| Age | Commit message (Collapse) | Author | Files |
|---|
|
This tries to revamp/restructure the installation guide. It's renamed to
"Getting Started" as it now contains a few more things than just the
installation, especially the deployment considerations which we didn't
use to spell out as much ahead of time.
Installation is now a section with the guides on their own. I've removed
a bit of redundancy like the user creation. I also removed the rogue
reverse proxy section in the Docker guide and lifted that into the
reverse proxy section.
|
|
This adds an example on how to get Grafana Tempo up to receive spans as
well as Grafana itself to view them.
I've added this as a separate Tracing doc in the installation guide as
the Advanced one was starting to get rather full.
Fixes: #1791
|
|
Our default configuration places the SQLite DB in /gotosocial/, but the
AppArmor profile doesn't allow us to write there. Instead of making the
whole directory writable, add a writable area in /gotosocial/db/ instead
and advise in the docs to move the DB there.
|
|
Instead of a manually curated list of distribution packages, this adds
the Repology[1] widget instead.
This also separates out the distribution packages from the
self-hosting/deployment options into their own sections.
[1]: https://repology.org/project/gotosocial/versions
|
|
* Replace pinafore with semaphore
* Typo
|
|
A proxy_pass in a named location, @name, should not include a trailing
slash.
|
|
|
|
|
|
This adds a section to the docs instructing how to ensure apps will be
able to successfully login to an instance when host- and account-domain
differ.
Resolves #1609
|
|
* [feature] Provide .well-known/host-meta endpoint
This adds the host-meta endpoint as Mastodon clients use this to
discover the API domain to use when the host and account domains aren't
the same.
* Address review comments
|
|
Currently, GtS only supports using the built-in LE client directly for
TLS. However, admins may still want to use GtS directly (so without a
reverse proxy) but with certificates provided through some other
mechanism. They may have some centralised way of provisioning these
things themselves, or simply prefer to use LE but with a different
challenge like DNS-01 which is not supported by autocert.
This adds support for loading a public/private keypair from disk instead
of using LE and reconfigures the server to use a TLS listener if we
succeed in doing so.
Additionally, being able to load TLS keypair from disk opens up the path
to using a custom CA for testing purposes avoinding the need for a
constellation of containers and something like Pebble or Step CA to
provide LE APIs.
|
|
* [bug] Fix nginx fileserver caching example
This updates the example to ensure the nginx proxies the request on to
GTS if the file is not found on disk. This can happen due to media
pruning.
* [chore] Set cache-control in nginx to private
This makes the header match with the backend. For things from the
fileserver it may not be appropriate for anything other than a private
cache (i.e the client) to cache things.
|
|
ActivityPub API (#1461)
* serve publickey separately from AP, don't throttle it
* update nginx cache documentation, cache main-key too
* throttle public key, but separately from other endpoints
|
|
|
|
since 2.4.47 (released April 22nd 2021), Apache httpd can ProxyPass to
websockets on the same URL, without mod_rewrite (and, without
mod_proxy_wstunnel).
|
|
|
|
* Update Apache docs to use 127.0.0.1 instead
* Update apache-httpd.md
|
|
Lots of these were appearing:
```
*459 connect() failed (111: Connection refused) while connecting to upstream
```
This change resolves it, see https://stackoverflow.com/a/52550758
|
|
* [docs] Serve static assets with nginx
This explains how to use nginx to serve static assets and offload GTS
from that responsibility. It also shows how to have nginx add caching
headers to indicate to clients how long they may cache an asset.
* [docs] Move additional nginx config to advanced
This moves a bunch of additional nginx configuration into the Advanced
page instead. It declutters the nginx configuration page.
|
|
This explains how nginx can be used to cache webfinger responses and
potentially serve stale responses in case GTS is down. This can be
useful to do in order to ensure webfinger keeps working even if you're
doing some maintenance.
|
|
|
|
(#1206)
* remove filesystem logging directives from example systemd unit config
* [docs] Update docs to reflect new systemd config
Co-authored-by: tsmethurst <tobi.smethurst@protonmail.com>
|
|
* Enable the 'admonitions' Markdown extension for Mkdocs.
