I have installed a Mastodon instance along with postgres and redis docker containers. I have a different LOCAL_DOMAIN (example.com) and WEB_DOMAIN (mastodon.example.com), since there are multiple services running on different docker containers behind a single nginx reverse proxy. Webfinger forward has been set up and seems to redirect when I test it with my browser. I can connect to the UI and everything seems to work, except I am unable to connect to other instances and wont find any. Are there any ports or settings I am missing to handle?
This is my docker-compose.yml:
services:
db:
restart: always
image: postgres:14-alpine
shm_size: 256mb
networks:
- internal_network
healthcheck:
test: ['CMD', 'pg_isready', '-U', 'postgres']
volumes:
- /var/mastodon/postgres:/var/lib/postgresql/data
- /var/mastodon/init.sql:/docker-entrypoint-initdb.d/init.sql
environment:
- 'POSTGRES_HOST_AUTH_METHOD=trust'
redis:
restart: always
image: redis:7-alpine
networks:
- internal_network
healthcheck:
test: ['CMD', 'redis-cli', 'ping']
volumes:
- /var/mastodon/redis:/data
mastodon:
image: lscr.io/linuxserver/mastodon:latest
container_name: mastodon
depends_on:
- db
- redis
environment:
- PUID=50002
- PGID=50002
- TZ=Europe/Berlin
- LOCAL_DOMAIN=example.com
- REDIS_HOST=redis
- REDIS_PORT=6379
- DB_HOST=db
- DB_USER=mastodon
- DB_NAME=mastodon
- DB_PASS=mastodon
- DB_PORT=5432
- ES_ENABLED=false
- ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=[redacted]
- ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=[redacted]
- ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=[redacted]
- SECRET_KEY_BASE=[redacted]
- OTP_SECRET=[redacted]
- VAPID_PRIVATE_KEY=[redacted]
- VAPID_PUBLIC_KEY=[redacted]
- SMTP_SERVER=smtp.example.com
- SMTP_PORT=25
- SMTP_LOGIN=
- SMTP_PASSWORD=
- SMTP_FROM_ADDRESS=notifications@example.com
- S3_ENABLED=false
- WEB_DOMAIN=mastodon.example.com
- LDAP_ENABLED=true
- LDAP_HOST=openldap
- LDAP_PORT=389
- LDAP_METHOD=bind
- LDAP_BASE=ou=people,dc=example,dc=com
- LDAP_BIND_DN=cn=admin,dc=example,dc=com
- LDAP_PASSWORD=[redacted]
- LDAP_SEARCH_FILTER=(|(%{uid}=%{email})(%{mail}=%{email}))
- LDAP_UID=cn
- LDAP_MAIL=mail
volumes:
- /var/mastodon/config:/config
ports:
- 127.0.0.1:8090:80
- 127.0.0.1:8091:443
- 3000:3000
- 4000:4000
networks:
- external_network
- internal_network
- ldap
restart: unless-stopped
networks:
external_network:
internal_network:
internal: true
ldap:
name: ldap
external: true
My nginx config:
server {
listen 0.0.0.0:80;
listen [::]:80;
listen 10.18.0.1:80;
server_name mastodon.example.com;
access_log /var/log/nginx/mastodon.access.log;
error_log /var/log/nginx/mastodon.error.log info;
#include /etc/nginx/conf.d/authelia/authelia-location.conf;
location / {
#include /etc/nginx/conf.d/authelia/proxy.conf;
#include /etc/nginx/conf.d/authelia/authelia-authrequest.conf;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8090;
}
}
server {
listen 0.0.0.0:443 ssl;
listen [::]:443 ssl;
listen 10.18.0.1:443 ssl;
server_name mastodon.example.com;
include /etc/nginx/conf.d/ssl.conf;
access_log /var/log/nginx/mastodon.access.log;
error_log /var/log/nginx/mastodon.error.log info;
#include /etc/nginx/conf.d/authelia/authelia-location.conf;
location / {
#include /etc/nginx/conf.d/authelia/proxy.conf;
#include /etc/nginx/conf.d/authelia/authelia-authrequest.conf;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://localhost:8091;
}
}
server {
listen 0.0.0.0:443 ssl;
server_name www.example.com example.com;
include /etc/nginx/conf.d/ssl.conf;
access_log /var/log/nginx/www.access.log;
error_log /var/log/nginx/www.error.log info;
#include /etc/nginx/conf.d/authelia/authelia-location.conf;
location / {
[redacted]
}
location /.well-known/webfinger {
add_header Access-Control-Allow-Origin '*';
return 301 https://mastodon.example.com$request_uri;
}
}