Mastodon behind Swag Proxy

jk2018 · 13 October 2021 00:49

I am trying to follow various tutorials on setting up a Mastodon stack. I am using Swag as my reverse proxy, and cannot get my mastodon.subdomain.conf file to work. Is there anyone who has gotten Mastodon working with Swag? I’m getting a “502 Bad Gateway” error.

My conf file:

server {
    listen 443 ssl;
    listen [::]:443 ssl;

    server_name mast.example.net;

    include /config/nginx/ssl.conf;

    client_max_body_size 0;

    location / {
        try_files $uri @proxy;
    }

    location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
        add_header Cache-Control "public, max-age=31536000, immutable";
        try_files $uri @proxy;
    }

    location /sw.js {
        add_header Cache-Control "public, max-age=0";
        try_files $uri @proxy;
    }

    location @proxy {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app mastodon_web_1;
        set $upstream_port 3005;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;

        proxy_set_header Range $http_range;
        proxy_set_header If-Range $http_if_range;
    }

    location /api/v1/streaming {
        include /config/nginx/proxy.conf;
        include /config/nginx/resolver.conf;
        set $upstream_app mastadon_streaming_1;
        set $upstream_port 4005;
        set $upstream_proto http;
        proxy_pass $upstream_proto://$upstream_app:$upstream_port;
    }

}

jk2018 · 13 October 2021 00:54

docker-compose.yml

version: "2.4"
services:

  web:
  #    build: .
    image: tootsuite/mastodon
    restart: always
    env_file: .env.production
    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
    networks:
      mastodon:
      BACKBONE:
    healthcheck:
      test: ["CMD-SHELL", "wget -q --spider --header 'x-forwarded-proto: https' --proxy=off localhost:3000/api/v1/instance || exit 1"]
    ports:
      - "127.0.0.1:3005:3000"
    depends_on:
      - mastodon_postgres
      - mastodon_redis
    #  - es
    volumes:
      - ./public/system:/mastodon/public/system

  streaming:
  #    build: .
      image: tootsuite/mastodon
      restart: always
      env_file: .env.production
      command: node ./streaming
      networks:
        mastodon:
        BACKBONE:
      healthcheck:
        test: ["CMD-SHELL", "wget -q --spider --header 'x-forwarded-proto: https' --proxy=off localhost:4000/api/v1/streaming/health || exit 1"]
      ports:
        - "127.0.0.1:4005:4000"
      depends_on:
        - mastodon_postgres
        - mastodon_redis

  sidekiq:
  #    build: .
    image: tootsuite/mastodon
    restart: always
    env_file: .env.production
    command: bundle exec sidekiq
    depends_on:
      - mastodon_postgres
      - mastodon_redis
    networks:
      mastodon:
      BACKBONE:
    volumes:
      - ./public/system:/mastodon/public/system

  mastodon_postgres:
    image: postgres:latest
    container_name: mastodon_postgres
    environment:
      POSTGRES_DB: mastodon
      POSTGRES_USER: mastuser
      POSTGRES_PASSWORD: mastpass
    volumes:
      - ./config/data:/var/lib/postgresql/data
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER"]
    restart: always
    networks:
      mastodon:

  mastodon_redis:
    image: redis:latest # The official Redis docker image
    container_name: mastodon_redis
    command: redis-server --appendonly yes --appendfsync everysec
    volumes:
      - ./redisconfig/data:/data
    healthcheck:
      test: ["CMD-SHELL", "redis-cli", "ping"]
    restart: unless-stopped
    networks:
      mastodon:

networks:
  mastodon:
    internal: true
  BACKBONE:
    external:
      name: BACKBONE_network

rnaff · 17 December 2022 09:46

Did you ever get this working? I am getting the same error trying to host mastodon behind my caddy reverse proxy.

jk2018 · 17 January 2023 15:51

No. I never got this working, and gave up for now.

driz · 17 January 2023 16:00

502 means swag can’t reach the application.

