||||
|
||||
def run(["migrate_from_db", env]) do
|
||||
def run(["migrate_from_db", env, delete?]) do
|
||||
start_pleroma()
|
||||
|
||||
delete? = if delete? == "true", do: true, else: false
|
||||
|
||||
if Pleroma.Config.get([:instance, :dynamic_configuration]) do
|
||||
config_path = "config/#{env}.exported_from_db.secret.exs"
|
||||
|
||||
|
@ -47,7 +49,11 @@ defmodule Mix.Tasks.Pleroma.Config do
|
|||
|
||||
Repo.all(Config)
|
||||
|> Enum.each(fn config ->
|
||||
mark = if String.starts_with?(config.key, "Pleroma."), do: ",", else: ":"
|
||||
mark =
|
||||
if String.starts_with?(config.key, "Pleroma.") or
|
||||
String.starts_with?(config.key, "Ueberauth"),
|
||||
do: ",",
|
||||
else: ":"
|
||||
|
||||
IO.write(
|
||||
file,
|
||||
|
@ -56,8 +62,10 @@ defmodule Mix.Tasks.Pleroma.Config do
|
|||
}\r\n"
|
||||
)
|
||||
|
||||
{:ok, _} = Repo.delete(config)
|
||||
Mix.shell().info("#{config.key} deleted from DB.")
|
||||
if delete? do
|
||||
{:ok, _} = Repo.delete(config)
|
||||
Mix.shell().info("#{config.key} deleted from DB.")
|
||||
end
|
||||
end)
|
||||
|
||||
File.close(file)
|
||||
|
|
|
@ -114,12 +114,12 @@ defmodule Mix.Tasks.Pleroma.Instance do
|
|||
options,
|
||||
:db_configurable,
|
||||
"Do you want to store the configuration in the database (allows controlling it from admin-fe)? (y/n)",
|
||||
"y"
|
||||
"n"
|
||||
) === "y"
|
||||
|
||||
dbhost = get_option(options, :dbhost, "What is the hostname of your database?", "localhost")
|
||||
|
||||
dbname = get_option(options, :dbname, "What is the name of your database?", "pleroma_dev")
|
||||
dbname = get_option(options, :dbname, "What is the name of your database?", "pleroma")
|
||||
|
||||
dbuser =
|
||||
get_option(
|
||||
|
@ -198,28 +198,16 @@ defmodule Mix.Tasks.Pleroma.Instance do
|
|||
rum_enabled: rum_enabled
|
||||
)
|
||||
|
||||
shell_info(
|
||||
"Writing config to #{config_path}. You should rename it to config/prod.secret.exs or config/dev.secret.exs."
|
||||
)
|
||||
shell_info("Writing config to #{config_path}.")
|
||||
|
||||
File.write(config_path, result_config)
|
||||
shell_info("Writing #{psql_path}.")
|
||||
shell_info("Writing the postgres script to #{psql_path}.")
|
||||
File.write(psql_path, result_psql)
|
||||
|
||||
write_robots_txt(indexable, template_dir)
|
||||
|
||||
shell_info(
|
||||
"\n" <>
|
||||
"""
|
||||
To get started:
|
||||
1. Verify the contents of the generated files.
|
||||
2. Run `sudo -u postgres psql -f #{escape_sh_path(psql_path)}`.
|
||||
""" <>
|
||||
if config_path in ["config/dev.secret.exs", "config/prod.secret.exs"] do
|
||||
""
|
||||
else
|
||||
"3. Run `mv #{escape_sh_path(config_path)} 'config/prod.secret.exs'`."
|
||||
end
|
||||
"\n All files successfully written! Refer to the installation instructions for your platform for next steps"
|
||||
)
|
||||
else
|
||||
shell_error(
|
||||
|
|
84
lib/pleroma/plugs/idempotency_plug.ex
Normal file
84
lib/pleroma/plugs/idempotency_plug.ex
Normal file
|
@ -0,0 +1,84 @@
|
|||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Plugs.IdempotencyPlug do
|
||||
import Phoenix.Controller, only: [json: 2]
