-
-
Notifications
You must be signed in to change notification settings - Fork 315
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[docs] Made Advanced its own section #1883
Conversation
https://gotosocial--1883.org.readthedocs.build/en/1883/advanced/ to see the changes. |
This splits the Advanced page off from the Getting Started guide and makes it its own thing. It now has some additional sub-sections for bigger topics like caching and enhanced security. This also moves tracing from Getting Started to Advanced as that feels like a more appropriate location for it. The enhanced security looks a little silly with a single section, but I have guides pending for firewall configurations and I'd also like to consolidate our how to provision TLS certificates in there as we repeat this information multiple times.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fantastic work, this is a big improvement, thank you! Couple comments about typos and footnotes vs links
docs/advanced/host-account-domain.md
Outdated
|
||
## Background | ||
|
||
The way ActivityPub implementations discover how to map your account domain to your host domain is thorugh a protocol called [webfinger](https://www.rfc-editor.org/rfc/rfc7033). This mapping is typically cached by servers and hence why you can't change it after the fact. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thorugh -> through
* **SELinux** for the Red Hat/Fedora/CentOS family of distributions or Gentoo | ||
|
||
!!! warning "Containers and sandboxing" | ||
Running GoToSocial as a container does not in and of itself provide much additional security. Despite their name, "containers do not contain". Containers are a distribution mechanism, not a security sandbox. To further secure your container you can instruct the container runtime to load the AppArmor profile and look into limiting which syscalls can be used using a seccomp profile. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe it's worth finding some document from docker for this, and linking to it? I assume there's some best practices in the Docker docs we can point people to.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah nevermind, I see you do this below :)
docs/advanced/security/sandboxing.md
Outdated
|
||
The SELinux policy is maintained by the community in the [`lzap/gotosocial-selinux`][selpol] repository on GitHub. Make sure to read its documentation, review the policy before using it and use their issue tracker for any support requests around the SELinux policy. | ||
|
||
[lsm]: https://www.kernel.org/doc/html/latest/admin-guide/LSM/index.html |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Elsewhere in the docs we link directly, but here we're using footnotes (these are footnotes right?). I think it's best if we pick one and stick with it. My preference would be for linking directly, since that's already the most common one, but I'm open to changing that if there's a good (accessibility?) reason
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Oh no, it's not a footnotes thing. It just places the link outside of the text flow, as a reference link. I find it easier to read when it's larger URLs when I'm editing, but I don't mind either way. They have the advantage of being reusable if you want to create a link to the same thing multiple times.
I typically use them for external links vs. internal ones, as they tend to be longer. But I haven't been very consistent in that. I can inline them.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The LSM one was a leftover from something I removed 🤦
Ah sorry for the spell-check stuff. I thought I had that wired up in my editor for Markdown files. |
Nothing to apologize for! |
* [docs] Made Advanced its own section This splits the Advanced page off from the Getting Started guide and makes it its own thing. It now has some additional sub-sections for bigger topics like caching and enhanced security. This also moves tracing from Getting Started to Advanced as that feels like a more appropriate location for it. The enhanced security looks a little silly with a single section, but I have guides pending for firewall configurations and I'd also like to consolidate our how to provision TLS certificates in there as we repeat this information multiple times. * [docs] Fix all my spelling errors * [docs] Inline the links in sandboxing
Description
This splits the Advanced page off from the Getting Started guide and makes it its own thing. It now has some additional sub-sections for bigger topics like caching and enhanced security. This also moves tracing from Getting Started to Advanced as that feels like a more appropriate location for it.
The enhanced security looks a little silly with a single section, but I have guides pending for firewall configurations and I'd also like to consolidate our how to provision TLS certificates in there as we repeat this information multiple times.
Checklist
Please put an x inside each checkbox to indicate that you've read and followed it:
[ ]
->[x]
If this is a documentation change, only the first checkbox must be filled (you can delete the others if you want).
go fmt ./...
andgolangci-lint run
.