From 100f1280a6863fc090e323c11abc40dfdea34078 Mon Sep 17 00:00:00 2001 From: 0hlov3 <0hlov3@protonmail.com> Date: Tue, 1 Mar 2022 14:17:36 +0100 Subject: [PATCH] [documentation] Creates Docker documentation and docker-compose.yaml (#416) * exludes docker-volume from exemple/docker-compose * Adds an docker-compose.yaml example and adds some readme to the docker.md * Changes Docker-Compose Example * Configures docker-compose.yaml and docker.md * Adds some cosmetics to the Documentation * Adds UserID:GroupID * Describes how to create a new user --- .gitignore | 3 + docs/installation_guide/docker.md | 189 ++++++++++++++++++++- example/docker-compose/docker-compose.yaml | 34 ++++ 3 files changed, 225 insertions(+), 1 deletion(-) create mode 100644 example/docker-compose/docker-compose.yaml diff --git a/.gitignore b/.gitignore index 536dc0c0..0ccc883b 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,6 @@ dist/ # exclude the copy of swagger.yaml moved into assets during packaging web/assets/swagger.yaml + +# exludes docker-volume from exemple/docker-compose +example/docker-compose/docker-volume \ No newline at end of file diff --git a/docs/installation_guide/docker.md b/docs/installation_guide/docker.md index f03a4684..ff107e9a 100644 --- a/docs/installation_guide/docker.md +++ b/docs/installation_guide/docker.md @@ -1,3 +1,190 @@ # Docker -TODO +The Official GoToSocial docker images are provided through [docker hub](https://hub.docker.com/r/superseriousbusiness/gotosocial "docker hub gotosocial"). + +GoToSocial can be configured using [Environment Variables](../configuration/index.md#environment-variables) if you wish, allowing your GoToSocial configuration to be embedded inside your docker container configuration. + +## Run with Docker Compose (recommended) +This guide will lead you through the installation with [docker compose](https://docs.docker.com/compose/ "Docker Compose Docs"), so you might want to follow the next Steps. + +### Create a Working Dir +You need a Working Directory in which the data of the PostgreSQL and the GoToSocial container will be located, so create this directory for example with the following command. +The directory can be located where you want it to be later. + +```shell +mkdir -p /docker/gotosocial +cd /docker/gotosocial +``` +### Get the latest docker-compose.yaml and config.yaml +You can get an example [docker-compose.yaml](../../example/docker-compose/docker-compose.yaml "Example docker-compose.yaml") and [config.yaml](../../example/config.yaml "Example config.yaml") here, which you can download with wget for example. + +```shell +wget https://raw.githubusercontent.com/superseriousbusiness/gotosocial/main/example/docker-compose/docker-compose.yaml +wget https://raw.githubusercontent.com/superseriousbusiness/gotosocial/main/example/config.yaml +``` + +### Edit the docker-compose.yaml +You can modify the docker-compose.yaml to your needs, but in any case you should generate a Postgres password and bind it as environment variable into the postgreSQL container. For this we can write the password directly into the docker-compose.yaml like in the example or we create an [.env file](https://docs.docker.com/compose/environment-variables/#the-env-file "Docker Docs") that will load the environment variables into the container. You may also want to check the current [GoToSocial version](https://github.com/superseriousbusiness/gotosocial/releases) and adjust the image in docker-compose.yaml. + +```shell +$EDITOR docker-compose.yaml +``` +### Edit the config.yaml +When we want to use the config.yaml, we should make the following changes to config.yaml. +| Config Option | Value | +| --------------- | ------ | +| host | Hostname of your Inctanse e.g. gts.example.com | +| account-domain | Domain to use when federating profiles e.g. gts.example.com | +| trusted-proxies | We need to trust our host machine and the Docker Network e.g.
- "127.0.0.1/32"
- "10.0.0.0/8"
- "172.16.0.0/12"
- "192.168.0.0/16" | +| db-address | gotosocial_postgres | +| db-user | gotosocial | +| db-password | same password as postgres environment $POSTGRES_PASSWORD | + +```shell +$EDITOR config.yaml +``` +### Start GoToSocial + +```shell +docker-compose up -d +``` + +After running this command, you should get an output like: +```shell +❯ docker-compose up -d +[+] Running 2/2 + ⠿ Container docker1-gotosocial_postgres-1 Started + ⠿ Container docker1-gotosocial-1 Started +``` + +this names can be used to create your first user described below. + +### Create your first User + +Take the names from above command `docker-compose up -d` and replace $CONTAINER_NAME with the name e.g. `docker1-gotosocial-1` + +```shell +# Creates a User +docker exec -ti $CONTAINER_NAME /gotosocial/gotosocial --config-path /config/config.yaml admin account create --username $USERNAME --email $USEREMAIL --password $SuperSecurePassword +# Confirms the User, so that the User can LogIn +docker exec -ti $CONTAINER_NAME /gotosocial/gotosocial --config-path /config/config.yaml admin account confirm --username $USERNAME +# Makes the User to an Admin +docker exec -ti $CONTAINER_NAME/gotosocial/gotosocial --config-path /config/config.yaml admin account promote --username $USERNAME +``` + +#### Lost the Name of the Container +If you forgot what the container name of your GoToSocial container was, you can figure it out with the command `docker ps -f NAME=gotosocial`. +If you execute the command, you will get an output similar to the following: + +```shell +CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES +e190f1e6335f superseriousbusiness/gotosocial:$VERSION "/gotosocial/gotosoc…" 12 minutes ago Up 12 minutes 127.0.0.1:8080->8080/tcp docker-compose-gotosocial-1 +5a2c56181ada postgres:14-alpine "docker-entrypoint.s…" 22 minutes ago Up 19 minutes 5432/tcp docker-compose-gotosocial_postgres-1 +``` +Now you take the container name from the container with image superseriousbusiness/gotosocial:$VERSION and build ourselves the following commands. + +## Run with Docker Run + +You can run GoToSocial direct with `docker run` command. + +
+ docker run with --env flag + +```shell +docker run -e GTS_PORT='8080' -e GTS_PROTOCOL='https' -e GTS_TRUSTED_PROXIES='0.0.0.0/0' -e GTS_HOST='gotosocial.example.com' -e GTS_ACCOUNT_DOMAIN='gotosocial.example.com' -e GTS_DB_TYPE='sqlite' -e GTS_DB_ADDRESS='/gotosocial/database/sqlite.db' -e GTS_STORAGE_SERVE_PROTOCOL='https' -e GTS_STORAGE_SERVE_HOST='gotosocial.example.com' -e GTS_STORAGE_SERVE_BASE_PATH='/gotosocial/storage' -e GTS_LETSENCRYPT_ENABLED='false' -v $(pwd)/storage/:/gotosocial/storage/ -v $(pwd)/database/:/gotosocial/database/ -p 127.0.0.1:8080:8080 superseriousbusiness/gotosocial:0.2.0 +``` + +
+ +
+ docker run with .env-file + +``` +docker run --env-file ./.env -v $(pwd)/storage/:/gotosocial/storage/ -v $(pwd)/database/:/gotosocial/database/ -p 127.0.0.1:8080:8080 superseriousbusiness/gotosocial:0.2.0 +``` + +
+ +
+ Example .env File + +```shell +$EDITOR .env +``` + +``` +GTS_PORT=8080 +GTS_PROTOCOL=https +GTS_TRUSTED_PROXIES=127.0.0.1 # should be the host machine and the Docker Network e.g. "127.0.0.1/32", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16" +GTS_HOST=gotosocial.example.com +GTS_ACCOUNT_DOMAIN=gotosocial.example.com +GTS_DB_TYPE=sqlite +GTS_DB_ADDRESS=/gotosocial/database/sqlite.db +GTS_STORAGE_SERVE_BASE_PATH=/gotosocial/storage +GTS_LETSENCRYPT_ENABLED=false +``` +
+ +## (optional) NGINX Config +The following NGINX config is just an example of what this might look like. In this case we assume that a valid SSL certificate is present. For this you can get a valid certificate from [Let's Encrypt](https://letsencrypt.org "Let's Encrypt Homepage") with the [cerbot](https://certbot.eff.org "Certbot's Homepage"). + +```shell +server { + listen 80; + listen [::]:80; + server_name gts.example.com; + + location /.well-known/acme-challenge/ { + default_type "text/plain"; + root /var/www/certbot; + } + location / { return 301 https://$host$request_uri; } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + server_name gts.example.com; + + ############################################################################# + # Certificates # + # you need a certificate to run in production. see https://letsencrypt.org/ # + ############################################################################# + ssl_certificate /etc/letsencrypt/live/gts.example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/gts.example.com/privkey.pem; + + location ^~ '/.well-known/acme-challenge' { + default_type "text/plain"; + root /var/www/certbot; + } + + ########################################### + # Security hardening (as of Nov 15, 2020) # + # based on Mozilla Guideline v5.6 # + ########################################### + + ssl_protocols TLSv1.2 TLSv1.3; + ssl_prefer_server_ciphers on; + ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305"; + ssl_session_timeout 1d; # defaults to 5m + ssl_session_cache shared:SSL:10m; # estimated to 40k sessions + ssl_session_tickets off; + ssl_stapling on; + ssl_stapling_verify on; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + # HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; + + + location / { + proxy_pass http://127.0.0.1:8080; + + proxy_set_header Host $host; + proxy_set_header Connection $http_connection; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Scheme $scheme; + } + +} +``` \ No newline at end of file diff --git a/example/docker-compose/docker-compose.yaml b/example/docker-compose/docker-compose.yaml new file mode 100644 index 00000000..1a9bdf92 --- /dev/null +++ b/example/docker-compose/docker-compose.yaml @@ -0,0 +1,34 @@ +version: "3.3" + +services: + gotosocial: + image: superseriousbusiness/gotosocial:0.2.0 + user: "1000:1000" + networks: + - gotosocial + ports: + - "127.0.0.1:8080:8080" + volumes: + - ./docker-volumes/data:/gotosocial/storage + - ./config.yaml:/config/config.yaml + command: ["--config-path", "/config/config.yaml"] + depends_on: + - gotosocial_postgres + restart: "always" + + gotosocial_postgres: + image: postgres:14-alpine + environment: + POSTGRES_DB: gotosocial + POSTGRES_USER: gotosocial + POSTGRES_PASSWORD: # Create a Password for example with "openssl rand -hex 16" + volumes: + - ./docker-volumes/db:/var/lib/postgresql/data + restart: "always" + networks: + - gotosocial + +networks: + gotosocial: + ipam: + driver: default \ No newline at end of file