top · October 26, 2024 01:38
diff --git a/.env-elasticsearch b/.env-elasticsearch
 # folder: ./elasticsearch

 # Password for the 'elastic' user (at least 6 characters)
 ELASTIC_PASSWORD=

 # Version of Elastic products
 STACK_VERSION=8.15.2

 # Set the cluster name
 CLUSTER_NAME=es-mastodon

 # Set to 'basic' or 'trial' to automatically start the 30-day trial
 LICENSE=basic
 #LICENSE=trial

 # Port to expose Elasticsearch HTTP API to the host
 ES_PORT=127.0.0.1:9200

 # Increase or decrease based on the available host memory (in bytes)
 MEM_LIMIT=1073741824
diff --git a/.env-mastodon b/.env-mastodon
 # folder: ./m.ie9.org

 # Generated with mastodon:setup on 2022-12-02 02:11:28 UTC

 LOCAL_DOMAIN=m.ie9.org
 ALTERNATE_DOMAINS=ie9.org
 SINGLE_USER_MODE=false
 SECRET_KEY_BASE=
 OTP_SECRET=
 VAPID_PRIVATE_KEY=
 VAPID_PUBLIC_KEY=
 ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
 ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
 ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=

 DB_HOST=postgres
 DB_PORT=5432
 DB_NAME=mastodon
 DB_USER=
 DB_PASS=

 REDIS_HOST=redis
 REDIS_PORT=6379
 REDIS_PASSWORD=

 SMTP_SERVER=smtp.sendgrid.net
 SMTP_PORT=587
 SMTP_LOGIN=apikey
 SMTP_PASSWORD=
 SMTP_AUTH_METHOD=plain
 SMTP_OPENSSL_VERIFY_MODE=none
 SMTP_ENABLE_STARTTLS=auto
 [email protected]

 S3_ENABLED=true
 S3_PROTOCOL=https
 S3_REGION=us-east-1
 S3_ENDPOINT=http://minio:9000
 S3_HOSTNAME=mi.ie9.org
 S3_BUCKET=mastodon
 AWS_ACCESS_KEY_ID=
 AWS_SECRET_ACCESS_KEY=

 # Elasticsearch (optional)
 # ------------------------
 ES_ENABLED=true
 ES_HOST=elasticsearch
 ES_PORT=9200
 # Authentication for ES (optional)
 ES_USER=elastic
 ES_PASS=
diff --git a/.env-minio b/.env-minio
 # folder: ./minio

 MINIO_ROOT_USER=
 MINIO_ROOT_PASSWORD=
diff --git a/.env-postgres b/.env-postgres
 # folder: ./postgres

 USERNAME=
 PASSWORD=
diff --git a/Caddyfile b/Caddyfile
 # folder: ./caddy

 :8882 {
        @local {
                file
                not path /
        }
        @streaming {
                path /api/v1/streaming/*
        }
        @cache_control {
                path_regexp ^/(emoji|packs|/system/accounts/avatars|/system/media_attachments/files)
        }
        root * /home/mastodon/public
        encode zstd gzip
        header {
                Strict-Transport-Security "max-age=31536000"
                # Content-Security-Policy "default-src 'none'; script-src https: 'self'; object-src 'self'; style-src 'self'; img-src * blob: data:; media-src 'self' data:; frame-src 'self' https:; font-src 'self' data:; form-action 'self';"
        }
        header /sw.js Cache-Control "public, max-age=0"
        header @cache_control Cache-Control "public, max-age=31536000, immutable"
        handle @local {
                file_server
        }

        reverse_proxy @streaming {
                to streaming:4000
                transport http {
                        keepalive 5s
                        keepalive_idle_conns 10
                }
        }
        reverse_proxy {
                to web:3000
                header_up X-Forwarded-Port 443
                header_up X-Forwarded-Proto https
                transport http {
                        keepalive 5s
                        keepalive_idle_conns 10
                }
        }
 }
diff --git a/docker-compose-caddy.yml b/docker-compose-caddy.yml
 # folder: ./caddy

