--- /dev/null
+### Docker + Traefik
+
+After following the [docker guide](/support/doc/docker.md), you can choose to run traefik
+as your reverse-proxy.
+
+#### Create the reverse proxy configuration directory
+
+```shell
+mkdir -p ./docker-volume/traefik
+```
+
+#### Get the latest reverse proxy configuration
+
+```shell
+curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml > ./docker-volume/traefik/traefik.toml
+```
+
+View the source of the file you're about to download: [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/traefik.toml)
+
+#### Create Let's Encrypt ACME certificates as JSON file
+
+```shell
+touch ./docker-volume/traefik/acme.json
+```
+Needs to have file mode 600:
+```shell
+chmod 600 ./docker-volume/traefik/acme.json
+```
+
+#### Update the reverse proxy configuration
+
+```shell
+$EDITOR ./docker-volume/traefik/traefik.toml
+```
+
+~~You must replace `<MY EMAIL ADDRESS>` and `<MY DOMAIN>` to enable Let's Encrypt SSL Certificates creation.~~ Now included in `.env` file with `TRAEFIK_ACME_EMAIL` and `TRAEFIK_ACME_DOMAINS` variables used through traefik service command value of `docker-compose.yml` file.
+
+More at: https://docs.traefik.io/v1.7
+
+#### Run with traefik
+
+```shell
+docker-compose -f {docker-compose.yml,docker-compose.traefik.yml} up -d
+```
# Docker guide
-You can quickly get a server running using Docker. You need to have
-[docker](https://www.docker.com/community-edition) and
+This guide requires [docker](https://www.docker.com/community-edition) and
[docker-compose](https://docs.docker.com/compose/install/) installed.
## Production
### Install
-**PeerTube does not support webserver host change**. Keep in mind your domain name is definitive after your first PeerTube start.
-
-PeerTube needs a PostgreSQL and a Redis instance to work correctly. If you want
-to quickly set up a full environment, either for trying the service or in
-production, you can use a `docker-compose` setup.
+**PeerTube does not support webserver host change**. Keep in mind your domain
+name is definitive after your first PeerTube start.
#### Go to your peertube workdir
-```shell
-cd /your/peertube/directory
-```
-
-#### Create the reverse proxy configuration directory
-
-```shell
-mkdir -p ./docker-volume/traefik
-```
-#### Get the latest reverse proxy configuration
-
-```shell
-curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml > ./docker-volume/traefik/traefik.toml
-```
-
-View the source of the file you're about to download: [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/traefik.toml)
-
-#### Create Let's Encrypt ACME certificates as JSON file
-
-```shell
-touch ./docker-volume/traefik/acme.json
-```
-Needs to have file mode 600:
```shell
-chmod 600 ./docker-volume/traefik/acme.json
+cd /your/peertube/directory
```
#### Get the latest Compose file
View the source of the file you're about to download: [docker-compose.yml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/docker-compose.yml)
-
#### Get the latest env_file
```shell
View the source of the file you're about to download: [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env)
-#### Update the reverse proxy configuration
-
-```shell
-vim ./docker-volume/traefik/traefik.toml
-```
-
-~~You must replace `<MY EMAIL ADDRESS>` and `<MY DOMAIN>` to enable Let's Encrypt SSL Certificates creation.~~ Now included in `.env` file with `TRAEFIK_ACME_EMAIL` and `TRAEFIK_ACME_DOMAINS` variables used through traefik service command value of `docker-compose.yml` file.
-
-More at: https://docs.traefik.io/v1.7
-
#### Tweak the `docker-compose.yml` file there according to your needs
```shell
-vim ./docker-compose.yml
+$EDITOR ./docker-compose.yml
```
#### Then tweak the `.env` file to change the environment variables
```shell
-vim ./.env
+$EDITOR ./.env
```
+
In the downloaded example [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env), you must replace:
- `<MY POSTGRES USERNAME>`
- `<MY POSTGRES PASSWORD>`
```shell
docker-compose up
```
-### Obtaining Your Automatically Generated Admin Credentials
-Now that you've installed your PeerTube instance you'll want to grep your peertube container's logs for the `root` password.
-You're going to want to run `docker-compose logs peertube | grep -A1 root` to search the log output for your new PeerTube's instance admin credentials which will look something like this.
-```BASH
+
+### Obtaining your automatically-generated admin credentials
+
+Now that you've installed your PeerTube instance you'll want to grep your peertube container's logs for the `root` password. You're going to want to run `docker-compose logs peertube | grep -A1 root` to search the log output for your new PeerTube's instance admin credentials which will look something like this.
