There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

Question on selfhosting Mastodon (docker or not, reverse proxy and how to easily update)

I finally managed to selfhost Lemmy and Matrix, now it is time to also get a selfhosted Mastodon instance up. A few questions before I start:

I did some research into the topic and it seems that Mastodon doesn’t like to run behind an existing reverse proxy and there are quite a few tweaks necessary to get it running - can someone confirm this? Or is this something easily set up?

I’m currently leaning to run it on a dedicated VPS (due to the issue above and also because it seems to need quite a bit of disk space) - this opens up to do a non-docker installation and follow the official install path. Do you think this will make it easier to keep it updated to new releases in the future?

If going with a docker install there seem to be quite a few problems with updating (at least a lot of threads discussing failed update procedures sprung up when I googles “mastodon docker update”) - can someone confirm? Are there easy to follow guides for a docker based update routine?

Right now it seems the easiest would be to run on a dedicated server, follow the native installation procedure and use the templates provided for nginx, certbot, … thoughts?

RxBrad ,

If you do use Docker, Mastodon seems to be a prime example of where you shouldn’t use the : latest tag and autoupdate with something like Watchtower.

I initially installed with :latest a few days ago and it gave me 4.1.3 (the actual latest version had been 4.1.4 for quite awhile at that point). I saw other people mention that they “updated” to a 3.x release via :latest recently.

SheeEttin ,

That sounds more like improper tagging by the maintainers.

RxBrad ,

Probably.

Though it was the official Mastodon container, and not a third party.

ablackcatstail ,
@ablackcatstail@lemmy.goblackcat.com avatar

It’s actually not hard to get Mastodon running behind an existing reverse proxy. It’s also not hard to run it in a docker container. I run mine in a docker container with no issues. When version 4.1.4 was released, I just ran a docker-compose pull, and voila, my instant was upgraded. I can share my configs with you if you want. What is your existing reverse proxy server?

Shiimiish OP ,
@Shiimiish@lm.ainyataovi.net avatar

I run Nginx with Nginx Proxy Manager web-ui, which makes setting up proxy hosts and handling letsencrypt certificates really easy. I also use Portainer to manage my docker containers. This works well for the stuff I mentioned above (Nextcloud, Matrix, Lemmy mostly)

If I can get Mastodon into the same setup, it’d be neat. I just found a lot of discussion with problems, so I thought I’ll ask about it before I spend a few hours in vain :)

ablackcatstail ,
@ablackcatstail@lemmy.goblackcat.com avatar

NGINX Proxy Manager makes things even easier! All you have to do is make certain that you have websockets enabled for the proxy settings to go to your Mastodon instance and don’t forward via SSL because NPM is your SSL termination point. On your Mastodon instance’s NGINX configuration, change the port to listen on port 80, comment out all of the SSL related options, and in the @proxy section change the proxy_set_header X-Forwarded-Proto $scheme; to proxy_set_header X-Forwarded-Proto https; This is just telling Mastodon a small lie so it thinks the traffic is encrypted. This is necessary to prevent a redirection loop which will break things.

sunbeam60 ,

Is there a good guide for Mastodon in Docker? I’ve followed a few but they all get stuck at various points.

ablackcatstail ,
@ablackcatstail@lemmy.goblackcat.com avatar

You need to actually piece together those few to come up with one cohesive working instance. I can share with you the docker-compose.yml file that worked for me, if that will help.

