Merge branch 'stripdown' of sn0w/pleroma-docker into master

This commit is contained in:
sn0w 2019-08-25 23:15:22 +00:00 committed by Gitea
commit 991492b80f
10 changed files with 271 additions and 460 deletions

View File

@ -1 +1,2 @@
data/
cache/

View File

@ -1,41 +1,14 @@
#########################
# Script settings #
#########################
# Pleroma tag, commit, or branch to build
PLEROMA_VERSION=master
# Create a postgresql container?
SCRIPT_DEPLOY_POSTGRES=true
# Specify the server that is used as a reverse-proxy
SCRIPT_USE_PROXY=traefik
# Enable internal SSL support?
SCRIPT_ENABLE_SSL=false
# The port to serve HTTP on when running in nginx/apache-mode
SCRIPT_PORT_HTTP=80
# The port to serve HTTPs on when running in nginx/apache-mode
SCRIPT_PORT_HTTPS=443
# The ip to bind to in nginx/apache-mode
SCRIPT_BIND_IP=0.0.0.0
#########################
# Docker settings #
#########################
# The docker network to bind to.
# In traefik-mode this should be the same network that your
# traefik-container is connected to or a network that is interconnected
# with traefik's network. In manual, apache or nginx mode this value may be empty or set to any other alphanumeric value.
# (Defaults to something like "pleroma_docker_1" if empty)
DOCKER_NETWORK=prod
# The directory where all containers store their data.
# Can be a relative path, "~/...", or absolute.
# Named docker volumes are currently not supported.
# The directory where the containers store their stuff
# Can be an absolute or relative path
DOCKER_DATADIR=./data
# Pleroma's mix environment.
# You should leave this at prod unless you know what you're doing.
MIX_ENV=prod
# The uid/gid used by pleroma.
# You should probably set this to the same
# uid/guid that cloned the pleroma-docker repo.
@ -43,27 +16,11 @@ DOCKER_DATADIR=./data
DOCKER_UID=1000
DOCKER_GID=1000
###########################
# Database settings #
###########################
# When you use the managed postgres container
# those will be the credentials the container is generated with.
POSTGRES_DB=pleroma
POSTGRES_USER=pleroma
POSTGRES_PASSWORD=pleroma
##########################
# Pleroma Settings #
##########################
# The environment to use (dev/prod/test)
MIX_ENV=prod
# The git tag, revision, or branch to check out on build
PLEROMA_VERSION=develop
# Domain to run at (only relevant for traefik mode)
PLEROMA_URL=coolsite.moe
PLEROMA_MEDIA_PROXY_URL=cdn.coolsite.moe
# The git repo where pleroma's sources are located.
# This will be used at build-time and to resolve PLEROMA_VERSION via "git ls-remote".
# The latter involves one connection per "pleroma.sh build" execution, even if a rebuild does not occur.
#
# You might want to change this if you're working on a fork,
# or if you do not trust the admins of pleroma's Gitlab instance.
#
PLEROMA_GIT_REPO=https://git.pleroma.social/pleroma/pleroma.git

8
.gitignore vendored
View File

@ -1,10 +1,10 @@
data
.env
config.yml
data/
cache/
custom.d/
!custom.d/.gitkeep
docker-compose.yml
config.exs
secret.exs
.env
# Created by https://www.gitignore.io/api/osx,linux,windows