|
||||
import Plug.Conn
|
||||
|
||||
@behaviour Plug
|
||||
|
||||
@impl true
|
||||
def init(opts), do: opts
|
||||
|
||||
# Sending idempotency keys in `GET` and `DELETE` requests has no effect
|
||||
# and should be avoided, as these requests are idempotent by definition.
|
||||
|
||||
@impl true
|
||||
def call(%{method: method} = conn, _) when method in ["POST", "PUT", "PATCH"] do
|
||||
case get_req_header(conn, "idempotency-key") do
|
||||
[key] -> process_request(conn, key)
|
||||
_ -> conn
|
||||
end
|
||||
end
|
||||
|
||||
def call(conn, _), do: conn
|
||||
|
||||
def process_request(conn, key) do
|
||||
case Cachex.get(:idempotency_cache, key) do
|
||||
{:ok, nil} ->
|
||||
cache_resposnse(conn, key)
|
||||
|
||||
{:ok, record} ->
|
||||
send_cached(conn, key, record)
|
||||
|
||||
{atom, message} when atom in [:ignore, :error] ->
|
||||
render_error(conn, message)
|
||||
end
|
||||
end
|
||||
|
||||
defp cache_resposnse(conn, key) do
|
||||
register_before_send(conn, fn conn ->
|
||||
[request_id] = get_resp_header(conn, "x-request-id")
|
||||
content_type = get_content_type(conn)
|
||||
|
||||
record = {request_id, content_type, conn.status, conn.resp_body}
|
||||
{:ok, _} = Cachex.put(:idempotency_cache, key, record)
|
||||
|
||||
conn
|
||||
|> put_resp_header("idempotency-key", key)
|
||||
|> put_resp_header("x-original-request-id", request_id)
|
||||
end)
|
||||
end
|
||||
|
||||
defp send_cached(conn, key, record) do
|
||||
{request_id, content_type, status, body} = record
|
||||
|
||||
conn
|
||||
|> put_resp_header("idempotency-key", key)
|
||||
|> put_resp_header("idempotent-replayed", "true")
|
||||
|> put_resp_header("x-original-request-id", request_id)
|
||||
|> put_resp_content_type(content_type)
|
||||
|> send_resp(status, body)
|
||||
|> halt()
|
||||
end
|
||||
|
||||
defp render_error(conn, message) do
|
||||
conn
|
||||
|> put_status(:unprocessable_entity)
|
||||
|> json(%{error: message})
|
||||
|> halt()
|
||||
end
|
||||
|
||||
defp get_content_type(conn) do
|
||||
[content_type] = get_resp_header(conn, "content-type")
|
||||
|
||||
if String.contains?(content_type, ";") do
|
||||
content_type
|
||||
|> String.split(";")
|
||||
|> hd()
|
||||
else
|
||||
content_type
|
||||
end
|
||||
end
|
||||
end
|
|
@ -388,7 +388,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIController do
|
|||
|> Enum.reject(&is_nil(&1))
|
||||
|
||||
Pleroma.Config.TransferTask.load_and_update_env()
|
||||
Mix.Tasks.Pleroma.Config.run(["migrate_from_db", Pleroma.Config.get(:env)])
|
||||
Mix.Tasks.Pleroma.Config.run(["migrate_from_db", Pleroma.Config.get(:env), "false"])
|
||||
updated
|
||||
else
|
||||
[]
|
||||
|
|
|
@ -561,18 +561,13 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
|
|||
else
|
||||
params = Map.drop(params, ["scheduled_at"])
|
||||
|
||||
case get_cached_status_or_post(conn, params) do
|
||||
{:ignore, message} ->
|
||||
conn
|
||||
|> put_status(422)
|
