Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/Wonderfall/docker-mastodon

All-in-one unofficial Mastodon Docker image, if you want that.
https://github.com/Wonderfall/docker-mastodon

docker mastodon

Last synced: about 2 months ago
JSON representation

All-in-one unofficial Mastodon Docker image, if you want that.

Awesome Lists containing this project

README

        

# wonderfall/mastodon
*Your self-hosted, globally interconnected microblogging community.*

Mastodon [official website](https://joinmastodon.org/) and [source code](https://github.com/tootsuite/mastodon/).

## Why this image?
This non-official image is intended as an **all-in-one** (as in monolithic) Mastodon **production** image. You should use [the official image](https://hub.docker.com/r/tootsuite/mastodon) for development purpose or if you want scalability.

## Security
Don't run random images from random dudes on the Internet. Ideally, you want to maintain and build it yourself.

Images are scanned every day by [Trivy](https://github.com/aquasecurity/trivy) for OS vulnerabilities. They are rebuilt once a week, so you should often update your images regardless of your Mastodon version.

## Features
- Rootless image
- Based on Alpine Linux
- Includes [hardened_malloc](https://github.com/GrapheneOS/hardened_malloc)
- Precompiled assets for Mastodon

## Tags
- `latest` : latest Mastodon version (or working commit)
- `x.x` : latest Mastodon x.x (e.g. `3.4`)
- `x.x.x` : Mastodon x.x.x (including release candidates)

You can always have a glance [here](https://github.com/users/Wonderfall/packages/container/package/mastodon).

## Build-time variables
| Variable | Description | Default |
| ------------------------- | -------------------------- | ------------------ |
| **MASTODON_VERSION** | version/commit of Mastodon | N/A |
| **REPOSITORY** | source of Mastodon | tootsuite/mastodon |

## Environment variables you should change

| Variable | Description | Default |
| ------------------------- | --------------------------- | ------------------ |
| **UID** | user id (rebuild to change) | 991 |
| **GID** | group id (rebuild to change)| 991 |
| **RUN_DB_MIGRATIONS** | run migrations at startup | true |
| **SIDEKIQ_WORKERS** | number of Sidekiq workers | 5 |

Don't forget to provide [an environment file](https://github.com/tootsuite/mastodon/blob/main/.env.production.sample) for Mastodon itself.

## Volumes
| Variable | Description |
| ------------------------- | -------------------------- |
| **/mastodon/public/system** | data files |
| **/mastodon/log** | logs |

## Ports
| Port | Use |
| ------------------------- | -------------------------- |
| **3000** | Mastodon web |
| **4000** | Mastodon streaming |

## docker-compose example
Please use your own settings and adjust this example to your needs.
Here I use Traefik v2 (already configured to redirect 80 to 443 globally).

```yaml
version: '2.4'

networks:
http_network:
external: true

mastodon_network:
external: false
internal: true

services:
mastodon:
image: ghcr.io/wonderfall/mastodon
container_name: mastodon
restart: unless-stopped
security_opt:
- no-new-privileges:true
env_file: /wherever/docker/mastodon/.env.production
depends_on:
- mastodon-db
- mastodon-redis
volumes:
- /wherever/docker/mastodon/data:/mastodon/public/system
- /wherever/docker/mastodon/logs:/mastodon/log
labels:
- traefik.enable=true
- traefik.http.routers.mastodon-web-secure.entrypoints=https
- traefik.http.routers.mastodon-web-secure.rule=Host(`domain.tld`)
- traefik.http.routers.mastodon-web-secure.tls=true
- traefik.http.routers.mastodon-web-secure.middlewares=hsts-headers@file
- traefik.http.routers.mastodon-web-secure.tls.certresolver=http
- traefik.http.routers.mastodon-web-secure.service=mastodon-web
- traefik.http.services.mastodon-web.loadbalancer.server.port=3000
- traefik.http.routers.mastodon-streaming-secure.entrypoints=https
- traefik.http.routers.mastodon-streaming-secure.rule=Host(`domain.tld`) && PathPrefix(`/api/v1/streaming`)
- traefik.http.routers.mastodon-streaming-secure.tls=true
- traefik.http.routers.mastodon-streaming-secure.middlewares=hsts-headers@file
- traefik.http.routers.mastodon-streaming-secure.tls.certresolver=http
- traefik.http.routers.mastodon-streaming-secure.service=mastodon-streaming
- traefik.http.services.mastodon-streaming.loadbalancer.server.port=4000
- traefik.docker.network=http_network
networks:
- mastodon_network
- http_network

mastodon-redis:
image: redis:alpine
container_name: mastodon-redis
restart: unless-stopped
security_opt:
- no-new-privileges:true
volumes:
- /wherever/docker/mastodon/redis:/data
networks:
- mastodon_network

mastodon-db:
image: postgres:9.6-alpine
container_name: mastodon-db
restart: unless-stopped
security_opt:
- no-new-privileges:true
volumes:
- /wherever/docker/mastodon/db:/var/lib/postgresql/data
environment:
- POSTGRES_USER=mastodon
- POSTGRES_DB=mastodon
- POSTGRES_PASSWORD=supersecretpassword
networks:
- mastodon_network
```

*This image has been tested and works great with the [gVisor runtime](https://gvisor.dev/).*