diff options
author | Kim <1877318+kimsible@users.noreply.github.com> | 2020-02-24 15:30:14 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-24 15:30:14 +0100 |
commit | e962e1c3c52b77075ec7b46ed0984476684551ab (patch) | |
tree | 4c5afdba0862b8668763a7e26f7b2334ba9c323f | |
parent | f30736c8917e66ed8940dd664d75826dc5a2853b (diff) | |
download | PeerTube-e962e1c3c52b77075ec7b46ed0984476684551ab.tar.gz PeerTube-e962e1c3c52b77075ec7b46ed0984476684551ab.tar.zst PeerTube-e962e1c3c52b77075ec7b46ed0984476684551ab.zip |
Chore/docker-documentation-improvements (#2494)
* unify env_var names to replace
* detail more and improve docker doc
* fix title
* move acme email and domains to traefik command
* add details about TRAEFIK_ACME_* variables
* Fix preview links from /develop to /master
-rw-r--r-- | support/doc/docker.md | 88 | ||||
-rw-r--r-- | support/docker/production/.env | 23 | ||||
-rw-r--r-- | support/docker/production/config/traefik.toml | 11 | ||||
-rw-r--r-- | support/docker/production/docker-compose.yml | 5 |
4 files changed, 88 insertions, 39 deletions
diff --git a/support/doc/docker.md b/support/doc/docker.md index b251329d0..2ee922b87 100644 --- a/support/doc/docker.md +++ b/support/doc/docker.md | |||
@@ -14,43 +14,95 @@ PeerTube needs a PostgreSQL and a Redis instance to work correctly. If you want | |||
14 | to quickly set up a full environment, either for trying the service or in | 14 | to quickly set up a full environment, either for trying the service or in |
15 | production, you can use a `docker-compose` setup. | 15 | production, you can use a `docker-compose` setup. |
16 | 16 | ||
17 | #### Go to your peertube workdir | ||
17 | ```shell | 18 | ```shell |
18 | $ cd /your/peertube/directory | 19 | cd /your/peertube/directory |
19 | $ mkdir ./docker-volume && mkdir ./docker-volume/traefik | ||
20 | $ curl "https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml" > ./docker-volume/traefik/traefik.toml | ||
21 | $ touch ./docker-volume/traefik/acme.json && chmod 600 ./docker-volume/traefik/acme.json | ||
22 | $ curl -s "https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/docker-compose.yml" -o docker-compose.yml "https://raw.githubusercontent.com/Chocobozzz/PeerTube/master/support/docker/production/.env" -o .env | ||
23 | ``` | 20 | ``` |
24 | View the source of the files you're about to download: [docker-compose.yml](https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/docker-compose.yml) and the [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/config/traefik.toml) and the [.env](https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/.env) | ||
25 | 21 | ||
26 | Update the reverse proxy configuration: | 22 | #### Create the reverse proxy configuration directory |
27 | 23 | ||
28 | ```shell | 24 | ```shell |
29 | $ vim ./docker-volume/traefik/traefik.toml | 25 | mkdir -p ./docker-volume/traefik |
30 | ``` | 26 | ``` |
31 | 27 | ||
32 | Tweak the `docker-compose.yml` file there according to your needs: | 28 | #### Get the latest reverse proxy configuration |
33 | 29 | ||
34 | ```shell | 30 | ```shell |
35 | $ vim ./docker-compose.yml | 31 | curl https://raw.github.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml > ./docker-volume/traefik/traefik.toml |
36 | ``` | 32 | ``` |
37 | 33 | ||
38 | Then tweak the `.env` file to change the environment variables: | 34 | View the source of the file you're about to download: [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/traefik.toml) |
35 | |||
36 | #### Create Let's Encrypt ACME certificates as JSON file | ||
39 | 37 | ||
40 | ```shell | 38 | ```shell |
41 | $ vim ./.env | 39 | touch ./docker-volume/traefik/acme.json |
42 | ``` | 40 | ``` |
43 | If you did not download the .env file above, here you can look at the variables that can be set: | 41 | Needs to have file mode 600: |
44 | https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/.env | 42 | ```shell |
43 | chmod 600 ./docker-volume/traefik/acme.json | ||
44 | ``` | ||
45 | |||
