mastodon/compose.yml

---
version: "3.8"

services:

  db:
    image: postgres:9.6-alpine
    networks: &internalNetwork
      - internal_network
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "postgres"]
    volumes:
      - postgres:/var/lib/postgresql/data
    environment: 
      - POSTGRES_PASSWORD=${DB_PASS}
      - POSTGRES_USER=${DB_USER}
      - POSTGRES_DB=${DB_NAME}

  redis:
    image: redis:6.0-alpine
    networks: *internalNetwork
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
    volumes:
      - redis:/data

#  es:
#    restart: always
#    image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.10
#    environment:
#      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
#      - "cluster.name=es-mastodon"
#      - "discovery.type=single-node"
#      - "bootstrap.memory_lock=true"
#    networks:
#      - internal_network
#    healthcheck:
#      test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
#    volumes:
#      - ./elasticsearch:/usr/share/elasticsearch/data
#    ulimits:
#      memlock:
#        soft: -1
#        hard: -1

  web:
    image: &image tootsuite/mastodon:v3.3.0
    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
    networks: &bothNetworks
      - proxy
      - internal_network
    healthcheck:
      test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health || exit 1"]
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}_web.loadbalancer.server.port=3000"
        - "traefik.http.routers.${STACK_NAME}_web.rule=Host(`${DOMAIN}`)"
        - "traefik.http.routers.${STACK_NAME}_web.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}_web.tls.certresolver=${LETS_ENCRYPT_ENV}"

        ## Redirect from EXTRA_DOMAINS to DOMAIN
        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
    depends_on:
      - db
      - redis
#      - es
    volumes: &appVolume
      - app:/mastodon/public/system
    # secrets: &secrets
    #   - secret_key_base
    #   - otp_secret
    environment: &env
      - DB_HOST
      - DB_USER
      - DB_NAME
      - DB_PASS
      - DB_PORT
      - REDIS_HOST
      - REDIS_PORT
      - VAPID_PRIVATE_KEY
      - VAPID_PUBLIC_KEY
      - OTP_SECRET
      - SECRET_KEY_BASE
      - LOCAL_DOMAIN

  streaming:
    image: *image
    command: node ./streaming
    networks: *bothNetworks
    healthcheck:
      test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1"]
    deploy:
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.docker.network=proxy"
        - "traefik.http.services.${STACK_NAME}_streaming.loadbalancer.server.port=4000"
        - "traefik.http.routers.${STACK_NAME}_streaming.rule=(Host(`${DOMAIN}`) && PathPrefix(`/api/v1/streaming`))"
        - "traefik.http.routers.${STACK_NAME}_streaming.entrypoints=web-secure"
        - "traefik.http.routers.${STACK_NAME}_streaming.tls.certresolver=${LETS_ENCRYPT_ENV}"

        ## Redirect from EXTRA_DOMAINS to DOMAIN
        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
    depends_on:
      - db
      - redis
    environment: *env
    volumes: *appVolume # used to make sure this volume is created
    
  sidekiq:
    image: *image
    command: bundle exec sidekiq
    deploy:
      restart_policy:
        condition: on-failure
    depends_on:
      - db
      - redis
    networks: *bothNetworks
    volumes: *appVolume
    environment: *env
    
# secrets:
#   secret_key_base:
#     name: ${STACK_NAME}_secret_key_base_${SECRET_DB_PASSWORD_VERSION}
#     external: true
#   otp_secret:
#     name: ${STACK_NAME}_otp_secret_${SECRET_DB_ROOT_PASSWORD_VERSION}
#     external: true
volumes:
  app:
  redis:
  postgres:
networks:
  proxy:
    external: true
  internal_network:
    internal: true
Initial commit 2021-05-07 11:34:21 +00:00			`---`
			`version: "3.8"`

			`services:`
feat: very basic but functional mastodon packaging 2021-05-08 20:41:57 +00:00
			`db:`
			`image: postgres:9.6-alpine`
			`networks: &internalNetwork`
			`- internal_network`
			`healthcheck:`
			`test: ["CMD", "pg_isready", "-U", "postgres"]`
			`volumes:`
			`- postgres:/var/lib/postgresql/data`
			`environment:`
			`- POSTGRES_PASSWORD=${DB_PASS}`
			`- POSTGRES_USER=${DB_USER}`
			`- POSTGRES_DB=${DB_NAME}`

			`redis:`
			`image: redis:6.0-alpine`
			`networks: *internalNetwork`
			`healthcheck:`
			`test: ["CMD", "redis-cli", "ping"]`
			`volumes:`
			`- redis:/data`

