【2022.09.07】使用docker搭建一个mastodon
【2022.09.07】使用docker搭建一个mastodon
前提准备
一个公网ip的服务器(得要有80端口的转发,因此homelab很难实现)
我这里使用的是腾讯云的1核2G的学生机
域名,及其SSL证书
宝塔安装
因为嫌麻烦,所以采用了宝塔的方案,顺便看看性能消耗
首先进入宝塔官网,下载新版本的宝塔:https://www.bt.cn/new/download.html
wget -O install.sh http://download.bt.cn/install/install-ubuntu_6.0.sh && bash install.sh ed8484bec
我用的是Debian版本的
因为新版要手机认证以及注册账号,我不是很想暴露自己,所以现在要降级
wget http://xiutu.us/bt/LinuxPanel-7.6.0.zip
unzip LinuxPanel-7.6.0.zip
cd panel
bash update.sh
cd .. && rm -f LinuxPanel-7.6.0.zip && rm -rf panel
有7.4.5,7.4.7,7.4.8,7.5.2,7.5.1,7.6.0可选,失败了输入bt,选择修复
shell输入bt,进入14查看端口和账号密码
看看能不能进,能进的话取消手机号绑定
echo "{\"uid\":1000,\"username\":\"admin\",\"serverid\":1}" > /www/server/panel/data/userInfo.json
进入后开始安装基础网络环境
到这里宝塔已经安装差不多了
docker安装
先update一下
去菜鸟教程获取一下最新的安装脚本,因为有些源在国外会很慢:https://www.runoob.com/docker/debian-docker-install.html
curl -sSL https://get.daocloud.io/docker | sh
不过即使是国内的脚本也很慢,所以还是要耐心等一下,有一步会卡十几分钟
然后安装docker-compose
curl -L https://get.daocloud.io/docker/compose/releases/download/v2.4.1/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
ln -s /usr/local/bin/docker-compose /usr/bin/docker-compose
最后用docker-compose --version验证一下是否安装成功
下载mastodon
根据官方文档:https://gist.github.com/TrillCyborg/84939cd4013ace9960031b803a0590c4
# Clone mastodon to ~/live directory
git clone https://github.com/tootsuite/mastodon.git live
# Change directory to ~/live
cd ~/live
# Checkout to the latest stable branch
git checkout $(git tag -l | grep -v 'rc[0-9]*$' | sort -V | tail -n 1)
这里可以看到一个样本文件
cp .env.production.sample .env.production
在该目录下赋予public目录权限
chown -R 991:991 public
构建这个docker,需要等待一段时间,我等了一小时= =
docker-compose build
如果Docker build太慢了的话,可以挂个代理
我反复build了可能有十来次,慢死了= =
最后使用docker images查看一下生成的镜像
配置mastodon
使用命令:
docker-compose run --rm web bundle exec rake mastodon:setup
然后会出现以下内容,中文部分要注意
root@VM-16-15-debian:~/live# docker-compose run --rm web bundle exec rake mastodon:setup
[+] Running 15/15
⠿ redis Pulled 16.9s
⠿ 213ec9aee27d Pull complete 9.0s
⠿ c99be1b28c7f Pull complete 9.1s
⠿ 8ff0bb7e55e3 Pull complete 9.5s
⠿ 477c33011f3e Pull complete 9.8s
⠿ 2bbc51a93257 Pull complete 9.9s
⠿ 2d27eae19281 Pull complete 10.0s
⠿ db Pulled 34.1s
⠿ 85c3ef7cf9a6 Pull complete 6.6s
⠿ ac29cc04759a Pull complete 8.4s
⠿ 2a37e244d86b Pull complete 24.4s
⠿ 36d7202aa1cf Pull complete 24.5s
⠿ 3acdddb9790a Pull complete 24.6s
⠿ 9a938759f2bf Pull complete 24.7s
⠿ 5d65a6241248 Pull complete 24.8s
[+] Running 4/4
⠿ Network live_internal_network Created 0.1s
⠿ Network live_external_network Created 0.1s
⠿ Container live-redis-1 Created 0.4s
⠿ Container live-db-1 Created 0.4s
[+] Running 2/2
⠿ Container live-db-1 Started 1.1s
⠿ Container live-redis-1 Started 1.1s
Your instance is identified by its domain name. Changing it afterward will break things.
Domain name: 这里填上你的域名
Single user mode disables registrations and redirects the landing page to your public profile.
