Comments (8)
Sorry for my long absence. Big life event just happened a few weeks earlier than expected, which is the point of getting a private social media setup :).
So I took a few steps back and focused on some basics and now have a better grasp of Docker, certs, etc.
Currently I have setup a letsencrypt docker image that is acting as SSL termination and reverse proxy for a few items. If I'm using this Letsencrypt/nginx container separate from Friendica, it sounds like I want to be looking at building my docker-compose based on the insecure fpm image. https://github.com/friendica/docker/blob/master/.examples/docker-compose/insecure/mariadb-cron-redis/fpm-alpine/docker-compose.yml
If I understand this correctly letsencrypt/nginx is going to act as the secure method, webserver/proxy to friendica DB & App in a single container, providing I keep the app part on the frontend network that connects to LE/nginx.
Does this sound about the right path for doing this? Are there any gotchyas or good examples with nginx running separate from friendica that you could point me to? I found one but it seemed a bit old and looked like there might be issues with URL rewrites which I admit I don't know much about quite yet.
Thanks again for your insight and help.
from docker.
OK so I spent some time tonight and feel confident I have a good docker-compose file for getting the FPM version going with services: db,redis,app, and cron. They are running with what looks like no errors :)
What I really am in over my head with is the proper nginx settings in another container that serves as my reverse proxy/webserver & letsencrypt wildcard.
I've learned a bit more about PHP-FPM and understand that we need to get php requests from nginx over but I just don't quite grasp where I'm supposed to make these settings changes inside nginx. Proxy confs, main nginx.conf, something else?
I realize this is quite out of scope for Friendica but if there is any type of resources you can help point me to or any experience it would be greatly appreciated. I really am trying to learn all about this as I go and not want to just be given answers without understanding.
Thanks for your help.
from docker.
Which docker-compose example did you use?
At least this one should work: https://github.com/friendica/docker/tree/master/.examples/docker-compose/insecure/mariadb-cron-redis/apache
(don't forget to adapt the environment variables)
For the two containers:
- Did you create the friendicaDB with this sql-file: https://github.com/friendica/friendica/blob/master/database.sql ? (or similar if you use the develop/rc branch)
- Is there a working
local.config.php
in your/var/www/html/config/
directory inside your friendica container (otherwise the server doesn't know where to connect to)? - If not, you can create a plain one, based on this template: https://github.com/friendica/friendica/blob/master/config/local-sample.config.php
Can you paste the output of docker logs $(docker ps | grep 'friendica/server' | awk '{ print $1 }' | head -1)
? It should output the log of the friendica/server
container you started.
from docker.
A and please add a custom network for the two container-examples instead of the (legacy) --link
feature (https://docs.docker.com/network/links/).
Like:
$> docker network create friendica_network
$> docker create --name db --network friendica_network -e MYSQL_ROOT_PASSWORD=test -e MYSQL_PASSWORD=test -e MYSQL_USERNAME=test -e MYSQL_DATABASE=test mysql:5.7
$> docker create --name friendica --network friendica_network --publish 8080:80 -e MYSQL_ROOT_PASSWORD=test -e MYSQL_PASSWORD=test -e MYSQL_USERNAME=test -e MYSQL_DATABASE=test -e MYSQL_HOST=db -e "[email protected]" -e "FRIENDICA_URL=https://test.it" friendica/server
This should auotmatically install friendica
from docker.
Thanks for the information and help. Disclaimer I think a lot of this is my relative newness to docker.
Also for reference in testing I'm running Docker on Windows for the base work before I decide which Linux hosts I'll have the real apps running from, just in case it makes a difference.
My first time I tried docker-compose I used the Base version - apache one here: https://hub.docker.com/r/friendica/server
My understanding is that all I needed to do is create the docker-compose.yaml with that in the body, save and run docker-compose up -d and I should be able to go to localhost:8080 to view. When I do this it tries to move me to friendica/install in browser and it doesn't connect.
