Add nginx behind traefik in docker-compose + image updates

- support/docker/production/docker-compose.yml: addition of a nginx image reusing support/nginx/peertube nginx conf to improve performance, and lessen setup differences between the docker-compose install and the typical production install. - support/docker/production/docker-compose.yml: postgres 10 -> postgres 12, redis 4 -> redis 5. Postgres major updates implies manual upgrade. - support/nginx/peertube: HTTP -> HTTPS redirection is now commented by default, to allow its reuse in support/docker/production/docker-compose.yml.
author: Rigel Kent <sendmemail@rigelk.eu> 2020-03-03 00:29:52 +0100
committer: Rigel Kent <sendmemail@rigelk.eu> 2020-11-11 16:45:46 +0100
commit: 1a9b141d835cf3bfe9bdca67f881b520975f9058 (patch)
tree: 444b35656c7093250181121ccfadb870c5046be4 /support/nginx
parent: 8e98e6124d2b006ba9f616b0dfce7369fa7b2684 (diff)
download: PeerTube-1a9b141d835cf3bfe9bdca67f881b520975f9058.tar.gz
PeerTube-1a9b141d835cf3bfe9bdca67f881b520975f9058.tar.zst
PeerTube-1a9b141d835cf3bfe9bdca67f881b520975f9058.zip
1 files changed, 20 insertions, 22 deletions
diff --git a/support/nginx/peertube b/support/nginx/peertube
index a17868c5a..7f2c0f263 100644
--- a/support/nginx/peertube
+++ b/support/nginx/peertube
@@ -1,26 +1,24 @@
-server {
+# Uncomment in production to redirect HTTP to HTTPS. Leave commented for docker-compose.
-  listen 80;
+#server {
-  listen [::]:80;
+#  listen 80;
-  server_name peertube.example.com;
+#  listen [::]:80;
+#  server_name ${WEBSERVER_HOST};
-  access_log /var/log/nginx/peertube.example.com.access.log;
+#
-  error_log /var/log/nginx/peertube.example.com.error.log;
+#  location /.well-known/acme-challenge/ {
+#    default_type "text/plain";
-  location /.well-known/acme-challenge/ {
+#    root /var/www/certbot;
-    default_type "text/plain";
+#  }
-    root /var/www/certbot;
+#  location / { return 301 https://$host$request_uri; }
-  }
+#}
-  location / { return 301 https://$host$request_uri; }
-}
 server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
-  server_name peertube.example.com;
+  server_name ${WEBSERVER_HOST};
  # For example with certbot (you need a certificate to run https)
-  ssl_certificate      /etc/letsencrypt/live/peertube.example.com/fullchain.pem;
+  ssl_certificate      /etc/letsencrypt/live/${WEBSERVER_HOST}/fullchain.pem;
-  ssl_certificate_key  /etc/letsencrypt/live/peertube.example.com/privkey.pem;
+  ssl_certificate_key  /etc/letsencrypt/live/${WEBSERVER_HOST}/privkey.pem;
  # Security hardening (as of 11/02/2018)
  ssl_protocols TLSv1.2; # TLSv1.3, TLSv1.2 if nginx >= 1.13.0
@@ -51,8 +49,8 @@ server {
  # See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
  # client_body_temp_path /var/www/peertube/storage/nginx/;
-  access_log /var/log/nginx/peertube.example.com.access.log;
+  access_log /var/log/nginx/${WEBSERVER_HOST}.access.log;
-  error_log /var/log/nginx/peertube.example.com.error.log;
+  error_log /var/log/nginx/${WEBSERVER_HOST}.error.log;
  location ^~ '/.well-known/acme-challenge' {
    default_type "text/plain";
@@ -92,7 +90,7 @@ server {
  }
  location / {
-    proxy_pass http://127.0.0.1:9000;
+    proxy_pass http://${PEERTUBE_HOST};
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -177,14 +175,14 @@ server {
    proxy_http_version 1.1;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
-    proxy_pass http://127.0.0.1:9000;
+    proxy_pass http://${PEERTUBE_HOST};
  }
  location /socket.io {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
-    proxy_pass http://127.0.0.1:9000;
+    proxy_pass http://${PEERTUBE_HOST};
    # enable WebSockets
    proxy_http_version 1.1;
author	Rigel Kent <sendmemail@rigelk.eu>	2020-03-03 00:29:52 +0100
committer	Rigel Kent <sendmemail@rigelk.eu>	2020-11-11 16:45:46 +0100
commit	1a9b141d835cf3bfe9bdca67f881b520975f9058 (patch)
tree	444b35656c7093250181121ccfadb870c5046be4 /support/nginx
parent	8e98e6124d2b006ba9f616b0dfce7369fa7b2684 (diff)
download	PeerTube-1a9b141d835cf3bfe9bdca67f881b520975f9058.tar.gz PeerTube-1a9b141d835cf3bfe9bdca67f881b520975f9058.tar.zst PeerTube-1a9b141d835cf3bfe9bdca67f881b520975f9058.zip

diff --git a/support/nginx/peertube b/support/nginx/peertube index a17868c5a..7f2c0f263 100644 --- a/support/nginx/peertube +++ b/support/nginx/peertube
@@ -1,26 +1,24 @@
1	server {	1	# Uncomment in production to redirect HTTP to HTTPS. Leave commented for docker-compose.
2	listen 80;	2	#server {
3	listen [::]:80;	3	# listen 80;
4	server_name peertube.example.com;	4	# listen [::]:80;
5		5	# server_name ${WEBSERVER_HOST};
6	access_log /var/log/nginx/peertube.example.com.access.log;	6	#
7	error_log /var/log/nginx/peertube.example.com.error.log;	7	# location /.well-known/acme-challenge/ {
8		8	# default_type "text/plain";
9	location /.well-known/acme-challenge/ {	9	# root /var/www/certbot;
10	default_type "text/plain";	10	# }
11	root /var/www/certbot;	11	# location / { return 301 https://$host$request_uri; }
12	}	12	#}
13	location / { return 301 https://$host$request_uri; }
14	}
15		13
16	server {	14	server {
17	listen 443 ssl http2;	15	listen 443 ssl http2;
18	listen [::]:443 ssl http2;	16	listen [::]:443 ssl http2;
19	server_name peertube.example.com;	17	server_name ${WEBSERVER_HOST};
20		18
21	# For example with certbot (you need a certificate to run https)	19	# For example with certbot (you need a certificate to run https)
22	ssl_certificate /etc/letsencrypt/live/peertube.example.com/fullchain.pem;	20	ssl_certificate /etc/letsencrypt/live/${WEBSERVER_HOST}/fullchain.pem;
23	ssl_certificate_key /etc/letsencrypt/live/peertube.example.com/privkey.pem;	21	ssl_certificate_key /etc/letsencrypt/live/${WEBSERVER_HOST}/privkey.pem;
24		22
25	# Security hardening (as of 11/02/2018)	23	# Security hardening (as of 11/02/2018)
26	ssl_protocols TLSv1.2; # TLSv1.3, TLSv1.2 if nginx >= 1.13.0	24	ssl_protocols TLSv1.2; # TLSv1.3, TLSv1.2 if nginx >= 1.13.0
@@ -51,8 +49,8 @@ server {
51	# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path	49	# See https://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path
52	# client_body_temp_path /var/www/peertube/storage/nginx/;	50	# client_body_temp_path /var/www/peertube/storage/nginx/;
53		51
54	access_log /var/log/nginx/peertube.example.com.access.log;	52	access_log /var/log/nginx/${WEBSERVER_HOST}.access.log;
55	error_log /var/log/nginx/peertube.example.com.error.log;	53	error_log /var/log/nginx/${WEBSERVER_HOST}.error.log;
56		54
57	location ^~ '/.well-known/acme-challenge' {	55	location ^~ '/.well-known/acme-challenge' {
58	default_type "text/plain";	56	default_type "text/plain";
@@ -92,7 +90,7 @@ server {
92	}	90	}
93		91
94	location / {	92	location / {
95	proxy_pass http://127.0.0.1:9000;	93	proxy_pass http://${PEERTUBE_HOST};
96	proxy_set_header X-Real-IP $remote_addr;	94	proxy_set_header X-Real-IP $remote_addr;
97	proxy_set_header Host $host;	95	proxy_set_header Host $host;
98	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;	96	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@@ -177,14 +175,14 @@ server {
177	proxy_http_version 1.1;	175	proxy_http_version 1.1;
178	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;	176	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
179	proxy_set_header Host $host;	177	proxy_set_header Host $host;
180	proxy_pass http://127.0.0.1:9000;	178	proxy_pass http://${PEERTUBE_HOST};
181	}	179	}
182		180
183	location /socket.io {	181	location /socket.io {
184	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;	182	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
185	proxy_set_header Host $host;	183	proxy_set_header Host $host;
186		184
187	proxy_pass http://127.0.0.1:9000;	185	proxy_pass http://${PEERTUBE_HOST};
188		186
189	# enable WebSockets	187	# enable WebSockets
190	proxy_http_version 1.1;	188	proxy_http_version 1.1;