Chore/docker-documentation-improvements (#2494)

* unify env_var names to replace

* detail more and improve docker doc

* fix title

* move acme email and domains to traefik command

* add details about TRAEFIK_ACME_* variables

* Fix preview links from /develop to /master

4 files changed, 88 insertions, 39 deletions

diff --git a/support/doc/docker.md b/support/doc/docker.md
index b251329d0..2ee922b87 100644
--- a/support/doc/docker.md
+++ b/support/doc/docker.md
@@ -14,43 +14,95 @@ PeerTube needs a PostgreSQL and a Redis instance to work correctly. If you want
 to quickly set up a full environment, either for trying the service or in
 production, you can use a `docker-compose` setup.
 
+#### Go to your peertube workdir
 ```shell
-$ cd /your/peertube/directory
-$ mkdir ./docker-volume && mkdir ./docker-volume/traefik
-$ curl "https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml" > ./docker-volume/traefik/traefik.toml
-$ touch ./docker-volume/traefik/acme.json && chmod 600 ./docker-volume/traefik/acme.json
-$ curl -s "https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/docker-compose.yml" -o docker-compose.yml "https://raw.githubusercontent.com/Chocobozzz/PeerTube/master/support/docker/production/.env" -o .env
+cd /your/peertube/directory
 ```
-View the source of the files you're about to download: [docker-compose.yml](https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/docker-compose.yml) and the [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/config/traefik.toml) and the [.env](https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/.env)
 
-Update the reverse proxy configuration:
+#### Create the reverse proxy configuration directory
 
 ```shell
-$ vim ./docker-volume/traefik/traefik.toml
+mkdir -p ./docker-volume/traefik
 ```
 
-Tweak the `docker-compose.yml` file there according to your needs:
+#### Get the latest reverse proxy configuration
 
 ```shell
-$ vim ./docker-compose.yml
+curl https://raw.github.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml > ./docker-volume/traefik/traefik.toml
 ```
 
-Then tweak the `.env` file to change the environment variables:
+View the source of the file you're about to download: [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/traefik.toml)
+
+#### Create Let's Encrypt ACME certificates as JSON file
 
 ```shell
-$ vim ./.env
+touch ./docker-volume/traefik/acme.json
 ```
-If you did not download the .env file above, here you can look at the variables that can be set:
-https://github.com/Chocobozzz/PeerTube/blob/develop/support/docker/production/.env
+Needs to have file mode 600:
+```shell
+chmod 600 ./docker-volume/traefik/acme.json 
+```
+
+#### Get the latest Compose file
+
+```shell
+curl https://raw.github.com/chocobozzz/PeerTube/master/support/docker/production/docker-compose.yml > docker-compose.yml 
+```
+
+View the source of the file you're about to download: [docker-compose.yml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/docker-compose.yml)
+
+
+#### Get the latest env_file
+
+```shell
+curl https://raw.github.com/Chocobozzz/PeerTube/master/support/docker/production/.env > .env
+```
+
+View the source of the file you're about to download: [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env)
+
+#### Update the reverse proxy configuration
+
+```shell
+vim ./docker-volume/traefik/traefik.toml
+```
+
+~~You must replace `<MY EMAIL ADDRESS>` and `<MY DOMAIN>` to enable Let's Encrypt SSL Certificates creation.~~ Now included in `.env` file with `TRAEFIK_ACME_EMAIL` and `TRAEFIK_ACME_DOMAINS` variables used through traefik service command value of `docker-compose.yml` file.
+
+More at: https://docs.traefik.io/v1.7
+
+#### Tweak the `docker-compose.yml` file there according to your needs
+
+```shell
+vim ./docker-compose.yml
+```
+
+#### Then tweak the `.env` file to change the environment variables
+
+```shell
+vim ./.env
+```
+In the downloaded example [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env), you must replace:
+- `<MY POSTGRES USERNAME>`
+- `<MY POSTGRES PASSWORD>`
+- `<MY POSTGRES DB>`
+- `<MY DOMAIN>` without 'https://'
+- `<MY EMAIL ADDRESS>`
 
 Other environment variables are used in
-`support/docker/production/config/custom-environment-variables.yaml` and can be
+[/support/docker/production/config/custom-environment-variables.yaml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/custom-environment-variables.yaml) and can be
 intuited from usage.
 