View File

@ -1,26 +1,36 @@
FROM alpine:3.9
FROM alpine:3.10
ARG __VIA_SCRIPT
RUN \
if [ -z "$__VIA_SCRIPT" ]; then \
echo -e "\n\nERROR\nYou must build pleroma via build.sh\n\n"; \
exit 1; \
fi
# Set up environment
ENV LC_ALL=C.UTF-8
ENV LANG=C.UTF-8
ENV MIX_ENV=prod
ARG MIX_ENV
ENV MIX_ENV=$MIX_ENV
# Prepare mounts
VOLUME /custom.d
VOLUME /custom.d /uploads
# Expose default pleroma port to host
EXPOSE 4000
# Expose HTTP, Gopher, and SSH ports, respectively
EXPOSE 4000 9999 2222
# Get dependencies
RUN \
apk add --no-cache --virtual .tools \
git curl rsync postgresql-client \
\
&& apk add --no-cache --virtual .sdk \
&& \
apk add --no-cache --virtual .sdk \
build-base \
\
&& apk add --no-cache --virtual .runtime \
imagemagick erlang erlang-runtime-tools erlang-xmerl erlang-ssl erlang-eldap elixir
&& \
apk add --no-cache --virtual .runtime \
imagemagick \
elixir erlang erlang-runtime-tools \
erlang-xmerl erlang-ssl erlang-ssh erlang-eldap erlang-mnesia
# Add entrypoint
COPY ./entrypoint.sh /
@ -28,43 +38,40 @@ RUN chmod a+x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
# Limit permissions
ARG DOCKER_UID=1000
ARG DOCKER_GID=1000
ARG PLEROMA_UPLOADS_PATH=/uploads
ARG DOCKER_UID
ARG DOCKER_GID
RUN \
addgroup -g ${DOCKER_GID} pleroma \
&& adduser -S -s /bin/ash -G pleroma -u ${DOCKER_UID} pleroma \
&& mkdir -p /custom.d $PLEROMA_UPLOADS_PATH \
&& chown -R pleroma:pleroma /custom.d $PLEROMA_UPLOADS_PATH
echo "#> Pleroma user will be ${DOCKER_UID}:${DOCKER_GID}" 1>&2 && \
addgroup -g ${DOCKER_GID} pleroma && \
adduser -S -s /bin/ash -G pleroma -u ${DOCKER_UID} pleroma && \
mkdir -p /custom.d /uploads && \
chown -R pleroma:pleroma /custom.d /uploads
USER pleroma
WORKDIR /home/pleroma
# Get pleroma sources
RUN git clone --progress https://git.pleroma.social/pleroma/pleroma.git ./pleroma
ARG PLEROMA_GIT_REPO
RUN \
echo "#> Getting pleroma sources from $PLEROMA_GIT_REPO..." 1>&2 && \
git clone --progress $PLEROMA_GIT_REPO ./pleroma
WORKDIR /home/pleroma/pleroma
# Bust the build cache (if needed)
# This works by setting an environment variable with the last
# used version/branch/tag/commitish/... which originates in the script.
# If the host doesn't have the required tool for "smart version detection"
# we'll just use the current timestamp here which forces a rebuild every time.
# used version/branch/tag/commit/... which originates in the script.
ARG __CACHE_TAG
ENV __CACHE_TAG $__CACHE_TAG
# Fetch changes, checkout
ARG PLEROMA_VERSION
RUN \
git fetch --all \
&& git checkout $PLEROMA_VERSION \
&& git pull --rebase --autostash
git fetch --all && \
git checkout $PLEROMA_VERSION
# Precompile
RUN \
cp ./config/dev.exs ./config/prod.secret.exs \
&& BUILDTIME=1 /entrypoint.sh \
&& rm ./config/prod.secret.exs
# Insert overrides
COPY --chown=pleroma:pleroma ./custom.d /home/pleroma/pleroma
cp ./config/dev.exs ./config/prod.secret.exs && \
BUILDTIME=1 /entrypoint.sh && \
rm ./config/prod.secret.exs

