From 457661a316c2ff44d235f6071e14451941aee5e1 Mon Sep 17 00:00:00 2001 From: solidsanek Date: Tue, 25 Apr 2023 23:45:43 +0200 Subject: [PATCH] Docs: Revert formatting changes, adapted more notes/warning to mkdocs, rephrased a few phrases --- docs/docs/administration/CLI_tasks/config.md | 8 +- .../docs/administration/CLI_tasks/database.md | 4 +- .../CLI_tasks/general_cli_task_info.include | 2 +- docs/docs/administration/monitoring.md | 2 +- docs/docs/clients.md | 4 +- docs/docs/configuration/cheatsheet.md | 29 ++--- .../configuration/howto_database_config.md | 3 +- docs/docs/configuration/howto_search_cjk.md | 3 +- ..._set_richmedia_cache_ttl_based_on_image.md | 2 +- docs/docs/configuration/i2p.md | 3 +- docs/docs/configuration/onion_federation.md | 3 +- docs/docs/configuration/search.md | 3 +- docs/docs/configuration/static_dir.md | 4 +- docs/docs/development/API/admin_api.md | 7 +- docs/docs/index.md | 3 +- .../migrating_from_source_otp_en.md | 3 +- docs/docs/installation/openbsd_en.md | 102 +++++++++--------- .../optional/media_graphics_packages.md | 3 +- docs/docs/installation/otp_en.md | 2 +- docs/docs/installation/otp_redhat_en.md | 3 +- 20 files changed, 102 insertions(+), 91 deletions(-) diff --git a/docs/docs/administration/CLI_tasks/config.md b/docs/docs/administration/CLI_tasks/config.md index e815f257a..dcb56a5cd 100644 --- a/docs/docs/administration/CLI_tasks/config.md +++ b/docs/docs/administration/CLI_tasks/config.md @@ -4,7 +4,7 @@ ## Transfer config from file to DB. -!!! Note +!!! note You need to add the following to your config before executing this command: ```elixir @@ -25,7 +25,7 @@ ## Transfer config from DB to `config/env.exported_from_db.secret.exs` -!!! Note +!!! note In-Database configuration will still be applied after executing this command unless you set the following in your config: ```elixir @@ -179,8 +179,8 @@ it may be easier to dump the values to JSON and then modify them in a text edito ## Loading specific configuration values from JSON -**Note:** This will overwrite any existing value in the database, and can -cause crashes if you do not have exactly the correct formatting. +!!! note + This will overwrite any existing value in the database, and can cause crashes if you do not have exactly the correct formatting. Once you have modified the JSON file, you can load it back into the database. diff --git a/docs/docs/administration/CLI_tasks/database.md b/docs/docs/administration/CLI_tasks/database.md index 5b8675bf1..3fa26a1d2 100644 --- a/docs/docs/administration/CLI_tasks/database.md +++ b/docs/docs/administration/CLI_tasks/database.md @@ -2,7 +2,7 @@ {! administration/CLI_tasks/general_cli_task_info.include !} -!!! Danger +!!! danger These mix tasks can take a long time to complete. Many of them were written to address specific database issues that happened because of bugs in migrations or other specific scenarios. Do not run these tasks "just in case" if everything is fine your instance. ## Replace embedded objects with their references @@ -99,7 +99,7 @@ Can be safely re-run ## Vacuum the database -!!! Note +!!! note By default, PostgreSQL has an autovacuum daemon running. While the tasks described here can help in some cases, they shouldn't be needed on a regular basis. See [the PostgreSQL docs on vacuuming](https://www.postgresql.org/docs/current/sql-vacuum.html) for more information on this. ### Analyze diff --git a/docs/docs/administration/CLI_tasks/general_cli_task_info.include b/docs/docs/administration/CLI_tasks/general_cli_task_info.include index c1a3471c1..9f2b0882b 100644 --- a/docs/docs/administration/CLI_tasks/general_cli_task_info.include +++ b/docs/docs/administration/CLI_tasks/general_cli_task_info.include @@ -1,5 +1,5 @@ Every command should be ran as the `akkoma` user from its home directory. For example, if you are superuser, you would have to wrap the command in `su akkoma -s $SHELL -lc "$COMMAND"`. -??? Note "From source note about `MIX_ENV`" +??? note "From source note about `MIX_ENV`" The `mix` command should be prefixed with the name of the environment your Akkoma server is running in, usually it's `MIX_ENV=prod` diff --git a/docs/docs/administration/monitoring.md b/docs/docs/administration/monitoring.md index 41f7d5754..29de4234b 100644 --- a/docs/docs/administration/monitoring.md +++ b/docs/docs/administration/monitoring.md @@ -3,7 +3,7 @@ If you run Akkoma, you may be inclined to collect metrics to ensure your instance is running smoothly, and that there's nothing quietly failing in the background. -To facilitate this, Akkoma exposes Prometheus metrics to be scrapped. +To facilitate this, Akkoma exposes Prometheus metrics to be scraped. ## Prometheus diff --git a/docs/docs/clients.md b/docs/docs/clients.md index 9720613d4..651a8c0eb 100644 --- a/docs/docs/clients.md +++ b/docs/docs/clients.md @@ -1,6 +1,6 @@ # Akkoma Clients -Note: Additional clients may work, but these are known to work with Akkoma. -Apps listed here might not support all of Akkoma's features. +!!! note + Additional clients may work, but these are known to work with Akkoma. Apps listed here might not support all of Akkoma's features. ## Desktop ### Whalebird diff --git a/docs/docs/configuration/cheatsheet.md b/docs/docs/configuration/cheatsheet.md index 7cfca3e16..9145855d9 100644 --- a/docs/docs/configuration/cheatsheet.md +++ b/docs/docs/configuration/cheatsheet.md @@ -130,7 +130,7 @@ To add configuration to your config file, you can copy it from the base config. ## Federation ### MRF policies -!!! Note +!!! note Configuring MRF policies is not enough for them to take effect. You have to enable them by specifying their module in `policies` under [:mrf](#mrf) section. #### :mrf_simple @@ -414,7 +414,7 @@ config :pleroma, Pleroma.Web.MediaProxy.Invalidation.Http, ### :rich_media (consumer) * `enabled`: if enabled, the instance will parse metadata from attached links to generate link previews. * `ignore_hosts`: list of hosts which will be ignored by the metadata parser. For example, `["accounts.google.com", "xss.website"]`, defaults to `[]`. -* `ignore_tld`: list TLDs (top-level domains) which will ignore to parse metadata. Default is ["local", "localdomain", "lan"]. +* `ignore_tld`: list of TLDs (top-level domains) which will be ignored by the metadata parser. Default is ["local", "localdomain", "lan"]. * `parsers`: list of Rich Media parsers. * `failure_backoff`: Amount of milliseconds after request failure, during which the request will not be retried. @@ -422,7 +422,7 @@ config :pleroma, Pleroma.Web.MediaProxy.Invalidation.Http, ### Pleroma.Web.Endpoint -!!! Note +!!! note `Phoenix` endpoint configuration, all configuration options can be viewed [here](https://hexdocs.pm/phoenix/Phoenix.Endpoint.html#module-dynamic-configuration), only common options are listed here. * `http` - a list containing HTTP protocol configuration, all configuration options can be viewed [here](https://hexdocs.pm/plug_cowboy/Plug.Cowboy.html#module-options), only common options are listed here. For deployment using docker, you need to set this to `[ip: {0,0,0,0}, port: 4000]` to make Akkoma accessible from other containers (such as your NGINX server). @@ -456,7 +456,7 @@ This will make Akkoma listen on `127.0.0.1` port `8080` and generate URLs starti ### Pleroma.Web.Plugs.RemoteIp -!!! Warning +!!! warning If your instance is not behind at least one reverse proxy, you should not enable this plug. `Pleroma.Web.Plugs.RemoteIp` is a shim to call [`RemoteIp`](https://git.pleroma.social/pleroma/remote_ip) but with runtime configuration. @@ -470,7 +470,7 @@ Available options: ### :rate_limit -!!! Note +!!! note If your instance is behind a reverse proxy, ensure [`Pleroma.Web.Plugs.RemoteIp`](#pleroma-plugs-remoteip) is enabled (it is enabled by default). A keyword list of rate limiters, where a key is a limiter name and value is the limiter configuration. The basic configuration is a tuple where: @@ -561,7 +561,7 @@ the source code is here: [kocaptcha](https://github.com/koto-bank/kocaptcha). Th * `proxy_opts`: Proxy options, see `Pleroma.ReverseProxy` documentation. * `filename_display_max_length`: Set max length of a filename to display. 