<pre style="background-color:#ffffff;">
<span style="color:#323232;">version: '3'
</span><span style="color:#323232;">services:
</span><span style="color:#323232;">  db:
</span><span style="color:#323232;">    restart: always
</span><span style="color:#323232;">    image: postgres:14-alpine
</span><span style="color:#323232;">    shm_size: 256mb
</span><span style="color:#323232;">    networks:
</span><span style="color:#323232;">      - internal_network
</span><span style="color:#323232;">    healthcheck:
</span><span style="color:#323232;">      test: ['CMD', 'pg_isready', '-U', 'postgres']
</span><span style="color:#323232;">    volumes:
</span><span style="color:#323232;">      - ./postgres14:/var/lib/postgresql/data
</span><span style="color:#323232;">    environment:
</span><span style="color:#323232;">      - 'POSTGRES_HOST_AUTH_METHOD=trust'
</span><span style="color:#323232;">
</span><span style="color:#323232;">  redis:
</span><span style="color:#323232;">    restart: always
</span><span style="color:#323232;">    image: redis:7-alpine
</span><span style="color:#323232;">    networks:
</span><span style="color:#323232;">      - internal_network
</span><span style="color:#323232;">    healthcheck:
</span><span style="color:#323232;">      test: ['CMD', 'redis-cli', 'ping']
</span><span style="color:#323232;">    volumes:
</span><span style="color:#323232;">      - ./redis:/data
</span><span style="color:#323232;">
</span><span style="color:#323232;">  # es:
</span><span style="color:#323232;">  #   restart: always
</span><span style="color:#323232;">  #   image: docker.elastic.co/elasticsearch/elasticsearch:7.17.4
</span><span style="color:#323232;">  #   environment:
</span><span style="color:#323232;">  #     - "ES_JAVA_OPTS=-Xms512m -Xmx512m -Des.enforce.bootstrap.checks=true"
</span><span style="color:#323232;">  #     - "xpack.license.self_generated.type=basic"
</span><span style="color:#323232;">  #     - "xpack.security.enabled=false"
</span><span style="color:#323232;">  #     - "xpack.watcher.enabled=false"
</span><span style="color:#323232;">  #     - "xpack.graph.enabled=false"
</span><span style="color:#323232;">  #     - "xpack.ml.enabled=false"
</span><span style="color:#323232;">  #     - "bootstrap.memory_lock=true"
</span><span style="color:#323232;">  #     - "cluster.name=es-mastodon"
</span><span style="color:#323232;">  #     - "discovery.type=single-node"
</span><span style="color:#323232;">  #     - "thread_pool.write.queue_size=1000"
</span><span style="color:#323232;">  #   networks:
</span><span style="color:#323232;">  #      - external_network
</span><span style="color:#323232;">  #      - internal_network
</span><span style="color:#323232;">  #   healthcheck:
</span><span style="color:#323232;">  #      test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
</span><span style="color:#323232;">  #   volumes:
</span><span style="color:#323232;">  #      - ./elasticsearch:/usr/share/elasticsearch/data
</span><span style="color:#323232;">  #   ulimits:
</span><span style="color:#323232;">  #     memlock:
</span><span style="color:#323232;">  #       soft: -1
</span><span style="color:#323232;">  #       hard: -1
</span><span style="color:#323232;">  #     nofile:
</span><span style="color:#323232;">  #       soft: 65536
</span><span style="color:#323232;">  #       hard: 65536
</span><span style="color:#323232;">  #   ports:
</span><span style="color:#323232;">  #     - '127.0.0.1:9200:9200'
</span><span style="color:#323232;">
</span><span style="color:#323232;">  web:
</span><span style="color:#323232;">    #build: .
</span><span style="color:#323232;">    #image: ghcr.io/mastodon/mastodon
</span><span style="color:#323232;">    image: tootsuite/mastodon:latest
</span><span style="color:#323232;">    restart: always
</span><span style="color:#323232;">    env_file: .env.production
</span><span style="color:#323232;">    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
</span><span style="color:#323232;">    networks:
</span><span style="color:#323232;">      - external_network
</span><span style="color:#323232;">      - internal_network
</span><span style="color:#323232;">    healthcheck:
</span><span style="color:#323232;">      # prettier-ignore