-You can use the regular `up` command to set it up:
+#### Testing local Docker setup
+
+To test locally your Docker setup, you must add your domain (`<MY DOMAIN>`) in `/etc/hosts`: 
+```
+127.0.0.1       localhost   mydomain.tld
+```
+
+#### You can use the regular `up` command to set it up
 
 ```shell
-$ docker-compose up
+docker-compose up
 ```
 ### Obtaining Your Automatically Generated Admin Credentials
 Now that you've installed your PeerTube instance you'll want to grep your peertube container's logs for the `root` password.
@@ -88,5 +140,5 @@ $ docker build . -f ./support/docker/production/Dockerfile.buster
 
 ## Development
 
-We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/develop/.github/CONTRIBUTING.md#develop)
+We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/master/.github/CONTRIBUTING.md#develop)
 for more information on how you can hack PeerTube!
diff --git a/support/docker/production/.env b/support/docker/production/.env
index 95ca42d69..0321b04ae 100644
--- a/support/docker/production/.env
+++ b/support/docker/production/.env
@@ -1,10 +1,11 @@
-POSTGRES_USER=peertube
-POSTGRES_PASSWORD=peertube
-POSTGRES_DB=peertube
-PEERTUBE_DB_USERNAME=$(POSTGRES_USER)
-PEERTUBE_DB_PASSWORD=$(POSTGRES_PASSWORD)
+POSTGRES_USER=<MY POSTGRES USERNAME>
+POSTGRES_PASSWORD=<MY POSTGRES PASSWORD>
+POSTGRES_DB=<MY POSTGRES DB>
+PEERTUBE_DB_USERNAME=<MY POSTGRES USERNAME>
+PEERTUBE_DB_PASSWORD=<MY POSTGRES PASSWORD>
+# PEERTUBE_DB_HOSTNAME is the Postgres service name in docker-compose.yml
 PEERTUBE_DB_HOSTNAME=postgres
-PEERTUBE_WEBSERVER_HOSTNAME=domain.tld
+PEERTUBE_WEBSERVER_HOSTNAME=<MY DOMAIN>
 PEERTUBE_WEBSERVER_PORT=443
 PEERTUBE_WEBSERVER_HTTPS=true
 # If you need more than one IP as trust_proxy
@@ -14,11 +15,15 @@ PEERTUBE_TRUST_PROXY=["127.0.0.1", "loopback", "172.18.0.0/16"]
 #PEERTUBE_SMTP_PASSWORD=
 PEERTUBE_SMTP_HOSTNAME=postfix
 PEERTUBE_SMTP_PORT=25
-PEERTUBE_SMTP_FROM=noreply@domain.tld
+PEERTUBE_SMTP_FROM=noreply@<MY DOMAIN>
 PEERTUBE_SMTP_TLS=false
 PEERTUBE_SMTP_DISABLE_STARTTLS=false
-PEERTUBE_ADMIN_EMAIL=admin@domain.tld
-POSTFIX_myhostname=${PEERTUBE_WEBSERVER_HOSTNAME}
+PEERTUBE_ADMIN_EMAIL=<MY EMAIL ADDRESS>
+POSTFIX_myhostname=<MY DOMAIN>
+TRAEFIK_ACME_EMAIL=<MY EMAIL ADDRESS>
+# If you need to obtain ACME certificates for more than one DOMAIN
+# pass them as a comma separated string
+TRAEFIK_ACME_DOMAINS=<MY DOMAIN>
 # /!\ Prefer to use the PeerTube admin interface to set the following configurations /!\
 #PEERTUBE_SIGNUP_ENABLED=true
 #PEERTUBE_TRANSCODING_ENABLED=true
diff --git a/support/docker/production/config/traefik.toml b/support/docker/production/config/traefik.toml
index 6abced3db..1d7d207fd 100644
--- a/support/docker/production/config/traefik.toml
+++ b/support/docker/production/config/traefik.toml
@@ -37,12 +37,6 @@ defaultEntryPoints = ["http", "https"]
 # Enable ACME (Let's Encrypt): automatic SSL.
 [acme]
 
-# Email address used for registration.
-#
-# Required
-#
-email = "<MY EMAIL ADDRESS>"
-
 # File or key used for certificates storage.
 #
 # Required
@@ -57,11 +51,6 @@ storage = "/etc/acme.json"
 #
 entryPoint = "https"
 
-# Domains list.
-#
-[[acme.domains]]
-  main = "<MY DOMAIN>"
-
 # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
 #
 # Optional but recommend
diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml
index b81a8745b..72b08b855 100644
--- a/support/docker/production/docker-compose.yml
+++ b/support/docker/production/docker-compose.yml
@@ -5,7 +5,10 @@ services:
   reverse-proxy:
     image: traefik:v1.7
     network_mode: "host"
-    command: --docker # Tells Træfik to listen to docker
+    command:
+      - "--docker" # Tells Træfik to listen to docker
+      - "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email
+      - "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list
     ports:
       - "80:80"     # The HTTP port
       - "443:443"   # The HTTPS port