docker-mastodon/Dockerfile

142 lines
3.5 KiB
Docker

# -------------- Build-time variables --------------
ARG MASTODON_VERSION=main
ARG MASTODON_REPOSITORY=mastodon/mastodon
ARG ALPINE_VERSION=3.16
ARG HARDENED_MALLOC_VERSION=8
ARG UID=991
ARG GID=991
# ---------------------------------------------------
### Build Hardened Malloc
FROM docker.io/alpine:${ALPINE_VERSION} as build-malloc
ARG HARDENED_MALLOC_VERSION
ARG CONFIG_NATIVE=false
COPY thestinger.gpg /tmp/
RUN apk --no-cache add build-base git gnupg && cd /tmp \
&& gpg --import /tmp/thestinger.gpg \
&& git clone --depth 1 --branch ${HARDENED_MALLOC_VERSION} https://github.com/GrapheneOS/hardened_malloc \
&& cd hardened_malloc && git verify-tag $(git describe --tags) \
&& make CONFIG_NATIVE=${CONFIG_NATIVE}
### Build Mastodon
ARG ALPINE_VERSION
FROM docker.io/alpine:${ALPINE_VERSION} as mastodon-build
ARG MASTODON_VERSION
ARG MASTODON_REPOSITORY
# Install build dependencies
RUN apk --no-cache add -t build-dependencies \
build-base \
gnu-libiconv-dev \
icu-dev \
libidn-dev \
libtool \
libxml2-dev \
libxslt-dev \
postgresql-dev \
protobuf-dev \
python3 \
ruby-dev \
imagemagick \
yarn \
ruby \
ruby-bundler \
git
RUN adduser -g ${GID} -u ${UID} --disabled-password --gecos "" mastodon \
&& mkdir /mastodon \
&& chown mastodon:mastodon /mastodon
USER mastodon
WORKDIR /mastodon
RUN wget -qO- https://github.com/${MASTODON_REPOSITORY}/archive/refs/heads/${MASTODON_VERSION}.tar.gz | tar xz --strip 1
ENV RAILS_SERVE_STATIC_FILES=true \
RAILS_ENV=production \
NODE_ENV=production
RUN bundle config build.nokogiri --use-system-libraries \
&& bundle config set --local clean 'true' && bundle config set --local deployment 'true' \
&& bundle config set --local without 'test development' && bundle config set no-cache 'true' \
&& bundle install -j$(getconf _NPROCESSORS_ONLN)
RUN yarn install --pure-lockfile --ignore-engines \
&& OTP_SECRET=precompile_placeholder SECRET_KEY_BASE=precompile_placeholder bundle exec rails assets:precompile \
&& yarn cache clean
### Mastodon runtime
ARG ALPINE_VERSION
FROM docker.io/alpine:${ALPINE_VERSION} as mastodon
ARG UID
ARG GID
ENV RUN_DB_MIGRATIONS=true \
SIDEKIQ_WORKERS=5 \
BIND=0.0.0.0 \
RAILS_SERVE_STATIC_FILES=true \
RAILS_ENV=production \
NODE_ENV=production \
PATH="${PATH}:/mastodon/bin"
# Install runtime dependencies
RUN apk --no-cache add \
ca-certificates \
ffmpeg \
file \
git \
icu-libs \
imagemagick \
libidn \
libxml2 \
libxslt \
libpq \
openssl \
protobuf \
s6 \
tzdata \
yaml \
readline \
gcompat \
gnu-libiconv \
nodejs \
ruby \
ruby-bundler \
# For hardened_malloc
libgcc \
libstdc++
RUN adduser -g ${GID} -u ${UID} --disabled-password --gecos "" mastodon
USER mastodon
WORKDIR /mastodon
COPY --chown=mastodon:mastodon --from=mastodon-build /mastodon /mastodon
ENV LD_PRELOAD="/usr/local/lib/libhardened_malloc.so"
COPY --from=build-malloc /tmp/hardened_malloc/libhardened_malloc.so /usr/local/lib/
COPY --chown=mastodon:mastodon rootfs/usr/local/bin/run /usr/local/bin/run
COPY --chown=mastodon:mastodon rootfs/etc/s6.d /etc/s6.d
RUN chmod +x /usr/local/bin/* /etc/s6.d/*/* /etc/s6.d/.s6-svscan/*
VOLUME /mastodon/public/system /mastodon/log
EXPOSE 3000 4000
LABEL maintainer="Wonderfall <wonderfall@protonmail.com>" \
description="Your self-hosted, globally interconnected microblogging community"
ENTRYPOINT ["/usr/local/bin/run"]
CMD ["/bin/s6-svscan", "/etc/s6.d"]