180
README.md
View File

@ -12,13 +12,13 @@ This repository dockerizes it for easier deployment.
/*
* This repository comes with ABSOLUTELY NO WARRANTY
*
* I am not responsible for burning servers, angry users, fedi drama,
* I will happily help you with issues related to this script,
* but I am not responsible for burning servers, angry users, fedi drama,
* thermonuclear war, or you getting fired because your boss saw your NSFW posts.
* Please do some research if you have any concerns about included
* features or the software used by this script ***before*** using it.
*
* You are choosing to use this setup, and if you point the finger at me for
* messing up your instance, I will laugh at you.
* Please do some research if you have any concerns about the
* included features or software ***before*** using it.
*
*/
```
@ -37,38 +37,53 @@ Let me know and I'll add you to this list.
These docs assume that you have at least a basic understanding
of the pleroma installation process and common docker commands.
If you have questions about Pleroma head over to https://docs-develop.pleroma.social/.<br>
If you have questions about Pleroma head over to https://docs.pleroma.social/.<br>
For help with docker check out https://docs.docker.com/.
For other problems related to this script, contact me or open an issue :)
### Prerequisites
- ~500mb of free HDD space
- `m4` and `awk` in remotely recent versions
- ~1GB of free HDD space
- `git` if you want smart build caches
- `curl`, `jq`, and `dialog` if you want to use `./pleroma mod`
- Bash 4.0+ (fancy scripting stuff)
- `curl`, `jq`, and `dialog` if you want to use `./pleroma.sh mod`
- Bash 4+
- Docker 18.06+ and docker-compose 1.22+
### Installation
- Clone this repository
- Create a `config.exs` and `.env` file
- Run `./pleroma build` and `./pleroma up`
- Run `./pleroma.sh build` and `./pleroma.sh up`
- [Configure a reverse-proxy](#my-instance-is-up-how-do-i-reach-it)
- Profit!
Hint:<br>
You can also use normal `docker-compose` commands to maintain your setup.<br>
The only command that you cannot use is `docker-compose build` due to build caching.
### Configuration
All the pleroma options that you usually put into your `*.secret.exs` now go into `config.exs`.
`.env` stores config values that need to be known at orchestration/build time.<br>
Documentation for the possible values is inside of that file.
### Updates
Run `./pleroma build` again and start the updated image with `./pleroma up`.
Run `./pleroma.sh build` again and start the updated image with `./pleroma.sh up`.
You don't need to stop your pleroma server for either of those commands.
### Maintenance
Pleroma maintenance is usually done with mix tasks.
You can run these tasks in your running pleroma server using `./pleroma mix [task] [arguments...]`.
If you need to fix some bigger issues you can also spawn a shell with `./pleroma enter`.
For example: `/pleroma mix pleroma.user new sn0w ...`
You can run these tasks in your running pleroma server using `./pleroma.sh mix [task] [arguments...]`.
For example: `./pleroma.sh mix pleroma.user new sn0w ...`
If you need to fix bigger problems you can also spawn a shell with `./pleroma.sh enter`.
### Customization
@ -78,7 +93,7 @@ You can even replace/patch pleromas code with this,
because the project is recompiled at startup if needed.
In general: Prepending `custom.d/` to pleromas customization guides should work all the time.<br>
Check them out in the official pleroma wiki.
Check them out in the [pleroma documentation](https://docs.pleroma.social/small_customizations.html#content).
For example: A custom thumbnail now goes into `custom.d/` + `priv/static/instance/thumbnail.jpeg`.
@ -86,120 +101,53 @@ For example: A custom thumbnail now goes into `custom.d/` + `priv/static/instanc
Works exactly like customization, but we have a neat little helper here.
Use `./pleroma mod [regex]` to mod any file that ships with pleroma, without having to type the complete path.
Use `./pleroma.sh mod [regex]` to mod any file that ships with pleroma, without having to type the complete path.
### Configuration
### My instance is up, how do I reach it?
All the pleroma options that you usually put into your `*.secret.exs` now go into `config.exs`.
To reach Gopher or SSH, just uncomment the port-forward in your `docker-compose.yml`.
`.env` stores config values that need to be known at orchestration time.<br>
They should be self-explaining but here's some bonus info on important ones:
To reach HTTP you will have to configure a "reverse-proxy".
Older versions of this project contained a huge amount of scripting to support all kinds of reverse-proxy setups.
This newer version tries to focus only on providing good pleroma tooling.
That makes the whole process a bit more manual, but also more flexible.
#### Data Storage (`DOCKER_DATADIR`)
You can use Caddy, Traefik, Apache, nginx, or whatever else you come up with.<br>
Just modify your `docker-compose.yml` accordingly.
A folder that will be bind-mounted into the container.<br>
This is where pleroma and postgres will store their data.
One example would be to add an [nginx server](https://hub.docker.com/_/nginx) to your `docker-compose.yml`:
```yml
# ...
#### Database (`SCRIPT_DEPLOY_POSTGRES`)
Values: `true` / `false`
