aboutsummaryrefslogtreecommitdiffhomepage
path: root/support
diff options
context:
space:
mode:
authorRigel Kent <sendmemail@rigelk.eu>2020-06-22 13:06:54 +0200
committerRigel Kent <sendmemail@rigelk.eu>2020-11-11 16:45:46 +0100
commitb8f3e6b00b3300f4ebf37bf77711739964c9e5d6 (patch)
tree00500e5e4c1cebae277972e6ff8e1373298504cd /support
parente604efcb71ca3bbff701598969d055d688161985 (diff)
downloadPeerTube-b8f3e6b00b3300f4ebf37bf77711739964c9e5d6.tar.gz
PeerTube-b8f3e6b00b3300f4ebf37bf77711739964c9e5d6.tar.zst
PeerTube-b8f3e6b00b3300f4ebf37bf77711739964c9e5d6.zip
move traefik to its own override file
Diffstat (limited to 'support')
-rw-r--r--support/doc/docker-traefik.md44
-rw-r--r--support/doc/docker.md71
-rw-r--r--support/docker/production/docker-compose.traefik.yml27
-rw-r--r--support/docker/production/docker-compose.yml32
-rw-r--r--support/docker/production/entrypoint.nginx.sh10
5 files changed, 100 insertions, 84 deletions
diff --git a/support/doc/docker-traefik.md b/support/doc/docker-traefik.md
new file mode 100644
index 000000000..fcd63364a
--- /dev/null
+++ b/support/doc/docker-traefik.md
@@ -0,0 +1,44 @@
1### Docker + Traefik
2
3After following the [docker guide](/support/doc/docker.md), you can choose to run traefik
4as your reverse-proxy.
5
6#### Create the reverse proxy configuration directory
7
8```shell
9mkdir -p ./docker-volume/traefik
10```
11
12#### Get the latest reverse proxy configuration
13
14```shell
15curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml > ./docker-volume/traefik/traefik.toml
16```
17
18View the source of the file you're about to download: [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/traefik.toml)
19
20#### Create Let's Encrypt ACME certificates as JSON file
21
22```shell
23touch ./docker-volume/traefik/acme.json
24```
25Needs to have file mode 600:
26```shell
27chmod 600 ./docker-volume/traefik/acme.json
28```
29
30#### Update the reverse proxy configuration
31
32```shell
33$EDITOR ./docker-volume/traefik/traefik.toml
34```
35
36~~You must replace `<MY EMAIL ADDRESS>` and `<MY DOMAIN>` to enable Let's Encrypt SSL Certificates creation.~~ Now included in `.env` file with `TRAEFIK_ACME_EMAIL` and `TRAEFIK_ACME_DOMAINS` variables used through traefik service command value of `docker-compose.yml` file.
37
38More at: https://docs.traefik.io/v1.7
39
40#### Run with traefik
41
42```shell
43docker-compose -f {docker-compose.yml,docker-compose.traefik.yml} up -d
44```
diff --git a/support/doc/docker.md b/support/doc/docker.md
index fc89e4c4c..e55aee9fc 100644
--- a/support/doc/docker.md
+++ b/support/doc/docker.md
@@ -1,46 +1,19 @@
1# Docker guide 1# Docker guide
2 2
3You can quickly get a server running using Docker. You need to have 3This guide requires [docker](https://www.docker.com/community-edition) and
4[docker](https://www.docker.com/community-edition) and
5[docker-compose](https://docs.docker.com/compose/install/) installed. 4[docker-compose](https://docs.docker.com/compose/install/) installed.
6 5
7## Production 6## Production
8 7
9### Install 8### Install
10 9
11**PeerTube does not support webserver host change**. Keep in mind your domain name is definitive after your first PeerTube start. 10**PeerTube does not support webserver host change**. Keep in mind your domain
12 11name is definitive after your first PeerTube start.
13PeerTube needs a PostgreSQL and a Redis instance to work correctly. If you want
14to quickly set up a full environment, either for trying the service or in
15production, you can use a `docker-compose` setup.
