mirror of
https://git.pleroma.social/pleroma/relay.git
synced 2024-11-23 23:17:58 +00:00
Compare commits
5 commits
7a9d346642
...
815053c06f
Author | SHA1 | Date | |
---|---|---|---|
815053c06f | |||
e66be009a6 | |||
09e7a8f404 | |||
fc8738afab | |||
cdb10547ec |
|
@ -3,11 +3,8 @@
|
||||||
There are a number of commands to manage your relay's database and config. You can add `--help` to
|
There are a number of commands to manage your relay's database and config. You can add `--help` to
|
||||||
any category or command to get help on that specific option (ex. `activityrelay inbox --help`).
|
any category or command to get help on that specific option (ex. `activityrelay inbox --help`).
|
||||||
|
|
||||||
Note: Unless specified, it is recommended to run any commands while the relay is shutdown.
|
Note: `activityrelay` is only available via pip or pipx if `~/.local/bin` is in `$PATH`. If not,
|
||||||
|
use `python3 -m relay` if installed via pip or `~/.local/bin/activityrelay` if installed via pipx.
|
||||||
Note 2: `activityrelay` is only available via pip or pipx if `~/.local/bin` is in `$PATH`. If it
|
|
||||||
isn't, use `python3 -m relay` if installed via pip or `~/.local/bin/activityrelay` if installed
|
|
||||||
via pipx
|
|
||||||
|
|
||||||
|
|
||||||
## Run
|
## Run
|
||||||
|
@ -24,6 +21,22 @@ Run the setup wizard to configure your relay.
|
||||||
activityrelay setup
|
activityrelay setup
|
||||||
|
|
||||||
|
|
||||||
|
## Convert
|
||||||
|
|
||||||
|
Convert the old config and jsonld to the new config and SQL backend. If the old config filename is
|
||||||
|
not specified, the config will get backed up as `relay.backup.yaml` before converting.
|
||||||
|
|
||||||
|
activityrelay convert --old-config relaycfg.yaml
|
||||||
|
|
||||||
|
|
||||||
|
## Edit Config
|
||||||
|
|
||||||
|
Open the config file in a text editor. If an editor is not specified with `--editor`, the default
|
||||||
|
editor will be used.
|
||||||
|
|
||||||
|
activityrelay edit-config --editor micro
|
||||||
|
|
||||||
|
|
||||||
## Config
|
## Config
|
||||||
|
|
||||||
Manage the relay config
|
Manage the relay config
|
||||||
|
@ -120,7 +133,7 @@ Remove a domain from the whitelist.
|
||||||
|
|
||||||
### Import
|
### Import
|
||||||
|
|
||||||
Add all current inboxes to the whitelist
|
Add all current inboxes to the whitelist.
|
||||||
|
|
||||||
activityrelay whitelist import
|
activityrelay whitelist import
|
||||||
|
|
||||||
|
@ -132,15 +145,15 @@ Manage the instance ban list.
|
||||||
|
|
||||||
### List
|
### List
|
||||||
|
|
||||||
List the currently banned instances
|
List the currently banned instances.
|
||||||
|
|
||||||
activityrelay instance list
|
activityrelay instance list
|
||||||
|
|
||||||
|
|
||||||
### Ban
|
### Ban
|
||||||
|
|
||||||
Add an instance to the ban list. If the instance is currently subscribed, remove it from the
|
Add an instance to the ban list. If the instance is currently subscribed, it will be removed from
|
||||||
database.
|
the inbox list.
|
||||||
|
|
||||||
activityrelay instance ban <domain>
|
activityrelay instance ban <domain>
|
||||||
|
|
||||||
|
@ -152,10 +165,17 @@ Remove an instance from the ban list.
|
||||||
activityrelay instance unban <domain>
|
activityrelay instance unban <domain>
|
||||||
|
|
||||||
|
|
||||||
|
### Update
|
||||||
|
|
||||||
|
Update the ban reason or note for an instance ban.
