Date | Commit message (Collapse) |
|
It's been a while since I wrote this, and it needs to be kept
up-to-date with some advances in our Perl code.
|
|
I'm using this as the cgit about-filter and source-filter
in https://80x24.org/public-inbox.git
|
|
|
|
We depend on git-http-backend for smart HTTP clone support,
however; since cgit does not support smart clones natively.
WWW.pm will be able to cascade down to this as a 404 handler in
the future.
|
|
Plack::Builder allows "mounting" on with hostnames as well as
path names to enable virtual hosting. This example demonstrates
how port 80/443 for "news.example.com" can redirect browser
requests when somebody attempts to use a "nntp://" URL and
the software assumes "http://"
|
|
I'll probably expose the PSGI service for cgit;
but it could be useful to others as well.
|
|
Maybe we'll default to a dark theme to promote energy savings...
See contrib/css/README for details
|
|
|
|
Let's Encrypt is working out nicely, so we can rely on HTTPS,
now. Use 80x24.org instead of bogomips.org while we're at it,
since I don't think the latter will remain.
|
|
I guess I forgot to include this, but I've been running
public-inbox-watch as a systemd service for nearly two
years, now.
|
|
Using update-copyrights from gnulib
While we're at it, use the SPDX identifier for AGPL-3.0+ to
ease mechanical processing.
|
|
Fewer conditionals means theres fewer code paths to test
and makes things easier-to-read.
|
|
Same as nginx :>
|
|
Our nntpd and httpd are similar so configuration differences
should be minimized
|
|
Document and simplify things a bit. The major functional change
is we no longer waste space caching objects from dumb HTTP
clones.
|
|
We don't need to care about client IPs anywhere.
|
|
Well, I'm fumbling along with this config. Might as well
fumble along with it publically :)
|
|
It's browseable, too!
|
|
This means we can still show non-git users a somewhat browseable
URL with a link to the README.html file while allowing git users
to type less when cloning.
All of the following are supported:
git clone https://public-inbox.org/ public-inbox
git clone https://public-inbox.org/public-inbox
git clone https://public-inbox.org/public-inbox.git
torsocks git clone http://ou63pmih66umazou.onion/public-inbox
|
|
Might as well eat our own dogfood...
|
|
Because sometimes folks will want to download gigantic mboxes
or make large clones over Tor which are not resume-friendly.
Note: the timeout logic in nntpd is somewhat over-aggressive
and can break some large slrnpulls. This ought to be easily
recoverable on the client-side, though, since it's based on
per-message fetches.
|
|
For our daemons, killing only the master process is enough.
Killing the entire control group (as done by default in
systemd) may cause subprocesses such as git to shut down
unexpectedly.
Having systemd kill workers directly will also cause an
immediate shutdown since the master would've already signaled
the workers; and workers will die after two shutdown requests.
|
|
Since our daemons are built to take advantage of socket activation,
provide example files to allow systems administrators to hit the
ground running with systemd.
Example init files for other systems greatly appreciated.
|
|
This makes unsubscribing easier and frictionless.
|
|
We don't want people following links from archivers and
breaking archival.
|
|
* unsubscribe:
unsubscribe.milter: use default postfork dispatcher
unsubscribe: prevent decrypt from showing random crap
examples/unsubscribe-psgi@.service: disable worker processes
unsubscribe: bad URL fixup
unsubscribe: get off mah lawn^H^H^Hist
|
|
We build the atomUrl from url, which can change
dynamically depending on what PSGI environment it
is called under.
|
|
Let postfix (or sendmail :P) control the concurrency limit
instead of doing it ourselves. This is necessary because SMTP
connections are completely synchronous at this point and a
slow/idle SMTP connection will monopolize the worker process.
|
|
Since PSGI does not require Transfer-Encoding: chunked or
Content-Length, we cannot expect random apps we host to chunk
their responses.
Thus, to improve interoperability, chunk at the HTTP layer like
other PSGI servers do. I'm chosing a more syscall-intensive method
(via multiple send(...MSG_MORE) for now to reduce copy + packet
overhead.
|
|
This unsubscribe PSGI endpoint should never incur enough load to
justify using multiple worker processes. If it's unstable and
crashes, systemd can automatically restart it.
|
|
While public-inbox is intended primarily for archival,
SMTP list subscriptions are still in use in most places
and users are likely to want a good unsubscribe mechanism.
HTTP (or HTTPS) links in the List-Unsubscribe header are
often preferable since some users may use an incorrect
email address for mailto: links.
Thus, it is useful to provide an example which generates an
HTTPS link for users to click on. The default .psgi requires
a POST confirmation (as destructive actions with GET are
considered bad practice). However, the "confirm" parameter
may be disabled for a true "one-click" unsubscribe.
The generated URLs are hopefully short enough and both shell
and highlighting-friendly to reduce copy+paste errors.
|
|
Default to maximizing compatibility in the example, but document the
potential improvement if possible. Of course, using
public-inbox-httpd out-of-the-box without a user-specified config
file already enables chunked encoding by default.
|
|
It seems incompatible with Starman and probably confuses other
HTTP/1.0-only servers, too. Our -httpd will respect it and
requires it for persistent connections.
|
|
We do not need to load Plack::Request outside of WWW anymore.
|
|
Using the AGPL for server config files is probably overkill.
GPL-3.0+ still requires appliance vendors to disclose
configurations which seems desirable for end users.
|
|
Plack::Handler::Apache2 exists and seems to work very well.
|
|
webrick clears PATH otherwise, and we rely on git commands.
|
|
Users wanting to customize their installation should know
to about the usability of STDOUT for logging.
(and we still need manpages for -nntpd and -httpd)
|
|
Not everybody will be running this behind a ReverseProxy;
but it's probably the likely configuration. Anyways,
warn about this and also about Deflater being missing.
|
|
ReverseProxy is the common way to run Perl applications,
so enable it by default and don't care too much about fake
requests because we don't handle any sensitive information
or rely on authentication (everything is read-only from
the WWW interface and will remain so).
|
|
This allows multiple instances the WWW app from
running within the same process space
|
|
Running behind a ReverseProxy is a popular deployment,
so document it for users.
|
|
Enable deflater using a shorter string as we do with other
middlewares, and use single quotes to denote we do not need
interpolation.
|
|
HTTP/1.1 clients will want persistent connections and
need to know response terminations.
|
|
public-inbox has search functionality, so take advantage of
good commit messages with proper titles to lookup discussion.
|
|
The deflater middleware isn't standard Plack, so don't require
potential users install it.
|
|
In the future, it should be possible to use this:
git ls-files | UPDATE_COPYRIGHT_HOLDER='all contributors' \
UPDATE_COPYRIGHT_USE_INTERVALS=2 \
xargs /path/to/gnulib/build-aux/update-copyright
|
|
HTML, text, and probably Atom feeds should be compressed.
|
|
I often forget how to run this
|
|
This is easier and lower-impact than setting HOME anywhere.
|