Updating docker install docs. (#231)

* Updating docker install docs.

* Reorganizing.
This commit is contained in:
Dessalines 2023-06-23 07:57:43 -04:00 committed by GitHub
parent 17588effe9
commit 14eef8c998
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -3,128 +3,75 @@
Make sure you have both docker and docker-compose(>=`1.24.0`) installed. On Ubuntu, just run `apt install docker-compose docker.io`. Next, Make sure you have both docker and docker-compose(>=`1.24.0`) installed. On Ubuntu, just run `apt install docker-compose docker.io`. Next,
```bash ```bash
# create a folder for the lemmy files. the location doesnt matter, you can put this anywhere you want # Create a folder for the lemmy files. the location doesnt matter, you can put this anywhere you want
mkdir /lemmy mkdir /lemmy
cd /lemmy cd /lemmy
```
# download default config files ## Download default config files
wget https://raw.githubusercontent.com/LemmyNet/lemmy/main/docker/docker-compose.yml
wget https://raw.githubusercontent.com/LemmyNet/lemmy/main/docker/lemmy.hjson
# Set correct permissions for pictrs folder These two files contain `{{ }}` braces for variables, such as passwords, and your domain.
Edit them before starting up lemmy for the first time.
The images will likely be: [dessalines/lemmy:VERSION](https://hub.docker.com/r/dessalines/lemmy) and [dessalines/lemmy-ui:VERSION](https://hub.docker.com/r/dessalines/lemmy-ui)
```bash
wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/templates/docker-compose.yml
wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/examples/config.hjson -O lemmy.hjson
```
If you'd like further customization, have a look at the [config file](configuration.md) named `lemmy.hjson`, and adjust it accordingly.
## Database tweaks
To optimize your database, add this file.
You can input your system specs, using this tool: https://pgtune.leopard.in.ua/
`wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/examples/customPostgresql.conf`
## Folder permissions
Set the correct permissions for pictrs folder:
```bash
mkdir -p volumes/pictrs mkdir -p volumes/pictrs
sudo chown -R 991:991 volumes/pictrs sudo chown -R 991:991 volumes/pictrs
``` ```
If you'd like a different database password, you should also change it in the `docker-compose.yml` **before** your first run. Finally, run:
You'll also need to copy the following to `nginx.conf` in the root of your `lemmy` folder. This will ensure the proxy setup by `docker-compose` will function properly:
```
worker_processes 1;
events {
worker_connections 1024;
}
http {
upstream lemmy {
# this needs to map to the lemmy (server) docker service hostname
server "lemmy:8536";
}
upstream lemmy-ui {
# this needs to map to the lemmy-ui docker service hostname
server "lemmy-ui:1234";
}
server {
# this is the port inside docker, not the public one yet
listen 80;
# change if needed, this is facing the public web
server_name localhost;
server_tokens off;
gzip on;
gzip_types text/css application/javascript image/svg+xml;
gzip_vary on;
# Upload limit, relevant for pictrs
client_max_body_size 20M;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
# frontend general requests
location / {
# distinguish between ui requests and backend
# don't change lemmy-ui or lemmy here, they refer to the upstream definitions on top
set $proxpass "http://lemmy-ui";
if ($http_accept ~ "^application/.*$") {
set $proxpass "http://lemmy";
}
if ($request_method = POST) {
set $proxpass "http://lemmy";
}
proxy_pass $proxpass;
rewrite ^(.+)/+$ $1 permanent;
# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# backend
location ~ ^/(api|pictrs|feeds|nodeinfo|.well-known) {
proxy_pass "http://lemmy";
# proxy common stuff
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Send actual client IP upstream
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
}
```
After this, have a look at the [config file](configuration.md) named `lemmy.hjson`, and adjust it, in particular the hostname, and possibly the db password. Then run:
`docker-compose up -d` `docker-compose up -d`
You can access the lemmy-ui at `http://localhost:80` lemmy-ui is accessible on the server at `http://localhost:{{ lemmy_port }}`
To make Lemmy available outside the server, you need to set up a reverse proxy, like Nginx. You can use the following simple proxy: ## Reverse Proxy / Webserver
Note: If you are planning on running your reverse proxy on port 80, you'll need to update the docker-compose.yml file you just downloaded to change the internal proxy's listening port. If you are setting up Let's Encrypt on the same machine, you'll need to do this. Here's an optional nginx reverse proxy template, which you can place in `/etc/nginx/sites-enabled`
``` Alternatively, you can use any other web server such as caddy as a simple reverse proxy.
server {
listen 80;
server_name my_domain.tld;
location / { Be sure to edit the `{{ }}` to match your domain and port.
proxy_pass http://localhost:LEMMY_PORT;
proxy_set_header Host $host;
include proxy_params;
}
}
```
### Let's Encrypt If you're using this, you will need to set up Let's Encrypt. See those instructions below.
`wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/templates/nginx.conf`
If you've set up Let's Encrypt and your reverse proxy, you can go to `https://{{ domain }}`
## Let's Encrypt
You should also setup TLS, for example with [Let's Encrypt](https://letsencrypt.org/). [Here's a guide for setting up letsencrypt on Ubuntu](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04). You should also setup TLS, for example with [Let's Encrypt](https://letsencrypt.org/). [Here's a guide for setting up letsencrypt on Ubuntu](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-20-04).
For federation to work, it is important that you do not change any headers that form part of the signature. This includes the `Host` header - you may need to refer to the documentation for your proxy server to pass through the `Host` header unmodified. For federation to work, it is important that you do not change any headers that form part of the signature. This includes the `Host` header - you may need to refer to the documentation for your proxy server to pass through the `Host` header unmodified.
## Updating # Updating
To update to the newest version, you can manually change the version in `docker-compose.yml`. Alternatively, fetch the latest version from our git repo: To update to the newest version, you can manually change the version in `docker-compose.yml`. Alternatively, fetch the latest version from our [lemmy-ansible](https://github.com/LemmyNet/lemmy-ansible) repo:
```bash ```bash
wget https://raw.githubusercontent.com/LemmyNet/lemmy/main/docker/docker-compose.yml wget https://raw.githubusercontent.com/LemmyNet/lemmy-ansible/main/templates/docker-compose.yml
# Then replace the {{ }} vars again
docker-compose up -d docker-compose up -d
``` ```