Mastodon updates, more docs #10

Merged
teutat3s merged 5 commits from mastodon-updates into main 2023-07-21 10:32:22 +00:00
2 changed files with 57 additions and 17 deletions
Showing only changes of commit d91b216b4c - Show all commits

View file

@ -1,7 +1,7 @@
# pub.solar mastodon
https://mastodon.pub.solar
### Upgrading
### Upgrading Mastodon
This section assumes you edited `docker-compose.yml` and bumped the mastodon docker
image version tag
```
@ -53,6 +53,45 @@ docker rm \
blue-mastodon_sidekiq_($current_container_index - 1)
```
### Upgrading Caddy
```
mkdir -p certificates/acme-v02.api.letsencrypt.org-directory
docker cp --archive blue-mastodon_caddy_2:/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/files.pub.solar ./certificates/acme-v02.api.letsencrypt.org-directory/
docker cp --archive blue-mastodon_caddy_2:/data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/mastodon.pub.solar ./certificates/acme-v02.api.letsencrypt.org-directory/
docker-compose --project-name blue-mastodon up \
--scale caddy=2 \
--no-recreate \
--no-start
docker cp --archive ./backups/certificates blue-mastodon_caddy_3:/data/caddy/certificates
docker start blue-mastodon_caddy_3
# Stop old caddy container
docker stop blue-mastodon_caddy_2
# Verify everything works fine, then remove the old caddy container
docker rm blue-mastodon_caddy_2
```
### Upgrading Elasticsearch
Look for new releases on https://www.elastic.co/guide/en/elasticsearch/reference/7.17/es-release-notes.html
and edit the docker image tag accordingly.
```
docker-compose --project-name blue-mastodon up \
--scale elasticsearch=2 \
--no-recreate \
# Stop old elasticsearch container
docker stop blue-mastodon_elasticsearch_2
docker exec -it blue-mastodon_web_15 bash
tootctl search deploy
# Verify everything works fine, then remove the old caddy container
docker rm blue-mastodon_elasticsearch_2
```
Todos:
- implement automatic backups, they are only done manually during upgrades at the moment
- switch proxy from nginx-dehydrated to caddy - done

View file

@ -28,7 +28,7 @@ services:
# - triton.cns.services=mastodon-proxy
caddy:
image: caddy:2.5.1
image: caddy:2.6.4
mem_limit: 256m
restart: always
environment:
@ -44,12 +44,16 @@ services:
labels:
- triton.cns.services=mastodon-proxy
entrypoint: /bin/sh
command: >-
-c 'echo "
command:
- -c
- >-
echo "
{
email admins@pub.solar
servers {
protocols h1 h2
}
}
$$SITE_DOMAIN {
@streaming {
path /api/v1/streaming/*
@ -77,23 +81,21 @@ services:
handle_errors {
rewrite 500.html
}
encode zstd gzip
header {
Strict-Transport-Security "max-age=31536000"
# clickjacking protection
X-Frame-Options DENY
}
header /sw.js Cache-Control "public, max-age=0"
header @cache_control Cache-Control "public, max-age=31536000, immutable"
}
files.pub.solar {
handle {
rewrite * /s/jw24ad6l4a6zxsnd32cmf5hp5nsq/pub-solar-mastodon{uri}?download
reverse_proxy {
# backends / upstreams
to https://link.tardigradeshare.io
# header manipulation
# proxy to an HTTPS endpoint
header_up Host {upstream_hostport}
@ -101,7 +103,6 @@ services:
header_up Connection ""
header_up Authorization ""
# remove these header from the backends response
header_down -content-disposition
header_down -Set-Cookie
header_down -Access-Control-Allow-Origin
header_down -Access-Control-Allow-Methods
@ -115,14 +116,14 @@ services:
# add these header to the backends response
# cache client side for 7 days
header_down Cache-Control "public, max-age=604800"
header_down Access-Control-Allow-Origin "*"
header_down X-Content-Type-Options "nosniff"
}
}
handle_errors {
rewrite 500.html
}
}
" | caddy run --adapter caddyfile --config -'
}" | caddy run --adapter caddyfile --config -
# using SmartOS native zone mastodon-redis, lx-brand redis crashes regularly,
# upstream bug: https://github.com/redis/redis/issues/8861
@ -135,7 +136,7 @@ services:
# - triton.cns.services=mastodon-redis
web:
image: tootsuite/mastodon:v4.1.2
image: tootsuite/mastodon:v4.1.4
mem_limit: 1g
restart: always
env_file: .env.production
@ -148,7 +149,7 @@ services:
- triton.cns.services=mastodon-web
streaming:
image: tootsuite/mastodon:v4.1.2
image: tootsuite/mastodon:v4.1.4
mem_limit: 1g
restart: always
env_file: .env.production
@ -161,7 +162,7 @@ services:
- triton.cns.services=mastodon-streaming
sidekiq:
image: tootsuite/mastodon:v4.1.2
image: tootsuite/mastodon:v4.1.4
mem_limit: 1g
restart: always
env_file: .env.production
@ -171,7 +172,7 @@ services:
- triton.cns.services=mastodon-sidekiq
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.9
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.11
mem_limit: 512m
restart: always
environment: