Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Wonderfall/docker-mastodon
All-in-one unofficial Mastodon Docker image, if you want that.
https://github.com/Wonderfall/docker-mastodon
docker mastodon
Last synced: about 2 months ago
JSON representation
All-in-one unofficial Mastodon Docker image, if you want that.
- Host: GitHub
- URL: https://github.com/Wonderfall/docker-mastodon
- Owner: Wonderfall
- License: mit
- Created: 2018-06-12T13:14:13.000Z (over 6 years ago)
- Default Branch: master
- Last Pushed: 2024-03-06T15:25:15.000Z (10 months ago)
- Last Synced: 2024-04-13T13:53:59.880Z (8 months ago)
- Topics: docker, mastodon
- Language: Dockerfile
- Homepage: https://joinmastodon.org/
- Size: 87.9 KB
- Stars: 55
- Watchers: 3
- Forks: 15
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# wonderfall/mastodon
*Your self-hosted, globally interconnected microblogging community.*Mastodon [official website](https://joinmastodon.org/) and [source code](https://github.com/tootsuite/mastodon/).
## Why this image?
This non-official image is intended as an **all-in-one** (as in monolithic) Mastodon **production** image. You should use [the official image](https://hub.docker.com/r/tootsuite/mastodon) for development purpose or if you want scalability.## Security
Don't run random images from random dudes on the Internet. Ideally, you want to maintain and build it yourself.Images are scanned every day by [Trivy](https://github.com/aquasecurity/trivy) for OS vulnerabilities. They are rebuilt once a week, so you should often update your images regardless of your Mastodon version.
## Features
- Rootless image
- Based on Alpine Linux
- Includes [hardened_malloc](https://github.com/GrapheneOS/hardened_malloc)
- Precompiled assets for Mastodon## Tags
- `latest` : latest Mastodon version (or working commit)
- `x.x` : latest Mastodon x.x (e.g. `3.4`)
- `x.x.x` : Mastodon x.x.x (including release candidates)You can always have a glance [here](https://github.com/users/Wonderfall/packages/container/package/mastodon).
## Build-time variables
| Variable | Description | Default |
| ------------------------- | -------------------------- | ------------------ |
| **MASTODON_VERSION** | version/commit of Mastodon | N/A |
| **REPOSITORY** | source of Mastodon | tootsuite/mastodon |## Environment variables you should change
| Variable | Description | Default |
| ------------------------- | --------------------------- | ------------------ |
| **UID** | user id (rebuild to change) | 991 |
| **GID** | group id (rebuild to change)| 991 |
| **RUN_DB_MIGRATIONS** | run migrations at startup | true |
| **SIDEKIQ_WORKERS** | number of Sidekiq workers | 5 |Don't forget to provide [an environment file](https://github.com/tootsuite/mastodon/blob/main/.env.production.sample) for Mastodon itself.
## Volumes
| Variable | Description |
| ------------------------- | -------------------------- |
| **/mastodon/public/system** | data files |
| **/mastodon/log** | logs |## Ports
| Port | Use |
| ------------------------- | -------------------------- |
| **3000** | Mastodon web |
| **4000** | Mastodon streaming |## docker-compose example
Please use your own settings and adjust this example to your needs.
Here I use Traefik v2 (already configured to redirect 80 to 443 globally).```yaml
version: '2.4'networks:
http_network:
external: truemastodon_network:
external: false
internal: trueservices:
mastodon:
image: ghcr.io/wonderfall/mastodon
container_name: mastodon
restart: unless-stopped
security_opt:
- no-new-privileges:true
env_file: /wherever/docker/mastodon/.env.production
depends_on:
- mastodon-db
- mastodon-redis
volumes:
- /wherever/docker/mastodon/data:/mastodon/public/system
- /wherever/docker/mastodon/logs:/mastodon/log
labels:
- traefik.enable=true
- traefik.http.routers.mastodon-web-secure.entrypoints=https
- traefik.http.routers.mastodon-web-secure.rule=Host(`domain.tld`)
- traefik.http.routers.mastodon-web-secure.tls=true
- traefik.http.routers.mastodon-web-secure.middlewares=hsts-headers@file
- traefik.http.routers.mastodon-web-secure.tls.certresolver=http
- traefik.http.routers.mastodon-web-secure.service=mastodon-web
- traefik.http.services.mastodon-web.loadbalancer.server.port=3000
- traefik.http.routers.mastodon-streaming-secure.entrypoints=https
- traefik.http.routers.mastodon-streaming-secure.rule=Host(`domain.tld`) && PathPrefix(`/api/v1/streaming`)
- traefik.http.routers.mastodon-streaming-secure.tls=true
- traefik.http.routers.mastodon-streaming-secure.middlewares=hsts-headers@file
- traefik.http.routers.mastodon-streaming-secure.tls.certresolver=http
- traefik.http.routers.mastodon-streaming-secure.service=mastodon-streaming
- traefik.http.services.mastodon-streaming.loadbalancer.server.port=4000
- traefik.docker.network=http_network
networks:
- mastodon_network
- http_network
mastodon-redis:
image: redis:alpine
container_name: mastodon-redis
restart: unless-stopped
security_opt:
- no-new-privileges:true
volumes:
- /wherever/docker/mastodon/redis:/data
networks:
- mastodon_networkmastodon-db:
image: postgres:9.6-alpine
container_name: mastodon-db
restart: unless-stopped
security_opt:
- no-new-privileges:true
volumes:
- /wherever/docker/mastodon/db:/var/lib/postgresql/data
environment:
- POSTGRES_USER=mastodon
- POSTGRES_DB=mastodon
- POSTGRES_PASSWORD=supersecretpassword
networks:
- mastodon_network
```*This image has been tested and works great with the [gVisor runtime](https://gvisor.dev/).*