Logs for these two containers show the following
APP1
Initializing Friendica 2019.09 ... Initializing finished New Friendica instance Running web-based installer on first connect! [Sat Dec 28 23:28:57.754008 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.25 (Debian) PHP/7.3.12 configured -- resuming normal operations [Sat Dec 28 23:28:57.754055 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND' 172.21.0.1 - - [28/Dec/2019:23:29:02 +0000] "GET / HTTP/1.1" 302 413 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0"
DB1 (last few lines)
2019-12-28 23:29:39 0 [Note] InnoDB: Completed initialization of buffer pool 2019-12-28 23:29:39 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority(). 2019-12-28 23:29:39 0 [Note] InnoDB: 128 out of 128 rollback segments are active. 2019-12-28 23:29:39 0 [Note] InnoDB: Creating shared tablespace for temporary tables 2019-12-28 23:29:39 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ... 2019-12-28 23:29:39 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB. 2019-12-28 23:29:39 0 [Note] InnoDB: 10.4.11 started; log sequence number 19884017; transaction id 14628 2019-12-28 23:29:39 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool 2019-12-28 23:29:39 0 [Note] Plugin 'FEEDBACK' is disabled. 2019-12-28 23:29:39 0 [Note] Server socket created on IP: '::'. 2019-12-28 23:29:39 0 [Warning] 'proxies_priv' entry '@% root@252fde0bcedb' ignored in --skip-name-resolve mode. 2019-12-28 23:29:39 0 [Note] InnoDB: Buffer pool(s) load completed at 191228 23:29:39 2019-12-28 23:29:39 0 [Note] Reading of all Master_info entries succeeded 2019-12-28 23:29:39 0 [Note] Added new Master_info '' to hash table 2019-12-28 23:29:39 0 [Note] mysqld: ready for connections. Version: '10.4.11-MariaDB-1:10.4.11+maria~bionic' socket: '/var/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution
=================
With your method you sent me in your response for docker-compose I created a new folder and made sure the file structure was identical as it is shown here: https://github.com/friendica/docker/tree/master/.examples/docker-compose/insecure/mariadb-cron-redis/apache
and then ran docker-compose up -d but it didn't navigate at all to the site
===============
When I tried again the 2 container method and this time ran the sql file to get the DB ready, verified the local config was present and set as expected, I was able to get to the first page but then when I clicked register it is trying to always redirect to https and so without a certificate I couldn't proceed further.
This highlights another area I know I'm not very proficient right now with. My goal was to get things into a very basic state and then start learning how to get this into a stable, secure and more permanent method through trial/error. However I thought docker-compose was going to be the easiest way to going and I'm still having issues with it.
Any advice or other information I can provide you with that could help me get going?
Thanks for taking the time to help, I really appreciate it.
from docker.
Thanks for the information and help. Disclaimer I think a lot of this is my relative newness to docker.
Also for reference in testing I'm running Docker on Windows for the base work before I decide which Linux hosts I'll have the real apps running from, just in case it makes a difference.
This is fine, don't worry :-) .
My first time I tried docker-compose I used the Base version - apache one here: https://hub.docker.com/r/friendica/server
My understanding is that all I needed to do is create the docker-compose.yaml with that in the body, save and run docker-compose up -d and I should be able to go to localhost:8080 to view. When I do this it tries to move me to friendica/install in browser and it doesn't connect.
The problem is that Friendica needs a running mysql-server and some basic configurations to be useful (yet). That's why even the .examples needs some basic configuration.
Based on https://github.com/friendica/docker/tree/master/.examples/docker-compose/insecure/mariadb-cron-redis/apache , you need at least setting the following configs:
-
db.env
(the database environment settings):
-
docker-compose.yml
(general settings for Friendica):
Otherwise the automatic installer isn't capable of setting up Friendica the right way
Logs for these two containers show the following
APP1
Initializing Friendica 2019.09 ... Initializing finished New Friendica instance Running web-based installer on first connect! [Sat Dec 28 23:28:57.754008 2019] [mpm_prefork:notice] [pid 1] AH00163: Apache/2.4.25 (Debian) PHP/7.3.12 configured -- resuming normal operations [Sat Dec 28 23:28:57.754055 2019] [core:notice] [pid 1] AH00094: Command line: 'apache2 -D FOREGROUND' 172.21.0.1 - - [28/Dec/2019:23:29:02 +0000] "GET / HTTP/1.1" 302 413 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0"
DB1 (last few lines)
2019-12-28 23:29:39 0 [Note] InnoDB: Completed initialization of buffer pool 2019-12-28 23:29:39 0 [Note] InnoDB: If the mysqld execution user is authorized, page cleaner thread priority can be changed. See the man page of setpriority(). 2019-12-28 23:29:39 0 [Note] InnoDB: 128 out of 128 rollback segments are active. 2019-12-28 23:29:39 0 [Note] InnoDB: Creating shared tablespace for temporary tables 2019-12-28 23:29:39 0 [Note] InnoDB: Setting file './ibtmp1' size to 12 MB. Physically writing the file full; Please wait ... 2019-12-28 23:29:39 0 [Note] InnoDB: File './ibtmp1' size is now 12 MB. 2019-12-28 23:29:39 0 [Note] InnoDB: 10.4.11 started; log sequence number 19884017; transaction id 14628 2019-12-28 23:29:39 0 [Note] InnoDB: Loading buffer pool(s) from /var/lib/mysql/ib_buffer_pool 2019-12-28 23:29:39 0 [Note] Plugin 'FEEDBACK' is disabled. 2019-12-28 23:29:39 0 [Note] Server socket created on IP: '::'. 2019-12-28 23:29:39 0 [Warning] 'proxies_priv' entry '@% root@252fde0bcedb' ignored in --skip-name-resolve mode. 2019-12-28 23:29:39 0 [Note] InnoDB: Buffer pool(s) load completed at 191228 23:29:39 2019-12-28 23:29:39 0 [Note] Reading of all Master_info entries succeeded 2019-12-28 23:29:39 0 [Note] Added new Master_info '' to hash table 2019-12-28 23:29:39 0 [Note] mysqld: ready for connections. Version: '10.4.11-MariaDB-1:10.4.11+maria~bionic' socket: '/var/run/mysqld/mysqld.sock' port: 3306 mariadb.org binary distribution
The logs are fine. It means that both instances (db and Friendica) are on their basic state, but no installer was running.
