no ref
Refactored the activitypub env vars:
- Removed `USE_MQ` as this is only required when the value needs to be set to `true`
- Removed `PORT` as the application is now running on port 8080 by default
- Removed `ALLOW_PRIVATE_ADDRES` as this is not needed for `production` environment
- Added `ACTIVITYPUB_COLLECTION_PAGE_SIZE` as this is required for the
`following` dispatcher to work correctly
- Added link to documented env vars
no ref
- The only real desire here is to make the renovate PRs a bit easier and nicer to reach
- If we don't specify the exact version it creates PRs that are a bit confusing and aren't clear that its bumping a minor version
- The main meaningful change here is commenting the GHOST_VERSION variable
- I've also reordered the blocks to prioritise things in the documented setup flow
- Made various changes to the comments for clarity
ref: https://github.com/TryGhost/ghost-docker/pull/40
- Docker published RC2 on Friday I think
- Note 1: I just cut RC3, but that won't be available yet!
- Note 2: we prob need to rethink how we do versioning so we aren't pinning to exact versions
This will only have an effect when the version isn't set in the .env file and we have it in the .env.example but did still need updating as the fallback.
- Added a section title to each block that can be uncommented, so that we can reference this in the documentation
- Removed the first comment line as that seems out of date and confusing
- Minor improvements to some language and spelling for clarity
no ref
- In this redirect instance we're redirecting from `example.com` -> `www.example.com` so can actually use `{$DOMAIN}` here
- We can't in the first line of this block because Caddy doesn't (as far as I can currently tell) let us do a regex on it before putting it in to config
no ref
- Our ActivityPub framework lets users set their AP username to index@example.com and have Ghost on www.example.com (ie instead of having their AP user be index@www.example.com)
- To do this users _must_ redirect from the non-www domain -> the www domain as the AP protocol will do lookups on the non-www path to validate and communicate to that username on the web
- Without this AP will fail since domains can't communicate with AP as there wont be redirects for them to follow
- Our setup docs recommend having Ghost Admin on a separate domain from the content domain
- This lets users optionally set this up if they want whilst continuing to align Admin <-> content domain through templates
- We want customers to now copy the example Caddyfile so this still gives people the option but also makes it easier for customers who don't want to redirect themselves
no ref
- The goal here is to be able to provide more functionality to self-hosters through snippets and other segmented config
- Some customers run Admin <-> content domains on separate ones which our current config doesn't support
- Our current config also hardcodes a www redirect which complicates setups when you don't have that domain setup or don't even want it
- Moving to a default template customers will have to copy which includes snippets allows us to update these later on without breaking peoples setups
ref https://linear.app/ghost/issue/PROD-2300/add-file-based-salt-store-for-self-hosters
In the analytics service, we generate user signatures based on a randomly generated salt per site_uuid. The salts are regenerated every day at midnight UTC so we can't pass a static value, and they need to be persisted throughout the day so the same user (based on IP and user agent) will generate the same signature in any given day.
We use an adapter-like pattern for the persistence of the salts — the default is a MemoryStore intended for local development, and we use Firestore in production. The MemoryStore appears to work well enough, but if the analytics service container is rebooted (i.e. during an update), all the salts from the current day will be lost, and it will skew the "unique visitors" and related metrics.
This PR adds the configuration to use a simple file based store for the salts, and a volume mounted into the Traffic Analytics service for persistent storage. This was the salts are persisted across container reboots, which avoids skewing the unique visitors metrics.
There are no additional setup steps required — all sites can use the same configuration, and the volumes are managed by docker compose.
no ref
- As Chris notes this isn't actually required when doing the initial setup/mentioning the specific container you want to deploy
- This standardises us in just doing the `--rm run` command for all of them to keep everything nice and neat
no ref
- By outputting the tokens in the format the `.env` file expects this greatly simplifies the initial setup by just makign it copy -> paste able
- This will mean users don't need to load up the UI and copy/paste tokens at all and can do the whole setup (after they've signed up for TB) from the CLI