 services:
  caddy:
    image: docker.io/library/caddy:alpine
    container_name: caddy
    restart: unless-stopped
    ports:
      - 8882:8882
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
    networks:
      - home

 networks:
  home:
    external: true
diff --git a/docker-compose-elasticsearch.yml b/docker-compose-elasticsearch.yml
 # folder: ./elasticsearch

 services:
  elasticsearch:
    image: docker.io/library/elasticsearch:${STACK_VERSION}
    container_name: elasticsearch
    restart: unless-stopped
    ports:
      - ${ES_PORT}:9200
    volumes:
      - data:/usr/share/elasticsearch/data
      - config:/usr/share/elasticsearch/config
    environment:
      - ES_JAVA_OPTS=-Xms512m -Xmx512m #-Des.enforce.bootstrap.checks=true
      - xpack.license.self_generated.type=${LICENSE}
      - xpack.security.enabled=false
      - xpack.watcher.enabled=false
      - xpack.graph.enabled=false
      - xpack.ml.enabled=false
      - bootstrap.memory_lock=true
      - cluster.name=${CLUSTER_NAME}
      - ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
      - discovery.type=single-node
      - thread_pool.write.queue_size=1000
      - transport.host=localhost
    ulimits:
      memlock:
        soft: -1
        hard: -1
    healthcheck:
      test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
      interval: 10s
      timeout: 10s
      retries: 120
    networks:
      - home

 volumes:
  config:
  data:

 networks:
  home:
    external: true
 r
diff --git a/docker-compose-mastodon.yml b/docker-compose-mastodon.yml
 # folder: ./m.ie9.org
 services:
  web:
    image: ghcr.io/mastodon/mastodon
    container_name: web
    restart: always
    env_file: .env
    command: bundle exec puma -C config/puma.rb
    ports:
      - 127.0.0.1:3000:3000
    healthcheck:
      test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000/health | grep -q 'OK' || exit 1"]
    volumes:
      - ./public/system:/mastodon/public/system
    networks:
      - home

  streaming:
    image: ghcr.io/mastodon/mastodon-streaming
    container_name: streaming
    restart: always
    env_file: .env
    command: node ./streaming/index.js
    ports:
      - 4000:4000
    healthcheck:
      test: ['CMD-SHELL', "curl -s --noproxy localhost localhost:4000/api/v1/streaming/health | grep -q 'OK' || exit 1"]
    networks:
      - home

  sidekiq:
    image: ghcr.io/mastodon/mastodon
    container_name: sidekiq
    restart: always
    env_file: .env
    command: bundle exec sidekiq
    volumes:
      - ./public/system:/mastodon/public/system
    healthcheck:
      test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
    networks:
      - home

 networks:
  home:
    external: true
diff --git a/docker-compose-minio.yml b/docker-compose-minio.yml
 # folder: ./minio

 services:
  minio:
    image: quay.io/minio/minio
    container_name: minio
    restart: always
    env_file: .env
    command: server --console-address ":9001" /data1 /data2 /data3
    ports:
      - 9000:9000
      - 9001:9001
    volumes:
      - ./data1:/data1
      - ./data2:/data2
      - ./data3:/data3
    healthcheck:
      test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
      interval: 30s
      timeout: 20s
      retries: 3
    networks:
      - home

 networks:
  home:
    external: true
diff --git a/docker-compose-postgres.yml b/docker-compose-postgres.yml
 # folder: ./postgres

 services:
  postgres:
    image: docker.io/library/postgres:15-alpine
    container_name: postgres
    restart: unless-stopped
    ports:
      - 5432:5432
    volumes:
      - ./data:/var/lib/postgresql/data
    environment:
      - POSTGRES_USER=${USERNAME}
      - POSTGRES_PASSWORD=${PASSWORD}
    networks:
      - home
    healthcheck:
      test: ['CMD', 'pg_isready', '-U', 'postgres']

 networks:
  home:
    external: true
diff --git a/docker-compose-redis.yml b/docker-compose-redis.yml
 # folder: ./redis

