This file provides some configurations for systems that will not be using the "stock" server components.
An alternative to using systemd for controlling your mastodon processes is
Supervisord. The following file can be placed in
/etc/supervisor/conf.d/mastodon.conf.
[group:mastodon]
programs=web,sidekiq,streaming
[program:web]
command=/home/mastodon/live/ruby_wrapper bundle exec puma -C config/puma.rb
user=mastodon
directory=/home/mastodon/live
stdout_logfile=/home/mastodon/live/log/puma.log
stdout_logfile_maxbytes=1MB
stdout_logfile_backups=10
redirect_stderr=true
environment=PORT=3000
stopasgroup=true
[program:sidekiq]
command=/home/mastodon/live/ruby_wrapper bundle exec sidekiq -c 5 -q default -q mailers -q pull -q push
user=mastodon
directory=/home/mastodon/live
stdout_logfile=/home/mastodon/live/log/sidekiq.log
stdout_logfile_maxbytes=1MB
stdout_logfile_backups=10
redirect_stderr=true
environment=DB_POOL=5
stopasgroup=true
[program:streaming]
command=/home/mastodon/live/ruby_wrapper /usr/bin/npm run start
user=mastodon
directory=/home/mastodon/live
stdout_logfile=/home/mastodon/live/log/streaming.log
stdout_logfile_maxbytes=1MB
stdout_logfile_backups=10
redirect_stderr=true
environment=PORT=4000
stopasgroup=true
This configuration makes use of a wrapper script to ensure the correct environment.
#!/usr/bin/env bash
cd /home/mastodon/live
export RBENV_ROOT=/home/mastodon/.rbenv
export PATH=/home/mastodon/.rbenv/bin:/home/mastodon/.rbenv/shims:$PATH
export $(cat ".env.production" | xargs)
$@Example init script for the web workers, to be placed in /etc/init.d/mastodon-web:
#!/sbin/openrc-run
name="Mastodon Web Service"
root="/home/mastodon/live"
pidfile="${root}/web.pid"
depend() {
use net
}
start() {
ebegin "Starting Mastodon web workers"
cd $root
start-stop-daemon --start \
--chdir "${root}" \
--user="mastodon" \
--pidfile="${pidfile}" \
--exec /usr/bin/env -- RAILS_ENV=production PORT=3000 bundle exec puma -C config/puma.rb -d --pidfile ${pidfile}
eend $?
}
stop() {
ebegin "Stopping Mastodon web workers"
start-stop-daemon --stop \
--pidfile=${pidfile} \
eend $?
}
Example init script for the background workers, to be placed in /etc/init.d/mastodon-sidekiq:
#!/sbin/openrc-run
name="Mastodon background workers Service"
root="/home/mastodon/live"
pidfile="${root}/worker.pid"
logfile="${root}/sidekiq.conf"
depend() {
use net
need redis
}
start() {
ebegin "Starting Mastodon background workers"
cd $root
start-stop-daemon --start \
--chdir "${root}" \
--user="mastodon" \
--pidfile="${pidfile}" \
--exec /usr/bin/env -- RAILS_ENV=production DB_POOL=5 bundle exec sidekiq -d -P ${pidfile} -L ${logfile} -c 5 -q default -q mailers -q pull -q push
eend $?
}
stop() {
ebegin "Stopping Mastodon background workers"
start-stop-daemon --stop \
--pidfile=${pidfile} \
eend $?
}
Example init script file for the streaming API, to be placed in /etc/init.d/mastodon-streaming:
#!/sbin/openrc-run
name="Mastodon streaming API service"
root="/home/mastodon/live"
depend() {
use net
}
start() {
ebegin "Starting Mastodon streaming API"
cd $root
start-stop-daemon --start \
--background --quiet \
--chdir "${root}" \
--user="mastodon" \
--make-pidfile --pidfile=${root}/streaming.pid \
--exec /usr/bin/env -- NODE_ENV=production PORT=4000 /usr/bin/npm run start
eend $?
}
stop() {
ebegin "Stopping Mastodon streaming API"
start-stop-daemon --stop \
--pidfile=${root}/streaming.pid \
eend $?
}
This allows you to rc-update add mastodon-web && rc-update add mastodon-sidekiq && rc-update add mastodon-streaming and service mastodon-web start && service mastodon-sidekiq start && service mastodon-streaming start to get things going.
Setting up Mastodon behind Apache is possible as well, although you will need to enable mod_proxy_wstunnel beforehand. The configuration is then pretty straightforward.
<VirtualHost *:80>
ServerAdmin [email protected]
ServerName example.com
Redirect Permanent / https://example.com/
</VirtualHost>
<VirtualHost *:443>
ServerAdmin [email protected]
ServerName example.com
DocumentRoot /home/mastodon/live/public/
Header always set Referrer-Policy "strict-origin-when-cross-origin"
Header always set Strict-Transport-Security "max-age=31536000"
SSLEngine on
SSLProtocol -all +TLSv1.2
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AESGCM:AES256+EECDH:AES128+EECDH
SSLCompression off
SSLSessionTickets off
SSLStaplingResponderTimeout 5
SSLStaplingReturnResponderErrors off
SSLUseStapling on
SSLCertificateFile example.pem
SSLCertificateKeyFile example.key
<LocationMatch "^/(assets|avatars|emoji|headers|packs|sounds|system)>
Header always set Cache-Control "public, max-age=31536000, immutable"
Require all granted
</LocationMatch>
ProxyPreserveHost On
RequestHeader set X-Forwarded-Proto "https"
ProxyPass /500.html !
ProxyPass /sw.js !
ProxyPass /robots.txt !
ProxyPass /manifest.json !
ProxyPass /browserconfig.xml !
ProxyPass /mask-icon.svg !
ProxyPassMatch ^(/.*\.(png|ico)$) !
ProxyPassMatch ^/(assets|avatars|emoji|headers|packs|sounds|system|.well-known/acme-challenge) !
ProxyPass /api/v1/streaming/ ws://localhost:4000/
ProxyPassReverse /api/v1/streaming/ ws://localhost:4000/
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
ErrorDocument 500 /500.html
ErrorDocument 501 /500.html
ErrorDocument 502 /500.html
ErrorDocument 503 /500.html
ErrorDocument 504 /500.html
</VirtualHost>