Docker安装Firefish

Firefish是Misskey的一个分支，具有多项改进和错误修复。Firefish与Misskey的显著差异，主要在以下几个方面（摘自Firefish项目页面的介绍）：

Improved UI/UX (especially on mobile)
Post editing
Content importing
Improved notifications
Improved server security
Improved accessibility
Improved threads
Recommended Servers timeline
OCR image captioning
New and improved Groups
Better intro tutorial
Compatibility with Mastodon clients/apps
Backfill user information
Advanced search
Many more user and admin settings
Many bug fixes and performance improvements
Link verification
So much more!

下面的安装步骤基于debian12 ARM64。安装需要用到的软件包：

apt -y update  apt -y install curl nginx python3-certbot-nginx

安装docker：

curl -fsSL https://get.docker.com -o get-docker.sh  sh get-docker.sh

新建目录以及docker-compose文件：

mkdir -p /opt/firefish/config && cd /opt/firefish && nano docker-compose.yml

写入如下配置：

version: '3.8'    services:    web:      image: registry.joinfirefish.org/firefish/firefish:arm64      container_name: firefish_web      restart: unless-stopped      depends_on:        - db        - redis        - meilisearch      ports:        - "127.0.0.1:3000:3000"      networks:        - calcnet      environment:        - NODE_ENV=production      volumes:        - ./files:/firefish/files        - ./config:/firefish/.config:ro      db:      image: docker.io/postgres:14-alpine      container_name: firefish_db      restart: unless-stopped      networks:        - calcnet      environment:        - POSTGRES_DB=firefish        - POSTGRES_USER=imlala        - POSTGRES_PASSWORD=setyourdbpasswd      volumes:        - ./db:/var/lib/postgresql/data      redis:      image: docker.io/redis:7.0-alpine      container_name: firefish_redis      restart: unless-stopped      networks:        - calcnet      volumes:        - ./redis:/data      meilisearch:      container_name: firefish_meilisearch      image: getmeili/meilisearch:v1.4      restart: unless-stopped      networks:        - calcnet      environment:        - MEILI_ENV=production        - MEILI_MASTER_KEY=setyourapikey        - MEILI_NO_ANALYTICS=true      volumes:        - ./meili_data:/meili_data    networks:    calcnet:

