mirror of
https://github.com/superseriousbusiness/gotosocial
synced 2024-12-16 10:38:47 +01:00
100f1280a6
* exludes docker-volume from exemple/docker-compose * Adds an docker-compose.yaml example and adds some readme to the docker.md * Changes Docker-Compose Example * Configures docker-compose.yaml and docker.md * Adds some cosmetics to the Documentation * Adds UserID:GroupID * Describes how to create a new user
190 lines
8.6 KiB
Markdown
190 lines
8.6 KiB
Markdown
# Docker
|
||
|
||
The Official GoToSocial docker images are provided through [docker hub](https://hub.docker.com/r/superseriousbusiness/gotosocial "docker hub gotosocial").
|
||
|
||
GoToSocial can be configured using [Environment Variables](../configuration/index.md#environment-variables) if you wish, allowing your GoToSocial configuration to be embedded inside your docker container configuration.
|
||
|
||
## Run with Docker Compose (recommended)
|
||
This guide will lead you through the installation with [docker compose](https://docs.docker.com/compose/ "Docker Compose Docs"), so you might want to follow the next Steps.
|
||
|
||
### Create a Working Dir
|
||
You need a Working Directory in which the data of the PostgreSQL and the GoToSocial container will be located, so create this directory for example with the following command.
|
||
The directory can be located where you want it to be later.
|
||
|
||
```shell
|
||
mkdir -p /docker/gotosocial
|
||
cd /docker/gotosocial
|
||
```
|
||
### Get the latest docker-compose.yaml and config.yaml
|
||
You can get an example [docker-compose.yaml](../../example/docker-compose/docker-compose.yaml "Example docker-compose.yaml") and [config.yaml](../../example/config.yaml "Example config.yaml") here, which you can download with wget for example.
|
||
|
||
```shell
|
||
wget https://raw.githubusercontent.com/superseriousbusiness/gotosocial/main/example/docker-compose/docker-compose.yaml
|
||
wget https://raw.githubusercontent.com/superseriousbusiness/gotosocial/main/example/config.yaml
|
||
```
|
||
|
||
### Edit the docker-compose.yaml
|
||
You can modify the docker-compose.yaml to your needs, but in any case you should generate a Postgres password and bind it as environment variable into the postgreSQL container. For this we can write the password directly into the docker-compose.yaml like in the example or we create an [.env file](https://docs.docker.com/compose/environment-variables/#the-env-file "Docker Docs") that will load the environment variables into the container. You may also want to check the current [GoToSocial version](https://github.com/superseriousbusiness/gotosocial/releases) and adjust the image in docker-compose.yaml.
|
||
|
||
```shell
|
||
$EDITOR docker-compose.yaml
|
||
```
|
||
### Edit the config.yaml
|
||
When we want to use the config.yaml, we should make the following changes to config.yaml.
|
||
| Config Option | Value |
|
||
| --------------- | ------ |
|
||
| host | Hostname of your Inctanse e.g. gts.example.com |
|
||
| account-domain | Domain to use when federating profiles e.g. gts.example.com |
|
||
| trusted-proxies | We need to trust our host machine and the Docker Network e.g.<br>- "127.0.0.1/32"<br>- "10.0.0.0/8"<br>- "172.16.0.0/12"<br>- "192.168.0.0/16" |
|
||
| db-address | gotosocial_postgres |
|
||
| db-user | gotosocial |
|
||
| db-password | same password as postgres environment $POSTGRES_PASSWORD |
|
||
|
||
```shell
|
||
$EDITOR config.yaml
|
||
```
|
||
### Start GoToSocial
|
||
|
||
```shell
|
||
docker-compose up -d
|
||
```
|
||
|
||
After running this command, you should get an output like:
|
||
```shell
|
||
❯ docker-compose up -d
|
||
[+] Running 2/2
|
||
⠿ Container docker1-gotosocial_postgres-1 Started
|
||
⠿ Container docker1-gotosocial-1 Started
|
||
```
|
||
|
||
this names can be used to create your first user described below.
|
||
|
||
### Create your first User
|
||
|
||
Take the names from above command `docker-compose up -d` and replace $CONTAINER_NAME with the name e.g. `docker1-gotosocial-1`
|
||
|
||
```shell
|
||
# Creates a User
|
||
docker exec -ti $CONTAINER_NAME /gotosocial/gotosocial --config-path /config/config.yaml admin account create --username $USERNAME --email $USEREMAIL --password $SuperSecurePassword
|
||
# Confirms the User, so that the User can LogIn
|
||
docker exec -ti $CONTAINER_NAME /gotosocial/gotosocial --config-path /config/config.yaml admin account confirm --username $USERNAME
|
||
# Makes the User to an Admin
|
||
docker exec -ti $CONTAINER_NAME/gotosocial/gotosocial --config-path /config/config.yaml admin account promote --username $USERNAME
|
||
```
|
||
|
||
#### Lost the Name of the Container
|
||
If you forgot what the container name of your GoToSocial container was, you can figure it out with the command `docker ps -f NAME=gotosocial`.
