This solution uses docker-compose to build and run a Pleroma instance on an Amazon Linux 2 machine with NGINX reverse proxy enabled and certbot running periodcally to assign a SSL/TLS certificate. Before doing it, make sure docker and docker-compose are installed on the machine.

During the solution, if you encounter privilege-related issues, try running docker-compose with sudo.

Preparation

Prepare the folder

First create the folders used as docker volumes and pull the Dockerfile.

1
2
3
mkdir uploads config instance
chown -R 911:911 uploads instance
wget https://github.com/AraragiHokuto/docker-pleroma/raw/master/Dockerfile

Create a docker-compose.yml file

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
version: '2.3'

services:
postgres:
image: postgres:alpine
container_name: pleroma_postgres
restart: always
environment:
POSTGRES_USER: pleroma
POSTGRES_PASSWORD: pleroma
POSTGRES_DB: pleroma
volumes:
- ./postgres:/var/lib/postgresql/data

web:
build: .
image: pleroma
container_name: pleroma_web
restart: always
volumes:
- ./uploads:/pleroma/uploads
- ./instance:/pleroma/instance
depends_on:
- postgres

nginx:
image: nginx:stable-alpine
container_name: pleroma_nginx
ports:
- "80:80"
- "443:443"
volumes:
- ./config/nginx:/etc/nginx/conf.d
- ./config/certbot/conf:/etc/letsencrypt
- ./config/certbot/www:/var/www/certbot
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"

certbot:
image: certbot/certbot
container_name: pleroma_certbot
volumes:
- ./config/certbot/conf:/etc/letsencrypt
- ./config/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"

Pleroma part

Install citext PostgreSQL extension

Note that you might need to wait for a few seconds before executing the second command.

1
2
3
docker-compose up -d postgres
docker exec -i pleroma_postgres psql -U pleroma -c "CREATE EXTENSION IF NOT EXISTS citext;"
docker-compose down

Create config/secret.exs with the following content

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
use Mix.Config

config :pleroma, Pleroma.Web.Endpoint,
http: [ ip: {0, 0, 0, 0}, ],
url: [host: "example.ltd", scheme: "https", port: 443],
secret_key_base: "your_secret_key_base"

config :pleroma, :instance,
name: "Pleroma",
email: "your.email@example.org",
limit: 5000,
registrations_open: true

config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true,
base_url: "https://cache.domain.tld"

config :pleroma, configurable_from_database: true

# Configure your database
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
username: "pleroma",
password: "pleroma",
database: "pleroma",
hostname: "postgres",
pool_size: 10

Make sure to change the host, secret_key_base and email to your own.

Build the image

1
docker-compose build

Setup the database

1
docker-compose run --rm web mix ecto.migrate

You will get an output in a format of:

1
2
3
4
config :web_push_encryption, :vapid_details,
subject: "mailto:administrator@example.com",
public_key: "your_public_key",
private_key: "your_private_key"

Paste it to the end of config/secret.exs.

Run docker-compose run --rm web mix web_push.gen.keypair to apply the web push key pair.

Run docker-compose run --rm web mix pleroma.config migrate_to_db to transfer the config to the database, so it can be configured from the web dashboard.

NGINX and Certbot part

Setup NGINX config

Download the official NGINX config to config/nginx/ and change the file extension to .conf:

1
2
wget https://git.pleroma.social/pleroma/pleroma/-/raw/develop/installation/pleroma.nginx
mv pleroma.nginx pleroma.conf

Open the file, replace server address 127.0.0.1 at line 15 with pleroma_web since we will be reverse proxying another docker container. Replace example.ltd with the domain of your own. Check the rest part of the config and uncomment any lines on your own need.

Start certbot

Download this script:

1
wget https://gist.githubusercontent.com/AkazaRenn/8955ea558a4d62b5599336b04a5d25cd/raw/2a2496c0a6c569cd5d225757edcc65c80fe352f9/init-letsencrypt.sh

Edit line 8 of the script to replace with your own domain and line 11 with your own email address.

Grant execution permission and run the script:

1
2
chmod +x init-letsencrypt.sh
sudo ./init-letsencrypt.sh

Start the server

Now everything should be done, build the server by docker-compose build. After it’s finished, run docker-compose up -d to start the server.

Post-installation

Run docker-compose run --rm web mix pleroma.user new <nickname> <email> --password <password> --admin to create your admin account. After that, you can log into the website with the credentials used here.

DO NOT ENABLE ROCKER LOADER if you are using Cloudflare for DNS, it will take down the website.

References