* exludes docker-volume from exemple/docker-compose * Adds an docker-compose.yaml example and adds some readme to the docker.md * Changes Docker-Compose Example * Configures docker-compose.yaml and docker.md * Adds some cosmetics to the Documentation * Adds UserID:GroupID * Describes how to create a new user
8.6 KiB
Docker
The Official GoToSocial docker images are provided through docker hub.
GoToSocial can be configured using Environment Variables if you wish, allowing your GoToSocial configuration to be embedded inside your docker container configuration.
Run with Docker Compose (recommended)
This guide will lead you through the installation with docker compose, so you might want to follow the next Steps.
Create a Working Dir
You need a Working Directory in which the data of the PostgreSQL and the GoToSocial container will be located, so create this directory for example with the following command. The directory can be located where you want it to be later.
mkdir -p /docker/gotosocial
cd /docker/gotosocial
Get the latest docker-compose.yaml and config.yaml
You can get an example docker-compose.yaml and config.yaml here, which you can download with wget for example.
wget https://raw.githubusercontent.com/superseriousbusiness/gotosocial/main/example/docker-compose/docker-compose.yaml
wget https://raw.githubusercontent.com/superseriousbusiness/gotosocial/main/example/config.yaml
Edit the docker-compose.yaml
You can modify the docker-compose.yaml to your needs, but in any case you should generate a Postgres password and bind it as environment variable into the postgreSQL container. For this we can write the password directly into the docker-compose.yaml like in the example or we create an .env file that will load the environment variables into the container. You may also want to check the current GoToSocial version and adjust the image in docker-compose.yaml.
$EDITOR docker-compose.yaml
Edit the config.yaml
When we want to use the config.yaml, we should make the following changes to config.yaml.
Config Option | Value |
---|---|
host | Hostname of your Inctanse e.g. gts.example.com |
account-domain | Domain to use when federating profiles e.g. gts.example.com |
trusted-proxies | We need to trust our host machine and the Docker Network e.g. - "127.0.0.1/32" - "10.0.0.0/8" - "172.16.0.0/12" - "192.168.0.0/16" |
db-address | gotosocial_postgres |
db-user | gotosocial |
db-password | same password as postgres environment $POSTGRES_PASSWORD |
$EDITOR config.yaml
Start GoToSocial
docker-compose up -d
After running this command, you should get an output like:
❯ docker-compose up -d
[+] Running 2/2
⠿ Container docker1-gotosocial_postgres-1 Started
⠿ Container docker1-gotosocial-1 Started
this names can be used to create your first user described below.
Create your first User
Take the names from above command docker-compose up -d
and replace $CONTAINER_NAME with the name e.g. docker1-gotosocial-1
# Creates a User
docker exec -ti $CONTAINER_NAME /gotosocial/gotosocial --config-path /config/config.yaml admin account create --username $USERNAME --email $USEREMAIL --password $SuperSecurePassword
# Confirms the User, so that the User can LogIn
docker exec -ti $CONTAINER_NAME /gotosocial/gotosocial --config-path /config/config.yaml admin account confirm --username $USERNAME
# Makes the User to an Admin
docker exec -ti $CONTAINER_NAME/gotosocial/gotosocial --config-path /config/config.yaml admin account promote --username $USERNAME
Lost the Name of the Container
If you forgot what the container name of your GoToSocial container was, you can figure it out with the command docker ps -f NAME=gotosocial
.
If you execute the command, you will get an output similar to the following:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
e190f1e6335f superseriousbusiness/gotosocial:$VERSION "/gotosocial/gotosoc…" 12 minutes ago Up 12 minutes 127.0.0.1:8080->8080/tcp docker-compose-gotosocial-1
5a2c56181ada postgres:14-alpine "docker-entrypoint.s…" 22 minutes ago Up 19 minutes 5432/tcp docker-compose-gotosocial_postgres-1
Now you take the container name from the container with image superseriousbusiness/gotosocial:$VERSION and build ourselves the following commands.
Run with Docker Run
You can run GoToSocial direct with docker run
command.
docker run with --env flag
docker run -e GTS_PORT='8080' -e GTS_PROTOCOL='https' -e GTS_TRUSTED_PROXIES='0.0.0.0/0' -e GTS_HOST='gotosocial.example.com' -e GTS_ACCOUNT_DOMAIN='gotosocial.example.com' -e GTS_DB_TYPE='sqlite' -e GTS_DB_ADDRESS='/gotosocial/database/sqlite.db' -e GTS_STORAGE_SERVE_PROTOCOL='https' -e GTS_STORAGE_SERVE_HOST='gotosocial.example.com' -e GTS_STORAGE_SERVE_BASE_PATH='/gotosocial/storage' -e GTS_LETSENCRYPT_ENABLED='false' -v $(pwd)/storage/:/gotosocial/storage/ -v $(pwd)/database/:/gotosocial/database/ -p 127.0.0.1:8080:8080 superseriousbusiness/gotosocial:0.2.0
docker run with .env-file
docker run --env-file ./.env -v $(pwd)/storage/:/gotosocial/storage/ -v $(pwd)/database/:/gotosocial/database/ -p 127.0.0.1:8080:8080 superseriousbusiness/gotosocial:0.2.0
Example .env File
$EDITOR .env
GTS_PORT=8080
GTS_PROTOCOL=https
GTS_TRUSTED_PROXIES=127.0.0.1 # should be the host machine and the Docker Network e.g. "127.0.0.1/32", "10.0.0.0/8", "172.16.0.0/12", "192.168.0.0/16"
GTS_HOST=gotosocial.example.com
GTS_ACCOUNT_DOMAIN=gotosocial.example.com
GTS_DB_TYPE=sqlite
GTS_DB_ADDRESS=/gotosocial/database/sqlite.db
GTS_STORAGE_SERVE_BASE_PATH=/gotosocial/storage
GTS_LETSENCRYPT_ENABLED=false
(optional) NGINX Config
The following NGINX config is just an example of what this might look like. In this case we assume that a valid SSL certificate is present. For this you can get a valid certificate from Let's Encrypt with the cerbot.
server {
listen 80;
listen [::]:80;
server_name gts.example.com;
location /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/certbot;
}
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name gts.example.com;
#############################################################################
# Certificates #
# you need a certificate to run in production. see https://letsencrypt.org/ #
#############################################################################
ssl_certificate /etc/letsencrypt/live/gts.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/gts.example.com/privkey.pem;
location ^~ '/.well-known/acme-challenge' {
default_type "text/plain";
root /var/www/certbot;
}
###########################################
# Security hardening (as of Nov 15, 2020) #
# based on Mozilla Guideline v5.6 #
###########################################
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305";
ssl_session_timeout 1d; # defaults to 5m
ssl_session_cache shared:SSL:10m; # estimated to 40k sessions
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
# HSTS (https://hstspreload.org), requires to be copied in 'location' sections that have add_header directives
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Scheme $scheme;
}
}