||||
|> json(%{error: message})
|
||||
|
||||
case CommonAPI.post(user, params) do
|
||||
{:error, message} ->
|
||||
conn
|
||||
|> put_status(422)
|
||||
|> put_status(:unprocessable_entity)
|
||||
|> json(%{error: message})
|
||||
|
||||
{_, activity} ->
|
||||
{:ok, activity} ->
|
||||
conn
|
||||
|> put_view(StatusView)
|
||||
|> try_render("status.json", %{activity: activity, for: user, as: :activity})
|
||||
|
@ -580,21 +575,6 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIController do
|
|||
end
|
||||
end
|
||||
|
||||
defp get_cached_status_or_post(%{assigns: %{user: user}} = conn, params) do
|
||||
idempotency_key =
|
||||
case get_req_header(conn, "idempotency-key") do
|
||||
[key] -> key
|
||||
_ -> Ecto.UUID.generate()
|
||||
end
|
||||
|
||||
Cachex.fetch(:idempotency_cache, idempotency_key, fn _ ->
|
||||
case CommonAPI.post(user, params) do
|
||||
{:ok, activity} -> activity
|
||||
{:error, message} -> {:ignore, message}
|
||||
end
|
||||
end)
|
||||
end
|
||||
|
||||
def delete_status(%{assigns: %{user: user}} = conn, %{"id" => id}) do
|
||||
with {:ok, %Activity{}} <- CommonAPI.delete(id, user) do
|
||||
json(conn, %{})
|
||||
|
|
|
@ -27,6 +27,7 @@ defmodule Pleroma.Web.Router do
|
|||
plug(Pleroma.Plugs.UserEnabledPlug)
|
||||
plug(Pleroma.Plugs.SetUserSessionIdPlug)
|
||||
plug(Pleroma.Plugs.EnsureUserKeyPlug)
|
||||
plug(Pleroma.Plugs.IdempotencyPlug)
|
||||
end
|
||||
|
||||
pipeline :authenticated_api do
|
||||
|
@ -41,6 +42,7 @@ defmodule Pleroma.Web.Router do
|
|||
plug(Pleroma.Plugs.UserEnabledPlug)
|
||||
plug(Pleroma.Plugs.SetUserSessionIdPlug)
|
||||
plug(Pleroma.Plugs.EnsureAuthenticatedPlug)
|
||||
plug(Pleroma.Plugs.IdempotencyPlug)
|
||||
end
|
||||
|
||||
pipeline :admin_api do
|
||||
|
@ -57,6 +59,7 @@ defmodule Pleroma.Web.Router do
|
|||
plug(Pleroma.Plugs.SetUserSessionIdPlug)
|
||||
plug(Pleroma.Plugs.EnsureAuthenticatedPlug)
|
||||
plug(Pleroma.Plugs.UserIsAdminPlug)
|
||||
plug(Pleroma.Plugs.IdempotencyPlug)
|
||||
end
|
||||
|
||||
pipeline :mastodon_html do
|
||||
|
|
13
mix.exs
13
mix.exs
|
@ -4,7 +4,7 @@ defmodule Pleroma.Mixfile do
|
|||
def project do
|
||||
[
|
||||
app: :pleroma,
|
||||
version: version("0.9.0"),
|
||||
version: version("1.0.0"),
|
||||
elixir: "~> 1.7",
|
||||
elixirc_paths: elixirc_paths(Mix.env()),
|
||||
compilers: [:phoenix, :gettext] ++ Mix.compilers(),
|
||||
|
@ -37,7 +37,7 @@ defmodule Pleroma.Mixfile do
|
|||
pleroma: [
|
||||
include_executables_for: [:unix],
|
||||
applications: [ex_syslogger: :load, syslog: :load],
|
||||
steps: [:assemble, ©_files/1]
|
||||
steps: [:assemble, ©_files/1, ©_nginx_config/1]
|
||||
]
|
||||
]
|
||||
]
|
||||
|
@ -48,6 +48,15 @@ defmodule Pleroma.Mixfile do
|
|||
release
|
||||
end
|
||||
|
||||
def copy_nginx_config(%{path: target_path} = release) do
|
||||
File.cp!(
|
||||
"./installation/pleroma.nginx",
|
||||
Path.join([target_path, "installation", "pleroma.nginx"])
|
||||
)
