Rework docker setup

[jwr1]

Changes to Docker setup

• Uses the https://github.com/dunglas/symfony-docker template, and in turn, https://github.com/dunglas/frankenphp.
• An external reverse proxy is not required, as the Caddy server built into FrankenPHP enables automatic HTTPS.
• The .env and compose.override.yaml files are now stored in the root of the Mbin directory, with all other server specific data stored in storage/ (including OAuth keys).
• RabbitMQ now correctly persists data.
• All containers are now set up to work with non-root users.
• There's a new bash script that automates the setup of the docker environment.
• The default user for all services has changed from kbin to mbin.
• The default Postgres version has been bumped to 17.
• Switch to using Valkey instead of Redis.
• Include a Valkey config with recommended default.
• Automatically enable the S3 FS adapter when an S3_KEY is provided.
• Enable permanent image redirect responses (301 status code) by default.
• Includes a development server, making contributing much easier.

Quick Start Guide

Use these steps to install Mbin on a new server. It is assumed that docker is already installed and set up.

1. Clone Mbin and change directories: git clone https://github.com/MbinOrg/mbin.git && cd mbin (make sure to switch to this docker branch).
2. Run the auto setup script: ./docker/setup.sh prod DOMAINHERE (use localhost for the domain if you want to test locally).
3. Optionally configure SMTP, hCaptcha, S3, and/or SSO in .env.
4. Use docker build -t mbin -f docker/Dockerfile . to build the Docker image.
5. Run docker compose up -d to start the Docker containers.
6. Assuming your DNS and firewall (ports 80 and 443 allowed) are correctly configured, then you should be able to access your new Mbin instance from your domain (or https://localhost_ if you used localhost)!
7. Don't forget to follow the Mbin first setup instructions!

Migration Guide

Use these steps to migrate from the old Docker setup to this one. The big thing to keep in mind is that all your server data is now in one of three locations: .env, compose.override.yaml, and storage/. So, all server data will be going under here from now on.

Additionally, this new setup does not require a reverse proxy (and actually recommends not using one), as the PHP server it's using comes with built-in HTTPS support via Let's Encrypt and Caddy. You will need to ensure ports 80 and 443 are directly exposed and available on your server in order for this migration guide to work.

1. Keep your old Mbin directory for now; just create a new one by cloning Mbin again (git clone https://github.com/MbinOrg/mbin.git)! I'll reference old as your old Mbin directory and new as your new one.
2. Run the auto setup script in new (with this docker branch of course): ./docker/setup.sh prod DOMAINHERE.
3. Run docker compose down in old/docker if you haven't already.
4. Copy your Postgres database from old/docker/storage/postgres to new/storage/postgres.
5. Copy your media files from old/docker/storage/media to new/storage/media.
6. Copy your OAuth keys from old/config/oauth2 to new/storage/oauth (both private.pem and public.pem).
7. Open old/docker/.env and new/.env side by side so you can copy values from the old .env file to the new one as needed.
8. You'll want to copy over most .env values, including KBIN_*, MBIN_*, MAX_IMAGE_BYTES, HCAPTCHA_*, S3_*, the SSO fields, EXIF_*, APP_SECRET, POSTGRES_*, MAILER_DSN, MERCURE_JWT_SECRET, OAUTH_PASSPHRASE, and OAUTH_ENCRYPTION_KEY. Everything else, you can leave alone; feel free to ask if you have any questions about this.
9. Now that non-root containers are supported, you'll have to update the permissions of the files in new/storage/ to match MBIN_USER in .env. Run chown -R 1000:1000 new/storage/ if your MBIN_USER is 1000:1000. Running the new setup under root has not been tested yet, but you will likely not need to change any file permissions if you were running as root previously.
10. In new/compose.override.yaml, uncomment the section that enables you to build the Docker image locally.
11. In new, run docker compose up -d to build and start the Docker containers.
12. If all goes well, then you should be able to access your Mbin instance from your domain!

To Do

• Document using behind another reverse proxy
• Work on the dev environment
• Update GH actions
• Fix volume permissions
• Look into whether rabbitmq volumes are actually needed
• Change docs guide to edit compose.override.yaml instead of compose.prod.yaml to use the prebuilt image.

[jwr1]

I think it's really ready this time!

Of course, if I find anything else, I'll just make another PR.

Once this is merged, I'm going to put it on kbin.earth. That will be the real test!

[melroy89]

I think it's really ready this time!

Of course, if I find anything else, I'll just make another PR.

Once this is merged, I'm going to put it on kbin.earth. That will be the real test!

Yeah! I'm really happy with this! Thank you so much!