|
||||||
|
|
||||||
|
activityrelay instance update bad.example.com --reason "the baddest reason"
|
||||||
|
|
||||||
|
|
||||||
## Software
|
## Software
|
||||||
|
|
||||||
Manage the software ban list. To get the correct name, check the software's nodeinfo endpoint.
|
Manage the software ban list. To get the correct name, check the software's nodeinfo endpoint.
|
||||||
You can find it at nodeinfo\['software']\['name'].
|
You can find it at `nodeinfo['software']['name']`.
|
||||||
|
|
||||||
|
|
||||||
### List
|
### List
|
||||||
|
@ -186,4 +206,12 @@ name via nodeinfo.
|
||||||
|
|
||||||
If the name is `RELAYS` (case-sensitive), remove all known relay software names from the list.
|
If the name is `RELAYS` (case-sensitive), remove all known relay software names from the list.
|
||||||
|
|
||||||
activityrelay unban [-f/--fetch-nodeinfo] <name, domain, or RELAYS>
|
activityrelay software unban [-f/--fetch-nodeinfo] <name, domain, or RELAYS>
|
||||||
|
|
||||||
|
|
||||||
|
### Update
|
||||||
|
|
||||||
|
Update the ban reason or note for a software ban. Either `--reason` and/or `--note` must be
|
||||||
|
specified.
|
||||||
|
|
||||||
|
activityrelay software update relay.example.com --reason "begone relay"
|
||||||
|
|
|
@ -2,41 +2,23 @@
|
||||||
|
|
||||||
## General
|
## General
|
||||||
|
|
||||||
### DB
|
### Domain
|
||||||
|
|
||||||
The path to the database. It contains the relay actor private key and all subscribed
|
Hostname the relay will be hosted on.
|
||||||
instances. If the path is not absolute, it is relative to the working directory.
|
|
||||||
|
|
||||||
db: relay.jsonld
|
domain: relay.example.com
|
||||||
|
|
||||||
|
|
||||||
### Listener
|
### Listener
|
||||||
|
|
||||||
The address and port the relay will listen on. If the reverse proxy (nginx, apache, caddy, etc)
|
The address and port the relay will listen on. If the reverse proxy (nginx, apache, caddy, etc)
|
||||||
is running on the same host, it is recommended to change `listen` to `localhost`
|
is running on the same host, it is recommended to change `listen` to `localhost` if the reverse
|
||||||
|
proxy is on the same host.
|
||||||
|
|
||||||
listen: 0.0.0.0
|
listen: 0.0.0.0
|
||||||
port: 8080
|
port: 8080
|
||||||
|
|
||||||
|
|
||||||
### Note
|
|
||||||
|
|
||||||
A small blurb to describe your relay instance. This will show up on the relay's home page.
|
|
||||||
|
|
||||||
note: "Make a note about your instance here."
|
|
||||||
|
|
||||||
|
|
||||||
### Post Limit
|
|
||||||
|
|
||||||
The maximum number of messages to send out at once. For each incoming message, a message will be
|
|
||||||
sent out to every subscribed instance minus the instance which sent the message. This limit
|
|
||||||
is to prevent too many outgoing connections from being made, so adjust if necessary.
|
|
||||||
|
|
||||||
Note: If the `workers` option is set to anything above 0, this limit will be per worker.
|
|
||||||
|
|
||||||
push_limit: 512
|
|
||||||
|
|
||||||
|
|
||||||
### Push Workers
|
### Push Workers
|
||||||
|
|
||||||
The relay can be configured to use threads to push messages out. For smaller relays, this isn't
|
The relay can be configured to use threads to push messages out. For smaller relays, this isn't
|
||||||
|
@ -46,60 +28,59 @@ threads.
|
||||||
workers: 0
|
workers: 0
|
||||||
|
|
||||||
|
|
||||||
### JSON GET cache limit
|
### Database type
|
||||||
|
|
||||||
JSON objects (actors, nodeinfo, etc) will get cached when fetched. This will set the max number of
|
SQL database backend to use. Valid values are `sqlite` or `postgres`.
|
||||||
objects to keep in the cache.