</span><span style="color:#323232;">      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
</span><span style="color:#323232;">    ports:
</span><span style="color:#323232;">      - '127.0.0.1:3000:3000'
</span><span style="color:#323232;">    depends_on:
</span><span style="color:#323232;">      - db
</span><span style="color:#323232;">      - redis
</span><span style="color:#323232;">      # - es
</span><span style="color:#323232;">    volumes:
</span><span style="color:#323232;">      - ./public/system:/mastodon/public/system
</span><span style="color:#323232;">
</span><span style="color:#323232;">  streaming:
</span><span style="color:#323232;">    #build: .
</span><span style="color:#323232;">    #image: ghcr.io/mastodon/mastodon
</span><span style="color:#323232;">    image: tootsuite/mastodon:latest
</span><span style="color:#323232;">    restart: always
</span><span style="color:#323232;">    env_file: .env.production
</span><span style="color:#323232;">    command: node ./streaming
</span><span style="color:#323232;">    networks:
</span><span style="color:#323232;">      - external_network
</span><span style="color:#323232;">      - internal_network
</span><span style="color:#323232;">    healthcheck:
</span><span style="color:#323232;">      # prettier-ignore
</span><span style="color:#323232;">      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
</span><span style="color:#323232;">    ports:
</span><span style="color:#323232;">      - '127.0.0.1:4000:4000'
</span><span style="color:#323232;">    depends_on:
</span><span style="color:#323232;">      - db
</span><span style="color:#323232;">      - redis
</span><span style="color:#323232;">
</span><span style="color:#323232;">  sidekiq:
</span><span style="color:#323232;">    #build: .
</span><span style="color:#323232;">    #image: ghcr.io/mastodon/mastodon
</span><span style="color:#323232;">    image: tootsuite/mastodon:latest
</span><span style="color:#323232;">    restart: always
</span><span style="color:#323232;">    env_file: .env.production
</span><span style="color:#323232;">    command: bundle exec sidekiq
</span><span style="color:#323232;">    depends_on:
</span><span style="color:#323232;">      - db
</span><span style="color:#323232;">      - redis
</span><span style="color:#323232;">    networks:
</span><span style="color:#323232;">      - external_network
</span><span style="color:#323232;">      - internal_network
</span><span style="color:#323232;">    volumes:
</span><span style="color:#323232;">      - ./public/system:/mastodon/public/system
</span><span style="color:#323232;">    healthcheck:
</span><span style="color:#323232;">      test: ['CMD-SHELL', "ps aux | grep '[s]idekiq 6' || false"]
</span><span style="color:#323232;">
</span><span style="color:#323232;">  ## Uncomment to enable federation with tor instances along with adding the following ENV variables
</span><span style="color:#323232;">  ## http_proxy=http://privoxy:8118
</span><span style="color:#323232;">  ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
</span><span style="color:#323232;">  # tor:
</span><span style="color:#323232;">  #   image: sirboops/tor
</span><span style="color:#323232;">  #   networks:
</span><span style="color:#323232;">  #      - external_network
</span><span style="color:#323232;">  #      - internal_network
</span><span style="color:#323232;">  #
</span><span style="color:#323232;">  # privoxy:
</span><span style="color:#323232;">  #   image: sirboops/privoxy
</span><span style="color:#323232;">  #   volumes:
</span><span style="color:#323232;">  #     - ./priv-config:/opt/config
</span><span style="color:#323232;">  #   networks:
</span><span style="color:#323232;">  #     - external_network
</span><span style="color:#323232;">  #     - internal_network
</span><span style="color:#323232;">
</span><span style="color:#323232;">networks:
</span><span style="color:#323232;">  external_network:
</span><span style="color:#323232;">  internal_network:
</span><span style="color:#323232;">    internal: true
</span>
ablackcatstail ,
@ablackcatstail@lemmy.goblackcat.com avatar

Maybe tell me where you’re stuck and I can help?

  • All
  • Subscribed
  • Moderated
  • Favorites
  • [email protected]
  • random
  • lifeLocal
  • goranko
  • All magazines
    •