Now with comments, more playing with Docker
I didn't want to launch the blog without comments, but I did it anyway, because I'd started working on a DIY self-hosted solution and didn't want to use disqus or any of the other paid / ad-driven / data mined offerings.
Discourse looked awesome, but proved overly complex for my needs and difficult to set up.
It was a fun project, done very simply. I suppose it is not truely self-hosted because it depends on google's Captcha and Gmail, but hey, it works, and since the data is all public anyway, I don't mind using those services.
If you are curious, the email address that you type in will not be stored on my server, it is simply hashed and discarded. Yes, yes, I know, the MD5 used by gravatar is incredibly weak. But, email isn't required to post anyway. You could still get a consistent identity by typing in a short password instead if you wish.
In the future I will probably clean up the project and fully open source it. For now, a lot of stuff is hard-coded and unclean. It was a hack mostly developed in a few days. The source code is here: http://git.sequentialread.com/forest/sequentialread-comments
The comments api can be run via docker, with the provided Dockerfile. I run it together with the rest of my services using docker-compose.
The relevant part of my docker-compose.yml
file looks like this:
nginx:
image: jwilder/nginx-proxy
ports:
- "80:80"
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
comments:
image: forestj/sequentialread-comments
volumes:
- /dockerdata/comments/data:/usr/src/app/data
expose:
- "2369"
environment:
VIRTUAL_HOST: comments.sequentialread.com
VIRTUAL_PORT: 2369
RECAPTCHA_SECRET_KEY: xxxxxxxxxxxxxxxxxxx
GMAIL_USER: xxxxxxxxxxxxxxxxxxx
GMAIL_PASSWORD: xxxxxxxxxxxxxxxxxxx
EMAIL_NOTIFICATION_TARGET: xxxxxxxxxxxxxxxxxxx
jwilder/nginx-proxy will ask docker for information about containers, looking for VIRTUAL_HOST
and VIRTUAL_PORT
environment variables, and then configure its own internal nginx instance with virtual hosts for each container.
So nginx acts as a reverse proxy and only allows connections on port 80. Each container still gets its own port internally via expose, but externally, its all port 80 (and 443 once I get my SSL cert set up!).
forestj/sequentialread-comments
is a docker image I built from the Dockerfile. The volumes
here mean that a folder inside the container is treated like a mounted disk, but it is "mounted" to a folder outside of the container. That means that I can nuke the container and re-create it without deleting all of my blog comments.