By default pleroma-docker deploys a postgresql container and links it to pleromas container as a zero-config data store.
If you already have a postgres database or want to host it on a physically different machine, set this value to `false`.
Make sure to edit the `config :pleroma, Pleroma.Repo` variables in `config.exs` when doing that.
#### Reverse Proxy (`SCRIPT_USE_PROXY`)
Values: `traefik` / `nginx` / `apache` / `manual`
Pleroma is usually run behind a reverse-proxy.<br>
Pleroma-docker gives you multiple options here.
##### Manual
In manual mode we do not create any reverse proxy for you.<br>
You'll have to figure something out on your own.
If `SCRIPT_BIND_IN_MANUAL` is `true` we will forward `pleroma:4000` to `${SCRIPT_BIND_IP}:${SCRIPT_PORT_HTTP}`.
##### Traefik
In traefik-mode we will generate a pleroma container with traefik-compatible labels.
These will be picked up at runtime to dynamically create a reverse-proxy configuration.
This should 'just work' if `watch=true` and `exposedByDefault=false` are set in the `[docker]` section of your `traefik.conf`.
SSL will also 'just work' once you add a matching `[[acme.domains]]` entry in there.
##### NGINX
In nginx-mode we will generate a bare nginx container that is linked to pleroma.
The nginx container is absolutely unmodified and expects to be configured by you.
The nginx file in [Pleroma's Repository](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma.nginx) is a good starting point.
We will mount your configs like this:
```txt
custom.d/server.nginx -> /etc/nginx/nginx.conf
custom.d/vhost.nginx -> /etc/nginx/conf.d/pleroma.conf
proxy:
image: nginx
init: true
restart: unless-stopped
links:
- server
volumes:
- ./my-nginx-config.conf:/etc/nginx/nginx.conf:ro
ports:
- "80:80"
- "443:443"
```
To reach your pleroma container from inside nginx use `proxy_pass http://pleroma:4000;`.
Then take a look at [the pleroma nginx example](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma.nginx) for hints about what to put into `my-nginx-config.conf`.
Set `SCRIPT_PORT_HTTP` and `SCRIPT_PORT_HTTPS` to the ports you want to listen on.<br>
Specify the ip to bind to in `SCRIPT_BIND_IP`. These values are required.
Using apache would work in a very similar way (see [Apache Docker Docs](https://hub.docker.com/_/httpd) and [the pleroma apache example](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma-apache.conf)).
The container only listens on `SCRIPT_PORT_HTTPS` if `SCRIPT_ENABLE_SSL` is `true`.
The target that you proxy to is called `http://server:4000/`.<br>
This will work automagically when the proxy also lives inside of docker.
##### Apache / httpd
If you need help with this, or if you think that this needs more documentation, please let me know.
Just like nginx-mode this starts an unmodified apache server that expects to be configured by you.<br>
Again [Pleroma's Config](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma-apache.conf) is a good starting point.
Something that cofe.rocks uses is simple port-forwarding of the `server` container to the host's `127.0.0.1`.
From there on, the natively installed nginx server acts as a proxy to the open internet.
You can take a look at [this file](https://glitch.sh/hosted/pleroma/src/commit/4e88d93276f0bb2ef62d7f18477b156318924325/docker-compose.m4#L93) and [cofe's proxy config](https://glitch.sh/hosted/pleroma/src/commit/4e88d93276f0bb2ef62d7f18477b156318924325/proxy.xconf) if that setup sounds interesting.
We will mount your configs like this:
```
custom.d/server.httpd -> /usr/local/apache2/conf/httpd.conf
custom.d/vhost.httpd -> /usr/local/apache2/conf/extra/httpd-vhosts.conf
```
To reach your pleroma container from inside apache use `ProxyPass [loc] http://pleroma:4000/`.
Again setting `SCRIPT_PORT_HTTP`, `SCRIPT_PORT_HTTPS` and `SCRIPT_BIND_IP` is required.
The container only listens on `SCRIPT_PORT_HTTPS` if `SCRIPT_ENABLE_SSL` is `true`.
#### SSL (`SCRIPT_ENABLE_SSL`)
Values: `true` / `false`
If you want to use SSL with your Apache or NGINX containers you'll need a
certificate. Certificates need to be placed into `custom.d` and will be
bind-mounted into the server's container at runtime.
We will mount your certs like this:
```
custom.d/ssl.crt -> /ssl/ssl.crt
custom.d/ssl.key -> /ssl/ssl.key
```
You can reference them in Apache like this:
```apache
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile "/ssl/ssl.crt"
SSLCertificateKeyFile "/ssl/ssl.key"
</VirtualHost>
```
And in NGINX like this:
```nginx
listen 443 ssl;
ssl_certificate /ssl/ssl.crt;
ssl_certificate_key /ssl/ssl.key;
```
In traefik-mode and manual-mode these files and the `SCRIPT_ENABLE_SSL` value are ignored.
## Attribution
### Attribution
Thanks to [Angristan](https://github.com/Angristan/dockerfiles/tree/master/pleroma) and [RX14](https://github.com/RX14/kurisu.rx14.co.uk/blob/master/services/iscute.moe/pleroma/Dockerfile) for their dockerfiles, which served as an inspiration for the early versions of this script.
The current version is based on the [official wiki guides](https://git.pleroma.social/pleroma/pleroma/tree/develop/docs/installation).<br>
The current version is based on the [offical install instructions](https://docs.pleroma.social/alpine_linux_en.html).<br>
Thanks to all people who contributed to those.

