Initial commit

This commit is contained in:
Aleksandr Bogdanov 2018-10-30 16:46:13 +01:00
commit e9fc6f58a3
11 changed files with 301 additions and 0 deletions

6
.dockerignore Normal file
View file

@ -0,0 +1,6 @@
.git
.gitignore
.dockerignore
node_modules
mastodon
.idea

3
.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
node_modules
mastodon
.idea

2
CHANGELOG Normal file
View file

@ -0,0 +1,2 @@
[2.5.2]
* Initial Cloudron packaging

30
CloudronManifest.json Normal file
View file

@ -0,0 +1,30 @@
{
"id": "org.joinmastodon.cloudronapp",
"title": "Mastodon",
"author": "Matodon Authors",
"description": "file://DESCRIPTION.md",
"changelog": "file://CHANGELOG",
"tagline": "A federated microblogging network that is decentralized between independently operated servers",
"version": "2.5.2",
"healthCheckPath": "/about",
"httpPort": 8000,
"memoryLimit": 536870912,
"addons": {
"localstorage": {},
"postgresql": {},
"redis": {},
"sendmail": {}
},
"minBoxVersion": "1.8.1",
"manifestVersion": 1,
"website": "https://joinmastodon.org/",
"contactEmail": "syn+cloudron@syn.im",
"icon": "logo.png",
"tags": [
"social",
"forum"
],
"mediaLinks": [
"https://upload.wikimedia.org/wikipedia/commons/0/0b/Mastodon_desktop_web_screenshot.png"
]
}

15
DESCRIPTION.md Normal file
View file

@ -0,0 +1,15 @@
Social networking, back in your hands
=====
Follow friends and discover new ones. Publish anything you want: links, pictures, text, video. All on a platform that is community-owned and ad-free.
Find your perfect community
=====
Mastodon isnt just a website, it is a federation—think Star Trek. Thousands of independent communities running Mastodon form a coherent network, where while every planet is different, being part of one is being part of the whole.
Safer social media experience
=====
Mastodon comes with effective anti-abuse tools to help protect yourself. Thanks to the network's spread out and independent nature there are more moderators who you can approach for personal help, and servers with strict codes of conduct.
Sharing your thoughts has never been more convenient
=====
You have 500 characters. You can adjust the thumbnails of your pictures with focal points. You can use custom emojis, hide things behind spoiler warnings and choose who sees a given post. Messed it up? You can delete & redraft for quick corrections.

48
Dockerfile Normal file
View file

@ -0,0 +1,48 @@
FROM cloudron/base:1.0.0
RUN mkdir -p /app/code
WORKDIR /app/code
RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
# the following does apt-get update
RUN curl -sL https://deb.nodesource.com/setup_8.x | bash -
RUN apt-get install -y \
imagemagick ffmpeg libpq-dev libxml2-dev libxslt1-dev file git-core \
g++ libprotobuf-dev protobuf-compiler pkg-config nodejs gcc autoconf \
bison build-essential libssl-dev libyaml-dev libreadline6-dev \
zlib1g-dev libncurses5-dev libffi-dev libgdbm5 libgdbm-dev \
nginx redis-server redis-tools postgresql postgresql-contrib \
certbot yarn libidn11-dev libicu-dev libjemalloc-dev \
ruby2.5
RUN gem install bundler --no-ri --no-rdoc
RUN rm -r /etc/nginx/sites-enabled/default /var/lib/nginx /var/log/nginx
RUN mkdir -p /run/nginx && ln -fs /run/nginx /var/lib/nginx && ln -fs /run/nginx/log /var/log/nginx
RUN git init && \
git remote add origin https://github.com/tootsuite/mastodon.git && \
git fetch --depth=1 origin $(git ls-remote --tags | grep refs/tags | grep -v 'rc[0-9]*$' | cut -f2 | sort -V | tail -n 1 | cut -d '/' -f3-) && \
git checkout FETCH_HEAD
RUN bundle install -j$(getconf _NPROCESSORS_ONLN) --deployment --without development test && \
yarn install --pure-lockfile
ENV GEM_PATH=/app/code/vendor/bundle/ruby/2.5.0/gems/ RAILS_ENV=production NODE_ENV=production
# secret keys are not built into assets, so precompiling is safe to do here
# (these variables are required by rake though)
RUN SECRET_KEY_BASE=insecure.secret_key_base OTP_SECRET=insecure.otp_secret \
bundle exec rake assets:precompile
RUN ln -fs /app/data/.env.production /app/code/.env.production
RUN ln -fs /app/data/bullet.log /app/code/log/bullet.log
RUN ln -fs /app/data/system /app/code/public/system
CMD /app/code/start.sh
COPY nginx.conf /etc/nginx/sites-enabled/mastodon
COPY mastodon.env.template /app/code
COPY start.sh /app/code

32
docker-compose.yml Normal file
View file

@ -0,0 +1,32 @@
version: '2.4'
services:
mastodon:
build: .
ports:
- 3000
- 4000
- 80:8000
environment:
- LOCAL_DOMAIN=localhost
- LOCAL_HTTPS=false
- POSTGRESQL_HOST=postgres
- POSTGRESQL_DATABASE=postgres
- POSTGRESQL_USERNAME=postgres
- POSTGRESQL_PASSWORD=postgres
- REDIS_HOST=redis
volumes:
- data:/app/data
tmpfs:
- /run
- /tmp
postgres:
image: postgres
environment:
- POSTGRES_PASSWORD=postgres
redis:
image: redis
volumes:
data:

BIN
logo.png Normal file

Binary file not shown.

