First commit

.env.production.sample

+# Service dependencies
+REDIS_HOST=redis
+REDIS_PORT=6379
+DB_HOST=db
+DB_USER=postgres
+DB_NAME=postgres
+DB_PASS=
+DB_PORT=5432
+
+# Federation
+LOCAL_DOMAIN=example.com
+LOCAL_HTTPS=true
+
+# Application secrets
+# Generate each with the `rake secret` task (`docker-compose run --rm web rake secret` if you use docker compose)
+PAPERCLIP_SECRET=
+SECRET_KEY_BASE=
+OTP_SECRET=
+
+# Registrations
+# Single user mode will disable registrations and redirect frontpage to the first profile
+# SINGLE_USER_MODE=true
+# Prevent registrations with following e-mail domains
+# EMAIL_DOMAIN_BLACKLIST=example1.com|example2.de|etc
+# Only allow registrations with the following e-mail domains
+# EMAIL_DOMAIN_WHITELIST=example1.com|example2.de|etc
+
+# E-mail configuration
+SMTP_SERVER=smtp.mailgun.org
+SMTP_PORT=587
+SMTP_LOGIN=
+SMTP_PASSWORD=
+SMTP_FROM_ADDRESS=notifications@example.com

docker-compose.yml

+version: '2'
+networks:
+  lb_web:
+    external: true
+  back:
+    driver: bridge
+services:
+  db:
+    restart: always
+    image: postgres:alpine
+    networks:
+    - back
+  redis:
+    restart: always
+    image: redis:alpine
+    networks:
+    - back
+  web:
+    image: nginx
+    volumes:
+    - ./nginx.conf:/etc/nginx/nginx.comf
+    volumes_from:
+    - app
+    depends_on:
+    - app
+    - streaming
+    networks:
+    - back
+    - lb_web
+    env:
+    - VIRTUAL_HOST
+  app:
+    restart: always
+    build: .
+    image: tootsuite/mastodon
+    env_file: .env.production
+    command: bundle exec rails s -p 3000 -b '0.0.0.0'
+    depends_on:
+    - db
+    - redis
+    volumes:
+    - ./public/assets:/mastodon/public/assets
+    - ./public/system:/mastodon/public/system
+    networks:
+    - back
+  streaming:
+    restart: always
+    build: .
+    image: tootsuite/mastodon
+    env_file: .env.production
+    command: npm run start
+    depends_on:
+    - db
+    - redis
+    networks:
+    - back
+  sidekiq:
+    restart: always
+    build: .
+    image: tootsuite/mastodon
+    env_file: .env.production
+    command: bundle exec sidekiq -q default -q mailers -q pull -q push
+    depends_on:
+    - db
+    - redis
+    volumes:
+    - ./public/system:/mastodon/public/system
+    networks:
+    - back
+

nginx.conf

+user www-data;
+
+events {
+  worker_connections 768;
+}
+
+http {
+  include /etc/nginx/mime.types;
+  default_type application/octet-stream;
+
+  map $http_upgrade $connection_upgrade {
+    default upgrade;
+    ''      close;
+  }
+
+  server {
+    listen 80;
+
+    keepalive_timeout    70;
+    sendfile             on;
+    client_max_body_size 0;
+    gzip off;
+
+    root /mastodon/public;
+
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
+
+    location / {
+      try_files $uri @proxy;
+    }
+
+    location @proxy {
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+
+      proxy_pass_header Server;
+
+      proxy_pass http://app:3000;
+      proxy_buffering off;
+      proxy_redirect off;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection $connection_upgrade;
+
+      tcp_nodelay on;
+    }
+
+    location /api/v1/streaming {
+      proxy_set_header Host $host;
+      proxy_set_header X-Real-IP $remote_addr;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header X-Forwarded-Proto https;
+
+      proxy_pass http://streaming:4000;
+      proxy_buffering off;
+      proxy_redirect off;
+      proxy_http_version 1.1;
+      proxy_set_header Upgrade $http_upgrade;
+      proxy_set_header Connection $connection_upgrade;
+
+      tcp_nodelay on;
+    }
+
+    error_page 500 501 502 503 504 /500.html;
+  }
+}