mirror
/
pleroma-docker
mirror of https://memleak.eu/sn0w/pleroma-docker.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Simplify ALL THE THINGS

This commit is contained in:
sn0w 2019-08-25 18:44:49 +02:00
parent 544321510b
commit e7bfeecc2d
7 changed files with 103 additions and 406 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.dockerignore
View File

@ -1 +1,2 @@
data/
cache/

71
.env.dist
View File

@ -1,69 +1,10 @@
#########################
# Script settings #
#########################
# Pleroma tag, commit, or branch to build
PLEROMA_VERSION=master
# Create a postgresql container?
SCRIPT_DEPLOY_POSTGRES=true
# Specify the server that is used as a reverse-proxy
SCRIPT_USE_PROXY=traefik
# Enable internal SSL support?
SCRIPT_ENABLE_SSL=false
# The port to serve HTTP on when running in nginx/apache-mode
SCRIPT_PORT_HTTP=80
# The port to serve HTTPs on when running in nginx/apache-mode
SCRIPT_PORT_HTTPS=443
# The ip to bind to in nginx/apache-mode
SCRIPT_BIND_IP=0.0.0.0
#########################
# Docker settings #
#########################
# The docker network to bind to.
# In traefik-mode this should be the same network that your
# traefik-container is connected to or a network that is interconnected
# with traefik's network. In manual, apache or nginx mode this value may be empty or set to any other alphanumeric value.
# (Defaults to something like "pleroma_docker_1" if empty)
DOCKER_NETWORK=prod
# The directory where all containers store their data.
# Can be a relative path, "~/...", or absolute.
# Named docker volumes are currently not supported.
# The directory where the containers store their stuff
# Can be an absolute or relative path
DOCKER_DATADIR=./data
# The uid/gid used by pleroma.
# You should probably set this to the same
# uid/guid that cloned the pleroma-docker repo.
# This way modding pleroma becomes a lot easier.
DOCKER_UID=1000
DOCKER_GID=1000
###########################
# Database settings #
###########################
# When you use the managed postgres container
# those will be the credentials the container is generated with.
POSTGRES_DB=pleroma
POSTGRES_USER=pleroma
POSTGRES_PASSWORD=pleroma
##########################
# Pleroma Settings #
##########################
# The environment to use (dev/prod/test)
# Pleroma's mix environment.
# You should leave this at prod unless you know what you're doing.
MIX_ENV=prod
# The git tag, revision, or branch to check out on build
PLEROMA_VERSION=develop
# Domain to run at (only relevant for traefik mode)
PLEROMA_URL=coolsite.moe
PLEROMA_MEDIA_PROXY_URL=cdn.coolsite.moe

11
Dockerfile
View File

@ -1,4 +1,11 @@
FROM alpine:3.9
FROM alpine:3.10
ARG __VIA_SCRIPT
RUN \
if [ -z "$__VIA_SCRIPT" ]; then \
echo -e "\n\nERROR\nYou must build pleroma via build.sh\n\n"; \
exit 1; \
fi
# Set up environment
ENV LC_ALL=C.UTF-8
@ -47,7 +54,7 @@ WORKDIR /home/pleroma/pleroma
# Bust the build cache (if needed)
# This works by setting an environment variable with the last
# used version/branch/tag/commitish/... which originates in the script.
# used version/branch/tag/commit/... which originates in the script.
# If the host doesn't have the required tool for "smart version detection"
# we'll just use the current timestamp here which forces a rebuild every time.
ARG __CACHE_TAG

173
README.md
View File

@ -17,8 +17,6 @@ This repository dockerizes it for easier deployment.
* Please do some research if you have any concerns about included
* features or the software used by this script ***before*** using it.
*
* You are choosing to use this setup, and if you point the finger at me for
* messing up your instance, I will laugh at you.
*/
```
@ -40,35 +38,80 @@ of the pleroma installation process and common docker commands.
