From fa01721e8ef0b506136cf21882dad45f6e558e69 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 4 Jun 2020 00:50:55 +0200 Subject: [PATCH 1/5] cleanup --- scripts/remove | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/remove b/scripts/remove index e30f44e..079f815 100755 --- a/scripts/remove +++ b/scripts/remove @@ -60,7 +60,7 @@ ynh_remove_systemd_config ynh_print_info --message="Removing the PostgreSQL database..." # Remove a database if it exists, along with the associated user -ynh_psql_remove_db --db_user=$db_user --db_name=$db_name +ynh_psql_remove_db --db_user="$db_user" --db_name="$db_name" #================================================= # REMOVE DEPENDENCIES From ab152adffe6fac341f1db159b3005cdde0b35005 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 4 Jun 2020 15:04:08 +0200 Subject: [PATCH 2/5] remoce sudo su ! [YEP-2.12] You should not need to use 'sudo', the script is being run as root. (If you need to run a command using a specific user, use 'ynh_exec_as') --- scripts/install | 2 +- scripts/upgrade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index 4f97183..87b8bac 100755 --- a/scripts/install +++ b/scripts/install @@ -135,7 +135,7 @@ then ynh_store_file_checksum --file="/etc/nginx/conf.d/$app-cache.conf" ynh_replace_string --match_string="{APP}" --replace_string="$app" --target_file="../conf/media.conf" ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="../conf/media.conf" - sudo su -c "cat ../conf/media.conf >> /etc/nginx/conf.d/$domain.d/$app.conf" + cat ../conf/media.conf >> /etc/nginx/conf.d/$domain.d/$app.conf ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" fi diff --git a/scripts/upgrade b/scripts/upgrade index 1871ea7..f52f470 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -208,7 +208,7 @@ then ynh_store_file_checksum --file="/etc/nginx/conf.d/$app-cache.conf" ynh_replace_string --match_string="{APP}" --replace_string="$app" --target_file="../conf/media.conf" ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="../conf/media.conf" - sudo su -c "cat ../conf/media.conf >> /etc/nginx/conf.d/$domain.d/$app.conf" + cat ../conf/media.conf >> /etc/nginx/conf.d/$domain.d/$app.conf ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" fi From 541fdc1982679371d5675dc8aeb183b70bda84cb Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 4 Jun 2020 15:04:32 +0200 Subject: [PATCH 3/5] switch from add_header to more_set_headers ! Do not use 'add_header' in the nginx conf. Use 'more_set_headers' instead. (See https://www.peterbe.com/plog/be-very-careful-with-your-add_header-in-nginx and https://github.com/openresty/headers-more-nginx-module#more_set_headers ) --- conf/nginx.conf | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 3c252af..695a908 100755 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -16,25 +16,25 @@ client_max_body_size 16m; - add_header 'Access-Control-Allow-Origin' '*' always; - add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always; - add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always; - add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always; + more_set_headers "Access-Control-Allow-Origin : *"; + more_set_headers "Access-Control-Allow-Methods : POST, PUT, DELETE, GET, PATCH, OPTIONS"; + more_set_headers "Access-Control-Allow-Headers : Authorization, Content-Type, Idempotency-Key"; + more_set_headers "Access-Control-Expose-Headers : Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id"; if ($request_method = OPTIONS) { return 204; } # stop removing lines here. - add_header X-XSS-Protection "1; mode=block" always; - add_header X-Permitted-Cross-Domain-Policies "none" always; - add_header X-Frame-Options "DENY" always; - add_header X-Content-Type-Options "nosniff" always; - add_header Referrer-Policy "same-origin" always; - add_header X-Download-Options "noopen" always; - #add_header Content-Security-Policy "default-src 'none'; base-uri 'self'; form-action *; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://__DOMAIN__; upgrade-insecure-requests;" always; + more_set_headers "X-XSS-Protection : 1; mode=block"; + more_set_headers "X-Permitted-Cross-Domain-Policies : none"; + more_set_headers "X-Frame-Options : DENY"; + more_set_headers "X-Content-Type-Options : nosniff"; + more_set_headers "Referrer-Policy : same-origin"; + more_set_headers "X-Download-Options : noopen"; + # more_set_headers "Content-Security-Policy : default-src 'none'; base-uri 'self'; form-action *; frame-ancestors 'none'; img-src 'self' data: https:; media-src 'self' https:; style-src 'self' 'unsafe-inline'; font-src 'self'; script-src 'self'; connect-src 'self' wss://__DOMAIN__; upgrade-insecure-requests;"; # Uncomment this only after you get HTTPS working. - # add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + # more_set_headers "Strict-Transport-Security : max-age=31536000; includeSubDomains"; # Include SSOWAT user panel. From 0dba31eca96aa70e330dcbdb058598585a792e19 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Mon, 15 Jun 2020 00:51:17 +0200 Subject: [PATCH 4/5] Updating overview --- README.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f2fb788..63e1db5 100644 --- a/README.md +++ b/README.md @@ -7,11 +7,9 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* ## Overview -[Pleroma](https://pleroma.social/) is an **OStatus and ActivityPub compatible social networking server** written in Elixir, compatible with **GNU Social** and **Mastodon**. It is high-performance and can run on small devices like a **Raspberry Pi**. +Pleroma is a microblogging server software that can federate (= exchange messages with) other servers that support ActivityPub. What that means is that you can host a server for yourself or your friends and stay in control of your online identity, but still exchange messages with people on larger servers. Pleroma will federate with all servers that implement ActivityPub, like Friendica, GNU Social, Hubzilla, Mastodon, Misskey, Peertube, and Pixelfed. -For clients it supports both the **GNU Social API** with **Qvitter extensions** and the **Mastodon client API**.
- -For user friendly details about Pleroma: [see here](https://blog.soykaf.com/post/what-is-pleroma/)
+For user friendly details about Pleroma: [see here](https://blog.soykaf.com/post/what-is-pleroma/) **Mastodon web front-end for Pleroma:** Add **/web** in front of your Pleroma domain, eg. pleroma.domain.tld/web From 0cb16adb1ddfaadaa52994ae95e30735c300d053 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 16 Jun 2020 02:04:21 +0200 Subject: [PATCH 5/5] Update manifest.json --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 5bda6f9..dfbc0d4 100755 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Pleroma is an OStatus-compatible social networking server written in Elixir, compatible with GNU Social and Mastodon", "fr": "Pleroma est un réseau social écrit en Elixir, compatible avec OStatus, GNU Social et Mastodon" }, - "version": "2.0.5~ynh2", + "version": "2.0.5~ynh3", "url": "https://git.pleroma.social/pleroma/pleroma", "license": "AGPL-3.0-only", "maintainer": [