The redis error can be ignored. It’s working (login, mailing, registration, fave) but with nginx on port 443 so one needs to disable httpd which is a NethServer base package required for all apps.
I used this gist in addition to the documentation provided by @danb35
So next step is migrating the nginx reverse proxy configuration to apache if possible…
Installation:
yum -y install https://mrmarkuz.dynu.net/mirror/mrmarkuz/7/noarch/nethserver-mrmarkuz-0.0.1-6.ns7.noarch.rpm
yum -y install nethserver-docker nethserver-nginx
curl -L "https://github.com/docker/compose/releases/download/1.28.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
chmod +x /usr/local/bin/docker-compose
mkdir /opt/mastodon
cd /opt/mastodon
Just get docker-compose.yml
from github, the whole build environment isn’t needed:
wget https://raw.githubusercontent.com/mastodon/mastodon/main/docker-compose.yml
Comment the build statements to not build the images, this saves a lot of time (only needed if we like to change mastodon code)
sed -i "s/ build/#build/g" docker-compose.yml
Start setup:
touch .env.production
docker-compose run --rm web bundle exec rake mastodon:setup
As already explained set a password for postgres, no password for redis needed.
Copy the admin password and write the configuration output of the setup to the file .env.production.
Start docker and connect required aqua network for reverse proxy:
docker-compose up -d
docker network connect aqua mastodon_web_1
Add https redirect and reverse proxy by creating /etc/nginx/conf.d/mastodon.conf
with following content and replace domain.org
with the used domain name:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen [::]:80;
server_name domain.org;
root /opt/mastodon/public;
# Useful for Let's Encrypt
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.org;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_certificate /etc/pki/tls/certs/localhost.crt;
ssl_certificate_key /etc/pki/tls/private/localhost.key;
keepalive_timeout 70;
sendfile on;
client_max_body_size 80m;
root /opt/mastodon/public;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age=31536000";
location / {
try_files $uri @proxy;
}
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
add_header Cache-Control "public, max-age=31536000, immutable";
try_files $uri @proxy;
}
location /sw.js {
add_header Cache-Control "public, max-age=0";
try_files $uri @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://127.0.0.1:3000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
location /api/v1/streaming {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass http://127.0.0.1:4000;
proxy_buffering off;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
tcp_nodelay on;
}
error_page 500 501 502 503 504 /500.html;
}
Disable httpd and enable nginx
systemctl disable httpd --now
systemctl enable nginx
systemctl restart nginx
Browse to the configured domain and login with admin mail and the noted password from the setup.