Docker-Compose: Mastodon v4.0.2 with Traefik v2.9

docker-compose.yml

version: "3.9"

# Install docker on Linux
# curl -fsSL https://get.docker.com | sudo sh

# Variables to fill in:
# Line 44: <LETSENCRYPT_MAIL_ADDRESS> - your mail address for contact with Let's Encrypt
# Line 57: <TRAEFIK_DASHBOARD_ADMIN_PASSWORD> - MD5 hash of your password (use http://www.htaccesstools.com/htpasswd-generator/)
# Line 76: <POSTGRES_PASSWORD> - the password for the postgres db. Use the same during mastodon:setup!
# Lines 52, 110, 136: <DOMAIN> - e.g. social.yourdomain.com (Must have an A record pointing to your box' IP) (AAAA for IPv6 ;)

# Create .env file containing (without the #'s)
# TRAEFIK_DASHBOARD_DOMAIN=dashboard.domain.com
# TRAEFIK_DASHBOARD_ADMIN_PASSWORD=generate_this_with_htpasswd
# POSTGRES_PASSWORD=s3cr3tstr1ng
# DOMAIN=wow.domain.com
# [email protected]
# COMPOSE_PROJECT_NAME=awesome-mastodon

# and edit it to your liking

# Then run in your shell:
# $ touch .mastodon-env
# $ chown 991:991 .mastodon-env
# $ mkdir public
# $ chown -R 991:991 public
# $ docker-compose run --rm -v $(pwd)/.mastodon-env:/opt/mastodon/.env.production web bundle exec rake mastodon:setup
# $ docker-compose up -d

# Standing on the shoulders of: https://gist.github.com/smashnet/38cf7c30cb06427bab78ae5ab0fd2ae3 / https://www.innoq.com/en/blog/traefik-v2-and-mastodon/ / https://gist.github.com/peterrus/0753fc3cf09b33a6253924cfc9f9b32f


services:
  traefik:
    image: traefik:v2.9
    container_name: "traefik"
    restart: always
    command:
#      - "--log.level=DEBUG"
      - "--api.dashboard=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.letsencrypt.acme.email=<LETSENCRYPT_MAIL_ADDRESS>"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    labels:
      - "traefik.enable=true"
      # Dashboard
      - "traefik.http.routers.traefik.rule=(Host(`<DOMAIN>`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`)))"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=letsencrypt"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.middlewares=dashboardauth"
      - "traefik.http.middlewares.dashboardauth.basicauth.users=admin:<TRAEFIK_DASHBOARD_ADMIN_PASSWORD>"
      # HTTPS Redirect
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https@docker"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./letsencrypt:/letsencrypt
    networks:
      - external_network

  db:
    restart: always
    image: postgres:14-alpine
    shm_size: 256mb
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "postgres"]
    environment:
      - POSTGRES_PASSWORD=<POSTGRES_PASSWORD>
      - POSTGRES_HOST_AUTH_METHOD=trust
    volumes:
      - ./postgres:/var/lib/postgresql/data
    networks:
      - internal_network

  redis:
    restart: always
    image: redis:7-alpine
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]
    volumes:
      - ./redis:/data
    networks:
      - internal_network

  web:
    image: tootsuite/mastodon:v4.0.2
    restart: always
    env_file: .mastodon-env
    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
    healthcheck:
      test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:3000/health || exit 1"]
    expose:
      - "3000"
    depends_on:
      - db
      - redis
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=mastodon_external_network"
      - "traefik.http.services.mastodon-web.loadbalancer.server.port=3000"
      - "traefik.http.routers.mastodon-web.rule=Host(`<DOMAIN>`)"
      - "traefik.http.routers.mastodon-web.entrypoints=websecure"
      - "traefik.http.routers.mastodon-web.tls.certresolver=letsencrypt"
    volumes:
      - ./public/system:/mastodon/public/system
    networks:
      - external_network
      - internal_network

  streaming:
    image: tootsuite/mastodon:v4.0.2
    restart: always
    env_file: .mastodon-env
    command: node ./streaming
    healthcheck:
      test: ["CMD-SHELL", "wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1"]
    expose:
      - "4000"
    depends_on:
      - db
      - redis
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=mastodon_external_network"
      - "traefik.http.services.mastodon-streaming.loadbalancer.server.port=4000"
      - "traefik.http.routers.mastodon-streaming.rule=(Host(`<DOMAIN>`) && PathPrefix(`/api/v1/streaming`))"
      - "traefik.http.routers.mastodon-streaming.entrypoints=websecure"
      - "traefik.http.routers.mastodon-streaming.tls.certresolver=letsencrypt"
    networks:
      - external_network
      - internal_network

  sidekiq:
    image: tootsuite/mastodon:v4.0.2
    restart: always
    env_file: .mastodon-env
    command: bundle exec sidekiq
    depends_on:
      - db
      - redis
      - traefik
    volumes:
      - ./public/system:/mastodon/public/system
    networks:
      - external_network
      - internal_network

networks:
  external_network:
    name: mastodon_external_network
  internal_network:
    internal: true