View File

@ -1,33 +1,63 @@
use Mix.Config
# pleroma/pleroma/pleroma are the default credentials for the
# managed database container. "db" is the default interlinked hostname.
# You shouldn't need to change this unless you modifed .env
# You should not change the following three ip/port mappings.
# Listening to 0.0.0.0 is required in a container since the IP is not known in advance.
# Instead, change the mapping to your host ports in "docker-compose.yml".
config :pleroma, Pleroma.Web.Endpoint,
http: [
ip: {0, 0, 0, 0},
port: 4000
]
config :pleroma, :gopher,
ip: {0, 0, 0, 0},
port: 9999
config :esshd,
port: 2222
# You shouldn't need to change this.
# pleroma/pleroma/pleroma are the default credentials.
# "db" is the default interlinked hostname.
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
username: "pleroma",
password: "pleroma",
database: "pleroma",
hostname: "db",
pool_size: 10
hostname: "db"
# You should not change this.
config :pleroma, Pleroma.Uploaders.Local, uploads: "/uploads"
#
# vvv Your awesome config options go here vvv
#
config :pleroma, Pleroma.Upload,
filters: [Pleroma.Upload.Filter.Dedupe, Pleroma.Upload.Filter.Mogrify]
config :pleroma, Pleroma.Upload.Filter.Mogrify,
args: ["strip"]
# Set your URL and key-base here
# On Linux, you can use the following command to get a random key base:
# dd if=/dev/urandom bs=1 count=128 2>/dev/null | base64 -w 0 | rev | cut -b 2- | rev
config :pleroma, Pleroma.Web.Endpoint,
url: [host: "example.com", scheme: "https", port: 443],
secret_key_base: "<key>"
###
# Here are some example values.
# Uncomment what you need or delete it all.
# Now follow some example config values.
# Uncomment/Change what you need, or delete it all.
#
# Want to use the config generator instead?
# Try `./pleroma mix pleroma.instance gen` and then `./pleroma cp /home/pleroma/pleroma/config/generated_config.exs config.exs`.
# Want to use pleroma's config generator instead?
# Try `./pleroma.sh mix pleroma.instance gen` and then `./pleroma.sh cp /home/pleroma/pleroma/config/generated_config.exs config.exs`.
#
# Need some inspiration?
# Take a look at https://git.pleroma.social/pleroma/pleroma/tree/develop/config
###
# config :pleroma, Pleroma.Web.Endpoint,
# url: [host: "example.com", scheme: "https", port: 443],
# secret_key_base: "<key>"
# config :pleroma, :instance,
# name: "example instance",
# email: "example@example.com",