After

Width:  |  Height:  |  Size: 14 KiB

41
mastodon.env.template Normal file
View file

@ -0,0 +1,41 @@
#!/bin/bash
cat <<END
SINGLE_USER_MODE=false
LOCAL_DOMAIN="${APP_DOMAIN:-"localhost"}"
DB_HOST="${POSTGRESQL_HOST:-"localhost"}"
DB_PORT="${POSTGRESQL_PORT:-"5432"}"
DB_NAME="${POSTGRESQL_DATABASE:-"mastodon"}"
DB_USER="${POSTGRESQL_USERNAME:-"mastodon"}"
DB_PASS="${POSTGRESQL_PASSWORD:-"mastodon"}"
DATABASE_URL="${POSTGRESQL_URL:-"postgresql://${DB_USER}:${DB_PASS}@${DB_HOST}:${DB_PORT}/${DB_NAME}"}"
REDIS_HOST="${REDIS_HOST:-"localhost"}"
REDIS_PORT="${REDIS_PORT:-"6379"}"
REDIS_PASSWORD=${REDIS_PASSWORD}
SMTP_SERVER="${MAIL_SMTP_SERVER:-"localhost"}"
SMTP_PORT="${MAIL_SMTP_PORT:-"25"}"
SMTP_FROM_ADDRESS="${MAIL_FROM:-"Mastodon <mastodon@localhost>"}"
SMTP_AUTH_METHOD=plain
SMTP_LOGIN=${MAIL_SMTP_USERNAME}
SMTP_PASSWORD=${MAIL_SMTP_PASSWORD}
SMTP_OPENSSL_VERIFY_MODE=none
LDAP_ENABLED=$([ -z "$LDAP_SERVER" ] && echo "false" || echo "true")
LDAP_HOST=${LDAP_SERVER}
LDAP_PORT=${LDAP_PORT}
LDAP_BASE=${LDAP_USERS_BASE_DN}
LDAP_BIND_DN=${LDAP_BIND_DN}
LDAP_PASSWORD=${LDAP_BIND_PASSWORD}
LDAP_UID=mail
# the following is generated by start.sh
END
#SECRET_KEY_BASE=
#OTP_SECRET=
#VAPID_PRIVATE_KEY=
#VAPID_PUBLIC_KEY=

96
nginx.conf Normal file
View file

@ -0,0 +1,96 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
proxy_cache_path /run/nginx/cache levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
error_log /dev/stdout info;
access_log /dev/stdout;
client_body_temp_path /run/nginx/body 1 2;
server {
listen 8000;
listen [::]:8000;
keepalive_timeout 70;
sendfile on;
client_max_body_size 80m;
root /app/code/public;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age=31536000";
location / {
try_files $uri @proxy;
}
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
add_header Cache-Control "public, max-age=31536000, immutable";
add_header Strict-Transport-Security "max-age=31536000";
try_files $uri @proxy;
}
location /sw.js {
add_header Cache-Control "public, max-age=0";
add_header Strict-Transport-Security "max-age=31536000";
try_files $uri @proxy;
}
location @proxy {
# forwarding cloudron's nginx proxy-proto headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $http_x_real_ip;
proxy_set_header X-Forwarded-For $http_x_forwarded_for,$remote_addr;
proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto;
proxy_set_header X-Forwarded-Host $http_x_forwarded_host;
proxy_set_header X-Forwarded-Port $http_x_forwarded_port;
proxy_set_header X-Forwarded-Server $http_x_forwarded_server;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://127.0.0.1:3000;
proxy_buffering on;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache CACHE;
proxy_cache_valid 200 7d;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
add_header X-Cached $upstream_cache_status;
add_header Strict-Transport-Security "max-age=31536000";
tcp_nodelay on;
}
location /api/v1/streaming {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass http://127.0.0.1:4000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;
}

28
start.sh Executable file
View file

@ -0,0 +1,28 @@
#!/bin/bash -eu
echo "=>Configuring mastodon<="
bash /app/code/mastodon.env.template > /app/data/.env.production
if ! [ -f /app/data/.keys.env ]; then
echo "=>First run, generating keys and setting up the DB<="
export RANDFILE=/app/data/.rnd
echo -e "SECRET_KEY_BASE=$(openssl rand -hex 64)\nOTP_SECRET=$(openssl rand -hex 64)" > /app/data/.keys.env
source /app/data/.keys.env
HOME=/app/data bundle exec rake mastodon:webpush:generate_vapid_key >> /app/data/.keys.env
SAFETY_ASSURED=1 HOME=/app/data bundle exec rails db:schema:load db:seed
# the app writes to the following dirs:
mkdir -p /app/data/system && chown cloudron:cloudron /app/data/system
fi
cat /app/data/.keys.env >> /app/data/.env.production
echo "=>Starting mastodon<="
SUDO='sudo -u cloudron -H -E'
PORT=3000 $SUDO bundle exec puma -C config/puma.rb &
PORT=4000 STREAMING_CLUSTER_NUM=1 $SUDO npm run start &
DB_POOL=25 MALLOC_ARENA_MAX=2 $SUDO bundle exec sidekiq -c 25 &
mkdir -p /run/nginx/log /run/nginx/body /run/nginx/cache
nginx -g 'daemon off;'