|
|
||||||
|
|
||||||
json_cache: 1024
|
database_type: sqlite
|
||||||
|
|
||||||
|
|
||||||
## AP
|
### Sqlite File Path
|
||||||
|
|
||||||
Various ActivityPub-related settings
|
Path to the sqlite database file. If the path is not absolute, it is relative to the config file.
|
||||||
|
directory.
|
||||||
|
|
||||||
|
sqlite_path: relay.jsonld
|
||||||
|
|
||||||
|
|
||||||
|
## Postgresql
|
||||||
|
|
||||||
|
In order to use the Postgresql backend, the user and database need to be created first.
|
||||||
|
|
||||||
|
sudo -u postgres psql -c "CREATE USER activityrelay"
|
||||||
|
sudo -u postgres psql -c "CREATE DATABASE activityrelay OWNER activityrelay"
|
||||||
|
|
||||||
|
|
||||||
|
### Database Name
|
||||||
|
|
||||||
|
Name of the database to use.
|
||||||
|
|
||||||
|
name: activityrelay
|
||||||
|
|
||||||
|
|
||||||
### Host
|
### Host
|
||||||
|
|
||||||
The domain your relay will use to identify itself.
|
Hostname, IP address, or unix socket the server is hosted on.
|
||||||
|
|
||||||
host: relay.example.com
|
host: /var/run/postgresql
|
||||||
|
|
||||||
|
|
||||||
### Whitelist Enabled
|
### Port
|
||||||
|
|
||||||
If set to `true`, only instances in the whitelist can follow the relay. Any subscribed instances
|
Port number the server is listening on.
|
||||||
not in the whitelist will be removed from the inbox list on startup.
|
|
||||||
|
|
||||||
whitelist_enabled: false
|
port: 5432
|
||||||
|
|
||||||
|
|
||||||
### Whitelist
|
### Username
|
||||||
|
|
||||||
A list of domains of instances which are allowed to subscribe to your relay.
|
User to use when logging into the server.
|
||||||
|
|
||||||
whitelist:
|
user: null
|
||||||
- bad-instance.example.com
|
|
||||||
- another-bad-instance.example.com
|
|
||||||
|
|
||||||
|
|
||||||
### Blocked Instances
|
### Password
|
||||||
|
|
||||||
A list of instances which are unable to follow the instance. If a subscribed instance is added to
|
Password for the specified user.
|
||||||
the block list, it will be removed from the inbox list on startup.
|
|
||||||
|
|
||||||
blocked_instances:
|
pass: null
|
||||||
- bad-instance.example.com
|
|
||||||
- another-bad-instance.example.com
|
|
||||||
|
|
||||||
|
|
||||||
### Blocked Software
|
|
||||||
|
|
||||||
A list of ActivityPub software which cannot follow your relay. This list is empty by default, but
|
|
||||||
setting this to the below list will block all other relays and prevent relay chains
|
|
||||||
|
|
||||||
blocked_software:
|
|
||||||
- activityrelay
|
|
||||||
- aoderelay
|
|
||||||
- social.seattle.wa.us-relay
|
|
||||||
- unciarelay
|
|
||||||
|
|
|
@ -28,14 +28,14 @@ server {
|
||||||
# logging, mostly for debug purposes. Disable if you wish.
|
# logging, mostly for debug purposes. Disable if you wish.
|
||||||
access_log /srv/www/relay.<yourdomain>/logs/access.log;
|
access_log /srv/www/relay.<yourdomain>/logs/access.log;
|
||||||
error_log /srv/www/relay.<yourdomain>/logs/error.log;
|
error_log /srv/www/relay.<yourdomain>/logs/error.log;
|
||||||
|
|
||||||
ssl_protocols TLSv1.2;
|
ssl_protocols TLSv1.2;
|
||||||
ssl_ciphers EECDH+AESGCM:EECDH+AES;
|
ssl_ciphers EECDH+AESGCM:EECDH+AES;
|
||||||
ssl_ecdh_curve secp384r1;
|
ssl_ecdh_curve secp384r1;
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_session_cache shared:SSL:10m;
|
ssl_session_cache shared:SSL:10m;
|
||||||
|
|
||||||
# ssl certs.
|
# ssl certs.
|
||||||
ssl_certificate /usr/local/etc/letsencrypt/live/relay.<yourdomain>/fullchain.pem;
|
ssl_certificate /usr/local/etc/letsencrypt/live/relay.<yourdomain>/fullchain.pem;
|
||||||
ssl_certificate_key /usr/local/etc/letsencrypt/live/relay.<yourdomain>/privkey.pem;
|
ssl_certificate_key /usr/local/etc/letsencrypt/live/relay.<yourdomain>/privkey.pem;
|
||||||
|
|
||||||
|
@ -48,7 +48,7 @@ server {
|
||||||
|
|
||||||
# sts, change if you care.
|
# sts, change if you care.
|
||||||
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
|
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
|
||||||
|
|
||||||
# uncomment this to use a static page in your webroot for your root page.
|
# uncomment this to use a static page in your webroot for your root page.
|
||||||
#location = / {
|
#location = / {
|
||||||
# index index.html;
|
# index index.html;
|
||||||
|
|
|
@ -3,7 +3,7 @@ Description=ActivityPub Relay
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
WorkingDirectory=/home/relay/relay
|
WorkingDirectory=/home/relay/relay
|
||||||
ExecStart=/usr/bin/python3 -m relay
|
ExecStart=/usr/bin/python3 -m relay run
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -33,7 +33,7 @@ TABLES: list[Table] = [
|
||||||
Column('created', 'timestamp')
|
Column('created', 'timestamp')
|
||||||
),
|
),
|
||||||
Table(
|
Table(
|
||||||
'instance_bans',
|
'domain_bans',
|
||||||
Column('domain', 'text', primary_key = True, unique = True, nullable = True),
|
Column('domain', 'text', primary_key = True, unique = True, nullable = True),
|
||||||
Column('reason', 'text'),
|
Column('reason', 'text'),
|
||||||
Column('note', 'text'),
|
Column('note', 'text'),
|
||||||
|
|
|
@ -189,7 +189,7 @@ def cli_run(ctx: click.Context) -> None:
|
||||||
def cli_convert(ctx: click.Context, old_config: str) -> None:
|
def cli_convert(ctx: click.Context, old_config: str) -> None:
|
||||||
'Convert an old config and jsonld database to the new format.'
|
'Convert an old config and jsonld database to the new format.'
|
||||||
|
|
||||||
old_config = Path(old_config).expanduser().resolve()
|
old_config = Path(old_config).expanduser().resolve() if old_config else ctx.obj.config.path
|
||||||
backup = ctx.obj.config.path.parent.joinpath(f'{ctx.obj.config.path.stem}.backup.yaml')
|
backup = ctx.obj.config.path.parent.joinpath(f'{ctx.obj.config.path.stem}.backup.yaml')
|
||||||
|
|
||||||
if str(old_config) == str(ctx.obj.config.path) and not backup.exists():
|
if str(old_config) == str(ctx.obj.config.path) and not backup.exists():
|
||||||
|
@ -206,6 +206,8 @@ def cli_convert(ctx: click.Context, old_config: str) -> None:
|
||||||
ctx.obj.config.set('port', config['port'])
|
ctx.obj.config.set('port', config['port'])
|
||||||
ctx.obj.config.set('workers', config['workers'])
|
ctx.obj.config.set('workers', config['workers'])
|
||||||
ctx.obj.config.set('sq_path', config['db'].replace('jsonld', 'sqlite3'))
|
ctx.obj.config.set('sq_path', config['db'].replace('jsonld', 'sqlite3'))
|
||||||
|
ctx.obj.config.set('domain', config['host'])
|
||||||
|
ctx.obj.config.save()
|
||||||
|
|
||||||
with get_database(ctx.obj.config) as db:
|
with get_database(ctx.obj.config) as db:
|
||||||
with db.connection() as conn:
|
with db.connection() as conn:
|
||||||
|
|
Loading…
Reference in a new issue