在config目录下新建一个firefish需要用到的配置文件：

nano config/default.yml

写入如下配置，需要改动的地方后面我会详细介绍：

#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━  # Firefish configuration  #━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━    # After starting your server, please don't change the URL! Doing so will break federation.    #   ┌─────┐  #───┘ URL └─────────────────────────────────────────────────────    # Final accessible URL seen by a user.  url: https://example.com/    #   ┌───────────────────────┐  #───┘ Port and TLS settings └───────────────────────────────────    #  # Firefish requires a reverse proxy to support HTTPS connections.  #  #                 +----- https://example.com/ ------------+  #   +------+      |+-------------+      +----------------+|  #   | User | ---> || Proxy (443) | ---> | Firefish (3000) ||  #   +------+      |+-------------+      +----------------+|  #                 +---------------------------------------+  #  #   You need to set up a reverse proxy. (e.g. nginx, caddy)  #   An encrypted connection with HTTPS is highly recommended  #   because tokens may be transferred in GET requests.    # The port that your Firefish server should listen on.  port: 3000    # The bind host your Firefish server should listen on.  # If unspecified, the wildcard address will be used.  #bind: 127.0.0.1    #   ┌──────────────────────────┐  #───┘ PostgreSQL configuration └────────────────────────────────    db:    host: localhost    port: 5432    #ssl: false    # Database name    db: firefish      # Auth    user: example-firefish-user    pass: example-firefish-pass      # Whether disable Caching queries    #disableCache: true      # Extra Connection options    #extra:    #  ssl:    #   host: localhost    #   rejectUnauthorized: false    #   ┌─────────────────────┐  #───┘ Redis configuration └─────────────────────────────────────    redis:    host: localhost    port: 6379    #tls:    #  host: localhost    #  rejectUnauthorized: false    #family: 0  # 0=Both, 4=IPv4, 6=IPv6    #pass: example-pass    #prefix: example-prefix    #db: 1    #user: default    #   ┌─────────────────────────────┐  #───┘ Cache server configuration └─────────────────────────────────────    # A Redis-compatible server (DragonflyDB, Keydb, Redis) for caching  # If left blank, it will use the Redis server from above    #cacheServer:    #host: localhost    #port: 6379    #family: 0  # 0=Both, 4=IPv4, 6=IPv6    #pass: example-pass    #prefix: example-prefix    #db: 1    # Please configure either MeiliSearch *or* Sonic.  # If both MeiliSearch and Sonic configurations are present, MeiliSearch will take precedence.    #   ┌───────────────────────────┐  #───┘ MeiliSearch configuration └─────────────────────────────────────  #meilisearch:  #  host: meilisearch  #  port: 7700  #  ssl: false  #  apiKey:    #   ┌─────────────────────┐  #───┘ Sonic configuration └─────────────────────────────────────    #sonic:  #  host: localhost  #  port: 1491  #  auth: SecretPassword  #  collection: notes  #  bucket: default      #   ┌───────────────┐  #───┘ ID generation └───────────────────────────────────────────    # No need to uncomment in most cases, but you may want to change  # these settings if you plan to run a large and/or distributed server.    # cuid:  #   # Min 16, Max 24  #   length: 16  #  #   # Set this to a unique string across workers (e.g., machine's hostname)  #   # if your workers are running in multiple hosts.  #   fingerprint: my-fingerprint      #   ┌─────────────────────┐  #───┘ Other configuration └─────────────────────────────────────    # Maximum length of a post (default 3000, max 100000)  #maxNoteLength: 3000    # Maximum length of an image caption (default 1500, max 8192)  #maxCaptionLength: 1500    # Reserved usernames that only the administrator can register with  reservedUsernames: [    'root',    'admin',    'administrator',    'me',    'system'  ]    # Whether disable HSTS  #disableHsts: true    # Number of worker processes by type.  # The sum must not exceed the number of available cores.  #clusterLimits:  #  web: 1  #  queue: 1    # Job concurrency per worker  # deliverJobConcurrency: 128  # inboxJobConcurrency: 16    # Job rate limiter  # deliverJobPerSec: 128  # inboxJobPerSec: 16    # Job attempts  # deliverJobMaxAttempts: 12  # inboxJobMaxAttempts: 8    # Local address used for outgoing requests  #outgoingAddress: 127.0.0.1    # IP address family used for outgoing request (ipv4, ipv6 or dual)  #outgoingAddressFamily: ipv4    # Syslog option  #syslog:  #  host: localhost  #  port: 514    # Proxy for HTTP/HTTPS  #proxy: http://127.0.0.1:3128    #proxyBypassHosts: [  #  'web.kaiteki.app',  #  'example.com',  #  '192.0.2.8'  #]    # Proxy for SMTP/SMTPS  #proxySmtp: http://127.0.0.1:3128   # use HTTP/1.1 CONNECT  #proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4  #proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5    # Media Proxy  #mediaProxy: https://example.com/proxy    # Proxy remote files (default: false)  #proxyRemoteFiles: true    #allowedPrivateNetworks: [  #  '127.0.0.1/32'  #]    # TWA  #twa:  #  nameSpace: android_app  #  packageName: tld.domain.twa  #  sha256CertFingerprints: ['AB:CD:EF']    # Upload or download file size limits (bytes)  #maxFileSize: 262144000    #━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━  # Congrats, you've reached the end of the config file needed for most deployments!  # Enjoy your Firefish server!  #━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━          #━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━  # Managed hosting settings  # >>> NORMAL SELF-HOSTERS, STAY AWAY! <<<  # >>> YOU DON'T NEED THIS! <<<  # Each category is optional, but if each item in each category is mandatory!  # If you mess this up, that's on you, you've been warned...  #━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━    #maxUserSignups: 100  #isManagedHosting: true  #deepl:  #  managed: true  #  authKey: ''  #  isPro: false  #  #email:  #  managed: true  #  address: '[email protected]'  #  host: 'email.com'  #  port: 587  #  user: '[email protected]'  #  pass: ''  #  useImplicitSslTls: false  #  #objectStorage:  #  managed: true  #  baseUrl: ''  #  bucket: ''  #  prefix: ''  #  endpoint: ''  #  region: ''  #  accessKey: ''  #  secretKey: ''  #  useSsl: true  #  connnectOverProxy: false  #  setPublicReadOnUpload: true  #  s3ForcePathStyle: true    # !!!!!!!!!!  # >>>>>> AGAIN, NORMAL SELF-HOSTERS, STAY AWAY! <<<<<<  # >>>>>> YOU DON'T NEED THIS, ABOVE SETTINGS ARE FOR MANAGED HOSTING ONLY! <<<<<<  # !!!!!!!!!!    # Seriously. Do NOT fill out the above settings if you're self-hosting.  # They're much better off being set from the control panel.

