docker
docker copied to clipboard
friendica
Apache image with a Caddy reverse proxy
Test the install with docker-compose with the necessary env values for using autoinstall feature. Update the documentation.
The install using the autoinstall finishes. But registering the admin user in the login page fails.
This is the docker-compose file I use:
services:
db:
image: mariadb
restart: unless-stopped
volumes:
- db:/var/lib/mysql
networks:
- friendica
environment:
- MYSQL_USER=${MYSQL_USER:?error}
- MYSQL_PASSWORD=${MYSQL_PASSWORD:?error}
- MYSQL_DATABASE=${MYSQL_DATABASE:?error}
- MYSQL_RANDOM_ROOT_PASSWORD=yes
app:
image: ${FRIENDICA_IMAGE:?error}
restart: unless-stopped
volumes:
- friendica:/var/www/html
- friendica_data:/var/www/data
- ./logs:/var/log
ports:
- "9080:80"
networks:
- friendica
environment:
- MYSQL_HOST=db
- MYSQL_USER=${MYSQL_USER:?error}
- MYSQL_PASSWORD=${MYSQL_PASSWORD:?error}
- MYSQL_DATABASE=${MYSQL_DATABASE:?error}
- FRIENDICA_ADMIN_MAIL=${FRIENDICA_ADMIN_MAIL:?error}
- FRIENDICA_UPGRADE=${FRIENDICA_UPGRADE}
- SMTP=${SMTP}
- SMTP_DOMAIN=${SMTP_DOMAIN}
- SMTP_AUTH_USER=${SMTP_AUTH_USER}
- SMTP_AUTH_PASS=${SMTP_AUTH_PASS}
- FRIENDICA_LOGFILE=${FRIENDICA_LOGFILE}
- FRIENDICA_LOGLEVEL=${FRIENDICA_LOGLEVEL}
- FRIENDICA_DEBUGGING=${FRIENDICA_DEBUGGING}
depends_on:
- db
volumes:
db:
friendica:
friendica_data:
networks:
friendica:
Do you need contribution on this ? I have a working setup with caddy + fpm, I also tested caddy + apache I can test this variant again and provide dockerfile templates + caddyfile.
This docker-compose.yml file work as much as it could, you get:
- Caddy listening on 443/TCP with a valid SSL certificate
- Apache Friendica instance as a backend
The first user creation on the WebUI is broken, see https://codeberg.org/m33/Friendica-caddy-docker-install#web-interface-method for a workaround. (it is broken with Friendica FPM images too).
docker-compose.yml:
services:
friendica:
image: ${FRIENDICA_IMAGE:?error}
restart: unless-stopped
depends_on:
- db
- redis
volumes:
- friendica:/var/www/html
environment:
# All environment variables are needed for an automated install on first run
- MYSQL_HOST=${MYSQL_HOST:?error}
- MYSQL_PORT=${MYSQL_PORT:?error}
- MYSQL_USER=${MYSQL_USER:?error}
- MYSQL_PASSWORD=${MYSQL_PASSWORD:?error}
- MYSQL_DATABASE=${MYSQL_DATABASE:?error}
- FRIENDICA_ADMIN_MAIL=${FRIENDICA_ADMIN_MAIL:?error}
- FRIENDICA_URL=${FRIENDICA_URL:?error}
- SMTP=${SMTP}
- SMTP_PORT=${SMTP_PORT}
- SMTP_DOMAIN=${SMTP_DOMAIN}
- SMTP_FROM=${SMTP_FROM}
- SMTP_TLS=${SMTP_TLS}
- SMTP_STARTTLS=${SMTP_STARTTLS}
- SMTP_AUTH=${SMTP_AUTH}
- SMTP_AUTH_USER=${SMTP_AUTH_USER}
- SMTP_AUTH_PASS=${SMTP_AUTH_PASS}
networks:
- backend
db:
image: ${MARIADB_IMAGE:?error}
restart: unless-stopped
# Uncomment this if you want to connect MariaDD from the host
# ports:
# - 127.0.0.1:33306:3306
volumes:
- db:/var/lib/mysql
environment:
# All environment variables are needed
- MYSQL_USER=${MYSQL_USER:?error}
