Nulo/docker-mastodon
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Activity

announce depreciation

Browse source
This commit is contained in:
Wonderfall 2021-04-16 01:31:39 +02:00 committed by GitHub
parent fe1c4ef7fc
commit cdd8a9b974
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 12 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
README.md
View file

@ -2,14 +2,22 @@
A GNU Social-compatible microblogging server : https://github.com/tootsuite/mastodon
Note (Apr. 2021): currently Mastodon "stable" can't be built beacause of some [yanked packages](https://github.com/tootsuite/mastodon/issues/15986). Not only that, but the streaming component refuses to work correctly with node v14. This is fixed in main.
___
⚠️**DEPRECIATED**: don't worry, I'll keep maintaing it for a while. This image was made years ago and needs some rework:
- For instance it uses `su-exec` to degrade privileges, which is fine as an attempt to get a *rootless running* image, but more secure ways to make sure *root* is never used should be preferred.
- As a consequence to that, a newer image should drop all the `chown` instructions at startup time: no more seconds of waiting, even minutes if you're using overlayfs as the storage driver (which is Docker's default). This was fine for flexibility, but users should really learn how to manage the permissions of their volumes.
- It's a pain to maintain, since Mastodon is a very bloated software full of features but also full of dependencies. The streaming server wasn't properly working on 3.3.0 due to an incompatible node.js version.
As I said, I'll keep "maintaing" it for now (I always though of my images as being bases for you own images, really don't run Docker images from random dudes like me from the Internet), but I'll eventually make a brand new image sometime soon. Meaning, you should be prepared to maintain or make your own image, or use the "official one" *(which I'm not a fan of)*. Above all, take care and take security seriously.
___
**Note (Apr. 2021)**: currently Mastodon "stable" can't be built beacause of some [yanked packages](https://github.com/tootsuite/mastodon/issues/15986). Not only that, but the streaming component refuses to work correctly with node v14. This is fixed in main.
#### Why this image?
This image is not the official one. The main difference you can notice is that all processes (web, streaming, sidekiq) are running in a single container, thanks to s6 (a supervision suite). Therefore it's easier to deploy, but not recommended for scaling.
#### Security
As many images from the time it was first made, this image follows the principle of degrading privileges. It runs first as root to ensure permissions are set correctly and then only makes use of the UID/GID of your choice. While I agree it's not perfect (due to Linux insecurity), it seemed the best security/comfort balance at the time and it'll remain so for a while.
#### Features
- Based on Alpine Linux.
- As lightweight as possible.