上面这个配置文件是官方的默认配置，看上去有很多内容，但实际上需要改动的地方不多，你只需要改动下面我列出的这些配置项即可：

1、配置站点域名：

   ┌─────┐  ───┘ URL └─────────────────────────────────────────────────────    url: https://firefish.example.com/

2、配置数据库连接：

   ┌──────────────────────────┐  ───┘ PostgreSQL configuration └────────────────────────────────    db:    host: db // host对应docker-compose内的services名    port: 5432  ...    db: firefish // 应设置为POSTGRES_DB变量的值    user: imlala // 应设置为POSTGRES_USER变量的值    pass: setyourdbpasswd // 应设置为POSTGRES_PASSWORD变量的值  ...

3、配置Redis：

   ┌─────────────────────┐  ───┘ Redis configuration └─────────────────────────────────────    redis:    host: redis // host对应docker-compose内的services名    port: 6379  ...

4、配置Meilisearch：

   ┌───────────────────────────┐  ───┘ MeiliSearch configuration └─────────────────────────────────────    meilisearch:    host: meilisearch    port: 7700    ssl: false    apiKey: setyourapikey // 应设置为MEILI_MASTER_KEY变量的值  ...

其他的大多数配置内容都可以稍后在后台管理面板进行修改。现在你只需拉取镜像并启动容器：

docker compose up -d

查看容器运行状态，确保STATUS都是UP：

接下来配置NGINX反向代理，新建NGINX站点配置文件：

nano /etc/nginx/sites-available/firefish

写入如下配置：

map $http_upgrade $connection_upgrade {      default upgrade;      ''      close;  }    proxy_cache_path /tmp/nginx_cache levels=1:2 keys_zone=cache1:16m max_size=1g inactive=720m use_temp_path=off;    server {      listen 80;      server_name firefish.example.com;      client_max_body_size 0;        location / {          proxy_pass http://127.0.0.1:3000;          proxy_set_header Host $host;          proxy_http_version 1.1;          proxy_redirect off;            proxy_set_header X-Real-IP $remote_addr;          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;          proxy_set_header X-Forwarded-Proto https;            proxy_set_header Upgrade $http_upgrade;          proxy_set_header Connection $connection_upgrade;            proxy_cache cache1;          proxy_cache_lock on;          proxy_cache_use_stale updating;          add_header X-Cache $upstream_cache_status;      }  }

启用站点：

ln -s /etc/nginx/sites-available/firefish /etc/nginx/sites-enabled/firefish

签发SSL证书：

certbot --nginx

现在访问你的站点，创建管理员账号即完成全部安装过程了。

一点注意事项，如果你的meilisearch是后续安装的，即安装meilisearch的时候实例内已经有帖子了，为了能够搜索到所有内容，你还需要在后台点一下这个索引帖子：

这里留空，索引全部内容：

参考：

https://www.meilisearch.com/docs/learn/configuration/instance_options
https://raw.Githubusercontent.com/meilisearch/meilisearch/latest/config.toml
https://git.joinfirefish.org/firefish/firefish/-/blob/develop/docs/docker.md