GoToSocial/docs/installation_guide/docker.md

205 lines
8.2 KiB
Markdown

# Docker
The official GoToSocial Docker images are provided through [Docker Hub](https://hub.docker.com/r/superseriousbusiness/gotosocial).
Docker images are currently available for the following OS + architecture combinations:
Linux
- 386
- amd64
- arm6
- arm7
- arm64v8
FreeBSD
- amd64
Before following this guide, you should read the [system requirements](./index.md).
This guide assumes that you're using Linux.
## Run with Docker Compose
You can run GoToSocial using any orchestration system that can manage Docker containers ([Kubernetes](https://kubernetes.io/), [Nomad](https://www.nomadproject.io/), etc).
For simplicity's sake, this guide will lead you through the installation with [Docker Compose](https://docs.docker.com/compose), using SQLite as your database.
### Create a Working Dir
You need a working directory in which your docker-compose file will be located, and a directory for GoToSocial to store data in, so create these directories with the following command:
```bash
mkdir -p ~/gotosocial/data
```
Now change to the working directory you created:
```bash
cd ~/gotosocial
```
### Get the latest docker-compose.yaml
Use `wget` to download the latest [docker-compose.yaml](https://raw.githubusercontent.com/superseriousbusiness/gotosocial/main/example/docker-compose/docker-compose.yaml) example, which we'll customize for our needs:
```bash
wget https://raw.githubusercontent.com/superseriousbusiness/gotosocial/main/example/docker-compose/docker-compose.yaml
```
### Edit the docker-compose.yaml
Because GoToSocial can be configured using [Environment Variables](../configuration/index.md#environment-variables), we can skip mounting a config.yaml file into the container, to make our configuration simpler. We just need to edit the docker-compose.yaml file to change a few things.
First open the docker-compose.yaml file in your editor of choice. For example:
```bash
nano docker-compose.yaml
```
#### Version
If desired, update the GoToSocial Docker image tag to the version of GtS you want to use.
`latest` - the default. This points to the latest stable release of GoToSocial.
`snapshot` - points to whatever code is currently on the main branch. Not guaranteed to be stable, will often be broken. Use with caution.
You can also replace `latest` with a specific GoToSocial version number. This is recommended when you want to make sure that you don't update your GoToSocial version by accident, which can cause problems.
The list of releases can be found [right here](https://github.com/superseriousbusiness/gotosocial/releases), with the newest release at the top. Replace `latest` in the docker-compose.yaml with the number of the desired release (without the leading `v` or trailing version name). So for example if you want to run [v0.3.1 Sleepy Sloth](https://github.com/superseriousbusiness/gotosocial/releases/tag/v0.3.1) for whatever reason, you should replace:
```text
image: superseriousbusiness/gotosocial:latest
```
with:
```text
image: superseriousbusiness/gotosocial:0.3.1
```
#### Host
Change the `GTS_HOST` environment variable to the domain you are running GoToSocial on.
#### User (optional / probably not necessary)
By default, Dockerized GoToSocial runs with Linux user/group `1000:1000`, which is fine in most cases. If you want to run as a different user/group, you should change the `user` field in the docker-compose.yaml accordingly.
For example, let's say you created the `~/gotosocial/data` directory for a user with id `1001`, and group id `1001`. If you now try to run GoToSocial without changing the `user` field, it will get a permissions error trying to open its database file in the directory. In this case, you would have to change the `user` field of the docker compose file to `1001:1001`.
#### LetsEncrypt (optional)
If you want to use [LetsEncrypt](../configuration/tls.md) for ssl certificates (https), you should also:
1. Change the value of `GTS_LETSENCRYPT_ENABLED` to `"true"`.
2. Remove the `#` before `- "80:80"` in the `ports` section.
3. (Optional) Set `GTS_LETSENCRYPT_EMAIL_ADDRESS` to a valid email address to receive certificate expiry warnings etc.
#### Reverse proxies
The default port bindings are for exposing GoToSocial directly and publicly. Remove the `#` in front the line that forwards `127.0.0.1:8080:8080` which makes port `8080` available only to the local host. Change that `127.0.0.1` if the reverse proxy is somewhere else.
To ensure [rate limiting](../api/ratelimiting.md) by IP works, remove the `#` in front of `GTS_TRUSTED_PROXIES` and set it to the IP the requests from the reverse proxy are coming from. That's usually the value of the `Gateway` field of the docker network.
```text
$ docker network inspect gotosocial_gotosocial
[
{
"Name": "gotosocial_gotosocial",
[...]
"IPAM": {
"Driver": "default",
"Options": null,
"Config": [
{
"Subnet": "172.19.0.0/16",
"Gateway": "172.19.0.1"
}
]
},
[...]
```
In the example above, it would be `172.19.0.1`.
If unsure, skip the trusted proxies step, continue with the next sections, and once it's running get the `clientIP` from the docker logs.
### Start GoToSocial
With those small changes out of the way, you can now start GoToSocial with the following command:
```shell
docker-compose up -d
```
After running this command, you should get an output like:
```text
Creating network "gotosocial_gotosocial" with the default driver
Creating gotosocial ... done
```
If you want to follow the logs of GoToSocial, you can use:
```bash
docker logs -f gotosocial
```
If everything is OK, you should see something similar to the following:
```text
time=2022-04-19T09:48:35Z level=info msg=connected to SQLITE database
time=2022-04-19T09:48:35Z level=info msg=MIGRATED DATABASE TO group #1 (20211113114307, 20220214175650, 20220305130328, 20220315160814) func=doMigration
time=2022-04-19T09:48:36Z level=info msg=instance account example.org CREATED with id 01EXX0TJ9PPPXF2C4N2MMMVK50
time=2022-04-19T09:48:36Z level=info msg=created instance instance example.org with id 01PQT31C7BZJ1Q2Z4BMEV90ZCV
time=2022-04-19T09:48:36Z level=info msg=media manager cron logger: start[]
time=2022-04-19T09:48:36Z level=info msg=media manager cron logger: schedule[now 2022-04-19 09:48:36.096127852 +0000 UTC entry 1 next 2022-04-20 00:00:00 +0000 UTC]
time=2022-04-19T09:48:36Z level=info msg=started media manager remote cache cleanup job: will run next at 2022-04-20 00:00:00 +0000 UTC
time=2022-04-19T09:48:36Z level=info msg=listening on 0.0.0.0:8080
```
### Create your first User
Now that GoToSocial is running, you can execute commands inside the running container to create and promote your admin user.
First create a user (replace the username, email, and password with appropriate values):
```bash
docker exec -it gotosocial /gotosocial/gotosocial admin account create --username some_username --email someone@example.org --password 'some_very_good_password'
```
If you are running a version older than 0.6.0, you will need to manually confirm as well:
```bash
./gotosocial --config-path ./config.yaml admin account confirm --username some_username
```
Replace `some_username` with the username of the account you just created.
Now promote the user you just created to admin privileges:
```bash
docker exec -it gotosocial /gotosocial/gotosocial admin account promote --username some_username
```
When running these commands, you'll get a bit of output like the following:
```text
time=2022-04-19T09:53:29Z level=info msg=connected to SQLITE database
time=2022-04-19T09:53:29Z level=info msg=there are no new migrations to run func=doMigration
time=2022-04-19T09:53:29Z level=info msg=closing db connection
```
This is normal and indicates that the commands ran as expected.
### Done
GoToSocial should now be running on your machine! To verify this, open your browser and go to `http://localhost:443`. You should see the GoToSocial landing page. Well done!
## (Optional) Reverse Proxy
If you want to run other webservers on port 443, or want to add an additional layer of security you might want to add [NGINX](https://nginx.org), [Traefik](https://doc.traefik.io/traefik/), or [Apache httpd](https://httpd.apache.org/) into your docker-compose to use as a reverse proxy.