Skip to content
Snippets Groups Projects
Commit 0c77da95 authored by thorsummoner's avatar thorsummoner
Browse files

quick attempt at getting a turn-key mastodon

parents
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
docker-compose.bind.yml 0 → 100644
+ 6
0
View file @ 0c77da95
version: '3'
services:
nginx:
ports:
- 80:80
- 443:443
docker-compose.yml 0 → 100644
+ 159
0
View file @ 0c77da95
version: '3'
volumes:
postgres14:
redis:
public_system:
elasticsearch:
priv-config:
services:
workstation:
build: docker-workstation/
volumes:
- postgres14:/srv/postgres14
- redis:/srv/redis
- public_system:/srv/public_system
- elasticsearch:/srv/elasticsearch
- priv-config:/srv/priv-config
networks:
- internal_network
- external_network
nginx:
build: docker-nginx/
networks:
- internal_network
- external_network
volumes:
- public_system:/srv/public/system:ro
ports:
- 80
- 443
postgresql:
restart: always
image: postgres:14-alpine
shm_size: 256mb
networks:
- internal_network
healthcheck:
test: ['CMD', 'pg_isready', '-U', 'postgres']
volumes:
- postgres14:/var/lib/postgresql/data
environment:
- 'POSTGRES_HOST_AUTH_METHOD=trust'
redis:
restart: always
image: redis:7-alpine
networks:
- internal_network
healthcheck:
test: ['CMD', 'redis-cli', 'ping']
volumes:
- redis:/data
# es:
# restart: always
# image: docker.elastic.co/elasticsearch/elasticsearch:7.17.4
# environment:
# - "ES_JAVA_OPTS=-Xms512m -Xmx512m -Des.enforce.bootstrap.checks=true"
# - "xpack.license.self_generated.type=basic"
# - "xpack.security.enabled=false"
# - "xpack.watcher.enabled=false"
# - "xpack.graph.enabled=false"
# - "xpack.ml.enabled=false"
# - "bootstrap.memory_lock=true"
# - "cluster.name=es-mastodon"
# - "discovery.type=single-node"
# - "thread_pool.write.queue_size=1000"
# networks:
# - external_network
# - internal_network
# healthcheck:
# test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
# volumes:
# - elasticsearch:/usr/share/elasticsearch/data
# ulimits:
# memlock:
# soft: -1
# hard: -1
# nofile:
# soft: 65536
# hard: 65536
# ports:
# - '127.0.0.1:9200:9200'
app:
env_file: envfile
image: tootsuite/mastodon
restart: always
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
networks:
- external_network
- internal_network
healthcheck:
# prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health']
ports:
- 3000
depends_on:
- postgresql
- redis
# - es
volumes:
- public_system:/mastodon/public/system
streaming:
env_file: envfile
image: tootsuite/mastodon
restart: always
command: node ./streaming
networks:
- external_network
- internal_network
healthcheck:
# prettier-ignore
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health']
ports:
- 4000
depends_on:
- postgresql
- redis
sidekiq:
env_file: envfile
image: tootsuite/mastodon
restart: always
command: bundle exec sidekiq
depends_on:
- postgresql
- redis
networks:
- external_network
- internal_network
volumes:
- public_system:/mastodon/public/system
healthcheck:
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
## Uncomment to enable federation with tor instances along with adding the following ENV variables
## http_proxy=http://privoxy:8118
## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
# tor:
# image: sirboops/tor
# networks:
# - external_network
# - internal_network
#
# privoxy:
# image: sirboops/privoxy
# volumes:
# - priv-config:/opt/config
# networks:
# - external_network
# - internal_network
networks:
external_network:
internal_network:
internal: true
docker-nginx/Dockerfile 0 → 100644
+ 11
0
View file @ 0c77da95
from nginx
run openssl req -new -x509 -days 365 -nodes -out /etc/ssl/snakeoil.crt -keyout /etc/ssl/private/snakeoil.key -subj "/CN=mastodon.docker.internal"
run rm /etc/nginx/conf.d/*.conf
add mastodon.conf /etc/nginx/conf.d/mastodon.conf
copy --from=tootsuite/mastodon /opt/mastodon/public/ /srv/public
# (dylang) tightly coupling nignx config to docker-compose service hostname
# injection does not work at build time
#run nginx -t
entrypoint []
cmd nginx -g 'daemon off;'
docker-nginx/mastodon.conf 0 → 100644
+ 161
0
View file @ 0c77da95
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream backend {
server app:3000 fail_timeout=0;
}
upstream streaming {
server streaming:4000 fail_timeout=0;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
server {
listen 80 default_server;
listen [::]:80 default_server;
#root /home/mastodon/live/public;
root /srv/public;
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Uncomment these lines once you acquire a certificate:
#ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_certificate /etc/ssl/snakeoil.crt;
ssl_certificate_key /etc/ssl/private/snakeoil.key;
keepalive_timeout 70;
sendfile on;
client_max_body_size 80m;
#root /home/mastodon/live/public;
root /srv/public;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
location / {
try_files $uri @proxy;
