|
|
|
version: '3'
|
|
|
|
services:
|
|
|
|
mastodon-db:
|
|
|
|
image: postgres:13.4-alpine
|
|
|
|
restart: always
|
|
|
|
container_name: mastodon-db
|
|
|
|
#shm_size: 256mb
|
|
|
|
# networks:
|
|
|
|
# - internal_network
|
|
|
|
healthcheck:
|
|
|
|
test: ['CMD', 'pg_isready', '-U', "mastodon", "-d", "mastodon_production"]
|
|
|
|
volumes:
|
|
|
|
- ./data/mastodon/database:/var/lib/postgresql/data
|
|
|
|
- ../prod.dump:/prod.dump:ro
|
|
|
|
environment:
|
|
|
|
- POSTGRES_USER=mastodon
|
|
|
|
- POSTGRES_PASSWORD=mastodon
|
|
|
|
- POSTGRES_DB=mastodon_production
|
|
|
|
env_file:
|
|
|
|
- ./env.production
|
|
|
|
- ./mastodon/env.production
|
|
|
|
|
|
|
|
mastodon-redis:
|
|
|
|
image: redis:6-alpine
|
|
|
|
restart: always
|
|
|
|
container_name: mastodon-redis
|
|
|
|
# networks:
|
|
|
|
# - internal_network
|
|
|
|
healthcheck:
|
|
|
|
test: ['CMD', 'redis-cli', 'ping']
|
|
|
|
env_file:
|
|
|
|
- ./env.production
|
|
|
|
- ./mastodon/env.production
|
|
|
|
volumes:
|
|
|
|
- ./data/mastodon/redis:/data
|
|
|
|
|
|
|
|
mastodon-es:
|
|
|
|
image: docker.elastic.co/elasticsearch/elasticsearch:7.17.5
|
|
|
|
restart: always
|
|
|
|
container_name: mastodon-es
|
|
|
|
environment:
|
|
|
|
- "ES_JAVA_OPTS=-Xms512m -Xmx512m -Des.enforce.bootstrap.checks=true"
|
|
|
|
- "xpack.license.self_generated.type=basic"
|
|
|
|
- "xpack.security.enabled=false"
|
|
|
|
- "xpack.watcher.enabled=false"
|
|
|
|
- "xpack.graph.enabled=false"
|
|
|
|
- "xpack.ml.enabled=false"
|
|
|
|
- "bootstrap.memory_lock=true"
|
|
|
|
- "cluster.name=es-mastodon"
|
|
|
|
- "discovery.type=single-node"
|
|
|
|
- "thread_pool.write.queue_size=1000"
|
|
|
|
env_file:
|
|
|
|
- ./env.production
|
|
|
|
- ./mastodon/env.production
|
|
|
|
# networks:
|
|
|
|
# - internal_network
|
|
|
|
healthcheck:
|
|
|
|
test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
|
|
|
|
volumes:
|
|
|
|
- ./data/mastodon/elasticsearch:/usr/share/elasticsearch/data
|
|
|
|
# fixup the permissions on the data directory since they are created as root on host
|
|
|
|
entrypoint: ["/bin/sh", "-c", "sysctl -w vm.max_map_count=262144 && chown elasticsearch:elasticsearch data && exec /usr/local/bin/docker-entrypoint.sh eswrapper"]
|
|
|
|
ulimits:
|
|
|
|
memlock:
|
|
|
|
soft: -1
|
|
|
|
hard: -1
|
|
|
|
|
|
|
|
mastodon:
|
|
|
|
image: tootsuite/mastodon:v3.5.9
|
|
|
|
container_name: mastodon
|
|
|
|
restart: always
|
|
|
|
#command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 6001"
|
|
|
|
user: "0:0"
|
|
|
|
command: ["/entrypoint.sh"]
|
|
|
|
# networks:
|
|
|
|
# - external_network
|
|
|