View File

@ -1,122 +0,0 @@
changequote(`<', `>')
define(<upcase>, <translit($1, <a-z>, <A-Z>)>)
define(<env>, <upcase($1)=${upcase($1):?upcase($1)}>)
define(<env_fb>, <upcase($1)=${upcase($1):-$2}>)
define(<env_inline>, <${upcase($1):?upcase($1)}>)
define(<env_inline_fb>, <${upcase($1):-$2}>)
{
"version": "3.7",
ifdef(<__DOCKER_NETWORK>, <
"networks": {
"default": {
"external": {
"name": "__DOCKER_NETWORK"
}
}
},
>)
"services": {
ifelse(__SCRIPT_DEPLOY_POSTGRES, true, <
"db": {
"image": "postgres:10.3-alpine",
"restart": "unless-stopped",
"environment": [
"env(<postgres_db>)",
"env(<postgres_user>)",
"env(<postgres_password>)"
],
"volumes": [
"env_inline(<docker_datadir>)/db:/var/lib/postgresql/data",
"./initdb.sql:/docker-entrypoint-initdb.d/pleroma.sql"
]
},
>)
ifdef(<__SCRIPT_USE_PROXY>, <
ifelse(
__SCRIPT_USE_PROXY, traefik, <>,
__SCRIPT_USE_PROXY, manual, <>,
__SCRIPT_USE_PROXY, nginx, <
"proxy": {
"image": "nginx:alpine",
"ports": [
"__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTP:__SCRIPT_PORT_HTTP"ifdef(__SCRIPT_ENABLE_SSL, <,>)
ifdef(__SCRIPT_ENABLE_SSL, <"__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTPS:__SCRIPT_PORT_HTTPS">)
],
"links": [
"server:pleroma"
],
"volumes": [
"./custom.d/server.nginx:/etc/nginx/nginx.conf:ro",
"./custom.d/vhost.nginx:/etc/nginx/conf.d/pleroma.conf:ro"ifdef(__SCRIPT_ENABLE_SSL, <,>)
ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.crt:/ssl/ssl.crt:ro",>)
ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.key:/ssl/ssl.key:ro">)
]
},
>, __SCRIPT_USE_PROXY, apache, <
"proxy": {
"image": "amd64/apache:alpine",
"ports": [
"__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTP:__SCRIPT_PORT_HTTP"ifdef(__SCRIPT_ENABLE_SSL, <,>)
ifdef(__SCRIPT_ENABLE_SSL, <"__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTPS:__SCRIPT_PORT_HTTPS">)
],
"links": [
"server:pleroma"
],
"volumes": [
"./custom.d/server.httpd:/usr/local/apache2/conf/httpd.conf:ro",
"./custom.d/vhost.httpd:/usr/local/apache2/conf/extra/httpd-vhosts.conf:ro"ifdef(__SCRIPT_ENABLE_SSL, <,>)
ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.crt:/ssl/ssl.crt:ro",>)
ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.key:/ssl/ssl.key:ro">)
]
},
>, <
errprint(Invalid option __SCRIPT_USE_PROXY for <SCRIPT_USE_PROXY>)
m4exit(<1>)
>
)
>)
"server": {
"build": {
"context": ".",
"args": [
"env(<pleroma_version>)",
"env(<docker_uid>)",
"env(<docker_gid>)",
"env_fb(<pleroma_uploads_path>, </uploads>)"
]
},
"init": true,
"restart": "unless-stopped",
"links": [
ifelse(__SCRIPT_DEPLOY_POSTGRES, true, <"db">)
],
"environment": [
"env_fb(<mix_env>, <prod>)"
],
"volumes": [
"./custom.d:/custom.d:ro",
"./config.exs:/home/pleroma/pleroma/config/prod.secret.exs:ro",
"env_inline(<docker_datadir>)/uploads:env_inline_fb(<pleroma_uploads_path>, </uploads>)"
],
"labels": [
ifelse(__SCRIPT_USE_PROXY, traefik, <
"traefik.enable=true",
"traefik.fe.port=4000",
"traefik.fe.protocol=http",
"traefik.fe.entryPoints=http,https",
"traefik.fe.frontend.rule=Host:patsubst(__PLEROMA_URL, <string:>, <>)",
"traefik.cache.port=4000",
"traefik.cache.protocol=http",
"traefik.cache.entryPoints=http,https",
"traefik.cache.frontend.rule=Host:patsubst(patsubst(__PLEROMA_MEDIA_PROXY_URL, <http.*?//>, <>), <string:>, <>)"
>)
]
}
}
}