}
# If Docker is used for deployment and Rails serves static files,
# then needed must replace line `try_files $uri =404;` with `try_files $uri @proxy;`.
location = /sw.js {
add_header Cache-Control "public, max-age=604800, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/assets/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/avatars/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/emoji/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/headers/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/packs/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/shortcuts/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/sounds/ {
add_header Cache-Control "public, max-age=2419200, must-revalidate";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ~ ^/system/ {
add_header Cache-Control "public, max-age=2419200, immutable";
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
try_files $uri =404;
}
location ^~ /api/v1/streaming {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass http://streaming;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains";
tcp_nodelay on;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://backend;
proxy_buffering on;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache CACHE;
proxy_cache_valid 200 7d;
proxy_cache_valid 410 24h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
add_header X-Cached $upstream_cache_status;
tcp_nodelay on;
}
error_page 404 500 501 502 503 504 /500.html;
}
docker-workstation/Dockerfile 0 → 100644
+ 2
0
View file @ 0c77da95
from debian:stable
run apt-get update && apt-get install iputils-ping netcat-traditional bind9-host iproute2 ncdu tmux -y
docker-workstation/install-mastodon 0 → 100644
+ 288
0
View file @ 0c77da95
#!/bin/sh
echo nie
exit 1
1 sudo echo hi
2 sudo docker ps
4 ll
5 cd
6 mkdir mastodon
7 cd mastodon/
8 wget https://raw.githubusercontent.com/mastodon/mastodon/main/docker-compose.yml
9 ll
11 sudo docker-compose pull
13 sudo docker-compose pull
14 sudo docker-compose pull --help
15 sudo docker-compose pull
16 ll
18 sudo docker-compose up -d
21 sudo docker-compose up -d
24 ss -nlpt
25 sudo ss -nlpt
29 sudo docker-compose up -d
37 sudo docker-compose run workstation
39 sudo docker-compose run workstation
40 docker ps
41 sudo docker ps
42 sudo docker ps -a
43 sudo docker rm e43eac6ff234 967e0c427e75
44 df -h .
