on a good way - not finished

2022-09-30 02:10:08 +02:00 · 2022-09-30 02:10:08 +02:00 · e5359b8f46
parent c5c0103241
commit e5359b8f46
1 changed files with 263 additions and 0 deletions
--- a/create.sh
+++ b/create.sh
@ -0,0 +1,263 @@
+#/bin/bash
+# https://sleeplessbeastie.eu/2022/05/02/how-to-take-advantage-of-docker-to-install-mastodon/  
+# inspiration to make an automated script
+
+
+## UPDATE SYSTEM
+apt update
+apt upgrade
+
+## increase mapareas
+echo "vm.max_map_count=262144" | sudo tee /etc/sysctl.d/90-max_map_count.conf
+sysctl --load /etc/sysctl.d/90-max_map_count.conf
+
+## DOCKER
+# apt install docker.io docker-compose
+#
+
+echo Set Domain:
+read DOMAIN
+echo Setup for $DOMAIN
+
+mkdir -p/opt/mastodon/
+
+mkdir -p /opt/mastodon/database/{postgresql,redis,elasticsearch}
+mkdir -p /opt/mastodon/web/{public,system}
+
+chown 991:991 /opt/mastodon/web/{public,system}
+chown 1000 /opt/mastodon/database/elasticsearch
+
+cd /opt/mastodon 
+wget https://git.dev-c.at/Theenoro/mastodon-docker-stack/raw/branch/main/docker-compose.yml
+
+touch /opt/mastodon/application.env
+touch /opt/mastodon/database.env
+
+SECRET_KEY_BASE=$(docker-compose -f /opt/mastodon/docker-compose.yml run --rm shell bundle exec rake secret)
+OTP_SECRET=$(docker-compose -f /opt/mastodon/docker-compose.yml run --rm shell bundle exec rake secret)
+
+docker-compose -f /opt/mastodon/docker-compose.yml run --rm shell bundle exec rake mastodon:webpush:generate_vapid_key > /tmp/tmpFileCode
+VAPID_PRIVATE_KEY=$(awk '/VAPID_PRIVATE_KEY=([A-z0-9=]*)/{gsub("VAPID_PRIVATE_KEY=","",$0);print $0}' /tmp/tmpFileCode)
+
+VAPID_PUBLIC_KEY=$(awk '/VAPID_PUBLIC_KEY=([A-z0-9=]*)/{gsub("VAPID_PUBLIC_KEY=","",$0);print $0}' /tmp/tmpFileCode)
+rm /tmp/tmpFileCode
+
+cat << EOF | sudo tee /opt/mastodon/application.env
+# environment
+RAILS_ENV=production
+NODE_ENV=production
+
+# domain
+LOCAL_DOMAIN=$DOMAIN
+
+# redirect to the first profile
+SINGLE_USER_MODE=true
+
+# do not serve static files
+RAILS_SERVE_STATIC_FILES=false
+
+# concurrency
+WEB_CONCURRENCY=2
+MAX_THREADS=5
+
+# pgbouncer
+#PREPARED_STATEMENTS=false
+
+# locale
+DEFAULT_LOCALE=en
+
+# email, not used
+SMTP_SERVER=localhost
+SMTP_PORT=587
+SMTP_FROM_ADDRESS=notifications@example.org
+
+# secrets
+SECRET_KEY_BASE=$SECRET_KEY_BASE
+OTP_SECRET=$OTP_SECRET
+
+VAPID_PRIVATE_KEY=$VAPID_PRIVATE_KEY
+VAPID_PUBLIC_KEY=$VAPID_PUBLIC_KEY
+EOF
+
+### TODO:  edit here!!