49
docker-compose.yml Normal file
View File

@ -0,0 +1,49 @@
version: "3.7"
services:
db:
image: postgres:10-alpine
init: true
restart: unless-stopped
environment: {
# This might seem insecure but is usually not a problem.
# You should leave this at the "pleroma" default.
# The DB is only reachable by containers in the same docker network,
# and is not exposed to the open internet.
#
# If you do change this, remember to update "config.exs".
POSTGRES_DB: pleroma,
POSTGRES_USER: pleroma,
POSTGRES_PASSWORD: pleroma,
}
volumes:
- $DOCKER_DATADIR/db:/var/lib/postgresql/data
- ./initdb.sql:/docker-entrypoint-initdb.d/pleroma.sql
server:
build: .
init: true
restart: unless-stopped
links:
- db
ports: [
# Uncomment/Change port mappings below as needed.
# The left side is your host machine, the right one is the pleroma container.
# You can prefix the left side with an ip.
# Webserver (for reverse-proxies outside of docker)
# If you use a dockerized proxy (see README), you can leave this commented
# and use a container link instead.
# "127.0.0.1:4000:4000",
# SSH support
# "2222:2222",
# Gopher support
# "9999:9999",
]
volumes:
- ./custom.d:/custom.d:ro
- ./config.exs:/home/pleroma/pleroma/config/prod.secret.exs:ro
- ./config.exs:/home/pleroma/pleroma/config/dev.secret.exs:ro
- $DOCKER_DATADIR/uploads:/uploads

View File

@ -3,31 +3,49 @@
set -e
if [ -n "$BUILDTIME" ]; then
echo "#> Preparing compilation..."
log() {
echo -e "\n#> $@\n" 1>&2
}
if [ -n "$BUILDTIME" ]; then
log "Getting rebar..."
mix local.rebar --force
log "Getting hex..."
mix local.hex --force
echo "#> Compiling..."
log "Getting dependencies..."
mix deps.get
log "Precompiling..."
mix compile
exit 0
fi
echo "#> Applying customizations and patches.."
log "Syncing changes and patches..."
rsync -av /custom.d/ /home/pleroma/pleroma/
echo "#> Recompiling..."
log "Recompiling..."
mix compile
echo "#> Waiting until database is ready..."
log "Waiting for postgres..."
while ! pg_isready -U pleroma -d postgres://db:5432/pleroma -t 1; do
sleep 1s
done
echo "#> Upgrading database..."
log "Performing sanity checks..."
if ! touch /uploads/.sanity-check; then
log "\
The uploads datadir is NOT writable by `id -u`:`id -g`!\n\
This will break all upload functionality.\n\
Please fix the permissions and try again.\
"
exit 1
fi
rm /uploads/.sanity-check
log "Migrating database..."
mix ecto.migrate
echo "#> Liftoff!"
log "Liftoff o/"
exec mix phx.server

