mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2024-11-22 19:56:39 +00:00
d2f6de0185
Currently, GtS only supports using the built-in LE client directly for TLS. However, admins may still want to use GtS directly (so without a reverse proxy) but with certificates provided through some other mechanism. They may have some centralised way of provisioning these things themselves, or simply prefer to use LE but with a different challenge like DNS-01 which is not supported by autocert. This adds support for loading a public/private keypair from disk instead of using LE and reconfigures the server to use a TLS listener if we succeed in doing so. Additionally, being able to load TLS keypair from disk opens up the path to using a custom CA for testing purposes avoinding the need for a constellation of containers and something like Pebble or Step CA to provide LE APIs.
205 lines
8.2 KiB
Markdown
205 lines
8.2 KiB
Markdown
# Docker
|
|
|
|
The official GoToSocial Docker images are provided through [Docker Hub](https://hub.docker.com/r/superseriousbusiness/gotosocial).
|
|
|
|
Docker images are currently available for the following OS + architecture combinations:
|
|
|
|
Linux
|
|
|
|
- 386
|
|
- amd64
|
|
- arm6
|
|
- arm7
|
|
- arm64v8
|
|
|
|
FreeBSD
|
|
|
|
- amd64
|
|
|
|
Before following this guide, you should read the [system requirements](./index.md).
|
|
|
|
This guide assumes that you're using Linux.
|
|
|
|
## Run with Docker Compose
|
|
|
|
You can run GoToSocial using any orchestration system that can manage Docker containers ([Kubernetes](https://kubernetes.io/), [Nomad](https://www.nomadproject.io/), etc).
|
|
|
|
For simplicity's sake, this guide will lead you through the installation with [Docker Compose](https://docs.docker.com/compose), using SQLite as your database.
|
|
|
|
### Create a Working Dir
|
|
|
|
You need a working directory in which your docker-compose file will be located, and a directory for GoToSocial to store data in, so create these directories with the following command:
|
|
|
|
```bash
|
|
mkdir -p ~/gotosocial/data
|
|
```
|
|
|
|
Now change to the working directory you created:
|
|
|
|
```bash
|
|
cd ~/gotosocial
|
|
```
|
|
|
|
### Get the latest docker-compose.yaml
|
|
|
|
Use `wget` to download the latest [docker-compose.yaml](https://raw.githubusercontent.com/superseriousbusiness/gotosocial/main/example/docker-compose/docker-compose.yaml) example, which we'll customize for our needs:
|
|
|
|
```bash
|
|
wget https://raw.githubusercontent.com/superseriousbusiness/gotosocial/main/example/docker-compose/docker-compose.yaml
|
|
```
|
|
|
|
### Edit the docker-compose.yaml
|
|
|
|
Because GoToSocial can be configured using [Environment Variables](../configuration/index.md#environment-variables), we can skip mounting a config.yaml file into the container, to make our configuration simpler. We just need to edit the docker-compose.yaml file to change a few things.
|
|
|
|
First open the docker-compose.yaml file in your editor of choice. For example:
|
|
|
|
```bash
|
|
nano docker-compose.yaml
|
|
```
|
|
|
|
#### Version
|
|
|
|
If desired, update the GoToSocial Docker image tag to the version of GtS you want to use.
|
|
|
|
`latest` - the default. This points to the latest stable release of GoToSocial.
|
|
|
|
`snapshot` - points to whatever code is currently on the main branch. Not guaranteed to be stable, will often be broken. Use with caution.
|
|
|
|
You can also replace `latest` with a specific GoToSocial version number. This is recommended when you want to make sure that you don't update your GoToSocial version by accident, which can cause problems.
|
|
|
|
The list of releases can be found [right here](https://github.com/superseriousbusiness/gotosocial/releases), with the newest release at the top. Replace `latest` in the docker-compose.yaml with the number of the desired release (without the leading `v` or trailing version name). So for example if you want to run [v0.3.1 Sleepy Sloth](https://github.com/superseriousbusiness/gotosocial/releases/tag/v0.3.1) for whatever reason, you should replace:
|
|
|
|
```text
|
|
image: superseriousbusiness/gotosocial:latest
|
|
```
|
|
|
|
with:
|
|
|
|
```text
|
|
image: superseriousbusiness/gotosocial:0.3.1
|
|
```
|
|
|
|
#### Host
|
|
|
|
Change the `GTS_HOST` environment variable to the domain you are running GoToSocial on.
|
|
|
|
#### User (optional / probably not necessary)
|
|
|
|
By default, Dockerized GoToSocial runs with Linux user/group `1000:1000`, which is fine in most cases. If you want to run as a different user/group, you should change the `user` field in the docker-compose.yaml accordingly.
|
|
|
|
For example, let's say you created the `~/gotosocial/data` directory for a user with id `1001`, and group id `1001`. If you now try to run GoToSocial without changing the `user` field, it will get a permissions error trying to open its database file in the directory. In this case, you would have to change the `user` field of the docker compose file to `1001:1001`.
|
|
|
|
#### LetsEncrypt (optional)
|
|
|
|
If you want to use [LetsEncrypt](../configuration/tls.md) for ssl certificates (https), you should also:
|
|
|
|
1. Change the value of `GTS_LETSENCRYPT_ENABLED` to `"true"`.
|
|
2. Remove the `#` before `- "80:80"` in the `ports` section.
|
|
3. (Optional) Set `GTS_LETSENCRYPT_EMAIL_ADDRESS` to a valid email address to receive certificate expiry warnings etc.