+
+
+chmod 777 /opt/mastodon/web/public
+docker volume create --opt type=none --opt device=/opt/mastodon/web/public --opt o=bind temporary_static 
+docker run --rm -v "temporary_static:/static" tootsuite/mastodon:v3.5.1 bash -c "cp -r /opt/mastodon/public/* /static/"
+
+
+
+openssl req -subj "/commonName=test.dockersrv02.int/" -x509 -nodes -days 730 -newkey rsa:2048 -keyout /etc/nginx/ssl/test.dockersrv02.int.key -out /etc/nginx/ssl/test.dockersrv02.int.crt
+
+
+
+cat << 'EOF' | sudo tee /etc/nginx/sites-available/mastodon
+map $http_upgrade $connection_upgrade {
+  default upgrade;
+  ''      close;
+}
+
+upstream backend {
+    server 127.0.0.1:3000 fail_timeout=0;
+}
+
+upstream streaming {
+    server 127.0.0.1:4000 fail_timeout=0;
+}
+
+proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=CACHE:10m inactive=7d max_size=1g;
+
+server {
+  listen 80;
+  server_name REPLACEDOMAIN;
+  location / { return 301 https://$host$request_uri; }
+}
+
+server {
+  listen 443 ssl http2;
+  server_name REPLACEDOMAIN;
+
+  ssl_protocols TLSv1.2 TLSv1.3;
+  ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
+  ssl_prefer_server_ciphers on;
+  ssl_session_cache shared:SSL:10m;
+  ssl_session_tickets off;
+
+  ssl_certificate     /etc/nginx/ssl/test.dockersrv02.int.crt;
+  ssl_certificate_key /etc/nginx/ssl/test.dockersrv02.int.key;
+
+  keepalive_timeout    70;
+  sendfile             on;
+  client_max_body_size 80m;
+
+  root /opt/mastodon/public;
+
+  gzip on;
+  gzip_disable "msie6";
+  gzip_vary on;
+  gzip_proxied any;
+  gzip_comp_level 6;
+  gzip_buffers 16 8k;
+  gzip_http_version 1.1;
+  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript image/svg+xml image/x-icon;
+
+  add_header Strict-Transport-Security "max-age=31536000" always;
+
+  location / {
+    try_files $uri @proxy;
+  }
+
+  location ~ ^/(system/accounts/avatars|system/media_attachments/files) {
+    add_header Cache-Control "public, max-age=31536000, immutable";
+    add_header Strict-Transport-Security "max-age=31536000" always;
+    root /opt/mastodon/;
+    try_files $uri @proxy;
+  }
+
+  location ~ ^/(emoji|packs) {
+    add_header Cache-Control "public, max-age=31536000, immutable";
+    add_header Strict-Transport-Security "max-age=31536000" always;
+    try_files $uri @proxy;
+  }
+
+  location /sw.js {
+    add_header Cache-Control "public, max-age=0";
+    add_header Strict-Transport-Security "max-age=31536000" always;
+    try_files $uri @proxy;
+  }
+
+  location @proxy {
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Proxy "";
+    proxy_pass_header Server;
+
+    proxy_pass http://backend;
+    proxy_buffering on;
+    proxy_redirect off;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+
+    proxy_cache CACHE;
+    proxy_cache_valid 200 7d;
+    proxy_cache_valid 410 24h;
+    proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+    add_header X-Cached $upstream_cache_status;
+    add_header Strict-Transport-Security "max-age=31536000" always;
+
+    tcp_nodelay on;
+  }
+
+  location /api/v1/streaming {
+    proxy_set_header Host $host;
+    proxy_set_header X-Real-IP $remote_addr;
+    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    proxy_set_header X-Forwarded-Proto $scheme;
+    proxy_set_header Proxy "";
+
+    proxy_pass http://streaming;
+    proxy_buffering off;
+    proxy_redirect off;
+    proxy_http_version 1.1;
+    proxy_set_header Upgrade $http_upgrade;
+    proxy_set_header Connection $connection_upgrade;
+
+    tcp_nodelay on;
+  }
+
+  error_page 500 501 502 503 504 /500.html;
+}
+EOF
+sed -i "s/REPLACEDOMAIN/$DOMAIN/" /etc/nginx/sites-available/mastodon
+
+
+
+ln -s /etc/nginx/sites-available/mastodon /etc/nginx/sites-enabled/
+systemctl restart nginx
+
+
+
+docker-compose -f /opt/mastodon/docker-compose.yml pull
+
+
+
+cat << EOF | sudo tee /etc/systemd/system/mastodon.service
+[Unit]
+Description=Mastodon service
+After=docker.service
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+
+WorkingDirectory=/opt/mastodon
+ExecStart=/usr/bin/docker-compose -f /opt/mastodon/docker-compose.yml up -d
+ExecStop=/usr/bin/docker-compose -f /opt/mastodon/docker-compose.yml down
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+
+systemctl daemon-reload
+
+
+docker-compose -f /opt/mastodon/docker-compose.yml up -d postgresql redis redis-volatile
+
+docker-compose -f /opt/mastodon/docker-compose.yml ps
+
+docker-compose -f /opt/mastodon/docker-compose.yml run --rm shell bundle exec rake db:setup
+
+docker-compose -f /opt/mastodon/docker-compose.yml run --rm shell bundle exec rake db:migrate
+
+systemctl enable --now mastodon.service
+
+docker-compose -f /opt/mastodon/docker-compose.yml ps
+
+docker-compose -f /opt/mastodon/docker-compose.yml run --rm shell bin/tootctl accounts create TESTUSER --email TESTUSER@test.int --confirmed --role admin
+
+docker-compose -f /opt/mastodon/docker-compose.yml run --rm shell  bin/tootctl settings registrations close