0 = no limit. Default: 30. -!!! Warning +!!! warning `strip_exif` has been replaced by `Pleroma.Upload.Filter.Mogrify`. ### Uploaders @@ -620,9 +620,9 @@ No specific configuration. ## Email ### Pleroma.Emails.Mailer -* `adapter`: one of the mail adapters listed in [Swoosh README](https://github.com/swoosh/swoosh#adapters), or `Swoosh.Adapters.Local` for in-memory mailbox. +* `adapter`: One of the mail adapters listed in [Swoosh README](https://github.com/swoosh/swoosh#adapters), or `Swoosh.Adapters.Local` for in-memory mailbox. * `api_key` / `password` and / or other adapter-specific settings, per the above documentation. -* `enabled`: Allows to enable/disable send emails. Default: `false`. +* `enabled`: Allows your instance to send emails. Default: `false`. An example for SendGrid adapter: @@ -789,7 +789,7 @@ config :logger, :ex_syslogger, ### RUM indexing for full text search -!!! Warning +!!! warning It is recommended to use PostgreSQL v11 or newer. We have seen some minor issues with lower PostgreSQL versions. * `rum_enabled`: If RUM indexes should be used. Defaults to `false`. @@ -826,7 +826,8 @@ or curl -H "X-Admin-Token: somerandomtoken" "http://localhost:4000/api/v1/pleroma/admin/users/invites" ``` -Warning: it's discouraged to use this feature because of the associated security risk: static / rarely changed instance-wide token is much weaker compared to email-password pair of a real admin user; consider using HTTP Basic Auth or OAuth-based authentication instead. +!!! warning + It's discouraged to use this feature because of the associated security risk: static / rarely changed instance-wide token is much weaker compared to email-password pair of a real admin user; consider using HTTP Basic Auth or OAuth-based authentication instead. ### :auth @@ -883,13 +884,13 @@ OAuth 2.0 provider and related endpoints: OAuth's consumer mode allows sign in / sign up via external OAuth providers (e.g. Twitter, Facebook, Google, Microsoft, etc.). Implementation is based on Überauth; see the list of [available strategies](https://github.com/ueberauth/ueberauth/wiki/List-of-Strategies). -!!! Note +!!! note Each strategy is shipped as a separate dependency; in order to get the strategies, run `OAUTH_CONSUMER_STRATEGIES="..." mix deps.get`, e.g. `OAUTH_CONSUMER_STRATEGIES="twitter facebook google microsoft" mix deps.get`. The server should also be started with `OAUTH_CONSUMER_STRATEGIES="..." mix phx.server` in case you enable any strategies. -!!! Note +!!! note Each strategy requires separate setup (on external provider side and Akkoma side). Below are the guidelines on setting up most popular strategies. -!!! Note +!!! note Make sure that `"SameSite=Lax"` is set in `extra_cookie_attrs` when you have this feature enabled. OAuth's consumer mode will not work with `"SameSite=Strict"` * For Twitter, [register an app](https://developer.twitter.com/en/apps), configure callback URL to https:///oauth/twitter/callback @@ -1070,7 +1071,7 @@ Control favicons for instances. ## Pleroma.User.Backup -!!! Note +!!! note Requires enabled email * `:purge_after_days` an integer, remove backup archives after N days. diff --git a/docs/docs/configuration/howto_database_config.md b/docs/docs/configuration/howto_database_config.md index 0cb5f9bce..4e8fd9745 100644 --- a/docs/docs/configuration/howto_database_config.md +++ b/docs/docs/configuration/howto_database_config.md @@ -42,7 +42,8 @@ The configuration of Akkoma (and Pleroma) has traditionally been managed with a config :pleroma, configurable_from_database: true ``` -4. ⚠️ **THIS IS NOT REQUIRED** ⚠️ +!!! note + This step is not required Now you can edit your config file and strip it down to the only settings which are not possible to control in the database. e.g., the PostgreSQL (Repo) and webserver (Endpoint) settings cannot be controlled in the database because the application needs the settings to start up and access the database. diff --git a/docs/docs/configuration/howto_search_cjk.md b/docs/docs/configuration/howto_search_cjk.md index c9b75bcd8..60bf66bf1 100644 --- a/docs/docs/configuration/howto_search_cjk.md +++ b/docs/docs/configuration/howto_search_cjk.md @@ -32,7 +32,8 @@ Check the output of the query, and see if it matches your expectation. mix pleroma.database set_text_search_config YOUR.CONFIG ``` -Note: index update may take a while, and it can be done while the instance is up and running, so you may restart db connection as soon as you see `Recreate index` in task output. +!!! note + Index update may take a while, and it can be done while the instance is up and running, so you may restart db connection as soon as you see `Recreate index` in task output. ## Restart database