Featured image of post 自托管服务记录

自托管服务记录

掰着指头数一数服务器还有多少资源可以压榨!

自托管服务记录

回想起自己做网站的辛酸史,就感觉到头痛😭。原本自己是超级讨厌Docker的玩家到现在没有Docker镜像连用都不想用,这其中我的经历完全不想诉说。我只想大声讲出来:Docker真的太方便了!!!(当然,是能连上hub网站的话)

mastodon

我的mastodon网站!

地址在这里,欢迎注册!大家一起玩!

这是我最喜欢的服务,类似于微博,但是是去中心化的,每个人都是主站!实例之间的通信使用一个加做“中继”的东东连接,当然,本站点没有加入任何中继!(其实是关闭了,因为感觉有点吵)从去年搭好开始就没断过,每天都在吐槽(当垃圾桶,哈哈哈哈)。最近发现有用户在我网站注册,好开心诶!就是。。。注册后完全没有反应😥,担心他(她?)没有看到还发送过邮件提醒,但是依然石沉大海。

docker-compose.yml文件:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
version: '3'
services:
  db:
    restart: always
    image: postgres:14-alpine
    shm_size: 256mb
    networks:
      - internal_network
    healthcheck:
      test: ['CMD', 'pg_isready', '-U', 'postgres']
    volumes:
      - ./postgres14:/var/lib/postgresql/data
    environment:
      - 'POSTGRES_HOST_AUTH_METHOD=trust'

  redis:
    restart: always
    image: redis:6-alpine
    networks:
      - internal_network
    healthcheck:
      test: ['CMD', 'redis-cli', 'ping']
    volumes:
      - ./redis:/data

  # es:
  #   restart: always
  #   image: docker.elastic.co/elasticsearch/elasticsearch:7.17.4
  #   environment:
  #     - "ES_JAVA_OPTS=-Xms512m -Xmx512m -Des.enforce.bootstrap.checks=true"
  #     - "xpack.license.self_generated.type=basic"
  #     - "xpack.security.enabled=false"
  #     - "xpack.watcher.enabled=false"
  #     - "xpack.graph.enabled=false"
  #     - "xpack.ml.enabled=false"
  #     - "bootstrap.memory_lock=true"
  #     - "cluster.name=es-mastodon"
  #     - "discovery.type=single-node"
  #     - "thread_pool.write.queue_size=1000"
  #   networks:
  #      - external_network
  #      - internal_network
  #   healthcheck:
  #      test: ["CMD-SHELL", "curl --silent --fail localhost:9200/_cluster/health || exit 1"]
  #   volumes:
  #      - ./elasticsearch:/usr/share/elasticsearch/data
  #   ulimits:
  #     memlock:
  #       soft: -1
  #       hard: -1
  #     nofile:
  #       soft: 65536
  #       hard: 65536
  #   ports:
  #     - '127.0.0.1:9200:9200'

  web:
    build: .
    image: tootsuite/mastodon
    restart: always
    env_file: .env.production
    command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000"
    networks:
      - external_network
      - internal_network
    healthcheck:
      # prettier-ignore
      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:3000/health || exit 1']
    ports:
      - '127.0.0.1:3000:3000'
    depends_on:
      - db
      - redis
      # - es
    volumes:
      - ./public/system:/mastodon/public/system

  streaming:
    build: .
    image: tootsuite/mastodon
    restart: always
    env_file: .env.production
    command: node ./streaming
    networks:
      - external_network
      - internal_network
    healthcheck:
      # prettier-ignore
      test: ['CMD-SHELL', 'wget -q --spider --proxy=off localhost:4000/api/v1/streaming/health || exit 1']
    ports:
      - '127.0.0.1:4000:4000'
    depends_on:
      - db
      - redis

  sidekiq:
    build: .
    image: tootsuite/mastodon
    restart: always
    env_file: .env.production
    command: bundle exec sidekiq
    depends_on:
      - db
      - redis
    networks:
      - external_network
      - internal_network
    volumes:
      - ./public/system:/mastodon/public/system
    healthcheck:
      test: ['CMD-SHELL', "ps aux | grep '[s]idekiq\ 6' || false"]

  ## Uncomment to enable federation with tor instances along with adding the following ENV variables
  ## http_proxy=http://privoxy:8118
  ## ALLOW_ACCESS_TO_HIDDEN_SERVICE=true
  # tor:
  #   image: sirboops/tor
  #   networks:
  #      - external_network
  #      - internal_network
  #
  # privoxy:
  #   image: sirboops/privoxy
  #   volumes:
  #     - ./priv-config:/opt/config
  #   networks:
  #     - external_network
  #     - internal_network

networks:
  external_network:
  internal_network:
    internal: true

这个compose文件中使用的镜像是官方的,我是自己改了主题的噗。

兰空图床

最没有使用价值的服务之一….搭建完后除刚开始有点兴致上传看看外,已经实质上被我忘记。 兰空图床没有docker镜像,使用的是php环境。

图床

Bitwarden

Bitwarden是一款自由且开源的密码管理服务,用户可在加密的保管库中存储敏感信息(例如网站登录凭据)。基本上我所有的密码现在已经使用Bitwarden保存。在android和ios上都可网站或app自动填充。在PC上使用浏览器插件登录自己账号也OK。

自托管与官方服务的区别是,自托管版本自动获得所有官方付费功能。

使用几个月后发现Bitwarden的send功能简直是神器,可以跨平台发送图片文字链接等,完全可以当一个简易的跨平台云剪切!