View File

@ -1,11 +1,6 @@
#!/bin/bash
#########################################################
# Options #
#########################################################
set -e
set -o pipefail
set -Eeo pipefail
#########################################################
# Globals #
@ -20,8 +15,6 @@ readonly ENDPOINT_TAG="$PREFIX_API/tags"
readonly ENDPOINT_BLOB="$PREFIX_API/blobs"
readonly ENDPOINT_BRANCH="$PREFIX_API/branches"
flags=""
#########################################################
# Helpers #
#########################################################
@ -57,31 +50,9 @@ throw_file_errors() {
fi
}
render_template() {
require_command m4
require_command awk
m4 $flags docker-compose.m4 | awk 'NF'
}
docker_compose() {
require_command docker-compose
docker-compose \
-f <(render_template) \
--project-directory . \
"$@"
}
load_env() {
while read -r line; do
if [[ "$line" == \#* ]] || [[ -z "$line" ]]; then
continue;
fi
export "${line?}"
flags="-D__${line?} $flags"
done < .env
docker-compose "$@"
}
download_file() { # $1: source, $2: target
@ -106,6 +77,18 @@ request_file_content() { # $1: source
fi
}
builds_args=""
load_env() {
while read -r line; do
if [[ "$line" == \#* ]] || [[ -z "$line" ]]; then
continue;
fi
builds_args="${builds_args} --build-arg ${line?}"
export "${line?}"
done < .env
}
#########################################################
# Subcommands #
#########################################################
@ -117,7 +100,7 @@ action__build() {
if [[ -z "$cacheTag" ]] && has_command git && has_command grep && has_command awk; then
set +o pipefail
local resolvedHash
resolvedHash="$(git ls-remote $GITLAB_URI/$ENDPOINT_REPO | grep "/$PLEROMA_VERSION" | awk '{ print $1 }')"
resolvedHash="$(git ls-remote $PLEROMA_GIT_REPO | grep "/$PLEROMA_VERSION" | awk '{ print $1 }')"
set -o pipefail
if [[ -n "$resolvedHash" ]]; then
@ -142,7 +125,7 @@ action__build() {
cacheTag="$(date '+%s')"
fi
# Alternative 3: Random number with awk
# Alternative 3: Random number with shell
if [[ -z "$cacheTag" ]] && [[ -n "$RANDOM" ]]; then
echo ""
echo "WARNING WARNING WARNING"
@ -185,17 +168,18 @@ action__build() {
cacheTag="broken-host-env"
fi
echo -e "#> (Re-)Building with cache tag \`${cacheTag}\`...\n"
echo -e "#> (Re-)Building pleroma @$PLEROMA_VERSION with cache tag \`${cacheTag}\`...\n"
sleep 1
docker_compose build --build-arg __CACHE_TAG="$cacheTag" server
}
action__dump() {
cat <(render_template)
docker_compose build \
$builds_args \
--build-arg __VIA_SCRIPT=1 \
--build-arg __CACHE_TAG="$cacheTag" \
server
}
action__enter() {
docker_compose exec server sh -c 'cd ~/pleroma && bash'
docker_compose exec server sh -c 'cd ~/pleroma && ash'
}
action__logs() {
@ -206,14 +190,6 @@ action__mix() {
docker_compose exec server sh -c "cd ~/pleroma && mix $*"
}
action__passthrough() {
docker_compose "$@"
}
action__p() {
action__passthrough "$@"
}
action__restart() {
action__stop
action__start
@ -243,38 +219,6 @@ action__ps() {
action__status
}
action__debug() {
require_command xhost
local debug_mounts
debug_mounts="
-v $(pwd)/custom.d:/custom.d \
-v $(pwd)/debug.d/build:/home/pleroma/pleroma/_build \
-v $(pwd)/debug.d/deps:/home/pleroma/pleroma/deps \
"
if [[ ! -d ./debug.d ]]; then
mkdir -p ./debug.d/{build,deps}
fi
if [[ ! -d ./custom.d/lib ]]; then
mkdir -p ./custom.d/lib
fi
action__stop
docker_compose run --rm -u pleroma -w /home/pleroma/pleroma "$debug_mounts" server bash -c 'cp -rvf /custom.d/* /home/pleroma/pleroma && mix deps.get'
local x_flags=""
if [[ $NO_X_FORWARDING != 1 ]]; then
x_flags="-e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix"
fi
[[ $NO_X_FORWARDING == 1 ]] || xhost +local:root
docker_compose run --rm -u pleroma -w /home/pleroma/pleroma "$debug_mounts" "$x_flags" server bash -c "cp -rvf /custom.d/* /home/pleroma/pleroma && $*"
[[ $NO_X_FORWARDING == 1 ]] || xhost -local:root
}
action__mod() {
require_command dialog
require_command jq
@ -334,17 +278,7 @@ Usage:
Actions:
build (Re)build the pleroma container.
dump Dump the generated docker-compose.yml to stdout.
debug [bin] [args...] Launches a new pleroma container but uses \$bin instead of phx.server as entrypoint.
**Warning**: This is intended for debugging pleroma with tools like :debugger and :observer.
It thus forwards your X-Server into docker and temporarily fiddles with your xhost
access controls. If this is a security concern for you, please export NO_X_FORWARDING=1
before launching a debugger session.
enter Spawn a shell inside the container for debugging/maintenance.
This command does not link to the postgres container.
If you need that use #debug instead.
logs Show the current container logs.
@ -353,8 +287,6 @@ Actions:
mod [file] Creates the file in custom.d and downloads the content from pleroma.social.
The download respects your \$PLEROMA_VERSION from .env.
passthrough / p [...] Pass any custom command to docker-compose.
restart Executes #stop and #start respectively.
start / up Start pleroma and sibling services.
@ -367,17 +299,8 @@ Actions:
This operation only works in one direction.
For making permanent changes to the container use custom.d.
Environment:
DEBUG can be used to modify the loglevel.
DEBUG=1 prints all commands before they are executed.
DEBUG=2 prints all bash statements before they are executed (a lot).
----------------------------
SHOPT can be used to modify shell options.
Pass a list of options to this variable like SHOPT='-x -e'.
For setting long options with -o use a colon (:) instead of a space
to seperate the option from -o. For example: SHOPT='-x -e -o:pipefail'.
Contributing:
You can report bugs or contribute to this project at:
https://glitch.sh/sn0w/pleroma-docker
"