connection Since some changes above will only apply with a new database connection, you will have to restart either Akkoma or PostgreSQL process, or use `pg_terminate_backend` SQL command without restarting either. diff --git a/docs/docs/configuration/howto_set_richmedia_cache_ttl_based_on_image.md b/docs/docs/configuration/howto_set_richmedia_cache_ttl_based_on_image.md index fde217b2b..8a25c9ecf 100644 --- a/docs/docs/configuration/howto_set_richmedia_cache_ttl_based_on_image.md +++ b/docs/docs/configuration/howto_set_richmedia_cache_ttl_based_on_image.md @@ -1,7 +1,7 @@ # How to set rich media cache TTL based on image TTL ## Explanation -Richmedia are cached without the TTL, but the rich media may have image which can expire, like AWS-signed URL. +Rich media is cached without the TTL, but the rich media may have an image which can expire, like AWS-signed URL. In such cases, the old image URL (expired) is returned from the media cache. So, to avoid such situation, we can define a module that will set TTL based on image. diff --git a/docs/docs/configuration/i2p.md b/docs/docs/configuration/i2p.md index 04b5c7739..a03aa8b6e 100644 --- a/docs/docs/configuration/i2p.md +++ b/docs/docs/configuration/i2p.md @@ -15,7 +15,8 @@ One using the config, and one using external software (fedproxy). The external s ### Using the Config -**Warning:** So far, everytime I followed this way of federating using I2P, the rest of my federation stopped working. I'm leaving this here in case it will help with making it work. +!!! warning + So far, everytime I followed this way of federating using I2P, the rest of my federation stopped working. I'm leaving this here in case it will help with making it work. Assuming you're running in prod, `cd` to your Akkoma folder and append the following to `config/prod.secret.exs`: ``` diff --git a/docs/docs/configuration/onion_federation.md b/docs/docs/configuration/onion_federation.md index 9352b872f..24871ee9d 100644 --- a/docs/docs/configuration/onion_federation.md +++ b/docs/docs/configuration/onion_federation.md @@ -12,7 +12,8 @@ To install Tor on Debian / Ubuntu: apt -yq install tor ``` -**WARNING:** Onion instances not using a Tor version supporting V3 addresses will not be able to federate with you. +!!! warning + Onion instances not using a Tor version supporting V3 addresses will not be able to federate with you. Create the hidden service for your Akkoma instance in `/etc/tor/torrc`, with an HTTP tunnel: ``` diff --git a/docs/docs/configuration/search.md b/docs/docs/configuration/search.md index c23db740d..eec996793 100644 --- a/docs/docs/configuration/search.md +++ b/docs/docs/configuration/search.md @@ -124,7 +124,8 @@ depends on the amount of text in posts. ## Elasticsearch -**Note: This requires at least Elasticsearch 7** +!!! note + This requires at least Elasticsearch 7 As with Meilisearch, this can be rather memory-hungry, but it is very good at what it does. diff --git a/docs/docs/configuration/static_dir.md b/docs/docs/configuration/static_dir.md index 3d51d3384..b74de533d 100644 --- a/docs/docs/configuration/static_dir.md +++ b/docs/docs/configuration/static_dir.md @@ -66,7 +66,7 @@ config :pleroma, :frontend_configurations, ## Logo -!!! Important +!!! important Note the extra `static` folder for the default logo.png location If you want to give a brand to your instance, you can change the logo of your instance by uploading it to the static directory `$static_dir/static/logo.png`. @@ -84,7 +84,7 @@ config :pleroma, :frontend_configurations, ## Terms of Service -!!! Important +!!! important Note the extra `static` folder for the terms-of-service.html Terms of Service will be shown to all users on the registration page. It's the best place where to write down the rules for your instance. You can modify the rules by adding and changing `$static_dir/static/terms-of-service.html`. diff --git a/docs/docs/development/API/admin_api.md b/docs/docs/development/API/admin_api.md index f6d5bc8ea..1ac0481b2 100644 --- a/docs/docs/development/API/admin_api.md +++ b/docs/docs/development/API/admin_api.md @@ -151,7 +151,8 @@ Backwards-compatibility for admin API endpoints without version prefixes (`/api/ ## `GET /api/v1/pleroma/admin/users/:nickname/permission_group/:permission_group` -Note: Available `:permission_group` is currently moderator and admin. 