If you have questions about Pleroma head over to https://docs-develop.pleroma.social/.<br>
For help with docker check out https://docs.docker.com/.
For other problems related to this script, contact me or open an issue :)
### Prerequisites
- ~500mb of free HDD space
- `m4` and `awk` in remotely recent versions
- `git` if you want smart build caches
- `curl`, `jq`, and `dialog` if you want to use `./pleroma mod`
- Bash 4.0+ (fancy scripting stuff)
- `curl`, `jq`, and `dialog` if you want to use `./pleroma.sh mod`
- Bash 4+
- Docker 18.06+ and docker-compose 1.22+
### Installation
- Clone this repository
- Create a `config.exs` and `.env` file
- Run `./pleroma build` and `./pleroma up`
- Run `./pleroma.sh build` and `./pleroma.sh up`
- Configure a reverse-proxy
- Profit!
Hint:<br>
You can also use normal `docker-compose` commands to maintain your setup.<br>
The only command that you cannot use is `docker-compose build` due to build caching.
### Updates
Run `./pleroma build` again and start the updated image with `./pleroma up`.
Run `./pleroma.sh build` again and start the updated image with `./pleroma.sh up`.
You don't need to stop your pleroma server for either of those commands.
### Maintenance
Pleroma maintenance is usually done with mix tasks.
You can run these tasks in your running pleroma server using `./pleroma mix [task] [arguments...]`.
If you need to fix some bigger issues you can also spawn a shell with `./pleroma enter`.
You can run these tasks in your running pleroma server using `./pleroma.sh mix [task] [arguments...]`.
If you need to fix some bigger issues you can also spawn a shell with `./pleroma.sh enter`.
For example: `/pleroma mix pleroma.user new sn0w ...`
For example: `/pleroma.sh mix pleroma.user new sn0w ...`
### My instance is up, how do I reach it?
Older versions of this script contained a huge amount of scripting to support all kinds of reverse-proxy setups.<br>
This newer version tries to focus only on providing good setup tooling.
You will have to configure your own reverse-proxy.<br>
You can use Caddy, Traefik, Apache, nginx, or whatever else you could come up with.<br>
Just modify your `docker-compose.yml` accordingly.
One example would be to add an [nginx server](https://hub.docker.com/_/nginx) to your `docker-compose.yml`:
```yml
# ...
proxy:
image: nginx
init: true
restart: unless-stopped
links:
- server
volumes:
- ./my-nginx-config.conf:/etc/nginx/nginx.conf:ro
ports:
- "80:80"
- "443:443"
```
Then take a look at [the pleroma nginx example](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma.nginx) for hints about what to put into `my-nginx-config.conf`.
Using apache would work in a very similar way (see [Apache Docker Docs](https://hub.docker.com/_/httpd) and [the pleroma apache example](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma-apache.conf)).
The target that you proxy to is called `http://server:4000/`.<br>
This will work automagically when the proxy also lives inside of docker.
Something that cofe.rocks uses is simple port-forwarding of the `server` container to the host's `127.0.0.1`.
From there on, the natively installed nginx server acts as a proxy to the open internet.
You can take a look at [this file](https://glitch.sh/hosted/pleroma/src/commit/4e88d93276f0bb2ef62d7f18477b156318924325/docker-compose.m4#L93) if that setup sounds interesting.
If you need help with this, or if you think that this needs more documentation, please let me know.
### Customization
@ -86,118 +129,16 @@ For example: A custom thumbnail now goes into `custom.d/` + `priv/static/instanc
Works exactly like customization, but we have a neat little helper here.
Use `./pleroma mod [regex]` to mod any file that ships with pleroma, without having to type the complete path.
Use `./pleroma.sh mod [regex]` to mod any file that ships with pleroma, without having to type the complete path.
### Configuration
All the pleroma options that you usually put into your `*.secret.exs` now go into `config.exs`.
`.env` stores config values that need to be known at orchestration time.<br>
They should be self-explaining but here's some bonus info on important ones:
`.env` stores config values that need to be known at orchestration/build time.<br>
Documentation for the possible values is inside of that file.