|
|
|
|
#### Reverse proxies
|
|
|
|
The default port bindings are for exposing GoToSocial directly and publicly. Remove the `#` in front the line that forwards `127.0.0.1:8080:8080` which makes port `8080` available only to the local host. Change that `127.0.0.1` if the reverse proxy is somewhere else.
|
|
|
|
To ensure [rate limiting](../api/ratelimiting.md) by IP works, remove the `#` in front of `GTS_TRUSTED_PROXIES` and set it to the IP the requests from the reverse proxy are coming from. That's usually the value of the `Gateway` field of the docker network.
|
|
|
|
```text
|
|
$ docker network inspect gotosocial_gotosocial
|
|
[
|
|
{
|
|
"Name": "gotosocial_gotosocial",
|
|
[...]
|
|
"IPAM": {
|
|
"Driver": "default",
|
|
"Options": null,
|
|
"Config": [
|
|
{
|
|
"Subnet": "172.19.0.0/16",
|
|
"Gateway": "172.19.0.1"
|
|
}
|
|
]
|
|
},
|
|
[...]
|
|
```
|
|
|
|
In the example above, it would be `172.19.0.1`.
|
|
|
|
If unsure, skip the trusted proxies step, continue with the next sections, and once it's running get the `clientIP` from the docker logs.
|
|
|
|
### Start GoToSocial
|
|
|
|
With those small changes out of the way, you can now start GoToSocial with the following command:
|
|
|
|
```shell
|
|
docker-compose up -d
|
|
```
|
|
|
|
After running this command, you should get an output like:
|
|
|
|
```text
|
|
Creating network "gotosocial_gotosocial" with the default driver
|
|
Creating gotosocial ... done
|
|
```
|
|
|
|
If you want to follow the logs of GoToSocial, you can use:
|
|
|
|
```bash
|
|
docker logs -f gotosocial
|
|
```
|
|
|
|
If everything is OK, you should see something similar to the following:
|
|
|
|
```text
|
|
time=2022-04-19T09:48:35Z level=info msg=connected to SQLITE database
|
|
time=2022-04-19T09:48:35Z level=info msg=MIGRATED DATABASE TO group #1 (20211113114307, 20220214175650, 20220305130328, 20220315160814) func=doMigration
|
|
time=2022-04-19T09:48:36Z level=info msg=instance account example.org CREATED with id 01EXX0TJ9PPPXF2C4N2MMMVK50
|
|
time=2022-04-19T09:48:36Z level=info msg=created instance instance example.org with id 01PQT31C7BZJ1Q2Z4BMEV90ZCV
|
|
time=2022-04-19T09:48:36Z level=info msg=media manager cron logger: start[]
|
|
time=2022-04-19T09:48:36Z level=info msg=media manager cron logger: schedule[now 2022-04-19 09:48:36.096127852 +0000 UTC entry 1 next 2022-04-20 00:00:00 +0000 UTC]
|
|
time=2022-04-19T09:48:36Z level=info msg=started media manager remote cache cleanup job: will run next at 2022-04-20 00:00:00 +0000 UTC
|
|
time=2022-04-19T09:48:36Z level=info msg=listening on 0.0.0.0:8080
|
|
```
|
|
|
|
### Create your first User
|
|
|
|
Now that GoToSocial is running, you can execute commands inside the running container to create and promote your admin user.
|
|
|
|
First create a user (replace the username, email, and password with appropriate values):
|
|
|
|
```bash
|
|
docker exec -it gotosocial /gotosocial/gotosocial admin account create --username some_username --email someone@example.org --password 'some_very_good_password'
|
|
```
|
|
|
|
If you are running a version older than 0.6.0, you will need to manually confirm as well:
|
|
|
|
```bash
|
|
./gotosocial --config-path ./config.yaml admin account confirm --username some_username
|
|
```
|
|
|
|
Replace `some_username` with the username of the account you just created.
|
|
|
|
Now promote the user you just created to admin privileges:
|
|
|
|
```bash
|
|
docker exec -it gotosocial /gotosocial/gotosocial admin account promote --username some_username
|
|
```
|
|
|
|
When running these commands, you'll get a bit of output like the following:
|
|
|
|
```text
|
|
time=2022-04-19T09:53:29Z level=info msg=connected to SQLITE database
|
|
time=2022-04-19T09:53:29Z level=info msg=there are no new migrations to run func=doMigration
|
|
time=2022-04-19T09:53:29Z level=info msg=closing db connection
|
|
```
|
|
|
|
This is normal and indicates that the commands ran as expected.
|
|
|
|
### Done
|
|
|
|
GoToSocial should now be running on your machine! To verify this, open your browser and go to `http://localhost:443`. You should see the GoToSocial landing page. Well done!
|
|
|
|
## (Optional) Reverse Proxy
|
|
|
|
If you want to run other webservers on port 443, or want to add an additional layer of security you might want to add [NGINX](https://nginx.org), [Traefik](https://doc.traefik.io/traefik/), or [Apache httpd](https://httpd.apache.org/) into your docker-compose to use as a reverse proxy.
|