16 12
17#### Go to your peertube workdir 13#### Go to your peertube workdir
18```shell
19cd /your/peertube/directory
20```
21
22#### Create the reverse proxy configuration directory
23
24```shell
25mkdir -p ./docker-volume/traefik
26```
27 14
28#### Get the latest reverse proxy configuration
29
30```shell
31curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml > ./docker-volume/traefik/traefik.toml
32```
33
34View the source of the file you're about to download: [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/traefik.toml)
35
36#### Create Let's Encrypt ACME certificates as JSON file
37
38```shell
39touch ./docker-volume/traefik/acme.json
40```
41Needs to have file mode 600:
42```shell 15```shell
43chmod 600 ./docker-volume/traefik/acme.json 16cd /your/peertube/directory
44``` 17```
45 18
46#### Get the latest Compose file 19#### Get the latest Compose file
@@ -51,7 +24,6 @@ curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker
51 24
52View the source of the file you're about to download: [docker-compose.yml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/docker-compose.yml) 25View the source of the file you're about to download: [docker-compose.yml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/docker-compose.yml)
53 26
54
55#### Get the latest env_file 27#### Get the latest env_file
56 28
57```shell 29```shell
@@ -60,27 +32,18 @@ curl https://raw.githubusercontent.com/Chocobozzz/PeerTube/master/support/docker
60 32
61View the source of the file you're about to download: [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env) 33View the source of the file you're about to download: [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env)
62 34
63#### Update the reverse proxy configuration
64
65```shell
66vim ./docker-volume/traefik/traefik.toml
67```
68
69~~You must replace `<MY EMAIL ADDRESS>` and `<MY DOMAIN>` to enable Let's Encrypt SSL Certificates creation.~~ Now included in `.env` file with `TRAEFIK_ACME_EMAIL` and `TRAEFIK_ACME_DOMAINS` variables used through traefik service command value of `docker-compose.yml` file.
70
71More at: https://docs.traefik.io/v1.7
72
73#### Tweak the `docker-compose.yml` file there according to your needs 35#### Tweak the `docker-compose.yml` file there according to your needs
74 36
75```shell 37```shell
76vim ./docker-compose.yml 38$EDITOR ./docker-compose.yml
77``` 39```
78 40
79#### Then tweak the `.env` file to change the environment variables 41#### Then tweak the `.env` file to change the environment variables
80 42
81```shell 43```shell
82vim ./.env 44$EDITOR ./.env
83``` 45```
46
84In the downloaded example [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env), you must replace: 47In the downloaded example [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env), you must replace:
85- `<MY POSTGRES USERNAME>` 48- `<MY POSTGRES USERNAME>`
86- `<MY POSTGRES PASSWORD>` 49- `<MY POSTGRES PASSWORD>`
@@ -103,10 +66,12 @@ To test locally your Docker setup, you must add your domain (`<MY DOMAIN>`) in `
103```shell 66```shell
104docker-compose up 67docker-compose up
105``` 68```
106### Obtaining Your Automatically Generated Admin Credentials 69
107Now that you've installed your PeerTube instance you'll want to grep your peertube container's logs for the `root` password. 70### Obtaining your automatically-generated admin credentials
108You're going to want to run `docker-compose logs peertube | grep -A1 root` to search the log output for your new PeerTube's instance admin credentials which will look something like this. 71
109```BASH 72Now that you've installed your PeerTube instance you'll want to grep your peertube container's logs for the `root` password. You're going to want to run `docker-compose logs peertube | grep -A1 root` to search the log output for your new PeerTube's instance admin credentials which will look something like this.
