diff options
-rw-r--r-- | .SRCINFO | 30 | ||||
-rw-r--r-- | PKGBUILD | 22 | ||||
-rw-r--r-- | apache-funkwhale.conf | 18 | ||||
-rw-r--r-- | env-template | 7 | ||||
-rw-r--r-- | funkwhale-server.service | 3 |
5 files changed, 54 insertions, 26 deletions
@@ -1,7 +1,7 @@ pkgbase = funkwhale pkgdesc = A self-hosted, modern free and open-source music server, heavily inspired by Grooveshark. - pkgver = 0.19.0 - pkgrel = 2 + pkgver = 0.20.1 + pkgrel = 1 url = https://funkwhale.audio/ install = funkwhale.install arch = any @@ -25,7 +25,7 @@ pkgbase = funkwhale depends = python-celery depends = python-django-cors-headers depends = python-musicbrainzngs - depends = python-django-rest-framework>=3.9 + depends = python-django-rest-framework>=3.10 depends = python-django-rest-framework-jwt depends = python-pendulum depends = python-persisting-theory @@ -33,7 +33,6 @@ pkgbase = funkwhale depends = python-django-filter depends = python-django-rest-auth depends = python-mutagen - depends = python-django-taggit depends = python-pymemoize depends = python-django-dynamic-preferences depends = python-raven @@ -41,9 +40,13 @@ pkgbase = funkwhale depends = python-django-channels depends = python-django-channels-redis depends = python-daphne + depends = uvicorn + depends = gunicorn depends = python-cryptography depends = python-requests-http-signature depends = python-django-cleanup + depends = python-requests + depends = python-pyopenssl depends = python-ldap depends = python-django-auth-ldap depends = python-service-identity @@ -55,28 +58,29 @@ pkgbase = funkwhale depends = python-django-storages depends = python-boto3 depends = python-unicode-slugify-git + depends = python-django-cacheops optdepends = apache: to use the Apache web server optdepends = certbot-apache: for the server to be accessible from outside optdepends = nginx: to use nginx web server - source = funkwhale-0.19.0-api.zip::https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/0.19.0/download?job=build_api - source = funkwhale-0.19.0-front.zip::https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/0.19.0/download?job=build_front - source = https://dev.funkwhale.audio/funkwhale/funkwhale/raw/0.19.0/deploy/funkwhale_proxy.conf - source = https://dev.funkwhale.audio/funkwhale/funkwhale/raw/0.19.0/deploy/nginx.template + source = funkwhale-0.20.1-api.zip::https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/0.20.1/download?job=build_api + source = funkwhale-0.20.1-front.zip::https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/0.20.1/download?job=build_front + source = https://dev.funkwhale.audio/funkwhale/funkwhale/raw/0.20.1/deploy/funkwhale_proxy.conf + source = https://dev.funkwhale.audio/funkwhale/funkwhale/raw/0.20.1/deploy/nginx.template source = funkwhale-beat.service source = funkwhale-worker.service source = funkwhale-server.service source = apache-funkwhale.conf source = env-template source = funkwhale.service - sha256sums = 8838f83c1c658a758ef283d22f682820b4866f33d83d7832eb52fa04b4f729c8 - sha256sums = 2a664eb81f46c1f7c9d52d472a2a9958356eb409fed36bb2acba7bde87c7d7c6 + sha256sums = 5ef55f5e8a9bddaf93744027791efa23d49fe59af681e39942be1227a0de4126 + sha256sums = 22d774590b943fa6d64f634a7175b1d100089fe33734ce9889d050063ff50ce7 sha256sums = 2906a075b41dcd2375c601482cb5a00e42cb87c613012b176c570d77918afbf2 sha256sums = 212f346b599146954b433a66f5857d8ba5bc5689d3268fa41dca1dec0b3ee683 sha256sums = a964a7802252d20a3319e2131c27ec307ad4f454921c2db31971c080150d7c9b sha256sums = 0e6d7c96b7c1ec63794214decb1f2e7dd112a22b02e55555cf98c2a573014af6 - sha256sums = 