Server maintenance Show more
A small issue in the previous nginx configuration forbids nginx to serve some URLs like / /web or /web/getting-started.
If you tried to connect on theose URLs between 15:20 and 15:40 UTC, you got a 403 (or a small explanation message).
Connectivity through already open page or clients like Tusky worked and wasn't affected.
An excellent article comparing strengths of CLI and web UI. And a sensible opinion: when to use which one?
The CentOS 7 server used by this instance has been upgraded with last software, including new microcode patches for the CPU security issues.
There is also a Mastodon upgrade ready (2.4.0 → 2.4.2), but it's pending a long database migration.
Registrations are again open, as it appears all spam bots posted from the same IP ranges,.
So, from their IP addresses, I got the two AS they use, and from bgp.he.net, I get the associated known IP ranges (the route they accounce in various BGP sessions).
Nginx is configured not to send a reply when a request origin is one of those IP addresses.
We'll see if that works in the next 72 hours.
For instance administrators Show more
To get the mail addresses of spam bots accounts, you can try the following pgsql query:
SELECT DISTINCT ower(substring(email from position('@' in email) + 1)) AS domain FROM accounts INNER JOIN users ON users.account_id =accounts.id WHERE suspended = true OR silenced = true ORDER BY domain;
Of course, that only works if you've an instance with nice people. If not, you'll also get the mail domains used by reported regular users.
Open registrations have been temporarily closed.
Plan is to get some spambot control on the register page before reopening them.
You can still invite friends and acquaintances.
nginx configuration update Show more
I updated the nginx configuration, so the front-end web server will serve straightforwardly more files, instead of deferring to the rails server.
If it's something you want to see or debug:
- files served by rails gets the header X-Served-By: rails
- streaming API replies contains the header X-Served-By: streaming
- If there isn't any header, it's directly served by nginx as static resource (was X-Served-By: nginx during tests this afternoon)
Updating Mastodon server to 2.4.0.
Reviewing https://github.com/nasqueron/operations/blob/master/roles/webserver-core/letsencrypt/files/letsencrypt-renew.timer and https://stevenwestmoreland.com/2017/11/renewing-certbot-certificates-using-a-systemd-timer.html to see how we can improve our Let's Encrypt renewal systemd unit.
Thanks @StuC for your donation.
Upgraded the instance to last master version.
Raised the amount of threads and database connections allowed from 5 to 15 for the web worker, so we can avoid the connection pool exhaustion we had these last days.
instances.social support request Show more
`curl https://social.nasqueron.org/api/v1/instance | jq .email` gives well a valid reply.
I got in the access logs a 200 for the API request:
`"GET /api/v1/instance HTTP/1.1" 200 1374 "-" "MastodonInstances/1.0.0 (https://instances.mastodon.xyz)`
Infrastructure, devops, social justice, free culture, Wikimedia.
Nasqueron is a budding community of creative people, writers, developers and thinkers. We focus on free culture, ethics and to be a positive change. We share values like respect, justice and equity.