diff --git a/phosphorus/srv/docker/caddy/conf/sites-enabled/sharkey b/phosphorus/srv/docker/caddy/conf/sites-enabled/sharkey index 0d27fdf..79d4b81 100644 --- a/phosphorus/srv/docker/caddy/conf/sites-enabled/sharkey +++ b/phosphorus/srv/docker/caddy/conf/sites-enabled/sharkey @@ -1,7 +1,28 @@ booping.synth.download { - reverse_proxy 127.0.0.1:60628 - import common-settings import log sharkey import robots-txt + + @activity_pub `header({'Content-Type': 'application/activity+json*'}) || header({'Content-Type': 'application/ld+json*'}) || header({'Accept': 'application/activity+json*'}) || header({'Accept': 'application/ld+json*'})` + + route { + # media service + reverse_proxy /files/* 127.0.0.1:57378 + reverse_proxy /avatar/* 127.0.0.1:57378 + reverse_proxy /url 127.0.0.1:57378 + reverse_proxy /twemoji-badge/* 127.0.0.1:57378 + reverse_proxy /identicon/* 127.0.0.1:57378 + + # activitypub service + reverse_proxy @activity_pub 127.0.0.1:47815 + reverse_proxy /api/v2/search 127.0.0.1:47815 + reverse_proxy /api/admin/federation/refresh-remote-instance-metadata 127.0.0.1:47815 + reverse_proxy /api/notes/polls/refresh 127.0.0.1:47815 + reverse_proxy /api/federation/update-remote-user 127.0.0.1:47815 + reverse_proxy /api/ap/get 127.0.0.1:47815 + reverse_proxy /api/ap/show 127.0.0.1:47815 + + # api + web frontend (+ general fallback) + reverse_proxy 127.0.0.1:60628 + } } \ No newline at end of file diff --git a/phosphorus/srv/docker/sharkey/activity/sharkey-activity.yml b/phosphorus/srv/docker/sharkey/activity/sharkey-activity.yml new file mode 100644 index 0000000..1897b68 --- /dev/null +++ b/phosphorus/srv/docker/sharkey/activity/sharkey-activity.yml @@ -0,0 +1,12 @@ +# The port that your Misskey server should listen on. +port: 3002 + +# Job concurrency per worker +deliverJobConcurrency: 0 +inboxJobConcurrency: 0 +relationshipJobConcurrency: 0 + +# Job rate limiter +deliverJobPerSec: 0 +inboxJobPerSec: 0 +relationshipJobPerSec: 0 \ No newline at end of file diff --git a/phosphorus/srv/docker/sharkey/api/sharkey-api.yml b/phosphorus/srv/docker/sharkey/api/sharkey-api.yml new file mode 100644 index 0000000..5eb8f0e --- /dev/null +++ b/phosphorus/srv/docker/sharkey/api/sharkey-api.yml @@ -0,0 +1,12 @@ +# The port that your Misskey server should listen on. +port: 3001 + +# Job concurrency per worker +deliverJobConcurrency: 0 +inboxJobConcurrency: 0 +relationshipJobConcurrency: 0 + +# Job rate limiter +deliverJobPerSec: 0 +inboxJobPerSec: 0 +relationshipJobPerSec: 0 \ No newline at end of file diff --git a/phosphorus/srv/docker/sharkey/compose.yaml b/phosphorus/srv/docker/sharkey/compose.yaml index 2dd4a2d..1d1fe28 100644 --- a/phosphorus/srv/docker/sharkey/compose.yaml +++ b/phosphorus/srv/docker/sharkey/compose.yaml @@ -1,31 +1,121 @@ +# since sharkey/misskey lacks documentation, i'll describe how this works here +# +# basically: we're splitting up the different things sharkey does into their own seperate services, which makes things more responsive (although heavier) rather than being one giant service doing everything. +# +# we keep our default.yml config intact then provide extra *.yml configs for each service respectively +# - each process will load the values of default.yml first, then load other configs and override default.yml's values +# - we keep our default.yml to provide character/file size limits, moto of the day, etc. (db/redis/search settings are confined to .env.secrets in our setup but if you don't need/have it you can remove it from here) +# - our config points each service to their own config, we mount default.yml for each service as well which is read