Capturing a working docker compose configuration for Mastodon in case it is useful for others
version: "3.5"
# Variables to fill in:
# Line 23: <LETSENCRYPT_MAIL_ADDRESS> - your mail address for contact with Let's Encrypt
# Line 36: <TRAEFIK_DASHBOARD_ADMIN_PASSWORD> - MD5 hash of your password (use http://www.htaccesstools.com/htpasswd-generator/)
# Line 54: <POSTGRES_PASSWORD> - the password for the postgres db. Use the same during mastodon:setup!
# Lines 31, 86, 111: <DOMAIN> - e.g. social.yourdomain.com (Must have an A record pointing to your box' IP) (AAAA for IPv6 ;)
services:
db:
restart: always
image: postgres:14-alpine
healthcheck:
test: ["CMD", "pg_isready", "-U", "postgres"]
environment:
- POSTGRES_PASSWORD=secret
volumes:
- ./postgres:/var/lib/postgresql/data
networks:
- internal
redis:
restart: always
image: redis:7-alpine
healthcheck:
test: ["CMD", "redis-cli", "ping"]
volumes:
- ./redis:/data
networks:
- internal
web:
image: tootsuite/mastodon:v4.2
restart: always
env_file: .env.production
command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
healthcheck:
test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health || exit 1"]
expose:
- "3000"
depends_on:
- db
- redis
labels:
- "traefik.enable=true"
- "traefik.http.routers.mastodon-web.rule=Host(`example.social`)"
- "traefik.http.routers.mastodon-web.entrypoints=websecure"
- "traefik.docker.network=proxy"
volumes:
- ./public/system:/mastodon/public/system
networks:
- proxy
- internal
streaming:
image: tootsuite/mastodon:v4.2
restart: always
env_file: .env.production
command: node ./streaming
healthcheck:
test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1"]
expose:
- "4000"
depends_on:
- db
- redis
labels:
- "traefik.enable=true"
- "traefik.http.services.mastodon-streaming.loadbalancer.server.port=4000"
- "traefik.http.routers.mastodon-streaming.rule=(Host(`example.social`) && PathPrefix(`/api/v1/streaming`))"
- "traefik.http.routers.mastodon-streaming.entrypoints=websecure"
- "traefik.docker.network=proxy"
networks:
- proxy
- internal
sidekiq:
image: tootsuite/mastodon:v4.2
restart: always
env_file: .env.production
command: bundle exec sidekiq
depends_on:
- db
- redis
volumes:
- ./public/system:/mastodon/public/system
networks:
- proxy
- internal
# es:
# restart: always
# image: docker.elastic.co/elasticsearch/elasticsearch:7.17.4
# environment:
# - "ES_JAVA_OPTS=-Xms512m -Xmx512m -Des.enforce.bootstrap.checks=true"
# - "xpack.license.self_generated.type=basic"
# - "xpack.security.enabled=false"
# - "xpack.watcher.enabled=false"
# - "xpack.graph.enabled=false"
# - "xpack.ml.enabled=false"
# - "bootstrap.memory_lock=true"
# - "cluster.name=es-mastodon"
# - "discovery.type=single-node"
# - "thread_pool.write.queue_size=1000"
# networks:
# - proxy
# - internal
# healthcheck:
# test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
# volumes:
# - ./elasticsearch:/usr/share/elasticsearch/data
# ulimits:
# memlock:
# soft: -1
# hard: -1
# nofile:
# soft: 65536
# hard: 65536
# ports:
# - '127.0.0.1:9200:9200'
networks:
proxy:
external: true
internal:
And the mastodon env file. The media cache is offloaded to AWS thanks to this tutorial: https://peterbabic.dev/blog/running-mastodon-with-docker-compose/
# Generated with mastodon:setup on 2022-11-19 09:23:39 UTC
LOCAL_DOMAIN=example.social
SINGLE_USER_MODE=true
SECRET_KEY_BASE=secret
OTP_SECRET=secret
VAPID_PRIVATE_KEY=secret
VAPID_PUBLIC_KEY=secret
DB_HOST=db
DB_PORT=5432
DB_NAME=postgres
DB_USER=postgres
DB_PASS=secret
REDIS_HOST=redis
REDIS_PORT=6379
REDIS_PASSWORD=
# https://peterbabic.dev/blog/running-mastodon-with-docker-compose/
S3_ENABLED=true
S3_BUCKET=example-mastodon-bucket
AWS_ACCESS_KEY_ID=secret
AWS_SECRET_ACCESS_KEY=secret
S3_REGION=eu-west-2
S3_PROTOCOL=https
S3_HOSTNAME=s3-eu-west-2.amazonaws.com
# ES_HOST=es
# ES_PORT=9200