diff --git a/.env.mastodon b/.env.mastodon new file mode 100644 index 0000000..bc4b231 --- /dev/null +++ b/.env.mastodon @@ -0,0 +1,47 @@ +LOCAL_DOMAIN=mastodon.pubtester.local +BIND=0.0.0.0 + +REDIS_HOST=mastodon_redis +REDIS_PORT=6379 + +DB_HOST=mastodon_db +DB_USER=mastodon +DB_NAME=mastodon +DB_PASS=very_secure_mastodon_password +DB_PORT=5432 + +ES_ENABLED=false + +# Secrets +# ------- +# Make sure to use `rake secret` to generate secrets +# ------- +SECRET_KEY_BASE=c3b5ae3f1e4857fafc31014c992b17abaa9a65e1a9af6fe51ecc9664d130784370fd9b65e0ed7d0ea0cb373c834a1f7c8f76c6228f028dada6e33c947c3ea360 +OTP_SECRET=fd78ca61cfde7df1b1958ff597b3cabb991431fd86cad3e45b488598c7dafa3f17a22f4dd4d31f93bcb22277796df7196a2de09bdc96d56579bb5c61176d0d99 + +# Web Push +# -------- +# Generate with `rake mastodon:webpush:generate_vapid_key` +# -------- +VAPID_PRIVATE_KEY=Zg_9v96zzhNvo7JhmmbuhwUGZAbpvCQZ-PzX1ndYuS0= +VAPID_PUBLIC_KEY=BLJKROTzCNgqrIr6cKu4VXdq34dAlJnSgcdv1GE9FxJbuANws3yKvSnqBgZpmC7_hcRl6WcxW1RWjVEMlF5qo7s= + +# Sending mail +# ------------ +SMTP_SERVER=smtp.example.org +SMTP_PORT=587 +SMTP_LOGIN= +SMTP_PASSWORD= +SMTP_FROM_ADDRESS=notifications@example.com + +# File storage (optional) +# ----------------------- +S3_ENABLED=false + +# IP and session retention +# ----------------------- +# Make sure to modify the scheduling of ip_cleanup_scheduler in config/sidekiq.yml +# to be less than daily if you lower IP_RETENTION_PERIOD below two days (172800). +# ----------------------- +IP_RETENTION_PERIOD=31556952 +SESSION_RETENTION_PERIOD=31556952 diff --git a/.gitignore b/.gitignore index 5d381cc..2d5bf53 100644 --- a/.gitignore +++ b/.gitignore @@ -160,3 +160,5 @@ cython_debug/ # option (not recommended) you can uncomment the following to ignore the entire idea folder. #.idea/ + +data/ diff --git a/docker-compose.yaml b/docker-compose.yaml index db859a2..65ffd0c 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -1,10 +1,99 @@ version: "3.9" services: - pleroma_db: - image: postgres:15 - pleroma: - image: git.pleroma.social:5050/pleroma/pleroma:release-2-4-1 + #pleroma_db: + # image: postgres:15 + #pleroma: + # image: git.pleroma.social:5050/pleroma/pleroma:release-2-4-1 + + # mastodon config mastodon_db: image: postgres:15 - mastodon: + shm_size: 256mb + networks: + - internal_network + healthcheck: + test: ['CMD', 'pg_isready', '-U', 'postgres'] + volumes: + - ./data/mastodon/postgres14:/var/lib/postgresql/data + environment: + - 'POSTGRES_HOST_AUTH_METHOD=trust' + - 'POSTGRES_USER=mastodon' + - 'POSTGRES_PASSWORD=very_secure_mastodon_password' + - 'POSTGRES_DB=mastodon' + mastodon_redis: + restart: always + image: redis:7-alpine + networks: + - internal_network + healthcheck: + test: ['CMD', 'redis-cli', 'ping'] + volumes: + - ./data/mastodon/redis:/data + mastodon_web: image: tootsuite/mastodon:v4.0.2 + restart: always + env_file: .env.mastodon + command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" + networks: + - external_network + - internal_network + healthcheck: + # prettier-ignore + test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1'] + ports: + - '127.0.0.1:20690:3000' + depends_on: + - mastodon_db + - mastodon_redis + volumes: + - ./data/mastodon/public/system:/mastodon/public/system + mastodon_streaming: + image: tootsuite/mastodon:v4.0.2 + restart: always + env_file: .env.mastodon + command: node ./streaming + networks: + - external_network + - internal_network + healthcheck: + # prettier-ignore + test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1'] + ports: + - '127.0.0.1:20691:4000' + depends_on: + - mastodon_db + - mastodon_redis + mastodon_sidekiq: + image: tootsuite/mastodon + restart: always + env_file: .env.mastodon + command: bundle exec sidekiq + depends_on: + - mastodon_db + - mastodon_redis + networks: + - external_network + - internal_network + volumes: + - ./data/mastodon/public/system:/mastodon/public/system + healthcheck: + test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"] + + # nginx reverse proxy configured for all instances + nginx: + image: nginx:1.23.1-alpine + networks: + - external_network + - internal_network + volumes: + - ./files/nginx.conf:/etc/nginx/nginx.conf:ro + ports: + - '127.0.0.1:20000:80' + depends_on: + - mastodon_web + - mastodon_streaming + +networks: + external_network: + internal_network: + internal: true diff --git a/files/nginx.conf b/files/nginx.conf new file mode 100644 index 0000000..14a4d79 --- /dev/null +++ b/files/nginx.conf @@ -0,0 +1,66 @@ + + +user nginx; +worker_processes auto; + +error_log /var/log/nginx/error.log notice; +pid /var/run/nginx.pid; + + +events { + worker_connections 1024; +} + + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + log_format main '$remote_addr - $remote_user [$time_local] "$request" ' + '$status $body_bytes_sent "$http_referer" ' + '"$http_user_agent" "$http_x_forwarded_for"'; + + access_log /var/log/nginx/access.log main; + + sendfile on; + #tcp_nopush on; + + keepalive_timeout 65; + + #gzip on; + + + server { + listen 80; + listen [::]:80; + root /mnt/none; + index index.html index.htm; + + server_name mastodon.pubtester.local; + + absolute_redirect off; + server_name_in_redirect off; + + error_page 404 /404.html; + error_page 410 /410.html; + + location / { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto https; + + proxy_pass http://mastodon_web:3000; + } + + location ^~ /api/v1/streaming { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto https; + + proxy_pass http://mastodon_streaming:4000; + + proxy_buffering off; + proxy_redirect off; + proxy_http_version 1.1; + tcp_nodelay on; + } + } +} diff --git a/mastodon_setup.sh b/mastodon_setup.sh new file mode 100755 index 0000000..f30d6e6 --- /dev/null +++ b/mastodon_setup.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# +# bootstrap things like db schemas before 'docker-compose up' can be fully run + +set -eux + +docker-compose run --rm mastodon_web rails db:migrate