Bitwarden

docker-compose.yml文件:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
version: '3'

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    restart: always
    environment:
    - WEBSOCKET_ENABLED=true 
    - SIGNUPS_ALLOWED=false
    volumes:
      - /data/docker/bitwarden/data:/data
    ports:
      - 7006:80  # Needed for the ACME HTTP-01 challenge.
      - 7007:443
      - 3012:3012

需要自己配置一下反向代理哦!

Cloudreve

当个云盘用,也能开Wevdav功能来同步支持此功能的各种APP保存数据。给朋友分享软件文档什么的也可以用这个(那为什么不用万能的QQ和微信呢?NO!我才不用这些嘞!)

我的云盘地址是:吕楪的云盘

暂时不能用了😭

Cloudreve

docker-compose.yml文件:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
version: "3.8"
services:
  cloudreve:
    container_name: cloudreve
    image: cloudreve/cloudreve:latest
    restart: unless-stopped
    ports:
      - "5212:5212"
    volumes:
      - temp_data:/data
      - ./cloudreve/uploads:/cloudreve/uploads
      - ./cloudreve/conf.ini:/cloudreve/conf.ini
      - ./cloudreve/cloudreve.db:/cloudreve/cloudreve.db
      - ./cloudreve/avatar:/cloudreve/avatar
    depends_on:
      - aria2
  aria2:
    container_name: aria2
    image: p3terx/aria2-pro
    restart: unless-stopped
    environment:
      - RPC_SECRET=your_aria_rpc_token
      - RPC_PORT=6800
    volumes:
      - ./aria2/config:/config
      - temp_data:/data
volumes:
  temp_data:
    driver: local
    driver_opts:
      type: none
      device: $PWD/data
      o: bind

自己配置的话,外部端口尽量都改改吧。

h5ai

文件索引器,很早以前当直链来get使用的。自己网上冲浪发现一些有用的脚步保存到这里,服务器用的时候直接通过wget命令访问。非常方便!顺带一提,博客添加的音乐播放器的播放文件就在这里噗。

h5ai

网站是h5ai,只需要下载下来放网站根目录,然后开几个PHP函数就能用。

matrix

通讯应用,服务端叫做synapse,iOS和Android都有,所以现在当做跨平台传送文件的工具用。做好后端后PC端可以使用Element连接。如果你搭建此应用,可以通过这个链接联系我!

matrix

上面是搭好后网页的提示,代表服务正在运行中。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
version: "3.4"

services:
  synapse:
    hostname: matrix
    image: matrixdotorg/synapse:latest
    restart: always
    #container_name: matrix_server   
    container_name: synapse
    depends_on:
      - db
      - redis
    ports:
      - 8008:8008
    volumes:
      - ./synapse/data:/data
    networks:
      - synapse_network
      - external_network
    healthcheck:
      test: ["CMD-SHELL", "curl -s localhost:8008/health || exit 1"]

  db:
    image: postgres
    restart: always
    container_name: matrix_db
    volumes:
      - ./synapse/db:/var/lib/postgresql/data
    environment:
      POSTGRES_USER: synapse
      POSTGRES_PASSWORD: Flzx3000c
      POSTGRES_DB: synapse
      POSTGRES_INITDB_ARGS: "--encoding='UTF8' --lc-collate='C' --lc-ctype='C'"
    networks:
      - synapse_network
    healthcheck:
      test: ["CMD", "pg_isready", "-U", "synapse"]

  redis:
    image: redis:6.0-alpine
    restart: always
    container_name: matrix_redis  
    volumes:
      - ./synapse/redis:/data
    networks:
      - synapse_network
    healthcheck:
      test: ["CMD", "redis-cli", "ping"]

networks:
  synapse_network:
    internal: true
  external_network:

funkwhale

这是一个音乐播放器(大概?),我在服务端放了一点陈奕迅的歌😎。听别人讲这个可以和mastodon互通诶,但是我完全找不到怎么联系。有谁能告诉我吗?

funkwhale

docker-compose.yml文件:

