From 7e37c90ce56e8dfd5c90e5798138187fe255ea62 Mon Sep 17 00:00:00 2001 From: pierreozoux <pierre@ozoux.net> Date: Thu, 6 Apr 2017 23:45:30 +0100 Subject: [PATCH] First commit --- .env.production.sample | 33 ++++++++++++++++++++ docker-compose.yml | 70 ++++++++++++++++++++++++++++++++++++++++++ nginx.conf | 68 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 171 insertions(+) create mode 100644 .env.production.sample create mode 100644 docker-compose.yml create mode 100644 nginx.conf diff --git a/.env.production.sample b/.env.production.sample new file mode 100644 index 0000000..faa5e66 --- /dev/null +++ b/.env.production.sample @@ -0,0 +1,33 @@ +# Service dependencies +REDIS_HOST=redis +REDIS_PORT=6379 +DB_HOST=db +DB_USER=postgres +DB_NAME=postgres +DB_PASS= +DB_PORT=5432 + +# Federation +LOCAL_DOMAIN=example.com +LOCAL_HTTPS=true + +# Application secrets +# Generate each with the `rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose) +PAPERCLIP_SECRET= +SECRET_KEY_BASE= +OTP_SECRET= + +# Registrations +# Single user mode will disable registrations and redirect frontpage to the first profile +# SINGLE_USER_MODE=true +# Prevent registrations with following e-mail domains +# EMAIL_DOMAIN_BLACKLIST=example1.com|example2.de|etc +# Only allow registrations with the following e-mail domains +# EMAIL_DOMAIN_WHITELIST=example1.com|example2.de|etc + +# E-mail configuration +SMTP_SERVER=smtp.mailgun.org +SMTP_PORT=587 +SMTP_LOGIN= +SMTP_PASSWORD= +SMTP_FROM_ADDRESS=notifications@example.com diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..2a0af4d --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,70 @@ +version: '2' +networks: + lb_web: + external: true + back: + driver: bridge +services: + db: + restart: always + image: postgres:alpine + networks: + - back + redis: + restart: always + image: redis:alpine + networks: + - back + web: + image: nginx + volumes: + - ./nginx.conf:/etc/nginx/nginx.comf + volumes_from: + - app + depends_on: + - app + - streaming + networks: + - back + - lb_web + env: + - VIRTUAL_HOST + app: + restart: always + build: . + image: tootsuite/mastodon + env_file: .env.production + command: bundle exec rails s -p 3000 -b '0.0.0.0' + depends_on: + - db + - redis + volumes: + - ./public/assets:/mastodon/public/assets + - ./public/system:/mastodon/public/system + networks: + - back + streaming: + restart: always + build: . + image: tootsuite/mastodon + env_file: .env.production + command: npm run start + depends_on: + - db + - redis + networks: + - back + sidekiq: + restart: always + build: . + image: tootsuite/mastodon + env_file: .env.production + command: bundle exec sidekiq -q default -q mailers -q pull -q push + depends_on: + - db + - redis + volumes: + - ./public/system:/mastodon/public/system + networks: + - back + diff --git a/nginx.conf b/nginx.conf new file mode 100644 index 0000000..ca482f1 --- /dev/null +++ b/nginx.conf @@ -0,0 +1,68 @@ +user www-data; + +events { + worker_connections 768; +} + +http { + include /etc/nginx/mime.types; + default_type application/octet-stream; + + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; + } + + server { + listen 80; + + keepalive_timeout 70; + sendfile on; + client_max_body_size 0; + gzip off; + + root /mastodon/public; + + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; + + location / { + try_files $uri @proxy; + } + + location @proxy { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_pass_header Server; + + proxy_pass http://app:3000; + proxy_buffering off; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + tcp_nodelay on; + } + + location /api/v1/streaming { + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto https; + + proxy_pass http://streaming:4000; + proxy_buffering off; + proxy_redirect off; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + + tcp_nodelay on; + } + + error_page 500 501 502 503 504 /500.html; + } +} -- GitLab