 services:
  redis:
    image: docker.io/library/redis:alpine
    container_name: redis
    restart: unless-stopped
    volumes:
      - ./data:/data
    healthcheck:
      test: ['CMD', 'redis-cli', 'ping']
    networks:
      - home

 networks:
  home:
    external: true
	# folder: ./elasticsearch

	# Password for the 'elastic' user (at least 6 characters)
	ELASTIC_PASSWORD=

	# Version of Elastic products
	STACK_VERSION=8.15.2

	# Set the cluster name
	CLUSTER_NAME=es-mastodon

	# Set to 'basic' or 'trial' to automatically start the 30-day trial
	LICENSE=basic
	#LICENSE=trial

	# Port to expose Elasticsearch HTTP API to the host
	ES_PORT=127.0.0.1:9200

	# Increase or decrease based on the available host memory (in bytes)
	MEM_LIMIT=1073741824
	# folder: ./m.ie9.org

	# Generated with mastodon:setup on 2022-12-02 02:11:28 UTC

	LOCAL_DOMAIN=m.ie9.org
	ALTERNATE_DOMAINS=ie9.org
	SINGLE_USER_MODE=false
	SECRET_KEY_BASE=
	OTP_SECRET=
	VAPID_PRIVATE_KEY=
	VAPID_PUBLIC_KEY=
	ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=
	ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=
	ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=

	DB_HOST=postgres
	DB_PORT=5432
	DB_NAME=mastodon
	DB_USER=
	DB_PASS=

	REDIS_HOST=redis
	REDIS_PORT=6379
	REDIS_PASSWORD=

	SMTP_SERVER=smtp.sendgrid.net
	SMTP_PORT=587
	SMTP_LOGIN=apikey
	SMTP_PASSWORD=
	SMTP_AUTH_METHOD=plain
	SMTP_OPENSSL_VERIFY_MODE=none
	SMTP_ENABLE_STARTTLS=auto
	[email protected]

	S3_ENABLED=true
	S3_PROTOCOL=https
	S3_REGION=us-east-1
	S3_ENDPOINT=http://minio:9000
	S3_HOSTNAME=mi.ie9.org
	S3_BUCKET=mastodon
	AWS_ACCESS_KEY_ID=
	AWS_SECRET_ACCESS_KEY=

	# Elasticsearch (optional)
	# ------------------------
	ES_ENABLED=true
	ES_HOST=elasticsearch
	ES_PORT=9200
	# Authentication for ES (optional)
	ES_USER=elastic
	ES_PASS=
	# folder: ./caddy

	:8882 {
	@local {
	file
	not path /
	}
	@streaming {
	path /api/v1/streaming/*
	}
	@cache_control {
	path_regexp ^/(emoji\|packs\|/system/accounts/avatars\|/system/media_attachments/files)
	}
	root * /home/mastodon/public
	encode zstd gzip
	header {
	Strict-Transport-Security "max-age=31536000"
	# Content-Security-Policy "default-src 'none'; script-src https: 'self'; object-src 'self'; style-src 'self'; img-src * blob: data:; media-src 'self' data:; frame-src 'self' https:; font-src 'self' data:; form-action 'self';"
	}
	header /sw.js Cache-Control "public, max-age=0"
	header @cache_control Cache-Control "public, max-age=31536000, immutable"
	handle @local {
	file_server
	}

	reverse_proxy @streaming {
	to streaming:4000
	transport http {
	keepalive 5s
	keepalive_idle_conns 10
	}
	}
	reverse_proxy {
	to web:3000
	header_up X-Forwarded-Port 443
	header_up X-Forwarded-Proto https
	transport http {
	keepalive 5s
	keepalive_idle_conns 10
	}
	}
	}
	# folder: ./caddy

	services:
	caddy:
	image: docker.io/library/caddy:alpine
	container_name: caddy
	restart: unless-stopped
	ports:
	- 8882:8882
	volumes:
	- ./Caddyfile:/etc/caddy/Caddyfile
	networks:
	- home

