Use the provided Dockerfile, supplying the following environment variables:
SITE_DOMAIN
: the domain this will be hosted at, without the protocol. Example:journal.example.com
.DATABASE_URL
: URL of a PostgreSQL database for the application to use. Example:postgres://journal:[email protected]/journal
.CIPHER_KEY
: Secret key used in encrypting. It needs to be 32 bytes base 64 encoded. Generate withBase64.encode64(SecureRandom.random_bytes(32))
.SHARING_TOKEN_CIPHER_IV
: This is to make sure sharing token IVs are the same so we can find posts from a public route parameter. It needs to be 16 bytes base 64 encoded. Generate withBase64.encode64(SecureRandom.random_bytes(16))
.SECRET_KEY_BASE
: Secret key for verifying the integrity of signed cookies. Generate withSecureRandom.alphanumeric(30)
.
The initial user with username admin
will be created on application start if
there are no existing users in the database. The password will be printed to
the standard output.
The container expects to be proxied to its real address. Here is example proxy configuration for nginx if the container is listening on port 12345 and nginx is terminating the HTTPS connection:
location / {
proxy_pass http://localhost:12345;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $http_host;
}
Here is an example for Traefik reverse proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.journal.entrypoints=http"
- "traefik.http.routers.journal.rule=Host(`journal.local.replaceme`)"
- "traefik.http.middlewares.journal-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.journal.middlewares=journal-https-redirect"
- "traefik.http.routers.journal-secure.entrypoints=https"
- "traefik.http.routers.journal-secure.rule=Host(`journal.local.efreeze.me`)"
- "traefik.http.routers.journal-secure.tls=true"
- "traefik.http.routers.journal-secure.service=journal"
- "traefik.http.services.journal.loadbalancer.server.port=3000"
- "traefik.docker.network=proxy"