Commit Graph

55 Commits

Author SHA1 Message Date
Daenney a312238e79
[feature] Provide .well-known/host-meta endpoint (#1604)
* [feature] Provide .well-known/host-meta endpoint

This adds the host-meta endpoint as Mastodon clients use this to
discover the API domain to use when the host and account domains aren't
the same.

* Address review comments
2023-03-09 17:55:45 +00:00
Daenney d2f6de0185
[feature] Allow loading TLS certs from disk (#1586)
Currently, GtS only supports using the built-in LE client directly for
TLS. However, admins may still want to use GtS directly (so without a
reverse proxy) but with certificates provided through some other
mechanism. They may have some centralised way of provisioning these
things themselves, or simply prefer to use LE but with a different
challenge like DNS-01 which is not supported by autocert.

This adds support for loading a public/private keypair from disk instead
of using LE and reconfigures the server to use a TLS listener if we
succeed in doing so.

Additionally, being able to load TLS keypair from disk opens up the path
to using a custom CA for testing purposes avoinding the need for a
constellation of containers and something like Pebble or Step CA to
provide LE APIs.
2023-03-04 17:24:02 +00:00
Daenney fd62847c83
[docs] Fix nginx fileserver caching example (#1506)
* [bug] Fix nginx fileserver caching example

This updates the example to ensure the nginx proxies the request on to
GTS if the file is not found on disk. This can happen due to media
pruning.

* [chore] Set cache-control in nginx to private

This makes the header match with the backend. For things from the
fileserver it may not be appropriate for anything other than a private
cache (i.e the client) to cache things.
2023-02-15 11:44:30 +01:00
tobi 27e95fd123
[chore/bugfix] Serve + throttle publickey separately from rest of ActivityPub API (#1461)
* serve publickey separately from AP, don't throttle it

* update nginx cache documentation, cache main-key too

* throttle public key, but separately from other endpoints
2023-02-08 15:10:56 +01:00
ketan-vijayvargiya dc766f9e6f
[docs] Add an example on how to setup redirect with Traefik (#1395) 2023-01-30 10:47:03 +01:00
Mina Galić 43cbe3b45c
[docs] Simplify Apache httpd proxy documentation (#1396)
since 2.4.47 (released April 22nd 2021), Apache httpd can ProxyPass to
websockets on the same URL, without mod_rewrite (and, without
mod_proxy_wstunnel).
2023-01-30 10:45:01 +01:00
Alex Schroeder 9ecb1c8aa5
[docs] Add troubleshooting section for Apache (#1291) 2023-01-03 11:13:52 +01:00
EchedeyLR bae73982f7
[docs] Update Apache docs to use 127.0.0.1 instead of localhost (#1266)
* Update Apache docs to use 127.0.0.1 instead

* Update apache-httpd.md
2022-12-15 07:47:48 +01:00
tobi 418bfbf494
[docs] Update nginx docs to use 127.0.0.1 instead of localhost (#1264)
Lots of these were appearing:

```
*459 connect() failed (111: Connection refused) while connecting to upstream
```

This change resolves it, see https://stackoverflow.com/a/52550758
2022-12-14 16:07:03 +01:00
Daniele Sluijters ce615b5d59
[docs] Serve static assets with nginx (#1251)
* [docs] Serve static assets with nginx

This explains how to use nginx to serve static assets and offload GTS
from that responsibility. It also shows how to have nginx add caching
headers to indicate to clients how long they may cache an asset.

* [docs] Move additional nginx config to advanced

This moves a bunch of additional nginx configuration into the Advanced
page instead. It declutters the nginx configuration page.
2022-12-11 14:18:39 +01:00
Daniele Sluijters d2a09c1e0b
[docs] Caching webfinger with nginx (#1242)
This explains how nginx can be used to cache webfinger responses and
potentially serve stale responses in case GTS is down. This can be
useful to do in order to ensure webfinger keeps working even if you're
doing some maintenance.
2022-12-11 11:51:07 +01:00
Andrea 923d333823
[docs] encourage using loopback bind address (#1166) 2022-12-07 21:50:37 +01:00
f0x52 f9e5ec99bd
[docs] Remove filesystem logging directives from example systemd unit config (#1206)
* remove filesystem logging directives from example systemd unit config

* [docs] Update docs to reflect new systemd config

Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com>
2022-12-05 11:10:13 +01:00
kernelmethod 1652633d93
[docs] Add AppArmor profile for Debian and Ubuntu installations (#1183)
* Enable the 'admonitions' Markdown extension for Mkdocs.

The admonitions extension to Python-Markdown allows you to include
rST-style "admonitions" to Markdown documents, for instance,

    !!! note
        Here's an important note to keep in mind!

In general, the current documentation uses bold text to try to achieve
the same effect, which is a bit harder to notice and makes it difficult
to differentiate between "here's something useful to know" versus "here
there be dragons".

