Mastodon Fediverse Instance

I am running a Mastodon instance with glitch-soc extensions. Here is a short description on how to install this fediverse software in a docker compose environment with Caddy as a reverse proxy.

It is important to emphasize, that there are many other great fediverse softwares, like Sharkey, that are worth to be investigated.

Install Mastodon with Glitch-Soc Extensions

A big disadvantage of Mastodon compared to other fediverse software is its more complex setup. Nevertheless I hope I can show you a way to try this adventure.

Docker Compose Project Folder

Create a new folder for your docker compose project and switch to this folder.

Compose File

Create the file docker-compose.yml and copy the contents from glitch-soc’s git repository: docker-compose.yml.

You can take the file as is, I did two changes for each of the services listed in the file:

1. I changed restart: always into restart: unless-stopped.

2. I gave all services a name to have a better overview:

   • container_name: mastodon_db for the db service.
   • container_name: mastodon_redis for the redis service.
   • container_name: mastodon_web for the web service.
   • container_name: mastodon_streaming for the streaming service.
   • container_name: mastodon_sidekiq for the sidekiq service.

As an example how this looks like for db:

...

  db:
    restart: unless-stopped
    image: postgres:14-alpine
    container_name: mastodon_db
    shm_size: 256mb
    networks:
      - internal_network
    healthcheck:
      test: ['CMD', 'pg_isready', '-U', 'postgres']
    volumes:
      - ./postgres14:/var/lib/postgresql/data
    environment:
      - 'POSTGRES_HOST_AUTH_METHOD=trust'

...

Mastodon Configuration File

Create the file .env.production and copy the contents from glitch-soc’s git repository: .env.production.sample.

Following changes need to be done in .env.production:

• LOCAL_DOMAIN=mastodon.example.com - Replace the domain with your domain for mastodon.
• REDIS_HOST=redis - In docker compose projects the service is to be used.
• DB_HOST=db - In docker compose projects the service is to be used.
• DB_PASS=mastodon - You have to add a password, it can be simple since the database is not accessible outside the docker compose project.
• SECRET_KEY_BASE=... - Execute: docker compose run --rm web bundle exec rails secret and copy the key here.
• ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=... - Execute: docker compose run --rm web bundle exec rails db:encryption:init and copy the three lines here.
• ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=... - See above
• ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=... - See above.
• VAPID_PRIVATE_KEY=... - Execute: docker compose run --rm web bundle exec rails mastodon:webpush:generate_vapid_key and copy the lines here.
• VAPID_PUBLIC_KEY=... - See above.
• SMTP_SERVER=<your_smtp_server> - Replace with your SMTP data.
• SMTP_PORT=587 - See above.
• SMTP_LOGIN=... - See above.
• SMTP_PASSWORD=... - See above.
• SMTP_FROM_ADDRESS=... - See above.

Prepare the Database

The database preparation needs to be done before the docker stack is being started.

Create the mastodon role in the database by starting the Postgres SQL console:

docker compose exec db psql -U postgres

Then execute the SQL command:

CREATE USER mastodon WITH CREATEDB PASSWORD 'mastodon';
\q

Now setup the database:

docker compose run --rm web rails db:setup

Do database migration even if the database is new:

docker compose run --rm web rails db:migrate

Change Owner of the public Folder

The mastodon user in the web container has the user ID and group ID 991. The public folder needs to have exactly the ownership of the mastodon user:

sudo chown -R 991:991 public

Stop and Start the Docker Stack

docker compose down
docker compose up -d

Create the Admin/Owner User

To be able to login to your instance, at least the Owner (which also gets the Admin role), needs to be created:

docker compose run --rm web tootctl accounts create USERNAME --email EMAIL --password PASSWORD --confirmed --role Admin

USERNAME and EMAIL needs to be adapted. The password is created by the tool. You need to copy and remember it to login.

Caddy Setup

The section in the Caddyfile should look like this. To be honest, I do not understand all the entries, yet. But it worked for me:

<your_mastodon_url> {
	@local {
		file
		not path /
	}

	@local_media {
		path_regexp /system/(.*)
	}

	@streaming {
		path /api/v1/streaming/*
	}

	@cache_control {
		path_regexp ^/(emoji|packs|/system/accounts/avatars|/system/media_attachments/files)
	}

	root * <full_path_to_docker_compose_folder>/public
	log {
		output file /var/log/caddy/mastodon.log
	}

	encode zstd gzip

	handle_errors {
		rewrite 500.html
		file_server
	}

	header {
		Strict-Transport-Security "max-age=31536000"
	}
	header /sw.js Cache-Control "public, max-age=0"
	header @cache_control Cache-Control "public, max-age=31536000, immutable"

	handle @local {
		file_server
	}

	## If you've been migrated media from local to object storage, this navigate old URL to new one.
	# redir @local_media https://yourobjectstorage.example.com/{http.regexp.1} permanent

	reverse_proxy @streaming {
		to http://localhost:4000

		transport http {
			keepalive 5s
			keepalive_idle_conns 10
		}
	}

	reverse_proxy {
		to http://localhost:3000

		header_up X-Forwarded-Port 443
		header_up X-Forwarded-Proto https

		transport http {
			keepalive 5s
			keepalive_idle_conns 10
		}
	}
}

You need to adapt following placeholders:

• <your_mastodon_url>: Your Mastodon web address (e.g., mastodon.example.com)
• <full_path_to_docker_compose_folder>: The full path to your docker compose project directory.

With following commands Caddy will read the new configuration and you can check for the status:

cd /etc/caddy
sudo caddy reload
sudo service caddy status

Caddy will provide the Mastodon website with the web address you specified. An SSL certificate will be assigned and updated automatically.