generated from coop-cloud/example
Compare commits
2 Commits
1e5c3996b0
...
d566060e5c
| Author | SHA1 | Date |
|---|---|---|
 Roxie Gibson
|
d566060e5c
|
|
|
Roxie Gibson
|
b655514b86
|
143
.env.sample
143
.env.sample
|
|
@ -1,36 +1,46 @@
|
|||
TYPE=mastodon
|
||||
|
||||
DOMAIN=mastodon.swarm-test.autonomic.zone
|
||||
# Enables WEB_DOMAIN if set (FOR FUTURE USE)
|
||||
# USER_DOMAIN=
|
||||
|
||||
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.mastodon.example.com`'
|
||||
LETS_ENCRYPT_ENV=production
|
||||
|
||||
# Please look at https://docs.joinmastodon.org/admin/config/ for the full documentation.
|
||||
# This example will exclude explanations to make the file simple.
|
||||
# Variables you *need* to change will me marked as such.
|
||||
# Most optional features are commented out/disabled and will need to be enabled by you after checking the documentation.
|
||||
|
||||
# Federation
|
||||
# This identifies your server and cannot be changed safely later
|
||||
# ----------
|
||||
# DO NOT CHANGE DOMAIN VARIABLES AFTER DEPLOYMENT! WILL BREAK FEDERATION!!
|
||||
|
||||
# if [ -z "$USER_DOMAIN" ]
|
||||
# then
|
||||
# LOCAL_DOMAIN=$DOMAIN
|
||||
# else
|
||||
# LOCAL_DOMAIN=$USER_DOMAIN
|
||||
# WEB_DOMAIN=$DOMAIN
|
||||
# fi
|
||||
|
||||
LOCAL_DOMAIN=$DOMAIN
|
||||
#WEB_DOMAIN=$DOMAIN
|
||||
|
||||
# Use this only if you need to run mastodon on a different domain than the one used for federation.
|
||||
# You can read more about this option on https://docs.joinmastodon.org/admin/config/#web-domain
|
||||
# DO *NOT* USE THIS UNLESS YOU KNOW *EXACTLY* WHAT YOU ARE DOING.
|
||||
#WEB_DOMAIN=
|
||||
|
||||
# Use this if you want to have several aliases handler@example1.com
|
||||
# handler@example2.com etc. for the same user. LOCAL_DOMAIN should not
|
||||
# be added. Comma separated values
|
||||
#ALTERNATE_DOMAINS=$EXTRA_DOMAINS
|
||||
|
||||
# https://docs.joinmastodon.org/admin/config/#authorized_fetch
|
||||
AUTHORIZED_FETCH=false
|
||||
|
||||
# https://docs.joinmastodon.org/admin/config/#limited_federation_mode
|
||||
LIMITED_FEDERATION_MODE=false
|
||||
|
||||
# Deployment
|
||||
# ----------
|
||||
RAILS_ENV=production
|
||||
RAILS_SERVE_STATIC_FILES=true # might need this for traefik, need to test
|
||||
#TRUSTED_PROXY_IP=
|
||||
# TRUSTED_PROXY_IP=
|
||||
|
||||
# External Services
|
||||
# =================
|
||||
|
||||
# PostgreSQL
|
||||
# ----------
|
||||
|
|
@ -40,24 +50,41 @@ DB_NAME=mastodon_production
|
|||
DB_PASS=
|
||||
DB_PORT=5432
|
||||