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
version: "3"

services:
  postgres:
    restart: unless-stopped
    networks:
      - default
    env_file: .env
    environment:
      - "POSTGRES_HOST_AUTH_METHOD=trust"
    image: postgres:11
    volumes:
      - ./data/postgres:/var/lib/postgresql/data

  redis:
    restart: unless-stopped
    networks:
      - default
    env_file: .env
    image: redis:5
    volumes:
      - ./data/redis:/data

  celeryworker:
    restart: unless-stopped
    image: funkwhale/funkwhale:${FUNKWHALE_VERSION:-latest}
    networks:
      - default
    depends_on:
      - postgres
      - redis
    env_file: .env
    # Celery workers handle background tasks (such file imports or federation
    # messaging). The more processes a worker gets, the more tasks
    # can be processed in parallel. However, more processes also means
    # a bigger memory footprint.
    # By default, a worker will span a number of process equal to your number
    # of CPUs. You can adjust this, by explicitly setting the --concurrency
    # flag:
    #   celery -A funkwhale_api.taskapp worker -l INFO --concurrency=4
    command: celery -A funkwhale_api.taskapp worker -l INFO --concurrency=${CELERYD_CONCURRENCY-0}
    environment:
      - C_FORCE_ROOT=true
    volumes:
      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}"

  celerybeat:
    restart: unless-stopped
    image: funkwhale/funkwhale:${FUNKWHALE_VERSION:-latest}
    networks:
      - default
    depends_on:
      - postgres
      - redis
    env_file: .env
    command: celery -A funkwhale_api.taskapp beat --pidfile= -l INFO

  api:
    restart: unless-stopped
    image: funkwhale/funkwhale:${FUNKWHALE_VERSION:-latest}
    networks:
      - default
    depends_on:
      - postgres
      - redis
    env_file: .env
    volumes:
      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}"
      - "${STATIC_ROOT}:${STATIC_ROOT}"
      - "${FUNKWHALE_FRONTEND_PATH}:/frontend"
    ports:
      - "5000"

  nginx:
    restart: unless-stopped
    image: nginx
    networks:
      - default
    depends_on:
      - api
    env_file:
      - .env
    environment:
      # Override those variables in your .env file if needed
      - "NGINX_MAX_BODY_SIZE=${NGINX_MAX_BODY_SIZE-100M}"
    volumes:
      - "./nginx/funkwhale.template:/etc/nginx/conf.d/funkwhale.template:ro"
      - "./nginx/funkwhale_proxy.conf:/etc/nginx/funkwhale_proxy.conf:ro"
      - "${MUSIC_DIRECTORY_SERVE_PATH-/srv/funkwhale/data/music}:${MUSIC_DIRECTORY_PATH-/music}:ro"
      - "${MEDIA_ROOT}:${MEDIA_ROOT}:ro"
      - "${STATIC_ROOT}:${STATIC_ROOT}:ro"
      - "${FUNKWHALE_FRONTEND_PATH}:/frontend:ro"
    ports:
      # override those variables in your .env file if needed
      - "${FUNKWHALE_API_IP}:${FUNKWHALE_API_PORT}:80"
    command: >
        sh -c "envsubst \"`env | awk -F = '{printf \" $$%s\", $$1}'`\"
        < /etc/nginx/conf.d/funkwhale.template
        > /etc/nginx/conf.d/default.conf
        && cat /etc/nginx/conf.d/default.conf
        && nginx -g 'daemon off;'"        

networks:
  default:

squoosh

这是谷歌开源的一个图片压缩软件,在V2EX闲逛的时候发现有朋友做了一个镜像所以搭来玩玩。然后,发现妈耶,果然谷歌的技术好厉害诶,压缩蛮强的。可以把智图扔了😄。

Squoosh

看下面,原本一张2.47MB的图片,可以直接压缩层158KB!完全可以扔掉智图了好吗!每次智图压图片时CPU嗡嗡嗡转吵死人了,而且我明明看文档讲是把图片扔服务器上压缩的诶,智图压缩一张图片用好大功夫,而squoosh秒压!

这张照片

timetagger

timetagger是一个时间记录软件,自己做什么工作的时候点record,结束的时候点stop,但是总是会忘记这简单的操作Orz,所以用处不大。

docker-compose.yml文件:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
# Example docker-compose file for TimeTagger that uses the published
# Docker image. Shows all options settable via the environment.
#
# !! Make sure to apply your own credentials                       !!
# !! You can use e.g. https://timetagger.app/cred to generate them !!
# !! In docker-compose characters '$' should be escaped as '$$'    !!

version: "3"
services:
  timetagger:
    image: ghcr.io/almarklein/timetagger
    ports:
      - "8547:80"
    volumes:
      - ./_timetagger:/root/_timetagger
    environment:
      - TIMETAGGER_BIND=0.0.0.0:80
      - TIMETAGGER_DATADIR=/root/_timetagger
      - TIMETAGGER_LOG_LEVEL=info
      - TIMETAGGER_CREDENTIALS=test:$$2a$$08$$0CD1NFiIbancwWsu3se1v.RNR/b7YeZd71yg3cZ/3whGlyU6Iny5i  # test:test
      #- TIMETAGGER_CREDENTIALS=admin:$2a$08$o.yZppxGWSy1JmbboPj1muSkV32nQYN2U6eDeMTFy8Zn.LZEbqOte

timetagger

缓慢追加中….(PS:好想搭个Bookwyrm,但是尝试好久总是架构问题不行诶😥)

PS:@2022年8月25日 Bookwyrm-桔梗 搭建好了,这是几个星期前的事情🎉

生活笔记,禁止转载,每个人都有不一样的体验。
最后更新于 07月30日 22点26分, 2022年
irithys
Built with Hugo
主题 StackJimmy 设计,由 吕楪 改进😎