404 is returned when the permission group doesn’t exist. +!!! note + Available `:permission_group` is currently moderator and admin. 404 is returned when the permission group doesn’t exist. ### Get user permission groups membership per permission group @@ -363,8 +364,8 @@ Removes the user(s) from follower recommendations. ### Delete all users and activities from a remote instance -Note: this will trigger a job to remove instance content in the background. -It may take some time. +!!! note + This will trigger a job to remove instance content in the background. It may take some time. - Params: - `instance`: remote instance host diff --git a/docs/docs/index.md b/docs/docs/index.md index a6bf54ffe..1f4400c8a 100644 --- a/docs/docs/index.md +++ b/docs/docs/index.md @@ -1,4 +1,5 @@ -**Note:** Akkoma documentation is still being updated, so you may still see references to Pleroma in many places. +!!! note + Akkoma documentation is still being updated, so you may still see references to Pleroma in many places. # Introduction to Akkoma ## What is Akkoma? diff --git a/docs/docs/installation/migrating_from_source_otp_en.md b/docs/docs/installation/migrating_from_source_otp_en.md index de6615e22..285d4c2ea 100644 --- a/docs/docs/installation/migrating_from_source_otp_en.md +++ b/docs/docs/installation/migrating_from_source_otp_en.md @@ -111,7 +111,8 @@ su akkoma -s $SHELL -lc "./bin/pleroma stop" ## Setting up a system service OTP releases have different service files than from-source installs, so they need to be copied over again. -**Warning:** The service files assume Akkoma user's home directory is `/opt/akkoma`, please make sure all paths fit your installation. +!!! warning + The service files assume Akkoma user's home directory is `/opt/akkoma`, please make sure all paths fit your installation. === "Alpine" ```sh diff --git a/docs/docs/installation/openbsd_en.md b/docs/docs/installation/openbsd_en.md index 807fc15fd..7932c35e3 100644 --- a/docs/docs/installation/openbsd_en.md +++ b/docs/docs/installation/openbsd_en.md @@ -35,9 +35,9 @@ pkg_add ffmpeg p5-Image-ExifTool Akkoma will be run by a dedicated user, `_akkoma`. Before creating it, insert the following lines in `/etc/login.conf`: ``` akkoma:\ - :datasize-max=1536M:\ - :datasize-cur=1536M:\ - :openfiles-max=4096 + :datasize-max=1536M:\ + :datasize-cur=1536M:\ + :openfiles-max=4096 ``` This creates a `akkoma` login class and sets higher values than default for datasize and openfiles (see [login.conf(5)](https://man.openbsd.org/login.conf)), this is required to avoid having akkoma crash some time after starting. @@ -80,20 +80,20 @@ ext_inet="" ext_inet6="" server "default" { - listen on $ext_inet port 80 # Comment to disable listening on IPv4 - listen on $ext_inet6 port 80 # Comment to disable listening on IPv6 - listen on 127.0.0.1 port 80 # Do NOT comment this line + listen on $ext_inet port 80 # Comment to disable listening on IPv4 + listen on $ext_inet6 port 80 # Comment to disable listening on IPv6 + listen on 127.0.0.1 port 80 # Do NOT comment this line - log syslog - directory no index + log syslog + directory no index - location "/.well-known/acme-challenge/*" { - root "/acme" - request strip 2 - } + location "/.well-known/acme-challenge/*" { + root "/acme" + request strip 2 + } - location "/robots.txt" { root "/htdocs/local/" } - location "/*" { block return 302 "https://$HTTP_HOST$REQUEST_URI" } + location "/robots.txt" { root "/htdocs/local/" } + location "/*" { block return 302 "https://$HTTP_HOST$REQUEST_URI" } } ``` Do not forget to change ** to your server's address(es). If httpd should only listen on one protocol family, comment one of the two first *listen* options. @@ -114,17 +114,17 @@ Insert the following configuration in `/etc/acme-client.conf`: # authority letsencrypt- { - #agreement url "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" - api url "https://acme-v02.api.letsencrypt.org/directory" - account key "/etc/acme/letsencrypt-privkey-.pem" + #agreement url "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf" + api url "https://acme-v02.api.letsencrypt.org/directory" + account key "/etc/acme/letsencrypt-privkey-.pem" } domain { - domain key "/etc/ssl/private/.key" - domain certificate "/etc/ssl/.crt" - domain full chain certificate "/etc/ssl/.fullchain.pem" - sign with letsencrypt- - challengedir "/var/www/acme/" + domain key "/etc/ssl/private/.key" + domain certificate "/etc/ssl/.crt" + domain full chain certificate "/etc/ssl/.fullchain.pem" + sign with letsencrypt- + challengedir "/var/www/acme/" } ``` Replace ** by the domain name you'll use for your instance. As root, run `acme-client -n` to check the config, then `acme-client -ADv ` to create account and domain keys, and request a certificate for the first time. @@ -137,8 +137,8 @@ ln -s /etc/ssl/private/.key /etc/ssl/private/.key ``` This will have to be done for each IPv4 and IPv6 address relayd listens on. -#### relayd -relayd will be used as the reverse proxy sitting in front of Akkoma. +#### Relayd +Relayd will be used as the reverse proxy sitting in front of Akkoma. Insert the following configuration in `/etc/relayd.conf`: ``` # $OpenBSD: relayd.conf,v 1.4 2018/03/23 09:55:06 claudio Exp $ @@ -150,42 +150,42 @@ table { 127.0.0.1 } table { 127.0.0.1 } http protocol plerup { # Protocol for upstream akkoma server - #tcp { nodelay, sack, socket buffer 65536, backlog 128 } # Uncomment and adjust as you see fit - tls ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305" - tls ecdhe secp384r1 + #tcp { nodelay, sack, socket buffer 65536, backlog 128 } # Uncomment and adjust as you see fit + tls ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305" + tls ecdhe secp384r1 - # Forward some paths to the local server (as akkoma won't respond to them as you might want) - pass request quick path "/robots.txt" forward to + # Forward some paths to the local server (as akkoma won't respond to them as you might want) + pass request quick path "/robots.txt" forward to - # Append a bunch of headers - match request header append "X-Forwarded-For" value "$REMOTE_ADDR" # This two header and the next one are not strictly required by akkoma but adding them won't hurt - match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" + # Append a bunch of headers + match request header append "X-Forwarded-For" value "$REMOTE_ADDR" # This two header and the next one are not strictly required by akkoma but adding them won't hurt + match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT" - match response header append "X-XSS-Protection" value "0" - match response header append "X-Permitted-Cross-Domain-Policies" value "none" - match response header append "X-Frame-Options" value "DENY" - match response header append "X-Content-Type-Options" value "nosniff" - match response header append "Referrer-Policy" value "same-origin" - match response header append "Content-Security-Policy" value "default-src 'none'; base-uri 'none'; form-action 'self'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://CHANGEME.tld; upgrade-insecure-requests;" # Modify "CHANGEME.tld" and set your instance's domain here - match request header append "Connection" value "upgrade" - #match response header append "Strict-Transport-Security" value "max-age=63072000; includeSubDomains; preload" # Uncomment this only after you get HTTPS working. + match response header append "X-XSS-Protection" value "0" + match response header append "X-Permitted-Cross-Domain-Policies" value "none" + match response header append "X-Frame-Options" value "DENY" + match response header append "X-Content-Type-Options" value "nosniff" + match response header append "Referrer-Policy" value "same-origin" + match response header append "Content-Security-Policy" value "default-src 'none'; base-uri 'none'; form-action 'self'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://CHANGEME.tld; upgrade-insecure-requests;" # Modify "CHANGEME.tld" and set your instance's domain here + match request header append "Connection" value "upgrade" + #match response header append "Strict-Transport-Security" value "max-age=63072000; includeSubDomains; preload" # Uncomment this only after you get HTTPS working. - # If you do not want remote frontends to be able to access your Akkoma backend server, comment these lines - match response header append "Access-Control-Allow-Origin" value "*" - match response header append "Access-Control-Allow-Methods" value "POST, PUT, DELETE, GET, PATCH, OPTIONS" - match response header append "Access-Control-Allow-Headers" value "Authorization, Content-Type, Idempotency-Key" - match response header append "Access-Control-Expose-Headers" value "Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id" - # Stop commenting lines here + # If you do not want remote frontends to be able to access your Akkoma backend server, comment these lines + match response header append "Access-Control-Allow-Origin" value "*" + match response header append "Access-Control-Allow-Methods" value "POST, PUT, DELETE, GET, PATCH, OPTIONS" + match response header append "Access-Control-Allow-Headers" value "Authorization, Content-Type, Idempotency-Key" + match response header append "Access-Control-Expose-Headers" value "Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id" + # Stop commenting lines here } relay wwwtls { - listen on $ext_inet port https tls # Comment to disable listening on IPv4 - listen on $ext_inet6 port https tls # Comment to disable listening on IPv6 + listen on $ext_inet port https tls # Comment to disable listening on IPv4 + listen on $ext_inet6 port https tls # Comment to disable listening on IPv6 - protocol plerup + protocol plerup - forward to port 4000 check http "/" code 200 - forward to port 80 check http "/robots.txt" code 200 + forward to port 4000 check http "/" code 200 + forward to port 80 check http "/robots.txt" code 200 } ``` Again, change ** to your server's address(es) and comment one of the two *listen* options if needed. Also change *wss://CHANGEME.tld* to *wss://*. diff --git a/docs/docs/installation/optional/media_graphics_packages.md b/docs/docs/installation/optional/media_graphics_packages.md index eaebd3877..04a26b052 100644 --- a/docs/docs/installation/optional/media_graphics_packages.md +++ b/docs/docs/installation/optional/media_graphics_packages.md @@ -7,7 +7,8 @@ For specific Pleroma functionality (which is disabled by default) some or all of Please refer to documentation in `docs/installation` on how to install them on specific OS. -Note: the packages are not required with the current default settings of Pleroma. +!!! note + The packages are not required with the current default settings of Pleroma. ## `ImageMagick` diff --git a/docs/docs/installation/otp_en.md b/docs/docs/installation/otp_en.md index 3053abde0..f760f4892 100644 --- a/docs/docs/installation/otp_en.md +++ b/docs/docs/installation/otp_en.md @@ -75,7 +75,7 @@ Per [`docs/installation/optional/media_graphics_packages.md`](optional/media_gra ### Configuring PostgreSQL #### (Optional) Installing RUM indexes -!!! Warning +!!! warning It is recommended to use PostgreSQL v11 or newer. We have seen some minor issues with lower PostgreSQL versions. RUM indexes are an alternative indexing scheme that is not included in PostgreSQL by default. You can read more about them on the [Configuration page](../configuration/cheatsheet.md#rum-indexing-for-full-text-search). They are completely optional and most of the time are not worth it, especially if you are running a single user instance (unless you absolutely need ordered search results). diff --git a/docs/docs/installation/otp_redhat_en.md b/docs/docs/installation/otp_redhat_en.md index e549221a3..8ab949716 100644 --- a/docs/docs/installation/otp_redhat_en.md +++ b/docs/docs/installation/otp_redhat_en.md @@ -10,7 +10,8 @@ However, you may compile your own OTP release from scratch. This is particularly In order to compile a RedHat-compatible OTP release, you will need to run a Red Hat Linux distribution. This guide will assume you run Fedora 36, though it should also work on older Fedora releases and other Red Hat distributions. It also assumes that you have administrative rights and sufficient knowledge on how to perform common CLI tasks in Linux. If you want to run this guide with root, ignore the `sudo` at the beginning of the lines. -Important: keep in mind that you must build your OTP release for the specific Red Hat distribution you wish to use it on. A build on Fedora will only be compatible with a specific Fedora release version. +!!! important + Keep in mind that you must build your OTP release for the specific Red Hat distribution you wish to use it on. A build on Fedora will only be compatible with a specific Fedora release version. ## Building an OTP release for Fedora 36