From 8071f44f41026affab14b6319e841cfaa7516472 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?R=C3=A2u=20Cao?= Date: Sun, 5 Nov 2023 00:57:43 +0100 Subject: [PATCH] Upgrade Mastodon to 4.2.1 --- .../kosmos-mastodon/attributes/default.rb | 2 +- .../kosmos-mastodon/recipes/default.rb | 25 +++--- .../mastodon-sidekiq.systemd.service.erb | 3 +- .../mastodon-streaming.systemd.service.erb | 3 +- .../templates/default/nginx_conf_shared.erb | 86 ++++++++++++++----- 5 files changed, 83 insertions(+), 36 deletions(-) diff --git a/site-cookbooks/kosmos-mastodon/attributes/default.rb b/site-cookbooks/kosmos-mastodon/attributes/default.rb index 187d3e3..bd6028b 100644 --- a/site-cookbooks/kosmos-mastodon/attributes/default.rb +++ b/site-cookbooks/kosmos-mastodon/attributes/default.rb @@ -1,5 +1,5 @@ node.default["kosmos-mastodon"]["repo"] = "https://gitea.kosmos.org/kosmos/mastodon.git" -node.default["kosmos-mastodon"]["revision"] = "kosmos-production" +node.default["kosmos-mastodon"]["revision"] = "production" node.default["kosmos-mastodon"]["directory"] = "/opt/mastodon" node.default["kosmos-mastodon"]["bind_ip"] = "127.0.0.1" node.default["kosmos-mastodon"]["app_port"] = 3000 diff --git a/site-cookbooks/kosmos-mastodon/recipes/default.rb b/site-cookbooks/kosmos-mastodon/recipes/default.rb index 7ec2aca..9c8ab3b 100644 --- a/site-cookbooks/kosmos-mastodon/recipes/default.rb +++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb @@ -3,6 +3,8 @@ # Recipe:: default # +node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_16.x" + include_recipe "kosmos-nodejs" include_recipe "java" include_recipe 'redisio::default' @@ -73,13 +75,12 @@ npm_package "yarn" do version "1.22.4" end -ruby_version = "3.0.4" -# ruby_version = "3.2.2" +ruby_version = "3.0.6" ruby_path = "/opt/ruby_build/builds/#{ruby_version}" bundle_path = "#{ruby_path}/bin/bundle" -ruby_build_install 'v20230615' +ruby_build_install 'v20231025' ruby_build_definition ruby_version do prefix_path ruby_path end @@ -210,15 +211,7 @@ execute "yarn install" do environment deploy_env user mastodon_user cwd mastodon_path - command "yarn install --pure-lockfile" -end - -execute "rake db:migrate" do - environment deploy_env - user mastodon_user - group mastodon_user - cwd mastodon_path - command "bundle exec rake db:migrate" + command "yarn install --frozen-lockfile" end execute "rake assets:precompile" do @@ -229,6 +222,14 @@ execute "rake assets:precompile" do command "bundle exec rake assets:precompile" end +execute "rake db:migrate" do + environment deploy_env + user mastodon_user + group mastodon_user + cwd mastodon_path + command "bundle exec rake db:migrate" +end + service "mastodon-web" do action [:enable, :start] end diff --git a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb index 73d758e..459dbea 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb @@ -8,7 +8,8 @@ Type=simple User=<%= @user %> WorkingDirectory=<%= @app_dir %> Environment="RAILS_ENV=production" -Environment="DB_POOL=50" +Environment="DB_POOL=<%= @sidekiq_threads %>" +Environment="MALLOC_ARENA_MAX=2" Environment="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2" ExecStart=<%= @bundle_path %> exec sidekiq -c <%= @sidekiq_threads %> -q default -q mailers -q pull -q push -q ingress TimeoutSec=15 diff --git a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-streaming.systemd.service.erb b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-streaming.systemd.service.erb index 9c62a28..fdcb323 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-streaming.systemd.service.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-streaming.systemd.service.erb @@ -8,9 +8,10 @@ WorkingDirectory=<%= @app_dir %> Environment="NODE_ENV=production" Environment="BIND=<%= @bind %>" Environment="PORT=<%= @port %>" -ExecStart=/usr/bin/npm run start +ExecStart=/usr/bin/node ./streaming TimeoutSec=15 Restart=always +LimitNOFILE=65536 [Install] WantedBy=multi-user.target diff --git a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_shared.erb b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_shared.erb index 3083dd4..f996619 100644 --- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_shared.erb +++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_shared.erb @@ -15,7 +15,7 @@ gzip_proxied any; gzip_comp_level 6; gzip_buffers 16 8k; gzip_http_version 1.1; -gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; +gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon; location / { # If the maintenance file is present, show maintenance page @@ -25,34 +25,60 @@ location / { try_files $uri @proxy; } -location /sw.js { - add_header Cache-Control "max-age=0, no-cache, no-store, must-revalidate"; - add_header Pragma "no-cache"; +location = /sw.js { + add_header Cache-Control "public, max-age=604800, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; try_files $uri @proxy; } -location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) { - add_header Cache-Control "public, max-age=31536000, immutable"; - proxy_cache mastodon_cache; +location ~ ^/assets/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; try_files $uri @proxy; } -location @proxy { - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header Proxy ""; - proxy_pass_header Server; +location ~ ^/avatars/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri @proxy; +} - proxy_pass http://mastodon_app; - proxy_buffering off; - proxy_redirect off; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; +location ~ ^/emoji/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri @proxy; +} - tcp_nodelay on; +location ~ ^/headers/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri @proxy; +} + +location ~ ^/packs/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri @proxy; +} + +location ~ ^/shortcuts/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri @proxy; +} + +location ~ ^/sounds/ { + add_header Cache-Control "public, max-age=2419200, must-revalidate"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + try_files $uri @proxy; +} + +location ~ ^/system/ { + add_header Cache-Control "public, max-age=2419200, immutable"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; + add_header X-Content-Type-Options nosniff; + add_header Content-Security-Policy "default-src 'none'; form-action 'none'"; + try_files $uri @proxy; } location /api/v1/streaming { @@ -72,6 +98,24 @@ location /api/v1/streaming { tcp_nodelay on; } +location @proxy { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + proxy_set_header Proxy ""; + proxy_pass_header Server; + + proxy_pass http://mastodon_app; + proxy_buffering on; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + tcp_nodelay on; +} + error_page 500 501 502 504 /500.html; error_page 503 /maintenance.html;