I am an archo-communist, cat-loving dude with a very eclectic range of interests and passions. Currenty, I’m into networks of all kinds and open source software.

  • 4 Posts
  • 167 Comments
Joined 1 year ago
cake
Cake day: July 8th, 2023

help-circle


  • It’s a Proxmox server that’s well under subscribed and utilized. I currently use it as a remote back-up for my brother’s business computer and the family’s various machines. It has one Arch Linux VM for that purpose. Another Arch Linux VM has two docker containers for running Mastodon and Lemmy.

    I want to do more with it but right now it’s time for me to buckle down and actually take some steps toward bettering my career because I am sick of being a senior Windows desktop support technician. I really want to do Linux/BSD systems administration or DevOps stuff. I hate feeling like I have to learn under the gun but, at this point, thinking about work on Monday is making me physically ill. The only relief will be knowing that there is an end to this tunnel.














  • You need to actually piece together those few to come up with one cohesive working instance. I can share with you the docker-compose.yml file that worked for me, if that will help.

    version: '3'
    services:
      db:
        restart: always
        image: postgres:14-alpine
        shm_size: 256mb
        networks:
          - internal_network
        healthcheck:
          test: ['CMD', 'pg_isready', '-U', 'postgres']
        volumes:
          - ./postgres14:/var/lib/postgresql/data
        environment:
          - 'POSTGRES_HOST_AUTH_METHOD=trust'
    
      redis:
        restart: always
        image: redis:7-alpine
        networks:
          - internal_network
        healthcheck:
          test: ['CMD', 'redis-cli', 'ping']
        volumes:
          - ./redis:/data
    
      # es:
      #   restart: always
      #   image: docker.elastic.co/elasticsearch/elasticsearch:7.17.4
      #   environment:
      #     - "ES_JAVA_OPTS=-Xms512m -Xmx512m -Des.enforce.bootstrap.checks=true"
      #     - "xpack.license.self_generated.type=basic"
      #     - "xpack.security.enabled=false"
      #     - "xpack.watcher.enabled=false"
      #     - "xpack.graph.enabled=false"
      #     - "xpack.ml.enabled=false"
      #     - "bootstrap.memory_lock=true"
      #     - "cluster.name=es-mastodon"
      #     - "discovery.type=single-node"
      #     - "thread_pool.write.queue_size=1000"
      #   networks:
      #      - external_network
      #      - internal_network
      #   healthcheck:
      #      test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
      #   volumes:
      #      - ./elasticsearch:/usr/share/elasticsearch/data
      #   ulimits:
      #     memlock:
      #       soft: -1
      #       hard: -1
      #     nofile:
      #       soft: 65536
      #       hard: 65536
      #   ports:
      #     - '127.0.0.1:9200:9200'
    
      web:
        #build: .
        #image: ghcr.io/mastodon/mastodon
        image: tootsuite/mastodon:latest
        restart: always
        env_file: .env.production
        command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
        networks:
          - external_network
          - internal_network
        healthcheck:
          # prettier-ignore
          test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
        ports:
          - '127.0.0.1:3000:3000'
        depends_on:
          - db
          - redis
          # - es
        volumes:
          - ./public/system:/mastodon/public/system
    
      streaming:
        #build: .
        #image: ghcr.io/mastodon/mastodon
        image: tootsuite/mastodon:latest
        restart: always
        env_file: .env.production
        command: node ./streaming
        networks:
          - external_network
          - internal_network
        healthcheck:
          # prettier-ignore
          test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
        ports:
          - '127.0.0.1:4000:4000'
        depends_on:
          - db
          - redis
    
      sidekiq:
        #build: .
        #image: ghcr.io/mastodon/mastodon
        image: tootsuite/mastodon:latest
        restart: always
        env_file: .env.production
        command: bundle exec sidekiq
        depends_on:
          - db
          - redis
        networks:
          - external_network
          - internal_network
        volumes:
          - ./public/system:/mastodon/public/system
        healthcheck:
          test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]
    
      ## Uncomment to enable federation with tor instances along with adding the following ENV variables
      ## http_proxy=http://privoxy:8118
      ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
      # tor:
      #   image: sirboops/tor
      #   networks:
      #      - external_network
      #      - internal_network
      #
      # privoxy:
      #   image: sirboops/privoxy
      #   volumes:
      #     - ./priv-config:/opt/config
      #   networks:
      #     - external_network
      #     - internal_network
    
    networks:
      external_network:
      internal_network:
        internal: true
    


  • NGINX Proxy Manager makes things even easier! All you have to do is make certain that you have websockets enabled for the proxy settings to go to your Mastodon instance and don’t forward via SSL because NPM is your SSL termination point. On your Mastodon instance’s NGINX configuration, change the port to listen on port 80, comment out all of the SSL related options, and in the @proxy section change the proxy_set_header X-Forwarded-Proto $scheme; to proxy_set_header X-Forwarded-Proto https; This is just telling Mastodon a small lie so it thinks the traffic is encrypted. This is necessary to prevent a redirection loop which will break things.