peterrus/docker-compose.yml

## docker-compose.yml
version: "3.5"

# Setup:

# Create .env file containing (without the #'s)
# TRAEFIK_DASHBOARD_DOMAIN=dashboard.domain.com
# TRAEFIK_DASHBOARD_ADMIN_PASSWORD=generate_this_with_htpasswd
# POSTGRES_PASSWORD=s3cr3tstr1ng
# DOMAIN=wow.domain.com
# LETS_ENCRYPT_EMAIL=admin@admin.tld
# COMPOSE_PROJECT_NAME=awesome-mastodon

# and edit it to your liking

# Then run in your shell:
# $ touch .mastodon-env
# $ chown 991:991 .mastodon-env
# $ mkdir public
# $ chown -R 991:991 public
# $ docker-compose run --rm -v $(pwd)/.mastodon-env:/opt/mastodon/.env.production web bundle exec rake mastodon:setup
# $ docker-compose up -d

# Standing on the shoulders of: https://gist.github.com/smashnet/38cf7c30cb06427bab78ae5ab0fd2ae3 / https://www.innoq.com/en/blog/traefik-v2-and-mastodon/

services:
  traefik:
    image: traefik:v2.2
    container_name: "traefik"
    restart: always
    command:
      - "--log.level=DEBUG"
      - "--api.dashboard=true"
      - "--accesslog=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=${LETS_ENCRYPT_EMAIL}"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    labels:
      - "traefik.enable=true"
      # Dashboard
      - "traefik.http.routers.traefik.rule=(Host(`${TRAEFIK_DASHBOARD_DOMAIN}`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`)))"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.middlewares=dashboardauth"
      - "traefik.http.middlewares.dashboardauth.basicauth.users=admin:${TRAEFIK_DASHBOARD_ADMIN_PASSWORD}"
      # HTTPS Redirect
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./letsencrypt:/letsencrypt
    networks:
      - external_network

  db:
    restart: always
    image: postgres:9.6-alpine
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "postgres"]
    environment:
      - "POSTGRES_PASSWORD=${POSTGRES_PASSWORD}"
    volumes:
      - ./postgres:/var/lib/postgresql/data
    networks:
      - internal_network

  redis:
    restart: always
    image: redis:5.0-alpine
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
    volumes:
      - ./redis:/data
    networks:
      - internal_network

  web:
    image: tootsuite/mastodon:v3.1.3
    restart: always
    env_file: .mastodon-env
    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "wget -q --spider --proxy=off localhost:3000/health || exit 1",
        ]
    expose:
      - "3000"
    depends_on:
      - db
      - redis
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_external_network"
      - "traefik.http.services.web-${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=3000"
      - "traefik.http.routers.mastodon-web.rule=Host(`${DOMAIN}`)"
      - "traefik.http.routers.mastodon-web.entrypoints=websecure"
      - "traefik.http.routers.mastodon-web.tls.certresolver=letsencrypt"
    volumes:
      - ./public/system:/mastodon/public/system
    networks:
      - external_network
      - internal_network

  streaming:
    image: tootsuite/mastodon:v3.1.3
    restart: always
    env_file: .mastodon-env
    command: node ./streaming
    healthcheck:
      test:
        [
          "CMD-SHELL",
          "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1",
        ]
    expose:
      - "4000"
    depends_on:
      - db
      - redis
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=${COMPOSE_PROJECT_NAME}_external_network"
      - "traefik.http.services.streaming-${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=4000"
      - "traefik.http.routers.mastodon-streaming.rule=(Host(`${DOMAIN}`) && PathPrefix(`/api/v1/streaming`))"
      - "traefik.http.routers.mastodon-streaming.entrypoints=websecure"
      - "traefik.http.routers.mastodon-streaming.tls.certresolver=letsencrypt"
    networks:
      - external_network
      - internal_network

  sidekiq:
    image: tootsuite/mastodon:v3.1.3
    restart: always
    env_file: .mastodon-env
    command: bundle exec sidekiq
    depends_on:
      - db
      - redis
      - traefik
    volumes:
      - ./public/system:/mastodon/public/system
    networks:
      - external_network
      - internal_network

networks:
  external_network:
  internal_network:
    internal: true
	version: "3.5"

	# Setup:

	# Create .env file containing (without the #'s)
	# TRAEFIK_DASHBOARD_DOMAIN=dashboard.domain.com
	# TRAEFIK_DASHBOARD_ADMIN_PASSWORD=generate_this_with_htpasswd
	# POSTGRES_PASSWORD=s3cr3tstr1ng
	# DOMAIN=wow.domain.com
	# LETS_ENCRYPT_EMAIL=admin@admin.tld
	# COMPOSE_PROJECT_NAME=awesome-mastodon