=================
With your method you sent me in your response for docker-compose I created a new folder and made sure the file structure was identical as it is shown here: https://github.com/friendica/docker/tree/master/.examples/docker-compose/insecure/mariadb-cron-redis/apache
and then ran docker-compose up -d but it didn't navigate at all to the site
As said above, you need some basic setup to make it work. I take it as a todo for a "test environment" setting, where I fill out the basic setups for test-only environments :-).
===============
When I tried again the 2 container method and this time ran the sql file to get the DB ready, verified the local config was present and set as expected, I was able to get to the first page but then when I clicked register it is trying to always redirect to https and so without a certificate I couldn't proceed further.
This could happen in the following cases:
FRIENDICA_URL
is set to https, likehttps://friendica.local
- In your
config/local.config.php
, in the tableconfig
is set
system
.ssl_policy
to2
(which means force SSL) - or during the installing wizzard, you set the "SSL link policy" to "Force all links to use SSL"
Please check the config/local.config.php
file or the config
table if you find such settings.
This highlights another area I know I'm not very proficient right now with. My goal was to get things into a very basic state and then start learning how to get this into a stable, secure and more permanent method through trial/error. However I thought docker-compose was going to be the easiest way to going and I'm still having issues with it.
Yes, you're right. I need to simplify it a little bit more, so your feedback is very welcome :-)
from docker.
If you don't want to play around with PHP-FPM, you could replace it with the apache version of the image. This would make the usage of an extra nginx obsolete.
Because beware that you need two different types of proxies for routing FPM images to the world wide web :)
The Asset Proxy
This proxy is responsible for serving the static assets of the friendica image, because PHP-FPM is not able to serve it
Definition of PHP-FPM:
FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features (mostly) useful for heavy-loaded sites.
FastCGI is not possible to serve any assets, it's "just" responsible to generating the right PHP response for a request as fast as possible. So you have to mount the same friendica-html-root-directory as you use for the php-fpm container inside an extra nginx-image and the nginx proxy is now responsible for:
- Calling the PHP-FPM image with the parameters he gets (fast PHP excecution) and respond it to the caller
- Responding assets (images, css, js, ...) directly without calling the PHP-FPM image
A sample config for this type of nginx proxy is available here:
https://github.com/friendica/docker/blob/master/.examples/docker-compose/insecure/mariadb-cron-redis/fpm-alpine/web/nginx.conf
This is the place where the config defines which PHP-FPM container the nginx container has to call (in this example, it's the host app
in its local docker network with the port 9000
):
The Reverse Proxy
This is a extra proxy for routing a web address to the right destination - including SSL/TLS (Let's encrypt).
You can use nginx for this type of proxy too (there are configs for docker environments to automatically route web addresses to another docker image, I must confess, I've to look for it too).
I personally use a more "docker-way" for loadbalancing/routing requests:
https://docs.traefik.io/
As the front-image already suggests, it's possible to route every kind of request from outside of the docker-environment to a specific, running docker image (including scaling, loadbalancing, ...). It has native Let's encrypt support.
And it's fully flexible based on docker-image labels (so no config-changes of nginx necessary because of changed routes, new addresses, ...)
So for a first start, you could skip the first type of proxy and use the apache-image instead. This would make it possible to setup your environment step by step
- Setup Apache friendica image
- Setup Reverse Proxy (nginx / traefik / ...)
- Switch from Apache to PHP-FPM image and setup the Asset proxy
btw. Maybe it's be possible to mix both types of proxies in one nginx instance, but I don't have a lot of experiences here to help you. So I'd say you should ask these kind of questions better at stack overflow with a lot more experts :-)
from docker.
@focalfury I close this issue for now. If you need any guidance, feel free to reopen it or open another issue with questions
from docker.
Related Issues (20)
- logging HOT 2
- Cron job with k3s acting funny HOT 2
- Error: GNU Multiple Precision PHP module required but not installed. HOT 3
- E_WARNING: session_write_close() with Redis HOT 2
- How to check cron jobs? HOT 1
- db.env variables are incorrect HOT 2
- ImagickException: Unable to set the image format HOT 6
- Link in README.md is broken HOT 1
- Wrong sitename and description on Friendica Directory https://dir.friendica.social/ HOT 1
- Healthcheck HOT 3
- Can't turn off STARTTLS for msmtp
- Lots of CORS errors when using the insecure image HOT 4
- Help on running Friendica on Kubernetes HOT 2
- Issues with HTTPS HOT 9
- FRIENDICA_UPGRADE cannot be false on rc image HOT 2
- Reduce PHP error_reporting scope in container HOT 8
- Failed to open stream: No such file or directory in /var/www/html/vendor/composer/ClassLoader.php on line 444 HOT 1
- PHP Module IntlChar is missing HOT 8
- Improve documentation on attaching MySQL database HOT 1
- 2024.03-rc image is missing HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from docker.