AkkomaGang/akkoma
AkkomaGang/akkoma
13
63
Fork 84
Code Issues 163 Pull requests 14 Packages Projects 2 Releases 14 Wiki Activity

Use /var/tmp for media cache path #776

Merged
floatingghost merged 3 commits from norm/akkoma:nginx-var-tmp into develop 2024-05-28 02:05:18 +00:00
Conversation 2 Commits 3 Files changed 7 +32 -118
norm commented 2024-05-15 21:01:28 +00:00
Contributor
Copy link

The /var/tmp directory is not mounted as tmpfs unlike /tmp which is
mounted as such on some distros like Fedora or Arch. Since there isn't
really a benefit to having the cache on tmpfs, this change should allow
for a larger cache if needed without worrying about running out of RAM.

The /var/tmp directory is not mounted as tmpfs unlike /tmp which is mounted as such on some distros like Fedora or Arch. Since there isn't really a benefit to having the cache on tmpfs, this change should allow for a larger cache if needed without worrying about running out of RAM.
norm added 1 commit 2024-05-15 21:01:29 +00:00
Use /var/tmp for nginx cache path
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
9a5121fa93 
The /var/tmp directory is not mounted as tmpfs unlike /tmp which is
mounted as such on some distros like Fedora or Arch. Since there isn't
really a benefit to having the cache on tmpfs, this change should allow
for a larger cache if needed without worrying about running out of RAM.
norm added 1 commit 2024-05-15 21:02:31 +00:00
Update example cache purge script to point to new cache dir
Some checks are pending
ci/woodpecker/pr/build-amd64 Pipeline is pending
Details
ci/woodpecker/pr/build-arm64 Pipeline is pending
Details
ci/woodpecker/pr/docs Pipeline is pending
Details
ci/woodpecker/pr/lint Pipeline is pending
Details
ci/woodpecker/pr/test Pipeline is pending
Details
0aab2d6ee6
Oneric commented 2024-05-15 21:20:03 +00:00
Member
Copy link

The old path is also referenced in

  • docs/docs/configuration/howto_mediaproxy.md
  • docs/docs/configuration/onion_federation.md
  • docs/docs/configuration/i2p.md
  • installation/apache/akkoma-apache.conf
  • installation/apache/apache-cache-purge.sh

The latter two being from Apache but the use of cache_disk__module seems to suggest it too is fine or even expects cache being backed by a regular disk

The old path is also referenced in - `docs/docs/configuration/howto_mediaproxy.md` - `docs/docs/configuration/onion_federation.md` - `docs/docs/configuration/i2p.md` - `installation/apache/akkoma-apache.conf` - `installation/apache/apache-cache-purge.sh` The latter two being from Apache but the use of `cache_disk__module` seems to suggest it too is fine or even expects cache being backed by a regular disk
norm force-pushed nginx-var-tmp from 0aab2d6ee6 to ace3fac890 2024-05-16 00:43:39 +00:00 Compare
norm changed title from Use /var/tmp for nginx cache path to Use /var/tmp for media cache path 2024-05-16 00:43:53 +00:00
Oneric reviewed 2024-05-16 01:31:22 +00:00
docs/docs/configuration/howto_mediaproxy.md Outdated
@ -29,3 +10,1 @@
```
If you came here from one of the installation guides, take a look at the example configuration `/installation/nginx/akkoma.nginx`, where this part is already included.
* This is _required_; we do not support using the same domain as the main instance due to past security bugs.
Oneric commented 2024-05-16 01:27:51 +00:00
Member
Copy link

it’s technically not required (but strongly recommended), Akkoma "just" hurls a warning at you on each start if base_url belongs to the instance domain (setting base_url is now required though)

it’s technically not required (but **strongly** recommended), Akkoma "just" hurls a warning at you on each start if `base_url` belongs to the instance domain (setting `base_url` is now required though)
norm marked this conversation as resolved
docs/docs/configuration/i2p.md
@ -157,2 +133,3 @@
In the Nginx config, add the following into the `location /` block:
```nginx
add_header X-XSS-Protection "0";
Oneric commented 2024-05-16 01:29:25 +00:00
Member
Copy link

I like cutting this down to only the bits relevant to i2p, but the old config also changed the listening port (presumably to match i2p convention or some other part of this guide). This probably should still be mentioned

I like cutting this down to only the bits relevant to i2p, but the old config also changed the listening port (presumably to match i2p convention or some other part of this guide). This probably should still be mentioned
norm marked this conversation as resolved
docs/docs/configuration/onion_federation.md
@ -101,2 +77,3 @@
In the Nginx config, add the following into the `location /` block:
```nginx
add_header X-XSS-Protection "0";
Oneric commented 2024-05-16 01:29:36 +00:00
Member
Copy link

same thing as with i2p

same thing as with i2p
norm marked this conversation as resolved
norm force-pushed nginx-var-tmp from ace3fac890 to 1cb814feee 2024-05-16 19:34:18 +00:00 Compare
Oneric approved these changes 2024-05-16 21:11:24 +00:00
Dismissed
Oneric left a comment
Member
Copy link

Not sure about moving and changing

You really should use a subdomain to serve proxied files; while we will fix bugs resulting from this, serving arbitrary remote content on your main domain namespace is a significant attack surface.

to

This is strongly recommended; we do not support using the same domain as the main instance due to past security bugs.

But otherwise good

Not sure about moving and changing > You **really** should use a subdomain to serve proxied files; while we will fix bugs resulting from this, serving arbitrary remote content on your main domain namespace is a significant attack surface. to > This is _strongly recommended_; we do not support using the same domain as the main instance due to past security bugs. But otherwise good
norm force-pushed nginx-var-tmp from 1cb814feee to bb29c5bed2 2024-05-16 23:09:45 +00:00 Compare
norm commented 2024-05-16 23:11:52 +00:00
Author
Contributor
Copy link

I've changed it back to the old wording

I've changed it back to the old wording
Oneric approved these changes 2024-05-16 23:25:38 +00:00
floatingghost approved these changes 2024-05-28 02:05:12 +00:00
floatingghost left a comment
Owner
Copy link

/tmp/ should be used for smaller, size-bounded files only; /var/tmp/ should be used for everything else

huh, TIL

is all coolio, thanks!

>/tmp/ should be used for smaller, size-bounded files only; /var/tmp/ should be used for everything else huh, TIL is all coolio, thanks!
👍 1
floatingghost merged commit 8afc3bee7a into develop 2024-05-28 02:05:18 +00:00
floatingghost deleted branch nginx-var-tmp 2024-05-28 02:05:18 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Oneric
floatingghost
Labels
Clear labels   
approved, awaiting change

   
bug

Something is not working

  
configuration

This requires config changes

  
documentation

This is about human-readable docs

  
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
extremely low priority

   
feature request

Something new?

  
Fix it yourself

Support has been attempted

  
help wanted

Need some help

  
invalid

Something is wrong

  
mastodon_api

   
needs docs

   
needs tests

   
not a bug

   
planned

   
pleroma_api

   
privacy

   
question

More information is needed

  
static_fe

   
triage

   
wontfix

This won't be fixed

No labels
approved, awaiting change
bug
configuration
documentation
duplicate
enhancement
extremely low priority
feature request
Fix it yourself
help wanted
invalid
mastodon_api
needs docs
needs tests
not a bug
planned
pleroma_api
privacy
question
static_fe
triage
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
3 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: AkkomaGang/akkoma#776
No description provided.
Delete branch "norm/akkoma:nginx-var-tmp"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?