jake/mastodon-utils
1
Fork 0
mirror of https://github.com/jakejarvis/mastodon-utils.git synced 2025-04-26 12:28:26 -04:00
Code Issues Releases Wiki Activity

add ElasticSearch notes

Browse Source
This commit is contained in:
Jake Jarvis 2022-12-12 10:25:40 -05:00
parent 5ef58edd14
commit 68386a800a
Signed by: jake
GPG Key ID: 2B0C9CF251E69A39
7 changed files with 89 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -7,6 +7,7 @@ Random opinionated helper scripts & front-end customizations for my [personal Ma
The [wiki of this repo](https://github.com/jakejarvis/mastodon-scripts/wiki) and the [`/etc` folder](etc/) are simply my way of not forgetting how I did something, which I do quite a bit. Refer there for random notes on PgBouncer, Grafana, etc. but **DO NOT BLINDLY COPY & PASTE** anything there without doing your own research! The [wiki of this repo](https://github.com/jakejarvis/mastodon-scripts/wiki) and the [`/etc` folder](etc/) are simply my way of not forgetting how I did something, which I do quite a bit. Refer there for random notes on PgBouncer, Grafana, etc. but **DO NOT BLINDLY COPY & PASTE** anything there without doing your own research!
- [Grafana & Prometheus](https://github.com/jakejarvis/mastodon-scripts/wiki/Prometheus-&-Grafana) - [Grafana & Prometheus](https://github.com/jakejarvis/mastodon-scripts/wiki/Prometheus-&-Grafana)
- [ElasticSearch](https://github.com/jakejarvis/mastodon-scripts/wiki/ElasticSearch)
- [PgBouncer](https://github.com/jakejarvis/mastodon-scripts/wiki/Postgres-&-PgBouncer) - [PgBouncer](https://github.com/jakejarvis/mastodon-scripts/wiki/Postgres-&-PgBouncer)
- [Brotli compression](https://github.com/jakejarvis/mastodon-scripts/wiki/Brotli-compression-for-nginx) - [Brotli compression](https://github.com/jakejarvis/mastodon-scripts/wiki/Brotli-compression-for-nginx)

53
etc/elasticsearch/elasticsearch.yml Normal file
View File

@ -0,0 +1,53 @@
# ======================== Elasticsearch Configuration =========================
#
# NOTE: Elasticsearch comes with reasonable defaults for most settings.
# Before you set out to tweak and tune the configuration, make sure you
# understand what are you trying to accomplish and the consequences.
#
# The primary way of configuring a node is via this file. This template lists
# the most important settings you may want to configure for a production cluster.
#
# Please consult the documentation for further information on configuration options:
# https://www.elastic.co/guide/en/elasticsearch/reference/index.html
#
# ----------------------------------- Paths ------------------------------------
#
# Path to directory where to store the data (separate multiple locations by comma):
#
path.data: /var/lib/elasticsearch
#
# Path to log files:
#
path.logs: /var/log/elasticsearch
#
# ---------------------------------- Network -----------------------------------
#
# By default Elasticsearch is only accessible on localhost. Set a different
# address here to expose this node on the network:
#
# network.host: 0.0.0.0
#
# By default Elasticsearch listens for HTTP traffic on the first free port it
# finds starting at 9200. Set a specific HTTP port here:
#
http.port: 9200
#
# For more information, consult the network module documentation.
#
# ---------------------------------- Security ----------------------------------
#
# *** WARNING ***
#
# Elasticsearch security features are not enabled by default.
# These features are free, but require configuration changes to enable them.
# This means that users dont have to provide credentials and can get full access
# to the cluster. Network connections are also not encrypted.
#
# To protect your data, we strongly encourage you to enable the Elasticsearch security features.
# Refer to the following documentation for instructions.
#
# https://www.elastic.co/guide/en/elasticsearch/reference/7.16/configuring-stack-security.html
#
# shuts up constant warning logs about security (N/A because of strict firewall):
xpack.security.enabled: false

2
etc/elasticsearch/jvm.options.d/heap-size.options Normal file
View File

@ -0,0 +1,2 @@
-Xms1g
-Xmx1g

9
etc/grafana/grafana.ini
View File

@ -33,13 +33,16 @@ default_theme = dark
disable_login = true disable_login = true
disable_login_form = true disable_login_form = true
[auth.anonymous]
hide_version = true
[auth.grafana_com] [auth.grafana_com]
enabled = true enabled = true
allow_sign_up = false allow_sign_up = false
client_id = client_id = XXXXXX
client_secret = client_secret = XXXXXX
scopes = user:email scopes = user:email
allowed_organizations = allowed_organizations = XXXXXX
[metrics] [metrics]
enabled = false enabled = false

