Add (commented) volume in docker-compose && Mitigating the HTTPoxy Vu…

…lnerability (mastodon#1253) * enable commented volume in docker-compose.yml * Disable unworking Nginx root directory && Mitigating the HTTPoxy Vulnerability * add my instance to the list * enable GZIP on nginx.conf * readd root /home/mastodon/live/public;
edwardt · Apr 11, 2017 · b723ee7 · b723ee7
1 parent c35bda0
commit b723ee7
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 3 deletions.
diff --git a/docker-compose.yml b/docker-compose.yml
@@ -1,11 +1,20 @@
 version: '2'
 services:
+
   db:
     restart: always
     image: postgres:alpine
+### Uncomment to enable DB persistance
+#    volumes:
+#      - ./postgres:/var/lib/postgresql/data
+
   redis:
     restart: always
     image: redis:alpine
+### Uncomment to enable REDIS persistance
+#    volumes:
+#      - ./redis:/data
+
   web:
     restart: always
     build: .
@@ -19,6 +28,7 @@ services:
     volumes:
       - ./public/assets:/mastodon/public/assets
       - ./public/system:/mastodon/public/system
+
   streaming:
     restart: always
     build: .
@@ -29,6 +39,7 @@ services:
     depends_on:
       - db
       - redis
+
   sidekiq:
     restart: always
     build: .

diff --git a/docs/Running-Mastodon/Production-guide.md b/docs/Running-Mastodon/Production-guide.md
@@ -34,10 +34,19 @@ server {
   keepalive_timeout    70;
   sendfile             on;
   client_max_body_size 0;
-  gzip off;
 
   root /home/mastodon/live/public;
 
+  gzip on;
+  gzip_disable "msie6";
+  gzip_vary on;
+  gzip_proxied any;
+  gzip_comp_level 6;
+  gzip_buffers 16 8k;
+  gzip_http_version 1.1;
+  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
+
+
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
 
   location / {
@@ -49,7 +58,7 @@ server {
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto https;
-
+    proxy_set_header Proxy "";
     proxy_pass_header Server;
 
     proxy_pass http://localhost:3000;
@@ -67,6 +76,7 @@ server {
     proxy_set_header X-Real-IP $remote_addr;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header X-Forwarded-Proto https;
+    proxy_set_header Proxy "";
 
     proxy_pass http://localhost:4000;
     proxy_buffering off;

diff --git a/docs/Using-Mastodon/List-of-Mastodon-instances.md b/docs/Using-Mastodon/List-of-Mastodon-instances.md
@@ -76,7 +76,7 @@ There is also a list at [instances.mastodon.xyz](https://instances.mastodon.xyz)
 | [mastodon.fun](https://mastodon.fun/)|Mastodon for everyone ! |Yes|Yes|
 | [oulipo.social](https://oulipo.social/)|An Oulipo Mastodon in which that fifth symbol in Latin script is taboo|Yes|No|
 | [indigo.zone](https://indigo.zone)|Open Registrations, General Purpose|Yes|No|
+| [mastodon.cloud](https://mastodon.cloud)|An open Mastodon instance with people from all around the world|Yes|Yes|
 | [mst3k.interlinked.me](https://mst3k.interlinked.me)|Open registrations, general purpose|Yes|Yes|
 
-
 We are no longer maintaining this list as instances are popping up too quickly for using GitHub to be a tenable system for tracking them. Please standby while we work on another solution