diff options
-rw-r--r-- | support/doc/docker-traefik.md | 44 | ||||
-rw-r--r-- | support/doc/docker.md | 71 | ||||
-rw-r--r-- | support/docker/production/docker-compose.traefik.yml | 27 | ||||
-rw-r--r-- | support/docker/production/docker-compose.yml | 32 | ||||
-rw-r--r-- | support/docker/production/entrypoint.nginx.sh | 10 |
5 files changed, 100 insertions, 84 deletions
diff --git a/support/doc/docker-traefik.md b/support/doc/docker-traefik.md new file mode 100644 index 000000000..fcd63364a --- /dev/null +++ b/support/doc/docker-traefik.md | |||
@@ -0,0 +1,44 @@ | |||
1 | ### Docker + Traefik | ||
2 | |||
3 | After following the [docker guide](/support/doc/docker.md), you can choose to run traefik | ||
4 | as your reverse-proxy. | ||
5 | |||
6 | #### Create the reverse proxy configuration directory | ||
7 | |||
8 | ```shell | ||
9 | mkdir -p ./docker-volume/traefik | ||
10 | ``` | ||
11 | |||
12 | #### Get the latest reverse proxy configuration | ||
13 | |||
14 | ```shell | ||
15 | curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml > ./docker-volume/traefik/traefik.toml | ||
16 | ``` | ||
17 | |||
18 | View the source of the file you're about to download: [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/traefik.toml) | ||
19 | |||
20 | #### Create Let's Encrypt ACME certificates as JSON file | ||
21 | |||
22 | ```shell | ||
23 | touch ./docker-volume/traefik/acme.json | ||
24 | ``` | ||
25 | Needs to have file mode 600: | ||
26 | ```shell | ||
27 | chmod 600 ./docker-volume/traefik/acme.json | ||
28 | ``` | ||
29 | |||
30 | #### Update the reverse proxy configuration | ||
31 | |||
32 | ```shell | ||
33 | $EDITOR ./docker-volume/traefik/traefik.toml | ||
34 | ``` | ||
35 | |||
36 | ~~You must replace `<MY EMAIL ADDRESS>` and `<MY DOMAIN>` to enable Let's Encrypt SSL Certificates creation.~~ Now included in `.env` file with `TRAEFIK_ACME_EMAIL` and `TRAEFIK_ACME_DOMAINS` variables used through traefik service command value of `docker-compose.yml` file. | ||
37 | |||
38 | More at: https://docs.traefik.io/v1.7 | ||
39 | |||
40 | #### Run with traefik | ||
41 | |||
42 | ```shell | ||
43 | docker-compose -f {docker-compose.yml,docker-compose.traefik.yml} up -d | ||
44 | ``` | ||
diff --git a/support/doc/docker.md b/support/doc/docker.md index fc89e4c4c..e55aee9fc 100644 --- a/support/doc/docker.md +++ b/support/doc/docker.md | |||
@@ -1,46 +1,19 @@ | |||
1 | # Docker guide | 1 | # Docker guide |
2 | 2 | ||
3 | You can quickly get a server running using Docker. You need to have | 3 | This guide requires [docker](https://www.docker.com/community-edition) and |
4 | [docker](https://www.docker.com/community-edition) and | ||
5 | [docker-compose](https://docs.docker.com/compose/install/) installed. | 4 | [docker-compose](https://docs.docker.com/compose/install/) installed. |
6 | 5 | ||
7 | ## Production | 6 | ## Production |
8 | 7 | ||
9 | ### Install | 8 | ### Install |
10 | 9 | ||
11 | **PeerTube does not support webserver host change**. Keep in mind your domain name is definitive after your first PeerTube start. | 10 | **PeerTube does not support webserver host change**. Keep in mind your domain |
12 | 11 | name is definitive after your first PeerTube start. | |
13 | PeerTube needs a PostgreSQL and a Redis instance to work correctly. If you want | ||
14 | to quickly set up a full environment, either for trying the service or in | ||