	# and edit it to your liking

	# Then run in your shell:
	# $ touch .mastodon-env
	# $ chown 991:991 .mastodon-env
	# $ mkdir public
	# $ chown -R 991:991 public
	# $ docker-compose run --rm -v $(pwd)/.mastodon-env:/opt/mastodon/.env.production web bundle exec rake mastodon:setup
	# $ docker-compose up -d

	# Standing on the shoulders of: https://gist.github.com/smashnet/38cf7c30cb06427bab78ae5ab0fd2ae3 / https://www.innoq.com/en/blog/traefik-v2-and-mastodon/

	services:
	traefik:
	image: traefik:v2.2
	container_name: "traefik"
	restart: always
	command:
	- "--log.level=DEBUG"
	- "--api.dashboard=true"
	- "--accesslog=true"
	- "--entrypoints.web.address=:80"
	- "--entrypoints.websecure.address=:443"
	- "--providers.docker=true"
	- "--providers.docker.exposedbydefault=false"
	- "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
	- "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
	- "--certificatesresolvers.letsencrypt.acme.email=${LETS_ENCRYPT_EMAIL}"
	- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
	ports:
	- "80:80"
	- "443:443"
	labels:
	- "traefik.enable=true"
	# Dashboard
	- "traefik.http.routers.traefik.rule=(Host(`${TRAEFIK_DASHBOARD_DOMAIN}`) && (PathPrefix(`/api`) \|\| PathPrefix(`/dashboard`)))"
	- "traefik.http.routers.traefik.service=api@internal"
	- "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
	- "traefik.http.routers.traefik.entrypoints=websecure"
	- "traefik.http.routers.traefik.middlewares=dashboardauth"
	- "traefik.http.middlewares.dashboardauth.basicauth.users=admin:${TRAEFIK_DASHBOARD_ADMIN_PASSWORD}"
	# HTTPS Redirect
	- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
	- "traefik.http.routers.http-catchall.entrypoints=web"
	- "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
	- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
	volumes:
	- /var/run/docker.sock:/var/run/docker.sock
	- ./letsencrypt:/letsencrypt
	networks:
	- external_network

	db:
	restart: always
	image: postgres:9.6-alpine
	healthcheck:
	test: ["CMD", "pg_isready", "-U", "postgres"]
	environment:
	- "POSTGRES_PASSWORD=${POSTGRES_PASSWORD}"
	volumes:
	- ./postgres:/var/lib/postgresql/data
	networks:
	- internal_network

	redis:
	restart: always
	image: redis:5.0-alpine
	healthcheck:
	test: ["CMD", "redis-cli", "ping"]
	volumes:
	- ./redis:/data
	networks:
	- internal_network

	web:
	image: tootsuite/mastodon:v3.1.3
	restart: always
	env_file: .mastodon-env
	command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
	healthcheck:
	test:
	[
	"CMD-SHELL",
	"wget -q --spider --proxy=off localhost:3000/health \|\| exit 1",
	]
	expose:
	- "3000"
	depends_on:
	- db
	- redis
	- traefik
	labels:
	- "traefik.enable=true"
	- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_external_network"
	- "traefik.http.services.web-${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=3000"
	- "traefik.http.routers.mastodon-web.rule=Host(`${DOMAIN}`)"
	- "traefik.http.routers.mastodon-web.entrypoints=websecure"
	- "traefik.http.routers.mastodon-web.tls.certresolver=letsencrypt"
	volumes:
	- ./public/system:/mastodon/public/system
	networks:
	- external_network
	- internal_network

	streaming:
	image: tootsuite/mastodon:v3.1.3
	restart: always
	env_file: .mastodon-env
	command: node ./streaming
	healthcheck:
	test:
	[
	"CMD-SHELL",
	"wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health \|\| exit 1",
	]
	expose:
	- "4000"
	depends_on:
	- db
	- redis
	- traefik
	labels:
	- "traefik.enable=true"
	- "traefik.docker.network=${COMPOSE_PROJECT_NAME}_external_network"
	- "traefik.http.services.streaming-${COMPOSE_PROJECT_NAME}.loadbalancer.server.port=4000"
	- "traefik.http.routers.mastodon-streaming.rule=(Host(`${DOMAIN}`) && PathPrefix(`/api/v1/streaming`))"
	- "traefik.http.routers.mastodon-streaming.entrypoints=websecure"
	- "traefik.http.routers.mastodon-streaming.tls.certresolver=letsencrypt"
	networks:
	- external_network
	- internal_network

	sidekiq:
	image: tootsuite/mastodon:v3.1.3
	restart: always
	env_file: .mastodon-env
	command: bundle exec sidekiq
	depends_on:
	- db
	- redis
	- traefik
	volumes:
	- ./public/system:/mastodon/public/system
	networks:
	- external_network
	- internal_network

	networks:
	external_network:
	internal_network:
	internal: true