|
||||
|
||||
release
|
||||
end
|
||||
|
||||
# Configuration for the OTP application.
|
||||
#
|
||||
# Type `mix help compile.app` for more information.
|
||||
|
|
|
@ -1 +1,5 @@
|
|||
<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,user-scalable=no"><title>Pleroma</title><!--server-generated-meta--><link rel=icon type=image/png href=/favicon.png><link rel=stylesheet href=/static/font/css/fontello.css><link rel=stylesheet href=/static/font/css/animation.css><link href=/static/css/vendors~app.b2603a50868c68a1c192.css rel=stylesheet><link href=/static/css/app.db80066bde2c96ea6198.css rel=stylesheet></head><body style="display: none"><div id=app></div><script type=text/javascript src=/static/js/vendors~app.cbdd21d99d833ebc5bc3.js></script><script type=text/javascript src=/static/js/app.bdfdd2587a912fd689b3.js></script></body></html>
|
||||
<<<<<<< HEAD
|
||||
<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,user-scalable=no"><title>Pleroma</title><!--server-generated-meta--><link rel=icon type=image/png href=/favicon.png><link rel=stylesheet href=/static/font/css/fontello.css><link rel=stylesheet href=/static/font/css/animation.css><link href=/static/css/vendors~app.b2603a50868c68a1c192.css rel=stylesheet><link href=/static/css/app.db80066bde2c96ea6198.css rel=stylesheet></head><body style="display: none"><div id=app></div><script type=text/javascript src=/static/js/vendors~app.cbdd21d99d833ebc5bc3.js></script><script type=text/javascript src=/static/js/app.bdfdd2587a912fd689b3.js></script></body></html>
|
||||
=======
|
||||
<!DOCTYPE html><html lang=en><head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1,user-scalable=no"><title>Pleroma</title><!--server-generated-meta--><link rel=icon type=image/png href=/favicon.png><link rel=stylesheet href=/static/font/css/fontello.css><link rel=stylesheet href=/static/font/css/animation.css><link href=/static/css/vendors~app.b2603a50868c68a1c192.css rel=stylesheet><link href=/static/css/app.db80066bde2c96ea6198.css rel=stylesheet></head><body style="display: none"><div id=app></div><script type=text/javascript src=/static/js/vendors~app.4b7be53256fba5c365c9.js></script><script type=text/javascript src=/static/js/app.670c36c0acc42fadb4fe.js></script></body></html>
|
||||
>>>>>>> 456668b490e9ee47cf773a8563a9f3a3765ce348
|
||||
|
|
2
priv/static/static/js/app.670c36c0acc42fadb4fe.js
Normal file
2
priv/static/static/js/app.670c36c0acc42fadb4fe.js
Normal file
File diff suppressed because one or more lines are too long
1
priv/static/static/js/app.670c36c0acc42fadb4fe.js.map
Normal file
1
priv/static/static/js/app.670c36c0acc42fadb4fe.js.map
Normal file
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
|
@ -1,4 +1,8 @@
|
|||
<<<<<<< HEAD
|
||||
var serviceWorkerOption = {"assets":["/static/img/nsfw.74818f9.png","/static/css/app.db80066bde2c96ea6198.css","/static/js/app.bdfdd2587a912fd689b3.js","/static/css/vendors~app.b2603a50868c68a1c192.css","/static/js/vendors~app.cbdd21d99d833ebc5bc3.js"]};
|
||||
=======
|
||||
var serviceWorkerOption = {"assets":["/static/img/nsfw.74818f9.png","/static/css/app.db80066bde2c96ea6198.css","/static/js/app.670c36c0acc42fadb4fe.js","/static/css/vendors~app.b2603a50868c68a1c192.css","/static/js/vendors~app.4b7be53256fba5c365c9.js"]};
|
||||
>>>>>>> 456668b490e9ee47cf773a8563a9f3a3765ce348
|
||||
|
||||
!function(e){var n={};function t(r){if(n[r])return n[r].exports;var o=n[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,t),o.l=!0,o.exports}t.m=e,t.c=n,t.d=function(e,n,r){t.o(e,n)||Object.defineProperty(e,n,{enumerable:!0,get:r})},t.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},t.t=function(e,n){if(1&n&&(e=t(e)),8&n)return e;if(4&n&&"object"==typeof e&&e&&e.__esModule)return e;var r=Object.create(null);if(t.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:e}),2&n&&"string"!=typeof e)for(var o in e)t.d(r,o,function(n){return e[n]}.bind(null,o));return r},t.n=function(e){var n=e&&e.__esModule?function(){return e.default}:function(){return e};return t.d(n,"a",n),n},t.o=function(e,n){return Object.prototype.hasOwnProperty.call(e,n)},t.p="/",t(t.s=0)}([function(e,n,t){"use strict";var r,o=t(1),i=(r=o)&&r.__esModule?r:{default:r};function a(){return clients.matchAll({includeUncontrolled:!0}).then(function(e){return e.filter(function(e){return"window"===e.type})})}self.addEventListener("push",function(e){e.data&&e.waitUntil(i.default.getItem("vuex-lz").then(function(e){return e.config.webPushNotifications}).then(function(n){return n&&a().then(function(n){var t=e.data.json();if(0===n.length)return self.registration.showNotification(t.title,t)})}))}),self.addEventListener("notificationclick",function(e){e.notification.close(),e.waitUntil(a().then(function(e){for(var n=0;n<e.length;n++){var t=e[n];if("/"===t.url&&"focus"in t)return t.focus()}if(clients.openWindow)return clients.openWindow("/")}))})},function(e,n){
|
||||
/*!