#### Data Storage (`DOCKER_DATADIR`)
A folder that will be bind-mounted into the container.<br>
This is where pleroma and postgres will store their data.
#### Database (`SCRIPT_DEPLOY_POSTGRES`)
Values: `true` / `false`
By default pleroma-docker deploys a postgresql container and links it to pleromas container as a zero-config data store.
If you already have a postgres database or want to host it on a physically different machine, set this value to `false`.
Make sure to edit the `config :pleroma, Pleroma.Repo` variables in `config.exs` when doing that.
#### Reverse Proxy (`SCRIPT_USE_PROXY`)
Values: `traefik` / `nginx` / `apache` / `manual`
Pleroma is usually run behind a reverse-proxy.<br>
Pleroma-docker gives you multiple options here.
##### Manual
In manual mode we do not create any reverse proxy for you.<br>
You'll have to figure something out on your own.
If `SCRIPT_BIND_IN_MANUAL` is `true` we will forward `pleroma:4000` to `${SCRIPT_BIND_IP}:${SCRIPT_PORT_HTTP}`.
##### Traefik
In traefik-mode we will generate a pleroma container with traefik-compatible labels.
These will be picked up at runtime to dynamically create a reverse-proxy configuration.
This should 'just work' if `watch=true` and `exposedByDefault=false` are set in the `[docker]` section of your `traefik.conf`.
SSL will also 'just work' once you add a matching `[[acme.domains]]` entry in there.
##### NGINX
In nginx-mode we will generate a bare nginx container that is linked to pleroma.
The nginx container is absolutely unmodified and expects to be configured by you.
The nginx file in [Pleroma's Repository](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma.nginx) is a good starting point.
We will mount your configs like this:
```txt
custom.d/server.nginx -> /etc/nginx/nginx.conf
custom.d/vhost.nginx -> /etc/nginx/conf.d/pleroma.conf
```
To reach your pleroma container from inside nginx use `proxy_pass http://pleroma:4000;`.
Set `SCRIPT_PORT_HTTP` and `SCRIPT_PORT_HTTPS` to the ports you want to listen on.<br>
Specify the ip to bind to in `SCRIPT_BIND_IP`. These values are required.
The container only listens on `SCRIPT_PORT_HTTPS` if `SCRIPT_ENABLE_SSL` is `true`.
##### Apache / httpd
Just like nginx-mode this starts an unmodified apache server that expects to be configured by you.<br>
Again [Pleroma's Config](https://git.pleroma.social/pleroma/pleroma/blob/develop/installation/pleroma-apache.conf) is a good starting point.
We will mount your configs like this:
```
custom.d/server.httpd -> /usr/local/apache2/conf/httpd.conf
custom.d/vhost.httpd -> /usr/local/apache2/conf/extra/httpd-vhosts.conf
```
To reach your pleroma container from inside apache use `ProxyPass [loc] http://pleroma:4000/`.
Again setting `SCRIPT_PORT_HTTP`, `SCRIPT_PORT_HTTPS` and `SCRIPT_BIND_IP` is required.
The container only listens on `SCRIPT_PORT_HTTPS` if `SCRIPT_ENABLE_SSL` is `true`.
#### SSL (`SCRIPT_ENABLE_SSL`)
Values: `true` / `false`
If you want to use SSL with your Apache or NGINX containers you'll need a
certificate. Certificates need to be placed into `custom.d` and will be
bind-mounted into the server's container at runtime.
We will mount your certs like this:
```
custom.d/ssl.crt -> /ssl/ssl.crt
custom.d/ssl.key -> /ssl/ssl.key
```
You can reference them in Apache like this:
```apache
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile "/ssl/ssl.crt"
SSLCertificateKeyFile "/ssl/ssl.key"
</VirtualHost>
```
And in NGINX like this:
```nginx
listen 443 ssl;
ssl_certificate /ssl/ssl.crt;
ssl_certificate_key /ssl/ssl.key;
```
In traefik-mode and manual-mode these files and the `SCRIPT_ENABLE_SSL` value are ignored.