|
||||
# Redis
|
||||
# -----
|
||||
REDIS_HOST=redis
|
||||
REDIS_PORT=6379
|
||||
# REDIS_URL=
|
||||
# REDIS_NAMESPACE=
|
||||
# CACHE_REDIS_HOST=
|
||||
# CACHE_REDIS_PORT=
|
||||
# CACHE_REDIS_URL=
|
||||
# CACHE_REDIS_NAMESPACE=
|
||||
|
||||
# ElasticSearch (optional)
|
||||
# ------------------------
|
||||
# ElasticSearch (CURRENTLY NOT SUPPORTED)
|
||||
# --------------------------------------
|
||||
ES_ENABLED=false
|
||||
# ES_HOST=localhost
|
||||
# ES_PORT=9200
|
||||
# ES_PREFIX=
|
||||
|
||||
# StatsD (CURRENTLY NOT SUPPORTED)
|
||||
# -------------------------------
|
||||
# STATSD_ADDR
|
||||
# STATSD_NAMESPACE
|
||||
|
||||
# Secrets
|
||||
# =======
|
||||
SECRET_KEY_BASE=
|
||||
OTP_SECRET=
|
||||
|
||||
# Web Push
|
||||
# ========
|
||||
VAPID_PRIVATE_KEY=
|
||||
VAPID_PUBLIC_KEY=
|
||||
|
||||
# Limits
|
||||
# ======
|
||||
SINGLE_USER_MODE=false
|
||||
# EMAIL_DOMAIN_ALLOWLIST=
|
||||
# EMAIL_DOMAIN_DENYLIST=
|
||||
|
|
@ -66,19 +93,87 @@ DEFAULT_LOCALE=en
|
|||
# USER_ACTIVE_DAYS=
|
||||
|
||||
# Sending mail
|
||||
# ------------
|
||||
# SMTP_SERVER=smtp.mailgun.org
|
||||
# SMTP_PORT=587
|
||||
# ============
|
||||
# SMTP_SERVER=
|
||||
# SMTP_PORT=
|
||||
# SMTP_LOGIN=
|
||||
# SMTP_PASSWORD=
|
||||
# SMTP_FROM_ADDRESS=notificatons@example.com
|
||||
# SMTP_FROM_ADDRESS=
|
||||
# SMTP_DOMAIN=
|
||||
# SMTP_DELIVERY_METHOD=
|
||||
# SMTP_AUTH_METHOD=
|
||||
# SMTP_CA_FILE=
|
||||
# SMTP_OPENSSL_VERIFY_MODEv
|
||||
# SMTP_ENABLE_STARTTLS_AUTO=
|
||||
# SMTP_TLS=
|
||||
# SMTP_SSL=
|
||||
|
||||
# File storage (optional)
|
||||
# -----------------------
|
||||
# =======================
|
||||
# CDN_HOST=
|
||||
|
||||
S3_ENABLED=false
|
||||
# S3_BUCKET=files.example.com
|
||||
# Papercllp (CURRENTLY NOT SUPPORTED)
|
||||
# ----------------------------------
|
||||
# PAPERCLIP_ROOT_PATH=
|
||||
# PAPERCLIP_ROOT_URL=
|
||||
|
||||
# S3 and AWS
|
||||
# ----------
|
||||
# S3_ENABLED=
|
||||
# S3_BUCKET=
|
||||
# AWS_ACCESS_KEY_ID=
|
||||
# AWS_SECRET_ACCESS_KEY=
|
||||
# S3_ALIAS_HOST=files.example.com
|
||||
# S3_REGION=
|
||||
# S3_PROTOCOL=
|
||||
# S3_HOSTNAME=
|
||||
# S3_ENDPOINT=
|
||||
# S3_SIGNATURE_VERSION=
|
||||
# S3_OVERRIDE_PATH_STYLE=
|
||||
# S3_OPEN_TIMEOUT=
|
||||
# S3_READ_TIMEOUT=
|
||||
|
||||
# External Authentication
|
||||
# =======================
|
||||
# OAUTH_REDIRECT_AT_SIGN_IN=
|
||||
|
||||
# LDAP
|
||||
# ----
|
||||
# LDAP_ENABLED=
|
||||
# LDAP_HOST=
|
||||
# LDAP_PORT=
|
||||
# LDAP_METHOD=
|
||||
# LDAP_BASE=
|
