A black cat with a red bandana, holding a baguette and looking to the left

damien's zone

Here's how I set up Comentario on my server (which is the machine I run my Mastodon instance on). See related article.

I am using the Docker method. I created these two files in /root/comentario on my server:

docker-compose.yml

services:
  db:
    image: postgres:16-alpine
    restart: unless-stopped
    environment:
      POSTGRES_DB: comentario
      POSTGRES_USER: postgres
      POSTGRES_PASSWORD: PASSWORD
    expose:
      - "54320"
    ports:
      - "54320:5432"
    volumes:
      - ./postgres-data:/var/lib/postgresql/data
    command: -p 54320

  app:
    restart: unless-stopped
    image: registry.gitlab.com/comentario/comentario
    environment:
      BASE_URL: https://yourdomain.com
      SECRETS_FILE: "/secrets.yaml"
      EMAIL_FROM: your-email@email.com
    ports:
      - "8080:80"
    volumes:
      - ./secrets.yaml:/secrets.yaml:ro

secrets.yaml

postgres:
  host: db
  port: 54320
  database: comentario
  username: postgres
  password: PASSWORD
smtpServer:
  host: smtp.sendgrid.net
  port: 587
  username: apikey
  password: PASSWORD

Then I set up nginx with this configuration, with certificates generated by certbot

certbot certonly --nginx -d mydomain.com

nginx reverse proxy config

upstream web-api {
  server 127.0.0.1:8080;
}

server {
  listen 80;
  server_name example.com;

  location / {
    return 301 https://$host$request_uri;
  }
}

server {
  listen 443 ssl;
  server_name example.com;

  ssl_certificate     /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

  location / {
    proxy_pass http://web-api;
    proxy_redirect off;
    proxy_http_version 1.1;
    proxy_cache_bypass $http_upgrade;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection keep-alive;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_buffer_size 128k;
    proxy_buffers 4 256k;
    proxy_busy_buffers_size 256k;
  }
}

Note: I am exposing Postgres on port 54320 instead of the default 5432, but that's only because 5432 is already taken by the Postgres process for Mastodon.

And that's it!