From 98bae1316fa505aa4605b0999dbe4d68553613ba Mon Sep 17 00:00:00 2001 From: Christian Winther Date: Wed, 17 Jan 2024 17:51:37 +0000 Subject: [PATCH] cleanup .env.docker variable names and placement in the file --- .env.docker | 413 ++++++++++-------- docker-compose.migrate.yml | 6 +- docker-compose.yml | 112 ++--- docker/customizing.md | 8 +- docker/faq.md | 4 +- docker/migration.md | 10 +- .../docker/entrypoint.d/01-permissions.sh | 6 +- .../entrypoint.d/11-first-time-setup.sh | 6 +- docker/shared/root/docker/helpers.sh | 2 +- 9 files changed, 308 insertions(+), 259 deletions(-) diff --git a/.env.docker b/.env.docker index 9c440d37e..25914af89 100644 --- a/.env.docker +++ b/.env.docker @@ -1,3 +1,4 @@ +#!/bin/bash # -*- mode: bash -*- # vi: ft=bash @@ -7,19 +8,6 @@ # Pixelfed application configuration ################################################################################ -# The docker tag prefix to use for pulling images, can be one of -# -# * latest -# * -# * staging -# * edge -# * branch- -# * pr- -# -# Combined with [DOCKER_RUNTIME] and [PHP_VERSION] configured -# elsewhere in this file, the final Docker tag is computed. -PIXELFED_RELEASE="branch-jippi-fork" - # A random 32-character string to be used as an encryption key. # # !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! @@ -207,7 +195,7 @@ APP_TIMEZONE="UTC" # Defaults to "Pixelfed - Photo sharing for everyone". # # See: https://docs.pixelfed.org/technical-documentation/config/#instance_description -#INSTANCE_DESCRIPTION= +#INSTANCE_DESCRIPTION="" # Defaults to "false". # @@ -227,7 +215,7 @@ INSTANCE_CONTACT_EMAIL="admin@${APP_DOMAIN}" # Defaults to "". # # See: https://docs.pixelfed.org/technical-documentation/config/#banned_usernames -#BANNED_USERNAMES= +#BANNED_USERNAMES="" # Defaults to "false". # @@ -263,7 +251,7 @@ LETSENCRYPT_EMAIL="__CHANGE_ME__" # Database version to use (as Docker tag) # # See: https://hub.docker.com/_/mariadb -#DB_VERSION="11.2" +DB_VERSION="11.2" # Here you may specify which of the database connections below # you wish to use as your default connection for all database work. @@ -361,12 +349,12 @@ MAIL_FROM_NAME="Pixelfed @ ${APP_DOMAIN}" # Defaults to "". # # See: https://docs.pixelfed.org/technical-documentation/config/#mail_username -#MAIL_USERNAME= +#MAIL_USERNAME="" # Defaults to "". # # See: https://docs.pixelfed.org/technical-documentation/config/#mail_password -#MAIL_PASSWORD= +#MAIL_PASSWORD="" # Here you may specify the encryption protocol that should be used when the application send e-mail messages. # @@ -381,11 +369,6 @@ MAIL_FROM_NAME="Pixelfed @ ${APP_DOMAIN}" # Redis configuration ################################################################################ -# Redis version to use as Docker tag -# -# See: https://hub.docker.com/_/redis -#REDIS_VERSION="7.2" - # Defaults to "phpredis". # # See: https://docs.pixelfed.org/technical-documentation/config/#redis_client @@ -401,17 +384,17 @@ MAIL_FROM_NAME="Pixelfed @ ${APP_DOMAIN}" # See: https://docs.pixelfed.org/technical-documentation/config/#redis_host REDIS_HOST="redis" -# Defaults to null. +# Defaults to null (not set/commented out). # # See: https://docs.pixelfed.org/technical-documentation/config/#redis_password #REDIS_PASSWORD= -# Defaults to 6379. +# Defaults to "6379". # # See: https://docs.pixelfed.org/technical-documentation/config/#redis_port -#REDIS_PORT="6379" +REDIS_PORT="6379" -# Defaults to 0. +# Defaults to "0". # # See: https://docs.pixelfed.org/technical-documentation/config/#redis_database #REDIS_DATABASE="0" @@ -595,26 +578,26 @@ ACTIVITY_PUB="true" #MEDIA_DELETE_LOCAL_AFTER_CLOUD="true" ################################################################################ -# Storage (cloud) - S3 andS S3 *compatible* providers (most of them) +# Storage (cloud) - S3 andS S3 *compatible* providers ################################################################################ # See: https://docs.pixelfed.org/technical-documentation/config/#aws_access_key_id -#AWS_ACCESS_KEY_ID= +#AWS_ACCESS_KEY_ID="" # See: https://docs.pixelfed.org/technical-documentation/config/#aws_secret_access_key -#AWS_SECRET_ACCESS_KEY= +#AWS_SECRET_ACCESS_KEY="" # See: https://docs.pixelfed.org/technical-documentation/config/#aws_default_region -#AWS_DEFAULT_REGION= +#AWS_DEFAULT_REGION="" # See: https://docs.pixelfed.org/technical-documentation/config/#aws_bucket -#AWS_BUCKET= +#AWS_BUCKET="" # See: https://docs.pixelfed.org/technical-documentation/config/#aws_url -#AWS_URL= +#AWS_URL="" # See: https://docs.pixelfed.org/technical-documentation/config/#aws_endpoint -#AWS_ENDPOINT= +#AWS_ENDPOINT="" # See: https://docs.pixelfed.org/technical-documentation/config/#aws_use_path_style_endpoint #AWS_USE_PATH_STYLE_ENDPOINT="false" @@ -625,60 +608,60 @@ ACTIVITY_PUB="true" # Comma-separated list of domains to block. # -# Defaults to null +# Defaults to null (not set/commented out). # # See: https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_domains -#CS_BLOCKED_DOMAINS= +#CS_BLOCKED_DOMAINS="" # Comma-separated list of domains to add warnings. # -# Defaults to null. +# Defaults to null (not set/commented out). # # See: https://docs.pixelfed.org/technical-documentation/config/#cs_cw_domains -#CS_CW_DOMAINS= +#CS_CW_DOMAINS="" # Comma-separated list of domains to remove from public timelines. # -# Defaults to null. +# Defaults to null (not set/commented out). # # See: https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_domains -#CS_UNLISTED_DOMAINS= +#CS_UNLISTED_DOMAINS="" # Comma-separated list of keywords to block. # -# Defaults to null. +# Defaults to null (not set/commented out). # # See: https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_keywords -#CS_BLOCKED_KEYWORDS= +#CS_BLOCKED_KEYWORDS="" # Comma-separated list of keywords to add warnings. # -# Defaults to null. +# Defaults to null (not set/commented out). # # See: https://docs.pixelfed.org/technical-documentation/config/#cs_cw_keywords -#CS_CW_KEYWORDS= +#CS_CW_KEYWORDS="" # Comma-separated list of keywords to remove from public timelines. # -# Defaults to null. +# Defaults to null (not set/commented out). # # See: https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_keywords -#CS_UNLISTED_KEYWORDS= +#CS_UNLISTED_KEYWORDS="" -# Defaults to null. +# Defaults to null (not set/commented out). # # See: https://docs.pixelfed.org/technical-documentation/config/#cs_blocked_actor -#CS_BLOCKED_ACTOR= +#CS_BLOCKED_ACTOR="" -# Defaults to null. +# Defaults to null (not set/commented out). # # See: https://docs.pixelfed.org/technical-documentation/config/#cs_cw_actor -#CS_CW_ACTOR= +#CS_CW_ACTOR="" -# Defaults to null. +# Defaults to null (not set/commented out). # # See: https://docs.pixelfed.org/technical-documentation/config/#cs_unlisted_actor -#CS_UNLISTED_ACTOR= +#CS_UNLISTED_ACTOR="" ############################################################### # Media @@ -730,14 +713,14 @@ LOG_CHANNEL="stderr" # Defaults to "". # # See: https://docs.pixelfed.org/technical-documentation/config/#log_stderr_formatter -#LOG_STDERR_FORMATTER= +#LOG_STDERR_FORMATTER="" # Used by slack. # # Defaults to "". # # See: https://docs.pixelfed.org/technical-documentation/config/#log_slack_webhook_url -#LOG_SLACK_WEBHOOK_URL= +#LOG_SLACK_WEBHOOK_URL="" ############################################################### # Broadcasting settings @@ -795,7 +778,7 @@ QUEUE_DRIVER="redis" # Defaults to "https://sqs.us-east-1.amazonaws.com/your-account-id". # # See: https://docs.pixelfed.org/technical-documentation/config/#sqs_prefix -#SQS_PREFIX= +#SQS_PREFIX="" # Defaults to "your-queue-name". # @@ -879,60 +862,18 @@ TRUST_PROXIES="*" # variables when that is more convenient. # See: https://docs.pixelfed.org/technical-documentation/config/#passport_private_key -#PASSPORT_PRIVATE_KEY= +#PASSPORT_PRIVATE_KEY="" # See: https://docs.pixelfed.org/technical-documentation/config/#passport_public_key -#PASSPORT_PUBLIC_KEY= +#PASSPORT_PUBLIC_KEY="" ############################################################### # PHP configuration ############################################################### -# The PHP version to use for [web] and [worker] container -# -# Any version published on https://hub.docker.com/_/php should work -# -# Example: -# -# * 8.1 -# * 8.2 -# * 8.2.14 -# * latest -# -# Do *NOT* use the full Docker tag (e.g. "8.3.2RC1-fpm-bullseye") -# *only* the version part. The rest of the full tag is derived from -# the [DOCKER_RUNTIME] and [PHP_DEBIAN_RELEASE] settings -PHP_VERSION="8.1" - # See: https://www.php.net/manual/en/ini.core.php#ini.memory-limit #PHP_MEMORY_LIMIT="128M" -# The Debian release variant to use of the [php] Docker image -#PHP_DEBIAN_RELEASE="bullseye" - -# The [php] Docker image base type -# -# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/runtimes.md -#PHP_BASE_TYPE="apache" - -# List of extra APT packages (separated by space) to install when building -# locally using [docker compose build]. -# -# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md -#APT_PACKAGES_EXTRA="" - -# List of *extra* PECL extensions (separated by space) to install when -# building locally using [docker compose build]. -# -# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md -#PHP_PECL_EXTENSIONS_EXTRA="" - -# List of *extra* PHP extensions (separated by space) to install when -# building locally using [docker compose build]. -# -# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md -#PHP_EXTENSIONS_EXTRA="" - ################################################################################ # Other configuration ################################################################################ @@ -951,9 +892,64 @@ PHP_VERSION="8.1" TZ="${APP_TIMEZONE}" ################################################################################ -# Docker Specific configuration +# Docker configuraton for *all* services ################################################################################ +# Prefix for container names (without any dash at the end) +DOCKER_ALL_CONTAINER_NAME_PREFIX="${APP_DOMAIN}" + +# How often Docker health check should run for all services +# +# Can be overridden by individual [DOCKER_*_HEALTHCHECK_INTERVAL] settings further down +DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL="10s" + +# Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store their data +DOCKER_ALL_HOST_DATA_ROOT_PATH="./docker-compose-state/data" + +# Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store their confguration +DOCKER_ALL_HOST_CONFIG_ROOT_PATH="./docker-compose-state/config" + +################################################################################ +# Docker [web] + [worker] (also know as "app") shared service configuration +################################################################################ + +# The docker tag prefix to use for pulling images, can be one of +# +# * latest +# * +# * staging +# * edge +# * branch- +# * pr- +# +# Combined with [DOCKER_APP_RUNTIME] and [PHP_VERSION] configured +# elsewhere in this file, the final Docker tag is computed. +DOCKER_APP_RELEASE="branch-jippi-fork" + +# The PHP version to use for [web] and [worker] container +# +# Any version published on https://hub.docker.com/_/php should work +# +# Example: +# +# * 8.1 +# * 8.2 +# * 8.2.14 +# * latest +# +# Do *NOT* use the full Docker tag (e.g. "8.3.2RC1-fpm-bullseye") +# *only* the version part. The rest of the full tag is derived from +# the [DOCKER_APP_RUNTIME] and [PHP_DEBIAN_RELEASE] settings +DOCKER_APP_PHP_VERSION="8.2" + +# The [php] Docker image base type +# +# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/runtimes.md +DOCKER_APP_BASE_TYPE="apache" + +# The Debian release variant to use of the [php] Docker image +DOCKER_APP_DEBIAN_RELEASE="bullseye" + # Image to pull the Pixelfed Docker images from. # # Example values: @@ -962,103 +958,29 @@ TZ="${APP_TIMEZONE}" # * "pixelfed/pixelfed" to pull from DockerHub # * "your/fork" to pull from a custom fork # -DOCKER_IMAGE="ghcr.io/jippi/pixelfed" +DOCKER_APP_IMAGE="ghcr.io/jippi/pixelfed" # The container runtime to use. # # See: https://github.com/jippi/pixelfed/blob/jippi-fork/docker/runtimes.md -DOCKER_RUNTIME="apache" +DOCKER_APP_RUNTIME="apache" # Pixelfed version (image tag) to pull from the registry. # # See: https://github.com/pixelfed/pixelfed/pkgs/container/pixelfed -DOCKER_TAG="${PIXELFED_RELEASE}-${DOCKER_RUNTIME}-${PHP_VERSION}" - -# Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store their data -DOCKER_DATA_ROOT="./docker-compose-state/data" - -# Path (relative to the docker-compose.yml) or absolute (/some/other/path) where containers will store their confguration -DOCKER_CONFIG_ROOT="./docker-compose-state/config" - -# Path (on host system) where the [db] container will store its data -# -# Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) -DOCKER_DB_DATA_PATH="${DOCKER_DATA_ROOT}/db" - -# Path (on host system) where the [redis] container will store its data -# -# Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) -DOCKER_REDIS_DATA_PATH="${DOCKER_DATA_ROOT}/redis" +DOCKER_APP_TAG="${DOCKER_APP_RELEASE}-${DOCKER_APP_RUNTIME}-${DOCKER_APP_PHP_VERSION}" # Path (on host system) where the [app] + [worker] container will write # its [storage] data (e.g uploads/images/profile pictures etc.). # # Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) -DOCKER_APP_STORAGE_PATH="${DOCKER_DATA_ROOT}/pixelfed/storage" +DOCKER_APP_HOST_STORAGE_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/pixelfed/storage" # Path (on host system) where the [app] + [worker] container will write # its [cache] data. # # Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) -DOCKER_APP_CACHE_PATH="${DOCKER_DATA_ROOT}/pixelfed/cache" - -# How often Docker health check should run for all services -# -# Can be overridden by individual [DOCKER_*_HEALTHCHECK_INTERVAL] settings further down -DOCKER_DEFAULT_HEALTHCHECK_INTERVAL="10s" - -# Port that Redis will listen on *outside* the container (e.g. the host machine) -DOCKER_REDIS_PORT_EXTERNAL="${REDIS_PORT:-6379}" - -# The filename that Redis should store its config file within -# -# NOTE: The file *MUST* exists (even empty) before enabling this setting! -# -# Use a command like [touch "${DOCKER_CONFIG_ROOT}/redis/redis.conf"] to create it. -# -# Defaults to "" -#DOCKER_REDIS_CONFIG_FILE="/etc/redis/redis.conf" - -# How often Docker health check should run for [redis] service -DOCKER_REDIS_HEALTHCHECK_INTERVAL="${DOCKER_DEFAULT_HEALTHCHECK_INTERVAL}" - -# Port that the database will listen on *outside* the container (e.g. the host machine) -# -# Use "3306" for MySQL/MariaDB and "5432" for PostgreeSQL -DOCKER_DB_PORT_EXTERNAL="${DB_PORT}" - -# How often Docker health check should run for [db] service -DOCKER_DB_HEALTHCHECK_INTERVAL="${DOCKER_DEFAULT_HEALTHCHECK_INTERVAL}" - -# Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTP traffic -DOCKER_PROXY_PORT_EXTERNAL_HTTP="80" - -# Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTPS traffic -DOCKER_PROXY_PORT_EXTERNAL_HTTPS="443" - -# Port to expose [web] container will listen on *outside* the container (e.g. the host machine) for *HTTP* traffic only -DOCKER_WEB_PORT_EXTERNAL_HTTP="8080" - -# How often Docker health check should run for [web] service -DOCKER_WEB_HEALTHCHECK_INTERVAL="${DOCKER_DEFAULT_HEALTHCHECK_INTERVAL}" - -# How often Docker health check should run for [worker] service -DOCKER_WORKER_HEALTHCHECK_INTERVAL="${DOCKER_DEFAULT_HEALTHCHECK_INTERVAL}" - -# Path to the Docker socket on the *host* -DOCKER_HOST_SOCKET_PATH="/var/run/docker.sock" - -# Prefix for container names (without any dash at the end) -DOCKER_CONTAINER_NAME_PREFIX="${APP_DOMAIN}" - -# Set this to a non-empty value (e.g. "disabled") to disable the [proxy] and [proxy-acme] service -DOCKER_PROXY_PROFILE="" - -# Set this to a non-empty value (e.g. "disabled") to disable the [proxy-acme] service -DOCKER_PROXY_ACME_PROFILE="${DOCKER_PROXY_PROFILE}" - -# How often Docker health check should run for [proxy] service -DOCKER_PROXY_HEALTHCHECK_INTERVAL="${DOCKER_DEFAULT_HEALTHCHECK_INTERVAL}" +DOCKER_APP_HOST_CACHE_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/pixelfed/cache" # Automatically run "One-time setup tasks" commands. # @@ -1067,7 +989,7 @@ DOCKER_PROXY_HEALTHCHECK_INTERVAL="${DOCKER_DEFAULT_HEALTHCHECK_INTERVAL}" # you can set this to "0" to prevent them from running. # # Otherwise, leave it at "1" to have them run *once*. -#DOCKER_RUN_ONE_TIME_SETUP_TASKS="1" +#DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS="1" # A space-seperated list of paths (inside the container) to *recursively* [chown] # to the container user/group id (UID/GID) in case of permission issues. @@ -1077,14 +999,135 @@ DOCKER_PROXY_HEALTHCHECK_INTERVAL="${DOCKER_DEFAULT_HEALTHCHECK_INTERVAL}" # ! issues. Please report a bug if you see behavior requiring this to be permanently on # # Example: "/var/www/storage /var/www/bootstrap/cache" -#DOCKER_ENSURE_OWNERSHIP_PATHS="" +#DOCKER_APP_ENSURE_OWNERSHIP_PATHS="" # Enable Docker Entrypoint debug mode (will call [set -x] in bash scripts) # by setting this to "1". -#ENTRYPOINT_DEBUG="0" +#DOCKER_APP_ENTRYPOINT_DEBUG="0" + +# List of extra APT packages (separated by space) to install when building +# locally using [docker compose build]. +# +# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md +#DOCKER_APP_APT_PACKAGES_EXTRA="" + +# List of *extra* PECL extensions (separated by space) to install when +# building locally using [docker compose build]. +# +# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md +#DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA="" + +# List of *extra* PHP extensions (separated by space) to install when +# building locally using [docker compose build]. +# +# See: https://github.com/pixelfed/pixelfed/blob/dev/docker/customizing.md +#DOCKER_APP_PHP_EXTENSIONS_EXTRA="" ################################################################################ -# MySQL DB container configuration +# Docker [redis] service configuration +################################################################################ + +# Redis version to use as Docker tag +# +# See: https://hub.docker.com/_/redis +DOCKER_REDIS_VERSION="7.2" + +# Path (on host system) where the [redis] container will store its data +# +# Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) +DOCKER_REDIS_HOST_DATA_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/redis" + +# Port that Redis will listen on *outside* the container (e.g. the host machine) +DOCKER_REDIS_HOST_PORT="${REDIS_PORT}" + +# The filename that Redis should store its config file within +# +# NOTE: The file *MUST* exists (even empty) before enabling this setting! +# +# Use a command like [touch "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/redis/redis.conf"] to create it. +# +# Defaults to "" +#DOCKER_REDIS_CONFIG_FILE="/etc/redis/redis.conf" + +# How often Docker health check should run for [redis] service +# +# Defaults to "10s" +DOCKER_REDIS_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}" + +################################################################################ +# Docker [db] service configuration +################################################################################ + +# Set this to a non-empty value (e.g. "disabled") to disable the [db] service +#DOCKER_DB_PROFILE="" + +# Path (on host system) where the [db] container will store its data +# +# Path is relative (./some/other/path) to the docker-compose.yml or absolute (/some/other/path) +DOCKER_DB_HOST_DATA_PATH="${DOCKER_ALL_HOST_DATA_ROOT_PATH}/db" + +# Port that the database will listen on *outside* the container (e.g. the host machine) +# +# Use "3306" for MySQL/MariaDB and "5432" for PostgreeSQL +DOCKER_DB_HOST_PORT="${DB_PORT}" + +# How often Docker health check should run for [db] service +DOCKER_DB_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}" + +################################################################################ +# Docker [web] service configuration +################################################################################ + +# Set this to a non-empty value (e.g. "disabled") to disable the [web] service +#DOCKER_WEB_PROFILE="" + +# Port to expose [web] container will listen on *outside* the container (e.g. the host machine) for *HTTP* traffic only +DOCKER_WEB_PORT_EXTERNAL_HTTP="8080" + +# How often Docker health check should run for [web] service +DOCKER_WEB_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}" + +################################################################################ +# Docker [worker] service configuration +################################################################################ + +# Set this to a non-empty value (e.g. "disabled") to disable the [worker] service +#DOCKER_WORKER_PROFILE="" + +# How often Docker health check should run for [worker] service +DOCKER_WORKER_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}" + +################################################################################ +# Docker [proxy] + [proxy-acme] service configuration +################################################################################ + +# Set this to a non-empty value (e.g. "disabled") to disable the [proxy] and [proxy-acme] service +#DOCKER_PROXY_PROFILE="" + +# Set this to a non-empty value (e.g. "disabled") to disable the [proxy-acme] service +#DOCKER_PROXY_ACME_PROFILE="${DOCKER_PROXY_PROFILE:-}" + +# How often Docker health check should run for [proxy] service +DOCKER_PROXY_HEALTHCHECK_INTERVAL="${DOCKER_ALL_DEFAULT_HEALTHCHECK_INTERVAL}" + +# Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTP traffic +DOCKER_PROXY_HOST_PORT_HTTP="80" + +# Port that the [proxy] will listen on *outside* the container (e.g. the host machine) for HTTPS traffic +DOCKER_PROXY_HOST_PORT_HTTPS="443" + +# Path to the Docker socket on the *host* +DOCKER_PROXY_HOST_DOCKER_SOCKET_PATH="/var/run/docker.sock" + +# ! ---------------------------------------------------------------------------- +# ! STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP +# ! ---------------------------------------------------------------------------- +# ! Below this line is default environment variables for various [db] backends +# ! You very likely do *NOT* need to modify any of this, ever. +# ! ---------------------------------------------------------------------------- + +################################################################################ +# Docker [db] service environment variables for MySQL (Oracle) ################################################################################ # # See "Environment Variables" at https://hub.docker.com/_/mysql @@ -1097,7 +1140,7 @@ MYSQL_PASSWORD="${DB_PASSWORD}" MYSQL_DATABASE="${DB_DATABASE}" ################################################################################ -# MySQL (MariaDB) DB container configuration +# Docker [db] service environment variables for MySQL (MariaDB) ################################################################################ # # See "Start a mariadb server instance with user, password and database" @@ -1111,7 +1154,7 @@ MARIADB_PASSWORD="${DB_PASSWORD}" MARIADB_DATABASE="${DB_DATABASE}" ################################################################################ -# PostgreSQL DB container configuration +# Docker [db] service environment variables for PostgreSQL ################################################################################ # # See "Environment Variables" at https://hub.docker.com/_/postgres diff --git a/docker-compose.migrate.yml b/docker-compose.migrate.yml index b47abeb48..b31771f27 100644 --- a/docker-compose.migrate.yml +++ b/docker-compose.migrate.yml @@ -15,7 +15,7 @@ services: # OLD - "app-storage:/migrate/app-storage/old" # NEW - - "${DOCKER_APP_STORAGE_PATH}:/migrate/app-storage/new" + - "${DOCKER_APP_HOST_STORAGE_PATH}:/migrate/app-storage/new" ################################ # MySQL/DB volume @@ -23,7 +23,7 @@ services: # OLD - "db-data:/migrate/db-data/old" # NEW - - "${DOCKER_DB_DATA_PATH}:/migrate/db-data/new" + - "${DOCKER_DB_HOST_DATA_PATH}:/migrate/db-data/new" ################################ # Redis volume @@ -31,7 +31,7 @@ services: # OLD - "redis-data:/migrate/redis-data/old" # NEW - - "${DOCKER_REDIS_DATA_PATH}:/migrate/redis-data/new" + - "${DOCKER_REDIS_HOST_DATA_PATH}:/migrate/redis-data/new" # Volumes from the old [docker-compose.yml] file # https://github.com/pixelfed/pixelfed/blob/b1ff44ca2f75c088a11576fb03b5bad2fbed4d5c/docker-compose.yml#L72-L76 diff --git a/docker-compose.yml b/docker-compose.yml index 88e2b692d..a3516f7ee 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -20,22 +20,22 @@ services: # See: https://github.com/nginx-proxy/nginx-proxy/tree/main/docs proxy: image: nginxproxy/nginx-proxy:1.4 - container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy" + container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy" restart: unless-stopped profiles: - ${DOCKER_PROXY_PROFILE:-} volumes: - - "${DOCKER_HOST_SOCKET_PATH}:/tmp/docker.sock:ro" - - "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d" - - "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d" - - "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs" - - "${DOCKER_DATA_ROOT}/proxy/html:/usr/share/nginx/html" + - "${DOCKER_PROXY_HOST_DOCKER_SOCKET_PATH}:/tmp/docker.sock:ro" + - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/conf.d:/etc/nginx/conf.d" + - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/vhost.d:/etc/nginx/vhost.d" + - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/certs:/etc/nginx/certs" + - "${DOCKER_ALL_HOST_DATA_ROOT_PATH}/proxy/html:/usr/share/nginx/html" ports: - - "${DOCKER_PROXY_PORT_EXTERNAL_HTTP}:80" - - "${DOCKER_PROXY_PORT_EXTERNAL_HTTPS}:443" + - "${DOCKER_PROXY_HOST_PORT_HTTP}:80" + - "${DOCKER_PROXY_HOST_PORT_HTTPS}:443" healthcheck: test: "curl --fail https://${APP_DOMAIN}/api/service/health-check" - interval: "${DOCKER_PROXY_HEALTHCHECK_INTERVAL:-10s}" + interval: "${DOCKER_PROXY_HEALTHCHECK_INTERVAL}" retries: 2 timeout: 5s @@ -47,41 +47,43 @@ services: # See: https://github.com/nginx-proxy/acme-companion/tree/main/docs proxy-acme: image: nginxproxy/acme-companion - container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy-acme" + container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy-acme" restart: unless-stopped profiles: - ${DOCKER_PROXY_ACME_PROFILE:-} environment: DEBUG: 0 DEFAULT_EMAIL: "${LETSENCRYPT_EMAIL}" - NGINX_PROXY_CONTAINER: "${DOCKER_CONTAINER_NAME_PREFIX}-proxy" + NGINX_PROXY_CONTAINER: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-proxy" depends_on: - proxy volumes: - - "${DOCKER_CONFIG_ROOT}/proxy-acme:/etc/acme.sh" - - "${DOCKER_CONFIG_ROOT}/proxy/certs:/etc/nginx/certs" - - "${DOCKER_CONFIG_ROOT}/proxy/conf.d:/etc/nginx/conf.d" - - "${DOCKER_CONFIG_ROOT}/proxy/vhost.d:/etc/nginx/vhost.d" - - "${DOCKER_DATA_ROOT}/proxy/html:/usr/share/nginx/html" - - "${DOCKER_HOST_SOCKET_PATH}:/var/run/docker.sock:ro" + - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy-acme:/etc/acme.sh" + - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/certs:/etc/nginx/certs" + - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/conf.d:/etc/nginx/conf.d" + - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/vhost.d:/etc/nginx/vhost.d" + - "${DOCKER_ALL_HOST_DATA_ROOT_PATH}/proxy/html:/usr/share/nginx/html" + - "${DOCKER_PROXY_HOST_DOCKER_SOCKET_PATH}:/var/run/docker.sock:ro" web: - image: "${DOCKER_IMAGE}:${DOCKER_TAG}" - container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-web" + image: "${DOCKER_APP_IMAGE}:${DOCKER_APP_TAG}" + container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-web" restart: unless-stopped + profiles: + - ${DOCKER_WEB_PROFILE:-} build: - target: ${DOCKER_RUNTIME}-runtime + target: ${DOCKER_APP_RUNTIME}-runtime args: - PHP_VERSION: "${PHP_VERSION:-8.1}" - PHP_BASE_TYPE: "${PHP_BASE_TYPE:-apache}" - PHP_DEBIAN_RELEASE: "${PHP_DEBIAN_RELEASE:-bullseye}" - APT_PACKAGES_EXTRA: "${APT_PACKAGES_EXTRA:-}" - PHP_PECL_EXTENSIONS_EXTRA: "${PHP_PECL_EXTENSIONS_EXTRA:-}" - PHP_EXTENSIONS_EXTRA: "${PHP_EXTENSIONS_EXTRA:-}" + PHP_VERSION: "${DOCKER_APP_PHP_VERSION}" + PHP_BASE_TYPE: "${DOCKER_APP_BASE_TYPE}" + PHP_DEBIAN_RELEASE: "${DOCKER_APP_DEBIAN_RELEASE}" + APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}" + PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}" + PHP_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_EXTENSIONS_EXTRA:-}" volumes: - "./.env:/var/www/.env" - - "${DOCKER_APP_CACHE_PATH}:/var/www/bootstrap/cache" - - "${DOCKER_APP_STORAGE_PATH}:/var/www/storage" + - "${DOCKER_APP_HOST_CACHE_PATH}:/var/www/bootstrap/cache" + - "${DOCKER_APP_HOST_STORAGE_PATH}:/var/www/storage" environment: LETSENCRYPT_HOST: "${LETSENCRYPT_HOST}" LETSENCRYPT_EMAIL: "${LETSENCRYPT_EMAIL}" @@ -93,54 +95,58 @@ services: com.github.nginx-proxy.nginx-proxy.http2.enable: true com.github.nginx-proxy.nginx-proxy.http3.enable: true ports: - - "${DOCKER_WEB_PORT_EXTERNAL_HTTP:-8080}:80" + - "${DOCKER_WEB_PORT_EXTERNAL_HTTP}:80" depends_on: - db - redis healthcheck: test: 'curl --header "Host: ${APP_DOMAIN}" --fail http://localhost/api/service/health-check' - interval: "${DOCKER_WEB_HEALTHCHECK_INTERVAL:-10s}" + interval: "${DOCKER_WEB_HEALTHCHECK_INTERVAL}" retries: 2 timeout: 5s worker: - image: "${DOCKER_IMAGE}:${DOCKER_TAG}" - container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-worker" + image: "${DOCKER_APP_IMAGE}:${DOCKER_APP_TAG}" + container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-worker" command: gosu www-data php artisan horizon restart: unless-stopped + profiles: + - ${DOCKER_WORKER_PROFILE:-} build: - target: ${DOCKER_RUNTIME}-runtime + target: ${DOCKER_APP_RUNTIME}-runtime args: - PHP_VERSION: "${PHP_VERSION:-8.1}" - PHP_BASE_TYPE: "${PHP_BASE_TYPE:-apache}" - PHP_DEBIAN_RELEASE: "${PHP_DEBIAN_RELEASE:-bullseye}" - APT_PACKAGES_EXTRA: "${APT_PACKAGES_EXTRA:-}" - PHP_PECL_EXTENSIONS_EXTRA: "${PHP_PECL_EXTENSIONS_EXTRA:-}" - PHP_EXTENSIONS_EXTRA: "${PHP_EXTENSIONS_EXTRA:-}" + PHP_VERSION: "${DOCKER_APP_PHP_VERSION}" + PHP_BASE_TYPE: "${DOCKER_APP_BASE_TYPE}" + PHP_DEBIAN_RELEASE: "${DOCKER_APP_DEBIAN_RELEASE}" + APT_PACKAGES_EXTRA: "${DOCKER_APP_APT_PACKAGES_EXTRA:-}" + PHP_PECL_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_PECL_EXTENSIONS_EXTRA:-}" + PHP_EXTENSIONS_EXTRA: "${DOCKER_APP_PHP_EXTENSIONS_EXTRA:-}" volumes: - "./.env:/var/www/.env" - - "${DOCKER_APP_CACHE_PATH}:/var/www/bootstrap/cache" - - "${DOCKER_APP_STORAGE_PATH}:/var/www/storage" + - "${DOCKER_APP_HOST_CACHE_PATH}:/var/www/bootstrap/cache" + - "${DOCKER_APP_HOST_STORAGE_PATH}:/var/www/storage" depends_on: - db - redis healthcheck: test: gosu www-data php artisan horizon:status | grep running - interval: "${DOCKER_WORKER_HEALTHCHECK_INTERVAL:-10s}" + interval: "${DOCKER_WORKER_HEALTHCHECK_INTERVAL}" timeout: 5s retries: 2 db: - image: mariadb:${DB_VERSION:-11.2} - container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-db" + image: mariadb:${DB_VERSION} + container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-db" command: --default-authentication-plugin=mysql_native_password restart: unless-stopped + profiles: + - ${DOCKER_DB_PROFILE:-} env_file: - ".env" volumes: - - "${DOCKER_DB_DATA_PATH}:/var/lib/mysql" + - "${DOCKER_DB_HOST_DATA_PATH}:/var/lib/mysql" ports: - - "${DOCKER_DB_PORT_EXTERNAL}:3306" + - "${DOCKER_DB_HOST_PORT}:3306" healthcheck: test: [ @@ -150,13 +156,13 @@ services: "--connect", "--innodb_initialized", ] - interval: "${DOCKER_DB_HEALTHCHECK_INTERVAL:-10s}" + interval: "${DOCKER_DB_HEALTHCHECK_INTERVAL}" retries: 2 timeout: 5s redis: - image: redis:${REDIS_VERSION:-7.2} - container_name: "${DOCKER_CONTAINER_NAME_PREFIX}-redis" + image: redis:${DOCKER_REDIS_VERSION} + container_name: "${DOCKER_ALL_CONTAINER_NAME_PREFIX}-redis" restart: unless-stopped command: "${DOCKER_REDIS_CONFIG_FILE:-} --requirepass '${REDIS_PASSWORD:-}'" environment: @@ -164,12 +170,12 @@ services: env_file: - ".env" volumes: - - "${DOCKER_CONFIG_ROOT}/redis:/etc/redis" - - "${DOCKER_REDIS_DATA_PATH}:/data" + - "${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/redis:/etc/redis" + - "${DOCKER_REDIS_HOST_DATA_PATH}:/data" ports: - - "${DOCKER_REDIS_PORT_EXTERNAL}:6379" + - "${DOCKER_REDIS_HOST_PORT}:6379" healthcheck: test: ["CMD", "redis-cli", "-p", "6379", "ping"] - interval: "${DOCKER_REDIS_HEALTHCHECK_INTERVAL:-10s}" + interval: "${DOCKER_REDIS_HEALTHCHECK_INTERVAL}" retries: 2 timeout: 5s diff --git a/docker/customizing.md b/docker/customizing.md index dcea45d3d..e7c66e842 100644 --- a/docker/customizing.md +++ b/docker/customizing.md @@ -15,7 +15,7 @@ When a Pixelfed container starts up, the [`ENTRYPOINT`](https://docs.docker.com/ ### Debugging -You can set environment variable `ENTRYPOINT_DEBUG=1` to show verbose output of what each `entrypoint.d` script is doing. +You can set environment variable `DOCKER_APP_ENTRYPOINT_DEBUG=1` to show verbose output of what each `entrypoint.d` script is doing. You can also `docker exec` or `docker run` into a container and run `/` @@ -73,12 +73,12 @@ Please see the ## Fixing ownership on startup -You can set the environment variable `DOCKER_ENSURE_OWNERSHIP_PATHS` to a list of paths that should have their `$USER` and `$GROUP` ownership changed to the configured runtime user and group during container bootstrapping. +You can set the environment variable `DOCKER_APP_ENSURE_OWNERSHIP_PATHS` to a list of paths that should have their `$USER` and `$GROUP` ownership changed to the configured runtime user and group during container bootstrapping. The variable is a space-delimited list shown below and accepts both relative and absolute paths: -* `DOCKER_ENSURE_OWNERSHIP_PATHS="./storage ./bootstrap"` -* `DOCKER_ENSURE_OWNERSHIP_PATHS="/some/other/folder"` +* `DOCKER_APP_ENSURE_OWNERSHIP_PATHS="./storage ./bootstrap"` +* `DOCKER_APP_ENSURE_OWNERSHIP_PATHS="/some/other/folder"` ## Build settings (arguments) diff --git a/docker/faq.md b/docker/faq.md index cc2495d15..bbd47fcf5 100644 --- a/docker/faq.md +++ b/docker/faq.md @@ -19,7 +19,7 @@ No problem! All you have to do is: 1. Change the `DOCKER_PROXY_ACME_PROFILE` key/value pair in your `.env` file to `"disabled"`. * This disabled the `proxy-acme` service in `docker-compose.yml`. * It does *not* disable the `proxy` service. -1. Put your certificates in `${DOCKER_CONFIG_ROOT}/proxy/certs` (e.g. `./docker-compose/config/proxy/certs`) +1. Put your certificates in `${DOCKER_ALL_HOST_CONFIG_ROOT_PATH}/proxy/certs` (e.g. `./docker-compose/config/proxy/certs`) * You may need to create this folder manually if it does not exists. * The following files are