first +# +# then caddy (or if you're using this yourself, whatever reverse proxy is preferred) just reverse proxies each endpoint into their respective "service" + services: - web: + # api obviously handles most api endpoints, as well as serving the web frontend + api: image: registry.activitypub.software/transfem-org/sharkey:latest restart: always - links: - - redis depends_on: redis: condition: service_healthy ports: - - "127.0.0.1:60628:60628" + - "127.0.0.1:60628:3001" networks: - - shonk - ip6net - db + - sharkey + env_file: + - .env.secrets # secrets contains our db password and stuff like that environment: - - NODE_OPTIONS="--max-old-space-size=8192" + - MISSKEY_CONFIG_YML=*.yml + - MISSKEY_CONFIG_DIR=/sharkey/.config + - MK_ONLY_SERVER=1 + - MK_DISABLE_CLUSTERING=1 + volumes: + - ./files:/sharkey/files # unsure which actually needs access to files, so we share with all services just in case + - ./api:/sharkey/.config + - ./default.yml:/sharkey/.config/default.yml:ro # default/generic config + + # queue/process handling. basically the actual backend + worker: + image: registry.activitypub.software/transfem-org/sharkey:latest + restart: always + depends_on: + redis: + condition: service_healthy + networks: + - db + - sharkey + env_file: + - .env.secrets + environment: + - MISSKEY_CONFIG_YML=*.yml + - MISSKEY_CONFIG_DIR=/sharkey/.config + - MK_ONLY_QUEUE=1 volumes: - ./files:/sharkey/files - - ./.config:/sharkey/.config:ro + - ./worker:/sharkey/.config + - ./default.yml:/sharkey/.config/default.yml:ro + # handles federation/activitypub requests + activity: + image: registry.activitypub.software/transfem-org/sharkey:latest + restart: always + depends_on: + redis: + condition: service_healthy + ports: + - "127.0.0.1:47815:3002" + networks: + - ip6net + - db + - sharkey + env_file: + - .env.secrets + environment: + - MISSKEY_CONFIG_YML=*.yml + - MISSKEY_CONFIG_DIR=/sharkey/.config + - MK_ONLY_SERVER=1 + - MK_DISABLE_CLUSTERING=1 + - MK_NO_DAEMONS=1 + volumes: + - ./files:/sharkey/files + - ./activity:/sharkey/.config + - ./default.yml:/sharkey/.config/default.yml:ro + + # handles media/reverse proxy (/files/*) + media: + image: registry.activitypub.software/transfem-org/sharkey:latest + restart: always + depends_on: + redis: + condition: service_healthy + ports: + - "127.0.0.1:57378:3003" + networks: + - ip6net + - db + - sharkey + env_file: + - .env.secrets + environment: + - MISSKEY_CONFIG_YML=*.yml + - MISSKEY_CONFIG_DIR=/sharkey/.config + - MK_ONLY_SERVER=1 + - MK_DISABLE_CLUSTERING=1 + - MK_NO_DAEMONS=1 + volumes: + - ./files:/sharkey/files + - ./media:/sharkey/.config + - ./default.yml:/sharkey/.config/default.yml:ro + + # redis is used for caching redis: restart: always image: redis:alpine - networks: - - shonk volumes: - ./redis:/data + networks: + - sharkey healthcheck: test: "redis-cli ping" interval: 5s @@ -38,4 +128,4 @@ networks: ip6net: name: ip6net external: true - shonk: \ No newline at end of file + sharkey: \ No newline at end of file diff --git a/phosphorus/srv/docker/sharkey/.config/default.yml b/phosphorus/srv/docker/sharkey/default.yml similarity index 89% rename from phosphorus/srv/docker/sharkey/.config/default.yml rename to phosphorus/srv/docker/sharkey/default.yml index 863e774..915a75e 100644 --- a/phosphorus/srv/docker/sharkey/.config/default.yml +++ b/phosphorus/srv/docker/sharkey/default.yml @@ -73,11 +73,11 @@ url: https://booping.synth.download/ #───┘ Port and TLS settings └─────────────────────────────────── # -# Misskey requires a reverse proxy to support HTTPS connections. +# Sharkey requires a reverse proxy to support HTTPS