||||
# LDAP_BIND_DN=
|
||||
# LDAP_PASSWORDv
|
||||
# LDAP_UID=
|
||||
# LDAP_SEARCH_FILTER=
|
||||
# LDAP_MAIL=
|
||||
# LDAP_UID_CONVERSTION_ENABLED=
|
||||
|
||||
# SAML
|
||||
# ----
|
||||
# SAML_ENABLED=
|
||||
# SAML_ACS_URL=
|
||||
# SAML_ISSUER=
|
||||
# SAML_IDP_SSO_TARGET_URL=
|
||||
# SAML_IDP_CERT=
|
||||
# SAML_IDP_CERT_FINGERPRINT=
|
||||
# SAML_NAME_IDENTIFIER_FORMAT=
|
||||
# SAML_CERT=
|
||||
# SAML_PRIVATE_KEY=
|
||||
# SAML_SECURITY_WANT_ASSERTION_SIGNED=
|
||||
# SAML_SECURITY_WANT_ASSERTION_ENCRYPTED=
|
||||
# SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED=
|
||||
# SAML_ATTRIBUTES_STATEMENTS_UID=
|
||||
# SAML_ATTRIBUTES_STATEMENTS_EMAIL=
|
||||
# SAML_ATTRIBUTES_STATEMENTS_FULL_NAME=
|
||||
# SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME=
|
||||
# SAML_ATTRIBUTES_STATEMENTS_LAST_NAME=
|
||||
# SAML_UID_ATTRIBUTE=
|
||||
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED=
|
||||
# SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL=
|
||||
|
||||
# Hidden services (Not Supported)
|
||||
# ===============================
|
||||
# http_proxy=
|
||||
# ALLOW_ACCESS_TO_HIDDEN_SERVICE=
|
||||
86
compose.yml
86
compose.yml
|
|
@ -2,7 +2,6 @@
|
|||
version: "3.8"
|
||||
|
||||
services:
|
||||
|
||||
db:
|
||||
image: postgres:9.6-alpine
|
||||
networks: &internalNetwork
|
||||
|
|
@ -61,11 +60,15 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}_web.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}_web.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}_web.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
# WEB_DOMAIN redirect
|
||||
#- "traefik.http.routers.${STACK_NAME}_web.rule=(Host(`${DOMAIN}`) || (Host(`${LOCAL_DOMAIN}`) && Path(`/.well-known/webfinger`)))"
|
||||
# - "traefik.http.middlewares.mastodon-webfinger.redirectregex.regex=^https?://${LOCAL_DOMAIN}/.*" #^(http|https)://${LOCAL_DOMAIN}/.well-known/webfinger"
|
||||
# # - "traefik.http.middlewares.mastodon-webfinger.redirectregex.permanent=true"
|
||||
# - "traefik.http.middlewares.mastodon-webfinger.redirectregex.replacement=https://${WEB_DOMAIN}/.well-known/webfinger"
|
||||
# - "traefik.http.routers.${STACK_NAME}_hack.rule=(Host(`${LOCAL_DOMAIN}`) && Path(`/.well-known/`))"
|
||||
# - "traefik.http.routers.${STACK_NAME}_hack.entrypoints=websecure"
|
||||
# - "traefik.http.routers.${STACK_NAME}_hack.middlewares=mastodon-webfinger@docker"
|
||||
|
||||
## Redirect from EXTRA_DOMAINS to DOMAIN
|
||||
#- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