|
||
If you execute the command, you will get an output similar to the following:
|
||
|
||
```shell
|
||
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
|
||
e190f1e6335f superseriousbusiness/gotosocial:$VERSION "/gotosocial/gotosoc…" 12 minutes ago Up 12 minutes 127.0.0.1:8080->8080/tcp docker-compose-gotosocial-1
|
||
5a2c56181ada postgres:14-alpine "docker-entrypoint.s…" 22 minutes ago Up 19 minutes 5432/tcp docker-compose-gotosocial_postgres-1
|
||
```
|
||
Now you take the container name from the container with image superseriousbusiness/gotosocial:$VERSION and build ourselves the following commands.
|
||
|
||
## Run with Docker Run
|
||
|
||
You can run GoToSocial direct with `docker run` command.
|
||
|
||
<details>
|
||
<summary>docker run with --env flag</summary>
|
||
|
||
```shell
|
||
docker run -e GTS_PORT='8080' -e GTS_PROTOCOL='https' -e GTS_TRUSTED_PROXIES='0.0.0.0/0' -e GTS_HOST='gotosocial.example.com' -e GTS_ACCOUNT_DOMAIN='gotosocial.example.com' -e GTS_DB_TYPE='sqlite' -e GTS_DB_ADDRESS='/gotosocial/database/sqlite.db' -e GTS_STORAGE_SERVE_PROTOCOL='https' -e GTS_STORAGE_SERVE_HOST='gotosocial.example.com' -e GTS_STORAGE_SERVE_BASE_PATH='/gotosocial/storage' -e GTS_LETSENCRYPT_ENABLED='false' -v $(pwd)/storage/:/gotosocial/storage/ -v $(pwd)/database/:/gotosocial/database/ -p 127.0.0.1:8080:8080 superseriousbusiness/gotosocial:0.2.0
|
||
```
|
||
|
||
</details>
|
||
|
||
<details>
|
||
<summary>docker run with .env-file</summary>
|
||
|
||
```
|
||
docker run --env-file ./.env -v $(pwd)/storage/:/gotosocial/storage/ -v $(pwd)/database/:/gotosocial/database/ -p 127.0.0.1:8080:8080 superseriousbusiness/gotosocial:0.2.0
|
||
```
|
||
|
||
</details>
|
||
|
||
<details>
|
||
<summary>Example .env File</summary>
|
||
|
||
```shell
|
||
$EDITOR .env
|
||
```
|
||
|
||
```
|
||
GTS_PORT=8080
|
||
GTS_PROTOCOL=https
|
||
GTS_TRUSTED_PROXIES=127.0.0.1 # should be the host machine and the Docker Network e.g. "127.0.0.1/32", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"
|
||
GTS_HOST=gotosocial.example.com
|
||
GTS_ACCOUNT_DOMAIN=gotosocial.example.com
|
||
GTS_DB_TYPE=sqlite
|
||
GTS_DB_ADDRESS=/gotosocial/database/sqlite.db
|
||
GTS_STORAGE_SERVE_BASE_PATH=/gotosocial/storage
|
||
GTS_LETSENCRYPT_ENABLED=false
|
||
```
|
||
</details>
|
||
|
||
## (optional) NGINX Config
|
||
The following NGINX config is just an example of what this might look like. In this case we assume that a valid SSL certificate is present. For this you can get a valid certificate from [Let's Encrypt](https://letsencrypt.org "Let's Encrypt Homepage") with the [cerbot](https://certbot.eff.org "Certbot's Homepage").
|
||
|
||
```shell
|
||
server {
|
||
listen 80;
|
||
listen [::]:80;
|
||
server_name gts.example.com;
|
||
|
||
location /.well-known/acme-challenge/ {
|
||
default_type "text/plain";
|
||
root /var/www/certbot;
|
||
}
|
||
location / { return 301 https://$host$request_uri; }
|
||
}
|
||
|
||
server {
|
||
listen 443 ssl http2;
|
||
listen [::]:443 ssl http2;
|
||
server_name gts.example.com;
|
||
|
||
#############################################################################
|
||
# Certificates #
|
||
# you need a certificate to run in production. see https://letsencrypt.org/ #
|
||
#############################################################################
|
||
ssl_certificate /etc/letsencrypt/live/gts.example.com/fullchain.pem;
|
||
ssl_certificate_key /etc/letsencrypt/live/gts.example.com/privkey.pem;
|
||
|
||
location ^~ '/.well-known/acme-challenge' {
|
||
default_type "text/plain";
|
||
root /var/www/certbot;
|
||
}
|
||
|
||
###########################################
|
||
# Security hardening (as of Nov 15, 2020) #
|
||
# based on Mozilla Guideline v5.6 #
|
||
###########################################
|
||
|
||
ssl_protocols TLSv1.2 TLSv1.3;
|
||
ssl_prefer_server_ciphers on;
|
||
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305";
|
||
ssl_session_timeout 1d; # defaults to 5m
|
||
ssl_session_cache shared:SSL:10m; # estimated to 40k sessions
|
||
ssl_session_tickets off;
|
||
ssl_stapling on;
|
||
ssl_stapling_verify on;
|
||
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
|
||
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
|
||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
|
||
|
||
|
||
location / {
|
||
proxy_pass http://127.0.0.1:8080;
|
||
|
||
proxy_set_header Host $host;
|
||
proxy_set_header Connection $http_connection;
|
||
proxy_set_header X-Real-IP $remote_addr;
|
||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||
proxy_set_header X-Scheme $scheme;
|
||
}
|
||
|
||
}
|
||
``` |