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
# XXX: This should be removed when elixir's releases get custom command support
|
||||
|
||||
detect_flavour() {
|
||||
arch="$(arch)"
|
||||
arch="$(uname -m)"
|
||||
if [ "$arch" = "x86_64" ]; then
|
||||
arch="amd64"
|
||||
elif [ "$arch" = "armv7l" ]; then
|
||||
|
|
21
rel/files/installation/init.d/pleroma
Executable file
21
rel/files/installation/init.d/pleroma
Executable file
|
@ -0,0 +1,21 @@
|
|||
#!/sbin/openrc-run
|
||||
|
||||
supervisor=supervise-daemon
|
||||
|
||||
# Requires OpenRC >= 0.35
|
||||
directory=/opt/pleroma
|
||||
|
||||
command=/opt/pleroma/bin/pleroma
|
||||
command_args="start"
|
||||
command_user=pleroma
|
||||
command_background=1
|
||||
|
||||
# Ask process to terminate within 30 seconds, otherwise kill it
|
||||
retry="SIGTERM/30/SIGKILL/5"
|
||||
|
||||
pidfile="/var/run/pleroma.pid"
|
||||
|
||||
depend() {
|
||||
want nginx
|
||||
need postgresql
|
||||
}
|
36
rel/files/installation/pleroma.service
Normal file
36
rel/files/installation/pleroma.service
Normal file
|
@ -0,0 +1,36 @@
|
|||
[Unit]
|
||||
Description=Pleroma social network
|
||||
After=network.target postgresql.service nginx.service
|
||||
|
||||
[Service]
|
||||
KillMode=process
|
||||
Restart=on-failure
|
||||
|
||||
; Name of the user that runs the Pleroma service.
|
||||
User=pleroma
|
||||
|
||||
; Make sure that all paths fit your installation.
|
||||
; Path to the home directory of the user running the Pleroma service.
|
||||
Environment="HOME=/opt/pleroma"
|
||||
; Path to the folder containing the Pleroma installation.
|
||||
WorkingDirectory=/opt/pleroma
|
||||
; Path to the Pleroma binary.
|
||||
ExecStart=/opt/pleroma/bin/pleroma start
|
||||
ExecStop=/opt/pleroma/bin/pleroma stop
|
||||
|
||||
; Some security directives.
|
||||
; Use private /tmp and /var/tmp folders inside a new file system namespace, which are discarded after the process stops.
|
||||
PrivateTmp=true
|
||||
; The /home, /root, and /run/user folders can not be accessed by this service anymore. If your Pleroma user has its home folder in one of the restricted places, or use one of these folders as its working directory, you have to set this to false.
|
||||
ProtectHome=true
|
||||
; Mount /usr, /boot, and /etc as read-only for processes invoked by this service.
|
||||
ProtectSystem=full
|
||||
; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi.
|
||||
PrivateDevices=false
|
||||
; Ensures that the service process and all its children can never gain new privileges through execve().
|
||||
NoNewPrivileges=true
|
||||
; Drops the sysadmin capability from the daemon.