15 | production, you can use a `docker-compose` setup. | ||
16 | 12 | ||
17 | #### Go to your peertube workdir | 13 | #### Go to your peertube workdir |
18 | ```shell | ||
19 | cd /your/peertube/directory | ||
20 | ``` | ||
21 | |||
22 | #### Create the reverse proxy configuration directory | ||
23 | |||
24 | ```shell | ||
25 | mkdir -p ./docker-volume/traefik | ||
26 | ``` | ||
27 | 14 | ||
28 | #### Get the latest reverse proxy configuration | ||
29 | |||
30 | ```shell | ||
31 | curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker/production/config/traefik.toml > ./docker-volume/traefik/traefik.toml | ||
32 | ``` | ||
33 | |||
34 | View the source of the file you're about to download: [traefik.toml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/config/traefik.toml) | ||
35 | |||
36 | #### Create Let's Encrypt ACME certificates as JSON file | ||
37 | |||
38 | ```shell | ||
39 | touch ./docker-volume/traefik/acme.json | ||
40 | ``` | ||
41 | Needs to have file mode 600: | ||
42 | ```shell | 15 | ```shell |
43 | chmod 600 ./docker-volume/traefik/acme.json | 16 | cd /your/peertube/directory |
44 | ``` | 17 | ``` |
45 | 18 | ||
46 | #### Get the latest Compose file | 19 | #### Get the latest Compose file |
@@ -51,7 +24,6 @@ curl https://raw.githubusercontent.com/chocobozzz/PeerTube/master/support/docker | |||
51 | 24 | ||
52 | View the source of the file you're about to download: [docker-compose.yml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/docker-compose.yml) | 25 | View the source of the file you're about to download: [docker-compose.yml](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/docker-compose.yml) |
53 | 26 | ||
54 | |||
55 | #### Get the latest env_file | 27 | #### Get the latest env_file |
56 | 28 | ||
57 | ```shell | 29 | ```shell |
@@ -60,27 +32,18 @@ curl https://raw.githubusercontent.com/Chocobozzz/PeerTube/master/support/docker | |||
60 | 32 | ||
61 | View the source of the file you're about to download: [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env) | 33 | View the source of the file you're about to download: [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env) |
62 | 34 | ||
63 | #### Update the reverse proxy configuration | ||
64 | |||
65 | ```shell | ||
66 | vim ./docker-volume/traefik/traefik.toml | ||
67 | ``` | ||
68 | |||
69 | ~~You must replace `<MY EMAIL ADDRESS>` and `<MY DOMAIN>` to enable Let's Encrypt SSL Certificates creation.~~ Now included in `.env` file with `TRAEFIK_ACME_EMAIL` and `TRAEFIK_ACME_DOMAINS` variables used through traefik service command value of `docker-compose.yml` file. | ||
70 | |||
71 | More at: https://docs.traefik.io/v1.7 | ||
72 | |||
73 | #### Tweak the `docker-compose.yml` file there according to your needs | 35 | #### Tweak the `docker-compose.yml` file there according to your needs |
74 | 36 | ||
75 | ```shell | 37 | ```shell |
76 | vim ./docker-compose.yml | 38 | $EDITOR ./docker-compose.yml |
77 | ``` | 39 | ``` |
78 | 40 | ||
79 | #### Then tweak the `.env` file to change the environment variables | 41 | #### Then tweak the `.env` file to change the environment variables |
80 | 42 | ||
81 | ```shell | 43 | ```shell |
82 | vim ./.env | 44 | $EDITOR ./.env |
83 | ``` | 45 | ``` |
46 | |||
84 | In the downloaded example [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env), you must replace: | 47 | In the downloaded example [.env](https://github.com/Chocobozzz/PeerTube/blob/master/support/docker/production/.env), you must replace: |