expected to exist in the directory for the proxy to detect and use them automatically (this is the same directory and file names as LetsEncrypt uses) 1. `${APP_DOMAIN}.cert.pem` @@ -31,4 +31,4 @@ No problem! All you have to do is: ## How do I change the container name prefix? -Change the `DOCKER_CONTAINER_NAME_PREFIX` key/value pair in your `.env` file. +Change the `DOCKER_ALL_CONTAINER_NAME_PREFIX` key/value pair in your `.env` file. diff --git a/docker/migration.md b/docker/migration.md index 4b0467ddd..458be4321 100644 --- a/docker/migration.md +++ b/docker/migration.md @@ -61,8 +61,8 @@ In *particular* the following sections * The `PHP_VERSION` settings controls your PHP version * The `PHP_MEMORY_LIMIT` settings controls your PHP memory limit * `Docker Specific configuration` section (near the end of the file) where - * The `DOCKER_DATA_ROOT` setting dictate where the new migrated data will live. - * The `DOCKER_RUN_ONE_TIME_SETUP_TASKS` controls if the `One time setup tasks` should run or not. We do *not* want this, since your Pixelfed instance already is set up! + * The `DOCKER_ALL_HOST_DATA_ROOT_PATH` setting dictate where the new migrated data will live. + * The `DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS` controls if the `One time setup tasks` should run or not. We do *not* want this, since your Pixelfed instance already is set up! * [Frequently Asked Question / FAQ](faq.md) * [How do I use my own Proxy server?](faq.md#how-do-i-use-my-own-proxy-server) * [How do I use my own SSL certificate?](faq.md#how-do-i-use-my-own-ssl-certificate) @@ -232,9 +232,9 @@ If the worker is crash looping, inspect the logs and try to resolve the issues. You can consider the following additional steps: -* Enabling `ENTRYPOINT_DEBUG` which will show even more log output to help understand whats going on -* Enabling `DOCKER_ENSURE_OWNERSHIP_PATHS` against the path(s) that might have permission issues -* Fixing permission issues directly on the host since your data should all be in the `${DOCKER_DATA_ROOT}` folder (`./docker-compose-state/data` by default) +* Enabling `DOCKER_APP_ENTRYPOINT_DEBUG` which will show even more log output to help understand whats going on +* Enabling `DOCKER_APP_ENSURE_OWNERSHIP_PATHS` against the path(s) that might have permission issues +* Fixing permission issues directly on the host since your data should all be in the `${DOCKER_ALL_HOST_DATA_ROOT_PATH}` folder (`./docker-compose-state/data` by default) ##### Web diff --git a/docker/shared/root/docker/entrypoint.d/01-permissions.sh b/docker/shared/root/docker/entrypoint.d/01-permissions.sh index 287d708aa..11766a742 100755 --- a/docker/shared/root/docker/entrypoint.d/01-permissions.sh +++ b/docker/shared/root/docker/entrypoint.d/01-permissions.sh @@ -13,13 +13,13 @@ run-as-current-user chown --verbose "${RUNTIME_UID}:${RUNTIME_GID}" "./bootstrap run-as-current-user chown --verbose "${RUNTIME_UID}:${RUNTIME_GID}" "./storage" # Optionally fix ownership of configured paths -: "${DOCKER_ENSURE_OWNERSHIP_PATHS:=""}" +: "${DOCKER_APP_ENSURE_OWNERSHIP_PATHS:=""}" declare -a ensure_ownership_paths=() -IFS=' ' read -ar ensure_ownership_paths <<<"${DOCKER_ENSURE_OWNERSHIP_PATHS}" +IFS=' ' read -ar ensure_ownership_paths <<<"${DOCKER_APP_ENSURE_OWNERSHIP_PATHS}" if [[ ${#ensure_ownership_paths[@]} == 0 ]]; then - log-info "No paths has been configured for ownership fixes via [\$DOCKER_ENSURE_OWNERSHIP_PATHS]." + log-info "No paths has been configured for ownership fixes via [\$DOCKER_APP_ENSURE_OWNERSHIP_PATHS]." exit 0 fi diff --git a/docker/shared/root/docker/entrypoint.d/11-first-time-setup.sh b/docker/shared/root/docker/entrypoint.d/11-first-time-setup.sh index a3582932b..d3d83c532 100755 --- a/docker/shared/root/docker/entrypoint.d/11-first-time-setup.sh +++ b/docker/shared/root/docker/entrypoint.d/11-first-time-setup.sh @@ -7,11 +7,11 @@ source "${ENTRYPOINT_ROOT}/helpers.sh" entrypoint-set-script-name "$0" # Allow automatic applying of outstanding/new migrations on startup -: "${DOCKER_RUN_ONE_TIME_SETUP_TASKS:=1}" +: "${DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS:=1}" -if is-false "${DOCKER_RUN_ONE_TIME_SETUP_TASKS}"; then +if is-false "${DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS}"; then log-warning "Automatic run of the 'One-time setup tasks' is disabled." - log-warning "Please set [DOCKER_RUN_ONE_TIME_SETUP_TASKS=1] in your [.env] file to enable this." + log-warning "Please set [DOCKER_APP_RUN_ONE_TIME_SETUP_TASKS=1] in your [.env] file to enable this." exit 0 fi diff --git a/docker/shared/root/docker/helpers.sh b/docker/shared/root/docker/helpers.sh index 3f7148c5a..fb8c11c97 100644 --- a/docker/shared/root/docker/helpers.sh +++ b/docker/shared/root/docker/helpers.sh @@ -1,7 +1,7 @@ #!/bin/bash set -e -o errexit -o nounset -o pipefail -[[ ${ENTRYPOINT_DEBUG:=0} == 1 ]] && set -x +[[ ${DOCKER_APP_ENTRYPOINT_DEBUG:=0} == 1 ]] && set -x : "${RUNTIME_UID:="33"}" : "${RUNTIME_GID:="33"}"