			`# es:`
			`# restart: always`
			`# image: docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.10`
			`# environment:`
			`# - "ES_JAVA_OPTS=-Xms512m -Xmx512m"`
			`# - "cluster.name=es-mastodon"`
			`# - "discovery.type=single-node"`
			`# - "bootstrap.memory_lock=true"`
			`# networks:`
			`# - internal_network`
			`# healthcheck:`
			`# test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health \|\| exit 1"]`
			`# volumes:`
			`# - ./elasticsearch:/usr/share/elasticsearch/data`
			`# ulimits:`
			`# memlock:`
			`# soft: -1`
			`# hard: -1`

			`web:`
			`image: &image tootsuite/mastodon:v3.3.0`
			`command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"`
			`networks: &bothNetworks`
Initial commit 2021-05-07 11:34:21 +00:00			`- proxy`
feat: very basic but functional mastodon packaging 2021-05-08 20:41:57 +00:00			`- internal_network`
			`healthcheck:`
			`test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health \|\| exit 1"]`
Initial commit 2021-05-07 11:34:21 +00:00			`deploy:`
			`restart_policy:`
			`condition: on-failure`
			`labels:`
			`- "traefik.enable=true"`
feat: very basic but functional mastodon packaging 2021-05-08 20:41:57 +00:00			`- "traefik.docker.network=proxy"`
			`- "traefik.http.services.${STACK_NAME}_web.loadbalancer.server.port=3000"`
			- "traefik.http.routers.${STACK_NAME}_web.rule=Host(`${DOMAIN}`)"
			`- "traefik.http.routers.${STACK_NAME}_web.entrypoints=web-secure"`
			`- "traefik.http.routers.${STACK_NAME}_web.tls.certresolver=${LETS_ENCRYPT_ENV}"`

Initial commit 2021-05-07 11:34:21 +00:00			`## Redirect from EXTRA_DOMAINS to DOMAIN`
			`#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"`
			`#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"`
			`#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"`
feat: very basic but functional mastodon packaging 2021-05-08 20:41:57 +00:00			`depends_on:`
			`- db`
			`- redis`
			`# - es`
			`volumes: &appVolume`
			`- app:/mastodon/public/system`
			`# secrets: &secrets`
			`# - secret_key_base`
			`# - otp_secret`
			`environment: &env`
			`- DB_HOST`
			`- DB_USER`
			`- DB_NAME`
			`- DB_PASS`
			`- DB_PORT`
			`- REDIS_HOST`
			`- REDIS_PORT`
			`- VAPID_PRIVATE_KEY`
			`- VAPID_PUBLIC_KEY`
			`- OTP_SECRET`
			`- SECRET_KEY_BASE`
			`- LOCAL_DOMAIN`

			`streaming:`
			`image: *image`
			`command: node ./streaming`
			`networks: *bothNetworks`
Initial commit 2021-05-07 11:34:21 +00:00			`healthcheck:`
feat: very basic but functional mastodon packaging 2021-05-08 20:41:57 +00:00			`test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health \|\| exit 1"]`
			`deploy:`
			`restart_policy:`
			`condition: on-failure`
			`labels:`
			`- "traefik.enable=true"`
			`- "traefik.docker.network=proxy"`
			`- "traefik.http.services.${STACK_NAME}_streaming.loadbalancer.server.port=4000"`
			- "traefik.http.routers.${STACK_NAME}_streaming.rule=(Host(`${DOMAIN}`) && PathPrefix(`/api/v1/streaming`))"
			`- "traefik.http.routers.${STACK_NAME}_streaming.entrypoints=web-secure"`
			`- "traefik.http.routers.${STACK_NAME}_streaming.tls.certresolver=${LETS_ENCRYPT_ENV}"`
Initial commit 2021-05-07 11:34:21 +00:00
feat: very basic but functional mastodon packaging 2021-05-08 20:41:57 +00:00			`## Redirect from EXTRA_DOMAINS to DOMAIN`
			`#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"`
			`#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"`
			`#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"`
			`depends_on:`
			`- db`
			`- redis`
			`environment: *env`
			`volumes: *appVolume # used to make sure this volume is created`

			`sidekiq:`
			`image: *image`
			`command: bundle exec sidekiq`
			`deploy:`
			`restart_policy:`
			`condition: on-failure`
			`depends_on:`
			`- db`
			`- redis`
			`networks: *bothNetworks`
			`volumes: *appVolume`
			`environment: *env`

			`# secrets:`
			`# secret_key_base:`
			`# name: ${STACK_NAME}_secret_key_base_${SECRET_DB_PASSWORD_VERSION}`
			`# external: true`
			`# otp_secret:`
			`# name: ${STACK_NAME}_otp_secret_${SECRET_DB_ROOT_PASSWORD_VERSION}`
			`# external: true`
			`volumes:`
			`app:`
			`redis:`
			`postgres:`
Initial commit 2021-05-07 11:34:21 +00:00			`networks:`
			`proxy:`
			`external: true`
feat: very basic but functional mastodon packaging 2021-05-08 20:41:57 +00:00			`internal_network:`
			`internal: true`