|
# - internal_network
|
|
|
|
healthcheck:
|
|
|
|
# prettier-ignore
|
|
|
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:6001/health || exit 1']
|
|
|
|
# ports:
|
|
|
|
#- '6001:6001'
|
|
|
|
depends_on:
|
|
|
|
- mastodon-db
|
|
|
|
- mastodon-redis
|
|
|
|
- mastodon-es
|
|
|
|
volumes:
|
|
|
|
- ./data/mastodon/system:/mastodon/public/system
|
|
|
|
- ./mastodon/entrypoint.sh:/entrypoint.sh:ro
|
|
|
|
env_file:
|
|
|
|
- ./env.production
|
|
|
|
- ./mastodon/env.production
|
|
|
|
environment:
|
|
|
|
- WEB_DOMAIN=$MASTODON_HOSTNAME.$DOMAIN_NAME
|
|
|
|
- LOCAL_DOMAIN=$DOMAIN_NAME
|
|
|
|
- OIDC_DISPLAY_NAME=$REALM
|
|
|
|
- OIDC_ISSUER=https://$KEYCLOAK_HOSTNAME.$DOMAIN_NAME/realms/$REALM
|
|
|
|
- OIDC_REDIRECT_URI=https://$MASTODON_HOSTNAME.$DOMAIN_NAME/auth/auth/openid_connect/callback
|
|
|
|
- OIDC_CLIENT_SECRET=${MASTODON_CLIENT_SECRET}
|
|
|
|
- SECRET_KEY_BASE=${MASTODON_ADMIN_PASSWORD}
|
|
|
|
- OTP_SECRET=${MASTODON_SESSION_SECRET}
|
|
|
|
- SMTP_SERVER=$SMTP_SERVER
|
|
|
|
- SMTP_PORT=$SMTP_PORT
|
|
|
|
- SMTP_LOGIN=$SMTP_USER
|
|
|
|
- SMTP_PASSWORD=$SMTP_PASSWORD
|
|
|
|
- SMTP_FROM_ADDRESS=mastodon@$DOMAIN_NAME
|
|
|
|
|
|
|
|
mastodon-streaming:
|
|
|
|
image: tootsuite/mastodon
|
|
|
|
restart: always
|
|
|
|
container_name: mastodon-streaming
|
|
|
|
environment:
|
|
|
|
- WEB_DOMAIN=$MASTODON_HOSTNAME.$DOMAIN_NAME
|
|
|
|
- LOCAL_DOMAIN=$DOMAIN_NAME
|
|
|
|
- OIDC_DISPLAY_NAME=$REALM
|
|
|
|
- OIDC_ISSUER=https://$KEYCLOAK_HOSTNAME.$DOMAIN_NAME/realms/$REALM
|
|
|
|
- OIDC_REDIRECT_URI=https://$MASTODON_HOSTNAME.$DOMAIN_NAME/auth/auth/openid_connect/callback
|
|
|
|
- OIDC_CLIENT_SECRET=${MASTODON_CLIENT_SECRET}
|
|
|
|
- SECRET_KEY_BASE=${MASTODON_ADMIN_PASSWORD}
|
|
|
|
- OTP_SECRET=${MASTODON_SESSION_SECRET}
|
|
|
|
- SMTP_SERVER=$SMTP_SERVER
|
|
|
|
- SMTP_PORT=$SMTP_PORT
|
|
|
|
- SMTP_LOGIN=$SMTP_USER
|
|
|
|
- SMTP_PASSWORD=$SMTP_PASSWORD
|
|
|
|
- SMTP_FROM_ADDRESS=mastodon@$DOMAIN_NAME
|
|
|
|
env_file:
|
|
|
|
- ./env.production
|
|
|
|
- ./mastodon/env.production
|
|
|
|
command: node ./streaming
|
|
|
|
# networks:
|
|
|
|
# - external_network
|
|
|
|
# - internal_network
|
|
|
|
volumes:
|
|
|
|
- ./data/mastodon/system:/mastodon/public/system
|
|
|
|
healthcheck:
|
|
|
|
# prettier-ignore
|
|
|
|
test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
|
|
|
|
depends_on:
|
|
|
|
- mastodon-db
|
|
|
|
- mastodon-redis
|
|
|
|
|
|
|
|
mastodon-sidekiq:
|
|
|
|
image: tootsuite/mastodon:v3.5.9
|
|
|
|
restart: always
|
|
|
|
container_name: mastodon-sidekiq
|
|
|
|
env_file:
|
|
|
|
- ./env.production
|
|
|
|
