2021-04-20 20:35:43 +00:00
|
|
|
# -------------- Build-time variables --------------
|
2021-12-09 03:41:31 +00:00
|
|
|
ARG MASTODON_VERSION=main
|
2021-12-09 01:40:53 +00:00
|
|
|
ARG MASTODON_REPOSITORY=mastodon/mastodon
|
2021-04-20 20:35:43 +00:00
|
|
|
|
2021-12-09 03:41:31 +00:00
|
|
|
ARG ALPINE_VERSION=3.15
|
2021-05-28 23:55:51 +00:00
|
|
|
ARG HARDENED_MALLOC_VERSION=8
|
2021-04-18 00:15:18 +00:00
|
|
|
|
2021-04-20 20:35:43 +00:00
|
|
|
ARG UID=991
|
|
|
|
ARG GID=991
|
|
|
|
# ---------------------------------------------------
|
2021-04-18 00:15:18 +00:00
|
|
|
|
2021-04-20 20:35:43 +00:00
|
|
|
|
|
|
|
### Build Hardened Malloc
|
2021-12-09 17:40:13 +00:00
|
|
|
FROM docker.io/alpine:${ALPINE_VERSION} as build-malloc
|
2021-04-17 13:33:31 +00:00
|
|
|
|
2021-06-02 01:29:23 +00:00
|
|
|
ARG CONFIG_NATIVE=false
|
2021-04-17 13:33:31 +00:00
|
|
|
|
2021-12-09 01:31:50 +00:00
|
|
|
COPY thestinger.gpg /tmp/
|
2021-05-14 17:53:14 +00:00
|
|
|
RUN apk --no-cache add build-base git gnupg && cd /tmp \
|
2021-12-09 01:31:50 +00:00
|
|
|
&& gpg --import /tmp/thestinger.gpg \
|
2021-05-14 17:53:14 +00:00
|
|
|
&& git clone --depth 1 --branch ${HARDENED_MALLOC_VERSION} https://github.com/GrapheneOS/hardened_malloc \
|
|
|
|
&& cd hardened_malloc && git verify-tag $(git describe --tags) \
|
2021-06-02 01:29:23 +00:00
|
|
|
&& make CONFIG_NATIVE=${CONFIG_NATIVE}
|
2021-04-17 13:33:31 +00:00
|
|
|
|
2018-06-12 14:54:14 +00:00
|
|
|
|
2021-12-09 03:41:31 +00:00
|
|
|
### Build Mastodon
|
2021-12-09 17:40:13 +00:00
|
|
|
FROM docker.io/alpine:${ALPINE_VERSION} as mastodon-build
|
2021-12-09 03:41:31 +00:00
|
|
|
|
|
|
|
# Install build dependencies
|
|
|
|
RUN apk --no-cache add -t build-dependencies \
|
|
|
|
build-base \
|
|
|
|
gnu-libiconv-dev \
|
|
|
|
icu-dev \
|
|
|
|
libidn-dev \
|
|
|
|
libtool \
|
|
|
|
libxml2-dev \
|
|
|
|
libxslt-dev \
|
|
|
|
postgresql-dev \
|
|
|
|
protobuf-dev \
|
|
|
|
python3 \
|
|
|
|
ruby-dev \
|
|
|
|
imagemagick \
|
|
|
|
yarn \
|
|
|
|
ruby \
|
|
|
|
ruby-bundler
|
2021-04-18 00:15:18 +00:00
|
|
|
|
2021-12-09 03:41:31 +00:00
|
|
|
RUN adduser -g ${GID} -u ${UID} --disabled-password --gecos "" mastodon \
|
|
|
|
&& mkdir /mastodon \
|
|
|
|
&& chown mastodon:mastodon /mastodon
|
|
|
|
USER mastodon
|
|
|
|
WORKDIR /mastodon
|
2021-04-18 00:15:18 +00:00
|
|
|
|
2021-12-09 03:41:31 +00:00
|
|
|
RUN wget -qO- https://github.com/${MASTODON_REPOSITORY}/archive/refs/heads/${MASTODON_VERSION}.tar.gz | tar xz --strip 1
|
2021-04-18 00:15:18 +00:00
|
|
|
|
2021-12-09 03:41:31 +00:00
|
|
|
ENV RAILS_SERVE_STATIC_FILES=true \
|
|
|
|
RAILS_ENV=production \
|
|
|
|
NODE_ENV=production
|
2021-04-18 00:15:18 +00:00
|
|
|
|
2021-12-09 03:41:31 +00:00
|
|
|
RUN bundle config build.nokogiri --use-system-libraries \
|
|
|
|
&& bundle config set --local clean 'true' && bundle config set --local deployment 'true' \
|
|
|
|
&& bundle config set --local without 'test development' && bundle config set no-cache 'true' \
|
|
|
|
&& bundle install -j$(getconf _NPROCESSORS_ONLN)
|
2018-06-12 14:54:14 +00:00
|
|
|
|
2021-12-09 03:41:31 +00:00
|
|
|
RUN yarn install --pure-lockfile --ignore-engines \
|
|
|
|
&& OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder bundle exec rails assets:precompile \
|
|
|
|
&& yarn cache clean
|
|
|
|
|
|
|
|
|
|
|
|
### Mastodon runtime
|
2021-12-09 17:40:13 +00:00
|
|
|
FROM docker.io/alpine:${ALPINE_VERSION} as mastodon
|
2021-04-20 20:35:43 +00:00
|
|
|
|
|
|
|
ENV RUN_DB_MIGRATIONS=true \
|
2018-06-12 14:54:14 +00:00
|
|
|
SIDEKIQ_WORKERS=5 \
|
2020-06-02 02:37:29 +00:00
|
|
|
BIND=0.0.0.0 \
|
2018-06-12 14:54:14 +00:00
|
|
|
RAILS_SERVE_STATIC_FILES=true \
|
|
|
|
RAILS_ENV=production \
|
|
|
|
NODE_ENV=production \
|
2021-12-09 03:41:31 +00:00
|
|
|
PATH="${PATH}:/mastodon/bin"
|
2018-06-12 14:54:14 +00:00
|
|
|
|
2021-04-18 00:15:18 +00:00
|
|
|
# Install runtime dependencies
|
|
|
|
RUN apk --no-cache add \
|
2018-06-12 14:54:14 +00:00
|
|
|
ca-certificates \
|
|
|
|
ffmpeg \
|
|
|
|
file \
|
|
|
|
git \
|
|
|
|
icu-libs \
|
|
|
|
imagemagick \
|
|
|
|
libidn \
|
2019-03-11 21:06:00 +00:00
|
|
|
libxml2 \
|
|
|
|
libxslt \
|
2018-06-12 14:54:14 +00:00
|
|
|
libpq \
|
2019-03-11 21:06:00 +00:00
|
|
|
openssl \
|
2018-06-12 14:54:14 +00:00
|
|
|
protobuf \
|
|
|
|
s6 \
|
|
|
|
tzdata \
|
2020-06-02 02:37:29 +00:00
|
|
|
yaml \
|
|
|
|
readline \
|
|
|
|
gcompat \
|
2021-12-09 03:41:31 +00:00
|
|
|
gnu-libiconv \
|
|
|
|
nodejs \
|
|
|
|
ruby \
|
|
|
|
ruby-bundler \
|
|
|
|
# For hardened_malloc
|
|
|
|
libgcc \
|
|
|
|
libstdc++
|
|
|
|
|
|
|
|
RUN adduser -g ${GID} -u ${UID} --disabled-password --gecos "" mastodon
|
|
|
|
USER mastodon
|
|
|
|
WORKDIR /mastodon
|
2021-04-17 14:46:24 +00:00
|
|
|
|
2021-12-09 03:41:31 +00:00
|
|
|
COPY --chown=mastodon:mastodon --from=mastodon-build /mastodon /mastodon
|
2018-06-12 14:54:14 +00:00
|
|
|
|
2021-12-09 03:41:31 +00:00
|
|
|
ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"
|
|
|
|
COPY --from=build-malloc /tmp/hardened_malloc/libhardened_malloc.so /usr/local/lib/
|
2018-06-12 14:54:14 +00:00
|
|
|
|
2021-12-09 03:41:31 +00:00
|
|
|
COPY --chown=mastodon:mastodon rootfs/usr/local/bin/run /usr/local/bin/run
|
|
|
|
COPY --chown=mastodon:mastodon rootfs/etc/s6.d /etc/s6.d
|
|
|
|
RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
|
2021-04-17 14:46:24 +00:00
|
|
|
|
2018-06-12 14:54:14 +00:00
|
|
|
VOLUME /mastodon/public/system /mastodon/log
|
|
|
|
|
|
|
|
EXPOSE 3000 4000
|
|
|
|
|
2021-04-18 00:15:18 +00:00
|
|
|
LABEL maintainer="Wonderfall <wonderfall@protonmail.com>" \
|
2018-06-12 14:54:14 +00:00
|
|
|
description="Your self-hosted, globally interconnected microblogging community"
|
|
|
|
|
|
|
|
ENTRYPOINT ["/usr/local/bin/run"]
|
2021-04-20 20:35:43 +00:00
|
|
|
|
2018-06-12 14:54:14 +00:00
|
|
|
CMD ["/bin/s6-svscan", "/etc/s6.d"]
|