46 | #### Get the latest Compose file | ||
47 | |||
48 | ```shell | ||
49 | curl https://raw.github.com/chocobozzz/PeerTube/master/support/docker/production/docker-compose.yml > docker-compose.yml | ||
50 | ``` | ||
51 | |||
52 | View the source of the file you're about to download: [docker-compose.yml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/docker-compose.yml) | ||
53 | |||
54 | |||
55 | #### Get the latest env_file | ||
56 | |||
57 | ```shell | ||
58 | curl https://raw.github.com/Chocobozzz/PeerTube/master/support/docker/production/.env > .env | ||
59 | ``` | ||
60 | |||
61 | View the source of the file you're about to download: [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env) | ||
62 | |||
63 | #### Update the reverse proxy configuration | ||
64 | |||
65 | ```shell | ||
66 | vim ./docker-volume/traefik/traefik.toml | ||
67 | ``` | ||
68 | |||
69 | ~~You must replace `<MY EMAIL ADDRESS>` and `<MY DOMAIN>` to enable Let's Encrypt SSL Certificates creation.~~ Now included in `.env` file with `TRAEFIK_ACME_EMAIL` and `TRAEFIK_ACME_DOMAINS` variables used through traefik service command value of `docker-compose.yml` file. | ||
70 | |||
71 | More at: https://docs.traefik.io/v1.7 | ||
72 | |||
73 | #### Tweak the `docker-compose.yml` file there according to your needs | ||
74 | |||
75 | ```shell | ||
76 | vim ./docker-compose.yml | ||
77 | ``` | ||
78 | |||
79 | #### Then tweak the `.env` file to change the environment variables | ||
80 | |||
81 | ```shell | ||
82 | vim ./.env | ||
83 | ``` | ||
84 | In the downloaded example [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env), you must replace: | ||
85 | - `<MY POSTGRES USERNAME>` | ||
86 | - `<MY POSTGRES PASSWORD>` | ||
87 | - `<MY POSTGRES DB>` | ||
88 | - `<MY DOMAIN>` without 'https://' | ||
89 | - `<MY EMAIL ADDRESS>` | ||
45 | 90 | ||
46 | Other environment variables are used in | 91 | Other environment variables are used in |
47 | `support/docker/production/config/custom-environment-variables.yaml` and can be | 92 | [/support/docker/production/config/custom-environment-variables.yaml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/custom-environment-variables.yaml) and can be |
48 | intuited from usage. | 93 | intuited from usage. |
49 | 94 | ||
50 | You can use the regular `up` command to set it up: | 95 | #### Testing local Docker setup |
96 | |||
97 | To test locally your Docker setup, you must add your domain (`<MY DOMAIN>`) in `/etc/hosts`: | ||
98 | ``` | ||
99 | 127.0.0.1 localhost mydomain.tld | ||
100 | ``` | ||
101 | |||
102 | #### You can use the regular `up` command to set it up | ||
51 | 103 | ||
52 | ```shell | 104 | ```shell |
53 | $ docker-compose up | 105 | docker-compose up |
54 | ``` | 106 | ``` |
55 | ### Obtaining Your Automatically Generated Admin Credentials | 107 | ### Obtaining Your Automatically Generated Admin Credentials |
56 | Now that you've installed your PeerTube instance you'll want to grep your peertube container's logs for the `root` password. | 108 | Now that you've installed your PeerTube instance you'll want to grep your peertube container's logs for the `root` password. |
@@ -88,5 +140,5 @@ $ docker build . -f ./support/docker/production/Dockerfile.buster | |||
88 | 140 | ||
89 | ## Development | 141 | ## Development |
90 | 142 | ||
91 | We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/develop/.github/CONTRIBUTING.md#develop) | 143 | We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/master/.github/CONTRIBUTING.md#develop) |
92 | for more information on how you can hack PeerTube! | 144 | for more information on how you can hack PeerTube! |
diff --git a/support/docker/production/.env b/support/docker/production/.env index 95ca42d69..0321b04ae 100644 --- a/support/docker/production/.env +++ b/support/docker/production/.env | |||
@@ -1,10 +1,11 @@ | |||
1 | POSTGRES_USER=peertube | 1 | POSTGRES_USER=<MY POSTGRES USERNAME> |
2 | POSTGRES_PASSWORD=peertube | 2 | POSTGRES_PASSWORD=<MY POSTGRES PASSWORD> |
3 | POSTGRES_DB=peertube | 3 | POSTGRES_DB=<MY POSTGRES DB> |
4 | PEERTUBE_DB_USERNAME=$(POSTGRES_USER) | 4 | PEERTUBE_DB_USERNAME=<MY POSTGRES USERNAME> |
5 | PEERTUBE_DB_PASSWORD=$(POSTGRES_PASSWORD) | 5 | PEERTUBE_DB_PASSWORD=<MY POSTGRES PASSWORD> |
6 | # PEERTUBE_DB_HOSTNAME is the Postgres service name in docker-compose.yml | ||
6 | PEERTUBE_DB_HOSTNAME=postgres | 7 | PEERTUBE_DB_HOSTNAME=postgres |
7 | PEERTUBE_WEBSERVER_HOSTNAME=domain.tld | 8 | PEERTUBE_WEBSERVER_HOSTNAME=<MY DOMAIN> |
8 | PEERTUBE_WEBSERVER_PORT=443 | 9 | PEERTUBE_WEBSERVER_PORT=443 |
9 | PEERTUBE_WEBSERVER_HTTPS=true | 10 | PEERTUBE_WEBSERVER_HTTPS=true |
10 | # If you need more than one IP as trust_proxy | 11 | # If you need more than one IP as trust_proxy |
@@ -14,11 +15,15 @@ PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.18.0.0/16"] | |||
14 | #PEERTUBE_SMTP_PASSWORD= | 15 | #PEERTUBE_SMTP_PASSWORD= |
15 | PEERTUBE_SMTP_HOSTNAME=postfix | 16 | PEERTUBE_SMTP_HOSTNAME=postfix |
16 | PEERTUBE_SMTP_PORT=25 | 17 | PEERTUBE_SMTP_PORT=25 |
17 | PEERTUBE_SMTP_FROM=noreply@domain.tld | 18 | PEERTUBE_SMTP_FROM=noreply@<MY DOMAIN> |
18 | PEERTUBE_SMTP_TLS=false | 19 | PEERTUBE_SMTP_TLS=false |
19 | PEERTUBE_SMTP_DISABLE_STARTTLS=false | 20 | PEERTUBE_SMTP_DISABLE_STARTTLS=false |
20 | PEERTUBE_ADMIN_EMAIL=admin@domain.tld | 21 | PEERTUBE_ADMIN_EMAIL=<MY EMAIL ADDRESS> |
21 | POSTFIX_myhostname=${PEERTUBE_WEBSERVER_HOSTNAME} | 22 | POSTFIX_myhostname=<MY DOMAIN> |
23 | TRAEFIK_ACME_EMAIL=<MY EMAIL ADDRESS> | ||
24 | # If you need to obtain ACME certificates for more than one DOMAIN | ||
25 | # pass them as a comma separated string | ||
26 | TRAEFIK_ACME_DOMAINS=<MY DOMAIN> | ||
22 | # /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\ | 27 | # /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\ |
23 | #PEERTUBE_SIGNUP_ENABLED=true | 28 | #PEERTUBE_SIGNUP_ENABLED=true |
24 | #PEERTUBE_TRANSCODING_ENABLED=true | 29 | #PEERTUBE_TRANSCODING_ENABLED=true |
diff --git a/support/docker/production/config/traefik.toml b/support/docker/production/config/traefik.toml index 6abced3db..1d7d207fd 100644 --- a/support/docker/production/config/traefik.toml +++ b/support/docker/production/config/traefik.toml | |||
@@ -37,12 +37,6 @@ defaultEntryPoints = ["http", "https"] | |||
37 | # Enable ACME (Let's Encrypt): automatic SSL. | 37 | # Enable ACME (Let's Encrypt): automatic SSL. |
38 | [acme] | 38 | [acme] |
39 | 39 | ||
40 | # Email address used for registration. | ||
41 | # | ||
42 | # Required | ||
43 | # | ||
44 | email = "<MY EMAIL ADDRESS>" | ||
45 | |||
46 | # File or key used for certificates storage. | 40 | # File or key used for certificates storage. |
47 | # | 41 | # |
48 | # Required | 42 | # Required |
@@ -57,11 +51,6 @@ storage = "/etc/acme.json" | |||
57 | # | 51 | # |
58 | entryPoint = "https" | 52 | entryPoint = "https" |
59 | 53 | ||
60 | # Domains list. | ||
61 | # | ||
62 | [[acme.domains]] | ||
63 | main = "<MY DOMAIN>" | ||
64 | |||
65 | # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge | 54 | # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge |
66 | # | 55 | # |
67 | # Optional but recommend | 56 | # Optional but recommend |
diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml index b81a8745b..72b08b855 100644 --- a/support/docker/production/docker-compose.yml +++ b/support/docker/production/docker-compose.yml | |||
@@ -5,7 +5,10 @@ services: | |||
5 | reverse-proxy: | 5 | reverse-proxy: |
6 | image: traefik:v1.7 | 6 | image: traefik:v1.7 |
7 | network_mode: "host" | 7 | network_mode: "host" |
8 | command: --docker # Tells Træfik to listen to docker | 8 | command: |
9 | - "--docker" # Tells Træfik to listen to docker | ||
10 | - "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email | ||
11 | - "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list | ||
9 | ports: | 12 | ports: |
10 | - "80:80" # The HTTP port | 13 | - "80:80" # The HTTP port |
11 | - "443:443" # The HTTPS port | 14 | - "443:443" # The HTTPS port |