jake/mastodon-utils
1
Fork 0
mirror of https://github.com/jakejarvis/mastodon-utils.git synced 2025-10-25 15:15:48 -04:00
Code Issues Releases Wiki Activity

avoid hard-coding 'mastodon' as the non-root user

Browse Source
This commit is contained in:
Jake Jarvis
2022-12-19 20:24:37 -05:00
parent 27623a70f5
commit c925511240
8 changed files with 65 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
etc/nginx/nginx.conf
View File

@@ -1,11 +1,11 @@
user mastodon; # changed from 'nginx'
user nginx;
worker_processes auto;
pid /run/nginx.pid;
# compiled brotli modules from https://github.com/google/ngx_brotli
# see: https://github.com/jakejarvis/mastodon-utils/wiki/nginx#brotli-compression
load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;
# load_module modules/ngx_http_brotli_filter_module.so;
# load_module modules/ngx_http_brotli_static_module.so;
events {
worker_connections 1024;

31
etc/nginx/sites-available/mastodon.conf
View File

@@ -23,10 +23,10 @@ server {
root /home/mastodon/live/public;
ssl_certificate /etc/letsencrypt/live/mastodon.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mastodon.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mastodon.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mastodon.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# https://ssl-config.mozilla.org/#server=nginx&version=1.22.1&config=intermediate&openssl=1.1.1f&guideline=5.6
ssl_stapling on;
@@ -53,15 +53,15 @@ server {
# https://github.com/google/ngx_brotli#sample-configuration
# https://github.com/jakejarvis/mastodon-utils/wiki/nginx#brotli-compression
brotli on;
brotli_comp_level 4;
brotli_static on;
brotli_min_length 256;
brotli_types application/atom+xml application/javascript application/json application/rss+xml
application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
# brotli on;
# brotli_comp_level 4;
# brotli_static on;
# brotli_min_length 256;
# brotli_types application/atom+xml application/javascript application/json application/rss+xml
# application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
# application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
# font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
# image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
# sends most paths to the backend proxy and ignores the location blocks below, except if
# the file exists in /home/mastodon/live
@@ -149,7 +149,6 @@ server {
# debugging headers
add_header Via "1.1 $proxy_host" always;
add_header X-Cache-Status $upstream_cache_status always;
add_header X-Got-Milk "2%" always;
tcp_nodelay on;
}
@@ -164,8 +163,8 @@ server {
server_name mastodon.example.com;
if ($host = mastodon.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
return 308 https://$host$request_uri;
}
return 403;
}