85 | - `<MY POSTGRES USERNAME>` | 48 | - `<MY POSTGRES USERNAME>` |
86 | - `<MY POSTGRES PASSWORD>` | 49 | - `<MY POSTGRES PASSWORD>` |
@@ -103,10 +66,12 @@ To test locally your Docker setup, you must add your domain (`<MY DOMAIN>`) in ` | |||
103 | ```shell | 66 | ```shell |
104 | docker-compose up | 67 | docker-compose up |
105 | ``` | 68 | ``` |
106 | ### Obtaining Your Automatically Generated Admin Credentials | 69 | |
107 | Now that you've installed your PeerTube instance you'll want to grep your peertube container's logs for the `root` password. | 70 | ### Obtaining your automatically-generated admin credentials |
108 | You're going to want to run `docker-compose logs peertube | grep -A1 root` to search the log output for your new PeerTube's instance admin credentials which will look something like this. | 71 | |
109 | ```BASH | 72 | Now that you've installed your PeerTube instance you'll want to grep your peertube container's logs for the `root` password. You're going to want to run `docker-compose logs peertube | grep -A1 root` to search the log output for your new PeerTube's instance admin credentials which will look something like this. |
73 | |||
74 | ```bash | ||
110 | user@s:~/peertube|master⚡ ⇒ docker-compose logs peertube | grep -A1 root | 75 | user@s:~/peertube|master⚡ ⇒ docker-compose logs peertube | grep -A1 root |
111 | 76 | ||
112 | peertube_1 | [example.com:443] 2019-11-16 04:26:06.082 info: Username: root | 77 | peertube_1 | [example.com:443] 2019-11-16 04:26:06.082 info: Username: root |
@@ -114,9 +79,12 @@ peertube_1 | [example.com:443] 2019-11-16 04:26:06.083 info: User password: abc | |||
114 | ``` | 79 | ``` |
115 | 80 | ||
116 | ### Obtaining Your Automatically Generated DKIM DNS TXT Record | 81 | ### Obtaining Your Automatically Generated DKIM DNS TXT Record |
82 | |||
117 | [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) signature sending and RSA keys generation are enabled by the default Postfix image `mwader/postfix-relay` with [OpenDKIM](http://www.opendkim.org/). | 83 | [DKIM](https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail) signature sending and RSA keys generation are enabled by the default Postfix image `mwader/postfix-relay` with [OpenDKIM](http://www.opendkim.org/). |
118 | Run `cat ./docker-volume/opendkim/keys/*/*.txt` to display your DKIM DNS TXT Record containing the public key to configure to your domain : | 84 | |
119 | ```BASH | 85 | Run `cat ./docker-volume/opendkim/keys/*/*.txt` to display your DKIM DNS TXT Record containing the public key to configure to your domain : |
86 | |||
87 | ```bash | ||
120 | user@s:~/peertube|master⚡ ⇒ cat ./docker-volume/opendkim/keys/*/*.txt | 88 | user@s:~/peertube|master⚡ ⇒ cat ./docker-volume/opendkim/keys/*/*.txt |
121 | 89 | ||
122 | peertube._domainkey.mydomain.tld. IN TXT ( "v=DKIM1; h=sha256; k=rsa; " | 90 | peertube._domainkey.mydomain.tld. IN TXT ( "v=DKIM1; h=sha256; k=rsa; " |
@@ -154,5 +122,4 @@ $ docker build . -f ./support/docker/production/Dockerfile.buster | |||
154 | 122 | ||
155 | ## Development | 123 | ## Development |
156 | 124 | ||
157 | We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/master/.github/CONTRIBUTING.md#develop) | 125 | We don't have a Docker image for development. See [the CONTRIBUTING guide](https://github.com/Chocobozzz/PeerTube/blob/master/.github/CONTRIBUTING.md#develop) for more information on how you can hack PeerTube! |