## Attribution
### Attribution
Thanks to [Angristan](https://github.com/Angristan/dockerfiles/tree/master/pleroma) and [RX14](https://github.com/RX14/kurisu.rx14.co.uk/blob/master/services/iscute.moe/pleroma/Dockerfile) for their dockerfiles, which served as an inspiration for the early versions of this script.

14
config.dist.exs
View File

@ -11,13 +11,25 @@ config :pleroma, Pleroma.Repo,
hostname: "db",
pool_size: 10
# Listening to 0.0.0.0 is required in a container
# Do not change this
config :pleroma, Pleroma.Web.Endpoint,
http: [
ip: {0, 0, 0, 0},
port: 4000
]
config :pleroma, :gopher,
ip: {0, 0, 0, 0},
port: 9999
# vvv Your awesome config options go here vvv
###
# Here are some example values.
# Uncomment what you need or delete it all.
#
# Want to use the config generator instead?
# Want to use pleroma's config generator instead?
# Try `./pleroma mix pleroma.instance gen` and then `./pleroma cp /home/pleroma/pleroma/config/generated_config.exs config.exs`.
#
# Need some inspiration?

122
docker-compose.m4
View File

@ -1,122 +0,0 @@
changequote(`<', `>')
define(<upcase>, <translit($1, <a-z>, <A-Z>)>)
define(<env>, <upcase($1)=${upcase($1):?upcase($1)}>)
define(<env_fb>, <upcase($1)=${upcase($1):-$2}>)
define(<env_inline>, <${upcase($1):?upcase($1)}>)
define(<env_inline_fb>, <${upcase($1):-$2}>)
{
"version": "3.7",
ifdef(<__DOCKER_NETWORK>, <
"networks": {
"default": {
"external": {
"name": "__DOCKER_NETWORK"
}
}
},
>)
"services": {
ifelse(__SCRIPT_DEPLOY_POSTGRES, true, <
"db": {
"image": "postgres:10.3-alpine",
"restart": "unless-stopped",
"environment": [
"env(<postgres_db>)",
"env(<postgres_user>)",
"env(<postgres_password>)"
],
"volumes": [
"env_inline(<docker_datadir>)/db:/var/lib/postgresql/data",
"./initdb.sql:/docker-entrypoint-initdb.d/pleroma.sql"
]
},
>)
ifdef(<__SCRIPT_USE_PROXY>, <
ifelse(
__SCRIPT_USE_PROXY, traefik, <>,
__SCRIPT_USE_PROXY, manual, <>,
__SCRIPT_USE_PROXY, nginx, <
"proxy": {
"image": "nginx:alpine",
"ports": [
"__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTP:__SCRIPT_PORT_HTTP"ifdef(__SCRIPT_ENABLE_SSL, <,>)
ifdef(__SCRIPT_ENABLE_SSL, <"__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTPS:__SCRIPT_PORT_HTTPS">)
],
"links": [
"server:pleroma"
],
"volumes": [
"./custom.d/server.nginx:/etc/nginx/nginx.conf:ro",
"./custom.d/vhost.nginx:/etc/nginx/conf.d/pleroma.conf:ro"ifdef(__SCRIPT_ENABLE_SSL, <,>)
ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.crt:/ssl/ssl.crt:ro",>)
ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.key:/ssl/ssl.key:ro">)
]
},
>, __SCRIPT_USE_PROXY, apache, <
"proxy": {
"image": "amd64/apache:alpine",
"ports": [
"__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTP:__SCRIPT_PORT_HTTP"ifdef(__SCRIPT_ENABLE_SSL, <,>)
ifdef(__SCRIPT_ENABLE_SSL, <"__SCRIPT_BIND_IP:__SCRIPT_PORT_HTTPS:__SCRIPT_PORT_HTTPS">)
],
"links": [
"server:pleroma"
],
"volumes": [
"./custom.d/server.httpd:/usr/local/apache2/conf/httpd.conf:ro",
"./custom.d/vhost.httpd:/usr/local/apache2/conf/extra/httpd-vhosts.conf:ro"ifdef(__SCRIPT_ENABLE_SSL, <,>)
ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.crt:/ssl/ssl.crt:ro",>)