+
+```bash
user@s:~/peertube|master⚡ ⇒ docker-compose logs peertube | grep -A1 root
peertube_1 | [example.com:443] 2019-11-16 04:26:06.082 info: Username: root
```
### Obtaining Your Automatically Generated DKIM DNS TXT Record
+
[DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) signature sending and RSA keys generation are enabled by the default Postfix image `mwader/postfix-relay` with [OpenDKIM](http://www.opendkim.org/).
-Run `cat ./docker-volume/opendkim/keys/*/*.txt` to display your DKIM DNS TXT Record containing the public key to configure to your domain :
-```BASH
+
+Run `cat ./docker-volume/opendkim/keys/*/*.txt` to display your DKIM DNS TXT Record containing the public key to configure to your domain :
+
+```bash
user@s:~/peertube|master⚡ ⇒ cat ./docker-volume/opendkim/keys/*/*.txt
peertube._domainkey.mydomain.tld. IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
## Development
-We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/master/.github/CONTRIBUTING.md#develop)
-for more information on how you can hack PeerTube!
+We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/master/.github/CONTRIBUTING.md#develop) for more information on how you can hack PeerTube!
--- /dev/null
+version: "3.3"
+
+services:
+
+ # The reverse-proxy only does SSL termination and automatic certificate generation. You can
+ # replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels.
+ reverse-proxy:
+ image: traefik:v1.7
+ network_mode: "host"
+ command:
+ - "--docker" # Tells Træfik to listen to docker
+ - "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email
+ - "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list
+ ports:
+ - "80:80" # serving HTTP
+ - "443:443" # serving HTTPS
+ volumes:
+ - /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events
+ - ./docker-volume/traefik/acme.json:/etc/acme.json
+ - ./docker-volume/traefik/traefik.toml:/traefik.toml
+ restart: "always"
+
+ webserver:
+ labels:
+ traefik.enable: "true"
+ traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
+ traefik.port: "80"
services:
- # The reverse-proxy only does SSL termination and automatic certificate generation. You can
- # replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels.
- reverse-proxy:
- image: traefik:v1.7
- network_mode: "host"
- command:
- - "--docker" # Tells Træfik to listen to docker
- - "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email
- - "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list
- ports:
- - "80:80" # The HTTP port
- - "443:443" # The HTTPS port
- volumes:
- - /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events
- - ./docker-volume/traefik/acme.json:/etc/acme.json
- - ./docker-volume/traefik/traefik.toml:/traefik.toml
- restart: "always"
-
# The webserver is not required, but recommended since a lot of optimizations went to its
# nginx configuration file. It runs the default nginx configuration without HTTPS nor SSL,
- # so use it in production in tandem with an SSL-terminating reverse-proxy like above.
+ # so use it in production in tandem with an SSL-terminating reverse-proxy.
webserver:
build:
context: .
- .env
# If you provide your own reverse-proxy, otherwise not suitable for production:
#ports:
- # - "80:80"
+ # - "9000:80" # serving HTTP
volumes:
- type: bind
# Switch sources if you downloaded the nginx configuration without the whole repository
depends_on:
- peertube
restart: "always"
- labels:
- traefik.enable: "true"
- traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
- traefik.port: "80"
peertube:
# If you don't want to use the official image and build one from sources:
- .env
# If you provide your own webserver and reverse-proxy, otherwise not suitable for production:
#ports:
- # - "80:9000"
+ # - "80:9000" # serving HTTP
volumes:
- assets:/app/client/dist
- ./docker-volume/data:/data
restart: "always"
postgres:
- image: postgres:12-alpine
+ image: postgres:10-alpine
env_file:
- .env
volumes:
ipam:
driver: default
config:
- - subnet: 172.18.0.0/16
+ - subnet: 172.18.0.0/16
volumes:
assets:
#!/bin/sh
set -e
-# Process nginx template
-SOURCE="/etc/nginx/conf.d/peertube.template"
-TARGET="/etc/nginx/conf.d/default.conf"
+# Process the nginx template
+SOURCE_FILE="/etc/nginx/conf.d/peertube.template"
+TARGET_FILE="/etc/nginx/conf.d/default.conf"
export WEBSERVER_HOST="default_server"
export PEERTUBE_HOST="peertube:9000"
-envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE > $TARGET
+envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE_FILE > $TARGET_FILE
# Remove HTTPS/SSL from nginx conf
-sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET
+sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET_FILE
nginx -g "daemon off;"
\ No newline at end of file
projects / github / Chocobozzz / PeerTube.git / commitdiff
