You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
Cat /dev/Nulo dbe5411559 Don't empty ALPINE_VERSION 10 months ago
.github/workflows Update deploy.yml 1 year ago
rootfs set non-root user at build-time 1 year ago
.woodpecker.yml CI: try using settings 10 months ago
Dockerfile Don't empty ALPINE_VERSION 10 months ago
LICENSE add license 1 year ago
README.md Update README.md 1 year ago
thestinger.gpg Verify hardened_malloc with a key in the repo instead of fetching it 10 months ago

README.md

wonderfall/mastodon

Your self-hosted, globally interconnected microblogging community.

Mastodon official website and source code.

Why this image?

This non-official image is intended as an all-in-one (as in monolithic) Mastodon production image. You should use the official image for development purpose or if you want scalability.

Security

Don't run random images from random dudes on the Internet. Ideally, you want to maintain and build it yourself.

Images are scanned every day by Trivy for OS vulnerabilities. They are rebuilt once a week, so you should often update your images regardless of your Mastodon version.

Features

  • Rootless image
  • Based on Alpine Linux
  • Includes hardened_malloc
  • Precompiled assets for Mastodon

Tags

  • latest : latest Mastodon version (or working commit)
  • x.x : latest Mastodon x.x (e.g. 3.4)
  • x.x.x : Mastodon x.x.x (including release candidates)

You can always have a glance here.

Build-time variables

Variable Description Default
MASTODON_VERSION version/commit of Mastodon N/A
REPOSITORY source of Mastodon tootsuite/mastodon

Environment variables you should change

Variable Description Default
UID user id (rebuild to change) 991
GID group id (rebuild to change) 991
RUN_DB_MIGRATIONS run migrations at startup true
SIDEKIQ_WORKERS number of Sidekiq workers 5

Don't forget to provide an environment file for Mastodon itself.

Volumes

Variable Description
/mastodon/public/system data files
/mastodon/log logs

Ports

Port Use
3000 Mastodon web
4000 Mastodon streaming

docker-compose example

Please use your own settings and adjust this example to your needs. Here I use Traefik v2 (already configured to redirect 80 to 443 globally).

version: '2.4'

networks:
  http_network:
    external: true

  mastodon_network:
    external: false
    internal: true

services:
  mastodon:
    image: ghcr.io/wonderfall/mastodon
    container_name: mastodon
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    env_file: /wherever/docker/mastodon/.env.production
    depends_on:
      - mastodon-db
      - mastodon-redis
    volumes:
      - /wherever/docker/mastodon/data:/mastodon/public/system
      - /wherever/docker/mastodon/logs:/mastodon/log
    labels:
      - traefik.enable=true
      - traefik.http.routers.mastodon-web-secure.entrypoints=https
      - traefik.http.routers.mastodon-web-secure.rule=Host(`domain.tld`)
      - traefik.http.routers.mastodon-web-secure.tls=true
      - traefik.http.routers.mastodon-web-secure.middlewares=hsts-headers@file
      - traefik.http.routers.mastodon-web-secure.tls.certresolver=http
      - traefik.http.routers.mastodon-web-secure.service=mastodon-web
      - traefik.http.services.mastodon-web.loadbalancer.server.port=3000
      - traefik.http.routers.mastodon-streaming-secure.entrypoints=https
      - traefik.http.routers.mastodon-streaming-secure.rule=Host(`domain.tld`) && PathPrefix(`/api/v1/streaming`)
      - traefik.http.routers.mastodon-streaming-secure.tls=true
      - traefik.http.routers.mastodon-streaming-secure.middlewares=hsts-headers@file
      - traefik.http.routers.mastodon-streaming-secure.tls.certresolver=http
      - traefik.http.routers.mastodon-streaming-secure.service=mastodon-streaming
      - traefik.http.services.mastodon-streaming.loadbalancer.server.port=4000
      - traefik.docker.network=http_network
    networks:
      - mastodon_network
      - http_network
 
   mastodon-redis:
    image: redis:alpine
    container_name: mastodon-redis
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    volumes:
      - /wherever/docker/mastodon/redis:/data
    networks:
      - mastodon_network

  mastodon-db:
    image: postgres:9.6-alpine
    container_name: mastodon-db
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    volumes:
      - /wherever/docker/mastodon/db:/var/lib/postgresql/data
    environment:
      - POSTGRES_USER=mastodon
      - POSTGRES_DB=mastodon
      - POSTGRES_PASSWORD=supersecretpassword
    networks:
      - mastodon_network

This image has been tested and works great with the gVisor runtime.