ifdef(__SCRIPT_ENABLE_SSL, <"./custom.d/ssl.key:/ssl/ssl.key:ro">)
]
},
>, <
errprint(Invalid option __SCRIPT_USE_PROXY for <SCRIPT_USE_PROXY>)
m4exit(<1>)
>
)
>)
"server": {
"build": {
"context": ".",
"args": [
"env(<pleroma_version>)",
"env(<docker_uid>)",
"env(<docker_gid>)",
"env_fb(<pleroma_uploads_path>, </uploads>)"
]
},
"init": true,
"restart": "unless-stopped",
"links": [
ifelse(__SCRIPT_DEPLOY_POSTGRES, true, <"db">)
],
"environment": [
"env_fb(<mix_env>, <prod>)"
],
"volumes": [
"./custom.d:/custom.d:ro",
"./config.exs:/home/pleroma/pleroma/config/prod.secret.exs:ro",
"env_inline(<docker_datadir>)/uploads:env_inline_fb(<pleroma_uploads_path>, </uploads>)"
],
"labels": [
ifelse(__SCRIPT_USE_PROXY, traefik, <
"traefik.enable=true",
"traefik.fe.port=4000",
"traefik.fe.protocol=http",
"traefik.fe.entryPoints=http,https",
"traefik.fe.frontend.rule=Host:patsubst(__PLEROMA_URL, <string:>, <>)",
"traefik.cache.port=4000",
"traefik.cache.protocol=http",
"traefik.cache.entryPoints=http,https",
"traefik.cache.frontend.rule=Host:patsubst(patsubst(__PLEROMA_MEDIA_PROXY_URL, <http.*?//>, <>), <string:>, <>)"
>)
]
}
}
}

117
pleroma → pleroma.sh
View File

@ -1,11 +1,6 @@
#!/bin/bash
#########################################################
# Options #
#########################################################
set -e
set -o pipefail
set -Eeo pipefail
#########################################################
# Globals #
@ -20,8 +15,6 @@ readonly ENDPOINT_TAG="$PREFIX_API/tags"
readonly ENDPOINT_BLOB="$PREFIX_API/blobs"
readonly ENDPOINT_BRANCH="$PREFIX_API/branches"
flags=""
#########################################################
# Helpers #
#########################################################
@ -57,31 +50,9 @@ throw_file_errors() {
fi
}
render_template() {
require_command m4
require_command awk
m4 $flags docker-compose.m4 | awk 'NF'
}
docker_compose() {
require_command docker-compose
docker-compose \
-f <(render_template) \
--project-directory . \
"$@"
}
load_env() {
while read -r line; do
if [[ "$line" == \#* ]] || [[ -z "$line" ]]; then
continue;
fi
export "${line?}"
flags="-D__${line?} $flags"
done < .env
docker-compose "$@"
}
download_file() { # $1: source, $2: target
@ -106,6 +77,16 @@ request_file_content() { # $1: source
fi
}
load_env() {
while read -r line; do
if [[ "$line" == \#* ]] || [[ -z "$line" ]]; then
continue;
fi
export "${line?}"
done < .env
}
#########################################################
# Subcommands #
#########################################################
@ -142,7 +123,7 @@ action__build() {
cacheTag="$(date '+%s')"
fi
# Alternative 3: Random number with awk
# Alternative 3: Random number with shell
if [[ -z "$cacheTag" ]] && [[ -n "$RANDOM" ]]; then
echo ""
echo "WARNING WARNING WARNING"
@ -185,13 +166,10 @@ action__build() {
cacheTag="broken-host-env"
fi
echo -e "#> (Re-)Building with cache tag \`${cacheTag}\`...\n"
echo -e "#> (Re-)Building pleroma @$PLEROMA_VERSION with cache tag \`${cacheTag}\`...\n"
sleep 1
docker_compose build --build-arg __CACHE_TAG="$cacheTag" server
}
action__dump() {
cat <(render_template)