	networks:
	home:
	external: true
	# folder: ./elasticsearch

	services:
	elasticsearch:
	image: docker.io/library/elasticsearch:${STACK_VERSION}
	container_name: elasticsearch
	restart: unless-stopped
	ports:
	- ${ES_PORT}:9200
	volumes:
	- data:/usr/share/elasticsearch/data
	- config:/usr/share/elasticsearch/config
	environment:
	- ES_JAVA_OPTS=-Xms512m -Xmx512m #-Des.enforce.bootstrap.checks=true
	- xpack.license.self_generated.type=${LICENSE}
	- xpack.security.enabled=false
	- xpack.watcher.enabled=false
	- xpack.graph.enabled=false
	- xpack.ml.enabled=false
	- bootstrap.memory_lock=true
	- cluster.name=${CLUSTER_NAME}
	- ELASTIC_PASSWORD=${ELASTIC_PASSWORD}
	- discovery.type=single-node
	- thread_pool.write.queue_size=1000
	- transport.host=localhost
	ulimits:
	memlock:
	soft: -1
	hard: -1
	healthcheck:
	test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health \|\| exit 1"]
	interval: 10s
	timeout: 10s
	retries: 120
	networks:
	- home

	volumes:
	config:
	data:

	networks:
	home:
	external: true
	r
	# folder: ./m.ie9.org
	services:
	web:
	image: ghcr.io/mastodon/mastodon
	container_name: web
	restart: always
	env_file: .env
	command: bundle exec puma -C config/puma.rb
	ports:
	- 127.0.0.1:3000:3000
	healthcheck:
	test: ['CMD-SHELL',"curl -s --noproxy localhost localhost:3000/health \| grep -q 'OK' \|\| exit 1"]
	volumes:
	- ./public/system:/mastodon/public/system
	networks:
	- home

	streaming:
	image: ghcr.io/mastodon/mastodon-streaming
	container_name: streaming
	restart: always
	env_file: .env
	command: node ./streaming/index.js
	ports:
	- 4000:4000
	healthcheck:
	test: ['CMD-SHELL', "curl -s --noproxy localhost localhost:4000/api/v1/streaming/health \| grep -q 'OK' \|\| exit 1"]
	networks:
	- home

	sidekiq:
	image: ghcr.io/mastodon/mastodon
	container_name: sidekiq
	restart: always
	env_file: .env
	command: bundle exec sidekiq
	volumes:
	- ./public/system:/mastodon/public/system
	healthcheck:
	test: ['CMD-SHELL', "ps aux \| grep '[s]idekiq\ 6' \|\| false"]
	networks:
	- home

	networks:
	home:
	external: true
	# folder: ./minio

	services:
	minio:
	image: quay.io/minio/minio
	container_name: minio
	restart: always
	env_file: .env
	command: server --console-address ":9001" /data1 /data2 /data3
	ports:
	- 9000:9000
	- 9001:9001
	volumes:
	- ./data1:/data1
	- ./data2:/data2
	- ./data3:/data3
	healthcheck:
	test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
	interval: 30s
	timeout: 20s
	retries: 3
	networks:
	- home

	networks:
	home:
	external: true
	# folder: ./postgres

	services:
	postgres:
	image: docker.io/library/postgres:15-alpine
	container_name: postgres
	restart: unless-stopped
	ports:
	- 5432:5432
	volumes:
	- ./data:/var/lib/postgresql/data
	environment:
	- POSTGRES_USER=${USERNAME}
	- POSTGRES_PASSWORD=${PASSWORD}
	networks:
	- home
	healthcheck:
	test: ['CMD', 'pg_isready', '-U', 'postgres']

	networks:
	home:
	external: true
	# folder: ./redis

	services:
	redis:
	image: docker.io/library/redis:alpine
	container_name: redis
	restart: unless-stopped
	volumes:
	- ./data:/data
	healthcheck:
	test: ['CMD', 'redis-cli', 'ping']
	networks:
	- home

	networks:
	home:
	external: true