158 | for more information on how you can hack PeerTube! | ||
diff --git a/support/docker/production/docker-compose.traefik.yml b/support/docker/production/docker-compose.traefik.yml new file mode 100644 index 000000000..bbea75783 --- /dev/null +++ b/support/docker/production/docker-compose.traefik.yml | |||
@@ -0,0 +1,27 @@ | |||
1 | version: "3.3" | ||
2 | |||
3 | services: | ||
4 | |||
5 | # The reverse-proxy only does SSL termination and automatic certificate generation. You can | ||
6 | # replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels. | ||
7 | reverse-proxy: | ||
8 | image: traefik:v1.7 | ||
9 | network_mode: "host" | ||
10 | command: | ||
11 | - "--docker" # Tells Træfik to listen to docker | ||
12 | - "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email | ||
13 | - "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list | ||
14 | ports: | ||
15 | - "80:80" # serving HTTP | ||
16 | - "443:443" # serving HTTPS | ||
17 | volumes: | ||
18 | - /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events | ||
19 | - ./docker-volume/traefik/acme.json:/etc/acme.json | ||
20 | - ./docker-volume/traefik/traefik.toml:/traefik.toml | ||
21 | restart: "always" | ||
22 | |||
23 | webserver: | ||
24 | labels: | ||
25 | traefik.enable: "true" | ||
26 | traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}" | ||
27 | traefik.port: "80" | ||
diff --git a/support/docker/production/docker-compose.yml b/support/docker/production/docker-compose.yml index 51de964e8..d17dbd0df 100644 --- a/support/docker/production/docker-compose.yml +++ b/support/docker/production/docker-compose.yml | |||
@@ -2,27 +2,9 @@ version: "3.3" | |||
2 | 2 | ||
3 | services: | 3 | services: |
4 | 4 | ||
5 | # The reverse-proxy only does SSL termination and automatic certificate generation. You can | ||
6 | # replace it with any other reverse-proxy, in which case you can remove 'traefik.*' labels. | ||
7 | reverse-proxy: | ||
8 | image: traefik:v1.7 | ||
9 | network_mode: "host" | ||
10 | command: | ||
11 | - "--docker" # Tells Træfik to listen to docker | ||
12 | - "--acme.email=${TRAEFIK_ACME_EMAIL}" # Let's Encrypt ACME email | ||
13 | - "--acme.domains=${TRAEFIK_ACME_DOMAINS}" # Let's Encrypt ACME domain list | ||
14 | ports: | ||
15 | - "80:80" # The HTTP port | ||
16 | - "443:443" # The HTTPS port | ||
17 | volumes: | ||
18 | - /var/run/docker.sock:/var/run/docker.sock # So that Træfik can listen to the Docker events | ||
19 | - ./docker-volume/traefik/acme.json:/etc/acme.json | ||
20 | - ./docker-volume/traefik/traefik.toml:/traefik.toml | ||
21 | restart: "always" | ||
22 | |||
23 | # The webserver is not required, but recommended since a lot of optimizations went to its | 5 | # The webserver is not required, but recommended since a lot of optimizations went to its |
24 | # nginx configuration file. It runs the default nginx configuration without HTTPS nor SSL, | 6 | # nginx configuration file. It runs the default nginx configuration without HTTPS nor SSL, |
25 | # so use it in production in tandem with an SSL-terminating reverse-proxy like above. | 7 | # so use it in production in tandem with an SSL-terminating reverse-proxy. |
26 | webserver: | 8 | webserver: |
27 | build: | 9 | build: |
28 | context: . | 10 | context: . |
@@ -31,7 +13,7 @@ services: | |||
31 | - .env | 13 | - .env |