45 sudo ncdu -x /
46 sudo docker-compose run --rm workstation
48 sudo docker-compose run --rm workstation
50 sudo docker-compose run --rm workstation
52 mkdir -p docker/debian
54 sudo docker-compose run --rm workstation
58 sudo docker-compose run --rm workstation
60 sudo docker-compose run --rm workstation
62 sudo docker-compose run --rm workstation
63 ll
65 sudo docker-compose run --rm workstation
66 sudo docker-compose run --rm workstation --build
67 sudo docker-compose run --build --rm workstation
68 sudo docker-compose build workstation
69 sudo docker-compose run --rm workstation
72 sudo docker-compose run --rm workstation
73 sudo docker-compose up -d
75 sudo docker-compose exec workstation
76 sudo docker-compose exec workstation /bin/bash
77 sudo docker-compose run --rm workstation
79 wget https://raw.githubusercontent.com/mastodon/mastodon/main/.env.production.sample
80 mv .env.production.sample envfile
82 sudo docker-compose up -d
83 sudo docker-compose rm
85 sudo docker-compose
86 sudo docker-compose kill
87 sudo docker-compose rm
88 sudo docker-compose up -d
92 sudo docker-compose run app rake mastodon:webpush:generate_vapid_key
93 sudo docker-compose run web rake mastodon:webpush:generate_vapid_key
94 sudo docker-compose run web bundle exec rake mastodon:webpush:generate_vapid_key
96 sudo docker-compose run web bundle exec rake secret
98 sudo docker-compose run web bundle exec rake secret
100 sudo docker-compose stop
101 sudo docker-compose kill
102 sudo docker-compose up -d
120 mv .env envfile
124 sudo docker-compose up -d
130 sudo docker-compose up -d
133 sudo docker-compose run --user postgres db create_user mastodon
134 sudo docker-compose run --user postgres db
135 sudo docker-compose run --user postgres db /bin/bash
136 sudo docker-compose exec --user postgres db createuser mastoddon
137 rake assets:precompile
138 sudo docker-compose up -d
139 sudo docker-compose restart web streaming sidekiq
142 apg
143 sudo apt install -y apg
144 apg
146 sudo docker-compose exec --user postgres psql
147 sudo docker-compose exec --user postgres db psql
148 sudo docker-compose exec --user postgres db psql --user mastodon
149 sudo docker-compose exec --user postgres db psql
150 sudo docker-compose exec --user postgres db createuser -W
151 sudo docker-compose exec --user postgres db createuser mastodon -W
152 sudo docker-compose exec --user postgres db psql
153 sudo docker-compose exec --user postgres db bash
154 sudo docker-compose exec psql
155 sudo docker-compose exec db psql
156 sudo docker-compose exec db psql --help
157 sudo docker-compose exec db psql -U mastodon -W
158 sudo docker-compose exec db psql -U mastodon
159 cd mastodon/
160 ll
162 sudo docker-compose up -d
166 sudo docker-compose up -d
169 sudo docker-compose run web RAILS_ENV=production bundle exec rake mastodon:setup
170 sudo docker-compose run web env RAILS_ENV=production bundle exec rake mastodon:setup
171 sudo docker-compose run web env RAILS_ENV=production rails db:setup
173 sudo docker-compose run web env RAILS_ENV=production rails db:migrate
174 echo $?
175 sudo docker-compose up -d
187 sg docker/debian/install-mastodon
188 sh docker/debian/install-mastodon
189 git st
191 ll
197 sudo docker-compose exec web grep -R config.hosts
199 sudo docker-compose up -d
203 sudo docker-compose run web env RAILS_ENV=production bundle exec rake mastodon:setup --help
204 sudo docker-compose run web env RAILS_ENV=production bundle exec rake mastodon:setup -T
205 sudo docker-compose run web env RAILS_ENV=production bundle exec rake mastodon:setup
207 sudo docker-compose run web env RAILS_ENV=production bundle exec rake mastodon:setup -T
208 sudo docker-compose run web env RAILS_ENV=production bundle exec rake assets:precompile
210 mv docker/debian/ docker-workstation
211 rmdir docker
213 sudo docker-compose run web find /home/
214 sudo docker-compose run --rm web pwd
215 sudo docker-compose run --rm web find . | grep -i nginx
