Merge branch 'tusooa/media-altdomain' into 'develop'
Add instructions to serve media on another domain See merge request pleroma/pleroma!3892
This commit is contained in:
Haelwenn
commit
2b9cd25cf4
13 changed files with 149 additions and 0 deletions
|
|
@ -62,6 +62,20 @@ An additional “Expect-CT” header will be sent with the configured `ct_max_ag
|
|||
|
||||
If you click on a link, your browser’s request to the other site will include from where it is coming from. The “Referrer policy” header tells the browser how and if it should send this information. (see [Referrer policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy))
|
||||
|
||||
### Uploaded media and media proxy
|
||||
|
||||
It is STRONGLY RECOMMENDED to serve both the locally-uploaded media and the media proxy from another domain than the domain that Pleroma runs on, if applicable.
|
||||
|
||||
```elixir
|
||||
config :pleroma, :media_proxy,
|
||||
base_url: "https://some.other.domain"
|
||||
|
||||
config :pleroma, Pleroma.Upload,
|
||||
base_url: "https://some.other.domain/media"
|
||||
```
|
||||
|
||||
See `installation/pleroma-mediaproxy.nginx` for examples on how to configure your media proxy.
|
||||
|
||||
## systemd
|
||||
|
||||
A systemd unit example is provided at `installation/pleroma.service`.
|
||||
|
|
|
|||
|
|
@ -183,6 +183,9 @@ server {
|
|||
...
|
||||
}
|
||||
```
|
||||
* (Strongly recommended) serve media on another domain
|
||||
|
||||
Refer to the [Hardening your instance](../configuration/hardening.md) document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors.
|
||||
|
||||
* Enable and start nginx:
|
||||
|
||||
|
|
|
|||
|
|
@ -173,6 +173,11 @@ sudo ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/ple
|
|||
```
|
||||
|
||||
* Before starting nginx edit the configuration and change it to your needs (e.g. change servername, change cert paths)
|
||||
|
||||
* (Strongly recommended) serve media on another domain
|
||||
|
||||
Refer to the [Hardening your instance](../configuration/hardening.md) document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors.
|
||||
|
||||
* Enable and start nginx:
|
||||
|
||||
```shell
|
||||
|
|
|
|||
|
|
@ -136,6 +136,11 @@ sudo ln -s /etc/nginx/sites-available/pleroma.nginx /etc/nginx/sites-enabled/ple
|
|||
```
|
||||
|
||||
* Before starting nginx edit the configuration and change it to your needs (e.g. change servername, change cert paths)
|
||||
|
||||
* (Strongly recommended) serve media on another domain
|
||||
|
||||
Refer to the [Hardening your instance](../configuration/hardening.md) document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors.
|
||||
|
||||
* Enable and start nginx:
|
||||
|
||||
```shell
|
||||
|
|
|
|||
|
|
@ -1,4 +1,7 @@
|
|||
# Pleromaの入れ方
|
||||
|
||||
Note: This article is potentially outdated because at this time we may not have people who can speak this language well enough to update it. To see the up-to-date version, which may have significant differences or important caveats of the installation process, look up the English version.
|
||||
|
||||
## 日本語訳について
|
||||
|
||||
この記事は [Installing on Debian based distributions](Installing on Debian based distributions) の日本語訳です。何かがおかしいと思ったら、原文を見てください。
|
||||
|
|
|
|||
|
|
@ -173,6 +173,10 @@ Edit the defaults of `/usr/local/etc/nginx/sites-available/pleroma.nginx`:
|
|||
* Change `ssl_certificate_key` to `/var/db/acme/certs/example.tld/example.tld.key`.
|
||||
* Change all references of `example.tld` to your instance's domain name.
|
||||
|
||||
#### (Strongly recommended) serve media on another domain
|
||||
|
||||
Refer to the [Hardening your instance](../configuration/hardening.md) document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors.
|
||||
|
||||
## Creating a startup script for Pleroma
|
||||
|
||||
Pleroma will need to compile when it initially starts, which typically takes a longer
|
||||
|
|
|
|||
|
|
@ -227,6 +227,10 @@ Replace all instances of `example.tld` with your instance's public URL. If for w
|
|||
|
||||
Pay special attention to the line that begins with `ssl_ecdh_curve`. It is stongly advised to comment that line out so that OpenSSL will use its full capabilities, and it is also possible you are running OpenSSL 1.0.2 necessitating that you do this.
|
||||
|
||||
* (Strongly recommended) serve media on another domain
|
||||
|
||||
Refer to the [Hardening your instance](../configuration/hardening.md) document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors.
|
||||
|
||||
* Enable and start nginx:
|
||||
|
||||
```shell
|
||||
|
|
|
|||
|
|
@ -123,6 +123,10 @@ Edit the defaults:
|
|||
* Change `ssl_certificate_key` to `/etc/nginx/tls/key`.
|
||||
* Change `example.tld` to your instance's domain name.
|
||||
|
||||
### (Strongly recommended) serve media on another domain
|
||||
|
||||
Refer to the [Hardening your instance](../configuration/hardening.md) document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors.
|
||||
|
||||
## Configuring acme.sh
|
||||
|
||||
We'll be using acme.sh in Stateless Mode for TLS certificate renewal.
|
||||
|
|
|
|||
|
|
@ -195,6 +195,10 @@ rcctl enable relayd
|
|||
rcctl start relayd
|
||||
```
|
||||
|
||||
##### (Strongly recommended) serve media on another domain
|
||||
|
||||
Refer to the [Hardening your instance](../configuration/hardening.md) document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors.
|
||||
|
||||
#### pf
|
||||
Enabling and configuring pf is highly recommended.
|
||||
In /etc/pf.conf, insert the following configuration:
|
||||
|
|
|
|||
|
|
@ -1,5 +1,7 @@
|
|||
# Pleroman asennus OpenBSD:llä
|
||||
|
||||
Note: This article is potentially outdated because at this time we may not have people who can speak this language well enough to update it. To see the up-to-date version, which may have significant differences or important caveats of the installation process, look up the English version.
|
||||
|
||||
Tarvitset:
|
||||
* Oman domainin
|
||||
* OpenBSD 6.3 -serverin
|
||||
|
|
|
|||
|
|
@ -198,6 +198,10 @@ $EDITOR path-to-nginx-config
|
|||
# Verify that the config is valid
|
||||
nginx -t
|
||||
```
|
||||
#### (Strongly recommended) serve media on another domain
|
||||
|
||||
Refer to the [Hardening your instance](../configuration/hardening.md) document on how to serve media on another domain. We STRONGLY RECOMMEND you to do this to minimize attack vectors.
|
||||
|
||||
#### Start nginx
|
||||
|
||||
=== "Alpine"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue