From 68257a9f016fd47099c8b4204bf51a062fccf7a8 Mon Sep 17 00:00:00 2001 From: Quentin Duchemin Date: Sun, 11 Jun 2023 22:43:57 +0200 Subject: [PATCH] Bump FW to 1.3.0 --- roles/music/tasks/main.yml | 1 - roles/music/templates/conf.env.j2 | 5 +- roles/music/templates/docker-compose.yml.j2 | 24 ++--- roles/music/templates/nginx.conf.j2 | 98 --------------------- roles/music/vars/main.yml | 5 +- 5 files changed, 15 insertions(+), 118 deletions(-) delete mode 100644 roles/music/templates/nginx.conf.j2 diff --git a/roles/music/tasks/main.yml b/roles/music/tasks/main.yml index 3d38385..d6027af 100644 --- a/roles/music/tasks/main.yml +++ b/roles/music/tasks/main.yml @@ -42,7 +42,6 @@ loop: - docker-compose.yml.j2 - conf.env.j2 - - nginx.conf.j2 - name: Copy nginx proxy file copy: diff --git a/roles/music/templates/conf.env.j2 b/roles/music/templates/conf.env.j2 index df11f69..ace770e 100644 --- a/roles/music/templates/conf.env.j2 +++ b/roles/music/templates/conf.env.j2 @@ -16,7 +16,8 @@ CACHE_URL=redis://funkwhale_redis:6379/0 STATIC_ROOT={{ funkwhale_static_root }} MUSIC_DIRECTORY_PATH={{ funkwhale_import_music_directory }} -FUNKWHALE_FRONTEND_PATH={{ funkwhale_frontend }} +# Dummy value for front container ; we have S3 +MEDIA_ROOT=/media DJANGO_SETTINGS_MODULE=config.settings.production DJANGO_SECRET_KEY={{ funkwhale_secret_key }} @@ -35,3 +36,5 @@ AWS_DEFAULT_ACL=public-read THROTTLING_ENABLED=false EXTERNAL_REQUESTS_TIMEOUT=30 + +NGINX_MAX_BODY_SIZE=500M \ No newline at end of file diff --git a/roles/music/templates/docker-compose.yml.j2 b/roles/music/templates/docker-compose.yml.j2 index 583a110..e7dcba9 100644 --- a/roles/music/templates/docker-compose.yml.j2 +++ b/roles/music/templates/docker-compose.yml.j2 @@ -11,14 +11,12 @@ volumes: name: funkwhale_redis db: name: funkwhale_db - frontend: - name: funkwhale_frontend static: name: funkwhale_static services: celeryworker: - image: "funkwhale/funkwhale:{{ funkwhale_version }}" + image: "funkwhale/api:{{ funkwhale_version }}" container_name: funkwhale_celeryworker env_file: - ./conf.env @@ -28,29 +26,28 @@ services: - "{{ funkwhale_import_music_directory_host }}:{{ funkwhale_import_music_directory }}:ro" - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro - command: celery -A funkwhale_api.taskapp worker -l INFO + command: celery -A funkwhale_api.taskapp worker -l INFO --concurrency=10 networks: - db restart: unless-stopped celerybeat: - image: "funkwhale/funkwhale:{{ funkwhale_version }}" + image: "funkwhale/api:{{ funkwhale_version }}" container_name: funkwhale_celerybeat env_file: ./conf.env - command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO + command: celery -A funkwhale_api.taskapp beat -l INFO networks: - db restart: unless-stopped api: - image: "funkwhale/funkwhale:{{ funkwhale_version }}" + image: "funkwhale/api:{{ funkwhale_version }}" container_name: funkwhale_api env_file: - ./conf.env volumes: - "{{ funkwhale_import_music_directory_host }}:{{ funkwhale_import_music_directory }}:ro" - "static:{{ funkwhale_static_root }}" - - "frontend:{{ funkwhale_frontend }}" - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: @@ -63,16 +60,13 @@ services: - db restart: unless-stopped - nginx: - image: nginx - container_name: funkwhale_nginx + front: + image: funkwhale/front:{{ funkwhale_version }} + container_name: funkwhale_front env_file: ./conf.env volumes: - - ./nginx.conf:/etc/nginx/conf.d/default.conf:ro - - ./funkwhale_proxy.conf:/etc/nginx/funkwhale_proxy.conf:ro - "{{ funkwhale_import_music_directory_host }}:{{ funkwhale_import_music_directory }}:ro" - - "static:{{ funkwhale_static_root }}" - - "frontend:{{ funkwhale_frontend }}" + - "static:/usr/share/nginx/html/staticfiles:ro" - /etc/timezone:/etc/timezone:ro - /etc/localtime:/etc/localtime:ro labels: diff --git a/roles/music/templates/nginx.conf.j2 b/roles/music/templates/nginx.conf.j2 deleted file mode 100644 index 8a0fe1b..0000000 --- a/roles/music/templates/nginx.conf.j2 +++ /dev/null @@ -1,98 +0,0 @@ -upstream funkwhale-api { - # depending on your setup, you may want to update this - server funkwhale_api:{{ funkwhale_api_port }}; -} - - -# required for websocket support -map $http_upgrade $connection_upgrade { - default upgrade; - '' close; -} - -server { - listen {{ funkwhale_nginx_port }}; - server_name {{ funkwhale_subdomain }}.{{ domain_name }}; - - # TLS - # Feel free to use your own configuration for SSL here or simply remove the - # lines and move the configuration to the previous server block if you - # don't want to run funkwhale behind https (this is not recommended) - # have a look here for let's encrypt configuration: - # https://certbot.eff.org/all-instructions/#debian-9-stretch-nginx - - root {{ funkwhale_frontend }}; - - # If you are using S3 to host your files, remember to add your S3 URL to the - # media-src and img-src headers (e.g. img-src 'self' https:// data:) - - add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' https://s3.fr-par.scw.cloud data:; font-src 'self' data:; object-src 'none'; media-src 'self' https://s3.fr-par.scw.cloud data:"; - add_header Referrer-Policy "strict-origin-when-cross-origin"; - - - location / { - include /etc/nginx/funkwhale_proxy.conf; - # this is needed if you have file import via upload enabled - client_max_body_size {{ nginx_max_body_size }}; - proxy_pass http://funkwhale-api/; - } - - location /front/ { - add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; - add_header Referrer-Policy "strict-origin-when-cross-origin"; - add_header Service-Worker-Allowed "/"; - add_header X-Frame-Options "ALLOW"; - alias /frontend/; - expires 30d; - add_header Pragma public; - add_header Cache-Control "public, must-revalidate, proxy-revalidate"; - } - - location /front/embed.html { - add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:"; - add_header Referrer-Policy "strict-origin-when-cross-origin"; - - add_header X-Frame-Options "ALLOW"; - alias /frontend/embed.html; - expires 30d; - add_header Pragma public; - add_header Cache-Control "public, must-revalidate, proxy-revalidate"; - } - - location /federation/ { - include /etc/nginx/funkwhale_proxy.conf; - proxy_pass http://funkwhale-api/federation/; - } - - # You can comment this if you do not plan to use the Subsonic API - location /rest/ { - include /etc/nginx/funkwhale_proxy.conf; - proxy_pass http://funkwhale-api/api/subsonic/rest/; - } - - location /.well-known/ { - include /etc/nginx/funkwhale_proxy.conf; - proxy_pass http://funkwhale-api/.well-known/; - } - - location ~ /_protected/media/(.+) { - internal; - # Needed to ensure DSub auth isn't forwarded to S3/Minio, see #932 - proxy_set_header Authorization ""; - proxy_pass $1; - } - - location /_protected/music { - # this is an internal location that is used to serve - # audio files once correct permission / authentication - # has been checked on API side - # Set this to the same value as your MUSIC_DIRECTORY_PATH setting - internal; - alias {{ funkwhale_import_music_directory }}; - } - - location /staticfiles/ { - # django static files - alias {{ funkwhale_static_root }}/; - } -} diff --git a/roles/music/vars/main.yml b/roles/music/vars/main.yml index cf0252d..0cb762d 100644 --- a/roles/music/vars/main.yml +++ b/roles/music/vars/main.yml @@ -1,14 +1,13 @@ -funkwhale_version: 1.2.10 +funkwhale_version: 1.3.0 funkwhale_api_port: 5000 funkwhale_nginx_port: 80 funkwhale_static_root: /static funkwhale_import_music_directory: /import funkwhale_import_music_directory_host: "{{ funkwhale_folder_name }}/import" funkwhale_folder_name: "{{ docker_files }}/funkwhale" -funkwhale_frontend: /frontend funkwhale_subdomain: music nginx_max_body_size: 100M -postgres_version: 13 +postgres_version: 15 redis_version: 6 deemix_folder_path: /home/{{ base_user_name }}/deemix deemix_songs_path: "{{ deemix_folder_path }}/songs"