Skip to content
Dhwaneet Bhatt

Hosting WriteFreely using Docker

AWS, Nginx, Docker2 min read

I recently came across Writefreely and it was the perfect solution I was looking for in a long time. I had been blogging before, but I wanted a separate, clean tech blog. Plus I didn't really like Blogspot. I had tried Tumblr in between (also took the pain of migrating from Blogspot to Tumblr and back) but didn't like it too because it felt like a microblogging platform to me. WordPress was too commercial for me. So I didn't really do anything until I hit upon writefreely, and it was perfect - I can self host it, its free, open source, and written in the language that I am currently picking up - Go.

I already had an AWS Lightsail instance (1 GB Memory, 1 CPU, 40 GB space) with a public static IP which I was using for hosting my other project. The box is severely underutilized as the current website running on it is for a small community and doesn't get much traffic. So I decided to host writefreely on this instance. The machine currently ran containers for nginx, mysql and php app (Laravel, soon to be rewritten in Adonisjs).

But there was one problem, writefreely doesn't have a Docker build for Production yet. I needed running it in docker so nginx can talk to it. There is no way to talk to the host port from inside the container, except for using the public IP of instance, which is not a good way because I'll have to expose the port on which I would run writefreely.

The other option is to clone the repo and build docker from source. I didn't want the trouble of handling a git repo. So I did something unconventional.

I created a docker image out of pre-built writefreely release package. I downloaded the latest release from github.

Building and running the image

Go to the home directory (I use Ubuntu so my home directory is /home/ubuntu) and run the following:

2tar -zxvf writefreely_0.12.0_linux_amd64.tar.gz
3rm -f writefreely_0.12.0_linux_amd64.tar.gz
4cd writefreely
5./writefreely --gen-keys

Then I ran ./writefreely --config and chose the following options:

  • Production, behind reverse proxy
  • Local Port 8080
  • SQLite database (I didn't want to manage mysql anymore)
  • Single user blog (can select Multi-user if there are multiple blogs/writers)
  • Enter admin username and password

There will be a file generated config.ini, with all the options. The bind option will be localhost. We will have to change that to if we want to host in a container.

After changing that, add a Dockerfile in the same directory

1FROM ubuntu:18.04
3RUN groupadd --gid 1000 appuser && \
4 useradd --uid 1000 --gid appuser --shell /bin/bash --create-home appuser && \
5 apt-get update && \
6 apt-get install -y --no-install-recommends \
7 openssl ca-certificates net-tools
9RUN mkdir -p /app && chown appuser:appuser /app
11WORKDIR /app
12USER appuser
14EXPOSE 8080
16ENTRYPOINT ["./writefreely"]

I had to choose Ubuntu (instead of the minimal alpine image) because the release downloaded from github does not work with alpine linux (maybe because it is built in Ubuntu). I choose to run any apps using a non-root user because that is a good security practice. Build the image using:

1docker build . -t mywritefreely

And then run:

1docker run -d --network=prod-network --restart=always --name mywritefreely -v /home/ubuntu/writefreely:/app mywritefreely:latest

I already have a docker network named prod-network running so I attached it to the same network.

Reverse Proxy with Nginx running in Docker

As I mentioned before, I already had a nginx running as a container. I added a new site in sites-enabled which talks to the writefreely container:

1upstream writefreely {
2 server mywritefreely:8080 fail_timeout=0;
5server {
6 server_name;
7 listen 80;
8 listen 443 ssl;
9 ssl_session_timeout 5m;
11 ssl_certificate /etc/letsencrypt/live/;
12 ssl_certificate_key /etc/letsencrypt/live/;
13 ssl_trusted_certificate /etc/letsencrypt/live/;
15 if ($scheme = http) {
16 return 301 https://$server_name$request_uri;
17 }
19 location / {
20 proxy_set_header X-Real-IP $remote_addr;
21 proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
22 proxy_set_header Host $http_host;
23 proxy_set_header X-Forwarded-Proto https;
24 proxy_redirect http:// $scheme://;
25 proxy_connect_timeout 240;
26 proxy_send_timeout 240;
27 proxy_read_timeout 240;
28 proxy_pass http://writefreely;
29 }
30 }

I downloaded the certificates using LetsEncrypt container using the following command:

1docker run -it --rm -v /home/ubuntu/certs/letsencrypt/etc:/etc/letsencrypt -p 80:80 deliverous/certbot certonly --standalone -d

When using --standalone we have to be careful we don't have nginx running on port 80 otherwise it would conflict. I prefer this because there are complications doing this with nginx and I prefer a little downtime of 5s rather than setting it up with nginx.

Once done, I started up nginx again and it forwards traffic to the writefreely container.