- added precisions and suggestions about how to generate Let's Encrypt certificates. Users have reported their installations didn't work when the problem came from missing certificates (false positives).
- security defaults of Nginx follow the basic robustness principle "be conservative in what you send, be liberal in what you accept", which isn't enough with modern security standards, so we should be picky with the cipher suites we use, among other things. Extra comments (especially for the TLS1.3 protocol support parameter) make the requirement of a recent Nginx installation obvious, and the downgrade alternative remains clear to the system administrator.
All in all, we should aknowledge users will most often copy and paste the configuration files. Making them secure by default may force a few users to read their configuration, but on the long run we are making the fediverse more secure.
Since I've come to modify a bit the Nginx config in `support/doc/production.md`, I've merged it with the template so that they stay consistent.
on ubuntu `sudo -u` doesn't set homedirectory of the targeted user althought debian does. it requires the option `-H`. I think with this option it works in both case.
* First pass at a (swarm-compatible) docker image
Uses an existing traefik server as a https reverse proxy.
* Add example config for a Docker swarm deployment
* Point to traefik config for docker compose setup
* Clarify that traefik is needed for the example config
* Use node:8-stretch base image and don't install yarn
(The base image already contains yarn.)
* Initial commit for an Alpine Docker image
* Fix docker volume path
* Merge #213 and #225 and move files around
* Remove unnecessary dependencies from the alpine build
* Update Dockerfiles to match install path, config path, etc.
* Update the configuration in the example compose file
* Update the configuration in the example swarm file
* Remove the declared networks and volumes from the compose example, which are not strictly required
* Update attachment path in the documentation
* Display traefik as a suggestion and not a required dependency
* Update the Docker ignored files
* Fix typos reported in #225
* Move production Dockerfiles to a production directory
* Add the redis configuration settings
* Add Docker files to the dockerignore
* Make the signup limit configurable