The admonitions extension to Python-Markdown allows you to include
rST-style "admonitions" to Markdown documents, for instance,
!!! note
Here's an important note to keep in mind!
In general, the current documentation uses bold text to try to achieve
the same effect, which is a bit harder to notice and makes it difficult
to differentiate between "here's something useful to know" versus "here
there be dragons".
* Add AppArmor profile and documentation for LSM-related sandboxing
This commit adds an AppArmor profile for gotosocial in
examples/apparmor/gotosocial. This will (hopefully) serve as a helpful
security mitigation for people are planning on deploying GTS on a
Debian-family Linux distribution.
I've also updates the documentation to include some information about
deploying GTS with either AppArmor or SELinux (moving the documentation
for the former out of the "binary installation guide" docs).
|
|
Since the documentation site only shows the latest version of the
docs, we need the docs to explain how to use the latest stable
release, not just the latest git version.
|
|
The NewSignup method was already being called with
requireApproval=false, but it had emailVerified=false as well, which
meant that it was required to use the `admin account confirm` command
to verify the email before the newly-created user could log in.
I think that was probably an oversight; effectively it did require
approval anyway. Changing emailVerified to true allows you to just
create the account and log in immediately, reducing the opportunity
for manual error to sneak in.
Also updated the docs to remove the mention of needing to confirm new
accounts. However, I've left the confirmation command alone because I
think once we have web signups, it will be needed in that context.
|
|
* [docs] Clarify that reverse proxy setups need trusted-proxies
* Remove the jq usage
|
|
|
|
Rather than a single access log and no error logging, put the logs in
/var/log/gotosocial/, and document creating and owning that directory
|
|
The trailing / can break relative URLs.
|
|
The AUR is the Arch unofficial repository, where users can upload PKGBUILD's for Arch Linux users to build a package.
|
|
* [docs] add account domain documentation
* add note about parent/subdomain
|
|
|
|
|
|
|
|
|
|
|
|
* Update apache-httpd.md
* Update apache-httpd.md
* Update apache-httpd.md
|
|
|
|
|
|
|
|
|
|
* [bugfix] Correctly style inputs and buttons
<input>, <textarea>, and <button> were incorrectly using the system-ui font previously; this commit fixes that. text-align: center; was added to <button> due to an inconsistency with .button where text-align would be off.
* [chore] Update binary installation instructions
This commit updates the example release mentioned in the docs, and mentions Caddy in the reverse proxy options.
* [bugfix] Remove redundant Caddyfile
Caddy automatically upgrades HTTP to HTTPS (see https://caddyserver.com/docs/automatic-https) so the upgrading part of the Caddyfile is redundant.
|
|
* Add instructions for working with Caddy 2
Add instructions for working with Caddy 2. Some texts are duplicated from the NGINX part (mainly the configuration part, about systemctl).
* Add new Caddy docs to mkdocs.yml
Adds the new Caddy document to the document tree
* Remove up and downstream headers from configuration
Removed the header statements for the proxy, as proxying those are transparant. Kept the flush_interval directive, disabling the response buffer completely so we can write without delays.
* Update caddy.md
Corrects the opening link
* Apply comments mentioned in PR
@igalic mentioned a few comments to improve these docs. I've processed those in this PR.
|
|
|
|
|
|
guides (#512)
* add note about release version number
* recommend users take latest stable release
|
|
|
|
* start adjusting nginx documentation
* update NGINX docs
* add link to the websocket docs
|
|
|
|
* simplify docker-compose docs + example
* Change note about reverse proxy, add traefik
* Linting
|
Daenney
Julian-Samuel Gebühr
tobi
ketan-vijayvargiya
Mina Galić
Alex Schroeder
EchedeyLR
Andrea
f0x52
kernelmethod
Phil Hagelberg
dx
Leonora Tindall
Jelle van der Waa
Lukáš Zapletal
K
mscherer
Forever
Martijn de Boer
Nivex