docker_compose build --build-arg __VIA_SCRIPT=1 --build-arg __CACHE_TAG="$cacheTag" --build-arg PLEROMA_VERSION="$PLEROMA_VERSION" server
}
action__enter() {
@ -206,14 +184,6 @@ action__mix() {
docker_compose exec server sh -c "cd ~/pleroma && mix $*"
}
action__passthrough() {
docker_compose "$@"
}
action__p() {
action__passthrough "$@"
}
action__restart() {
action__stop
action__start
@ -243,38 +213,6 @@ action__ps() {
action__status
}
action__debug() {
require_command xhost
local debug_mounts
debug_mounts="
-v $(pwd)/custom.d:/custom.d \
-v $(pwd)/debug.d/build:/home/pleroma/pleroma/_build \
-v $(pwd)/debug.d/deps:/home/pleroma/pleroma/deps \
"
if [[ ! -d ./debug.d ]]; then
mkdir -p ./debug.d/{build,deps}
fi
if [[ ! -d ./custom.d/lib ]]; then
mkdir -p ./custom.d/lib
fi
action__stop
docker_compose run --rm -u pleroma -w /home/pleroma/pleroma "$debug_mounts" server bash -c 'cp -rvf /custom.d/* /home/pleroma/pleroma && mix deps.get'
local x_flags=""
if [[ $NO_X_FORWARDING != 1 ]]; then
x_flags="-e DISPLAY=$DISPLAY -v /tmp/.X11-unix:/tmp/.X11-unix"
fi
[[ $NO_X_FORWARDING == 1 ]] || xhost +local:root
docker_compose run --rm -u pleroma -w /home/pleroma/pleroma "$debug_mounts" "$x_flags" server bash -c "cp -rvf /custom.d/* /home/pleroma/pleroma && $*"
[[ $NO_X_FORWARDING == 1 ]] || xhost -local:root
}
action__mod() {
require_command dialog
require_command jq
@ -334,17 +272,7 @@ Usage:
Actions:
build (Re)build the pleroma container.
dump Dump the generated docker-compose.yml to stdout.
debug [bin] [args...] Launches a new pleroma container but uses \$bin instead of phx.server as entrypoint.
**Warning**: This is intended for debugging pleroma with tools like :debugger and :observer.
It thus forwards your X-Server into docker and temporarily fiddles with your xhost
access controls. If this is a security concern for you, please export NO_X_FORWARDING=1
before launching a debugger session.
enter Spawn a shell inside the container for debugging/maintenance.
This command does not link to the postgres container.
If you need that use #debug instead.
logs Show the current container logs.
@ -353,8 +281,6 @@ Actions:
mod [file] Creates the file in custom.d and downloads the content from pleroma.social.
The download respects your \$PLEROMA_VERSION from .env.
passthrough / p [...] Pass any custom command to docker-compose.
restart Executes #stop and #start respectively.
start / up Start pleroma and sibling services.
@ -367,17 +293,8 @@ Actions:
This operation only works in one direction.
For making permanent changes to the container use custom.d.
Environment:
DEBUG can be used to modify the loglevel.
DEBUG=1 prints all commands before they are executed.
DEBUG=2 prints all bash statements before they are executed (a lot).
----------------------------
SHOPT can be used to modify shell options.
Pass a list of options to this variable like SHOPT='-x -e'.
For setting long options with -o use a colon (:) instead of a space
to seperate the option from -o. For example: SHOPT='-x -e -o:pipefail'.
Contributing:
You can report bugs or contribute to this project at:
https://glitch.sh/sn0w/pleroma-docker
"