- ./mastodon/env.production
|
|
|
|
environment:
|
|
|
|
- WEB_DOMAIN=$MASTODON_HOSTNAME.$DOMAIN_NAME
|
|
|
|
- LOCAL_DOMAIN=$DOMAIN_NAME
|
|
|
|
- OIDC_DISPLAY_NAME=$REALM
|
|
|
|
- OIDC_ISSUER=https://$KEYCLOAK_HOSTNAME.$DOMAIN_NAME/realms/$REALM
|
|
|
|
- OIDC_REDIRECT_URI=https://$MASTODON_HOSTNAME.$DOMAIN_NAME/auth/auth/openid_connect/callback
|
|
|
|
- OIDC_CLIENT_SECRET=${MASTODON_CLIENT_SECRET}
|
|
|
|
- SECRET_KEY_BASE=${MASTODON_ADMIN_PASSWORD}
|
|
|
|
- OTP_SECRET=${MASTODON_SESSION_SECRET}
|
|
|
|
- SMTP_SERVER=$SMTP_SERVER
|
|
|
|
- SMTP_PORT=$SMTP_PORT
|
|
|
|
- SMTP_LOGIN=$SMTP_USER
|
|
|
|
- SMTP_PASSWORD=$SMTP_PASSWORD
|
|
|
|
- SMTP_FROM_ADDRESS=mastodon@$DOMAIN_NAME
|
|
|
|
- VAPID_KEY_FILE=/mastodon/public/system/vapid_key
|
|
|
|
entrypoint: ['/bin/bash', '-c', 'if [ -r "$$VAPID_KEY_FILE" ]; then . "$$VAPID_KEY_FILE" ; export VAPID_PUBLIC_KEY VAPID_PRIVATE_KEY ; echo "VAPID_PUBLIC_KEY=$$VAPID_PUBLIC_KEY"; fi ; exec bundle exec sidekiq' ]
|
|
|
|
depends_on:
|
|
|
|
- mastodon-db
|
|
|
|
- mastodon-redis
|
|
|
|
# networks:
|
|
|
|
# - external_network
|
|
|
|
# - internal_network
|
|
|
|
volumes:
|
|
|
|
- ./data/mastodon/system:/mastodon/public/system
|
|
|
|
healthcheck:
|
|
|
|
test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
|
|
|
|
|
|
|
|
## Uncomment to enable federation with tor instances along with adding the following ENV variables
|
|
|
|
## http_proxy=http://privoxy:8118
|
|
|
|
## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
|
|
|
|
# tor:
|
|
|
|
# image: sirboops/tor
|
|
|
|
# networks:
|
|
|
|
# - external_network
|
|
|
|
# - internal_network
|
|
|
|
#
|
|
|
|
# privoxy:
|
|
|
|
# image: sirboops/privoxy
|
|
|
|
# volumes:
|
|
|
|
# - ./priv-config:/opt/config
|
|
|
|
# networks:
|
|
|
|
# - external_network
|
|
|
|
# - internal_network
|
|
|
|
|
|
|
|
# add the subdomain nginx configuration into the nginx volume
|
|
|
|
# as well as the cache directory so that nginx can send files directly from it
|
|
|
|
nginx:
|
|
|
|
volumes:
|
|
|
|
- ./mastodon/nginx.conf:/etc/nginx/templates/mastodon.conf.template:ro
|
|
|
|
- ./data/mastodon/system/cache:/mastodon/system/cache:ro
|
|
|
|
- ./data/mastodon/system/media_attachments:/mastodon/system/media_attachments:ro
|
|
|
|
- ./data/mastodon/system/accounts:/mastodon/system/accounts:ro
|
|
|
|
|
|
|
|
# add the subdomain client secrets to the keycloak-setup volume
|
|
|
|
keycloak:
|
|
|
|
volumes:
|
|
|
|
- ./mastodon/keycloak.sh:/keycloak-setup/mastodon.sh:ro
|
|
|
|
|
|
|
|
#networks:
|
|
|
|
# external_network:
|
|
|
|
# internal_network:
|
|
|
|
# internal: true
|