* Add AppArmor profile and documentation for LSM-related sandboxing

This commit adds an AppArmor profile for gotosocial in
examples/apparmor/gotosocial. This will (hopefully) serve as a helpful
security mitigation for people are planning on deploying GTS on a
Debian-family Linux distribution.

I've also updates the documentation to include some information about
deploying GTS with either AppArmor or SELinux (moving the documentation
for the former out of the "binary installation guide" docs).
2022-11-30 23:09:26 +01:00
Phil Hagelberg 8b0c92ec41
[docs] Explain that before 0.6.0, account confirm was necessary. (#1149)
Since the documentation site only shows the latest version of the
docs, we need the docs to explain how to use the latest stable
release, not just the latest git version.
2022-11-25 18:56:01 +01:00
Phil Hagelberg 9e18c7f996
[bugfix] Change emailVerified to true for admin account create (#1140)
The NewSignup method was already being called with
requireApproval=false, but it had emailVerified=false as well, which
meant that it was required to use the `admin account confirm` command
to verify the email before the newly-created user could log in.

I think that was probably an oversight; effectively it did require
approval anyway. Changing emailVerified to true allows you to just
create the account and log in immediately, reducing the opportunity
for manual error to sneak in.

Also updated the docs to remove the mention of needing to confirm new
accounts. However, I've left the confirmation command alone because I
think once we have web signups, it will be needed in that context.
2022-11-25 16:44:27 +01:00
dx 8942a70856
[docs] Clarify that reverse proxy setups need trusted-proxies (#1127)
* [docs] Clarify that reverse proxy setups need trusted-proxies

* Remove the jq usage
2022-11-23 16:10:56 +01:00
tobi 90bbcf1bcf
[docs] Document http/s/socks5 proxy use (#1118) 2022-11-22 17:51:51 +01:00
Leonora Tindall 2216f253c1
[docs] Move and document logs (#1076)
Rather than a single access log and no error logging, put the logs in
/var/log/gotosocial/, and document creating and owning that directory
2022-11-19 10:06:37 +01:00
Leonora Tindall c964856927
[docs] Remove trailing / from proxy_pass for nginx (#1077)
The trailing / can break relative URLs.
2022-11-19 10:05:31 +01:00
Jelle van der Waa 91c3489d5f
[docs] Add AUR Reference (#1054)
The AUR is the Arch unofficial repository, where users can upload PKGBUILD's for Arch Linux users to build a package.
2022-11-17 15:05:51 +01:00
tobi c56998ff05
[docs] add account domain documentation (#1065)
* [docs] add account domain documentation

* add note about parent/subdomain
2022-11-17 15:04:35 +01:00
tobi 1852175906
[docs] Update docker.md with docker tag / version stuff (#1067) 2022-11-17 13:40:05 +01:00
EchedeyLR 847a466417
[docs] Replace old references to the previous streaming with websockets (#1015) 2022-11-10 14:41:46 +01:00
Lukáš Zapletal b08fd129e2
[docs] add link to SELinux policy (#993) 2022-11-08 10:36:44 +01:00
K 0d51d5c13b
[docs] refer to the latest release version (#992) 2022-11-07 14:26:41 +01:00
EchedeyLR ba46e622f1
[docs] Update apache-httpd.md (#937) 2022-11-01 10:36:10 +01:00
EchedeyLR 47de702506
[docs] Change Apache SSL setup to automatic and manual mode (#936)
* Update apache-httpd.md

* Update apache-httpd.md

* Update apache-httpd.md
2022-10-31 14:14:02 +01:00
tobi ea90d12169
[docs] Add Apache HTTP Server without LetsEncrypt (#935) 2022-10-31 13:51:09 +01:00
tobi 972bd17aaa
[docs] Update Apache2 HTTP Server docs for websockets (#934) 2022-10-31 13:21:12 +01:00
mscherer b4a83e4b51
FIx typo (#918) 2022-10-25 08:25:42 +01:00
tobi 7b72ba4ab2
[docs] Add client_max_body_size 40M; to nginx docs (#727) 2022-07-22 13:36:42 +02:00
Forever a6528fe576
[bugfix] Various fixes (#699)
* [bugfix] Correctly style inputs and buttons

<input>, <textarea>, and <button> were incorrectly using the system-ui font previously; this commit fixes that. text-align: center; was added to <button> due to an inconsistency with .button where text-align would be off.

* [chore] Update binary installation instructions

This commit updates the example release mentioned in the docs, and mentions Caddy in the reverse proxy options.

* [bugfix] Remove redundant Caddyfile

Caddy automatically upgrades HTTP to HTTPS (see https://caddyserver.com/docs/automatic-https) so the upgrading part of the Caddyfile is redundant.
2022-07-08 09:01:00 +01:00
Martijn de Boer d6abe105b3
[docs] Add Caddy instructions to the documentation (#594)
* Add instructions for working with Caddy 2

Add instructions for working with Caddy 2. Some texts are duplicated from the NGINX part (mainly the configuration part, about systemctl).

