From 7e37c90ce56e8dfd5c90e5798138187fe255ea62 Mon Sep 17 00:00:00 2001
From: pierreozoux <pierre@ozoux.net>
Date: Thu, 6 Apr 2017 23:45:30 +0100
Subject: [PATCH] First commit

---
 .env.production.sample | 33 ++++++++++++++++++++
 docker-compose.yml     | 70 ++++++++++++++++++++++++++++++++++++++++++
 nginx.conf             | 68 ++++++++++++++++++++++++++++++++++++++++
 3 files changed, 171 insertions(+)
 create mode 100644 .env.production.sample
 create mode 100644 docker-compose.yml
 create mode 100644 nginx.conf

diff --git a/.env.production.sample b/.env.production.sample
new file mode 100644
index 0000000..faa5e66
--- /dev/null
+++ b/.env.production.sample
@@ -0,0 +1,33 @@
+# Service dependencies
+REDIS_HOST=redis
+REDIS_PORT=6379
+DB_HOST=db
+DB_USER=postgres
+DB_NAME=postgres
+DB_PASS=
+DB_PORT=5432
+
+# Federation
+LOCAL_DOMAIN=example.com
+LOCAL_HTTPS=true
+
+# Application secrets
+# Generate each with the `rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
+PAPERCLIP_SECRET=
+SECRET_KEY_BASE=
+OTP_SECRET=
+
+# Registrations
+# Single user mode will disable registrations and redirect frontpage to the first profile
+# SINGLE_USER_MODE=true
+# Prevent registrations with following e-mail domains
+# EMAIL_DOMAIN_BLACKLIST=example1.com|example2.de|etc
+# Only allow registrations with the following e-mail domains
+# EMAIL_DOMAIN_WHITELIST=example1.com|example2.de|etc
+
+# E-mail configuration
+SMTP_SERVER=smtp.mailgun.org
+SMTP_PORT=587
+SMTP_LOGIN=
+SMTP_PASSWORD=
+SMTP_FROM_ADDRESS=notifications@example.com
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 0000000..2a0af4d
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,70 @@
+version: '2'
+networks:
+  lb_web:
+    external: true
+  back:
+    driver: bridge
+services:
+  db:
+    restart: always
+    image: postgres:alpine
+    networks:
+    - back
+  redis:
+    restart: always
+    image: redis:alpine
+    networks:
+    - back
+  web:
+    image: nginx
+    volumes:
+    - ./nginx.conf:/etc/nginx/nginx.comf
+    volumes_from:
+    - app
+    depends_on:
+    - app
+    - streaming
+    networks:
+    - back
+    - lb_web
+    env:
+    - VIRTUAL_HOST
+  app:
+    restart: always
+    build: .
+    image: tootsuite/mastodon
+    env_file: .env.production
+    command: bundle exec rails s -p 3000 -b '0.0.0.0'
+    depends_on:
+    - db
+    - redis
+    volumes:
+    - ./public/assets:/mastodon/public/assets
+    - ./public/system:/mastodon/public/system
+    networks:
+    - back
+  streaming:
+    restart: always
+    build: .
+    image: tootsuite/mastodon
+    env_file: .env.production
+    command: npm run start
+    depends_on:
+    - db
+    - redis
+    networks:
+    - back
+  sidekiq:
+    restart: always
+    build: .
+    image: tootsuite/mastodon
+    env_file: .env.production
+    command: bundle exec sidekiq -q default -q mailers -q pull -q push
+    depends_on:
+    - db
+    - redis
+    volumes:
+    - ./public/system:/mastodon/public/system
+    networks:
+    - back
+
diff --git a/nginx.conf b/nginx.conf
new file mode 100644
index 0000000..ca482f1
--- /dev/null
+++ b/nginx.conf
@@ -0,0 +1,68 @@
+user www-data;
+
+events {
+  worker_connections 768;
+}
+
+http {
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+  }
+
+  server {
+    listen 80;
+
+    keepalive_timeout    70;
+    sendfile             on;
+    client_max_body_size 0;
+    gzip off;
+
+    root /mastodon/public;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
+    location / {
+      try_files $uri @proxy;
+    }
+
+    location @proxy {
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+
+      proxy_pass_header Server;
+
+      proxy_pass http://app:3000;
+      proxy_buffering off;
+      proxy_redirect off;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection $connection_upgrade;
+
+      tcp_nodelay on;
+    }
+
+    location /api/v1/streaming {
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+
+      proxy_pass http://streaming:4000;
+      proxy_buffering off;
+      proxy_redirect off;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection $connection_upgrade;
+
+      tcp_nodelay on;
+    }
+
+    error_page 500 501 502 503 504 /500.html;
+  }
+}
-- 
GitLab