4a28ddf6a6ba8ec28c10a164f82e3d5e5904d6dfe68ae8852428a589cee210c5 - sha256sums = ee895ecaf5faaa794f161e9df038177497cb5c49510acd3aef088f75eb8b02f1 - sha256sums = c2ee8160e2f4f87a2d4fe46136ffb8ea14422dc599db3eca4341e48db26d72ad + sha256sums = 9d5a6f2cae6f18e22c5423247570519e8c772a9447ec2d92bd2fe5d69e519470 + sha256sums = f37b1b6257c5b92272f36773041c83fc72276ff4040100fba92db8136cc9177d + sha256sums = cea307055e9f8001a1507c507e1be91352d896cab17260a221f4ab8c298506d8 sha256sums = 01104122e3df765735b1062aa15e7a73c7949f2d9b7332c0e02e02db66345349 pkgname = funkwhale @@ -1,8 +1,8 @@ # Maintainer: getzze <getzze at gmail dot com> pkgname=funkwhale -pkgver=0.19.0 -pkgrel=2 +pkgver=0.20.1 +pkgrel=1 pkgdesc="A self-hosted, modern free and open-source music server, heavily inspired by Grooveshark." arch=(any) url="https://funkwhale.audio/" @@ -25,7 +25,7 @@ depends=('ffmpeg' 'libjpeg' 'postgresql' 'python' 'python-celery' 'python-django-cors-headers' 'python-musicbrainzngs' - 'python-django-rest-framework>=3.9' + 'python-django-rest-framework>=3.10' 'python-django-rest-framework-jwt' 'python-pendulum' 'python-persisting-theory' @@ -33,7 +33,6 @@ depends=('ffmpeg' 'libjpeg' 'postgresql' 'python' 'python-django-filter' 'python-django-rest-auth' 'python-mutagen' - 'python-django-taggit' 'python-pymemoize' 'python-django-dynamic-preferences' 'python-raven' @@ -41,9 +40,13 @@ depends=('ffmpeg' 'libjpeg' 'postgresql' 'python' 'python-django-channels' 'python-django-channels-redis' 'python-daphne' + 'uvicorn' + 'gunicorn' 'python-cryptography' 'python-requests-http-signature' 'python-django-cleanup' + 'python-requests' + 'python-pyopenssl' 'python-ldap' 'python-django-auth-ldap' 'python-service-identity' @@ -55,6 +58,7 @@ depends=('ffmpeg' 'libjpeg' 'postgresql' 'python' 'python-django-storages' 'python-boto3' 'python-unicode-slugify-git' + 'python-django-cacheops' ) makedepends=(git) _source_api="https://dev.funkwhale.audio/funkwhale/funkwhale/-/jobs/artifacts/${pkgver}/download?job=" @@ -70,15 +74,15 @@ source=("${pkgname}-${pkgver}-api.zip::${_source_api}build_api" "env-template" "funkwhale.service" ) -sha256sums=('8838f83c1c658a758ef283d22f682820b4866f33d83d7832eb52fa04b4f729c8' - '2a664eb81f46c1f7c9d52d472a2a9958356eb409fed36bb2acba7bde87c7d7c6' +sha256sums=('5ef55f5e8a9bddaf93744027791efa23d49fe59af681e39942be1227a0de4126' + '22d774590b943fa6d64f634a7175b1d100089fe33734ce9889d050063ff50ce7' '2906a075b41dcd2375c601482cb5a00e42cb87c613012b176c570d77918afbf2' '212f346b599146954b433a66f5857d8ba5bc5689d3268fa41dca1dec0b3ee683' 'a964a7802252d20a3319e2131c27ec307ad4f454921c2db31971c080150d7c9b' '0e6d7c96b7c1ec63794214decb1f2e7dd112a22b02e55555cf98c2a573014af6' - '4a28ddf6a6ba8ec28c10a164f82e3d5e5904d6dfe68ae8852428a589cee210c5' - 'ee895ecaf5faaa794f161e9df038177497cb5c49510acd3aef088f75eb8b02f1' - 'c2ee8160e2f4f87a2d4fe46136ffb8ea14422dc599db3eca4341e48db26d72ad' + '9d5a6f2cae6f18e22c5423247570519e8c772a9447ec2d92bd2fe5d69e519470' + 'f37b1b6257c5b92272f36773041c83fc72276ff4040100fba92db8136cc9177d' + 'cea307055e9f8001a1507c507e1be91352d896cab17260a221f4ab8c298506d8' '01104122e3df765735b1062aa15e7a73c7949f2d9b7332c0e02e02db66345349') install=${pkgname}.install diff --git a/apache-funkwhale.conf b/apache-funkwhale.conf index 9c98ffd063ec..40775f11cd9d 100644 --- a/apache-funkwhale.conf +++ b/apache-funkwhale.conf @@ -5,9 +5,10 @@ Define funkwhale-sn funkwhale.local # use different configuration than what is described in our installation guide. Define funkwhale-api http://localhost:5000 Define funkwhale-api-ws ws://localhost:5000 + Define FUNKWHALE_FRONTEND_PATH /usr/share/webapps/funkwhale/front/dist