73
74```bash
110user@s:~/peertube|master⚡ ⇒ docker-compose logs peertube | grep -A1 root 75user@s:~/peertube|master⚡ ⇒ docker-compose logs peertube | grep -A1 root
111 76
112peertube_1 | [example.com:443] 2019-11-16 04:26:06.082 info: Username: root 77peertube_1 | [example.com:443] 2019-11-16 04:26:06.082 info: Username: root
@@ -114,9 +79,12 @@ peertube_1 | [example.com:443] 2019-11-16 04:26:06.083 info: User password: abc
114``` 79```
115 80
116### Obtaining Your Automatically Generated DKIM DNS TXT Record 81### Obtaining Your Automatically Generated DKIM DNS TXT Record
82
117[DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) signature sending and RSA keys generation are enabled by the default Postfix image `mwader/postfix-relay` with [OpenDKIM](http://www.opendkim.org/). 83[DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) signature sending and RSA keys generation are enabled by the default Postfix image `mwader/postfix-relay` with [OpenDKIM](http://www.opendkim.org/).
118Run `cat ./docker-volume/opendkim/keys/*/*.txt` to display your DKIM DNS TXT Record containing the public key to configure to your domain : 84
119```BASH 85Run `cat ./docker-volume/opendkim/keys/*/*.txt` to display your DKIM DNS TXT Record containing the public key to configure to your domain :
86
87```bash
120user@s:~/peertube|master⚡ ⇒ cat ./docker-volume/opendkim/keys/*/*.txt 88user@s:~/peertube|master⚡ ⇒ cat ./docker-volume/opendkim/keys/*/*.txt
121 89
122peertube._domainkey.mydomain.tld. IN TXT ( "v=DKIM1; h=sha256; k=rsa; " 90peertube._domainkey.mydomain.tld. IN TXT ( "v=DKIM1; h=sha256; k=rsa; "
@@ -154,5 +122,4 @@ $ docker build . -f ./support/docker/production/Dockerfile.buster
154 122
155## Development 123## Development
156 124
157We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/master/.github/CONTRIBUTING.md#develop) 125We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/master/.github/CONTRIBUTING.md#develop) for more information on how you can hack PeerTube!
158for more information on how you can hack PeerTube!
diff --git a/support/docker/production/docker-compose.traefik.yml b/support/docker/production/docker-compose.traefik.yml
new file mode 100644
index 000000000..bbea75783
--- /dev/null
+++ b/support/docker/production/docker-compose.traefik.yml
@@ -0,0 +1,27 @@
1version: "3.3"
2
3services:
4
5 # The reverse-proxy only does SSL termination and automatic certificate generation. You can
6 # replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels.
7 reverse-proxy:
8 image: traefik:v1.7
9 network_mode: "host"
10 command:
11 - "--docker" # Tells Træfik to listen to docker
12 - "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email
13 - "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list
14 ports:
15 - "80:80" # serving HTTP
16 - "443:443" # serving HTTPS
17 volumes:
18 - /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events
19 - ./docker-volume/traefik/acme.json:/etc/acme.json
20 - ./docker-volume/traefik/traefik.toml:/traefik.toml
21 restart: "always"
22
23 webserver:
24 labels:
25 traefik.enable: "true"
26 traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
27 traefik.port: "80"
diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml
index 51de964e8..d17dbd0df 100644
--- a/support/docker/production/docker-compose.yml
+++ b/support/docker/production/docker-compose.yml
@@ -2,27 +2,9 @@ version: "3.3"
2 2
3services: 3services:
4 4
5 # The reverse-proxy only does SSL termination and automatic certificate generation. You can
6 # replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels.
7 reverse-proxy:
8 image: traefik:v1.7
9 network_mode: "host"
10 command:
11 - "--docker" # Tells Træfik to listen to docker
12 - "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email
13 - "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list
14 ports:
15 - "80:80" # The HTTP port
16 - "443:443" # The HTTPS port
17 volumes:
18 - /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events
19 - ./docker-volume/traefik/acme.json:/etc/acme.json
20 - ./docker-volume/traefik/traefik.toml:/traefik.toml
21 restart: "always"
22
23 # The webserver is not required, but recommended since a lot of optimizations went to its 5 # The webserver is not required, but recommended since a lot of optimizations went to its
24 # nginx configuration file. It runs the default nginx configuration without HTTPS nor SSL, 6 # nginx configuration file. It runs the default nginx configuration without HTTPS nor SSL,
25 # so use it in production in tandem with an SSL-terminating reverse-proxy like above. 7 # so use it in production in tandem with an SSL-terminating reverse-proxy.
26 webserver: 8 webserver:
27 build: 9 build:
28 context: . 10 context: .
@@ -31,7 +13,7 @@ services:
31 - .env 13 - .env
32 # If you provide your own reverse-proxy, otherwise not suitable for production: 14 # If you provide your own reverse-proxy, otherwise not suitable for production:
33 #ports: 15 #ports:
34 # - "80:80" 16 # - "9000:80" # serving HTTP
35 volumes: 17 volumes:
36 - type: bind 18 - type: bind
37 # Switch sources if you downloaded the nginx configuration without the whole repository 19 # Switch sources if you downloaded the nginx configuration without the whole repository
@@ -43,10 +25,6 @@ services:
43 depends_on: 25 depends_on:
44 - peertube 26 - peertube
45 restart: "always" 27 restart: "always"
46 labels:
47 traefik.enable: "true"
48 traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}"
49 traefik.port: "80"
50 28
51 peertube: 29 peertube:
52 # If you don't want to use the official image and build one from sources: 30 # If you don't want to use the official image and build one from sources:
@@ -58,7 +36,7 @@ services:
58 - .env 36 - .env
59 # If you provide your own webserver and reverse-proxy, otherwise not suitable for production: 37 # If you provide your own webserver and reverse-proxy, otherwise not suitable for production:
60 #ports: 38 #ports:
61 # - "80:9000" 39 # - "80:9000" # serving HTTP
62 volumes: 40 volumes:
63 - assets:/app/client/dist 41 - assets:/app/client/dist
64 - ./docker-volume/data:/data 42 - ./docker-volume/data:/data
@@ -70,7 +48,7 @@ services:
70 restart: "always" 48 restart: "always"
71 49
72 postgres: 50 postgres:
73 image: postgres:12-alpine 51 image: postgres:10-alpine
74 env_file: 52 env_file:
75 - .env 53 - .env
76 volumes: 54 volumes:
@@ -96,7 +74,7 @@ networks:
96 ipam: 74 ipam:
97 driver: default 75 driver: default
98 config: 76 config:
99 - subnet: 172.18.0.0/16 77 - subnet: 172.18.0.0/16
100 78
101volumes: 79volumes:
102 assets: 80 assets:
diff --git a/support/docker/production/entrypoint.nginx.sh b/support/docker/production/entrypoint.nginx.sh
index 903806936..4d2ead966 100644
--- a/support/docker/production/entrypoint.nginx.sh
+++ b/support/docker/production/entrypoint.nginx.sh
@@ -1,15 +1,15 @@
1#!/bin/sh 1#!/bin/sh
2set -e 2set -e
3 3
4# Process nginx template 4# Process the nginx template
5SOURCE="/etc/nginx/conf.d/peertube.template" 5SOURCE_FILE="/etc/nginx/conf.d/peertube.template"
6TARGET="/etc/nginx/conf.d/default.conf" 6TARGET_FILE="/etc/nginx/conf.d/default.conf"
7export WEBSERVER_HOST="default_server" 7export WEBSERVER_HOST="default_server"
8export PEERTUBE_HOST="peertube:9000" 8export PEERTUBE_HOST="peertube:9000"
9 9
10envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE > $TARGET 10envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE_FILE > $TARGET_FILE
11 11
12# Remove HTTPS/SSL from nginx conf 12# Remove HTTPS/SSL from nginx conf
13sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET 13sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET_FILE
14 14
15nginx -g "daemon off;" \ No newline at end of file 15nginx -g "daemon off;" \ No newline at end of file