connections. # # +----- https://example.tld/ ------------+ # +------+ |+-------------+ +----------------+| -# | User | ---> || Proxy (443) | ---> | Misskey (3000) || +# | User | ---> || Proxy (443) | ---> | Sharkey (3000) || # +------+ |+-------------+ +----------------+| # +---------------------------------------+ # @@ -85,14 +85,14 @@ url: https://booping.synth.download/ # An encrypted connection with HTTPS is highly recommended # because tokens may be transferred in GET requests. -# The port that your Misskey server should listen on. -port: 60628 +# The port that your Sharkey server should listen on. +port: 3000 # ┌──────────────────────────┐ #───┘ PostgreSQL configuration └──────────────────────────────── db: - host: gyattabase + host: db port: 5432 # Database name @@ -101,15 +101,24 @@ db: # Auth # You can set user and pass from environment variables instead. - user: misskey - pass: rizzrizzrizz + user: example-misskey-user + pass: example-misskey-pass - # Whether disable Caching queries - #disableCache: true + ## Log a warning to the server console if any query takes longer than this to complete. + ## Measured in milliseconds; set to 0 to disable. (default: 300) + #slowQueryThreshold: 300 + + # If false, then query results will be cached in redis. + # If true (default), then queries will not be cached. + # This will reduce database load at the cost of increased Redis traffic and risk of bugs and unpredictable behavior. + #disableCache: false # Extra Connection options #extra: # ssl: true + # # Set a higher value if you have timeout issues during migration + # statement_timeout: 10000 + dbReplications: false @@ -138,6 +147,8 @@ redis: #pass: example-pass #prefix: example-prefix #db: 1 + # You can specify more ioredis options... + #username: example-username #redisForPubsub: # host: redis @@ -146,6 +157,8 @@ redis: # #pass: example-pass # #prefix: example-prefix # #db: 1 +# # You can specify more ioredis options... +# #username: example-username #redisForJobQueue: # host: redis @@ -154,6 +167,8 @@ redis: # #pass: example-pass # #prefix: example-prefix # #db: 1 +# # You can specify more ioredis options... +# #username: example-username #redisForTimelines: # host: redis @@ -162,6 +177,28 @@ redis: # #pass: example-pass # #prefix: example-prefix # #db: 1 +# # You can specify more ioredis options... +# #username: example-username + +#redisForReactions: +# host: redis +# port: 6379 +# #family: 0 # 0=Both, 4=IPv4, 6=IPv6 +# #pass: example-pass +# #prefix: example-prefix +# #db: 1 +# # You can specify more ioredis options... +# #username: example-username + +#redisForRateLimit: +# host: localhost +# port: 6379 +# #family: 0 # 0=Both, 4=IPv4, 6=IPv6 +# #pass: example-pass +# #prefix: example-prefix +# #db: 1 +# # You can specify more ioredis options... +# #username: example-username # ┌───────────────────────────────┐ #───┘ Fulltext search configuration └───────────────────────────── @@ -236,23 +273,23 @@ id: 'aidx' #disableHsts: true # Number of worker processes -clusterLimit: 6 +#clusterLimit: 1 # Job concurrency per worker -deliverJobConcurrency: 96 -inboxJobConcurrency: 16 -relationshipJobConcurrency: 16 -# What's relationshipJob?: -# Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations. +#deliverJobConcurrency: 128 +#inboxJobConcurrency: 16 +#relationshipJobConcurrency: 16 +# What's relationshipJob?: +# Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations. # Job rate limiter -deliverJobPerSec: 96 -inboxJobPerSec: 32 -relationshipJobPerSec: 64 +#deliverJobPerSec: 128 +#inboxJobPerSec: 32 +#relationshipJobPerSec: 64 # Job attempts -deliverJobMaxAttempts: 