bump
This commit is contained in:
parent
5a250e442b
commit
e489466df2
SSH key fingerprint:
SHA256:bjq+uA1U+9bFMd70q2wdNtwaYxGv84IBXalnYvZDKmg
1 changed files with 83 additions and 20 deletions
103
README.md
103
README.md
|
|
@ -1,39 +1,102 @@
|
|||
# bluesky-pds-docker
|
||||
|
||||
It is required to set the hostname of the container to your FQDN or use host networking on a server whose hostname is the FQDN.
|
||||
It is required to run the instance behind a proxy (like traefik) to generate SSL certificates. This will not work otherwise. The standard pds install includes caddy to handle this.
|
||||
|
||||
I can confirm it works behind Cloudflare's DNS proxy with Full (strict)
|
||||
|
||||
## Deployment
|
||||
|
||||
```bash
|
||||
git clone https://forgejo.gravityfargo.dev/gravityfargo/bluesky-pds-docker.git && cd bluesky-pds-docker
|
||||
# Generate secret environment variables
|
||||
echo PDS_ADMIN_PASSWORD: $(openssl rand --hex 16)
|
||||
echo PDS_JWT_SECRET: $(openssl rand --hex 16)
|
||||
echo PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: $(openssl ecparam --name secp256k1 --genkey --noout --outform DER | tail --bytes=+8 | head --bytes=32 | xxd --plain --cols 32)
|
||||
|
||||
make create-config
|
||||
make generate-secrets
|
||||
# edit the config/pds.env file to set the FQDN
|
||||
|
||||
docker pull forgejo.gravityfargo.dev/gravityfargo/bluesky-pds:0.4.74
|
||||
# pull and run the container
|
||||
docker pull forgejo.gravityfargo.dev/gravityfargo/bluesky-pds
|
||||
docker-compose up -d
|
||||
|
||||
# Create an account
|
||||
docker exec -it bluesky-pds bash
|
||||
pdsadmin account create
|
||||
pdsadmin account list
|
||||
# pdsadmin request-crawl bsky.network
|
||||
```
|
||||
In your browser:
|
||||
- Go to https://bsky-debug.app/handle and enter your new user, "HTTP Verification Method" needs to pass.
|
||||
- [websocket-tester](https://piehost.com/websocket-tester) "wss://sheltersky.social/xrpc/com.atproto.sync.subscribeRepos?cursor=0" needs to display "Connection Established"
|
||||
- https://boat.kelinci.net/ has a helpful tool to export your data.
|
||||
- Log in with your new user and go to https://bsky.network/ to see your data.
|
||||
|
||||
|
||||
### Example Docker Compose
|
||||
|
||||
Full list of additional Environment Variables can be found in the [packages/pds/src/config/env.ts](https://github.com/bluesky-social/atproto/blob/main/packages/pds/src/config/env.ts)
|
||||
```yaml
|
||||
services:
|
||||
bluesky-pds:
|
||||
container_name: bluesky-pds
|
||||
image: forgejo.gravityfargo.dev/gravityfargo/bluesky-pds
|
||||
environment:
|
||||
PDS_JWT_SECRET: ...
|
||||
PDS_ADMIN_PASSWORD: ...
|
||||
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ...
|
||||
PDS_HOSTNAME: ...
|
||||
volumes:
|
||||
- ./config:/pds
|
||||
```
|
||||
|
||||
### Example Docker Compose with Traefik
|
||||
|
||||
```yaml
|
||||
services:
|
||||
bluesky-pds:
|
||||
container_name: bluesky-pds
|
||||
hostname: sheltersky.social
|
||||
image: bluesky-pds:0.4.74
|
||||
ports:
|
||||
- 3000:3000
|
||||
image: forgejo.gravityfargo.dev/gravityfargo/bluesky-pds:latest
|
||||
networks:
|
||||
- proxy
|
||||
env_file:
|
||||
PDS_ADMIN_PASSWORD: ""
|
||||
PDS_JWT_SECRET: ""
|
||||
PDS_PLC_ROTATION_KEY_K256_PRIVATE_KEY_HEX: ""
|
||||
PDS_HOSTNAME: example.com
|
||||
PDS_EMAIL_SMTP_URL: smtps://smtp-relay.gmail.com:465/
|
||||
PDS_EMAIL_FROM_ADDRESS: gravityfargo@gmail.com
|
||||
|
||||
volumes:
|
||||
- ./config:/pds
|
||||
- /bluesky-pds:/pds
|
||||
labels:
|
||||
traefik.enable: "true"
|
||||
traefik.http.**routers**.bluesky-pds-insecure.entrypoints: http
|
||||
traefik.http.routers.bluesky-pds-insecure.rule: HostRegexp(`^.+\.example\.com$`) || Host(`example.social`)
|
||||
traefik.http.routers.bluesky-pds-secure.entrypoints: https
|
||||
traefik.http.routers.bluesky-pds-secure.rule: HostRegexp(`^.+\.example\.com$`) || Host(`example.social`)
|
||||
traefik.http.routers.bluesky-pds-secure.tls: "true"
|
||||
traefik.http.services.bluesky-pds.loadbalancer.server.scheme: http
|
||||
traefik.http.services.bluesky-pds.loadbalancer.server.port: 3000
|
||||
traefik.http.routers.bluesky-pds-secure.middlewares: BlueskyHeaders@file
|
||||
traefik.http.routers.bluesky-pds-insecure.middlewares: BlueskyHeaders@file
|
||||
```
|
||||
#### Middleware
|
||||
I think file configs are cleaner than having a billion labels.
|
||||
```yaml
|
||||
http:
|
||||
middlewares:
|
||||
BlueskyHeaders:
|
||||
headers:
|
||||
accessControlAllowMethods:
|
||||
- GET
|
||||
- OPTIONS
|
||||
- PUT
|
||||
- POST
|
||||
- DELETE
|
||||
accessControlAllowHeaders: "*"
|
||||
accessControlAllowOriginList: "*"
|
||||
addVaryHeader: true
|
||||
stsSeconds: 63072000
|
||||
```
|
||||
## Development Notes
|
||||
|
||||
## Contributing
|
||||
|
||||
- Fork and clone the repository
|
||||
- `make build` to build the image
|
||||
|
||||
---
|
||||
|
||||
It's my preference not to host any code on GitHub, but I've enabled signing in with Github because most people already have that, and I don't want the hassle of a new login to prevent contributors. You cannot create new repositories on this Forgejo instance, but forking is allowed. The upstream PDS repository is on Github.
|
||||
```bash
|
||||
pamac install jq
|
||||
```
|
||||
|
|
|
|||
Loading…
Reference in a new issue