|
||||
CapabilityBoundingSet=~CAP_SYS_ADMIN
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
110
test/plugs/idempotency_plug_test.exs
Normal file
110
test/plugs/idempotency_plug_test.exs
Normal file
|
@ -0,0 +1,110 @@
|
|||
# Pleroma: A lightweight social networking server
|
||||
# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
|
||||
# SPDX-License-Identifier: AGPL-3.0-only
|
||||
|
||||
defmodule Pleroma.Plugs.IdempotencyPlugTest do
|
||||
use ExUnit.Case, async: true
|
||||
use Plug.Test
|
||||
|
||||
alias Pleroma.Plugs.IdempotencyPlug
|
||||
alias Plug.Conn
|
||||
|
||||
test "returns result from cache" do
|
||||
key = "test1"
|
||||
orig_request_id = "test1"
|
||||
second_request_id = "test2"
|
||||
body = "testing"
|
||||
status = 200
|
||||
|
||||
:post
|
||||
|> conn("/cofe")
|
||||
|> put_req_header("idempotency-key", key)
|
||||
|> Conn.put_resp_header("x-request-id", orig_request_id)
|
||||
|> Conn.put_resp_content_type("application/json")
|
||||
|> IdempotencyPlug.call([])
|
||||
|> Conn.send_resp(status, body)
|
||||
|
||||
conn =
|
||||
:post
|
||||
|> conn("/cofe")
|
||||
|> put_req_header("idempotency-key", key)
|
||||
|> Conn.put_resp_header("x-request-id", second_request_id)
|
||||
|> Conn.put_resp_content_type("application/json")
|
||||
|> IdempotencyPlug.call([])
|
||||
|
||||
assert_raise Conn.AlreadySentError, fn ->
|
||||
Conn.send_resp(conn, :im_a_teapot, "no cofe")
|
||||
end
|
||||
|
||||
assert conn.resp_body == body
|
||||
assert conn.status == status
|
||||
|
||||
assert [^second_request_id] = Conn.get_resp_header(conn, "x-request-id")
|
||||
assert [^orig_request_id] = Conn.get_resp_header(conn, "x-original-request-id")
|
||||
assert [^key] = Conn.get_resp_header(conn, "idempotency-key")
|
||||
assert ["true"] = Conn.get_resp_header(conn, "idempotent-replayed")
|
||||
assert ["application/json; charset=utf-8"] = Conn.get_resp_header(conn, "content-type")
|
||||
end
|
||||
|
||||
test "pass conn downstream if the cache not found" do
|
||||
key = "test2"
|
||||
orig_request_id = "test3"
|
||||
body = "testing"
|
||||
status = 200
|
||||
|
||||
conn =
|
||||
:post
|
||||
|> conn("/cofe")
|
||||
|> put_req_header("idempotency-key", key)
|
||||
|> Conn.put_resp_header("x-request-id", orig_request_id)
|
||||
|> Conn.put_resp_content_type("application/json")
|
||||
|> IdempotencyPlug.call([])
|
||||
|> Conn.send_resp(status, body)
|
||||
|
||||
assert conn.resp_body == body
|
||||
assert conn.status == status
|
||||
|
||||
assert [] = Conn.get_resp_header(conn, "idempotent-replayed")
|
||||
assert [^key] = Conn.get_resp_header(conn, "idempotency-key")
|
||||
end
|
||||
|
||||
test "passes conn downstream if idempotency is not present in headers" do
|
||||
orig_request_id = "test4"
|
||||
body = "testing"
|
||||
status = 200
|
||||
|
||||
conn =
|
||||
:post
|
||||
|> conn("/cofe")
|
||||
|> Conn.put_resp_header("x-request-id", orig_request_id)
|
||||
|> Conn.put_resp_content_type("application/json")
|
||||
|> IdempotencyPlug.call([])
|
||||
|> Conn.send_resp(status, body)
|
||||
|
||||
assert [] = Conn.get_resp_header(conn, "idempotency-key")
|
||||
end
|
||||
|
||||
test "doesn't work with GET/DELETE" do
|
||||
key = "test3"
|
||||
body = "testing"
|
||||
status = 200
|
||||
|
||||
conn =
|
||||
:get
|
||||
|> conn("/cofe")
|
||||
|> put_req_header("idempotency-key", key)
|
||||
|> IdempotencyPlug.call([])
|
||||
|> Conn.send_resp(status, body)
|
||||
|
||||
assert [] = Conn.get_resp_header(conn, "idempotency-key")
|
||||
|
||||
conn =
|
||||
:delete
|
||||
|> conn("/cofe")
|
||||
|> put_req_header("idempotency-key", key)
|
||||
|> IdempotencyPlug.call([])
|
||||
|> Conn.send_resp(status, body)
|
||||
|
||||
assert [] = Conn.get_resp_header(conn, "idempotency-key")
|
||||
end
|
||||
end
|
|
@ -51,7 +51,7 @@ defmodule Mix.Tasks.Pleroma.ConfigTest do
|
|||
value: [key: "valu2", key2: [Pleroma.Repo]]
|
||||
})
|
||||
|
||||
Mix.Tasks.Pleroma.Config.run(["migrate_from_db", "temp"])
|
||||
Mix.Tasks.Pleroma.Config.run(["migrate_from_db", "temp", "true"])
|
||||
|
||||
assert Repo.all(Config) == []
|
||||
assert File.exists?(temp_file)
|
||||
|
|
Loading…
Reference in a new issue