* Add new Caddy docs to mkdocs.yml

Adds the new Caddy document to the document tree

* Remove up and downstream headers from configuration

Removed the header statements for the proxy, as proxying those are transparant. Kept the flush_interval directive, disabling the response buffer completely so we can write without delays.

* Update caddy.md

Corrects the opening link

* Apply comments mentioned in PR

@igalic mentioned a few comments to improve these docs. I've processed those in this PR.
2022-05-23 11:45:55 +02:00
tobi 8124dcf081
[Documentation] tidy docker-compose docs, add note about uid/gid (#551) 2022-05-09 11:15:46 +02:00
tobi f040ad899d
[documentation] put single-quotes around passwords in install docs (#534) 2022-05-03 12:06:08 +02:00
tobi 4851ffe11b
[documentation] Recommend users take latest *stable* release in installation guides (#512)
* add note about release version number

* recommend users take latest stable release
2022-04-29 21:11:10 +02:00
Nivex c36fbab86f
[documentaton] Fix port number in Reverse proxy section (#506) 2022-04-29 10:58:39 +02:00
tobi 4bace80fab
[documentation] NGINX docs updates (#471)
* start adjusting nginx documentation

* update NGINX docs

* add link to the websocket docs
2022-04-24 11:04:26 +02:00
tobi 61e60133ef
[documentation] Add WebSocket protocol documentation (#470) 2022-04-22 13:35:19 +02:00
tobi 0e2f31f4e3
[Documentation] Simplify docker-compose documentation + example (#468)
* simplify docker-compose docs + example

* Change note about reverse proxy, add traefik

* Linting
2022-04-19 12:45:54 +02:00
Mina Galić 721061b046
[docs] unify nginx explainers and add apache httpd (#455)
* docs: unify nginx explainers and add apache httpd

there are two places where nginx + certbot is explained, unify that into
one place.
Add apache httpd, following the same steps, but using mod_md for
LetsEncrypt
add a note about #453 in both guides.
Link to both, and call the section reverse proxy, instead of NGINX

* restore full nginx.conf from docker.md

* add installation_guide/apache-httpd.md to mkdocs
2022-04-18 17:45:43 +02:00
tobi 906981a718
[documentation] Add third-party packaging to documentation (#443) 2022-03-29 15:36:04 +02:00
0hlov3 100f1280a6
[documentation] Creates Docker documentation and docker-compose.yaml (#416)
* exludes docker-volume from exemple/docker-compose

* Adds an docker-compose.yaml example and adds some readme to the
docker.md

* Changes Docker-Compose Example

* Configures docker-compose.yaml and docker.md

* Adds some cosmetics to the Documentation

* Adds UserID:GroupID

* Describes how to create a new user
2022-03-01 14:17:36 +01:00
Phil Hagelberg 98341a1d4d
[docs] Fix documentation to show --config-path in the right position. (#375)
The current position gets rejected as an unknown argument.
2022-02-03 12:30:06 +01:00
Paul Woolcock aa34ff1bd9
Fix start command invocation (#372)
When I tried to start the server using the command `./gotosocial server start --config-file ./config.yaml`, I got the following error:

```
root@gotosocial-experiment:/gotosocial# ./gotosocial server start --config-file ./config.yaml
Incorrect Usage: flag provided but not defined: -config-file

NAME:
   gotosocial server start - start the gotosocial server

USAGE:
   gotosocial server start [command options] [arguments...]

OPTIONS:
   --help, -h  show help (default: false)

FATA[0000] flag provided but not defined: -config-file
```

Putting the flag after the `./gotosocial` but before the `server start` seems to work properly
2022-02-01 16:54:26 +01:00
tobi e13718148d
[feature] Make Let's Encrypt integration an opt-in feature (#368) 2022-01-30 14:57:33 +01:00
tobi ec4357485e
[documentation] add ipv6 config for nginx (#367) 2022-01-30 14:35:23 +01:00
zoe-bat 14c472c1ab
[documentation] Add section for systemd service and nginx to installation guide (#353)
* add nginx and systemd section

* fix typso

* fix mkdoc and dots in config guide

* specify port

* Update nginx.md

* add section about configuring gts to nginx docs

* Update nginx.md

Co-authored-by: zoe <z8V54gHftevp7LeRVyys$8@DosKq^FeQKUWU!WGpTyiLaxGojNdgnWkaWiv673Twg$aPm&hU>
2021-12-26 13:58:15 +01:00
tobi cb8688f429
Remove unnecessary storage config variables (#344)
* rewire config to not use extraneous serve vars

* rename 'file' to 'local' for consistency

* use Type and Size again
2021-12-20 15:19:53 +01:00