32 | # If you provide your own reverse-proxy, otherwise not suitable for production: | 14 | # If you provide your own reverse-proxy, otherwise not suitable for production: |
33 | #ports: | 15 | #ports: |
34 | # - "80:80" | 16 | # - "9000:80" # serving HTTP |
35 | volumes: | 17 | volumes: |
36 | - type: bind | 18 | - type: bind |
37 | # Switch sources if you downloaded the nginx configuration without the whole repository | 19 | # Switch sources if you downloaded the nginx configuration without the whole repository |
@@ -43,10 +25,6 @@ services: | |||
43 | depends_on: | 25 | depends_on: |
44 | - peertube | 26 | - peertube |
45 | restart: "always" | 27 | restart: "always" |
46 | labels: | ||
47 | traefik.enable: "true" | ||
48 | traefik.frontend.rule: "Host:${PEERTUBE_WEBSERVER_HOSTNAME}" | ||
49 | traefik.port: "80" | ||
50 | 28 | ||
51 | peertube: | 29 | peertube: |
52 | # If you don't want to use the official image and build one from sources: | 30 | # If you don't want to use the official image and build one from sources: |
@@ -58,7 +36,7 @@ services: | |||
58 | - .env | 36 | - .env |
59 | # If you provide your own webserver and reverse-proxy, otherwise not suitable for production: | 37 | # If you provide your own webserver and reverse-proxy, otherwise not suitable for production: |
60 | #ports: | 38 | #ports: |
61 | # - "80:9000" | 39 | # - "80:9000" # serving HTTP |
62 | volumes: | 40 | volumes: |
63 | - assets:/app/client/dist | 41 | - assets:/app/client/dist |
64 | - ./docker-volume/data:/data | 42 | - ./docker-volume/data:/data |
@@ -70,7 +48,7 @@ services: | |||
70 | restart: "always" | 48 | restart: "always" |
71 | 49 | ||
72 | postgres: | 50 | postgres: |
73 | image: postgres:12-alpine | 51 | image: postgres:10-alpine |
74 | env_file: | 52 | env_file: |
75 | - .env | 53 | - .env |
76 | volumes: | 54 | volumes: |
@@ -96,7 +74,7 @@ networks: | |||
96 | ipam: | 74 | ipam: |
97 | driver: default | 75 | driver: default |
98 | config: | 76 | config: |
99 | - subnet: 172.18.0.0/16 | 77 | - subnet: 172.18.0.0/16 |
100 | 78 | ||
101 | volumes: | 79 | volumes: |
102 | assets: | 80 | assets: |
diff --git a/support/docker/production/entrypoint.nginx.sh b/support/docker/production/entrypoint.nginx.sh index 903806936..4d2ead966 100644 --- a/support/docker/production/entrypoint.nginx.sh +++ b/support/docker/production/entrypoint.nginx.sh | |||
@@ -1,15 +1,15 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | set -e | 2 | set -e |
3 | 3 | ||
4 | # Process nginx template | 4 | # Process the nginx template |
5 | SOURCE="/etc/nginx/conf.d/peertube.template" | 5 | SOURCE_FILE="/etc/nginx/conf.d/peertube.template" |
6 | TARGET="/etc/nginx/conf.d/default.conf" | 6 | TARGET_FILE="/etc/nginx/conf.d/default.conf" |
7 | export WEBSERVER_HOST="default_server" | 7 | export WEBSERVER_HOST="default_server" |
8 | export PEERTUBE_HOST="peertube:9000" | 8 | export PEERTUBE_HOST="peertube:9000" |
9 | 9 | ||
10 | envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE > $TARGET | 10 | envsubst '${WEBSERVER_HOST} ${PEERTUBE_HOST}' < $SOURCE_FILE > $TARGET_FILE |
11 | 11 | ||
12 | # Remove HTTPS/SSL from nginx conf | 12 | # Remove HTTPS/SSL from nginx conf |
13 | sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET | 13 | sed -i 's/443 ssl http2/80/g;/ssl_/d' $TARGET_FILE |
14 | 14 | ||
15 | nginx -g "daemon off;" \ No newline at end of file | 15 | nginx -g "daemon off;" \ No newline at end of file |