Add (commented) volume in docker-compose && Mitigating the HTTPoxy Vulnerability (#1253)
* enable commented volume in docker-compose.yml * Disable unworking Nginx root directory && Mitigating the HTTPoxy Vulnerability * add my instance to the list * enable GZIP on nginx.conf * readd root /home/mastodon/live/public;
This commit is contained in:
		
							parent
							
								
									c35bda0551
								
							
						
					
					
						commit
						b723ee73fc
					
				
					 3 changed files with 24 additions and 3 deletions
				
			
		|  | @ -1,11 +1,20 @@ | |||
| version: '2' | ||||
| services: | ||||
| 
 | ||||
|   db: | ||||
|     restart: always | ||||
|     image: postgres:alpine | ||||
| ### Uncomment to enable DB persistance | ||||
| #    volumes: | ||||
| #      - ./postgres:/var/lib/postgresql/data | ||||
| 
 | ||||
|   redis: | ||||
|     restart: always | ||||
|     image: redis:alpine | ||||
| ### Uncomment to enable REDIS persistance | ||||
| #    volumes: | ||||
| #      - ./redis:/data | ||||
| 
 | ||||
|   web: | ||||
|     restart: always | ||||
|     build: . | ||||
|  | @ -19,6 +28,7 @@ services: | |||
|     volumes: | ||||
|       - ./public/assets:/mastodon/public/assets | ||||
|       - ./public/system:/mastodon/public/system | ||||
| 
 | ||||
|   streaming: | ||||
|     restart: always | ||||
|     build: . | ||||
|  | @ -29,6 +39,7 @@ services: | |||
|     depends_on: | ||||
|       - db | ||||
|       - redis | ||||
| 
 | ||||
|   sidekiq: | ||||
|     restart: always | ||||
|     build: . | ||||
|  |  | |||
|  | @ -34,10 +34,19 @@ server { | |||
|   keepalive_timeout    70; | ||||
|   sendfile             on; | ||||
|   client_max_body_size 0; | ||||
|   gzip off; | ||||
| 
 | ||||
|   root /home/mastodon/live/public; | ||||
| 
 | ||||
|   gzip on; | ||||
|   gzip_disable "msie6"; | ||||
|   gzip_vary on; | ||||
|   gzip_proxied any; | ||||
|   gzip_comp_level 6; | ||||
|   gzip_buffers 16 8k; | ||||
|   gzip_http_version 1.1; | ||||
|   gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; | ||||
| 
 | ||||
| 
 | ||||
|   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; | ||||
| 
 | ||||
|   location / { | ||||
|  | @ -49,7 +58,7 @@ server { | |||
|     proxy_set_header X-Real-IP $remote_addr; | ||||
|     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|     proxy_set_header X-Forwarded-Proto https; | ||||
| 
 | ||||
|     proxy_set_header Proxy ""; | ||||
|     proxy_pass_header Server; | ||||
| 
 | ||||
|     proxy_pass http://localhost:3000; | ||||
|  | @ -67,6 +76,7 @@ server { | |||
|     proxy_set_header X-Real-IP $remote_addr; | ||||
|     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|     proxy_set_header X-Forwarded-Proto https; | ||||
|     proxy_set_header Proxy ""; | ||||
| 
 | ||||
|     proxy_pass http://localhost:4000; | ||||
|     proxy_buffering off; | ||||
|  |  | |||
|  | @ -76,7 +76,7 @@ There is also a list at [instances.mastodon.xyz](https://instances.mastodon.xyz) | |||
| | [mastodon.fun](https://mastodon.fun/)|Mastodon for everyone ! |Yes|Yes| | ||||
| | [oulipo.social](https://oulipo.social/)|An Oulipo Mastodon in which that fifth symbol in Latin script is taboo|Yes|No| | ||||
| | [indigo.zone](https://indigo.zone)|Open Registrations, General Purpose|Yes|No| | ||||
| | [mastodon.cloud](https://mastodon.cloud)|An open Mastodon instance with people from all around the world|Yes|Yes| | ||||
| | [mst3k.interlinked.me](https://mst3k.interlinked.me)|Open registrations, general purpose|Yes|Yes| | ||||
| 
 | ||||
| 
 | ||||
| We are no longer maintaining this list as instances are popping up too quickly for using GitHub to be a tenable system for tracking them. Please standby while we work on another solution | ||||
|  |  | |||
		Loading…
	
	Add table
		
		Reference in a new issue