- MYSQL_HOST=${MYSQL_HOST:?error}
- MYSQL_PORT=${MYSQL_PORT:?error}
- MYSQL_PASSWORD=${MYSQL_PASSWORD:?error}
- MYSQL_DATABASE=${MYSQL_DATABASE:?error}
- MYSQL_RANDOM_ROOT_PASSWORD=${MYSQL_RANDOM_ROOT_PASSWORD:?error}
networks:
- backend
# cron:
# image: ${FRIENDICA_IMAGE:?error}
# restart: unless-stopped
# links:
# - db
# volumes:
# - friendica:/var/www/html
# entrypoint: /cron.sh
# environment:
# # All environment variables are needed
# - MYSQL_HOST=${MYSQL_HOST:?error}
# - MYSQL_PORT=${MYSQL_PORT:?error}
# - MYSQL_USER=${MYSQL_USER:?error}
# - MYSQL_DATABASE=${MYSQL_DATABASE:?error}
# - SMTP=${SMTP}
# - SMTP_PORT=${SMTP_PORT}
# - SMTP_DOMAIN=${SMTP_DOMAIN}
# - SMTP_FROM=${SMTP_FROM}
# - SMTP_TLS=${SMTP_TLS}
# - SMTP_STARTTLS=${SMTP_STARTTLS}
# - SMTP_AUTH=${SMTP_AUTH}
# - SMTP_AUTH_USER=${SMTP_AUTH_USER}
# - SMTP_AUTH_PASS=${SMTP_AUTH_PASS}
# depends_on:
# - db
# networks:
# - backend
redis:
image: ${REDIS_IMAGE:?error}
restart: unless-stopped
networks:
- backend
caddy:
image: ${CADDY_IMAGE:?error}
restart: unless-stopped
links:
- friendica
depends_on:
friendica:
condition: service_started
db:
condition: service_started
redis:
condition: service_started
# cron:
# condition: service_started
ports:
- "443:443"
volumes:
- ./Caddy/Caddyfile:/etc/caddy/Caddyfile:ro
- ./Caddy/data:/data
- ./Caddy/config:/config
- ./Caddy/logs:/var/log/caddy
networks:
- frontnet
- backend
volumes:
db:
friendica:
networks:
frontnet:
backend:
Caddyfile:
http://Replace with the value of ${FRIENDICA_URL} {
redir https://fra.local.net{uri} # Redirect all HTTP traffic to HTTPS
}
https://Replace with the value of ${FRIENDICA_URL} {
# Log output policy
log {
output file /var/log/caddy/caddy.log {
roll true
roll_size 100MB
roll_keep_for 31d
roll_local_time
}
}
# Only for testing purpose on a local network, this will generate self signed certificates
#tls internal
# Security headers (adjust as needed)
header {
# Strict Transport Security
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Referrer Policy
Referrer-Policy "same-origin"
#Remove server names
Server httpd
-X-Powered-By
-X-Friendica-Version
# A tester content security policy
Content-Security-Policy default-src 'self';
}
# Block list based on apache image's .htaccess, and not so public content
@blocked {
path .out .log .back .swp core .git .htaccess CHANGELOG LICENSE VERSION .conf *.txt *.md *.mdown /.* *.lock *.sql /bin/* /spec/* /config/* /doc/* /mods/* /static/*
}
respond @blocked 404
# Enable compression for JS/CSS/HTML bundle, for improved client load times.
encode zstd gzip
# Upstream source: friendica apache2 app container
reverse_proxy friendica:80 {
header_up X-Forwarded-Host {remote}
header_up X-Real-IP {remote}
}
}
@m33m33, may I ask a question about lines like this SMTP_STARTTLS=${SMTP_STARTTLS}?
SMTP_STARTTLS is optional, what is this line doing? Is this defining an empty env variable or is it skipping the variable completely?