|
||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
|
||||
#- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
|
||||
depends_on:
|
||||
- db
|
||||
- redis
|
||||
|
|
@ -83,11 +86,84 @@ services:
|
|||
- DB_PORT
|
||||
- REDIS_HOST
|
||||
- REDIS_PORT
|
||||
- REDIS_URL=
|
||||
- REDIS_NAMESPACE
|
||||
- CACHE_REDIS_HOST
|
||||
- CACHE_REDIS_PORT
|
||||
- CACHE_REDIS_URL
|
||||
- CACHE_REDIS_NAMESPACE
|
||||
- ES_ENABLED
|
||||
- ES_HOST
|
||||
- ES_PORT
|
||||
- ES_PREFIX
|
||||
- STATSD_ADDR
|
||||
- STATSD_NAMESPACE
|
||||
- VAPID_PRIVATE_KEY
|
||||
- VAPID_PUBLIC_KEY
|
||||
- OTP_SECRET
|
||||
- SECRET_KEY_BASE
|
||||
- LOCAL_DOMAIN
|
||||
- WEB_DOMAIN
|
||||
- ALTERNATE_DOMAINS
|
||||
- AUTHORIZED_FETCH
|
||||
- LIMITED_FEDERATION_MODE
|
||||
- RAILS_ENV
|
||||
- RAILS_SERVE_STATIC_FILES
|
||||
- SINGLE_USER_MODE
|
||||
- EMAIL_DOMAIN_ALLOWLIST
|
||||
- EMAIL_DOMAIN_DENYLIST
|
||||
- DEFAULT_LOCALE
|
||||
- MAX_SESSION_ACTIVATIONS
|
||||
- USER_ACTIVE_DAYS
|
||||
- SMTP_SERVER
|
||||
- SMTP_PORT
|
||||
- SMTP_LOGIN
|
||||
- SMTP_PASSWORD
|
||||
- SMTP_FROM_ADDRESS
|
||||
- SMTP_DOMAIN
|
||||
- SMTP_DELIVERY_METHOD
|
||||
- SMTP_AUTH_METHOD
|
||||
- SMTP_CA_FILE
|
||||
- SMTP_OPENSSL_VERIFY_MODE
|
||||
- SMTP_ENABLE_STARTTLS_AUTO
|
||||
- SMTP_TLS
|
||||
- SMTP_SSL
|
||||
- PAPERCLIP_ROOT_PATH
|
||||
- PAPERCLIP_ROOT_URL
|
||||
- OAUTH_REDIRECT_AT_SIGN_IN
|
||||
- LDAP_ENABLED
|
||||
- LDAP_HOST
|
||||
- LDAP_PORT
|
||||
- LDAP_METHOD
|
||||
- LDAP_BASE
|
||||
- LDAP_BIND_DN
|
||||
- LDAP_PASSWORD
|
||||
- LDAP_UID
|
||||
- LDAP_SEARCH_FILTER
|
||||
- LDAP_MAIL
|
||||
- LDAP_UID_CONVERSTION_ENABLED
|
||||
- SAML_ENABLED
|
||||
- SAML_ACS_URL
|
||||
- SAML_ISSUER
|
||||
- SAML_IDP_SSO_TARGET_URL
|
||||
- SAML_IDP_CERT
|
||||
- SAML_IDP_CERT_FINGERPRINT
|
||||
- SAML_NAME_IDENTIFIER_FORMAT
|
||||
- SAML_CERT
|
||||
- SAML_PRIVATE_KEY
|
||||
- SAML_SECURITY_WANT_ASSERTION_SIGNED
|
||||
- SAML_SECURITY_WANT_ASSERTION_ENCRYPTED
|
||||
- SAML_SECURITY_ASSUME_EMAIL_IS_VERIFIED
|
||||
- SAML_ATTRIBUTES_STATEMENTS_UID
|
||||
- SAML_ATTRIBUTES_STATEMENTS_EMAIL
|
||||
- SAML_ATTRIBUTES_STATEMENTS_FULL_NAME
|
||||
- SAML_ATTRIBUTES_STATEMENTS_FIRST_NAME
|
||||
- SAML_ATTRIBUTES_STATEMENTS_LAST_NAME
|
||||
- SAML_UID_ATTRIBUTE
|
||||
- SAML_ATTRIBUTES_STATEMENTS_VERIFIED
|
||||
- SAML_ATTRIBUTES_STATEMENTS_VERIFIED_EMAIL
|
||||
- http_proxy
|
||||
- ALLOW_ACCESS_TO_HIDDEN_SERVICE
|
||||
|
||||
streaming:
|
||||
image: *image
|
||||
|
|
|
|||
Reference in New Issue