forked from mirrors/gotosocial
[documentation] Creates Docker documentation and docker-compose.yaml (#416)
* exludes docker-volume from exemple/docker-compose * Adds an docker-compose.yaml example and adds some readme to the docker.md * Changes Docker-Compose Example * Configures docker-compose.yaml and docker.md * Adds some cosmetics to the Documentation * Adds UserID:GroupID * Describes how to create a new user
This commit is contained in:
parent
1d5e763f68
commit
100f1280a6
3 changed files with 225 additions and 1 deletions
3
.gitignore
vendored
3
.gitignore
vendored
|
@ -18,3 +18,6 @@ dist/
|
||||||
|
|
||||||
# exclude the copy of swagger.yaml moved into assets during packaging
|
# exclude the copy of swagger.yaml moved into assets during packaging
|
||||||
web/assets/swagger.yaml
|
web/assets/swagger.yaml
|
||||||
|
|
||||||
|
# exludes docker-volume from exemple/docker-compose
|
||||||
|
example/docker-compose/docker-volume
|
|
@ -1,3 +1,190 @@
|
||||||
# Docker
|
# Docker
|
||||||
|
|
||||||
TODO
|
The Official GoToSocial docker images are provided through [docker hub](https://hub.docker.com/r/superseriousbusiness/gotosocial "docker hub gotosocial").
|
||||||
|
|
||||||
|
GoToSocial can be configured using [Environment Variables](../configuration/index.md#environment-variables) if you wish, allowing your GoToSocial configuration to be embedded inside your docker container configuration.
|
||||||
|
|
||||||
|
## Run with Docker Compose (recommended)
|
||||||
|
This guide will lead you through the installation with [docker compose](https://docs.docker.com/compose/ "Docker Compose Docs"), so you might want to follow the next Steps.
|
||||||
|
|
||||||
|
### Create a Working Dir
|
||||||
|
You need a Working Directory in which the data of the PostgreSQL and the GoToSocial container will be located, so create this directory for example with the following command.
|
||||||
|
The directory can be located where you want it to be later.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
mkdir -p /docker/gotosocial
|
||||||
|
cd /docker/gotosocial
|
||||||
|
```
|
||||||
|
### Get the latest docker-compose.yaml and config.yaml
|
||||||
|
You can get an example [docker-compose.yaml](../../example/docker-compose/docker-compose.yaml "Example docker-compose.yaml") and [config.yaml](../../example/config.yaml "Example config.yaml") here, which you can download with wget for example.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
wget https://raw.githubusercontent.com/superseriousbusiness/gotosocial/main/example/docker-compose/docker-compose.yaml
|
||||||
|
wget https://raw.githubusercontent.com/superseriousbusiness/gotosocial/main/example/config.yaml
|
||||||
|
```
|
||||||
|
|
||||||
|
### Edit the docker-compose.yaml
|
||||||
|
You can modify the docker-compose.yaml to your needs, but in any case you should generate a Postgres password and bind it as environment variable into the postgreSQL container. For this we can write the password directly into the docker-compose.yaml like in the example or we create an [.env file](https://docs.docker.com/compose/environment-variables/#the-env-file "Docker Docs") that will load the environment variables into the container. You may also want to check the current [GoToSocial version](https://github.com/superseriousbusiness/gotosocial/releases) and adjust the image in docker-compose.yaml.
|
||||||
|
|
||||||
|
```shell
|
||||||
|
$EDITOR docker-compose.yaml
|
||||||
|
```
|
||||||
|
### Edit the config.yaml
|
||||||
|
When we want to use the config.yaml, we should make the following changes to config.yaml.
|
||||||
|
| Config Option | Value |
|
||||||
|
| --------------- | ------ |
|
||||||
|
| host | Hostname of your Inctanse e.g. gts.example.com |
|
||||||
|
| account-domain | Domain to use when federating profiles e.g. gts.example.com |
|
||||||
|
| trusted-proxies | We need to trust our host machine and the Docker Network e.g.<br>- "127.0.0.1/32"<br>- "10.0.0.0/8"<br>- "172.16.0.0/12"<br>- "192.168.0.0/16" |
|
||||||
|
| db-address | gotosocial_postgres |
|
||||||
|
| db-user | gotosocial |
|
||||||
|
| db-password | same password as postgres environment $POSTGRES_PASSWORD |
|
||||||
|
|
||||||
|
```shell
|
||||||
|
$EDITOR config.yaml
|
||||||
|
```
|
||||||
|
### Start GoToSocial
|
||||||
|
|
||||||
|
```shell
|
||||||
|
docker-compose up -d
|
||||||
|
```
|
||||||
|
|
||||||
|
After running this command, you should get an output like:
|
||||||
|
```shell
|
||||||
|
❯ docker-compose up -d
|
||||||
|
[+] Running 2/2
|
||||||
|
⠿ Container docker1-gotosocial_postgres-1 Started
|
||||||
|
⠿ Container docker1-gotosocial-1 Started
|
||||||
|
```
|
||||||
|
|
||||||
|
this names can be used to create your first user described below.
|
||||||
|
|
||||||
|
### Create your first User
|
||||||
|
|
||||||
|
Take the names from above command `docker-compose up -d` and replace $CONTAINER_NAME with the name e.g. `docker1-gotosocial-1`
|
||||||
|
|
||||||
|
```shell
|
||||||
|
# Creates a User
|
||||||
|
docker exec -ti $CONTAINER_NAME /gotosocial/gotosocial --config-path /config/config.yaml admin account create --username $USERNAME --email $USEREMAIL --password $SuperSecurePassword
|
||||||
|
# Confirms the User, so that the User can LogIn
|
||||||
|
docker exec -ti $CONTAINER_NAME /gotosocial/gotosocial --config-path /config/config.yaml admin account confirm --username $USERNAME
|
||||||
|
# Makes the User to an Admin
|
||||||
|
docker exec -ti $CONTAINER_NAME/gotosocial/gotosocial --config-path /config/config.yaml admin account promote --username $USERNAME
|
||||||
|
```
|
||||||
|
|
||||||
|
#### Lost the Name of the Container
|
||||||
|
If you forgot what the container name of your GoToSocial container was, you can figure it out with the command `docker ps -f NAME=gotosocial`.
|
||||||
|
If you execute the command, you will get an output similar to the following:
|
||||||
|
|
||||||
|
```shell
|
||||||
|
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||||||
|
e190f1e6335f superseriousbusiness/gotosocial:$VERSION "/gotosocial/gotosoc…" 12 minutes ago Up 12 minutes 127.0.0.1:8080->8080/tcp docker-compose-gotosocial-1
|
||||||
|
5a2c56181ada postgres:14-alpine "docker-entrypoint.s…" 22 minutes ago Up 19 minutes 5432/tcp docker-compose-gotosocial_postgres-1
|
||||||
|
```
|
||||||
|
Now you take the container name from the container with image superseriousbusiness/gotosocial:$VERSION and build ourselves the following commands.
|
||||||
|
|
||||||
|
## Run with Docker Run
|
||||||
|
|
||||||
|
You can run GoToSocial direct with `docker run` command.
|
||||||
|
|
||||||
|
<details>
|
||||||
|
<summary>docker run with --env flag</summary>
|
||||||
|
|
||||||
|
```shell
|
||||||
|
docker run -e GTS_PORT='8080' -e GTS_PROTOCOL='https' -e GTS_TRUSTED_PROXIES='0.0.0.0/0' -e GTS_HOST='gotosocial.example.com' -e GTS_ACCOUNT_DOMAIN='gotosocial.example.com' -e GTS_DB_TYPE='sqlite' -e GTS_DB_ADDRESS='/gotosocial/database/sqlite.db' -e GTS_STORAGE_SERVE_PROTOCOL='https' -e GTS_STORAGE_SERVE_HOST='gotosocial.example.com' -e GTS_STORAGE_SERVE_BASE_PATH='/gotosocial/storage' -e GTS_LETSENCRYPT_ENABLED='false' -v $(pwd)/storage/:/gotosocial/storage/ -v $(pwd)/database/:/gotosocial/database/ -p 127.0.0.1:8080:8080 superseriousbusiness/gotosocial:0.2.0
|
||||||
|
```
|
||||||
|
|
||||||
|
</details>
|
||||||
|
|
||||||
|
<details>
|
||||||
|
<summary>docker run with .env-file</summary>
|
||||||
|
|
||||||
|
```
|
||||||
|
docker run --env-file ./.env -v $(pwd)/storage/:/gotosocial/storage/ -v $(pwd)/database/:/gotosocial/database/ -p 127.0.0.1:8080:8080 superseriousbusiness/gotosocial:0.2.0
|
||||||
|
```
|
||||||
|
|
||||||
|
</details>
|
||||||
|
|
||||||
|
<details>
|
||||||
|
<summary>Example .env File</summary>
|
||||||
|
|
||||||
|
```shell
|
||||||
|
$EDITOR .env
|
||||||
|
```
|
||||||
|
|
||||||
|
```
|
||||||
|
GTS_PORT=8080
|
||||||
|
GTS_PROTOCOL=https
|
||||||
|
GTS_TRUSTED_PROXIES=127.0.0.1 # should be the host machine and the Docker Network e.g. "127.0.0.1/32", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"
|
||||||
|
GTS_HOST=gotosocial.example.com
|
||||||
|
GTS_ACCOUNT_DOMAIN=gotosocial.example.com
|
||||||
|
GTS_DB_TYPE=sqlite
|
||||||
|
GTS_DB_ADDRESS=/gotosocial/database/sqlite.db
|
||||||
|
GTS_STORAGE_SERVE_BASE_PATH=/gotosocial/storage
|
||||||
|
GTS_LETSENCRYPT_ENABLED=false
|
||||||
|
```
|
||||||
|
</details>
|
||||||
|
|
||||||
|
## (optional) NGINX Config
|
||||||
|
The following NGINX config is just an example of what this might look like. In this case we assume that a valid SSL certificate is present. For this you can get a valid certificate from [Let's Encrypt](https://letsencrypt.org "Let's Encrypt Homepage") with the [cerbot](https://certbot.eff.org "Certbot's Homepage").
