diff --git a/Dockerfile b/Dockerfile index 1263efc934..6373172fcb 100644 --- a/Dockerfile +++ b/Dockerfile @@ -19,7 +19,8 @@ RUN echo "Etc/UTC" > /etc/localtime && \ # Install jemalloc ENV JE_VER="5.1.0" -RUN apt -y install autoconf && \ +RUN apt update && \ + apt -y install autoconf && \ cd ~ && \ wget https://github.com/jemalloc/jemalloc/archive/$JE_VER.tar.gz && \ tar xf $JE_VER.tar.gz && \ @@ -33,7 +34,8 @@ RUN apt -y install autoconf && \ ENV RUBY_VER="2.6.1" ENV CPPFLAGS="-I/opt/jemalloc/include" ENV LDFLAGS="-L/opt/jemalloc/lib/" -RUN apt -y install build-essential \ +RUN apt update && \ + apt -y install build-essential \ bison libyaml-dev libgdbm-dev libreadline-dev \ libncurses5-dev libffi-dev zlib1g-dev libssl-dev && \ cd ~ && \ @@ -51,13 +53,14 @@ RUN apt -y install build-essential \ ENV PATH="${PATH}:/opt/ruby/bin:/opt/node/bin" RUN npm install -g yarn && \ - gem install bundler + gem install bundler && \ + apt update && \ + apt -y install git libicu-dev libidn11-dev \ + libpq-dev libprotobuf-dev protobuf-compiler -COPY . /opt/mastodon +COPY Gemfile* package.json yarn.lock /opt/mastodon/ -RUN apt -y install git libicu-dev libidn11-dev \ - libpq-dev libprotobuf-dev protobuf-compiler && \ - cd /opt/mastodon && \ +RUN cd /opt/mastodon && \ bundle install -j$(nproc) --deployment --without development test && \ yarn install --pure-lockfile @@ -83,9 +86,6 @@ RUN apt update && \ useradd -m -u $UID -g $GID -d /opt/mastodon mastodon && \ echo "mastodon:`head /dev/urandom | tr -dc A-Za-z0-9 | head -c 24 | mkpasswd -s -m sha-256`" | chpasswd -# Copy over masto source from building and set permissions -COPY --from=build-dep --chown=mastodon:mastodon /opt/mastodon /opt/mastodon - # Install masto runtime deps RUN apt -y --no-install-recommends install \ libssl1.1 libpq5 imagemagick ffmpeg \ @@ -93,11 +93,9 @@ RUN apt -y --no-install-recommends install \ file ca-certificates tzdata libreadline7 && \ apt -y install gcc && \ ln -s /opt/mastodon /mastodon && \ - gem install bundler - -# Clean up more dirs -RUN rm -rf /var/cache && \ - rm -rf /var/apt + gem install bundler && \ + rm -rf /var/cache && \ + rm -rf /var/lib/apt # Add tini ENV TINI_VERSION="0.18.0" @@ -106,6 +104,10 @@ ADD https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini /tin RUN echo "$TINI_SUM tini" | sha256sum -c - RUN chmod +x /tini +# Copy over masto source, and dependencies from building, and set permissions +COPY --chown=mastodon:mastodon . /opt/mastodon +COPY --from=build-dep --chown=mastodon:mastodon /opt/mastodon /opt/mastodon + # Run masto services in prod mode ENV RAILS_ENV="production" ENV NODE_ENV="production" diff --git a/Gemfile.lock b/Gemfile.lock index 2c8fd59c6e..684a34c0a5 100644 --- a/Gemfile.lock +++ b/Gemfile.lock @@ -402,7 +402,7 @@ GEM pg (1.1.4) pghero (2.2.0) activerecord - pkg-config (1.3.4) + pkg-config (1.3.5) powerpack (0.1.2) premailer (1.11.1) addressable diff --git a/app/models/account.rb b/app/models/account.rb index bf2a17a7f4..79eecc3062 100644 --- a/app/models/account.rb +++ b/app/models/account.rb @@ -268,6 +268,7 @@ class Account < ApplicationRecord return if fields.size >= MAX_FIELDS tmp = self[:fields] || [] + tmp = [] if tmp.is_a?(Hash) (MAX_FIELDS - tmp.size).times do tmp << { name: '', value: '' } diff --git a/config/database.yml b/config/database.yml index 82e560515c..c10bff6b2e 100644 --- a/config/database.yml +++ b/config/database.yml @@ -3,6 +3,7 @@ default: &default pool: <%= ENV["DB_POOL"] || ENV['MAX_THREADS'] || 5 %> timeout: 5000 encoding: unicode + sslmode: <%= ENV['DB_SSLMODE'] || "prefer" %> development: <<: *default @@ -31,3 +32,4 @@ production: host: <%= ENV['DB_HOST'] || 'localhost' %> port: <%= ENV['DB_PORT'] || 5432 %> prepared_statements: <%= ENV['PREPARED_STATEMENTS'] || 'true' %> + diff --git a/streaming/index.js b/streaming/index.js index 406ee09e1d..2e34398866 100644 --- a/streaming/index.js +++ b/streaming/index.js @@ -89,6 +89,9 @@ const startWorker = (workerId) => { host: process.env.DB_HOST || pg.defaults.host, port: process.env.DB_PORT || pg.defaults.port, max: 10, + ssl: { + sslmode: process.env.DB_SSLMODE || 'prefer', + }, }, production: { @@ -98,6 +101,9 @@ const startWorker = (workerId) => { host: process.env.DB_HOST || 'localhost', port: process.env.DB_PORT || 5432, max: 10, + ssl: { + sslmode: process.env.DB_SSLMODE || 'prefer', + }, }, };