12 -inboxJobMaxAttempts: 8 +#deliverJobMaxAttempts: 12 +#inboxJobMaxAttempts: 8 # Local address used for outgoing requests #outgoingAddress: 127.0.0.1 @@ -288,8 +325,15 @@ proxyBypassHosts: #proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4 #proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5 +# Path to the directory that uploaded media will be saved to +# Defaults to a folder called "files" in the Sharkey directory +#mediaDirectory: /var/lib/sharkey + # Media Proxy -#mediaProxy: https://booping.synth.download/proxy +# Reference Implementation: https://github.com/misskey-dev/media-proxy +# * Deliver a common cache between instances +# * Perform image compression (on a different server resource than the main process) +#mediaProxy: https://example.com/proxy # Proxy remote files (default: true) # Proxy remote files by this instance or mediaProxy to prevent remote files from running in remote domains. @@ -297,9 +341,9 @@ proxyRemoteFiles: true # Movie Thumbnail Generation URL # There is no reference implementation. -# For example, Misskey will point to the following URL: +# For example, Sharkey will point to the following URL: # https://example.com/thumbnail.webp?thumbnail=1&url=https%3A%2F%2Fstorage.example.com%2Fpath%2Fto%2Fvideo.mp4 -#videoThumbnailGenerator: https://booping.synth.download +#videoThumbnailGenerator: https://example.com # Sign outgoing ActivityPub GET request (default: true) signToActivityPubGet: true @@ -442,14 +486,19 @@ customMOTD: [ 'You''re going to have to speak into the void for that one.' ] +# Disable automatic redirect for ActivityPub object lookup. (default: false) +# This is a strong defense against potential impersonation attacks if the viewer instance has inadequate validation. +# However it will make it impossible for other instances to lookup third-party user and notes through your URL. +#disallowExternalApRedirect: true + # Upload or download file size limits (bytes) # 2GB maxFileSize: 2147483648 # timeout (in milliseconds) and maximum size for imports (e.g. note imports) -#import: -# downloadTimeout: 30000 -# maxFileSize: 262144000 +import: + downloadTimeout: 30000 + maxFileSize: 262144000 # CHMod-style permission bits to apply to uploaded files. # Permission bits are specified as a base-8 string representing User/Group/Other permissions. diff --git a/phosphorus/srv/docker/sharkey/media/sharkey-media.yml b/phosphorus/srv/docker/sharkey/media/sharkey-media.yml new file mode 100644 index 0000000..184ef83 --- /dev/null +++ b/phosphorus/srv/docker/sharkey/media/sharkey-media.yml @@ -0,0 +1,12 @@ +# The port that your Misskey server should listen on. +port: 3003 + +# Job concurrency per worker +deliverJobConcurrency: 0 +inboxJobConcurrency: 0 +relationshipJobConcurrency: 0 + +# Job rate limiter +deliverJobPerSec: 0 +inboxJobPerSec: 0 +relationshipJobPerSec: 0 \ No newline at end of file diff --git a/phosphorus/srv/docker/sharkey/worker/sharkey-worker.yml b/phosphorus/srv/docker/sharkey/worker/sharkey-worker.yml new file mode 100644 index 0000000..1ec2618 --- /dev/null +++ b/phosphorus/srv/docker/sharkey/worker/sharkey-worker.yml @@ -0,0 +1,18 @@ +# Number of worker processes +clusterLimit: 2 + +# Job concurrency per worker +# What's relationshipJob?: +# Follow, unfollow, block and unblock(ings) while following-imports, etc. or account migrations. +deliverJobConcurrency: 128 +inboxJobConcurrency: 8 +relationshipJobConcurrency: 32 + +# Job rate limiter +deliverJobPerSec: 4096 +inboxJobPerSec: 4096 +relationshipJobPerSec: 4096 + +# Job attempts +#deliverJobMaxAttempts: 12 +#inboxJobMaxAttempts: 8 \ No newline at end of file