20
etc/nginx/nginx.conf
View File

@ -1,4 +1,4 @@
user mastodon; # jake: changed from nginx user mastodon; # changed from 'nginx'
worker_processes auto; worker_processes auto;
pid /run/nginx.pid; pid /run/nginx.pid;
@ -7,7 +7,7 @@ load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so; load_module modules/ngx_http_brotli_static_module.so;
events { events {
worker_connections 768; worker_connections 1024;
} }
http { http {
@ -24,7 +24,14 @@ http {
keepalive_timeout 65; keepalive_timeout 65;
types_hash_max_size 2048; types_hash_max_size 2048;
# jake: added (prometheus target) ##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# stats for prometheus nginx exporter
server { server {
listen 9181; listen 9181;
location /metrics { location /metrics {
@ -34,13 +41,6 @@ http {
} }
} }
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
## ##
# Virtual Host Configs # Virtual Host Configs
## ##

4
etc/nginx/sites-available/default.conf
View File

@ -1,4 +1,6 @@
# don't respond to direct IP address requests # don't respond to direct IP address requests:
# https://www.codedodle.com/disable-direct-ip-access-nginx.html
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;

64
etc/nginx/sites-available/mastodon.conf
View File

@ -1,3 +1,5 @@
# modified from https://github.com/mastodon/mastodon/blob/v4.0.2/dist/nginx.conf
map $http_upgrade $connection_upgrade { map $http_upgrade $connection_upgrade {
default upgrade; default upgrade;
'' close; '' close;
@ -23,7 +25,7 @@ server {
return 301 https://$host$request_uri; return 301 https://$host$request_uri;
} # managed by Certbot } # managed by Certbot
return 404; # managed by Certbot return 403;
} }
server { server {
@ -62,8 +64,8 @@ server {
image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml; image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
gzip_min_length 256; gzip_min_length 256;
# jake: added
# https://github.com/google/ngx_brotli#sample-configuration # https://github.com/google/ngx_brotli#sample-configuration
# https://github.com/jakejarvis/mastodon-scripts/wiki/Brotli-compression-for-nginx
brotli on; brotli on;
brotli_comp_level 4; brotli_comp_level 4;
brotli_static on; brotli_static on;
@ -74,60 +76,22 @@ server {
image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml; image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
brotli_min_length 256; brotli_min_length 256;
location / { # add shortcut to public Grafana dashboard
try_files $uri @proxy;
}
# jake: added
location ~ ^/dashboard/?$ { location ~ ^/dashboard/?$ {
return 302 https://grafana.pipe.fail/public-dashboards/b5ca7a7c8e844f90b0973d2ab02bad0a; return 302 https://grafana.pipe.fail/public-dashboards/b5ca7a7c8e844f90b0973d2ab02bad0a;
} }
# If Docker is used for deployment and Rails serves static files, location / {
# then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`. try_files $uri @proxy;
}
location = /sw.js { location = /sw.js {
add_header Cache-Control "public, max-age=604800, must-revalidate"; add_header Cache-Control "public, max-age=604800, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404; try_files $uri =404;
} }
location ~ ^/assets/ { location ~ ^/(assets|avatars|emoji|headers|packs|shortcuts|sounds)/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/avatars/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/emoji/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/headers/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/packs/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/shortcuts/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404;
}
location ~ ^/sounds/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate"; add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
try_files $uri =404; try_files $uri =404;
@ -155,7 +119,7 @@ server {
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
# jake: added (debugging) # debugging
add_header Via "1.1 $proxy_host" always; add_header Via "1.1 $proxy_host" always;
tcp_nodelay on; tcp_nodelay on;
@ -167,7 +131,7 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy ""; proxy_set_header Proxy "";
# jake: removed # remove 'Server: Mastodon' response header
# proxy_pass_header Server; # proxy_pass_header Server;
proxy_pass http://backend; proxy_pass http://backend;
@ -182,11 +146,11 @@ server {
proxy_cache_valid 410 24h; proxy_cache_valid 410 24h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504; proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
# jake: added (security) # security
proxy_hide_header Referrer-Policy; proxy_hide_header Referrer-Policy;
add_header Referrer-Policy "strict-origin" always; add_header Referrer-Policy "strict-origin" always;
# jake: added (debugging) # debugging
add_header Via "1.1 $proxy_host" always; add_header Via "1.1 $proxy_host" always;
add_header X-Cache-Status $upstream_cache_status always; add_header X-Cache-Status $upstream_cache_status always;
add_header X-Got-Milk "2%" always; add_header X-Got-Milk "2%" always;