Define FUNKWHALE_DATA_PATH /srv/funkwhale/data -Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_DATA_PATH}/music +Define APACHE_LOG_DIR /var/log/httpd <IfModule mod_alias.c> Alias /funkwhale ${FUNKWHALE_FRONTEND_PATH} @@ -55,6 +56,10 @@ Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_DATA_PATH}/music # Tell the api that the client is using https RequestHeader set X-Forwarded-Proto "https" + + # Additional security headers +# Header set Referrer-Policy "strict-origin-when-cross-origin" +# Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:" # Configure Proxy settings # ProxyPreserveHost pass the original Host header to the backend server @@ -78,9 +83,13 @@ Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_DATA_PATH}/music # similar to nginx 'client_max_body_size 100M;' LimitRequestBody 104857600 +# Header set X-Frame-Options "sameorigin" +# Header set Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:" +# Header set Referrer-Policy "strict-origin-when-cross-origin" ProxyPass ${funkwhale-api}/ ProxyPassReverse ${funkwhale-api}/ </Location> + <Location "/federation"> ProxyPass ${funkwhale-api}/federation ProxyPassReverse ${funkwhale-api}/federation @@ -97,6 +106,11 @@ Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_DATA_PATH}/music ProxyPassReverse ${funkwhale-api}/.well-known/ </Location> +# <Location "/front/embed.html"> +# Header set X-Frame-Options "allow-from ${funkwhale-sn}" +# </Location> +# Alias /front/embed.html ${FUNKWHALE_FRONTEND_PATH}/embed.html + <Location "/front"> ProxyPass "!" </Location> @@ -144,7 +158,7 @@ Define MUSIC_DIRECTORY_PATH ${FUNKWHALE_DATA_PATH}/music <IfModule mod_xsendfile.c> XSendFile On XSendFilePath ${FUNKWHALE_DATA_PATH}/media - XSendFilePath ${MUSIC_DIRECTORY_PATH} + XSendFilePath ${FUNKWHALE_DATA_PATH}/music SetEnv MOD_X_SENDFILE_ENABLED 1 </IfModule> </VirtualHost> diff --git a/env-template b/env-template index 37e0cbf153d5..3ee084fb3eac 100644 --- a/env-template +++ b/env-template @@ -35,7 +35,9 @@ FUNKWHALE_VERSION=latest # example: FUNKWHALE_API_PORT=5678 FUNKWHALE_API_IP=127.0.0.1 FUNKWHALE_API_PORT=5000 - +# The number of web workers to start in parallel. Higher means you can handle +# more concurrent requests, but also leads to higher CPU/Memory usage +FUNKWHALE_WEB_WORKERS=1 # Replace this by the definitive, public domain you will use for # your instance FUNKWHALE_HOSTNAME=funkwhale.local @@ -108,6 +110,9 @@ DJANGO_SECRET_KEY= RAVEN_ENABLED=false RAVEN_DSN=https://44332e9fdd3d42879c7d35bf8562c6a4:0062dc16a22b41679cd5765e5342f716@sentry.eliotberriot.com/5 +# Denormalized audio permission logic in a separate table to enhance performance +MUSIC_USE_DENORMALIZATION=True + # In-place import settings # You can safely leave those settings uncommented if you don't plan to use # in place imports. diff --git a/funkwhale-server.service b/funkwhale-server.service index 30dcc38b4eb0..0bbfb7f695d5 100644 --- a/funkwhale-server.service +++ b/funkwhale-server.service @@ -8,7 +8,8 @@ User=funkwhale # adapt this depending on the path of your funkwhale installation WorkingDirectory=/usr/share/webapps/funkwhale/api EnvironmentFile=/srv/funkwhale/config/env -ExecStart=/usr/bin/daphne -b ${FUNKWHALE_API_IP} -p ${FUNKWHALE_API_PORT} config.asgi:application --proxy-headers +ExecStart=/usr/bin/gunicorn config.asgi:application -w ${FUNKWHALE_WEB_WORKERS} -k uvicorn.workers.UvicornWorker -b ${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT} +#ExecStart=/usr/bin/daphne -b ${FUNKWHALE_API_IP} -p ${FUNKWHALE_API_PORT} config.asgi:application --proxy-headers [Install] WantedBy=multi-user.target |