Do you want to enable single user mode? No
Are you using Docker to run Mastodon? Yes
PostgreSQL host: db
PostgreSQL port: 5432
Name of PostgreSQL database: postgres
Name of PostgreSQL user: postgres
Password of PostgreSQL user: (这里按回车就行)
Database configuration works! 🎆
Redis host: redis
Redis port: 6379
Redis password: (这里按回车就行)
Redis configuration works! 🎆
Do you want to store uploaded files on the cloud? No
Do you want to send e-mails from localhost? No
SMTP server: smtp.126.com(看你邮箱怎么配)
SMTP port: 25(我这里用的是非SSL的)
SMTP username: (你的邮箱)
SMTP password: (授权码,不是密码)
SMTP authentication: plain
SMTP OpenSSL verify mode: none
E-mail address to send e-mails "from": (你的邮箱)
Send a test e-mail with this configuration right now? Yes
Send test e-mail to: (你的测试邮箱)
This configuration will be written to .env.production
Save configuration? Yes
Below is your configuration, save it to an .env.production file outside Docker:
(从这里开始拷贝)
# Generated with mastodon:setup on 2022-09-08 05:30:02 UTC
LOCAL_DOMAIN=mokou.
SINGLE_USER_MODE=false
SECRET_KEY_BASE=
OTP_SECRET=
VAPID_PRIVATE_KEY=
VAPID_PUBLIC_KEY=
DB_HOST=db
DB_PORT=5432
DB_NAME=postgres
DB_USER=postgres
DB_PASS=
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=
SMTP_SERVER=smtp.126.com
SMTP_PORT=25
SMTP_LOGIN=
SMTP_PASSWORD=
SMTP_AUTH_METHOD=plain
SMTP_OPENSSL_VERIFY_MODE=none
SMTP_FROM_ADDRESS=
(这里复制结束)
It is also saved within this container so you can proceed with this wizard.
Now that configuration is saved, the database schema must be loaded.
If the database already exists, this will erase its contents.
Prepare the database now? Yes
Running `RAILS_ENV=production rails db:setup` ...
Database 'postgres' already exists
Done!
All done! You can now power on the Mastodon server 🐘
Do you want to create an admin user straight away? Yes
Username: admin
E-mail: (你的邮箱)
Error connecting to Redis on 127.0.0.1:6379 (Errno::ECONNREFUSED)
Error connecting to Redis on 127.0.0.1:6379 (Errno::ECONNREFUSED)
Switching object-storage-safely from green to red because Redis::CannotConnectError Error connecting to Redis on 127.0.0.1:6379 (Errno::ECONNREFUSED)
Error connecting to Redis on 127.0.0.1:6379 (Errno::ECONNREFUSED)
You can login with the password: (这里有个密码必须记住!!!!!!)
You can change your password once you login.
root@VM-16-15-debian:~/live#
现在完全配置好了,记得吧上面拷贝的内容放到.env.production文件中
nano .env.production
启动docker
docker-compose up
申请SSL证书
这个在域名注册商一般都会提供这个服务
下载Nginx版本
然后上传到服务器的一个目录之中
配置反向代理
进入宝塔,先创建一个站点
然后开始配置
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream backend {
server 127.0.0.1:3000 fail_timeout=0;
}
upstream streaming {
server 127.0.0.1:4000 fail_timeout=0;
}
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
server {
listen 80;
listen [::]:80;
server_name (这里是域名);
root /root/live/public(这里是public目录);
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name (域名);
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
# Uncomment these lines once you acquire a certificate:
ssl_certificate (刚才下载的两个文件路径);
ssl_certificate_key (刚才下载的两个文件路径);
keepalive_timeout 70;
sendfile on;
client_max_body_size 80m;
root (目录);
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
add_header Strict-Transport-Security "max-age=31536000" always;
location / {
try_files $uri @proxy;
}
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
add_header Cache-Control "public, max-age=31536000, immutable";
add_header Strict-Transport-Security "max-age=31536000" always;
try_files $uri @proxy;
}
location /sw.js {
add_header Cache-Control "public, max-age=0";
add_header Strict-Transport-Security "max-age=31536000" always;
try_files $uri @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://backend;
proxy_buffering on;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache CACHE;
proxy_cache_valid 200 7d;
proxy_cache_valid 410 24h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
add_header X-Cached $upstream_cache_status;
add_header Strict-Transport-Security "max-age=31536000" always;
tcp_nodelay on;
}
location /api/v1/streaming {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Proxy "";
proxy_pass http://streaming;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;
}
参考链接
https://github.com/TyrantLucifer/ssr-command-client/blob/master/README_CH.md