217 sudo docker-compose run --rm web tar -c ./dist/nginx.conf | tar -tv
218 sudo docker-compose run -t --rm web tar -c ./dist/nginx.conf | tar -tv
219* sudo docker-compose run --rm web tar -c
220 sudo docker-compose run --rm --it web tar -c ./dist/nginx.conf | tar -tv
221 sudo docker-compose run --rm web tar -c ./dist/nginx.conf
222 sudo docker-compose run --rm web tar -f - -c ./dist/nginx.conf
223 sudo docker-compose run -T --rm web tar -c ./dist/nginx.conf | tar -tv
224 sudo docker-compose run -T --rm web tar -c ./dist/nginx.conf | tar -O
225 sudo docker-compose run -T --rm web tar -c ./dist/nginx.conf | tar -O ./dist/nginx.conf
226 sudo docker-compose run -T --rm web tar -c ./dist/nginx.conf | tar -xv
227 sudo docker-compose run -T --rm web tar -c ./dist/nginx.conf | tar -xO ./dist/nginx.conf
228 mkdir docker-nginx
230 sudo docker-compose run -T --rm web tar -c ./dist/nginx.conf | tar -xO ./dist/nginx.conf | dd of=docker-nginx/nginx.conf
232 sudo docker-compose exec web ss
233 sudo docker-compose exec web netstat
234 sudo docker-compose exec web bash
235 sudo docker-compose exec web --user root bash
236 sudo docker-compose exec --user root web bash
237 ll
238 ls
240 sudo docker-compose exec --user root ls /home/
241 sudo docker-compose exec --user root web pwd
244 ll
246 sudo docker-compose exec web find . | grep -i public
253 git st
254 sudo docker-compose up -d
255 sudo docker-compose up ps
259 sudo docker-compose up -d
263 sudo docker-compose up -d
266 sudo docker-compose up -d
269 sudo docker-compose up -d
270 sudo docker-compose build workstation
271 sudo docker-compose up -d
272 sudo docker-compose up --remove-orphans
275 sudo docker-compose up -d
276 sudo docker-compose down workstation
277 sudo docker-compose stop workstation
280 sudo docker-compose up -d
283 sudo docker-compose up -d
288 sudo docker-compose up -d
290 sudo docker-compose up -d
292 sudo docker-compose up -d
295 sudo docker-compose up -d
298 sudo docker-compose up -d
300 sudo docker-compose up -d
304 sudo docker-compose up -d
307 sudo docker-compose up -d
309 sudo docker-compose stop worksttion
310 sudo docker-compose stop workstation
315 sudo docker-compose up -d
319 sudo docker-compose up -d
321 sudo docker-compose up -d
322 sudo docker-compose build nignx
323 sudo docker-compose build nginx
324 sudo docker-compose up -d nginx
329 mv docker-nginx/{nginx.conf,site-mastodon.nginx-conf}
331 sudo docker-compose build nginx
332 sudo docker-compose up -d nginx
335 sudo docker-compose exec nginx pwd
336 sudo docker-compose exec nginx find /etc/ssl/
337 sudo docker-compose exec nginx find /etc/ssl/private/
338 sudo docker-compose exec nginx find /etc/ssl/
339 sudo docker-compose exec nginx find /etc | grep lsb
340 sudo docker-compose exec nginx find /usr/nginx/
341 sudo docker-compose exec nginx find /usr/
342* sudo docker-compose exec nginx find /usr/share
343 sudo docker-compose exec nginx find /usr/ | grep nginx
344 sudo docker-compose exec nginx find /usr/ | grep ssl
345 sudo docker-compose exec nginx openssl help
346 sudo docker-compose exec nginx openssl req -new -x509 -days 365 -nodes -out /etc/ssl/snakeoil.crt -keyout /etc/ssl/private/snakeoil.key
347 sudo docker-compose exec nginx make-ssl-cert generate-default-snakeoil
348 sudo docker-compose exec nginx openssl req -new -x509 -days 365 -nodes -out /etc/ssl/snakeoil.crt -keyout /etc/ssl/private/snakeoil.key
349 sudo docker-compose exec -T nginx openssl req -new -x509 -days 365 -nodes -out /etc/ssl/snakeoil.crt -keyout /etc/ssl/private/snakeoil.key
350 sudo docker-compose exec -t nginx openssl req -new -x509 -days 365 -nodes -out /etc/ssl/snakeoil.crt -keyout /etc/ssl/private/snakeoil.key
351 sudo docker-compose exec nginx openssl req -new -x509 -days 365 -nodes -out /etc/ssl/snakeoil.crt -keyout /etc/ssl/private/snakeoil.key
352 sudo docker-compose exec nginx openssl req -new -x509 -days 365 -nodes -out /etc/ssl/snakeoil.crt -keyout /etc/ssl/private/snakeoil.key -help