|
||||||
|
|
||||||
|
```shell
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name gts.example.com;
|
||||||
|
|
||||||
|
location /.well-known/acme-challenge/ {
|
||||||
|
default_type "text/plain";
|
||||||
|
root /var/www/certbot;
|
||||||
|
}
|
||||||
|
location / { return 301 https://$host$request_uri; }
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
server_name gts.example.com;
|
||||||
|
|
||||||
|
#############################################################################
|
||||||
|
# Certificates #
|
||||||
|
# you need a certificate to run in production. see https://letsencrypt.org/ #
|
||||||
|
#############################################################################
|
||||||
|
ssl_certificate /etc/letsencrypt/live/gts.example.com/fullchain.pem;
|
||||||
|
ssl_certificate_key /etc/letsencrypt/live/gts.example.com/privkey.pem;
|
||||||
|
|
||||||
|
location ^~ '/.well-known/acme-challenge' {
|
||||||
|
default_type "text/plain";
|
||||||
|
root /var/www/certbot;
|
||||||
|
}
|
||||||
|
|
||||||
|
###########################################
|
||||||
|
# Security hardening (as of Nov 15, 2020) #
|
||||||
|
# based on Mozilla Guideline v5.6 #
|
||||||
|
###########################################
|
||||||
|
|
||||||
|
ssl_protocols TLSv1.2 TLSv1.3;
|
||||||
|
ssl_prefer_server_ciphers on;
|
||||||
|
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305";
|
||||||
|
ssl_session_timeout 1d; # defaults to 5m
|
||||||
|
ssl_session_cache shared:SSL:10m; # estimated to 40k sessions
|
||||||
|
ssl_session_tickets off;
|
||||||
|
ssl_stapling on;
|
||||||
|
ssl_stapling_verify on;
|
||||||
|
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||||||
|
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
|
||||||
|
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://127.0.0.1:8080;
|
||||||
|
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header Connection $http_connection;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Scheme $scheme;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
```
|
34
example/docker-compose/docker-compose.yaml
Normal file
34
example/docker-compose/docker-compose.yaml
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
version: "3.3"
|
||||||
|
|
||||||
|
services:
|
||||||
|
gotosocial:
|
||||||
|
image: superseriousbusiness/gotosocial:0.2.0
|
||||||
|
user: "1000:1000"
|
||||||
|
networks:
|
||||||
|
- gotosocial
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:8080:8080"
|
||||||
|
volumes:
|
||||||
|
- ./docker-volumes/data:/gotosocial/storage
|
||||||
|
- ./config.yaml:/config/config.yaml
|
||||||
|
command: ["--config-path", "/config/config.yaml"]
|
||||||
|
depends_on:
|
||||||
|
- gotosocial_postgres
|
||||||
|
restart: "always"
|
||||||
|
|
||||||
|
gotosocial_postgres:
|
||||||
|
image: postgres:14-alpine
|
||||||
|
environment:
|
||||||
|
POSTGRES_DB: gotosocial
|
||||||
|
POSTGRES_USER: gotosocial
|
||||||
|
POSTGRES_PASSWORD: # Create a Password for example with "openssl rand -hex 16"
|
||||||
|
volumes:
|
||||||
|
- ./docker-volumes/db:/var/lib/postgresql/data
|
||||||
|
restart: "always"
|
||||||
|
networks:
|
||||||
|
- gotosocial
|
||||||
|
|
||||||
|
networks:
|
||||||
|
gotosocial:
|
||||||
|
ipam:
|
||||||
|
driver: default
|
Loading…
Reference in a new issue