Merge pull request 'Upgrade Mastodon to 4.2.1' (#524) from chore/upgrade_mastodon into master

Reviewed-on: #524
2023-11-05 00:00:51 +00:00 · 2023-11-05 00:00:51 +00:00 · adafb132ee
commit adafb132ee
parent 05d04fe76c 8071f44f41
5 changed files with 83 additions and 36 deletions
--- a/site-cookbooks/kosmos-mastodon/attributes/default.rb
+++ b/site-cookbooks/kosmos-mastodon/attributes/default.rb
@ -1,5 +1,5 @@
 node.default["kosmos-mastodon"]["repo"]              = "https://gitea.kosmos.org/kosmos/mastodon.git"
-node.default["kosmos-mastodon"]["revision"]          = "kosmos-production"
+node.default["kosmos-mastodon"]["revision"]          = "production"
 node.default["kosmos-mastodon"]["directory"]         = "/opt/mastodon"
 node.default["kosmos-mastodon"]["bind_ip"]           = "127.0.0.1"
 node.default["kosmos-mastodon"]["app_port"]          = 3000
--- a/site-cookbooks/kosmos-mastodon/recipes/default.rb
+++ b/site-cookbooks/kosmos-mastodon/recipes/default.rb
@ -3,6 +3,8 @@
 # Recipe:: default
 #

+node.override["nodejs"]["repo"] = "https://deb.nodesource.com/node_16.x"
+
 include_recipe "kosmos-nodejs"
 include_recipe "java"
 include_recipe 'redisio::default'
@ -73,13 +75,12 @@ npm_package "yarn" do
  version "1.22.4"
 end

-ruby_version = "3.0.4"
-# ruby_version = "3.2.2"
+ruby_version = "3.0.6"

 ruby_path = "/opt/ruby_build/builds/#{ruby_version}"
 bundle_path = "#{ruby_path}/bin/bundle"

-ruby_build_install 'v20230615'
+ruby_build_install 'v20231025'
 ruby_build_definition ruby_version do
  prefix_path ruby_path
 end
@ -210,15 +211,7 @@ execute "yarn install" do
  environment deploy_env
  user mastodon_user
  cwd mastodon_path
-  command "yarn install --pure-lockfile"
-end
-
-execute "rake db:migrate" do
-  environment deploy_env
-  user mastodon_user
-  group mastodon_user
-  cwd mastodon_path
-  command "bundle exec rake db:migrate"
+  command "yarn install --frozen-lockfile"
 end

 execute "rake assets:precompile" do
@ -229,6 +222,14 @@ execute "rake assets:precompile" do
  command "bundle exec rake assets:precompile"
 end

+execute "rake db:migrate" do
+  environment deploy_env
+  user mastodon_user
+  group mastodon_user
+  cwd mastodon_path
+  command "bundle exec rake db:migrate"
+end
+
 service "mastodon-web" do
  action [:enable, :start]
 end
--- a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb
+++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-sidekiq.systemd.service.erb
@ -8,7 +8,8 @@ Type=simple
 User=<%= @user %>
 WorkingDirectory=<%= @app_dir %>
 Environment="RAILS_ENV=production"
-Environment="DB_POOL=50"
+Environment="DB_POOL=<%= @sidekiq_threads %>"
+Environment="MALLOC_ARENA_MAX=2"
 Environment="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so.2"
 ExecStart=<%= @bundle_path %> exec sidekiq -c <%= @sidekiq_threads %> -q default -q mailers -q pull -q push -q ingress
 TimeoutSec=15
--- a/site-cookbooks/kosmos-mastodon/templates/default/mastodon-streaming.systemd.service.erb
+++ b/site-cookbooks/kosmos-mastodon/templates/default/mastodon-streaming.systemd.service.erb
@ -8,9 +8,10 @@ WorkingDirectory=<%= @app_dir %>
 Environment="NODE_ENV=production"
 Environment="BIND=<%= @bind %>"
 Environment="PORT=<%= @port %>"
-ExecStart=/usr/bin/npm run start
+ExecStart=/usr/bin/node ./streaming
 TimeoutSec=15
 Restart=always
+LimitNOFILE=65536

 [Install]
 WantedBy=multi-user.target
--- a/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_shared.erb
+++ b/site-cookbooks/kosmos-mastodon/templates/default/nginx_conf_shared.erb
@ -15,7 +15,7 @@ gzip_proxied any;
 gzip_comp_level 6;
 gzip_buffers 16 8k;
 gzip_http_version 1.1;
-gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;

 location / {
 # If the maintenance file is present, show maintenance page
@ -25,34 +25,60 @@ location / {
  try_files $uri @proxy;
 }

-location /sw.js {
-  add_header Cache-Control "max-age=0, no-cache, no-store, must-revalidate";
-  add_header Pragma "no-cache";
+location = /sw.js {
+  add_header Cache-Control "public, max-age=604800, must-revalidate";
+  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
  try_files $uri @proxy;
 }

-location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
-  add_header Cache-Control "public, max-age=31536000, immutable";
-  proxy_cache mastodon_cache;
+location ~ ^/assets/ {
+  add_header Cache-Control "public, max-age=2419200, must-revalidate";
+  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
  try_files $uri @proxy;
 }

-location @proxy {
-  proxy_set_header Host $host;
-  proxy_set_header X-Real-IP $remote_addr;
-  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-  proxy_set_header X-Forwarded-Proto https;
-  proxy_set_header Proxy "";
-  proxy_pass_header Server;
+location ~ ^/avatars/ {
+  add_header Cache-Control "public, max-age=2419200, must-revalidate";
+  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+  try_files $uri @proxy;
+}

-  proxy_pass http://mastodon_app;
-  proxy_buffering off;
-  proxy_redirect off;
-  proxy_http_version 1.1;
-  proxy_set_header Upgrade $http_upgrade;
-  proxy_set_header Connection $connection_upgrade;
+location ~ ^/emoji/ {
+  add_header Cache-Control "public, max-age=2419200, must-revalidate";
+  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+  try_files $uri @proxy;
+}

-  tcp_nodelay on;
+location ~ ^/headers/ {
+  add_header Cache-Control "public, max-age=2419200, must-revalidate";
+  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+  try_files $uri @proxy;
+}
+
+location ~ ^/packs/ {
+  add_header Cache-Control "public, max-age=2419200, must-revalidate";
+  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+  try_files $uri @proxy;
+}
+
+location ~ ^/shortcuts/ {
+  add_header Cache-Control "public, max-age=2419200, must-revalidate";
+  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+  try_files $uri @proxy;
+}
+
+location ~ ^/sounds/ {
+  add_header Cache-Control "public, max-age=2419200, must-revalidate";
+  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+  try_files $uri @proxy;
+}
+
+location ~ ^/system/ {
+  add_header Cache-Control "public, max-age=2419200, immutable";
+  add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
+  add_header X-Content-Type-Options nosniff;
+  add_header Content-Security-Policy "default-src 'none'; form-action 'none'";
+  try_files $uri @proxy;
 }

 location /api/v1/streaming {
@ -72,6 +98,24 @@ location /api/v1/streaming {
  tcp_nodelay on;
 }

+location @proxy {
+  proxy_set_header Host $host;
+  proxy_set_header X-Real-IP $remote_addr;
+  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+  proxy_set_header X-Forwarded-Proto https;
+  proxy_set_header Proxy "";
+  proxy_pass_header Server;
+
+  proxy_pass http://mastodon_app;
+  proxy_buffering on;
+  proxy_redirect off;
+  proxy_http_version 1.1;
+  proxy_set_header Upgrade $http_upgrade;
+  proxy_set_header Connection $connection_upgrade;
+
+  tcp_nodelay on;
+}
+
 error_page 500 501 502 504 /500.html;
 error_page 503 /maintenance.html;