diff --git a/README.md b/README.md index f48dafc..44b7688 100644 --- a/README.md +++ b/README.md @@ -1,39 +1,102 @@ # bluesky-pds-docker -It is required to set the hostname of the container to your FQDN or use host networking on a server whose hostname is the FQDN. +It is required to run the instance behind a proxy (like traefik) to generate SSL certificates. This will not work otherwise. The standard pds install includes caddy to handle this. + +I can confirm it works behind Cloudflare's DNS proxy with Full (strict) ## Deployment ```bash -git clone https://forgejo.gravityfargo.dev/gravityfargo/bluesky-pds-docker.git && cd bluesky-pds-docker +# Generate secret environment variables +echo PDS_ADMIN_PASSWORD: $(openssl rand --hex 16) +echo PDS_JWT_SECRET: $(openssl rand --hex 16) +echo PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: $(openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32) -make create-config -make generate-secrets -# edit the config/pds.env file to set the FQDN - -docker pull forgejo.gravityfargo.dev/gravityfargo/bluesky-pds:0.4.74 +# pull and run the container +docker pull forgejo.gravityfargo.dev/gravityfargo/bluesky-pds docker-compose up -d + +# Create an account +docker exec -it bluesky-pds bash +pdsadmin account create +pdsadmin account list +# pdsadmin request-crawl bsky.network ``` +In your browser: +- Go to https://bsky-debug.app/handle and enter your new user, "HTTP Verification Method" needs to pass. +- [websocket-tester](https://piehost.com/websocket-tester) "wss://sheltersky.social/xrpc/com.atproto.sync.subscribeRepos?cursor=0" needs to display "Connection Established" +- https://boat.kelinci.net/ has a helpful tool to export your data. +- Log in with your new user and go to https://bsky.network/ to see your data. + ### Example Docker Compose +Full list of additional Environment Variables can be found in the [packages/pds/src/config/env.ts](https://github.com/bluesky-social/atproto/blob/main/packages/pds/src/config/env.ts) +```yaml +services: + bluesky-pds: + container_name: bluesky-pds + image: forgejo.gravityfargo.dev/gravityfargo/bluesky-pds + environment: + PDS_JWT_SECRET: ... + PDS_ADMIN_PASSWORD: ... + PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ... + PDS_HOSTNAME: ... + volumes: + - ./config:/pds +``` + +### Example Docker Compose with Traefik + ```yaml services: bluesky-pds: container_name: bluesky-pds - hostname: sheltersky.social - image: bluesky-pds:0.4.74 - ports: - - 3000:3000 + image: forgejo.gravityfargo.dev/gravityfargo/bluesky-pds:latest + networks: + - proxy + env_file: + PDS_ADMIN_PASSWORD: "" + PDS_JWT_SECRET: "" + PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: "" + PDS_HOSTNAME: example.com + PDS_EMAIL_SMTP_URL: smtps://smtp-relay.gmail.com:465/ + PDS_EMAIL_FROM_ADDRESS: gravityfargo@gmail.com + volumes: - - ./config:/pds + - /bluesky-pds:/pds + labels: + traefik.enable: "true" + traefik.http.**routers**.bluesky-pds-insecure.entrypoints: http + traefik.http.routers.bluesky-pds-insecure.rule: HostRegexp(`^.+\.example\.com$`) || Host(`example.social`) + traefik.http.routers.bluesky-pds-secure.entrypoints: https + traefik.http.routers.bluesky-pds-secure.rule: HostRegexp(`^.+\.example\.com$`) || Host(`example.social`) + traefik.http.routers.bluesky-pds-secure.tls: "true" + traefik.http.services.bluesky-pds.loadbalancer.server.scheme: http + traefik.http.services.bluesky-pds.loadbalancer.server.port: 3000 + traefik.http.routers.bluesky-pds-secure.middlewares: BlueskyHeaders@file + traefik.http.routers.bluesky-pds-insecure.middlewares: BlueskyHeaders@file ``` +#### Middleware +I think file configs are cleaner than having a billion labels. +```yaml +http: + middlewares: + BlueskyHeaders: + headers: + accessControlAllowMethods: + - GET + - OPTIONS + - PUT + - POST + - DELETE + accessControlAllowHeaders: "*" + accessControlAllowOriginList: "*" + addVaryHeader: true + stsSeconds: 63072000 +``` +## Development Notes -## Contributing - -- Fork and clone the repository -- `make build` to build the image - ---- - -It's my preference not to host any code on GitHub, but I've enabled signing in with Github because most people already have that, and I don't want the hassle of a new login to prevent contributors. You cannot create new repositories on this Forgejo instance, but forking is allowed. The upstream PDS repository is on Github. +```bash +pamac install jq +```