From 14eef8c998578f60c895a38f55f58c29691f7c23 Mon Sep 17 00:00:00 2001 From: Dessalines Date: Fri, 23 Jun 2023 07:57:43 -0400 Subject: [PATCH] Updating docker install docs. (#231) * Updating docker install docs. * Reorganizing. --- src/administration/install_docker.md | 145 +++++++++------------------ 1 file changed, 46 insertions(+), 99 deletions(-) diff --git a/src/administration/install_docker.md b/src/administration/install_docker.md index b23a9c0..a73f337 100644 --- a/src/administration/install_docker.md +++ b/src/administration/install_docker.md @@ -3,128 +3,75 @@ Make sure you have both docker and docker-compose(>=`1.24.0`) installed. On Ubuntu, just run `apt install docker-compose docker.io`. Next, ```bash -# create a folder for the lemmy files. the location doesnt matter, you can put this anywhere you want +# Create a folder for the lemmy files. the location doesnt matter, you can put this anywhere you want mkdir /lemmy cd /lemmy +``` -# download default config files -wget https://raw.githubusercontent.com/LemmyNet/lemmy/main/docker/docker-compose.yml -wget https://raw.githubusercontent.com/LemmyNet/lemmy/main/docker/lemmy.hjson +## Download default config files -# Set correct permissions for pictrs folder +These two files contain `{{ }}` braces for variables, such as passwords, and your domain. + +Edit them before starting up lemmy for the first time. + +The images will likely be: [dessalines/lemmy:VERSION](https://hub.docker.com/r/dessalines/lemmy) and [dessalines/lemmy-ui:VERSION](https://hub.docker.com/r/dessalines/lemmy-ui) + +```bash +wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/templates/docker-compose.yml +wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/examples/config.hjson -O lemmy.hjson +``` + +If you'd like further customization, have a look at the [config file](configuration.md) named `lemmy.hjson`, and adjust it accordingly. + +## Database tweaks + +To optimize your database, add this file. + +You can input your system specs, using this tool: https://pgtune.leopard.in.ua/ + +`wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/examples/customPostgresql.conf` + +## Folder permissions + +Set the correct permissions for pictrs folder: + +```bash mkdir -p volumes/pictrs sudo chown -R 991:991 volumes/pictrs ``` -If you'd like a different database password, you should also change it in the `docker-compose.yml` **before** your first run. - -You'll also need to copy the following to `nginx.conf` in the root of your `lemmy` folder. This will ensure the proxy setup by `docker-compose` will function properly: - -``` -worker_processes 1; -events { - worker_connections 1024; -} -http { - upstream lemmy { - # this needs to map to the lemmy (server) docker service hostname - server "lemmy:8536"; - } - upstream lemmy-ui { - # this needs to map to the lemmy-ui docker service hostname - server "lemmy-ui:1234"; - } - - server { - # this is the port inside docker, not the public one yet - listen 80; - # change if needed, this is facing the public web - server_name localhost; - server_tokens off; - - gzip on; - gzip_types text/css application/javascript image/svg+xml; - gzip_vary on; - - # Upload limit, relevant for pictrs - client_max_body_size 20M; - - add_header X-Frame-Options SAMEORIGIN; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - - # frontend general requests - location / { - # distinguish between ui requests and backend - # don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top - set $proxpass "http://lemmy-ui"; - - if ($http_accept ~ "^application/.*$") { - set $proxpass "http://lemmy"; - } - if ($request_method = POST) { - set $proxpass "http://lemmy"; - } - proxy_pass $proxpass; - - rewrite ^(.+)/+$ $1 permanent; - # Send actual client IP upstream - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - - # backend - location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) { - proxy_pass "http://lemmy"; - # proxy common stuff - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - # Send actual client IP upstream - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header Host $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } - } -} -``` - -After this, have a look at the [config file](configuration.md) named `lemmy.hjson`, and adjust it, in particular the hostname, and possibly the db password. Then run: +Finally, run: `docker-compose up -d` -You can access the lemmy-ui at `http://localhost:80` +lemmy-ui is accessible on the server at `http://localhost:{{ lemmy_port }}` -To make Lemmy available outside the server, you need to set up a reverse proxy, like Nginx. You can use the following simple proxy: +## Reverse Proxy / Webserver -Note: If you are planning on running your reverse proxy on port 80, you'll need to update the docker-compose.yml file you just downloaded to change the internal proxy's listening port. If you are setting up Let's Encrypt on the same machine, you'll need to do this. +Here's an optional nginx reverse proxy template, which you can place in `/etc/nginx/sites-enabled` -``` -server { - listen 80; - server_name my_domain.tld; +Alternatively, you can use any other web server such as caddy as a simple reverse proxy. - location / { - proxy_pass http://localhost:LEMMY_PORT; - proxy_set_header Host $host; - include proxy_params; - } -} -``` +Be sure to edit the `{{ }}` to match your domain and port. -### Let's Encrypt +If you're using this, you will need to set up Let's Encrypt. See those instructions below. + +`wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/templates/nginx.conf` + +If you've set up Let's Encrypt and your reverse proxy, you can go to `https://{{ domain }}` + +## Let's Encrypt You should also setup TLS, for example with [Let's Encrypt](https://letsencrypt.org/). [Here's a guide for setting up letsencrypt on Ubuntu](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04). For federation to work, it is important that you do not change any headers that form part of the signature. This includes the `Host` header - you may need to refer to the documentation for your proxy server to pass through the `Host` header unmodified. -## Updating +# Updating -To update to the newest version, you can manually change the version in `docker-compose.yml`. Alternatively, fetch the latest version from our git repo: +To update to the newest version, you can manually change the version in `docker-compose.yml`. Alternatively, fetch the latest version from our [lemmy-ansible](https://github.com/LemmyNet/lemmy-ansible) repo: ```bash -wget https://raw.githubusercontent.com/LemmyNet/lemmy/main/docker/docker-compose.yml +wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/templates/docker-compose.yml +# Then replace the {{ }} vars again docker-compose up -d ```