Yes, the LSIO mastodon instance is behind swag, using the reverse proxy config in our repo.

jk2018 · 8 February 2023 13:16

I revisted this problem, and got it working using the linuxserver.io image, instead of the one I was trying last year. The linuxserver.io documentation is a little vague on the steps to get Mastodon running. You need to generate your secrets to add to your docker-compose.yml or secrets file BEFORE spinning up the container:

docker run --rm -it --entrypoint /bin/bash lscr.io/linuxserver/mastodon generate-secret SECRET_KEY_BASE

docker run --rm -it --entrypoint /bin/bash lscr.io/linuxserver/mastodon generate-secret OTP_SECRET

The third command generates both the VAPID_PRIVATE_KEY and VAPID_PUBLIC_KEY

docker run --rm -it --entrypoint /bin/bash lscr.io/linuxserver/mastodon generate-vapid

After you have generated the secrets, add them to your docker-compose.yml file (also editing your smtp, database information, etc), and run the container.

  mastodon:
    image: lscr.io/linuxserver/mastodon:latest
    container_name: mastodon
    environment:
      - PUID=1000
      - PGID=1000
      - TZ=America/Chicago
      - LOCAL_DOMAIN=mastodon.mydomain.com #<--- Change this to where you are hosting mastodon
      - REDIS_HOST=mastodon_redis
      - REDIS_PORT=6379
      - DB_HOST=mastodon_db
      - DB_USER=mastodon
      - DB_NAME=mastodon
      - DB_PASS=mastodon_password
      - DB_PORT=5432
      - ES_ENABLED=false
      - SECRET_KEY_BASE= #<-- Previously generated secret
      - OTP_SECRET= #<-- Previously generated secret
      - VAPID_PRIVATE_KEY=  #<-- Previously generated key
      - VAPID_PUBLIC_KEY= #<-- Previously generated key
      - SMTP_SERVER=smtp.server.com #<-- Change to your smtp
      - SMTP_PORT=465
      - SMTP_LOGIN=mastodon_notifications@mydomain.com
      - SMTP_PASSWORD=<password for user at SMTP_LOGIN>
      - SMTP_FROM_ADDRESS=mastodon_notifications@mydomain.com
      - SMTP_AUTH_METHOD=plain
      - SMTP_SSL=true
      - SMTP_ENABLE_STARTTLS_AUTO=true
      - SMTP_OPENSSL_VERIFY_MODE=none
      - SMTP_DELIVERY_METHOD=smtp
      - SMTP_DOMAIN=localhost
      - S3_ENABLED=false
      - WEB_DOMAIN=mastodon.mydomain.com #optional
      - SIDEKIQ_ONLY=false #optional
      - SIDEKIQ_DEFAULT=false #optional
      - SIDEKIQ_THREADS=5 #optional
      - DB_POOL=5 #optional
    volumes:
      - ./config:/config
    ports:
      - 80:80
      - 443:443
    restart: unless-stopped
    networks:
      mastodon_net:
      PROXY_NET:

  db:
    image: postgres:14
    container_name: mastodon_db
    networks:
      - local
    volumes:
      - ./postgres/data:/var/lib/postgresql/data
    environment:
      - POSTGRES_DB=mastodon
      - POSTGRES_USER=mastodon
      - POSTGRES_PASSWORD=mastodon_password
      - 'POSTGRES_HOST_AUTH_METHOD=trust'
    healthcheck:
      test: ['CMD', 'pg_isready', '-U', 'postgres']
    restart: unless-stopped
    networks:
      mastodon_net:

  redis:
    image: redis:latest
    container_name: mastodon_redis
    command: redis-server --appendonly yes --appendfsync everysec
    volumes:
      - ./redisconfig/data:/data
    ulimits:
      nofile:
        soft: 65536
        hard: 65536
    healthcheck:
      test: ['CMD', 'redis-cli', 'ping']
    restart: unless-stopped
    networks:
      mastodon_net:

networks:
  mastodon_net:
    internal: true
  PROXY_NET:
    external: true
    name: PROXY_NET_network

The first run will take a LONG time to build the app and the database. I let it run, and checked the log periodically to confirm when it was finished.

Here are some references that helped me fill in the gaps:

https://www.reddit.com/r/selfhosted/comments/yv9296/easiest_allinone_docker_compose_to_deploy_mastodon/
https://www.bentasker.co.uk/posts/blog/general/running-mastodon-in-docker-compose.html

system · 15 February 2023 20:59

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.