353 sudo docker-compose exec nginx openssl req -new -x509 -days 365 -nodes -out /etc/ssl/snakeoil.crt -keyout /etc/ssl/private/snakeoil.key -subj "snakeoil"
354 sudo docker-compose exec nginx openssl req -new -x509 -days 365 -nodes -out /etc/ssl/snakeoil.crt -keyout /etc/ssl/private/snakeoil.key -subj "/CN=snakeoil"
355 sudo docker-compose exec nginx openssl req -new -x509 -days 365 -nodes -out /etc/ssl/snakeoil.crt -keyout /etc/ssl/private/snakeoil.key -subj "/CN=mastodon.docker.internal"
357 sudo docker-compose build nginx
358 sudo docker-compose up -d
361 sudo docker-compose exec nginx ss
364 sudo docker-compose build nginx
365 sudo docker-compose up -d
367 sudo docker-compose build nginx
368 sudo docker-compose up -d
370 sudo docker-compose build nginx
371 sudo docker-compose up -d
373 nginx --help
374 sudo docker-compose run --rm nginx nginx --help
375 sudo docker-compose run --rm nginx nginx -h
376 sudo docker-compose run --rm nginx nginx -g DAEMON=off;
377 sudo docker-compose run --rm nginx nginx -g DAEMON=off
378 sudo docker-compose run --rm nginx nginx -g daemon\ off;
379 sudo docker-compose run --rm nginx nginx -g 'daemon off';
380 sudo docker-compose run --rm nginx nginx -g 'daemon off;'
382 sudo docker-compose build nginx
383 sudo docker-compose up -d
386 nc -vzw1 lo 49465
387 nc -vzw1 127 49465
388 nc -vzw1 127. 49465
389 nc -vzw1 127.1 49465
394 sudo docker-compose exec -T nginx tar -c /etc/nginx/ | tar -xv
397 ll
398 ls
399 rm -r etc/
402 mv docker-nginx/{site-mastodon.nginx-conf,mastodon.conf}
403 sudo docker-compose build nginx
404 sudo docker-compose up -d
407 sudo docker-compose build nginx
408 sudo docker-compose up -d
415 sudo docker-compose up -d
417 sudo docker-compose build nginx
418 sudo docker-compose up -d
426 sudo docker-compose exec -T nginx cat /etc/resolve.conf
429 sudo docker-compose run --rm nginx nginx -t
430 sudo docker-compose run --rm nginx cat /etc/resolve.conf
431 sudo docker-compose run --rm nginx cat find /etc/
432 sudo docker-compose run --rm nginx find /etc/ | grep re
433 sudo docker-compose run --rm nginx cat /etc/resolv.conf
434 sudo docker-compose run --rm nginx getent hosts streaming
435 sudo docker-compose run --rm nginx getent hosts app
436 sudo docker-compose run --rm nginx nginx -t
438 sudo docker-compose build nginx
442 sudo docker-compose build nginx
443 sudo docker-compose up -d
447 sudo docker-compose build nginx
448 sudo docker-compose up -d
453 sudo docker-compose build nginx
454 sudo docker-compose up -d
458 sudo docker-compose run --rm workstation
460 sudo docker-compose run --rm workstation
462 sudo docker-compose up -d
464 sudo docker-compose up -d
468 sudo docker-compose exec -T nginx app pwd
469 sudo docker-compose exec app pwd
470 sudo docker-compose exec app ls public
475 sudo docker-compose build nginx
477 sudo docker-compose build nginx
479 sudo docker-compose build nginx
480 sudo docker-compose up -d
483 sudo docker-compose up -d
485 apg
492 dh -f .
493 df -h
494 df -h .
495 free
496 free -h
499 cat password
500 fg
502 sudo docker-compose up -d
506 sudo docker-compose up -d
508 sudo docker-compose kill -s nginx
509 sudo docker-compose stop nginx
510 sudo docker-compose kill nginx
511 sudo docker-compose up nginx -d
512 sudo docker-compose up 0d nginx
513 sudo docker-compose up -d
515 cat password
518 sudo docker-compose up -d
519 cat envfile
520 sudo docker-compose exec app env RAILS_ENV=production bin/tootctl accounts create localadmin --email localadmin@localhost --confirmed --role Owner
524 sudo docker-compose up -d
528 cat password
530 ll
533 sudo docker-compose -f docker-compose.* up
534 sudo docker-compose -f docker-compose.yml -f docker-compose.bind.yml up -d
535 ll
536 ss -nlpt
538 sudo service apache2 stop
539 sudo service apache2 disable
541 sudo docker-compose -f docker-compose.yml -f docker-compose.bind.yml up -d
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment