!! ADMIN POST !!
apologies for the long maintenance hiatus
I have resolved the main issues and have upgraded to latest Mastodon version
should be good for a bit; please reach out with any concerns
if anyone is curious as to what was wrong, i've found and fixed the following issues:
- main nginx route had misconfigured TLS to use the wrong cert path, so even tho certbot was renewing, the new cert wasnt getting used
- media nginx route's TLS cert was configured properly, but was expired bc the cronjob broke
- the server was self-DDoSing bc the streaming API component was bootlooping as the node binary somehow became owned by root and hence inaccessible to the service user, so requests would fallback to the much less efficient REST api
- the version of masto i was on has a known issue where it is currently impossible to install with ANY version of node, bc some very specific dep with a binary module depends on a specific version of something which is no longer available online
anyway so I've fixed all these and have upgraded to latest masto (v3.5.3), which took about as much effort as I expected (had to upgrade one step at a time to account for migrations)
the server is still very much a pet, in the sense that it's manually groomed and cared for, nothing is version controlled nor managed thru IaC. this pains me greatly
hopefully this time around I'll make it more of a priority to manage it better
I'm still thinking about longer term sustainability, and how that might mean that to justify the time allocation might make sense to make this a paid instance (nothing crazy, with tiers ofc) but I recognize it's pretty hard to convince people to pay for a previously free service
any thoughts?
@locus if you offered an encrypted at rest email service to nda@schelling.pt using a known, trusted provider, I’d pay for that too.